ACloud Guru Certified Cloud Practitioner Practice Exam
You need to stream data in real-time for a dashboard application. Which AWS service would you use? A. AWS CloudWatch B. AWS CloudTrail C. Amazon RedShift D. AWS Kinesis
D. AWS Kinesis Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information.
Which of the following can you use as a web-based interface to view processes in AWS? A. AWS API B. AWS CLI C. AWS SDK D. AWS Management Console
D. AWS Management Console AWS Management Console is a web application for managing Amazon Web Services.
You are leading a pilot program to try the AWS Cloud for one of your applications. You have been instructed to provide an estimate of your AWS bill. Which service will allow you to do this by manually entering your planned resources by services? A. AWS Cost Explorer B. AWS Cost and Usage Report C. AWS CloudTrail D. AWS Pricing Calculator
D. AWS Pricing Calculator With the AWS Pricing Calculator, you can input the service you will use, and the configuration of those services, and get an estimate of the costs these services will accrue. AWS Pricing Calculator lets you explore AWS services, and create an estimate for the cost of your use cases on AWS.
You organization is multi-national and uses multiple AWS regions. Which AWS service can be used to route users to the nearest data center to reduce latency? A. AWS VPC B. AWS IAM C. AWS 0rganizations D. AWS Route53
D. AWS Route53 Amazon Route53 effectively connects user requests to infrastructure running in AWS - such as Amazon EC2 instances, Elastic Load Balancing load balancers, or Amazon S3 buckets - and can also be used to route users to infrastructure outside of AWS. You can use Amazon Route53 to configure DNS health checks to route traffic to healthy endpoints or to independently monitor the health of your application and its endpoints. Amazon Route53 Traffic Flow makes it easy for you to manage traffic globally through a variety of routing types, including Latency Based Routing, Geo DNS, Geoproximity, and weighted Round Robin - all of which can be combined with DNS Failover to enable a variety of low-latency, fault tolerant architectures. Using Amazon Route53 Traffic Flow's simple visual editor, you can easily manage how your end users are routed to your application's endpoints - whether in a single AWS region or around the globe. Amazon Route53 also offers Domain name Registration - you can purchase and manage domain names such as example.com, and Amazon Route53 will automatically configure DNS settings for your domains.
A software development team has requested IAM access to be able to work with AWS from the CLI. What will you provide these developers? A. Security Token B. Root user credentials C. Username and password D. Access keys
D. Access Keys Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API.
What AWS service lets you provision a logically isolated system of the AWS Cloud? A. Amazon RDS B. Elastic Network Interface C. Amazon Route53 D. Amazon Virtual Private Cloud
D. Amazon Virtual Private Cloud Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud. You have complete control over your virtual networking environment, including the selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.
Which is a core design principle for deploying resources in AWS? A. Plan ahead for hardware capacity B. Estimate your S3 storage needs up front C. Use a tight coupling of your resources and applications D. Deploy in multiple Availability Zones
D. Deploy in multiple Availability Zones Deploying in multiple Availability Zones will protect against downtime should an Availability Zone be lost.
Which S3 storage class is the best value for long-term storage? A. S3 Standard Infrequently-Accessed B. S3 Intelligent Tiering C. S3 Standard D. Glacier
D. Glacier Glacier is a low-cost storage option for Data Archiving. It can take several hours to retrieve the data, but if this is acceptable, it is the best value for long-term storage of data.
Configuring user permissions so that users can access only the resources they need to do their job follows what principle? A. Principle of 0rganization B. IAM Principle C. Principle of Minimum Permissions D. Principle of Least Privilege
D. Principle of Least Privilege When you create IAM policies, follow the standard security advice of granting the least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do, and then craft policies that allow them to perform only those tasks.
A company is migrating to the AWS Cloud. They need to set up DNS in the cloud. Which service is a highly available and scalable cloud DNS service in AWS? A. Amazon Macie B. Amazon VPC C. CloudFront D. Route53
D. Route53 Amazon Route53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP address like 192.0.2.1 that computes use to connect. Amazon Route53 is fully compliant with IPv6 as well.
You need to set up a virtual firewall for your EC2 instance. Which would you use? A. IAM Policy B. Network ACL C. Subnet D. Security Group
D. Security Group A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.
You want to define a virtual network in your AWS Cloud to be able to launch resources in that virtual network. Wht do you need to configure? A. Virtual Private Gateway B. AWS 0rganizations C. Internet Gateway D. VPC
D. VPC Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.
Your design team has recommended the need to distribute incoming traffic across multiple EC2 instances and also across multiple availability zones. Which AWS service can accomplish this? A. CloudFormation B. Elastic Load Balancer C. CloudFront D. Auto Scaling Group
Elastic Load Balancing
You have decided to use the AWS Cost and Usage Report to track your EC2 Reserved Instance costs. Which AWS service can be used to store AWS Cost and Usage Report files? A. An S3 Bucket that you own B. Trusted Advisor C. An AWS owned S3 Bucket D. CloudWatch
A. An S3 Bucket that you own The AWS Cost and Usage Report (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use Cost and Usage Reports to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that break down your costs by the hour or day, by product or product resource, or by tags that you define yourself. AWS updates the report in your bucket once a day in comma-separated value (CSV) format. You can view the reports using spreadsheet software such as Microsoft Excel or Apache OpenOfficeCalc, or access them from an application using the Amazon S3 API.
