AWS cloud-practitioner-essentials
Which tasks are the responsibilities of AWS? (Select TWO.) A. Configuring AWS infrastructure devices B. Configuring security groups on Amazon EC2 instances C. Training company employees on how to use AWS services D. Creating IAM users and groups E. Maintaining virtualization infrastructure
A AND E A. Configuring AWS infrastructure devices E. Maintaining virtualization infrastructure
Which service or resource is used to find third-party software that runs on AWS? A. AWS Marketplace B. AWS Free Tier C. AWS Support D. Billing dashboard in the AWS Management Console
A. AWS Marketplace AWS Marketplace is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS.
You want to store data in a key-value database. Which service should you use? A. Amazon DynamoDB B. Amazon Aurora C. Amazon RDS D. Amazon DocumentDB
A. Amazon DynamoDB Amazon DynamoDB is a key-value database service. A key-value database might include data pairs such as "Name: John Doe," "Address: 123 Any Street," and "City: Anytown". In a key-value database, you can add or remove attributes from items in the table at any time. Additionally, not every item in the table has to have the same attributes.
Which statement or statements are TRUE about Amazon EBS volumes and Amazon EFS file systems? A. EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones. B. EBS volumes store data across multiple Availability Zones. Amazon EFS file systems store data within a single Availability Zone. C. EBS volumes and Amazon EFS file systems both store data within a single Availability Zone. D. EBS volumes and Amazon EFS file systems both store data across multiple Availability Zones.
A. EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones. An EBS volume must be located in the same Availability Zone as the Amazon EC2 instance to which it is attached. Data in an Amazon EFS file system can be accessed concurrently from all the Availability Zones in the Region where the file system is located
Which pricing tool enables you to receive alerts when your service usage exceeds a threshold that you have defined? A. Billing dashboard in the AWS Management Console B. AWS Budgets C. AWS Free Tier D. AWS Cost Explorer
B. AWS Budgets In AWS Budgets, you can set custom alerts that will notify you when your service usage exceeds (or is forecasted to exceed) the amount that you have budgeted. Your budget can be based on costs or usage. For example, you can set an alert that will notify you when you have incurred $100.00 of costs in Amazon EC2 or 500,000 requests in AWS Lambda
Which component or service enables you to establish a dedicated private connection between your data center and virtual private cloud (VPC)? A. Virtual private gateway B. AWS Direct Connect C. Internet gateway D. Amazon CloudFront
B. AWS Direct Connect AWS Direct Connect is a service that enables you to establish a dedicated private connection between your data center and VPC. The private connection that AWS Direct Connect provides helps you to reduce network costs and increase the amount of bandwidth that can travel through your network.
Which migration strategy involves changing how an application is architected and developed, typically by using cloud-native features? A. Rehosting B. Refactoring C. Repurchasing D. Replatforming
B. Refactoring
How does the scale of cloud computing help you to save costs? A. You do not have to invest in technology resources before using them. B. The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices. C. Accessing services on-demand helps to prevent excess or limited capacity. D. You can quickly deploy applications to customers and provide them with low latency.
B. The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.
The AWS Free Tier includes offers that are available to new AWS customers for a certain period of time following their AWS sign-up date. What is the duration of this period? A. 3 months B. 6 months C. 9 months D. 12 months
C. 9 months
Which task can AWS Key Management Service (AWS KMS) perform? A. Configure multi-factor authentication (MFA). B. Update the AWS account root user password. C. Create cryptographic keys. D. Assign permissions to users and groups.
C. Create cryptographic keys. AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.
Which site does Amazon CloudFront use to cache copies of content for faster delivery to users at any location? A. Region B. Availability Zone C. Edge location D. Origin
C. Edge location
Which Support plans include access to all AWS Trusted Advisor checks? (Select TWO.) A. Basic B. Enterprise C. AWS Free Tier D. Developer E. Business
B AND E B. Enterprise E. Business
Which actions can you perform in Amazon Route 53? (Select TWO.) A. Manage DNS records for domain names. B. Connect user requests to infrastructure in AWS and outside of AWS. C. Access AWS security and compliance reports and select online agreements. D. Monitor your applications and respond to system-wide performance changes. E. Automate the deployment of workloads into your AWS environment.
