AWS Cloud Practitioner Exam 1

A company has a DevOps team in its organizational structure. They are looking forward to moving to the AWS Cloud. They are wondering if there is an AWS service that can help them manage infrastructure as code. Which of the following would you suggest for them? A. AWS Inspector B. AWS Config C. AWS CloudFormation D. Amazon EMR

C. AWS CloudFormation AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. You don't need to individually create and configure AWS resources and figure out what's dependent on what; AWS CloudFormation handles all of that. Option A is not correct. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Option B is not correct. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Option D is not correct. Amazon EMR is used to run and scale Apache Spark, Hadoop, HBase, Presto, Hive, and other Big Data Frameworks.

AWS allows users to manage their resources using a web based user interface. What is the name of this interface? A. AWS CLI B. AWS SDK C. AWS Management Console D. AWS API

C. AWS Management Console The AWS Management Console allows you to access and manage Amazon Web Services through a simple and intuitive web-based user interface. You can also use the AWS Console mobile app to quickly view resources on the go. Option A is not correct. The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. Option B is not correct. The AWS SDK (Software Development Kit) allows you to interact with AWS services using your preferred programming language. Option D is not correct. AWS API refers to the AWS application programming interface.

What should you do in order to keep the data on EBS volumes safe? A. Store a backup daily in an external drive. B. Create EBS snapshots C. Attach the volumes to EC2 Instances D. Create copies of EBS Volumes

B. Create EBS snapshots Creating snapshots of EBS Volumes can help ensure that you have a backup of your EBS volumes just in case any issues arise. Option A is not correct. To make a backup of your EBS volumes you should use the Snapshot feature. Snapshots can provide a Copy-on-Write Consistency (reflect the exact image of the volume at the point-in-time of the snapshot). Also, EBS Snapshots are incremental backups, which means that only the blocks on the device that have changed after your last snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data. Option C is not correct. Attaching the volumes to EC2 Instances doesn't protect the data. You can protect the data using the snapshots you take regularly and using encryption. Option D is not correct. It is "Snapshots" NOT "Copies".

You have 2 accounts in AWS. One for Dev and the other for QA. All are part of consolidated billing. The master account has purchased 4 reserved instances. The Dev department is currently using 2 reserved instances. The QA team is planning on using 3 instances, which are of the same instance type. What is the pricing tier of the instances that can be used by the QA Team? A. No Reserved and 3 on-demand B. One Reserved and 2 on-demand C. Two Reserved and 1 on-demand D. Three Reserved and one on-demand

C. Two Reserved and 1 on-demand For billing purposes, the consolidated billing feature of AWS Organizations treats all the accounts in the organization as one account. This means that all accounts in the organization can receive the hourly cost benefit of Reserved Instances that are purchased by any other account. Since 2 reserved instances are already used by the Dev team , then there are another 2 instances that can be used by the QA team. The rest of the instances can be on-demand instances. Therefore the correct answer is 2 reserved and 1 on-demand.

You noticed that several critical Amazon Elastic Compute Cloud (Amazon EC2) instances have been terminated. Which of the following AWS services would help you determine who took this action? A. AWS Trusted Advisor B. Amazon EC2 Instance Usage report C. Amazon CloudWatch D. AWS CloudTrail

D. AWS CloudTrail AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. Option A is not correct. AWS Trusted Advisor is an online tool that provides real time guidance to help provision resources following AWS best practices. Option B is not correct. The report provides a preconfigured view, based on fixed filter settings, that displays information about your usage and cost trends. Option C is not correct. Amazon CloudWatch is used to monitor AWS resources. For example you can use it to monitor the performance of your EBS volumes.

