AWS - Certified Cloud Practitioner (CLF-C01) / Multiple Choices
Consolidated billing is managed through what AWS service? * AWS Organizations * AWS Billing Manager * AWS TCO * AWS Consolidated Management
AWS Organizations * AWS Organizations is where you can manage multiple AWS accounts in one place (including it's billing features, such as consolidated billing).
Which of the following is not database service? * Amazon Neptune * Amazon Redshift * Amazon Aurora * Amazon EBS
Amazon EBS * Amazon EBS is a storage service.
True or False: For IaaS resources, AWS is responsible for the security of everything above the hypervisor layer. * False * True
False * Users are responsible for the security of their resources in the AWS cloud including the os, patching and apps.
True or False: It is best practice to store your Access Key and Secret Access Key in the .aws file in your application. * True * False
False * You should never store your access keys in your application.
True or False: You use your Access Key and Secret Access Key to log into the AWS Management Console. * True * False
False * You use a username and password to log into the AWS console.
True or False: With Consolidated Billing, the Paying Account can make changes to any of the resources owned by a Linked Account. * False * True
False False. The Paying Account cannot make changes to any of the resources owned by a Linked Account.
Amazon VPC ________. * Affords you complete control of network configuration. * Amazon VPC offers all of these features. * Allows you to build a private, virtual network in the AWS cloud. * Offers several layers of security controls.
Amazon VPC offers all of these features. * Amazon VPC allows you to build a private, virtual network in the AWS cloud, affords you complete control of network configuration, and offers several layers of security controls.
What is required in order to post questions to the group in the official discussion forums of AWS? * No special requirement exists * An AWS account * The Enterprise support plan * The Desktop support plan
An AWS account
How are AWS IAM roles used? * AWS IAM roles are used to grant users permissions to AWS services. * AWS IAM roles are used when multiple users need access to a resource. * An IAM role defines permissions for AWS service requests. * IAM roles are used to grant temporary access to an AWS resource.
An IAM role defines permissions for AWS service requests.
Which of the following Load Balancers uses Listeners, Targets, and Target Groups? * Application Load Blancer * Classic Load Balancer
Application Load Blancer * The ALB uses Listeners, Targets, and Target Groups.
Which of the following are key components of Amazon Glacier? (Choose 3) * Archive * Table * Vault * Bucket * Access Policy * Volume
Archive, Vault, Access Policy
What is a central resource for compliance-related AWS information? * CodeLearn * Lambda * Artifact * ProtectGuard
Artifact
How does Amazon design each AZ in the AWS Global Infrastructure? * To be located at the largest city in a region * To exist outside of a region * As an independent failure domain * As dependent on at least one other AZ
As an independent failure domain
As a best practice, what is the best way to assign the same permissions to an AWS resource for multiple users? * Assign the user accounts to the appropriate group, and apply the AWS IAM policy to the group. * Assigning permissions for each user account individually. * Use an AWS IAM role. * Use MFA to assign the permissions.
Assign the user accounts to the appropriate group, and apply the AWS IAM policy to the group.
How many discrete data centers are located in an AZ in the AWS Global Infrastructure? * At least one * At least two * At least three * At least four
At least one
How many Availability Zones (AZs) are located in regions in the AWS Global Infrastructure? * At least two * One * Two * Three
At least two
What Learning Path is recommended for those in compliance roles in your AWS architecture? * Code Learning Path * SysOps Learning Path * Architect Learning Path * Auditor Learning Path
Auditor Learning Path
What is the name of the AWS MySQL compatible database that offers enhanced performance over traditional MySQL databases? * Aurora * MariaDB * PostgreSQL * Microsoft SQL Server
Aurora
What is the name of Amazon's RDS SQL database engine? * Lightsail * Aurora * SNS * MySQL
Aurora * AWS created their own custom SQL database engine, which is called Aurora.
Your application needs a MySQL database, but you need better performance than you could get running MySQL on EC2. Which of the following AWS services should you consider? * Neptune * DynamoDB * Aurora * Redshift
Aurora * Aurora is AWS' managed MySQL database. It delivers up to 5X the performance of a MySQL database running on EC2.
With RDS, read-replicas are available for which of the following? (Choose 4) * MS SQLServer * Aurora * MariaDB * PostgreSQL * Oracle * MySQL
Aurora, MariaDB, PostgreSQL, MySQL * Read-replicas are available for MySQL, Aurora, MariaDB, and PostgreSQL. Oracle and MS SQL offer similar functionality but not in the form of RDS read replicas.
What databases are supported by AWS RDS? (Choose 6) * Aurora * MongoDB * DynamoDB * Oracle * PostgreSQL * Microsoft SQL Server * MariaDB * MySQL
Aurora, Oracle, PostgreSQL, Microsoft SQL Server, MariaDB, MySQL
You need to ensure that you have the correct number of EC2 instances available to handle the load for your application. Which AWS service should you use? * Elastic Load Balancer * Application Load Balancer * Route53 * Auto Scaling
Auto Scaling
True or False: To restrict access to an entire bucket, you use bucket control lists; and to restrict access to an individual object, you use object policies. * False * True
False To restrict access to an entire bucket, you use bucket policies; and to restrict access to an individual object, you use access control lists.
What categories fall under those analyzed by the AWS Trusted Advisor program? (Choose 2) * Scalability * Fault tolerance * Risk Percentile Score * Cost optimization
Fault tolerance, Cost optimization * The AWS Trusted Advisor program will analyze your account with check in the following categories: Cost Optimization, Performance Security Fault Tolerance
True or False: By default, the Root user of every AWS account has full access to all AWS services. As such, the Root user should never be used for normal daily operations. * True, * False
True * By default, the Root user of every AWS account has full access to all AWS services. As such, the Root user should never be used for normal daily operations.
True or False: Data stored in Glacier is encrypted by default. * False * True
True * Data stored in Glacier is encrypted by default.
True or False: DynamoDB allows the creation of compound primary keys. * False * True
True * DynamoDB allows the creation of compound primary keys. A primary key may be either a Partition key, or a Partition-Sort key combination.
True or False: AWS is responsible for the security of Edge Locations. * False * True
True * Edge Locations are part of the AWS Global Infrastructure. As such, AWS is responsible for their security.
What are the four primary benefits of using the cloud/AWS? * Unlimited storage, limited compute capacity, fault tolerance, and high availability * Elasticity, scalability, easy access, limited storage * Fault tolerance, scalability, sometimes available, unlimited storage * Fault tolerance, scalability, elasticity, and high availability
Fault tolerance, scalability, elasticity, and high availability
True or False: S3 is object storage suitable for the storage of 'flat' files like Word documents, photos, etc. * False * True
True * S3 is object storage suitable for the storage of 'flat' files like Word documents, photos, etc.
True or False: A Distribution is what we call a series of Edge Locations that make up CDN. * True * False
True * The collection of a CDN's Edge Locations is called a Distribution.
Which of the following best describes a system that will remain operational even in the event of a component failure? * Fault-tolerant * Scalable * Elastic * Highly Available
Fault-tolerant * a fault-tolerant system will remain operational even in the event of a component failure.
What service category does CloudFront fall under? * Compute Services * Storage * Networking and Content Delivery * Security, Identity, and Compliance
Compute Services
You are using your corporate directory to grant your users access to AWS services. What is this called? * User Group Access * Role-based Access * Multifactor Authentication Access * Federated Access
Federated Access * Federated Access uses your corporate directory to grant your users access to AWS services.
