Cloud Foundations
Which of the following requires a user name and password in order to access AWS services? AWS Application Programming Interface (API) AWS Software Development Kit (SDK) AWS Management Console AWS Command Line Interface (CLI)
AWS Management Console
Which of the following options of AWS RDS allows for AWS to fail over to a secondary database in case the primary one fails?
AWS Multi-AZ
Which component of AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery? AWS regions AWS availability zones AWS edge locations AWS VPC
AWS edge locations
Which service can help distribute Netflix's streaming video content to users around the globe? AWS Cloud Formation Amazon CloudFront AWS Elastic Beanstalk Amazon S3
Amazon CloudFront
Which service from the list below uses AWS Edge Locations? Amazon Elastic Compute Cloud (Amazon EC2) Amazon Virtual Private Cloud (Amazon VPC) Amazon CloudFront Amazon CloudWatch
Amazon CloudFront
_____________________________ is used as a global content delivery network (CDN) service in AWS. Amazon S3 AWS CloudTrail Amazon SES Amazon CloudFront
Amazon CloudFront
A company is deploying a three-tier, highly available web application. Which service provides durable storage for static content while utilizing lower CPU resources? Amazon RDS Amazon EBS Amazon S3 Amazon EC2
Amazon S3
A company is deploying a two-tier, highly available web application to AWS. Which service provides durable storage for static content whiel utilizing lower overall CPU resources for the web tier? Amazon Glacier Amazon S3 Amazon EBS Amazon EFS
Amazon S3
Which of the following storage options provides options for lifecycle policies that can be used to move objects to archive storage? Amazon Storage Gateway Amazon Elastic Block Storage (EBS) Amazon S3 Amazon Glacier
Amazon S3
You are deploying a multi-tier, highly available web application to AWS. The application needs a storage layer to store photos and videos. Which of the following services can be used as the underlying storage mechanism? Amazon EC2 instance store Amazon S3 Amazon EBS volume Amazon RDS instance
Amazon S3
You have to store objects that can be downloadable with a URL. Which storage option would you choose? Amazon Storage Gateway Amazon Glacier Amazon S3 Amazon EBS
Amazon S3
IAM "best practice" is to follow the principle of least privilege which is why IAM policies are created and applied on a region by region basis. True or False
False
IAM groups can be nested. True or False
False
IAM policies can be attached to groups and roles but not to individual users. True or False
False
IP address ranges can be changed after the VPC has been created. True of False
False
In block-level storage, the entire file is updated when a change is made to the file contents. True or False
False
On-premises High Availability is usually less expensive than a cloud High Availability solution since most on-premises costs are fixed and a one-time expense.
False
The AWS Simple Monthly Calculator can be used to estimate cost savings.
False
Typically, a TCO analysis looks at the "as is" on-premises infrastructure and compares this with the cost of the "to be" infrastructure state in the cloud and provides a comprehensive view of the total financial impact of moving to the cloud.
False
Which of the following security features is associated with a subnet in a VPC to protect against incoming traffic requests? Security groups AWS Inspector Subnet groups NACL
NACL
Which of the following is a factor when calculating the TCO?
Number of servers migrated to AWS
Organizations allow you to group multiple accounts into a consolidated bill and thereby achieve greater discounts due to higher aggregate usage.
True
Recoverability refers to the process, policies, and procedures related to restoring service after a catastrophic event.
True
Reliability is the measure of how long a resource performs its intended function and is measured in percentage of up-time.
True
Security groups are used to allow traffic either inbound or outbound and those rules can be configured for individual protocols, port numbers, and IP addresses or IP address ranges. True or False
True
The AWS pricing policy is that "you only pay for what you use" with no long-term contracts required.
True
To improve control over your AWS environment, you can use AWS Organizations to create groups of accounts, and then attach policies to a group to ensure the correct policies are applied across the accounts without requiring custom scripts and manual processes.