What are the benefits of having infrastructure hosted in the AWS Cloud? (Choose two) A. All of the physical security and most of the data/network security are taken care of for you B. Having complete control over the physical infrastructure C. Increase speed and agility D. Competitive upfront costs E. There is no need to worry about security

A and C Option A : ** All of the physical security are taken care of for you. Amazon data centers are surrounded by three physical layers of security. "Nothing can go in or out without setting off an alarm". It's important to keep bad guys out, but equally important to keep the data in which is why Amazon monitors incoming gear, tracking every disk that enters the facility. And "if it breaks we don't return the disk for warranty. The only way a disk leaves our data center is when it's confetti." ** Most (not all) data and network security are taken care of for you. When we talk about the data/network security, AWS has a "shared responsibility model" where AWS and the customer share the responsibility of securing them. For example the customer is responsible for creating rules to secure his network traffic using the security groups and is also responsible for protecting data with encryption. Option C: In a cloud computing environment, new IT resources are only a click away, which means it requires less time to make those resources available to developers - from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower. Option B is not correct. The Physical infrastructure is a responsibility of AWS and not the customer. Hence it is not an advantage of moving to the AWS Cloud. Option D is not correct. In AWS, most of the services are available with no upfront costs as it follows the pay-as-you-go pricing. AWS allows you to pay upfront for some services to get more discounts, but you have the choice to pay upfront or pay as you go. By contrast, traditional IT providers require you to pay upfront for all of their services. Option E is not correct. As mentioned above, security is a shared responsibility between AWS and the customer. For example, the customer has to manage who can access and use AWS resources using the IAM service.

Which of the following S3 storage classes is ideal for data with unpredictable access patterns? A. Amazon S3 Intelligent-Tiering. B. Amazon S3 On-demand-Tiering. C. Amazon S3 Standard. D. Amazon S3 Standard-Infrequent Access

A. Amazon S3 intelligent-Tiering. The S3 Intelligent-Tiering storage class is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. It works by storing objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. For a small monthly monitoring and automation fee per object, Amazon S3 monitors access patterns of the objects in S3 Intelligent-Tiering, and moves the ones that have not been accessed for 30 consecutive days to the infrequent access tier. If an object in the infrequent access tier is accessed, it is automatically moved back to the frequent access tier. There are no retrieval fees when using the S3 Intelligent-Tiering storage class, and no additional tiering fees when objects are moved between access tiers. It is the ideal storage class for long-lived data with access patterns that are unknown or unpredictable. Option B is not correct. Amazon S3 On-demand is not a valid storage class option. Option C is not correct. S3 Standard offers high durability, availability, and performance object storage for frequently accessed data. Option D is not correct. Amazon S3 Standard-Infrequent Access (S3 Standard-IA) is for data that is accessed less frequently, but requires rapid access when needed. Option E is not correct. S3 Glacier is a low-cost storage class for data archiving.

One of the benefits of the AWS Cloud is that there are many services available to use of which you don't need to manage their underlying infrastructure. Which of the following are examples of these services? (Choose TWO) A. DynamoDB B. EC2 C. Amazon Elastic MapReduce. D. Amazon VPC.

A. DynamoDB AND C. Amazon Elastic MapReduce. The Amazon Elastic MapReduce and DynamoDB are managed services that you don't need to manage their underlying infrastructure. Other managed services include: Amazon S3, Amazon RDS, Amazon Redshift, Amazon WorkSpaces, Amazon CloudFront, Amazon CloudSearch and several other services. Option B is not correct. Amazon EC2 is a service that gives you complete control over your compute resources. You are responsible for managing almost everything in your server instances when using Amazon EC2. Option D is not correct. Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment. Amazon VPC is not a managed service, you are responsible for managing almost everything when using the Amazon VPC service.