IAM can permit access to accounts that have already been authenticated in another domain or application. What is this called? * Proxy trust * Role Sharing * Proxy * Federation
Federation
John, member of your company's development team, needs access to company's AWS account. What AWS service is used to manage such access? * IAM * Route 53 * EC2 * S3
IAM * Identity & Access Management (IAM) is the AWS service where user accounts, credentials, and service access is managed.
Which of the following is not an example of an Amazon responsibility in the AWS Shared Responsibility model? * Physical security of the data center * Cloud software * Edge locations * IAM policies
IAM policies
True or False: Users are entirely responsible for the security of AWS IaaS services such as EC2 and VPC. * False * True
True * Users are entirely responsible for the security of AWS IaaS services such as EC2 and VPC.
True or False: For IaaS resources, Users are responsible for the security of everything above the hypervisor layer. * False * True
True * Users are responsible for security in the cloud including the os, patching and apps.
True or False: Using IAM Groups is the recommended way to manage IAM users' permissions by job function. * True * False
True * Using IAM Groups is the recommended way to manage IAM users' permissions by job function
True or False: With AWS Organizations, you can use either just the Consolidated Billing feature, or all the offered features. * True * False
True * With AWS Organizations, you can use either just the Consolidated Billing feature, or all the offered features.
Which of the following are components of the Security Pillar of the AWS Well-Architected Framework? (Choose 3) * IAM * Infrastructure protection * Customer Service * Detective Controls * Technical Account Management
IAM, Infrastructure protection, Detective Controls * IAM, Detective Controls, and Infrastructure protection are components of the Security pillar.
What are two functions you can complete using AWS IAM? Choose all that apply. * Setting password policies * Setting ACLs on AWS S3 * Setting the maximum budget cost allowed per user * Creating users and groups
Setting Password policies, Creating users and groups
What does S3 stand for? * Simple Store Service * Service for Simple Storage * Simplified Storage Service * Simple Storage Service
Simplified Storage Service
Which of the following is not one of the pillars of "The Well-Architected Framework? from Amazon? * Cost optimization * Security * Operational excellence * Speed
Speed
What acts like your own cloud expert in AWS, providing recommendations for greater security based on your existing configurations? * Trusted Advisor * Artifact * EC2 * Cognito
Trusted Advisor
What is the purpose of a DNS server? * To act as an internet search engine. * To protect you from hacking attacks. * To convert common language domain names to IP addresses. * To serve web application content.
To convert common language domain names to IP addresses
What service in AWS allows core checks to be performed by any customer regardless of their support plan? * CloudFront * CloudFormation * CloudTrail * Trusted Advisor
Trusted Advisor
Which of the following is correct? * # of Regions > # of Availability Zones > # of Edge LocationsSELECTED * # of Availability Zones > # of Regions > # of Edge Locations * # of Availability Zones > # of Edge Locations > # of Regions * # of Edge Locations > # of Availability Zones > # of Regions
# of Edge Locations > # of Availability Zones > # of Regions * The number of Edge Locations is greater than the number of Availability Zones, which is greater than the number of Regions.
Which of the following is a valid route for connecting an EC2 hosted website instance to the internet? * 0.0.0.0/0 * A route is not required to connect. * 0.0.0.0/24 * 10.0.0.0/24
0.0.0.0/0
How long is the Free Tier period by default? * 2 years * 1 year * 6 months * 3 months
1 year
Why might you create many different accounts for one of your AWS engineers? * To follow the concept of least privilege * To reduce the resources required by IAM * To provide back doors into the system * To ensure you can log activity
To follow the concept of least privilege
What does TCO stand for? * Tally of Cost Ownership * Total Continual Ownership * Total Cost of Ownership * None of the above
Total Cost of Ownership * TCO stand for Total Cost of Ownership.
For a fixed monthly rate, you can choose detailed, once-a-minute monitoring of your EC2 instances. * False * True
True
True or False: AWS is responsible for security of the cloud. * True * False
True
There are at least _______ Availability Zones per AWS Region. * 4 * 3 * 2 * 1
2 * There are at least 2 Availability Zones per AWS Region.
By default, what is the maximum number of Linked Accounts per Paying Account under Consolidated Billing? * 100 * 20 * 10 * 50
20 * The default maximum is 20 linked accounts. This soft limit can be increased by contacting AWS.
True or False: Users are responsible for security in the cloud. * False * True
True
True or False: With DynamoDB, you can specify the amount of throughput you need for read and write operations. * False * True
True
Which of the following best describes an AWS Region? * A collection of databases that can only be accessed from a specific geographic region. * A collection of data centres that is spread evenly around a specific continent. * A distinct location within a geographic area designed to provide high availability to a specific geography. * A console that gives you a quick, global picture of your cloud computing environment.
A distinct location within a geographic area designed to provide high availability to a specific geography. * A Region is a distinct location within a geographic area designed to provide high availability to a specific geography.
What best describes the concept of a virtual private cloud? * A private section of AWS in which you control what resources are placed inside. * A collection of data centers. A shared section of AWS between you and other AWS account holders. * A private section of AWS in which you control what resources are placed inside and who can access those resources.
A private section of AWS in which you control what resources are placed inside and who can access those resources. * A VPC is a private section of AWS in which you control what resources are placed inside and who can access those resources. A VPC defines your own private network that runs on AWS infrastructure.
The AWS Web Application Firewall can go down to which of the following OSI layers? * 4 * 5 * 6 * 7
7 * WAF operates down to Layer 7.
What is the availability and durability rating of S3 Standard Storage Class? * 99.999999999% Durability and 99.00% Availability * 99.999999999% Availability and 99.90% Durability * 99.999999999% Durability and 99.99% Availability * 99.999999999% Availability and 99.99% Durability
99.999999999% Durability and 99.99% Availability * S3 Standard Storage class has a rating of 99.999999999% durability (referred to as 11 nines) and 99.99% availability.
You have just set up a brand new AWS account. You want to keep monthly billing under $100, but you are worried about going over that limit. What can you set up in order to be notified when the monthly bill approaches $100? * A CloudTrail billing alarm that triggers an SNS notification to your email address. * A CloudWatch billing alarm that triggers an SNS notification to your email address. * A SNS billing alarm that triggers a CloudWatch notification to your email address. * A CloudWatch billing alarm that triggers a CloudTrail notification to your email address.
A CloudWatch billing alarm that triggers an SNS notification to your email address. * In CloudWatch, you can set up a billing alarm that will trigger when your monthly bill hit the set threshold. That alarm can then be set up to trigger an SNS topic that will send you a notification that the alarm threshold as been met.
Which of the following best describes an AWS VPC? * A VPC can be described as your own "private section" of AWS * A VPC is the home network assigned to me by my ISP and it is used to access the cloud * A VPC is a virtual private computer * There is no service called an AWS VPC
A VPC can be described as your own "private section" of AWS
What is the EC2 AMI Marketplace? * It is where you select the storage type of an EC2 instance. * It is where you store AMIs that you create. * A collection of pay-to-use EC2 AMIs that generally come packaged with licensed enterprise software. * It is where you select to compute capacity for an EC2 instance.
A collection of pay-to-use EC2 AMIs that generally come packaged with licensed enterprise software.
What best describes a simplified definition of the "cloud"? * An on-premise data center that your company owns * All the computer in your local home network * Your internet service provider * A computer located somewhere else that you are utilizing in some capacity
A computer located somewhere else that you are utilizing in some capacity
In very simple terms, what is the "cloud"? * Another term used to describe the "Internet" * An external hard drive you use for data backups at home * A floating ball condensed water vapor * A computer located somewhere else that you utilize in some fashion
A computer located somewhere else that you utilize in some fashion
What is the result of orchestration? * An architecture guaranteed to be free of eros * Alignment of all required tasks in an independent execution environment * A consolidated process or workflow * An environment that can be replicated easily on any public cloud platform
A consolidated process or workflow
Regarding Amazon Glacier, what is a Vault? * The rules that determine who may (or may not) access archives. * A container for storing Archives * An object — like photos, videos, files, or documents
A container for storing Archives * A Vault is a container for storing Archives.