True
Which of the following scenarios would be most appropriate Amazon Elastic Compute Cloud (EC2) Spot instances? Workloads that are critical and need Amazon EC2 instances with termination protection. Workloads that are only run in the morning and stopped at night. Workloads where the availability of the Amazon EC2 instances can be flexible. Workloads that need to run for long periods of time without interruption.
Workloads where the availability of the Amazon EC2 instances can be flexible.
The principle of __________________ should be applied when granting user permissions through the AWS Identity and Access Management (IAM) tool. lower privilege least privilege greatest privilege most privilege
least privilege
AWS Core Services include which of the following (select all that apply)? networking analytics storage database
networking storage database
Which of the following are the responsibility of AWS (choose all that apply)?
physical security of data centers intrusion detection instance isolation
The main benefit of decoupling an application is to:
reduce inter-dependencies
An Availability Zone is a geographic location within the AWS global infrastructure. True or False
False
Which of the following is a fully managed, petabyte scale data warehouse service in the AWS cloud? Amazon Aurora Amazon DyamoDB Amazon Redshift Amazon ElastiCache
Amazon Redshift
EC2 instance patching and database application patching are the responsibility of AWS True or False
False
What is the concept of an AWS Region?
A geographical area divided into AZs
EC2 instances use NTFS permissions to control traffic to and from instances. True or False
False
Each Availability Zone is made up of two or more data centers. True or False
False
You have two accounts in your AWS account, one for the DEV team and the other for the QA team. All are part of consolidated billing. The master account has purchased three reserved instances. The DEV team currently uses two reserved instances. The QA team is planning to use three instances of the same instance type. What is the pricing tier of the instances that can be used by the QA team?
1 reserved and 2 on demand
Which of the following is normally present in all of the AWS support plans?
24/7 access to Customer Service
When working on the costing for on-demand EC2 instances, which of the following are attributes that determine the cost of the instance? Choose all that apply.
AMI type Instance type Region
AWS Organizations allow you to (choose all that apply):
AUTOMATE AWS ACCOUNT CREATION AND MANAGEMENT CENTRALLY MANAGE POLICIES ACROSS MULTIPLE AWS ACCOUNTS CONFIGURE AWS SERVICES ACROSS MULTIPLE ACCOUNTS CONSOLIDATE BILLING ACROSS MULTIPLE AWS ACCOUNTS GOVERN ACCESS TO AWS SERVICES, RESOURCES, AND REGIONS
According to the shared security model, who is responsible for security of the cloud?
AWS
Who is responsible for data security in an AWS account? AWS Security Team AWS Support Team AWS Technical Account Manager AWS Account Owner
AWS Account Owner
There is an external audit being carried out on your company. The auditor needs to have a log of all access to the AWS resources in the company's account. Which service can help provide this information? AWS CloudTrail AWS CloudWatch AWS SNS AWS SQS
AWS CloudTrail
Which of the following services helps in governance, compliance, and risk auditing? AWS Cloudtrail AWS Cloudwatch AWS SNS AWS Config
AWS Cloudtrail
Which of the following CANNOT be used to get data onto Amazon Glacier? AWS Console AWS S3 lifecycle policies AWS Glacier API AWS Glacier SDK
AWS Console
You cannot use which of the following to transfer data onto Amazon Glacier? AWS Glacier SDK AWS S3 lifecycle policies AWS Console AWS Glacier API
AWS Console
Which tool helps you forecast your AWS spending? Choose the best answer.
AWS Cost Explorer
Which of the following services can a customer use to obtain detail about Amazon Elastic Compute Cloud (EC2) billing activity that took place 3 months ago?