A company is planning to introduce a new product to their customers. They are expecting high traffic to their web application. As part of the Enterprise support plan, which of the following could provide them with architectural and scaling guidance? A. Infrastructure Event Management B. AWS Management Support C. AWS Support API D. AWS Support Concierge Service

A. Infrastructure Event Management AWS Infrastructure Event Management is a short-term engagement with AWS Support, included in the Enterprise-level Support product offering, and available for additional purchase for Business-level Support subscribers. AWS Infrastructure Event Management partners with your technical and project resources to gain a deep understanding of your use case and provide architectural and scaling guidance for an event. Common use-case examples for AWS Event Management include advertising launches, new product launches, and infrastructure migrations to AWS. Option B is not correct. AWS Management Support is a bogus option. Option C is not correct. The AWS Support API provides access to some of the features of the AWS Support Center via an API. Option D is not correct. AWS Support Concierge Service can help you with your account and billing inquiries.

What are the benefits provided by the AWS Personal Health Dashboard? (Choose two) A. Personalized View of Service Health B. Detailed Troubleshooting Guidance C. Check your applications for vulnerabilities D. Cost Optimization E. Published information about the current status and availability of AWS services

A. Personalized View of service Health AND B. Detailed Troubleshooting Guidance AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. The benefits of the AWS personal health dashboard include: **A personalized View of Service Health: Personal Health Dashboard gives you a personalized view of the status of the AWS services that power your applications, enabling you to quickly see when AWS is experiencing issues that may impact you. For example, in the event of a lost EBS volume associated with one of your EC2 instances, you would gain quick visibility into the status of the specific service you are using, helping save precious time troubleshooting to determine root cause. **Proactive Notifications: The dashboard also provides forward looking notifications, and you can set up alerts across multiple channels, including email and mobile notifications, so you receive timely and relevant information to help plan for scheduled changes that may affect you. In the event of AWS hardware maintenance activities that may impact one of your EC2 instances, for example, you would receive an alert with information to help you plan for, and proactively address any issues associated with the upcoming change. **Detailed Troubleshooting Guidance: When you get an alert, it includes remediation details and specific guidance to enable you to take immediate action to address AWS events impacting your resources. For example, in the event of an AWS hardware failure impacting one of your EBS volumes, your alert would include a list of your affected resources, a recommendation to restore your volume, and links to the steps to help you restore it from a snapshot. This targeted and actionable information reduces the time needed to resolve issues. Option C is not correct. You can check your applications for vulnerabilities using other services such as Amazon Inspector. Option D is not correct. You can get help about cost optimization using other services such as the AWS Trusted Advisor. Option E is not correct. You can get information about the current status and availability of the AWS services any time using the AWS Service Health Dashboard that is available at this link: https://status.aws.amazon.com/

Which service provides DNS in the AWS cloud? A. Route 53 B. VPC C. Direct Connect D. VPN

A. Route 53 Amazon Route 53 provides highly available and scalable Domain Name System (DNS) services, domain name registration, and health-checking web services. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like example.com into the numeric IP addresses, such as 192.0.2.1, that computers use to connect to each other. Option B is not correct. Amazon VPC allows you to create a virtual network in the cloud. Option C is not correct. AWS Direct Connect is a cloud service solution that is used to establish a dedicated network connection from your premises to AWS. Option D is not correct. AWS Virtual Private Network (AWS VPN) is used to establish a secure and private tunnel from your network or device to the AWS global network.

In AWS, which security aspects are the customer's responsibilities? (Choose two) A. Set password complexity rules B. Controlling physical access to compute resources C. Network traffic protection D. Disk disposal E. Patching the Network infrastructure

A. Set password complexity rules AND C. Network traffic protection The customer is responsible for creating a password policy on their AWS account to specify complexity requirements and mandatory rotation periods for their IAM users' passwords. For example, setting a minimum password length, require specific character types, etc. The customer is also responsible for protecting the network traffic by configuring Security Groups, Network Access control Lists (NACLs) and Routing Tables. Option B is not correct. AWS is responsible for controlling physical access to the data centers. Option D is not correct. Disk disposal ( Storage Device Decommissioning): When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices. Option E is not correct. Patching the underlying infrastructure is the responsibility of AWS. The customer is responsible for patching the Operating System of their EC2 instances and any software installed on these instances.