A AND B A. Manage DNS records for domain names. B. Connect user requests to infrastructure in AWS and outside of AWS. Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that are hosted in AWS. Additionally, you can transfer DNS records for existing domain names that are currently managed by other domain registrars, or register new domain names directly within Amazon Route 53.
You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.) A. IAM users B. IAM groups C. An individual member account D. IAM roles E. An organizational unit (OU)
A AND C A. IAM users C. An individual member account In AWS Organizations, you can apply service control policies (SCPs) to the organization root, an individual member account, or an OU. An SCP affects all IAM users, groups, and roles within an account, including the AWS account root user. You can apply IAM policies to IAM users, groups, or roles. You cannot apply an IAM policy to the AWS account root user.
Which actions can you perform using Amazon CloudWatch? Select TWO. A. Monitor your resources' utilization and performance B. Receive real-time guidance for improving your AWS environment C. Compare your infrastructure to AWS best practices in five categories D. Access metrics from a single dashboard E. Automatically detect unusual account activity
A AND D A. Monitor your resources' utilization and performance D. Access metrics from a single dashboard
Which tasks can you complete in AWS Artifact? Select TWO. A. Access AWS compliance reports on-demand. B. Consolidate and manage multiple AWS accounts within a central location. C. Create users to enable people and applications to interact with AWS services and resources. D. Set permissions for accounts by configuring service control policies (SCPs). E. Review, accept, and manage agreements with AWS.
A AND E A. Access AWS compliance reports on-demand. E. Review, accept, and manage agreements with AWS.
Which service would be used to send alerts based on Amazon CloudWatch alarms? A) Amazon Simple Notification Service (Amazon SNS) B) AWS CloudTrail C) AWS Trusted Advisor D) Amazon Route 53
A) Amazon Simple Notification Service (Amazon SNS) Amazon SNS and Amazon CloudWatch are integrated so users can collect, view, and analyze metrics for every active SNS. Once users have configured CloudWatch for Amazon SNS, they can gain better insight into the performance of their Amazon SNS topics, push notifications, and SMS deliveries.
Which statement best describes AWS Marketplace? A. A digital catalog that includes thousands of software listings from independent software vendors B. An online tool that inspects your AWS environment and provides real-time guidance in accordance with AWS best practices C. A resource that can answer questions about best practices and assist with troubleshooting issues D. A resource that provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications
A. A digital catalog that includes thousands of software listings from independent software vendors You can use AWS Marketplace to find, test, and buy software that runs on AWS.
Which component can be used to establish a private dedicated connection between your company's data center and AWS? A. AWS Direct Connect B. Private subnet C. Virtual private gateway D. DNS
A. AWS Direct Connect
Which service is used to quickly deploy and scale applications on AWS? A. AWS Elastic Beanstalk B. AWS Snowball C. AWS Outposts D. Amazon CloudFront
A. AWS Elastic Beanstalk You upload your application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.
You want to store data in a volume that is attached to an Amazon EC2 instance. Which service should you use? A. Amazon Elastic Block Store (Amazon EBS) B. Amazon ElastiCache C. Amazon Simple Storage Service (Amazon S3) D. AWS Lambda
A. Amazon Elastic Block Store (Amazon EBS) Amazon EBS provides block-level storage volumes that you can use with Amazon EC2 instances. If you stop or terminate an Amazon EC2 instance, all the data on the attached EBS volume remains available.
Which service is used to query and analyze data across a data warehouse? A. Amazon Redshift B. Amazon Neptune C. Amazon DocumentDB D. Amazon ElastiCache
A. Amazon Redshift Amazon Redshift is a data warehousing service that you can use for big data analytics. Use Amazon Redshift to collect data from many sources and help you understand relationships and trends across your data.