AWS Cost and Usage reports
Which of the following services is equivalent to hosting virtual servers in an on-premises location? AWS regions AWS EC2 AWS Glacier AWS Lambda
AWS EC2
Which AWS Cloud service helps with quick deployment of resources and can make use of different programming languages? AWS VPC AWS Elastic Compute Cloud (Amazon EC2) AWS Elastic Beanstalk AWS SQS
AWS Elastic Beanstalk
Which service helps with quick deployment of resources that can make use of different programming languages such as Java and .NET? AWS EC2 AWS Elastic Beanstalk AWS VPC AWS SQS
AWS Elastic Beanstalk
Which of the following can be used to import data into Amazon Glacier? Choose all that apply. AWS Glacier SDK AWS S3 Lifecycle Policies AWS Console AWS Glacier API
AWS Glacier SDK AWS S3 Lifecycle Policies AWS Glacier API
Which AWS service is used to turn on MFA? Amazon EC2 AWS IAM AWS Config Amazon Inspector
AWS IAM
________________________ is a service where administrators create and modify AWS user permissions. AWS Identity and Access Management (1AM) AWS Key Management Service CAWS KMS) AWS Trusted Advisor AWS Cloud Trail
AWS Identity and Access Management (1AM)
Which of the following is a serverless compute service offered by AWS? AWS S3 AWS SQS AWS EC2 AWS Lambda
AWS Lambda
Which AWS feature provides you with a web-based user interface to manage services? AWS Management Console AWS Application Programming Interface (API) AWS Software Development Kit (SDK) AWS CloudTrail
AWS Management Console
Which of the following AWS services will allow you to build a data warehouse in the cloud? Amazon Glacier AWS Snowball AWS Aurora AWS Redshift
AWS Redshift
Which of the following can be used to protect against DDoS attacks? Choose all that apply. AWS EC2 AWS ELB AWS Shield AWS Shield Advanced
AWS Shield AWS Shield Advanced
Your company has to move its 10TB data warehouse to AWS. Which of the following is an ideal service to move this amount of data? AWS Direct Connect AWS Snowmobile AWS S3 Connector AWS Snowball
AWS Snowball
Which of the following is used to estimate the costs for moving resources from on-premises to the AWS Cloud?
AWS TCO Calculator
You need to compare the cost of running resources in an on-premises environment or in a co-location environment with AWS. Which of the following options can be used to estimate savings?
AWS TCO Calculator
Which AWS service provides security optimization recommendations for infrastructure? AWS Config Amazon CloudWatch AWS Trusted Advisor AWS Trusted Partner
AWS Trusted Advisor
Which of the following can assist you with cost optimization?
AWS Trusted Advisor
Which of the following network components can be used to host EC2 instances? AWS Trusted Advisor AWS edge locations AWS VPC AWS AMIs
AWS VPC
Which of the following allows you to carve out a portion of the AWS cloud?
AWS VPCs
Which AWS services can be used to store files? Choose all that apply. Amazon EBS AWS Config CloudWatch Amazon Athena Amazon S3
Amazon EBS Amazon S3
Which services allow the customer to retain full administrative control of the virtual infrastructure? Amazon Lambda Amazon DynamoDB Amazon S3 Amazon EC2
Amazon EC2
_____________________ can be used as a component of the AWS CloudFront service to distribute content to users across the globe. Amazon Regions Amazon VPC Amazon Edge locations Amazon Availability Zones
Amazon Edge locations
A company is deploying a new two-tier web application. The company wants to store their most frequently used data so that the response time for the application is improved. Which AWS service provides the BEST solution? Amazon RDS for MySQL with multiple AZ MySQL installed on two EC2 instances in a single AZ Amazon DynamoDB Amazon ElastiCache
Amazon ElastiCache
A company wants to store files that are not frequently accessed. What is the most cost-effective method?
Amazon Glacier
You currently use virtual machine templates to spin up virtual machines on your company's on-premises network. Which of the following can be used in a similar way to spin up EC2 instances in AWS? Amazon VMWare Amazon Machine Images (AMIs) EBS volumes EBS snapshots
Amazon Machine Images (AMIs)
Which AWS services can be used to store files? (choose 2) Amazon Simple Storage Service (Amazon S3) AWS Storage Gateway AWS Config Amazon Elastic Block Store (Amazon EBS)
Amazon Simple Storage Service (Amazon S3) Amazon Elastic Block Store (Amazon EBS)
What is the key difference between an Availability Zone and an Edge Location?