Upgrading a server with a larger hard drive is an example of __________ , while adding more hard drives to a storage array is an example of __________ . A. Vertical Scaling, Horizontal Scaling. B. Vertical Scaling, Vertical Scaling. C. Horizontal Scaling, Vertical Scaling. D. Horizontal Scaling, Horizontal Scaling.

A. Vertical Scaling, Horizontal Scaling. ** Scaling Vertically: Scaling vertically takes place through an increase in the specifications of an individual resource (e.g., upgrading a server with a larger hard drive, adding more memory, or provisioning a faster CPU). On Amazon EC2,this can easily be achieved by stopping an instance and resizing it to an instance type that has more RAM, CPU, IO,or networking capabilities. This way of scaling can eventually hit a limit and it is not always a cost efficient or highly available approach. However, it is very easy to implement and can be sufficient for many use cases especially in the short term. ** Scaling Horizontally: Scaling horizontally takes place through an increase in the number of resources (e.g., adding more hard drives to a storage array or adding more servers to support an application). This is a great way to build Internet-scale applications that leverage the elasticity of cloud computing.

Which of the following services allows you to manage your agreements with AWS? A. AWS Organization. B. AWS Artifact. C. AWS Systems Manager. D. AWS Certificate Manager.

B. AWS Artifact AWS Artifact is a self-service audit artifact retrieval portal that provides our customers with on-demand access to AWS' compliance documentation and AWS agreements. You can use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports. You can use AWS Artifact Agreements to review, accept, and track the status of AWS agreements such as the Business Associate Addendum (BAA). Option A is not correct. AWS Organization provides central governance and management across AWS accounts. Option C is not correct. AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. Option D is not correct. AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources

You are planning to host your education website on AWS. Most of your video courses will be streamed all around the world. Which of the following AWS services would help you achieve high transfer speeds? A. AWS Cloud Formation B. AWS CloudFront C. AWS Delivery D. AWS Cloud Distributer

B. AWS CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. Option A is not correct. AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion. Option C&D are not correct. AWS Delivery and AWS Cloud Distributer are bogus options.

An organization has set up consolidated billing with 3 different AWS accounts. Which of the following advantages will the organization receive in terms of the AWS pricing? A. The free usage tier for all the 3 accounts will be 3 years and not a single year B. All AWS accounted will be charged for S3 storage by combining the total storage of each account C. The Ec2 instances of each account will receive a total of 750*3 micro instance hours free D. The consolidated billing does not bring any cost advantage for the organization

B. All AWS accounts will be charged for S3 storage by combining the total storage of each account AWS consolidated billing enables an organization to consolidate payments for multiple Amazon Web Services (AWS) accounts within a single organization by making a single paying account. For billing purposes, AWS treats all the accounts on the consolidated bill as one account. Some services, such as Amazon EC2 and Amazon S3 have volume pricing tiers across certain usage dimensions that give the user lower prices when they use the service more. For example if you use 50 TB in each account you would normally be charged $23 *50*3 (because they are 3 different accounts), But with consolidated billing you would be charged $23*50+$22*50*2 (because they are treated as one account) which means that you would save $100.

A company is deploying a new two-tier web application in AWS. Where should the most frequently accessed data be stored so that the application's response time is optimal? A. MySQL Installed on two Amazon EC2 Instances in a single Availability Zone B. Amazon ElastiCache C. Amazon RDS for MySQL with Multi-AZ D. Amazon Cache Accelerator.

B. Amazon ElastiCache Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases. Option A is not correct. The number and type of EC2 instances you should deploy depends on the demand of your application. Option C is not correct. Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. However, it is not used to cache data. Option D is not correct. Amazon Cache Accelerator is a bogus option.