Which AWS Trusted Advisor category includes checks for your service limits and overutilized instances? A. Performance B. Cost Optimization C. Fault Tolerance D. Security
A. Performance
What is another name for on-premises deployment? A. Private cloud deployment B. Cloud-based application C. Hybrid deployment D. AWS Cloud
A. Private cloud deployment
You want Amazon S3 to monitor your objects' access patterns. Which storage class should you use? A. S3 Intelligent-Tiering B. S3 Glacier C. S3 Standard-IA D. S3 One Zone-IA
A. S3 Intelligent-Tiering In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects' access patterns. If you haven't accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If you access an object in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard.
Which virtual private cloud (VPC) component controls inbound and outbound traffic for Amazon EC2 instances? A. Security group B. Network access control list C. Internet gateway D. Subnet
A. Security group A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance. By default, a security group denies all inbound traffic and allows all outbound traffic. You can add custom rules to configure which traffic should be allowed or denied.
Which statement best describes security groups? A. They are stateful and deny all inbound traffic by default. B. They are stateful and allow all inbound traffic by default. C. They are stateless and deny all inbound traffic by default. D. They are stateless and allow all inbound traffic by default.
A. They are stateful and deny all inbound traffic by default. Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance. By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs.
Which factors should be considered when selecting a Region? Select TWO. A. Ability to assign custom permissions to different users B. Access to the AWS Command Line Interface (AWS CLI) C. Access to 24/7 technical support D. Compliance with data governance and legal requirements
D. Compliance with data governance and legal requirements
Which tasks are the responsibilities of customers? Select TWO. A. Maintaining network infrastructure B. Patching software on Amazon EC2 instances C. Implementing physical security controls at data centers D. Setting permissions for Amazon S3 objects E. Maintaining servers that run Amazon EC2 instances
B AND D B. Patching software on Amazon EC2 instances D. Setting permissions for Amazon S3 objects
Which tasks can you perform using AWS CloudTrail? Select TWO. A. Monitor your AWS infrastructure and resources in real time B. Track user activities and API requests throughout your AWS infrastructure C. View metrics and graphs to monitor the performance of resources D. Filter logs to assist with operational analysis and troubleshooting E. Configure automatic actions and alerts in response to metrics
B AND D B. Track user activities and API requests throughout your AWS infrastructure D. Filter logs to assist with operational analysis and troubleshooting
Which categories are included in the AWS Trusted Advisor dashboard? Select TWO. A. Reliability B. Performance C. Scalability D. Elasticity E. Fault tolerance
B AND E B. Performance E. Fault tolerance
Which Amazon S3 storage classes are optimized for archival data? Select TWO. A. S3 Standard B. S3 Glacier C. S3 Intelligent-Tiering D. S3 Standard-IA E. S3 Glacier Deep Archive
B AND E B. S3 Glacier E. S3 Glacier Deep Archive Objects stored in the S3 Glacier storage class can be retrieved within a few minutes to a few hours. By comparison, objects that are stored in the S3 Glacier Deep Archive storage class can be retrieved within 12 hours.
What are the scenarios in which you should use Amazon Relational Database Service (Amazon RDS)? Select TWO. A. Running a serverless database B. Using SQL to organize data C. Storing data in a key-value database D. Scaling up to 10 trillion requests per day E. Storing data in an Amazon Aurora database
B AND E B. Using SQL to organize data E. Storing data in an Amazon Aurora database
Which of the following are benefits of the AWS Cloud? (Select TWO.) A. Companies need increased IT staff B. Capital expenses are replaced with variable expenses C. Customers receive the same monthly bill regardless of which resources they use D. Companies gain increased agility E. AWS holds responsibility for security in the cloud
B and D B. Capital expenses are replaced with variable expenses D. Companies gain increased agility With the AWS Cloud, you benefit from Amazon's global purchasing of compute resources. You do not need to invest heavily in data centers. With the AWS Cloud, you make IT resources available to developers in minutes instead of weeks. The result is reduced cost and time for development, which increases agility.