An AZ is an isolated location within a region, whereas an edge location will deliver cached content to the closest location to reduce latency
How can you protect your AWS account against unauthorized access? Request root level access Set up a secondary password Apply MFA Disable the AWS Console
Apply MFA
Each customer's Virtual Private Cloud (VPC) is physically isolated from every other customer's VPC. True or False
False
A company needs to know which user was responsible for terminating several critical EC2 instances. Where can the customer find this information? Trusted Advisor CloudTrail logs EC2 Instance Usage Report CloudWatch
CloudTrail logs
You need to collect important metrics from AWS RDS and EC2 instances. Which of the following can help you meet this requirement? CloudWatch CloudFront AWS Config CloudTrail
CloudWatch
Which of the following are ways that allow you to link accounts? Choose all that apply.
Consolidated Billing AWS Organizations
In AWS billing, what option can be used to ensure that costs can be reduced if you have multiple accounts?
Consolidated billing
Which of the following concepts is used when you want to manage the bills for multiple accounts under one master account?
Consolidated billing
Where can a customer go to find out more information about EC2 billing activity that happened 3 months ago?
Cost and Usage Reports
Which service can help manage the cost for all AWS resources? Choose the BEST answer.
Cost explorer
If you wanted to backup an EBS volume, what would you do? Choose the BEST answer.
Create an EBS snapshot
Which of the following is the responsibility of the customer when ensuring that data on EBS volumes is kept safe? Attaching volumes to EC2 instances Creating copies of EBS volumes Creating EBS snapshots Deleting the data when the physical device is destroyed
Creating EBS snapshots
When creating security groups, which of the following are the responsibility of the customer? Choose all that apply. Ensure the rules are applied immediately Defining the rules as per the customer requirements Giving a name and description for the security group Ensure the security groups are linked to the Elastic Network Interface
Defining the rules as per the customer requirements Giving a name and description for the security group
You have a mission critical application which must be globally available 24/7/365. Which deployment method is the BEST solution?
Deploy to multiple regions
Which of the following examples supports AWS's Architecting for the Cloud best practice principle: "Design for failure and nothing will fail?"
Deploying an application in multiple AZs
Choose the AWS services that provide storage (select all that apply): EBS S3 IAM EFS AMI RDS Glacier EC2
EBS S3 EFS Glacier
Which of the following can be attached to an EC2 instance to store data? EBS volumes Amazon Redshift Amazon S3 EBS snapshots
EBS volumes
Which of the following can be used to distribute content to users across the globe? Edge Locations Availability Zones Regions VPCs
Edge Locations
What service allows developers to easily deploy and manage applications in the cloud? Container service Elastic Beanstalk CloudFormation OpsWork
Elastic Beanstalk
"Elastic" refers to the fact that if properly configured, you can increase or decrease the amount of RAM required by an application automatically, according to the current demands on that application. True or False
False
AWS Free Tier accounts are good for one year, only for new accounts, and allow access to all AWS services.
False
AWS enables and controls data replication across multiple Regions. True or False
False
AWS maintains cold data centers in each Region to anticipate major failures. True or False
False
AWS provides High Availability through the use of isolated, redundant data centers, multiple Regions within each Availability Zone, and the use of fault-tolerant services. True or False
False
Allowing the customer to adapt to changing business needs and focus on infrastructure are key benefits of the AWS pricing model.
False
Amazon EFS uses mount points to connect EFS with EC2 instances and works in a single Availability Zone within a Region. True or False
False
An AMI (Amazon Machine Image) includes a template for the root volume of the instance, launch permissions that control which AWS accounts can use the AMI to launch instances, and a block device mapping that specifies the volumes to attach to the instance when it's launched. All AMIs are based on Microsoft Windows X86 operating systems. True or False
False
According to AWS, what is the benefit of elasticity?
