AWS Cloud Certification Prep
A customer provisioned an on-demand EC2 instance using a Linux AMI. The instance ran for 10 hours, 3 minutes, and 7 seconds before the user terminated it. How much time will the customer be billed for? - 10 hours, 3 minutes, and 7 seconds - 10 hours - 10 hours, 3 minutes - 10 hours, 4 minutes
- 10 hours, 3 minutes, and 7 seconds You are billed down to the second for an EC2 instance.
Which of the following statements are CORRECT regarding the AWS VPC service? (Select two) - A Security Group can have allow rules only - A NAT Instance is managed by AWS - A NAT Gateway is managed by AWS - A NACL can have allow rules only - A Security Group can have both allow and deny rules
- A Security Group can have allow rules only - A NAT Gateway is managed by AWS
Which AWS service will help you receive alerts when the reservation utilization falls below the defined threshold? - AWS CloudTrail - AWS Simple Monthly Calculator - AWS Budgets - AWS Trusted Advisor
- AWS Budgets
Which of the following data sources are used by Amazon Detective to analyze events and identify potential security issues? - AWS CloudTrail logs, Amazon VPC Flow Logs and Amazon GuardDuty findings - Amazon CloudWatch Logs, Amazon VPC Flow Logs and Amazon GuardDuty findings - Amazon CloudWatch Logs, AWS CloudTrail logs and S3 Access Logs - Amazon CloudWatch Logs, AWS CloudTrail logs and Amazon Inspector logs
- AWS CloudTrail logs, Amazon VPC Flow Logs and Amazon GuardDuty findings AWS CloudTrail logs, Amazon VPC Flow Logs and Amazon GuardDuty findings - Amazon Detective can analyze trillions of events from multiple data sources such as Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail, and Amazon GuardDuty, and automatically creates a unified, interactive view of your resources, users, and the interactions between them over time.
Which of the following solutions can you use to connect your on-premises network with AWS Cloud (Select two). - AWS Direct Connect - Amazon Route 53 - AWS VPN - Amazon VPC - Internet Gateway
- AWS Direct Connect - AWS VPN
Which services should you use to automate the creation of AWS developer accounts and to allow access to the AWS services required by those account entities? - AWS Systems Manager - Amazon Cognito - IAM - AWS Organizations
- AWS Organizations
Data encryption is automatically enabled for which of the following AWS services? (Select two)? - Amazon EBS volumes - AWS Storage Gateway - Amazon S3 Glacier - Amazon EFS drives - Amazon Redshift
- AWS Storage Gateway - Amazon S3 Glacier
Data encryption is automatically enabled for which of the following AWS services? (Select two)? - Amazon EBS volumes - AWS Storage Gateway - Amazon S3 Glacier - Amazon EFS drives - Amazon Redshift
- AWS Storage Gateway - Amazon S3 Glacier
A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task? - AWS Trusted Advisor - AWS Systems Manager - AWS Personal Health Dashboard - Amazon Inspector
- AWS Systems Manager AWS Systems Manager allows you to centralize operational data from multiple AWS services and automate tasks across your AWS resources. You can create logical groups of resources such as applications, different layers of an application stack, or production versus development environments.
Which AWS service can be used to provision resources to run big data workloads on Hadoop clusters? - Amazon EC2 - AWS Batch - Amazon EMR - AWS Step Function
- Amazon EMR
Which AWS service can be used as an in-memory database with high-performance and low latency? - Amazon Athena - Amazon DynamoDB - Amazon ElastiCache - Amazon RDS
- Amazon ElastiCache
Which of the following AWS services can be used to continuously monitor both malicious activities as well as unauthorized behavior to protect your AWS accounts and workloads? - Amazon GuardDuty - AWS Security Hub - Amazon Detective - Amazon Inspector
- Amazon GuardDuty Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3.
You would like to give an application running on one of your EC2 instances access to an S3 bucket. What is the best way to implement this? - Use an IAM user for the application - Give the application a set of access keys - Assign the instance an IAM role - Make the bucket public
- Assign the instance an IAM role The recommended method to assign permissions to apps running in EC2 is to use IAM roles.