What is an AWS region? * A region is a collection of Edge Locations available in specific countries. * A region is a subset of AWS technologies. For example, the Compute region consists of EC2, ECS, Lambda, etc. * A region is a geographical area divided into Availability Zones. Each region contains at least two Availability Zones. * A region is an independent data center, located in different countries around the globe.
A region is a geographical area divided into Availability Zones. Each region contains at least two Availability Zones. * A region is a geographical area divided into Availability Zones. Each region contains at least two Availability Zones.
Which of the following best describes a Resource Group? * A resource group is a collection of resources that share one or more tags (or portions of tags.) * A resource group is a collection of resources that are deployed in the same AWS Region. * A resource group is a collection of resources of the same type (EC2, S3, etc.) that are deployed in the same Availability Zone. * A resource group is a collection of resources of the same type (EC2, S3, etc.) that share one or more tags or portions of tags.
A resource group is a collection of resources that share one or more tags (or portions of tags.) * A resource group is a collection of resources that share one or more tags (or portions of tags.)
What is a subnet? * A subnet is a subdivision of an IP network. * Subnet is not a valid AWS term. * Subnets are used to allow virtual servers in different VPCs to communicate with each other. * A subnet is a list of allowed and denied ports.
A subnet is a subdivision of an IP network.
What best describes AWS EC2? * A virtual computer used primarily for its processing power. * Unlimited mass storage * An on-premise server computer * A database service
A virtual computer used primarily for its processing power
Which of the following best describes EBS? * A NoSQL database service * A managed database service * A bitcoin-mining service * A virtual hard-disk in the cloud
A virtual hard-disk in the cloud * An EBS volume is best described as a virtual hard-disk in the cloud.
Which is not a fundamental cost in AWS? * Data transfer in * Data transfer out * Storage * Compute
Data transfer in
Which of the following is not a fundamental AWS charge? * Compute * Data-out * Data-in * Storage
Data-in * In AWS, data-in is always free-of-charge.
Which of the following is not a common cloud characteristic as defined by the NIST? * On-demand self-service * Measured service * Broad network access * Dedicated hardware
Dedicated hardware
Which of the following are payment options for Reserved Instances? (Choose 3) * AURI * NURI * PURI * MURI * DURI
AURI, NURI, PURI * Reserves instances are available with all upfront, partial upfront, or no upfront (AURI, PURI, and NURI) pricing
Which of the following are Migration services? (Choose 2) * AWS Application Discovery Service * AWS OpsWorks * AWS Snowball * AWS Config
AWS Application Discovery Service, AWS Snowball * AWS Config and AWS OpsWorks are Management Tools.
You are an AWS Enterprise customer with questions about billing and you overall AWS account? Which of the following AWS support personnel should you contact? * AWS Support * AWS Concierge * AWS Technical Account Manager * AWS Billing and Accounts
AWS Concierge * For AWS Enterprise customers, the AWS Concierge is a resource dedicated to answering billing and account questions.
Which of the following AWS services should you use to migrate an existing database to AWS? * SNS * AWS DMS * Route 53 * Storage Gateway
AWS DMS * The AWS Database Migrations Service is the best choice.
Which of the following are storage services? (Choose 2) * AWS Elastic File System * AWS RDS * S3 * AWS VPC
AWS Elastic File System, S3 * VPC is a Networking service, and RDS is a Database service.
You need to use an AWS service to assess the security and compliance of your EC2 instances. Which of the following services should you use? * AWS Inspector * AWS WAF * AWS Shield * AWS Trusted Advisor
AWS Inspector AWS Inspector assesses the security and compliance of your EC2 instances.
Which of the following are valid access types for an IAM user? (Choose 3) * Programmatic access via the command line * AWS Management Console access * Security Group access via the AWS command line * Using the AWS Software Developers Kit * Emergency access via Identity Access Management (IAM)
AWS Management Console access, Security Group access via the AWS command line, Programmatic access via the command line * The two types of access are AWS Management Console access and Programmatic Access via the AWS API, the CLI, and the SDKs.
Which is not a common category of IT security controls in the AWS Shared Responsibility model? * Inherited * Deferred * Customer specific * Shared
Deferred
Which of the following AWS services gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources, alerting you and providing remediation guidance when AWS is experiencing events that my affect you? * Trusted Advisor * AWS Personal Health Dashboard * Cloud Trail * AWS Systems Manager
AWS Personal Health Dashboard * AWS Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.
Which is not a major category of the AWS discussion forums? * AWS Security Alerts * Amazon Web Services * German Forums * AWS Startups
AWS Security Alerts
If you want in-depth details on how to create, manage, and attach IAM access policies to IAM users, in what AWS resource should you look? * AWS How-To-Help Section * AWS Service Documentation * AWS Whitepapers * None of the above
AWS Service Documentation * AWS Service documentation is a collection of documents specific to each AWS service. They contain detailed how-to's, as well as technical walkthroughs and specifications.
Which of the following is AWS' managed DDoS protection service? AWS WAF Access Control Lists AWS Shield Security Groups
AWS Shield * AWS Shield is AWS' managed DDoS protection service.
Big Cloud Jumbo Corp is beginning to explore migrating their entire on-premises data center to AWS. They are very concerned about how much it will cost once their entire I.T. infrastructure is running on AWS. What tool can you recommend so that they can estimate what the cost of using AWS may be? * AWS Migration Cost Calculator * AWS Cost Explorer * AWS Estimate Calculator * AWS TCO Calculator
AWS TCO Calculator * The AWS TCO (Total Cost of Ownership) Calculator is a free tool provided by AWS. It allows you to compare your current on-premises cost vs. estimated AWS cost.
Which of the following AWS services can help you assess the fault-tolerance of your AWS environment? * AWS Shield * AWS WAF * AWS Inspector * AWS Trusted Advisor
AWS Trusted Advisor * AWS Trusted Advisor can help you assess the fault-tolerance of your AWS environment.
Which of the following services will help you optimize your entire AWS environment in real time following AWS best practices? * AWS Inspector * AWS Trusted Advisor * AWS Shield * AWS WAF
AWS Trusted Advisor * Trusted Advisor helps you optimize your entire AWS environment in real time following AWS best practices. It helps you optimize cost, fault-tolerance, and more.
If you want to learn about AWS architectural or security best practices, where will you find that type of information? * AWS Service Documentation * AWS White Papers * AWS Console Info Section * AWS Yellow Pages
AWS White Papers * White papers are a collection of technical documents that outlines many AWS relevant topics.
What best describes Amazon Web Services (AWS)? * AWS is the cloud * None of the above * AWS is a cloud services provider * AWS only provides compute and storage services
AWS is a cloud service provider
What best describes what AWS is? * AWS is an online retailer * AWS is a cloud services provider. * AWS is the cloud. * AWS is an e-book reseller
AWS is a cloud services provider.
What is the relationship between AWS global infrastructure and the concept of high availability? * AWS regions and Availability Zones allow for redundant architecture to be placed in isolated parts of the world * None of the above * AWS is centrally located in one location and is subject to widespread outages if. something happens at that one location * Each AWS region handles a different AWS services, and you must use all regions to fully use AWS
AWS regions and Availability Zones allow for redundant architecture to be placed in isolated parts of the world.