Having the ability to scale up and scale down to meet user demand
Which of the following identities allow an application deployed on an EC2 instance to write data to S3 in a secure manner? IAM Permissions IAM Roles IAM Users IAM Groups
IAM Roles
Which of the following is the secure method when using AWS API to call AWS services from EC2 instances? IAM Policies IAM Roles IAM Users IAM Groups
IAM Roles
Which component allows a VPC to communicate out across the Internet? Network Access Control List Endpoint Route Table IGW
IGW
In a VPC, the customer has complete control over (choose all that apply): IP address ranges subnet creation route table creation security settings
IP address ranges subnet creation route table creation security settings
According to the AWS Shared Security Model, the customer is responsible for which of the following? Monitoring physical device security Securing edge locations Implementing service organization control (SOC) standards Managing AWS Identity and Access Management(IAM)
Managing AWS Identity and Access Management(IAM)
Which of the following is the responsibility of the customer according to the Shared Security Model?
Managing IAM
Which of the following is a simple best practice to secure your AWS account against unauthorized access? Multi-Factor Authentication (MFA) Disable AWS console access Request root access privileges Set up a secondary password
Multi-Factor Authentication (MFA)
There is a requirement hosting a set of servers in the cloud for a short period of 3 months. Which of the following types of instances should be chosen in order to be cost effective? Choose the BEST answer.
On-demand
There is a requirement for a development environment for the next 3 months. Which instance type would you use?
On-demand instance
Which of the following is a benefit an Amazon EC2 over on-premises physical servers?
Only pay for what you use
In AWS, which security aspects are the customer's responsibility? Choose all that apply. Patch management on the EC2 instance's operating system Decommissioning storage devices Security Group and ACL settings Life-cycle management of IAM credentials Encryption of EBS volumes Controlling physical access to compute resources
Patch management on the EC2 instance's operating system Security Group and ACL settings Life-cycle management of IAM credentials Encryption of EBS volumes
AWS manages which of the following security requirements for AWS resources according to the Shared Responsibility Model? (choose 3)
Physical security Disk disposal Hardware patching
Which of the following refers to another geographic location in AWS? Data Center Region Availability Zone Edge Location
Region
Your disaster recovery strategy should launching resources in a separate:
Region
The AWS global infrastructure can be broken down into which three elements? Regions VPCs Availability Zones Edge Locations
Regions Availability Zones Edge Locations
You need to host a database server for at least a year. Which of the following would result in the least cost?
Reserved All Upfront
Which of the following EC2 instances should you consider when most of the instances you are using are 90 - 100% utilized and you expect this to continue for at least a year to ensure minimized cost? Reserved Instances Dedicated Host Instances Spot Instances On-Demand Instances
Reserved Instances
You are currently hosting an infrastructure and most of the EC2 instances are being used 90-100% and you expect this to continue for at least a year. What type of EC2 instance would you use to ensure costs are minimized?
Reserved instances
If you need to register a new domain name, which AWS service will you use? Trusted Advisor Route 53 Cloud Formation VPC
Route 53
Which of the following is most useful when a Disaster Recovery method is triggered in AWS? Route 53 SNS Inspector SQS
Route 53
Which of the following provides fast, easy, and secure transfers of files over long distances between you and your S3 bucket? S3 Transfer Acceleration S3 Acceleration File Transfer HTTP Transfer
S3 Transfer Acceleration
Select the three models of Cloud Computing:
Saas - Software as a Service IaaS - Infrastructure as a Service PaaS - Platform as a Service
Which of the following is NOT a disaster recovery deployment technique?
Single site
A _____________ is a cost-effective instance type that can be used for jobs that can be interrupted and resumed at any time. Spot On-Demand Partial Upfront Reserved Full Upfront Reserved
Spot
You have a distributed application that periodically processes large volumes of data across multiple EC2 instances. The application is designed to recover gracefully from EC2 instance failures. You are required to accomplish this task in the most efficient manner. Which of the following BEST meets the requirements?