A travel company has an application that serves customers worldwide. Which AWS service can speed up delivery of content to this widespread customer base? A. CloudFront B. S3 C. OpsWorks D. CodeDeploy
A. CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS - both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services.
You are concerned about access to your top-secret application by stolen passwords. What additional layer of security can you add for logging into AWS Management Console, in addition to user password? A. Multi-Factor Authentication B. AWS Transcribe C. AWS Voice Recognition D. Secret Access Keys
A. Multi-Factor Authentication AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your username and password. With MFA enabled, when a user sings into an AWS Management Console, they will be prompted for their username and password (the first factor - what they know), as well as for an authentication code from their AWS MFA device (the second factor - what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.
After configuring your VPC and all of the resources within it, you want to add an extra layer of security at the subnet level. Which will you use to add this security? A. Network ACL B. Private IP Address C. IAM D. Security Group
A. Network ACL A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups to add an additional layer of security to your VPC.
A company is contemplating a move to the AWS Cloud. What benefits can be gained from such a move? A. The company can focus on its business rather than managing a data center B. All encryption is handled by AWS C. There is no need to patch guest operating systems D. The worry of long-term cost is eliminated
A. The company can focus on its business rather than managing a data center The AWS Cloud consists of data centers. But these data centers are the sole responsibility of AWS. This frees the customer up to focus on their business.
Which AWS service can help you optimize your AWS environment by giving recommendations to reduce cost, increase security, and improve performance? A. AWS 0ptimizations B. AWS CloudTrail C. AWS Trusted Advisor D. AWS Inspector
C. AWS Trusted Advisor AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. Trusted Advisor checks help optimize your AWS infrastructure, increase security and performance, reduce you overall costs, and monitor service limits. Whether establishing new workflows, developing applications, or as a part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally.
Which of the following is an AWS Global Service? A. EC2 B. RDS C. CloudFront D. VPC
C. CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.
A software company is looking for a tool to automate their deployments from end to end. Which AWS service can provide this continuous delivery functionality? A. CodeBuild B. CodeDeploy C. CodePipeline D. CodeCommit
C. CodePipeline AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This enables you to rapidly and reliably deliver features and updates.
You have upgraded your AWS support plan to the Business support level. What is true of the Business Support Plan? A. < 15 minute response time support when your production system goes down B. < 1 hour response time support when you production system goes down C. < 15 minute response time support if your business-critical system goes down D. < 24 hour response time support when your production system goes down
B. < 1 hour response time support when you production system goes down The Business level support plan provides one hour or less response time support for production level failures.
A small startup is configuring its AWS cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group? A. Tagging B. AWS IAM C. AWS 0rganizations D. Resource Group
B. AWS IAM AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permission to allow and deny their access to AWS resources.
After experiencing unusual behavior in your AWS account, you need to determine if there are any issues with AWS that may be affecting your account. What section of the AWS portal helps you to inspect account alerts and find remediation guidance for your account? A. AWS Service Health Dashboard B. AWS Personal Health Dashboard C. AWS SNS D. AWS CloudWatch
B. AWS Personal Health Dashboard AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, the Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.
Users need to access AWS resources from the command-line interface. Which IAM option can be used for authentication? A. IAM Policy B. Access Keys C. IAM Role D. IAM Group
B. Access Keys You must provide your AWS access keys to make programmatic calls to AWS or to use the AWS Command Line Interface or AWS Tools for PowerShell. When you create your access keys, you create the access key ID (for example, AKIAIOSFODNN7EXAMPLE) and secret access key (for example, wJaIrXUtnFEI/K7MDENG/bPxRfiCYEXAMPLEKEY) as a set. The secret access key is available for download only when you create it. If you don't download your secret access key or if your lose it, you must create a new one.
You have many database backups that you need to store for an indefinite amount of time. If the backups are ever needed, they just need to be retrieved within 6 hours. What is the lowest cost solution for this scenario? A. Amazon S3 B. Amazon Glacier C. Amazon S3 Standard-IA D. Amazon EFS
B. Amazon Glacier Amazon Glacier provides the lowest cost option for long-term storage and is perfectly suited for this scenario. The backups would not need to be retrieved quickly, so Glacier is the best option.