Which of the following best describes AWS Regions? * Regions are backup zones within Availability Zones * Each region has one data center and one availability zone * Regions are geographical boundaries that follow the land boundaries of different countries * AWS regions are grouping of AWS data centers and availability zones that are spread out across the globe
AWS regions are grouping of AWS data centers and availability zones that are spread out across the globe
Which is not a common cost characteristic for EC2? * Clock hours * Detailed monitoring * AZ location * Hardware options
AZ location
When running a relational database on either your hardware or on an EC2 instance, you are responsible for which of the following? * Data security * Server system maintenance and energy footprint * Database backups and high-availability * Software install and patches * All of these
All of these * When running a relational database on either your hardware or on an EC2 instance, you are responsible for all of these tasks. As the system designer or administrator you can control the energy footprint through; size selection, load smoothing, and powering it off when not in use
Your Development team uses four on-demand EC2 instances and your QA team has 5 reserved instances, only three of which are being used. Assuming all AWS accounts are under a single AWS Organization, how will the Development team's instances be billed? * All the Dev team's instances will be billed at the on-demand rate. * The Dev team will be billed for two instances at on-demand prices and two instances at the reserved instance price. * All the Dev instances will be billed at the reserved instance rate. * The pricing for the reserved instances will shift from QA to Dev.
All the Dev team's instances will be billed at the on-demand rate. * The Dev team will be billed for two instances at on-demand prices and two instances at the reserved instance price.
The load on your application fluctuates by day of the week. Wednesdays have the most traffic; Saturdays have the least traffic. Which AWS service allows you to ensure you have the correct amount of compute capacity while also optimizing on a cost basis? * Auto Scaling * EC2 Container Service * Trusted Advisor * CloudWatch
Auto Scaling * Auto Scaling allows you to add or remove EC2 instances based on conditions you specify. Auto-Scaling events can be scheduled to meet predictable changes in the load on your application.
You need to automate EC2 resource provisioning to meet demand. Which AWS service can help you accomplish this? * Auto Scaling * Application Load Balancer * Elastic Load Balancer * EC2 container Service
Auto Scaling * Auto Scaling is automated resource provisioning.
Derek is running a web application and is noticing that he is paying for way more server capacity than is required. What AWS feature should Derek set up and configure to ensure that his application is automatically adding/removing server capacity to keep in line with the required demand? * Auto Scaling * Auto Sizing * Elastic Load Balancing * Elastic Server Scaling
Auto Scaling * Elasticity is the concept that a system can easily (and cost-effectively) both increase in capacity based on-demand and also shrink in capacity based on-demand. Auto Scaling on AWS is specifically designed to (automatically) increase and decrease server capacity based on-demand.
The concept of elasticity is most closely associated with which of the following? * Serverless Computing * Auto Scaling * Network Security * Elastic Load Balancing
Auto Scaling * Elasticity is the concept that a system can easily (and cost-effectively) both increase in capacity based on-demand and also shrink in capacity based on-demand. Auto Scaling on AWS is specifically designed to (automatically) increase and decrease server capacity based on-demand.
Which of the following are components of Auto Scaling? (Choose 3) * Auto Scaling Policy * Security Group * Resource Group * Auto Scaling Group * Launch Configuration
Auto Scaling Policy, Auto Scaling Group, Launch Configuration * Launch configurations, Auto Scaling Groups, and Auto Scaling Policies are all components of Auto Scaling.
Which of the following are some of the benefits of AWS Organizations? (Choose 2) * Provide technical help (by AWS) for issues in your AWS account. * Automate AWS account creation and management. * Analyze cost before migrating to AWS. * Centrally manage access polices across multiple AWS accounts.
Automate AWS account creation and management. Centrally manage access polices across multiple AWS accounts. * AWS Organizations has four main benefits: 1) Centrally manage access polices across multiple AWS accounts. 2) Automate AWS account creation and management. 3) Control access to AWS services 4) Enable consolidated billing across multiple AWS accounts Analyzing cost is done through the Cost Explorer (or TCO calculator), which is not part of AWS Organizations.
What are some of the benefits of using AWS RDS over hosting a database on an EC2 Instance? (Choose 3) * The ability to optionally implement multi-availability zone deployments for automatic failover * The ability to have full administrative responsibility for the database * Automatic backups * Not having to worry about applying security patches, or other infrastructure maintenance responsibilities
Automatic backups, Not having to worry about applying security patches, or other infrastructure maintenance responsibilities, The ability to optionally implement multi-availability zone deployments for automatic failover
What are the benefits of DynamoDB? (Choose 3) * Automatic scaling of throughput capacity. * Supports both document and key-value store data models. * Single-digit millisecond latency. * Supports multiple known NoSQL database engines like MariaDB and Oracle NoSQL.
Automatic scaling of throughput capacity. Supports both document and key-value store data models. Single-digit millisecond latency. * DynamoDB does not use/support other NoSQL database engines. You only have access to use DynamoDB's built-in engine.
What is the large advantage to the cloud's emphasis on APIs? * Cost * Automation * Simple learning curve * Lack of traceability
Automation
A region in AWS is broken up into what construct? * Primary and secondary data centers * Availability Zones * Vaults * Pods
Availability Zones
What major global architecture component exists in regions? * Offline stores * Availability Zones * Hotspots * Clusters
Availability Zones
Which of the following are a collection of data centers within a specific region? * Regions * Availability Zones * AWS Origins * Edge Locations
Availability Zones * Availability Zones are a collection of data centers within a specific region.
Jeff is building a web application on AWS. He wants to make sure his application is highly available to his customers. What infrastructure components of the AWS cloud allow Jeff to accomplish this goal? (Choose 2) * Availability Zones * Data Locations * Regional Zones * Regions
Availability Zones Regions * As part of AWS' global infrastructure, Regions and Availability Zones allow for backups and duplicate components to be placed in seperate (isolated) areas of the globe. If one region/Availability Zone were to fail, duplicates in other regions/Availability Zones can be used.
S3 storage classes are rated by what two metric categories? (Choose 2) * Fault tolerance * Objectivity * Availabilty * Durability
Availabilty, Durability * Each S3 storage class is rated on its availability and durability.
Why is automation so easily accommodated in AWS? * Because CloudTrail provides automation templates automatically for you * Because multiple regions facilitate code deployment * Because physical systems host the EC2 instances you work with daily * Because all actions can be implemented through API calls
Because all actions can be implemented through API calls
Which of the following support services do all accounts receive as standard? * Technical support * Technical Account Manager * 24/7 support via phone and chat * Billing support
Billing support * All accounts receive billing support.
When you create an S3 bucket, what rules must be followed regarding the bucket name? (Choose 2) * Bucket names must be unique across all of AWS. * Bucket names must contain at least one uppercase letter * Bucket names can be formatted as IP addresses * Bucket names must be between 3-63 characters in length.
Bucket names must be unique across all of AWS. Bucket names must be between 3-63 characters in length.
What is the main benefit of CloudFront? * Unlmited storage * Serverless compute capacity * Built-in DDos protection * DNS management
Built-in DDos protection * CloudFront allows you to cache content at edge locations. When a request is made for that content, the request is sent to an edge location (not your applications hardware), so the edge locations will absorb any DDoS attack and protect your underlining hardware.
Which of the following support plans features a < 4-hour response time in the event of an impaired production system? * Developer * Individual * Basic * Business
Business * Both the Business and Enterprise support levels offer a < 4-hour response time in the event of an impaired production system.
