SYBEX Book - AWS Cloud Practitioner End of Chapter Questions
1. Name at least two areas where automation is often used in AWS.
1. Backup generation and retention Security compliance Code deployments AWS infrastructure changes
1. Name at least two fundamental cost areas of AWS.
1. Compute, storage, and data transfer out (aggregated across services)
1. Name at least three cloud characteristics as defined by NIST.
1. On-demand self-service Broad network access Resource pooling Rapid elasticity Measured service
1. Name the three pricing models for EC2.
1. On-demand, reserved, and spot
1. Name the five pillars in "The Well-Architected Framework" of AWS.
1. Operational excellence Security Reliability Performance efficiency Cost optimization
1. Provide at least three examples of security frameworks to which AWS adheres.
1. Possible answers include CJIS, FedRAMP TIC, FISC, FISMA, GxP (FDA 21 CFR Part 11), IT-Grundschutz, MPAA, NERC, NIST, and UK Cyber Essentials.
1. Provide at least three examples of Free Tier services that can remain forever free.
1. Possible answers include NS, SQS, CloudWatch, Lambda, and Key Management Service.
1. What are the four major goals of AWS support?
1. Proactive guidance, best practices, account assistance, and launch support
1. What is often used when you need to provide access from an application running on an EC2 instance to other resources within AWS?
1. Role
1. Describe the AWS Global Infrastructure, from the largest component to the smallest.
1. The AWS Global Infrastructure features regions with Availability Zones inside of them. Each Availability Zone features at least one discrete data center.
1. Why might you turn to the AWS Marketplace when working on your security infrastructure in AWS?
1. The AWS Marketplace offers many affordable (and free) security solutions. These might include anti-malware, IPS, and policy management tools.
1. What popular calculator for AWS pre-dated the TCO calculators?
1. The AWS Simple Monthly Calculator
1. What would be an example of IT security controls that a customer inherits from Amazon?
1. The physical and environmental security controls used by Amazon
1. Provide at least two examples of resource types found in the AWS documentation.
1. User guides API references CLI references
1. How is the region determined when you want to create virtual machines in AWS?
1. You determine which region these resources exist in.
1. How many Availability Zones (AZs) are located in regions in the AWS Global Infrastructure? a. At least two b. One c. Two d. Three
1. a
1. The AWS Shared Responsibility model divides security responsibilities between which two parties? a. The AWS customer b. The AWS partner c. The community cloud vendor d. AWS
1. a and d
1. Which of the following are cost calculators found in AWS? (Choose two.) TCO calculators AWS Fee Estimator AWS Cost Comparison Calculator AWS Simple Monthly Calculator
1. a and d
1. How long is the Free Tier period by default? a. 2 years b. 1 year c. 6 months d. 3 months
1. b
1. Amazon is interested in offering you high levels of confidentiality with your data in AWS. What is a key technology area that accommodates this? a. Authentication b. Hashing c. Encryption d. Fault tolerance
1. c
1. What is a central resource for compliance-related AWS information? a. CodeLearn b. Lambda c. Artifact d. ProtectGuard
1. c
1. What service category does CloudFront fall under? a. Compute Services b. Storage c. Networking and Content Delivery d. Security, Identity, and Compliance
1. c
6. What is the fully managed configuration management service in AWS? a. CloudTrail b. OpsWorks c. CloudFormation d. CloudWatch
6. b
6. Where should firewalling be accomplished in your web hosting design in AWS? a. At the perimeter b. At the core c. Everywhere d. For all access layer functions
6. c
6. Where are your own private subnets located in AWS? a. IAM b. EC2 c. Lambda d. VPC
6. d
6. Which of the following is not a form of ELB in AWS? a. Application Load Balancer b. Classic Load Balancer c. Network Load Balancer d. Virtual Load Balancer
6. d
7. What component allows you to connect privately from your Virtual Private Cloud (VPC) to services you need? a. VPC endpoint b. Direct Connect c. VPN d. CloudFront
7. a
7. Security groups in AWS protect what resources? a. AZs b. Subnets c. EC2 instances (through ENIs) d. Vaults
7. c
8. What would you use if you have multiple VPCs in AWS and you need to communicate between them? a. Gateway endpoint b. VPC peering c. Direct Connect d. ClassicLink
8. b
8. What is a serverless compute service of AWS? a. Aurora b. Snowball c. Glacier d. Lambda
8. d
9. What technology permits you to use a private connection from your facility to AWS? a. ClassicLink b. Direct Connect c. VPC peering d. VPC endpoint
9. b
9. What is a PaaS service of AWS? a. CloudFormation b. CloudFront c. Elastic Beanstalk d. RDS
9. c
1. Which statement regarding the AWS documentation is false? a. The AWS documentation is carefully categorized to assist your usage. b. The documentation consists of user guides and references broken down by topic. c. You cannot access the documentation of AWS without at least a Free Tier account. d. The documentation is accessed online.