Which AWS Support plan provides architectural guidance contextual to your specific use-cases? - Developer - Business - Enterprise - Basic
- Business
A cyber forensics team has detected that AWS owned IP-addresses are being used to carry out malicious attacks. As this constitutes prohibited use of AWS services, which of the following is the correct solution to address this issue? - Contact AWS Abuse Team - Contact AWS Developer Forum moderators - Contact AWS Support - Write an email to Jeff Bezos, the CEO of Amazon, with the details of the incident
- Contact AWS Abuse Team
Which policy will provide information on performing penetration testing on your EC2 instances? - IAM policy - AWS Customer Agreement - JSON policy - Customer Service Policy for Penetration Testing
- Customer Service Policy for Penetration Testing
Which AWS service has fault tolerance in a multi-AZ configuration by default? (Please select two.) -Elasticache - DynamoDB - RDS - ELB - S3
- DynamoDB - S3
Which of the following statements are CORRECT regarding the Availability Zone (AZ) specific characteristics of EBS and EFS storage types? - EBS volume can be attached to one or more instances in multiple Availability Zones and EFS file system can be mounted on instances in the same Availability Zone - EBS volume can be attached to one or more instances in multiple Availability Zones and EFS file system can be mounted on instances across multiple Availability Zones - EBS volume can be attached to a single instance in the same Availability Zone and EFS file system can only be mounted on instances in the same Availability Zone - EBS volume can be attached to a single instance in the same Availability Zone whereas EFS file system can be mounted on instances across multiple Availability Zones
- EBS volume can be attached to a single instance in the same Availability Zone whereas EFS file system can be mounted on instances across multiple Availability Zones
Select the service you would use to distribute traffic between EC2 instances on AWS. - ELB - Sticky session - EIP - Network ACLs
- ELB
Your company is deploying a new web application to AWS. Where would you store the most frequently accessed data on the application so that the application response time can be handled faster? - S3 -Elasticache - RDS - EBS
- Elasticache
Which AWS Support plan guarantees a case response time of 15 minutes when Business Critical systems are down? - Developer - Business - Enterprise - Basic
- Enterprise
Which of the following are correct statements regarding the AWS Shared Responsibility Model? (Select two) - AWS is responsible for training AWS and customer employees on AWS products and services - For a service like Amazon EC2, that falls under Infrastructure as a Service, AWS is responsible for maintaining guest operating system - Configuration Management is the responsibility of the customer - For abstracted services like Amazon S3, AWS operates the infrastructure layer, the operating system, and platforms - AWS is responsible for Security "of" the Cloud
- For abstracted services like Amazon S3, AWS operates the infrastructure layer, the operating system, and platforms - AWS is responsible for Security "of" the Cloud
You are creating a few IAM policies. This is the first time you have worked with IAM policies. Which tool can you use to test IAM policies? - IAM policy simulator - Amazon GuardDuty - CloudWatch - Amazon Inspector
- IAM policy simulator The IAM policy simulator allows you to test and troubleshoot identity-based policies, IAM permissions boundaries, service control policies (SCPs), and resource-based policies. Whereas Inspector works with EC2 instances to uncover and report vulnerabilities. Amazon Inspector actually examines your applications and looks for security vulnerabilities, but it cannot examine individual policies.
What kind of benefit does Amazon ElastiCache offer? - High-speed distributed relational database - In-memory cache database - High-speed search engine -HaDoop framework
- In-memory cache database
Which type of Cloud Computing does Amazon Elastic Compute Cloud (EC2) represent? - Infrastructure as a Service (IaaS) - Software as a Service (SaaS) - Platform as a Service (PaaS) - Network as a Service (NaaS)
- Infrastructure as a Service (IaaS)
What do you need in order to connect to your Amazon EC2 instance? - Access Key - Key pair - Secret Access key - IAM policy
- Key pair
AWS Web Application Firewall (WAF) offers protection from common web exploits at which layer? - Layer 4 - Layer 4 and 7 - Layer 7 - Layer 3
- Layer 7
Which following statement is true of newly created security groups with their default rules? - New security groups allow only outbound traffic and block all incoming traffic. - New security groups allow both incoming and outbound traffic. - New security groups block both incoming and outbound traffic. - New security groups block outbound traffic and allow all incoming traffic.