Which of the following AWS Support levels offers 24x7 support via phone or chat? * Developer * Basic * Individual * Business
Business * The Business and Enterprise support plans offer 24 X 7 support via phone or chat.
Which of the following are Support Levels offered by AWS? (Choose 3) * Start-up * Individual * Business * Basic * Developer
Business, Basic, Developer * The AWS Support levels are Basic, Developer, Business, and Enterprise.
Which of the following support plans features unlimited (customer-side) contacts and unlimited support cases? * Business * Developer * Enterprise * Basic
Business, Enterprise * Both Enterprise and business support plans feature unlimited (customer-side) contacts and unlimited support cases.
Which of the following support plans features unlimited (customer-side) contacts and unlimited support cases? (Choose 2) * Developer * Business * Basic * Enterprise
Business, Enterprise * Both Enterprise and business support plans feature unlimited (customer-side) contacts and unlimited support cases.
Which of the following is true about the default security group? * By default, all instances within the same VPC can communicate even if in different subnets. * Explicit Deny all is applied to traffic between subnets. * Security groups only support IPv4. IPv6 is not supported. * Allow inbound traffic, but deny the same traffic outbound traffic.
By default, all instances within the same VPC can communicate even if in different subnets. * When using the default security group, all instances within the VPC can communicate. When you create a new security group, you must explicitly create rules to allow communication.
Which of the following are components of the AWS Assurance Program? (Choose 2) * Certifications/Attestations * Compliance with Laws and Regulations * Partner Validations * Following industry best practices * Customer Testimonials
Certifications/Attestations, Compliance with Laws and Regulations * Certifications/Attestations and Compliance with Laws and Regulations are cornerstones of the of the AWS Assurance Program.
What setting must be enabled on an AWS IAM user account to allow a user to log into the AWS Management Console? * Check the box next to AWS Management Console access while creating the user account. * Check the box next to enable programmatic access during account creation. * IAM Users are never allowed to log into the AWS console, for security reasons. * Only the root account can access the AWS Management console.
Check the box next to AWS Management Console access while creating the user account.
Which AWS Load Balancer service uses a Least Outstanding Requests load distribution for HTTP requests? * Application Load Balancer * Elastic Load Balancer * Classic Load Balancer * Network Load Balancer
Classic Load Balancer * Classic ELB used round robin routing algorithm for TCP requests, and Least Outstanding Requests routing algorithm for HTTP and HTTPS requests.
What type of service does AWS provide? * Cloud Services * Datacenter colocation services * E-commerce services for Amazon.com * Cellular Services
Cloud Services
What is an Edge Location used for in an AWS region? * CloudFormation * RDS * S3 * CloudFront
CloudFront
Which of the following services helps you to faster deliver your content to your customers? * Amazon Elastic File System * CloudFront * S3 * Elastic Block Store
CloudFront * Amazon CloudFront is a content delivery network that speeds the delivery of content to your users.
What AWS service uses Edge Locations for content caching? * Route 53 * CloudCache * ElastiCache * CloudFront
CloudFront * CloudFront is a content caching service provided by AWS that utilizes "Edge Locations," which are AWS data centers located all around the world.
What AWS service has built-in DDoS mitigation? * CloudWatch * CloudFront * CloudTrail * EC2
CloudFront * With CloudFront, you cache content at Edge Locations, which shield your underlining application infrastructure from DDoS attacks.
An Edge Location is a specialized AWS data center that works in conjunction with what AWS service? (Multiple Answers) * CloudFront * Route 53 * CloudWatch * Lambda
CloudFront, Route 53, Lamda * CloudFront is comprised of a network of Edge Locations (which is where content is cached). Lambda@Edge lets you run Lambda functions to customize content that CloudFront delivers, executing the functions in AWS locations closer to the viewer.
Which is not a typical service or tool associated with HA in AWS? * Auto Scaling * ELB * CloudWatch * CloudTrail
CloudTrail
Your company's upper management is getting very nervous about managing governance, compliance, and risk auditing in AWS. Which service should you enable and inform upper management about? * CloudAudit * CloudTrail * CloudCompliance * CloudWatch
CloudTrail * AWS CloudTrail is designed to log all actions taken in your AWS account. This provides a great resource for governance, compliance, and risk auditing.
Which of the following AWS services should you use if you'd like to be notified when you have crossed a billing threshold? * Trusted Advisor * AWS Bugdet * CloudWatch * AWS Cost Allocation
CloudWatch * A CloudWatch alarm can be set to monitor spending on your AWS Account.
What AWS service must you use if you want to configure an AWS billing alarm? * Consolidated billing * CloudWatch * CloudMonitor * CloudTrail
CloudWatch * CloudWatch is the AWS service that allows you to collect metrics, and create alarms based on those metrics. Billing metrics can be tracked in CloudWatch, therefore billing alarms can be created.
If you want to monitor the average CPU usage of your EC2 instances, which AWS service should you use? * CloudMonitor * CloudTrail * CloudWatch * None of the above
CloudWatch * CloudWatch is used to collect, view, and track metrics for resources (such as EC2 instances) in your AWS account
David is managing a web application running on dozens of EC2 servers. He is worried that if something goes wrong with one of the servers he will not know about it in a timely manner. What solution could you offer to help him keep updated on the status of his servers? * Configure RDS notifications based on CloudWatch EC2 metric alarms. * Configure SNS notifications based on CloudWatch EC2 metric alarms. * Configure each EC2 instance with a custom script to email David when any issues occur. * Enable CloudTrail to log and report any issues that occur with the EC2 instances.
Configure SNS notifications based on CloudWatch EC2 metric alarms. * CloudWatch is used to track metrics on all EC2 instances. Metric alarms can be configured to trigger SNS messages if something goes wrong.
Stephen is having issues tracking how much compute capacity his application is using. Ideally, he wants to track and have alarms for when CPU utilization goes over 70%. What should Stephen do to accomplish this? * Configure the CPU-alert function to trigger when CPU utilization goes over 70%. * Configure an SNS topic with an alarm threshold set to trigger when CPU utilization is greater than 70%. * Configure a CloudWatch alarm with an alarm threshold set to trigger when CPU utilization is greater than or equal to 70%. * Configure a CloudWatch alarm with an alarm threshold set to trigger when CPU utilization is greater than 70%.
Configure a CloudWatch alarm with an alarm threshold set to trigger when CPU utilization is greater than 70%. * The answer is to configure a CloudWatch alarm with an alarm threshold set to trigger when CPU utilization is greater than 70%. This will display the alarm in "alarm" state when CPU utilization is greater than 70%. This question has been worded very specifically with the works "goes above 70%". This disqualifies the answer that stated "great than or equal to 70%". The AWS exam will have very tricky questions like this.
The Budget tool in AWS uses what component for visualization? * Cost Explorer * Excel * Tableau * AWS GrapheSage
Cost Explorer
Tracy has created a web application, placing it's underlying infrastructure in the N. Virginia (US-East-1) region. After several months, Tracy notices that much of the traffic coming to her website is coming from Japan. What can Tracy do to (best) help reduce latency for her users in Japan? * Copy the current VPC and located in US-East-1 and ask AWS to move it to a region closest to Japan * Create a CDN using CloudFront, making sure the proper content is cached at Edge Locations closest to Japan. * Create a and manage a complete duplicate copy of the web application and its infrastructure in a region closest to Japan. * Create a CDN using CloudCache, making sure the proper content is cached at Edge Locations closest to Japan.
Create a CDN using CloudFront, making sure the proper content is cached at Edge Locations closest to Japan. * CloudFront is AWS's content delivery network (CDN) service. You can use it to cache web content at edge locations what are closest to you customers. This will decrease latency for the customer and improve overall performance.