Which service can identify the user that made the API call when an Amazon EC2 instance is terminated? A) AWS Trusted Advisor B) AWS CloudTrail C) AWS X-Ray D) AWS Identity and Access Management (AWS IAM)
B) AWS CloudTrail AWS CloudTrail helps users enable governance, compliance, and operational and risk auditing of their AWS accounts. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface (CLI), and AWS SDKs and APIs.
Which AWS service would simplify the migration of a database to AWS? A) AWS Storage Gateway B) AWS Database Migration Service (AWS DMS) C) Amazon EC2 D) Amazon AppStream 2.0
B) AWS Database Migration Service (AWS DMS) AWS DMS helps users migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. AWS DMS can migrate data to and from most widely used commercial and open-source databases.
Which component of the AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery? A) AWS Regions B) Edge locations C) Availability Zones D) Virtual Private Cloud (VPC)
B) Edge locations To deliver content to users with lower latency, Amazon CloudFront uses a global network of points of presence (edge locations and regional edge caches) worldwide
Which of the following is an AWS responsibility under the AWS shared responsibility model? A) Configuring third-party applications B) Maintaining physical hardware C) Securing application access and data D) Managing guest operating systems
B) Maintaining physical hardware Maintaining physical hardware is an AWS responsibility under the AWS shared responsibility model.
Which statement best describes an IAM policy? A. An authentication process that provides an extra layer of protection for your AWS account B. A document that grants or denies permissions to AWS services and resources C. An identity that you can assume to gain temporary access to permissions D. The identity that is established when you first create an AWS account
B. A document that grants or denies permissions to AWS services and resources IAM policies provide you with the flexibility to customize users' levels of access to resources. For instance, you can allow users to access all the Amazon S3 buckets in your AWS account or only a specific bucket.
Which statement best describes Amazon DynamoDB? A. A service that enables you to run relational databases in the AWS Cloud B. A serverless key-value database service C. A service that you can use to migrate relational databases, nonrelational databases, and other types of data stores D. An enterprise-class relational database
B. A serverless key-value database service Amazon DynamoDB is a key-value database service. It is serverless, which means that you do not have to provision, patch, or manage servers.
Which statement best describes an Availability Zone? A. A geographical area that contains AWS resources B. A single data center or group of data centers within a Region C. A data center that an AWS service uses to perform service-specific operations D. A service that you can use to run AWS infrastructure within your own on-premises data center in a hybrid approach
B. A single data center or group of data centers within a Region
Your company wants to receive support from an AWS Technical Account Manager (TAM). Which support plan should you choose? A. Developer B. Enterprise C. Basic D. Business
B. Enterprise A Technical Account Manager (TAM) is available only to AWS customers with an Enterprise Support plan. A TAM provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications.
Which component is used to connect a VPC to the internet? A. Security group B. Internet gateway C. Public subnet D. Edge location
B. Internet gateway
Which compute option reduces costs when you commit to a consistent amount of compute usage for a 1-year or 3-year term? A. Dedicated Hosts B. Savings Plans C. Spot Instances D. Reserved Instances
B. Savings Plans Amazon EC2 Savings Plans enable you to reduce your compute costs by committing to a consistent amount of compute usage for a 1-year or 3-year term. This results in savings of up to 72% over On-Demand Instance costs. Any usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an hour). Any usage beyond the commitment is charged at regular On-Demand Instance rates.
In the S3 Intelligent-Tiering storage class, Amazon S3 moves objects between a frequent access tier and an infrequent access tier. Which storage classes are used for these tiers? (Select TWO.) A. S3 Glacier Deep Archive B. S3 One Zone-IA C. S3 Standard D. S3 Glacier E. S3 Standard-IA
C AND E C. S3 Standard E. S3 Standard-IA In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects' access patterns. If you haven't accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If you access an object in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard.