- New security groups allow only outbound traffic and block all incoming traffic. By default, new security groups start with only an outbound rule to allow all traffic to leave the instances. You must add rules to enable any inbound traffic.
AWS Lambda pricing is based on which of the following criteria? (Select two) - Number of requests for the lambda function - The number of lines of code for the lambda function - The language runtime of the lambda function - The size of the deployment package for the lambda function - The time it takes for the lambda function to execute
- Number of requests for the lambda function - The time it takes for the lambda function to execute
Which AWS EC2 pricing model is the most cost-effective and flexible with no requirement for a long term resource commitment or upfront payment but still guarantees that instance would not be interrupted? - Reserved Instances - Spot Instances - On-demand Instances - Dedicated Hosts
- On-demand Instances
A company would like to automate the configuration of its servers and deploy code to servers in the cloud and on-premises. Which service meets the requirement? -CodeBuild -OpsWorks - Elastic Beanstalk -CodeDeploy
- OpsWorks OpsWorks allows you to use Chef or Puppet to automate the configuration of your servers and deploy code on-premises or the cloud. While CodeDeploy can deploy code to the cloud and on-premises, it is not used to automate the configuration of servers like OpsWorks.
A user uses CloudFormation to deploy infrastructure to multiple Regions. This multi-Region deployment strategy involves which pillar of the AWS Well-Architected Framework? - Performance Efficiency - Reliability - Operational Excellence - Security
- Performance Efficiency This Performance Efficiency pillar focuses on the effective use of resources to meet demand. Whereas the Operational Excellence pillar focuses on building applications that effectively support your workloads.
Which cloud deployment does not offer the advantages of cloud computing? - On-premises cloud - Public cloud - Hybrid cloud - Private cloud
- Private cloud
A company would like to optimize Amazon EC2 costs. Which of the following actions can help with this task? (Select TWO) - Purchase EC2 Reserved instances -Opt for a higher AWS Support plan - Build its own servers - Set up Auto Scaling groups to align the number of instances with demand - Vertically scale the EC2 instances
- Purchase EC2 Reserved instances - Set up Auto Scaling groups to align the number of instances with demand
Which of the following AWS services support reservations to optimize costs? (Select three) - S3 - Lambda - RDS - EC2 Instances - DynamoDB -DocumentDB
- RDS - EC2 Instances - DynamoDB
Which of the following AWS services support reservations to optimize costs? (Select three) - S3 (Incorrect) - Lambda - RDS - EC2 Instances - DynamoDB -DocumentDB
- RDS - EC2 Instances - DynamoDB
A company has a large number of S3 buckets and needs to manage and automate tasks on these buckets at one time. Which AWS feature can do this? - IAM - IAM groups - Resource groups - Tagging
- Resource groups You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time. Whereas Tagging assists with the organization of resources, but not directly managing those resources.
Which of the following AWS services is directly installed in a region without the use of an AZ ? - RDS - EC2 - ELB - S3
- S3
Your company is building a scalable and dynamic web application on AWS. Which of the following services can automatically achieve scalability without user configuration? - S3 - EC2 - ECS - RDS
- S3
AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations for which of the following categories? (Select two)? - Documentation - Elasticity - Service Limits - Change Management - Cost Optimization
- Service Limits - Cost Optimization
Which of the following AWS services specialize in data migration from on-premises to AWS Cloud? (Select two) - Direct Connect - Site-to-Site VPN - Snowball - Transit Gateway - Database Migration Service
- Snowball - Database Migration Service
A company is migrating its workloads to AWS. Which tool will help the company estimate their potential cloud bill and calculate their overall total cost of ownership (TCO) based on their current workloads? - The company can open an account and billing support case with AWS Support to get help with estimating the TCO. - The company can use the AWS Pricing Calculator. - The company can research the published prices of the AWS services and manually calculate the estimate. - The company can use the Cost Explorer to visualize its estimated TCO.