Spot instances
Which of the following are the costing attributes for using S3? Choose all that apply.
The total size in GB of all objects stored The storage class for the objects being stored
AWS provides cost savings to the customer through (select all that apply):
Tiered pricing structure Multiple storage options help lower costs Savings as the amount of usage increases
A VPC can span across multiple Availability Zones. True or False
True
A user can be assigned to multiple IAM groups. True or False
True
AMIs can be used to launch new instances, copy an instance to another Availability Zone within the same Region, and copy an instance to a different AWS Region. True or False
True
AWS CloudFront provides edge locations for a business's customers to access the business's cloud-based services. True or False
True
AWS Lambda is referred to as serverless computing because it allows the customer to write and execute code that runs in response to an event. True or False
True
AWS offers three different options for reserved instances that allow the customer to save up to 75% off the cost of equivalent on-demand services. True or False
True
Amazon CloudWatch basic monitoring is available at no additional cost to monitor seven core metrics of your EC2 instances. True or False
True
Amazon EC2 instance types are optimized for different use cases and workload requirements and come in multiple sizes. True or False
True
Amazon EFS is perfect for big data and analytics, media processing workflows, content management, web serving and home directories. True or False
True
Amazon Glacier is a long-term data archiving service designed for security, durability, and an extremely low cost. True or False
True
Each VPC exists in a single Region, but customers can have multiple VPCs under a single account. True or False
True
Fault Tolerance refers to the built-in redundancy of an application's components and its ability to remain operational.
True
IAM allows the customer to manage access and authentication of their users with their AWS resources for no additional monthly charge. True or False
True
Which of the following can be used to secure EC2 instances? Choose all that apply. Usage of Security Groups Usage of the Internet Gateway Usage of Network Access Control Lists Usage of AMIs
Usage of Security Groups Usage of Network Access Control Lists
Which of the following is a feature of an Edge Location? Choose all that apply. Used in conjunction with AWS CloudFront Distribute content to users Cache common responses Distribute the workload across multiple resources
Used in conjunction with AWS CloudFront Distribute content to users Cache common responses
Which of the following networking components can be used to host EC2 resources? Trusted Advisor VPC Elastic Load Balancer Auto Scaling
VPC
What does Amazon EC2 provide?
Virtual servers in the cloud
Which of the following is the amount of storage that can be stored in Amazon S3? Virtually unlimited storage 1TB 5TB 1PB
Virtually unlimited storage
When using On-Demand instances in AWS, which of the following is false in regard to the cost of the instance:
You have to pay the termination fees if you terminate the instance
What are some characteristics of Amazon S3? Choose all that apply. S3 allows you to store objects of virtually unlimited size You only pay for what you store S3 allows you to store virtually unlimited amounts of data Objects are directly accessible via a URL
You only pay for what you store S3 allows you to store virtually unlimited amounts of data Objects are directly accessible via a URL
An AWS region can be defined as which of the following? the same thing as an Availability zone a geographical area divided into Availability Zones a collection of edge locations a collection of compute capacity
a geographical area divided into Availability Zones
Select all possible responses that correctly describe one of the six benefit of cloud computing.
eliminate guessing on capacity needs benefit from massive economies of scale
Match the terms that describe either an All-in Cloud or On Premises deployment model.
flexible capacity - All-in Cloud low upfront investment - All-in Cloud speed and agility - All-in Cloud low ongoing cost - All-in Cloud fixed capacity - On Premises large initial purchase - On Premises long procurement cycles - On Premises systems administration - On Premises
As per the AWS Acceptable Use Policy, penetration testing of EC2 instances: (Choose all that apply) require prior authorization by AWS may be performed by AWS, and will be performed by AWS upon customer request are expressly prohibited under all circumstances can be performed by the customer on their own instances
require prior authorization by AWS can be performed by the customer on their own instances