How would a system administrator add an additional layer of login security to a user's AWS Management Console? A) Use Amazon Cloud Directory B) Audit AWS Identity and Access Management (IAM) roles C) Enable multi-factor authentication D) Enable AWS CloudTrail
C) Enable multi-factor authentication Multi-factor authentication (MFA) is a simple best practice that adds an extra layer of protection on top of a username and password. With MFA enabled, when a user signs in to an AWS Management Console, they will be prompted for their username and password (the first factor—what they know), as well as for an authentication code from their MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for AWS account settings and resources.
Which statement is TRUE for the AWS global infrastructure? A. A Region consists of a single Availability Zone. B. An Availability Zone consists of two or more Regions. C. A Region consists of two or more Availability Zones. D. An Availability Zone consists of a single Region.
C. A Region consists of two or more Availability Zones.
Which statement best describes an Availability Zone? A. A separate geographical location with multiple locations that are isolated from each other B. A site that Amazon CloudFront uses to cache copies of content for faster delivery to users at any location C. A fully isolated portion of the AWS global infrastructure D. The server from which Amazon CloudFront gets your files
C. A fully isolated portion of the AWS global infrastructure An Availability Zone is a single data center or a group of data centers within a Region. Availability Zones are located tens of miles apart from each other. This helps them to provide interconnectivity to support the services and applications that run within a Region.
Which statement best describes Amazon GuardDuty? A. A service that lets you monitor network requests that come into your web applications B. A service that helps protect your applications against distributed denial-of-service (DDoS) attacks C. A service that provides intelligent threat detection for your AWS infrastructure and resources D. A service that checks applications for security vulnerabilities and deviations from security best practices
C. A service that provides intelligent threat detection for your AWS infrastructure and resources AWS GuardDuty identifies threats by continually monitoring the network activity and account behavior within your AWS environment.
Which service enables you to review details for user activities and API calls that have occurred within your AWS environment? A. AWS Trusted Advisor B. Amazon CloudWatch C. AWS CloudTrail D. Amazon Inspector
C. AWS CloudTrail With CloudTrail, you can view a complete history of user activity and API calls for your applications and resources. Events are typically updated in CloudTrail within 15 minutes after an API call was made. You can filter events by specifying the time and date that an API call occurred, the user who requested the action, the type of resource that was involved in the API call, and more.
Which tool is used to automate actions for AWS services and applications through scripts? A. AWS Snowball B. Amazon QLDB C. AWS Command Line Interface D. Amazon Redshift
C. AWS Command Line Interface The AWS Command Line Interface (AWS CLI) enables you to control multiple AWS services directly from the command line within one tool. For example, you can use commands to start an Amazon EC2 instance, connect an Amazon EC2 instance to a specific Auto Scaling group, and more. The AWS CLI is available for users on Windows, macOS, and Linux.
Which pricing tool is used to visualize, understand, and manage your AWS costs and usage over time? A. AWS Pricing Calculator B. AWS Budgets C. AWS Cost Explorer D. AWS Free Tier
C. AWS Cost Explorer AWS Cost Explorer includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level.
Which service enables you to consolidate and manage multiple AWS accounts from a central location? A. AWS Artifact B. AWS Identity and Access Management (IAM) C. AWS Organizations D. AWS Key Management Service (AWS KMS)
C. AWS Organizations In AWS Organizations, you can centrally control permissions for the accounts in your organization by using service control policies (SCPs). Additionally, you can use the consolidated billing feature in AWS Organizations to combine usage and receive a single bill for multiple AWS accounts.
Which service is used to transfer up to 80 PB of data to AWS? A. Amazon CloudFront B. Amazon Neptune C. AWS Snowmobile D. AWS DeepRacer
C. AWS Snowmobile AWS Snowmobile is a service that is used for transferring up to 80 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi-trailer truck. It can transfer up to 80 PB of data.