- The company can use the AWS Pricing Calculator. The Pricing Calculator provides an estimate of AWS fees and charges. Since the company knows the workload details, the AWS Pricing Calculator can also help with calculating the total cost of ownership.
Which of the following services can carve-out part of the AWS cloud? - VPC - AZ - ELB - Subnet
- VPC
Which AWS service will you use to privately connect your VPC to Amazon S3? - Amazon API Gateway - AWS Transit Gateway - AWS Direct Connect - VPC Endpoint Gateway
- VPC Endpoint Gateway (A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.)
By default, when using consolidated billing, which of the following will the master paying account be able to do in the member account? - Grant access to member accounts to other users - View billing information - Make changes to resources - View any data stored
- View billing information By default, using consolidated billing only allows the master account to view the billing information for the member accounts.
Which of the following are components of an AWS Site-to-Site VPN? (Select two) - Virtual Private Gateway - Customer Gateway - Internet Gateway - Storage Gateway - NAT Gateway
- Virtual Private Gateway - Customer Gateway
Which of the following statements are correct regarding the health monitoring and reporting capabilities supported by AWS Elastic Beanstalk? (Select two) - With basic health reporting, the Elastic Beanstalk service does not publish any metrics to Amazon CloudWatch - AWS Elastic Beanstalk provides only basic health reporting system; Combined with Elastic Load Balancer, they provide advanced health check features - In a single instance environment, Elastic Beanstalk determines the instance's health by monitoring the Elastic Load Balancing health settings - The Elastic Beanstalk health monitoring can determine that the environment's Auto Scaling group is available and has a minimum of at least one instance - The basic health reporting system that provides information about the health of instances in an Elastic Beanstalk environment does not use health checks performed by Elastic Load Balancing
- With basic health reporting, the Elastic Beanstalk service does not publish any metrics to Amazon CloudWatch - The Elastic Beanstalk health monitoring can determine that the environment's Auto Scaling group is available and has a minimum of at least one instance
The 5 pillars of the AWS Well-Architected Framework
1. Cost Optimization 2. Operational Excellence 3. Reliability 4. Performance 5. Security
What are the 3 Cloud Computing Models?
1. IaaS (Infrastructure as a Service) 2. PaaS (Platform as a Service) 3. SaaS (Software as a Service)
Which Global Infrastructure identity is composed of one or more discrete data centers with redundant power, networking, and connectivity, and are used to deploy infrastructure? 1. Edge Locations 2. Availability Zones 3. Regions
2. Availability Zones This is the definition of Availability Zones.
What is the pricing model of Cloud Computing? 1. Discounts over time 2. Pay-as-you-go pricing 3. Pay once a year 4. Flat-rate pricing
2. Pay-as-you-go pricing In Cloud Computing, you are only charged for what you use.
Which of the following is NOT an advantage of Cloud Computing? 1. Trade capital expense (CAPEX) for operational expense (OPEX) 2. Train your employees less 3. Go global in minutes 4. Stop spending money running and maintaining data centers
2. Train your employees less
Which of the following statements are correct regarding Amazon API Gateway? (Select two) 1. API Gateway does not yet support API result caching 2. API Gateway creates RESTful APIs, Storage Gateway creates WebSocket APIs 3. API Gateway can be configured to send data directly to Amazon Kinesis Data Stream 4. API Gateway can call an AWS Lambda function to create the front door of a serverless application 5. If an API response is served by the cached data, it is not considered an API call for billing purposes
3. API Gateway can be configured to send data directly to Amazon Kinesis Data Stream 4. API Gateway can call an AWS Lambda function to create the front door of a serverless application
Which of the following options is NOT a point of consideration when choosing an AWS Region? 1. Compliance with data governance 2. Latency 3. Capacity availability 4. Pricing