Which of the following services provides object-level storage in AWS? A. Amazon EBS B. Amazon S3 C. Amazon Storage Gateway D. Amazon SQS

B. Amazon S3 Amazon S3 is an object level storage built to store and retrieve any amount of data from anywhere - web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry. Option A is not correct. Amazon EBS is a block level storage technology. Option C is not correct. AWS Storage Gateway is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. The gateway connects to AWS storage services - such as Amazon S3 (which is object level) and Amazon EBS (which is block level) - and provides storage for files, volumes, snapshots, and virtual tapes in AWS. Option D is not correct. Amazon SQS is not a storage service. It is a message queue service that enables you to decouple microservices, distributed systems, and serverless applications.

Which service is used to ensure that messages between software components are not lost if one or more components fail? A. Amazon SES B. Amazon SQS C. Amazon Connect D. AWS Direct Connect

B. Amazon SQS Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available. SQS lets you decouple application components so that they run independently, increasing the overall fault tolerance of the system. Multiple copies of every message are stored redundantly across multiple availability zones so that they are available whenever needed. Option A is not correct. Amazon SES (Amazon Simple Email Service) is a flexible, affordable, and highly-scalable email messaging platform for businesses and developers. Option C is not correct. Amazon Connect is a cloud-based contact center service that makes it easy for businesses to deliver customer service at low cost. Option D is not correct. AWS Direct Connect is a cloud service solution that is used to establish a dedicated network connection between your premises and AWS.

A company has developed an eCommerce web application and the application needs an uptime of at least 99.5%. Which of the following deployment strategies should they use? A. Deploying the application across multiple VPC's B. Deploying the application across multiple Regions C. Deploying the application across Edge locations D. Deploying the application across multiple subnets

B. Deploying the application across multiple Regions The AWS Global infrastructure is built around Regions and Availability Zones (AZs). Each AWS Region is a separate geographic area. Each AWS Region has multiple, isolated locations known as Availability Zones. Availability Zones in a region are connected with low latency, high throughput, and highly redundant networking. These Availability Zones offer AWS customers an easier and more effective way to design and operate applications and databases, making them more highly available, fault tolerant, and scalable than traditional single datacenter infrastructures or multi-datacenter infrastructures. In addition to replicating applications and data across multiple data centers in the same Region using Availability Zones, you can also choose to increase redundancy and fault tolerance further by replicating data between geographic Regions (especially if you are serving customers from all over the world). You can do so using both private, high speed networking and public internet connections to provide an additional layer of business continuity, or to provide low latency access across the globe. Option A is not correct. VPC refers to the virtual private cloud which is a virtual network that you define. Deploying the application across multiple VPC's in the same region will not help your global customers. This option can only be true if the VPCs are created in multiple regions worldwide. Option C is not correct. Edge locations are not used to host applications. Edge locations are used by CloudFront to cache and distribute content to your global customers with low latency. Option D is not correct. A subnet is a range of IP addresses in your VPC.

Which of the following is not a part of the Cloud Computing models? A. Infrastructure as a Service (IaaS) B. Hardware as a Service (HaaS) C. Platform as a Service (PaaS) D. Software as a Service (SaaS

B. Hardware as a Service (Haas) There are three Cloud Computing Models: 1) Infrastructure as a Service (IaaS) - Infrastructure as a Service (IaaS) contains the basic building blocks for cloud IT and typically provide access to networking features, computers (virtual or on dedicated hardware), and data storage space. IaaS provides you with the highest level of flexibility and management control over your IT resources and is most similar to existing IT resources that many IT departments and developers are familiar with today. 2) Platform as a Service (PaaS) - Platform as a Service (PaaS) removes the need for your organization to manage the underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications. This helps you be more efficient as you don't need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application. 3) Software as a Service (SaaS) - Software as a Service (SaaS) provides you with a completed product that is run and managed by the service provider. In most cases, people referring to Software as a Service are referring to end-user applications. With a SaaS offering you do not have to think about how the service is maintained or how the underlying infrastructure is managed; you only need to think about how you will use that particular piece of software. A common example of a SaaS application is web-based email which you can use to send and receive email without having to manage feature additions to the email product or maintain the servers and operating systems that the email program is running on.