Which service enables you to review the security of your Amazon S3 buckets by checking for open access permissions? A. Amazon CloudWatch B. AWS CloudTrail C. AWS Trusted Advisor D. Amazon GuardDuty
C. AWS Trusted Advisor
Which service enables you to build the workflows that are required for human review of machine learning predictions? A. Amazon Lex B. Amazon Aurora C. Amazon Augmented AI D. Amazon Textract
C. Amazon Augmented AI Amazon Augmented AI (Amazon A2I) provides built-in human review workflows for common machine learning use cases, such as content moderation and text extraction from documents. With Amazon A2I, you can also create your own workflows for machine learning models built on Amazon SageMaker or any other tools.
Why is AWS more economical than traditional data centers for applications with varying compute workloads? A) Amazon EC2 costs are billed on a monthly basis. B) Users retain full administrative access to their Amazon EC2 instances. C) Amazon EC2 instances can be launched on demand when needed. D) Users can permanently run enough instances to handle peak workloads.
C. Amazon EC2 instances can be launched on demand when needed. The ability to launch instances on demand when needed allows users to launch and terminate instances in response to a varying workload. This is a more economical practice than purchasing enough on-premises servers to handle the peak load.
Which AWS service is the best choice for publishing messages to subscribers? A. Amazon Simple Queue Service (Amazon SQS) B. Amazon EC2 Auto Scaling C. Amazon Simple Notification Service (Amazon SNS) D. Elastic Load Balancing
C. Amazon Simple Notification Service (Amazon SNS) Amazon SNS is a publish/subscribe service. Using Amazon SNS topics, a publisher publishes messages to subscribers.
You want to send and receive messages between distributed application components. Which service should you use? A. Amazon ElastiCache B. AWS Snowball C. Amazon Simple Queue Service (Amazon SQS) D. Amazon Route 53
C. Amazon Simple Queue Service (Amazon SQS) Amazon SQS is a message queuing service. Using Amazon SQS, you can send, store, and receive messages between software components at any volume size, without losing messages or requiring other services to be available. In Amazon SQS, an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.
Which Support plan includes all AWS Trusted Advisor checks at the lowest cost? A. Basic B. Developer C. Business D. Enterprise
C. Business
Which action can you perform with consolidated billing? A. Review how much cost your predicted AWS usage will incur by the end of the month. B. Create an estimate for the cost of your use cases on AWS. C. Combine usage across accounts to receive volume pricing discounts. D. Visualize and manage your AWS costs and usage over time.
C. Combine usage across accounts to receive volume pricing discounts.
Which statement best describes the principle of least privilege? A. Adding an IAM user into at least one IAM group B. Checking a packet's permissions against an access control list C. Granting only the permissions that are needed to perform specific tasks D. Performing a denial of service attack that originates from at least one device
C. Granting only the permissions that are needed to perform specific tasks When you grant permissions by following the principle of least privilege, you prevent users or roles from having more permissions than needed to perform specific job tasks. For example, cashiers in the coffee shop should be given access to the cash register system. As a best practice, grant IAM users and roles a minimum set of permissions and then grant additional permissions as needed.
An employee requires temporary access to create several Amazon S3 buckets. Which option would be the best choice for this task? A. AWS account root user B. IAM group C. IAM role D. Service control policy (SCP)
C. IAM role An IAM role is an identity that you can assume to gain temporary access to permissions. When someone assumes an IAM role, they abandon all permissions that they had under a previous role and assume the permissions of the new role. IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily instead of long-term.
You are running an Amazon EC2 instance and want to store data in an attached resource. Your data is temporary and will not be kept long term. Which resource should you use? A. Amazon S3 bucket B. Amazon Elastic Block Store (Amazon EBS) volume C. Instance store D. Subnet
C. Instance store Instance stores are ideal for temporary data that does not need to be kept long term. When an Amazon EC2 instance is stopped or terminated, all the data that has been written to the attached instance store is deleted.