Which of the following are best practices when it comes to securing your Root AWS account? (Choose 5) * Apply an IAM password policy. * Create individual IAM users. * Delete your Root account password. * Store your Root account keys on your application for easy access. * Activate MFA on the Root Account. * Delete your Root access keys. * Use groups to assign permissions.
Create individual IAM users., Activate MFA on the Root Account., Delete your Root access keys., Use groups to assign permissions., Apply an IAM password policy. * See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html for more details.
Under the Shared Responsibility model, for which of the following does AWS not assume responsibility? * Hypervisors * Customer data * Physical security of AWS facilities * Networking
Customer data * The customer is responsible for her own customer data.
You want to run your application on a PaaS infrastructure, and you need to be able to select both your instance type and your database. Which of the following services should you choose? * Lambda * Elastic Beanstalk * EC2 * Lightsail
Elastic Beanstalk * Elastic Beanstalk will allow you to select both you instance type and your database type.
Which of the following is not a compute service? * EC2 * Elastic Beanstalk * Elastic Block Store * Lambda
Elastic Block Store
What is the most common type of storage used for EC2 instances? * Elastic Block Store (EBS) * Elastic File System (EFS) * EC2 Hard Drives * Magnetic Drive (MD)
Elastic Block Store (EBS) EC2 instance have several different hard drive options. However, Elastic Block Store (EBS), which is a type of Network Attached Storage, is the most popular and widely used.
True or False: Identity Access Management (IAM) is a Regional service. * True * False
False * Identity Access Management (IAM) is a Global service.
True or False: Objects stored in S3 are stored in a single, central location within AWS. True False
False * Objects stored in S3 are stored in multiple servers in multiple facilities across AWS.
True or False: The Standard version of AWS Shield offers automated application (layer 7) traffic monitoring. * True * False
False * Only AWS Shield Advanced offers automated application layer monitoring.
True or False: Both you and a friend can have an S3 bucket called 'mytestbucket'. * True * False
False * S3 bucket names are global, and must be unique.
True or False: S3 can be used to host a dynamic website, like one that runs on a LAMP stack. * True * False
False * S3 can be used to host *static* websites.
Which of the following are principles of sound design when it comes to performance efficiency? (Choose 3) * Have your IT staff master all new technologies. * Use Serverless architectures. * Mechanical empathy * Deploy into multiple Regions to go global in minutes. * Democratize advanced technologies.
Deploy into multiple Regions to go global in minutes., Use Serverless architectures., Democratize advanced technologies. * Of these choices, you should democratize advanced technologies, deploy into multiple Regions, and use Serverless technologies.
Where can you place resources in a VPC to help ensure high availability? * Different regions * Different root accounts * Different storage tiers * Different AZs
Different AZs
What technology permits you to use a private connection from your facility to AWS? * ClassicLink * Direct Connect * VPC peering * VPC endpoint
Direct Connect
Which of the following best describes Availability Zones? * A Content Distribution Network used to deliver content to users * Distinct locations from within an AWS region that are engineered to be isolated from failures. * Restricted areas designed specifically for the creation of Virtual Private Clouds. * Two zones containing compute resources that are designed to automatically maintain synchronized copies of each other's data.
Distinct locations from within an AWS region that are engineered to be isolated from failures. * Availability Zones are distinct locations from within an AWS region that are engineered to be isolated from failures.
What is the purpose of AWS's Route 53 service? (Choose 2) * Content Caching * Domain Registration * Database Management * Domain Name System (DNS) service
Domain Registration. Domain Name System (DNS) service * Route 53 is AWS's domain and DNS management service. You can use it to register new domain names, as well as manage DNS record sets.
Which AWS database is a NoSQL database solution often being used with the IoT? * Aurora * Glacier * Snowball * DynamoDB
DynamoDB
The Solutions Architect leading your project tells you the application your team is working on requires a managed NoSQL database. Which of the following AWS services best fits that description? * RDS * DynamoDB * ElastiCache * Redshift
DynamoDB * DynamoDB is AWS' managed NoSQL database.
You are trying to organize and import (to AWS) gigabytes of data that are currently structured in JSON-like, name-value documents (non-structured data). What AWS service would best fit your needs? * DynamoDB * Lambda * Aurora * RDS
DynamoDB DynamoDB is AWS's NoSQL database offering. NoSQL databases are for non-structured data that are typically stored in JSON-like, name-value documents.
Which of the following is true about DynamoDB? (Select 2) * DynamoDB is a scalable, non-relational database service. * DynamoDB is often referred to as a NoSQL Database * DynamoDB is a type of RDS database that is compatible with MySQL. * All patches and updates are your responsibility, because DynamoDB is installed on an EC2 instance.
DynamoDB is a scalable, non-relational database service., DynamoDB is often referred to as a NoSQL Database
You need a "virtual hard disk" for your EC2 instance. Which of the following should you choose? * RDS * EBS * DDB * S3
EBS
What is the main "virtual machine" creation technology available in AWS? * S3 * EC2 * Route 53 * ELB
EC2
Which is not an example of service that is always free? * IAM * Auto Scaling * CloudFormation * EC2
EC2
Donna needs to provision a Linux server to run a web application on. What AWS service should she use to create the Linux server? * EC2 * IAM * Lamda * VPC
EC2 * Elastic Cloud Compute (EC2) is AWS server-based compute service platform. You can use it to provision and use Linux- and Windows-based servers.
Security groups in AWS protect what resources? * AZs * Subnets * EC2 instances(through ENIs) * Vaults
EC2 instances (through ENIs)
What is EC2? * EC2 is used for database services. * EC2 stands for Every Cloud Computes, and EC2 is used for computing statistics. * EC2 is used for bulk storage. * EC2 stands for Elastic Compute Cloud, and is used as virtual computers in the cloud.
EC2 stands for Elastic Compute Cloud, and is used as virtual computers in the cloud.
What AWS feature acts as a traffic distribution regulator, making sure each EC2 instance in a system get the same amount of traffic? * ELB * NACL * Availability Zone * Auto Scaling
ELB * An Elastic Load Balancer is responsible for evenly distributing incoming web traffic between all the EC2 instances associated with it. This help prevent one server from becoming overloaded with traffic, while another server remains underutilized.
In which of the following is CloudFront content cached? * Availability Zone * Data Center * Region * Edge Location
Edge Location * CloudFront content is cached in Edge Locations.
What Global infrastructure component of AWS serves CloudFront content? * Availability Zones * Edge Locations * Vaults * Cached Centers
Edge Locations
What is a PaaS service of AWS? * CloudFormation * CloudFront * Elastic Beanstalk * RDS
Elastic Beanstalk
True or False: Users are responsible for the security of the cloud. * True * False
False * Users are responsible for security in the could, not of the cloud.
Mike is setting up the infrastructure for a web application that requires three EC2 instances to handle the expected demand. However, when testing the application, Mike finds that all traffic to the application is being routed to only one of the servers. What AWS feature should he add to his application in order to have traffic evenly distributed between all three servers? * Auto Scaling * Cloud Front * Elastic Load Balancer * Route 53
Elastic Load Balancer * An Elastic Load Balancer is designed to evenly distribute incoming web traffic between all servers that are associated with it.