Select TWO examples of the AWS shared controls. A. Datacenter operations. B. Patch Management. C. Configuration Management. D. VPC Management. E. IAM Management

B. Patch Management. C. Configuration Management. Shared Controls are controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: ** Patch Management - AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. ** Configuration Management - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. ** Awareness & Training - AWS trains AWS employees, but a customer must train their own employees. Option A is not correct. Data Center operations are an AWS responsibility. Options D&E are not correct. VPC and IAM management are customer responsibilities.

A company has decided to migrate to the AWS Cloud. AWS offers a wide range of services and instance types. They want to reduce costs as much as possible. Which of the following is the main factor to consider when choosing the instance type of services like Amazon RDS and Amazon Redshift? A. Your team experience with these services. B. Workload utilization of CPU & RAM. C. The type of your current on-premise database. D. Sources of traffic.

B. Workload utilization of CPU & RAM. AWS offers a broad range of resource types and configurations to suit a plethora of use cases. For example, services like Amazon EC2, Amazon RDS, Amazon Redshift, and Amazon Elasticsearch Service(Amazon ES) give you a lot of choice of instance types. In some cases, you should select the cheapest type that suits your workload's requirements. In other cases, using fewer instances of a larger instance type might result in lower total cost or better performance. You should benchmark and select the right instance type depending on how your workload utilizes CPU, RAM, network, storage size, and I/O. Option A is not correct. The services mentioned and most of the AWS services are easy to set up, deploy, and manage. These services automate most of the common administrative tasks to manage, monitor, and scale your AWS resources. Option C is not correct. You can migrate your current on-premise database data to and from most widely used commercial and open-source databases using the AWS database migration service. Option D is not correct. In Web analytics, traffic sources is a report that provides an overview of the different kinds of sources that send traffic to your Web site, for example direct traffic (clicks from bookmarks or visitors who know your URL) , Web search engines, referring URLs(other Web sites directing traffic to you), ... etc. Sources of traffic are an important factor when analyzing your marketing procedures NOT when choosing an instance type.

When using on-demand instances in AWS, which of the following is a false statement about its cost? A. There are no upfront costs for the instance B. You have to pay the termination fees if you terminate the instance C. You are charged per second based on an hourly rate D. You pay only for what you use.

B. You have to pay the termination fees if you terminate the instance You don't have to pay any fees when terminating your EC2 Instances.

You want to monitor the CPU utilization of an EC2 resource in AWS. Which of the below services can help in this regard? A. AWS Config B. AWS Inspector C. AWS Cloudwatch D. AWS Trusted Advisor

C. AWS Cloudwatch Amazon CloudWatch is a service that monitors AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate. Option A is not correct. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Option B is not correct. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Option D is not correct. AWS Trusted Advisor is an online tool that provides real time guidance to help you provision your resources following AWS best practices.

Which of the following should an IAM user provide to interact with AWS services using the AWS CLI? A. User name and password B. Secret token C. Access keys D. User ID

C. Access keys Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests to AWS using the CLI or the SDK.

Which of the following can be used to control access to your Amazon EC2 instances? A. DB security groups B. IAM policies C. EC2 security groups D. None of these

C. EC2 security groups Security groups are used to define and control the way you want your instances to be accessed, and whether or not certain kind of communications is allowed. AWS security groups provide security at the protocol and port access level. You can add rules to each security group that allow traffic to or from its associated instances. Option A is not correct. DB security groups are used to control access to the databases. Option B is not correct.IAM policies are used to grant users permissions to perform specific actions on EC2. A user can only access the instance and perform these actions if his IP address is allowed in the security group that is attached to the instance. In brief, security groups are used to control who can access the instance. IAM policies are used to control what actions can a specific user perform after accessing the instance.