3. Capacity availability Capacity is unlimited in the cloud, you do not need to worry about it.
Which are the 3 pricing fundamentals of the AWS Cloud? 1. Compute, Storage, and Data transfer in the AWS Cloud 2. Compute, Networking, and Data transfer out of the AWS Cloud 3. Compute, Storage, and Data transfer out of the AWS Cloud 4. Compute, Functions, and Data transfer in the AWS Cloud
3. Compute, Storage, and Data transfer out of the AWS Cloud
Which of the following is NOT one of the Five Characteristics of Cloud Computing? 1. Rapid elasticity and scalability 2. Multi-tenancy and resource pooling 3. Dedicated Support Agent to help you deploy applications 4. On-demand self service
3. Dedicated Support Agent to help you deploy applications
A company would like to benefit from the advantages of the Public Cloud but would like to keep sensitive assets in its own infrastructure. Which deployment model should the company use? 1. Private Cloud 2. Public Cloud 3. Hybrid Cloud
3. Hybrid Cloud Using a Hybrid Cloud deployment model allows you to benefit from the flexibility, scalability and on-demand storage access while keeping security and performance of your own infrastructure.
Which of the following is the definition of Cloud Computing? 1. Rapidly develop, test and launch software applications 2. Automatic and quick ability to acquire resources as you need them and release resources when you no longer need them 3. On-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user 4. Change resource types when needed
3. On-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user.
You ONLY want to manage Applications and Data. Which type of Cloud Computing model should you use? 1. On-Premises 2. Infrastructure as a Service (IaaS) 3. Platform as a Service (PaaS) 4. Software as a Service (SaaS)
3. Platform as a Service In the Platform as a Service model, you only manage the data and the applications.
AWS Regions are composed of? 1. Two or more Edge Locations 2. One or more discrete data centers 3. Two or more Availability Zones
3. Two or more Availability Zones AWS Regions consist of multiple, isolated, and physically separate Availability Zones within a geographic area.
Which of the following is a repository service that helps in maintaining application dependencies via integration with commonly used package managers and build tools like Maven, Gradle, npm, etc? - AWS CodeStar - AWS CodeArtifact - AWS CodeCommit - AWS CodeBuild
AWS CodeArtifact
Which AWS service will you use if you have to move large volumes of on-premises data to AWS Cloud from a remote location with limited bandwidth? - AWS Snowball - AWS Transit Gateway - AWS Direct Connect - AWS Virtual Private Network (VPN)
AWS Snowball (AWS Snowball, a part of the AWS Snow Family, is a data migration and edge computing device. If you have large quantities of data you need to migrate into AWS, offline data transfer with AWS Snowball can overcome the challenge of limited bandwidth, and avoid the need to lease additional bandwidth.)
Which of the following AWS services can be used to continuously monitor both malicious activities as well as unauthorized behavior to protect your AWS accounts and workloads? - Amazon GuardDuty - AWS Security Hub - Amazon Detective - Amazon Inspector
Amazon GuardDuty
An e-commerce company uses AWS Cloud and would like to receive separate invoices for development and production environments. As a Cloud Practitioner, which of the following solutions would you recommend for this use-case? - Use AWS Cost Explorer to create separate invoices for development and production environments - Tag all resources in the AWS account as either "development" or "production". Then use the tags to create separate invoices - Create separate AWS accounts for development and production environments to receive separate invoices - Use AWS Organizations to create separate invoices for development and production environments
Create separate AWS accounts for development and production environments to receive separate invoices
As per the AWS shared responsibility model, which of the following is a responsibility of the customer from a security and compliance point of view? - Managing patches of the guest operating system on Amazon EC2 - Availability Zone infrastructure management - Configuration management for AWS global infrastructure - Patching/fixing flaws within the AWS infrastructure
Managing patches of the guest operating system on Amazon EC2
According to the AWS Shared Responsibility Model, which of the following are responsibilities of the customer (select 2)? - Enabling data encryption of data stored in S3 buckets - Compliance validation of Cloud infrastructure - Operating system patches and updates of an EC2 instance - Ensuring AWS employees cannot access customer data - AWS Global Network Security
- Enabling data encryption of data stored in S3 buckets - Operating system patches and updates of an EC2 instance