What TWO services/features are required to have highly available and fault tolerant architecture in AWS? * Elastic Load Balancer * Auto Scaling * CloudFront * ElastiCache
Elastic Load Balancer Auto Scaling
What is the term commonly used for the cloud's capability to scale outward and inward automatically based on demand? * Agility * Reliability * Elasticity * Fault tolerance
Elasticity
Which of the following best describes the ability to scale computing resources up or down easily, while only paying for the resources used? * Scalability * Fault-tolerance * Elasticity * High Availability
Elasticity * Elasticity describes the ability to scale computing resources up or down easily, while only paying for the resources used.
What subscription protocols are supported by Simple Notification Service? (Choose 3) * Email and Email-JSON * FTP and SFTP * HTTP and HTTPS * SQS,SMS, Application, and Lambda
Email and Email-JSON HTTP and HTTPS SQS,SMS, Application, and Lambda
Amit is running a web application with a capacity of 5000 users. Every few days, traffic reaches 5000 users and any additional users are being denied access. What can Amit do to efficiently automate the process of adding and removing server capacity based on traffic demand? * Automating this process cannot be done * Enable auto scaling on his application. * Write a custom script to automate the process * Enable elastic load balancing on his application.
Enable auto scaling on his application. * Auto scaling in AWS allows you to configure metric-based rules that (when triggered) will add and/or remove instances (server capacity) to your application. Adding/moving instances is then automated based on the metric rules you configure.
Which of the following are principles of sound design when it comes to security? (Choose 3) * Secure your physical resources. * Implement the Principle of Least Privilege * Enable traceability. * Apply security to your application only. * Apply security at all layers.
Enable traceability. Implement the Principle of Least Privilege. Apply security at all layers.
Amazon is interested in offering you high levels of confidentiality with your data in AWS. What is the key technoloy area that accomodate this? * Authentication * Hasing * Encryption * Fault tolerance
Encryption
What minimal level of support gives you access to a TAM? * Business * Basic * Enterprise * Developer
Enterprise
Which of the following AWS Support levels offers the assistance of a Technical Account Manager? * Enterprise * Developer * Premium * Business
Enterprise * Only Enterprise support offers the services of a Technical Account Manager.
What two support plans offer response times of 1 hour or less? * Developer * Enterprise * Business * Basic
Enterprise Business
Which of the following are AWS Support Plans? (Choose 3) * Enterprise * Business * Basic * Expert
Enterprise, Business, Basic * AWS has four support plan levels: Basic, Developer, Business, Enterprise
Where should firewalling be accomplished in your web hosting design in AWS? * At the perimeter * At the core * Everywhere * For all access layer functions
Everywhere
From where does Amazon often draws information for certification exam questions? * Case studies * Security blogs * Security bulletins * FAWS
FAQs
Which of the following resources is often a frequent source for exam questions and topics? * FAQs * IEEE standard docs * Wikipedia.org * NIST standards
FAQs
True or False: If you create a Classic Load Balancer via the AWS Management Console, cross-Availability Zone load balancing is enabled by default. * True * False
False
True or False: AWS is responsible for security in the cloud. * False * True
False * AWS is responsible for security of the cloud.
True or False: Security in the cloud is the responsibility of AWS. * False * True
False * AWS is responsible for the security OF the cloud. The customer is responsible for security IN the cloud -- that is, the security of her AWS resources.
True or False: There are more Regions than there are Availability Zones. * True * False
False * As there are at least two Availability Zones (AZ) per AWS Region, there will always be more AZs than Regions.
True or False: Authentication determines which AWS services a user has access to, and Authorization allows a user access to AWS the overall AWS environment. * True * False
False * Authorization determines which AWS services a user has access to. However Authentication identifies who is accessing the system and passes that information to the authorization process.
True or False: Access Control Lists are used to make entire buckets (like one hosting an S3 website) public. * False, * True
False * Bucket Policies are used to make entire buckets (like one hosting an S3 website) public.
True or False: By default, all data stored in S3 is viewable by the public. * False * True
False * By default, all data stored in S3 is NOT viewable by the public. If you want a bucket or object to be accessible by the public, you must explicitly make it so.
True or False: Private subnets have direct, private access to the Internet. * False * True
False * By default, private subnets do NOT have access to the internet. You must use a NAT Gateway for resources in a private subnet to access the internet.
True or False: There is a limit to the number of objects you can put into S3. * False * True
False * False: There is no limit to the number of objects you can put into S3.
What is a main benefit of consolidated billing? * Access to a higher support plan level. * Faster response from AWS technical support. * None of the above. * Gain a volume discount for usage across all your AWS accounts.
Gain a volume discount for usage across all your AWS accounts. * Consolidated billing allows you to view, manage, and pay bills for multiple AWS accounts in one user interface. Volume discounts can be earned by combining the usage from all accounts you own.
What is archiving/warehousing solution within S3? * Glacier * Snowball * EFS * Aurora
Glacier
Which AWS storage tier is considered long-term archive storage? * S3 Standard * LT Archive * Infrequent Access * Glacier
Glacier
Children's All Saints Hospital has millions of old medical records that they must save for regulatory reasons. These records will most likely never be accessed again. What is the best and most cost-effective S3 storage option that will meet the hospitals needs? * Reduced Redundancy * Infrequent Access * Standard * Glacier
Glacier * Glacier is specifically designed for long-term archival storage. It is extremely inexpensive and should only be used for items that you access very infrequently.
In order to comply with regulatory mandates, some of your data needs to be retained in perpetuity. Which of the following AWS storage services offers low-cost, long-term data archival? * Redshift * S3 * EFS * Glacier
Glacier * Glacier is your best choice for deeply-discounted, long-term object archival.
Which of the following data archival services is extremely inexpensive, but has a multi hour data-retrieval window? * S3 * S3 - IA * S3 - OneZone-IA * Glacier * S3 - RRS
Glacier * Glacier offers extremely inexpensive data archival, but requires a 3-5 hour data-retrieval window.
What AWS storage class should be used for long-term, archival storage? * Infrequent Access * Long-Term * Standard * Glacier
Glacier * Glacier should be used for (and is specifically designed for) long-term , archival storage.
Which of the following are valid S3 storage classes? Choose all that apply. * Glacier * Standard * General Access * One Zone-Infrequent Access * Standard-Infrequent Access * Snow Mobile
Glacier, Standard, One Zone-Infrequent Access, Standard-Infrequent Access
Which of the following is not a major contributor to the agility that AWS provides? * Governance * Speed * The culture of innovation * Experimentation
Governance
Which of the following Compliance guarantees attests to the fact that the AWS Platform has met the standard required for the secure storage of medical records in the US? * HIPAA * FERPA * GLBA * HIPPA * HITECH
HIPAA * A HIPAA certification attests to the fact that the AWS Platform has met the standard required for the secure storage of medical records in the US.
What are the four primary benefits of using cloud services? * High availability, fault tolerant, scalability and cost * Scalability, cost, speed and mobile access * High availability, fault tolerant, scalability and elasticity * Cost, high availability, elasticity and speed
High availability, fault tolerant, scalability and elasticity * Although cost and speed can be benefits of using cloud services, they are not always benefits. Sometimes using cloud services can cost more than using on-premise. ** High availability, fault tolerant, scalability, and elasticity are benefits in all circumstances.
Which of the following best describes a system that is always available — without the need for human intervention? * Elastic * Highly Available * Scalable * Fault tolerant
Highly Available * A highly available system is one that is always available — without the need for human intervention
Why would a company decide to use AWS over an on-premises data center? (Choose 2) * Highly available infrastructure * Elastic resources based on demand * Free, unlimited data storage * Fail proof infrastructure
Highly available infrastructure Elastic resources based on demand * Highly available infrastructure and Elastic resources based on demand are two of the main benefits of using AWS. AWS does NOT offer free, unlimited storage (you pay by the GB), and the architecture may be highly available and extremely stable, but nothing is 100% fail proof.