A company decides to migrate its Oracle database to AWS. Which AWS service can help achieve this without negatively impacting the functionality of the source database? A. RDS Multi-AZ B. AWS Server Migration Service C. AWS Application Discovery Service D. AWS Database Migration Service

D. AWS Database Migration Service AWS Database Migration Service (DMS) helps you migrate databases to AWS easily and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases. The service supports homogeneous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle to Amazon Aurora or Microsoft SQL Server to MySQL. It also allows you to stream data to Amazon Redshift from any of the supported sources including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, SAP ASE, and SQL Server, enabling consolidation and easy analysis of data in the petabyte-scale data warehouse. AWS Database Migration Service can also be used for continuous data replication with high availability. Option A is not correct. RDS Multi-AZ is a feature of Amazon RDS that is used to increase the availability of the database. Option B is not correct. AWS Server Migration Service (SMS) is used to migrate your on-premises workloads to AWS. Option C is not correct. AWS Application Discovery Service helps enterprise customers plan migration projects by gathering information about their on-premises data centers.

A company is planning to develop an application consisting of hundreds of microservices. They decide to host the application on the AWS Cloud. Since there are a large number of services produced by the application, it needs a powerful tool for analysis and debugging. Which of the following services can best meet this requirement? A. AWS OpsWorks B. AWS CloudWatch C. Amazon Aurora D. AWS X-Ray

D. AWS X-Ray AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application's underlying components. You can use X-Ray to analyze both applications in development and in production, from simple three-tier applications to complex microservices applications consisting of thousands of services. Option A is not correct. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Option B is not correct. The main purpose of the AWS CloudWatch is to monitor the utilization of your AWS resources. Option C is not correct. Amazon Aurora is a database service.

According to the AWS Acceptable Use Policy, penetration testing of EC2 instances: A. Will be performed by AWS upon customer request. B. May be performed by the customer on their own instances with prior authorization from AWS. C. Are expressly prohibited under all circumstances. D. May be performed by the customer on their own instances without prior authorization from AWS.

D. May be performed by the customer on their own instances without prior authorization from AWS. AWS customers are welcome to carry out security assessments and penetration tests against their AWS infrastructure without prior approval for 8 services: 1- Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers. 2- Amazon RDS. 3- Amazon CloudFront. 4- Amazon Aurora. 5- Amazon API Gateways. 6- AWS Lambda and Lambda Edge functions. 7- Amazon Lightsail resources. 8- Amazon Elastic Beanstalk environments.

You want to run a questionnaire application for only one day (without interruption), which AWS EC2 purchase option would you choose? A. Reserved instances B. Spot instances C. Dedicated instances D. On-demand instances

D. On-demand instances With On-Demand instances, you pay for compute capacity by the hour with no long-term commitments. You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified hourly rate for the instances you use. The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. On-Demand instances also remove the need to buy "safety net" capacity to handle periodic traffic spikes. Option A is not correct. Reserved instances are not appropriate in this case because you have to purchase capacity for at least one year. Option B is not correct. Spot is not a good choice as the application must run without interruption. Option C is not correct. Dedicated instances can be used if you require your instance be physically isolated at the host hardware level from instances that belong to other AWS accounts.

What best describes the "Principle of Least Privilege"? A. All users should have the same baseline permissions granted to them to use basic AWS services. B. Users should always have a little more permissions granted to them, just in case they end up needed them in the future. C. Users should submit all access request in written so that there is a paper trail of who needs access to different AWS resources. D. Users should be granted permissions to access only resources they need to do their assigned job.

D. Users should be granted permissions to access only the resources they to do their assigned job. The principle of least privilege is one of the most important security practices and it means granting users the required permissions to perform the tasks entrusted to them and nothing more. The security administrator determines what tasks users need to perform and then attach the policies that allow them to perform only those tasks. You should start with a minimum set of permissions and grant additional permissions when necessary. Doing so is more secure than starting with permissions that are too lenient and then trying to tighten them later. For example, a user with one primary job of creating backups does not need to install software, therefore you should grant that user only the required permissions to take backups and run backup-related applications.