1. c
1. IAM can permit access to accounts that have already been authenticated in another domain or application. What is this called? a. Proxy trust b. Role sharing c. Proxy d. Federation
1. d
1. What replaces CapEx as an advantage of the cloud? a. FIFO b. GARP c. ROI d. OpEx
1. d
1. What service in AWS allows core checks to be performed by any customer regardless of their support plan level? a. CloudFront b. CloudFormation c. CloudTrail d. Trusted Advisor
1. d
1. Which is not an example of a service that is always free? a. IAM b. Auto Scaling c. CloudFormation d. EC2
1. d
1. Which of the following is not a common cloud characteristic as defined by the NIST? a. On-demand self-service b. Measured service c. Broad network access d. Dedicated hardware
1. d
1. Which of the following is not one of the pillars of "The Well-Architected Framework" from Amazon? a. Cost optimization b. Security c. Operational excellence d. Speed
1. d
1. Why is automation so easily accommodated in AWS? a. Because CloudTrail provides automation templates automatically for you b. Because multiple regions facilitate code deployment c. Because physical systems host the EC2 instances you work with daily d. Because all actions can be implemented through API calls
1. d
10. What EC2 pricing model allows you to bid on availability capacity? a. Temporary instances b. Spot instances c. Reserved instances d. On-demand instances
10. b
11. What is a common use of EBS in AWS? a. To receive and process streaming data for IoT b. To provide serverless compute resources c. To act as the boot volume for an EC2 server instance d. To makes files available to massive numbers of users and groups
11. c
12. How does S3 ensure the durability of your data? a. Multiple high-speed Internet connections are made to every major directory you create. b. Data is storage-tiered by default. c. Data is automatically replicated to an alternate region. d. Multiple copies of your data are stored in separate Availability Zones.
12. d
13. What is the archiving/warehousing solution within S3? a. Glacier b. Snowball c. EFS d. Aurora
13. a
14. Which AWS database is a NoSQL database solution often being used with the IoT? a. Aurora b. Glacier c. Snowball d. DynamoDB
14. d
15. Which of the following is a data warehouse solution in AWS? a. Redshift b. Aurora c. RDS d. ElastiCache
15. a
2. What is actually being sent to your AWS resources when you make configuration changes in the GUI Management Console?
2. API calls.
2. How does AWS decide on the location of Availability Zones inside a region?
2. Amazon ensures that the Availability Zones are as far apart as possible to promote fault tolerance and disaster recovery. Separate flood plains are targeted.
2. Name at least two main features of AWS Billing and Cost Management.
2. Analyzing costs with graphs
2. What is required in order to post on the AWS discussion forums?
2. At least a Free Tier account with AWS
2. What are the four support plans of AWS?
2. Basic, Developer, Business, and Enterprise
2. Provide at least three examples of client responsibilities under the AWS Shared Responsibility model.
2. Customer data Platform, applications, Identity and Access Management (IAM) policies Guest operating systems Network and firewall configurations Client-side data encryption Server-side encryption (file system and/or data) Networking traffic protection (encryption, integrity, and identity)
2. What level of technical support provides 24×7 access to Senior Cloud Support Engineers via email, chat, and phone?
2. Enterprise
2. What is often considered a subcomponent of HA?
2. Fault tolerance (FT) is often considered a subcomponent of HA.
2. Name the three major "as a Service" models of cloud.
2. IaaS PaaS SaaS
2. Why might you shut down your EC2 instances in AWS when practicing with the Free Tier account?
2. In order to remain within the Free Tier limits.
2. Name the three main components of the Global Infrastructure.
2. Regions, Availability Zones (AZs), and Edge Locations
2. Name at least two cost variables for AWS S3.
2. Storage class, requests, and data transfer out
2. Name at least two management access options for AWS.
2. The AWS Management Console The AWS CLI SDKs and APIs
2. What account is created when you sign up for AWS, but then should be used very sparingly after that point?
2. The root account
3. What is the large advantage to the cloud's emphasis on APIs? a. Cost b. Automation c. Simple learning curve d. Lack of traceability
3. b
2. What should you do if you are interested in penetration testing your AWS data and resources?
2. You must contact AWS support personnel. You are not permitted to penetration test your data and resources without the explicit permission and knowledge of AWS staff.