Which statement best describes an AWS account's default network access control list? A. It is stateless and denies all inbound and outbound traffic. B. It is stateful and allows all inbound and outbound traffic. C. It is stateless and allows all inbound and outbound traffic. D. It is stateful and denies all inbound and outbound traffic.
C. It is stateless and allows all inbound and outbound traffic. Network access control lists (ACLs) perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound. Each AWS account includes a default network ACL. When configuring your VPC, you can use your account's default network ACL or create custom network ACLs. By default, your account's default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules. For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic should be allowed. Additionally, all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn't match any of the other rules on the list, the packet is denied.
You want to store data that is infrequently accessed but must be immediately available when needed. Which Amazon S3 storage class should you use? A. S3 Intelligent-Tiering B. S3 Glacier Deep Archive C. S3 Standard-IA D. S3 Glacier
C. S3 Standard-IA The S3 Standard-IA storage class is ideal for data that is infrequently accessed but requires high availability when needed. Both S3 Standard and S3 Standard-IA store data in a minimum of three Availability Zones. S3 Standard-IA provides the same level of availability as S3 Standard but at a lower storage price.
Which statement is TRUE for AWS Lambda? A. To use AWS Lambda, you must configure the servers that run your code. B. Before using AWS Lambda, you must prepay for your estimated compute time. C. You pay only for compute time while your code is running. D. The first step in using AWS Lambda is provisioning a server.
C. You pay only for compute time while your code is running. AWS Lambda is a service that lets you run code without needing to provision or manage servers. While using AWS Lambda, you pay only for the compute time that you consume. You are charged only when your code is running. With AWS Lambda, you can run code for virtually any type of application or backend service, all with zero administration.
Where can a user find information about prohibited actions on the AWS infrastructure? A) AWS Trusted Advisor B) AWS Identity and Access Management (IAM) C) AWS Billing Console D) AWS Acceptable Use Policy
D) AWS Acceptable Use Policy The AWS Acceptable Use Policy provides information regarding prohibited actions on the AWS infrastructure.
Which AWS offering enables users to find, buy, and immediately start using software solutions in their AWS environment? A) AWS Config B) AWS OpsWorks C) AWS SDK D) AWS Marketplace
D) AWS Marketplace AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that makes it easy to find, test, buy, and deploy software that runs on AWS.
Which AWS networking service enables a company to create a virtual network within AWS? A) AWS Config B) Amazon Route 53 C) AWS Direct Connect D) Amazon Virtual Private Cloud (Amazon VPC)
D) Amazon Virtual Private Cloud (Amazon VPC) Amazon VPC lets users provision a logically isolated section of the AWS Cloud where users can launch AWS resources in a virtual network that they define.
Which statement best describes Amazon CloudFront? A. A service that enables you to run infrastructure in a hybrid cloud approach B. A serverless compute engine for containers C. A service that enables you to send and receive messages between software components through a queue D. A global content delivery service
D. A global content delivery service Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.
Which statement best describes Elastic Load Balancing? A. A service that monitors your applications and automatically adds or removes capacity from your resource groups in response to changing demand B. A service that enables you to set up, manage, and scale a distributed in-memory or cache environment in the cloud C. A service that provides data that you can use to monitor your applications, optimize resource utilization, and respond to system-wide performance changes D. A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances
D. A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances A load balancer acts as a single point of contact for all incoming web traffic to your Auto Scaling group. This means that as Amazon EC2 instances are added or removed in response to the amount of incoming traffic, these requests are routed to the load balancer first and then spread across multiple resources that will handle them.
Which tool enables you to visualize, understand, and manage your AWS costs and usage over time? A. AWS Artifact B. AWS Budgets C. AWS Pricing Calculator D. AWS Cost Explorer
D. AWS Cost Explorer With AWS Cost Explorer, you can quickly create custom reports to analyze your AWS cost and usage data.