Your company has recently migrated large amounts of data to the AWS cloud in S3 buckets. But it is necessary to discover and protect the sensitive data in these buckets. Which AWS service can do that? A. AWS Inspector B. Amazon Macie C. GuidDuty D. CloudTrail
B. Amazon Macie Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
When configuring an Application Load Balancer, what step will you take to ensure a highly available architecture? A. Set up multiple Edge Locations for your load balancer B. Configure the Load Balancer to serve traffic to multiple Availability Zones C. Set up more than on ALB D. Set up cross-region Load Balancing
B. Configure the Load Balancer to serve traffic to multiple Availability Zones You would set up the load balancer to deliver traffic across multiple Availability Zones.
You need to store key-value pairs of users and their high scores for a gaming application. Which is the best option for this type of data? A. Amazon RedShift B. DynamoDB C. RDS MySQL D. AWS S3
B. DynamoDB DynamoDB is ideally suited for storing key-value pairs as it is a key-value and document database that delivers single-digit millisecond performance at any scale.
A development team has created a large amount of CloudFormation templates in the JSON format. Which AWS database can store these documents? A. AWS MySQL B. DynamoDB C. Amazon RedShift D. Amazon Aurora
B. DynamoDB The latest DynamoDB update added support for JSON data, making it easy to store JSON documents in a DynamoDB table while preserving their complex and possibly nested shape. Now, the AWS SDK for .NET has added native JSON support, so you can use raw JSON data when working with DynamoDB. This is especially helpful if your application needs to consume or produce JSON (for instance, if your application is talking to a client-side component that uses JSON to send and receive data), as you no longer need to manually parse or compose this data.
AWS Trusted Advisor provides checks in 5 different categories. Which item is not one of those checks? A. Security B. Elasticity C. Cost Optimization D. Fault Tolerance
B. Elasticity Although this a valued concept in AWS, it is not one of the 5 checks provided in Trusted Advisor
An application that experiences highly variable traffic throughout the data has been configured in AWS. The capacity configured to serve this application adjusts to demands throughout the day. Which AWS principle does this describe? A. High Availability B. Elasticity C. Viscosity D. Durability
B. Elasticity The ability to acquire resources as you need them and release resources when you no longer need them. In the cloud, you want to do this automatically.
You are creating a few IAM policies. This is the first time you have worked with IAM policies. Which tool can you use to test IAM policies? A. Amazon GuardDuty B. IAM Policy Simulator C. CloudWatch D. Amazon Inspector
B. IAM Policy Simulator With the IAM Policy Simulator, you can test and troubleshoot identity-based policies, IAM permissions boundaries, organizations service control policies, and resource-based policies.
A company has a large number of S3 buckets and needs to manage and automate tasks on these buckets at one time. Which AWS feature can do this? A. Tagging B. Resource Groups C. IAM Groups D. IAM
B. Resource Groups You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time. This guide shows you how to create and manage resource groups in AWS Resource Groups: https://docs.aws.amazon.com/ARG/latest/userguide/welcome.html
You have infrequently accessed data in S3 buckets that you want to transfer to Glacier. What can you use in AWS to do this? A. Bucket Policy B. S3 Lifecycle Policy C. Database Migration Service D. Cross Origin Resource Sharing (CORS)
B. S3 Lifecycle Policy You can add rules in an S3 Lifecycle configuration to tell Amazon S3 to transition objects to another Amazon S3 storage class. For example: when you know that objects are infrequently accessed, you might transition them to the S3 Standard-IA storage class. You might want to archive objects that you don't need to access in real time to the S3 Glacier storage class.
You are gathering information to present to management on a potential move to the AWS Cloud. Which items are part of the 6 advantages of cloud computing? Choose 2. A. Benefit from small economies of scale B. Trade capital expense for variable expense C. Increase speed and agility D. Easily predict capacity
B. Trade capital expense for variable expense C. Increase speed and agility Instead of having to invest heavily in data centers and servers before you know how you're going to use them, you can only pay when you consume computing resources, and you only pay for how much you consume. In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization since the cost and time it takes to experiment and develop is significantly lower.
A large company is using multiple AWS accounts and would like to benefit from available volume discounts in AWS. Which AWS feature will enable the company to get volume discounts? A. Contact AWS to request volume discounts B. Use AWS 0rganizations and its consolidated billing feature to consolidate billing and payment for multiple AWS accounts C. Use free tier as much as possible D. Upgrade to an Enterprise Support Plan
B. Use AWS 0rganizations and its consolidated billing feature to consolidate billing and payment for multiple AWS accounts Consolidated Billing has the benefit of combining usage across all accounts in the organization to share the volume pricing discounts, Reserved Instance discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts.