2. What acts like your own cloud expert in AWS, providing recommendations for greater security based on your existing configurations? a. Trusted Advisor b. Artifact c. EC2 d. Cognito
2. a
2. Which of the following is not considered a benefit of automation? a. Reduction in required security measures b. Lowered operating costs c. Simpler and faster code deployment d. Reduction in the potential for errors
2. a
2. Which of the following resources is often a frequent source for exam questions and topics? a. FAQs b. IEEE standards docs c. Wikipedia.org d. NIST standards
2. a
2. A region in AWS is broken up into what construct? a. Primary and secondary data centers b. Availability Zones c. Vaults d. Pods
2. b
2. What identity in IAM is very similar to a user account but has no credentials associated with it? a. Groups b. Roles c. Proxy users d. Principles
2. b
2. What model is often followed in order to charge for cloud usage? a. Pay as you terminate b. Pay as you go c. Pay as you can d. Pay as you will
2. b
2. What service in AWS assists your security efforts using roles, users, and groups? a. S3 b. IAM c. EC2 d. Glacier
2. b
2. Which of the following is not a type of EC2 purchase plan? a. On-Demand b. Virtual-Only c. Reserved d. Spot
2. b
2. Client responsibilities will vary in the Shared Responsibility model based on what major factor? a. The number of AWS employees in the region used by the customer b. The amount of customer data intended for cloud storage c. Which services the customer chooses to use of AWS d. How much money the customer is willing to spend on support
2. c
2. What is the term commonly used for the cloud's capability to scale outward and inward automatically based on demand? a. Agility b. Reliability c. Elasticity d. Fault tolerance
2. c
2. What type of billing does Amazon engage in for AWS? Pay-as-you-terminate Pay-for-reservations Pay-as-you-go Pay-as-you-estimate
2. c
2. Which is not an example of a service that remains free after the Free Tier expiration? a. SNS b. Glacier c. EC2 d. CloudWatch
2. c
2. Who can act as a dedicated voice for you within AWS and serve as your technical point of contact and advocate? a. Cloud Practitioner b. Primary Solution Architect c. TAM d. Concierge
2. c
2. Ensuring that you have "traceability" is critical in AWS. This is typically under what AWS design pillar? a. Cost optimization b. Operational excellence c. Performance efficiency d. Security
2. d
2. What is an Edge Location used for in an AWS region? a. CloudFormation b. RDS c. S3 d. CloudFront
2. d
3. Provide at least two examples of Amazon responsibilities under the AWS Shared Responsibility model.
3. Cloud software, including compute, storage, networking, and database software Hardware AWS Global Infrastructure, including regions, Availability Zones, and Edge Locations
3. What service is often used to build the web server itself in AWS, especially if this web server is to host complex, dynamic content?
3. EC2
3. Where are Availability Zones located in AWS?
3. In geographically distant parts of AWS regions. These are located all around the world.
3. What two types of database compatibility options exist in RDS?
3. MySQL and PostgreSQL
3. Name the four cloud deployment models.
3. Private Public Hybrid Community
3. What is the AWS component that permits you to allow traffic flows between your VPCs in your AWS account?
3. VPC peerings permit inter-VPC communications.
3. What component related to an EC2 instance do you modify in order to permit the correct traffic forms? a. Security group b. Container c. VPC d. Instance type
3. a
3. Which is not a fundamental cost in AWS? a. Data transfer in b. Data transfer out c. Storage d. Compute
3. a
3. Which of the following is true regarding HA in your on-premises data center? a. It is typically only reserved for the most mission-critical systems or data. b. It is typically implemented at a lower cost than cloud. c. It is typically implemented throughout the entire data center. d. It is never truly achievable.
3. a
3. Which statement regarding regions in AWS is not correct? a. Regions in North America rely on the presence of the other North American regions. b. Regions are connected with fast connections to other regions. c. Edge Locations exist inside of regions. d. Availability Zones exist inside of regions.
3. a
3. Why does AWS guarantee your exchange rate with AWS Billing and Cost Management? In order to ensure that any refunds use the same exchange rate as your original transaction To save you costs To minimize the number of transactions in the system To optimize your costs for resources
3. a
3. Why might you create many different accounts for one of your AWS engineers? a. To follow the concept of least privilege b. To reduce the resources required by IAM c. To provide back doors into the system d. To ensure you can log activity
3. a
3. What Global Infrastructure component of AWS serves CloudFront content? a. Availability Zones b. Edge Locations c. Vaults d. Cache Centers
3. b
3. What is required in order to post questions to the group in the official discussion forums of AWS? a. No special requirement exists b. An AWS account c. The Enterprise support plan d. The Desktop support plan
3. b
3. What is the very popular "as a Service" model that permits a cloud provider to make applications available that are typically accessible from anywhere? a. IaaS b. SaaS c. PaaS d. GaaS
3. b
3. Which is not a common category of IT security controls in the AWS Shared Responsibility model? a. Inherited b. Deferred c. Customer specific d. Shared
3. b
3. Amazon seeks out attestations from organizations that are what? (Choose two.) a. Dependent b. Independent c. Third party d. Subsidiary
3. b and c
3. What two support plans offer response times of 1 hour or less? a. Developer b. Enterprise c. Business d. Basic
3. b and c
3. What is the result of orchestration? a. An architecture guaranteed to be free of errors b. Alignment of all required tasks in an independent execution environment c. A consolidated process or workflow d. An environment that can be replicated easily on any public cloud platform
3. c
3. What Learning Path is recommended for those in compliance roles in your AWS architecture? a. Code Learning Path b. SysOps Learning Path c. Architect Learning Path d. Auditor Learning Path