Which service helps protect your applications against distributed denial-of-service (DDoS) attacks? A. Amazon GuardDuty B. Amazon Inspector C. AWS Artifact D. AWS Shield
D. AWS Shield As network traffic comes into your applications, AWS Shield uses a variety of analysis techniques to detect potential DDoS attacks in real time and automatically mitigates them.
Which service is used to run containerized applications on AWS? A. Amazon Aurora B. Amazon SageMaker C. Amazon Redshift D. Amazon Elastic Kubernetes Service (Amazon EKS)
D. Amazon Elastic Kubernetes Service (Amazon EKS) Amazon EKS is a fully managed service that you can use to run Kubernetes on AWS. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale. Containers provide you with a standard way to package your application's code and dependencies into a single object. Containers are frequently used for processes and workflows in which there are essential requirements for security, reliability, and scalability.
Which service is used to manage the DNS records for domain names? A. Amazon Virtual Private Cloud B. AWS Direct Connect C. Amazon CloudFront D. Amazon Route 53
D. Amazon Route 53 Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that host in AWS. Another feature of Route 53 is the ability to manage the DNS records for domain names. You can transfer DNS records for existing domain names managed by other domain registrars. You can also register new domain names directly in Route 53.
You want to store data in an object storage service. Which AWS service is best for this type of storage? A. Amazon Managed Blockchain B. Amazon Elastic File System (Amazon EFS) C. Amazon Elastic Block Store (Amazon EBS) D. Amazon Simple Storage Service (Amazon S3)
D. Amazon Simple Storage Service (Amazon S3)
Which action can you perform in Amazon CloudFront? A. Provision resources by using programming languages or a text file. B. Provision an isolated section of the AWS Cloud to launch resources in a virtual network that you define. C. Run infrastructure in a hybrid cloud approach. D. Deliver content to customers through a global network of edge locations.
D. Deliver content to customers through a global network of edge locations. Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.
Which action can you perform with AWS Outposts? A. Automate actions for AWS services and applications through scripts. B. Access wizards and automated workflows to perform tasks in AWS services. C. Develop AWS applications in supported programming languages. D. Extend AWS infrastructure and services to your on-premises data center.
D. Extend AWS infrastructure and services to your on-premises data center.
What is cloud computing? A. Backing up files that are stored on desktop and mobile devices to prevent data loss B. Deploying applications connected to on-premises infrastructure C. Running code without needing to manage or provision servers D. On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing
D. On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing
Which Perspective of the AWS Cloud Adoption Framework focuses on recovering IT workloads to meet the requirements of your business stakeholders? A. Business Perspective B. Governance Perspective C. People Perspective D. Operations Perspective
D. Operations Perspective The Operations Perspective of the AWS Cloud Adoption Framework also includes principles for operating in the cloud by using agile best practices.
Which pillar of the AWS Well-Architected Framework focuses on using computing resources in ways that meet system requirements? A. Operational Excellence B. Reliability C. Security D. Performance Efficiency
D. Performance Efficiency The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.
Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers' personal information. How should the developer configure the VPC according to best practices? A. Place the Amazon EC2 instances and the Amazon RDS database instances in a private subnet. B. Place the Amazon EC2 instances and the Amazon RDS database instances in a public subnet. C. Place the Amazon EC2 instances in a private subnet and the Amazon RDS database instances in a public subnet. D. Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.
D. Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet. A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private. Public subnets contain resources that need to be accessible by the public, such as an online store's website. Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers' personal information and order histories.
Which statement best describes DNS resolution? A. Launching resources in a virtual network that you define B. Storing local copies of content at edge locations around the world C. Connecting a VPC to the internet D. Translating a domain name to an IP address
D. Translating a domain name to an IP address For example, if you want to visit AnyCompany's website, you enter the domain name into your PC and this request is sent to a DNS server. Next, the DNS server asks the web server for the IP address that corresponds to AnyCompany's website. The web server responds by providing the IP address for AnyCompany's website, 192.0.2.0.