A recent audit has dictated that a company begin keeping a log of AWS Management Console actions and API calls. Which AWS service can help with this? A. AWS X-Ray B. AWS Inspector C. AWS CloudTrail D. CloudWatch
C. AWS CloudTrail AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the called occurred.
Several S3 Buckets have been deleted, and a few EC2 instances have been terminated. Which AWS service can you use to determine who took these actions? A. AWS CloudWatch B. Trusted Advisor C. AWS CloudTrail D. AWS Inspector
C. AWS CloudTrail CloudTrail provides the event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
A company wants to deploy applications entirely on a serverless platform. Which AWS service can they use to build their applications without worrying about managing servers? A. EC2 B. CloudFormation C. AWS Lambda D. ElastiCache
C. AWS Lambda AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume.
A small company wants to deploy a new system in the AWS Cloud but does not have anyone with the required AWS skill set to perform the deployment. Which AWS service can help with this? A. AWS Partner Network (APN) Technology Partners B. Trusted Advisor C. AWS Partner Network (APN) Consulting Partners D. AWS CloudFormation
C. AWS Partner Network (APN) Consulting Partners APN Consulting Partners are professional services firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, acclerating their journey to the cloud. APN Consulting Partners often implement Technology Partner solutions in addition to the professional services they offer.
A new application needs temporary access to resources in AWS How can this best be achieved? A. Store access key in an S3 Bucket and give the application access to the bucket B. Add the application to a group that has the appropriate permissions C. Create an IAM Role and have the application assume the role D. Create an IAM Policy and attach it to the application
C. Create an IAM Role and have the application assume the role Use an IAM Role to manage temporary credentials for applications that run on an EC2 instance. When you use a role, you don't have to distribute long-term credentials (such as a username and password or access keys) to an EC2 instance. Instead, the role supplies temporary permissions that applications can use when they make calls to other AWS resources. When you launch an EC2 instance, you specify an IAM Role to associate with the instance. Applications that run on the instance can then use the role-supplied temporary credentials to sign API requests.
Your company has decided to migrate a SQL Server database to a newly created AWS account. Which service can be used to migrate the database? A. DynamoDB B. AWS RDS C. Database Migration Service D. ElastiCache
C. Database Migration Service AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The Database Migration Service can migrate your data to and from the most widely used commercial and open-source databases.
An on-premises application requires a consistent, high-speed connection to the AWS Cloud environment that is better than the Internet-based connection. Which AWS service can provide this connection? A. VPC Peering B. STS C. Direct Connect D. AWS VPN
C. Direct Connect AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations.
In order to improve fault tolerance, you would like to begin using services that provide fault tolerance. Which AWS services provide automatic replication across Availability Zones? Choose 2. A. VPC B. EC2 C. DynamoDB D. S3
C. DynamoDB D. S3 DynamoDB and S3 provide this replication.
Which of the following is an AWS Global Service? A. VPC B. Amazon RDS C. IAM D. EC2
C. IAM Identity and Access Management is a Global service.
Several EC2 instances in a public subnet need internet access. Which will you configure as one step in granting internet access? A. VPC Peering B. NAT Gateway C. Internet Gateway D. API Gateway
C. Internet Gateway An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.
You have a short term computing task to complete. It is essential that this task run uninterrupted from start to finish. Which is the best EC2 option for this task? A. Spot Instances B. Reserved Instances C. On-Demand Instances D. Dedicated Hosts
C. On-Demand Instances It is a short term project, which rules out reserved instances, and it has to run uninterrupted, which rules out Spot instances. With On-Demand instances, you pay for compute capacity by the hour or the second, depending on which instances you run. No longer-term commitments or upfront payments are needed. You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified per hourly rates for the instance you use.
Upon venturing into using the AWS Cloud, you company decides to follow the 5 pillars of the AWS Well Architected Framework. Which items are pillars of the Well Architected Framework? Choose 2. A. Elasticity B. Scalability C. Operational Excellence D. Reliability E. Ease of Use
C. Operational Excellence D. Reliability The operation excellence pillar includes the ability to run and monitor systems to deliver business value to improve supporting processes and procedures continually. The Reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as configurations or transient network issues.
You need an AWS service that can identify objects, people, test, scenes, and activities in images and video. Which service would you choose? A. CloudWatch B. CloudSearch C. Rekognition D. AWS Inspector
C. Rekognition Amazon Rekognition makes it easy to add image and video analysis to your applications using proven, highly scalable, deep learning technology that requires no machine learning expertise to use.
You have been tasked with going into the AWS company account and getting information on saving money, improving system performance and reliability, and closing security gaps. Which tool can you use to get this information? A. AWS Cost and Usage Reports B. CloudWatch C. Trusted Advisor D. AWS Inspector
C. Trusted Advisor AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. Trusted Advisor helps optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits.