3. d
4. What was the first serverless compute service of AWS?
4. Lambda
4. How many discrete data centers are located in an AZ in the AWS Global Infrastructure? a. At least one b. At least two c. At least three d. At least four
4. a
4. The Budgets tool in AWS uses what component for visualization? Cost Explorer Excel Tableau AWS GraphSage
4. a
4. What component can you use to connect your VPC to the public Internet? a. IGW b. IDS c. IPS d. NACLs
4. a
4. Which is not a major category of the AWS discussion forums? a. AWS Security Alerts b. Amazon Web Services c. German Forums d. AWS Startups
4. a
4. Which of the following is not a major contributor to the agility that AWS provides? a. Governance b. Speed c. The culture of innovation d. Experimentation
4. a
4. What is the main "virtual machine" creation technology available in AWS? a. S3 b. EC2 c. Route 53 d. ELB
4. b
4. Which is not considered a benefit of orchestration? a. The lowering of overall IT costs b. The elimination of the need for experimentation c. Improved delivery times d. Reduced friction between different teams
4. b
4. In a high security environment, what should you do with privileged user accounts? a. Store credentials in an S3 bucket b. Create roles that mimic the accounts c. Use MFA with these accounts d. Share the access keys with other accounts that require access
4. c
4. What is used to authenticate access to your EC2 instance? a. Lambda b. PPTP c. Key pairs d. Telnet
4. c
4. What minimal level of support gives you access to a TAM? a. Business b. Basic c. Enterprise d. Developer
4. c
4. Which is not a common cost characteristic for EC2? a. Clock hours b. Detailed monitoring c. AZ location d. Hardware options
4. c
4. From where does Amazon often draw information for certification exam questions? a. Case studies b. Security blogs c. Security bulletins d. FAQs
4. d
4. Which is not a typical service or tool associated with HA in AWS? a. Auto Scaling b. ELB c. CloudWatch d. CloudTrail
4. d
4. Which of the following is not an example of an Amazon responsibility in the AWS Shared Responsibility model? a. Physical security of the data center b. Cloud software c. Edge locations d. IAM policies
4. d
4. Which of the following is not something Amazon typically provides to AWS customers in the area of compliance? a. Mapping documents b. Compliance playbooks c. Security features d. Physical host security playbooks
4. d
5. What AWS feature permits you to create persistent storage volumes for use by EC2 instances (including boot)?
5. Elastic Block Store (EBS)
5. What is the object-based storage solution in AWS? a. S3 b. EC2 c. VPC d. IAM
5. a
5. What is the DNS service offered by AWS? a. SQS b. Route 53 c. CloudFront d. CloudFormation
5. b
5. What major global architecture component exists in regions? a. Offline stores b. Availability Zones c. Hotspots d. Clusters
5. b
5. How does Amazon design each AZ in the AWS Global Infrastructure? a. To be located in the largest city in a region b. To exist outside of a region c. As an independent failure domain d. As dependent on at least one other AZ
5. c
5. Which of the following is not an example of a client responsibility in the AWS Shared Responsibility model? a. Data integrity authentication b. Guest operating system c. Virtualization software on the host d. Customer data
5. c
5. CloudWatch falls into which category of management options? a. Provisioning b. Managed Services for Configuration c. Operations Management d. Monitoring and Logging
5. d
5. Where can you place your resources in a VPC to help ensure high availability? a. Different regions b. Different root accounts c. Different storage tiers d. Different AZs
5. d
6. What monitoring tool permits you to carefully observe specific API calls to AWS resources?
6. CloudTrail
6. How is a typical AZ given power in the AWS Global Infrastructure? a. Via different grids from independent utilities b. From generators powered by Amazon c. From a single grid from the highest performance utility d. From a shared public power station
6. a
6. What two protocols are commonly permitted in security groups in order to permit remote administration of systems? (Choose two.) a. RDP b. ICMP c. SFTP d. SSH
6. a and d