What do Edge Locations do? * Host a Content Delivery Network called CloudFront * Provide redundant backup to your AWS services * Provide independent power grids to Availability Zones * Provide disaster recovery services
Host a Content Delivery Network called CloudFront * Edge Locations host a Content Delivery Network called CloudFront.
What service in AWS assists your security efforts using roles, users, and groups? * S3 * IAM * EC2 * Glacier
IAM
Which of the following AWS services controls Authentication and Authorization within an AWS account? * Security Groups * AWS Shield * Access Control Lists * IAM
IAM * IAM controls Authentication and Authorization within an AWS account.
Which of the following AWS services are free to use? (Choose 5) * EC2 * Auto-Scaling * IAM * Route53 * Elastic Beanstalk * VPC * S3 * EBS * CloudFormation * RDS
IAM, VPC, Auto-Scaling, CloudFormation, Elastic Beanstalk * The correct answers are VPC, Elastic Beanstalk, CloudFormation, IAM, and Auto-Scaling. Please keep in mind that with VPC, Elastic Beanstalk, CloudFormation, and Auto-Scaling, the underlying provisioned resources will incur charges.
What component can you use to connect your VPC to the public Internet? * IGW * IDS * IPS * NACLs
IGW
What acts as an address (like a mailing address) for a web server located on a network? (Hint: It's combined with a subnet mask to help computers route packets across the Internet). * DNS Server * IP Address * Common language domain name * None of the above
IP Address * An IP address is a severs address on a network. It is how traffic/request get routed to it (much like a piece of mail gets routed to your home).
Why does AWS guarantee your exchange rate with AWS Billing and Cost Management? * In order to ensure that any refunds use the same exchange rate as your original transaction * To save you costs * To minimize the number of transactions in the system * To optimize your costs for resources
In order to ensure that any refunds use the same exchange rage as your original transaction
Amazon seeks out attestations from organizations that are what? (Choose two.) * Dependent * Independent * Third party * Subsidiary
Independent Third party
Which of the following are components of the AWS Risk and Compliance Program? (Choose 3) * Physical Security * Security Principles * Identity and Access Management * Risk Management * Control Environment * Information Security * Environment Automation
Information Security, Control Environment, Risk Management * Please see the Risk and Compliance White Paper for more details.
Which S3 storage class has lowest object availability rating? * Reduced Redundancy * Infrequent Access * Standard * All of them have the same availability rating
Infrequent Access * Infrequent access has the lowest availability rating (99.90%). Standard has an availability rating of 99.99%
Which of the following is used to allow communication to go out from the VPC to the Internet? * Router * EC2 instance * Internet Gateway * VPC
Internet Gateway
Which of the following is true regarding HA in your on-premises data center? * It is typically only reserved for the most mission-critical systems or data. * It is typically implemented at a lower cost than cloud. * It is typically implemented throughout the entire data center. * It is never truly achievable.
It is typically only reserved for the most mission-critical systems or data.
IAM Policy documents are written in which of the following formats? * SGML * XML * JSON * YAML
JSON * IAM Policy documents are JSON documents.
Data stored in a DynamoDB database is stored in ____ name-value documents. (Choose 2) * Row-Column Matrix * RDS-like * YAML-like * JSON-like
JSON-like, YAML-like
Karen is building a website that is expected to have a minimum of 1000 users continually over the course of 24 hours. For 8 hours each day, traffic is expected to be at about 1800 users. What EC2 buying options should she use to handle all the traffic and be most cost-effective? * Karen shold buy reserved instances with enough capacity to cover the baseline of 1000 users, then rely on on-demand instances for the 8 hour period of increased traffic each day. * Karen should buy enough reserved instance capacity to handle all 1800 users and probably buy a little more capacity just in case it is needed. * Karen should buy reserved instance with enough capacity to cover the baseline of 1000 users, then rely on spot instances for the 8 hour period of increased traffic each day. * Karen should rely solely on spot instance since that will be the cheapest option.
Karen should buy reserved instances with enough capacity to cover the baseline of 1000 users, then rely on on-demand instances for the 8 hour period of increased traffic each day. * Reserved instances should used use to handle the expected baseline traffic to the website. Reserved instances (in 1/3 year term) can be purchased as a significant discount over on-demand instances. Any varying traffic above the baseline should be handled with on-demand instance (since they can be added/removed at any time, based on current demand). Spot instances should not be used in this scenario.
What are common uses of AWS RDS? * Keep a catalog of your company's inventory * Mass Storage * Store and access customer account information * Web hosting
Keep a catalog of your company's inventory Store and access customer account information
What is used to authenticate access to your EC2 instance? * Lambda * PPTP * Key pairs * Telnet
Key pairs
Kunal is managing an application running on an on-premises data center. What best describes the challenges he faces that someone using the AWS cloud does not? * Kunal must keep track of software licensing. * Kunal must predict future growth, and scaling can be costly and time consuming. * Kunal must know how to properly configure network level security. * Kunal must research what size (compute capacity) servers he needs to run his application.
Kunal must predict future growth, and scaling can be costly and time consuming. * Scaling is much faster and cost-effecting on the AWS cloud. With on-demand instances and auto-scaling, future growth does not have to be predicted. More compute capacity can be added gradually as demand increases.
What is AWS's serverless compute service? * S3 * Lambda * EC2 * None of the above
Lambda * AWS has two main compute services, EC2 (server-based) and Lambda (serverless).
You have a variable and intermittent workload, so you want to use a compute service that allows you to pay only for the compute resources you use, without paying for compute time when your code isn't running. Which of the following services should you use? * EC2 * Lightsail * Lambda * ECS
Lambda * Lambda allows you to run a variable and intermittent workload without paying for compute time when your code isn't running.
You need to execute code in response to a specific change to your S3 bucket. Which of the following compute services should you choose to execute your code? * Lambda * EC2 * Lightsail * ECS
Lambda * Lambda is event-driven: a change to an S3 bucket is an example of an Event.
What is a serverless compute service of AWS? * Aurora * Snowball * Glacier * Lamda
Lamda
What is used to automatically move data through the different classes of S3 storage based on date? * Versioning * Glacier Policy * Auto-migration policy * Lifecycle policy
Lifecycle policy
Which of the following compute services is ideal if you need to run a simple website or a simple e-commerce application? * EC2 * Lightsail * Elastic Beanstalk * Lambda
Lightsail
Which of the following compute services is ideal if you need to run a simple website or a simple e-commerce application? * Elastic Beanstalk * EC2 * Lambda * Lightsail
Lightsail * Lightsail is ideal for simple websites or a simple e-commerce applications.
You notice that five of your 10 S3 buckets are no longer available in your account, and you assume that they have been deleted. You are unsure who may have deleted them, and no one is taking responsibility. What should you do to investigate and find out who deleted the S3 buckets? * Look at the CloudWatch Logs. * Look at the S3 logs. * Look at the CloudTrail logs. * Look at the SNS logs.
Look at the CloudTrail logs * CloudTrail is logging service that logs actions taken by AWS users in your AWS account, such as creating/deleting S3 buckets, starting/stopping EC2 stances, etc.
Before moving and/or storing object in AWS Glacier, what considerations should you make regarding the data you want to store. * Make sure to run the AWS data prep utility BEFORE uploading the files. * Make sure the total amount of data you want to store in under 1 terabyte in size. * Make sure you are ok with it taking at minimum a few minutes for expedited retrieval of the data once stored in Glacier. * Make sure the data is properly formatted for storage Glacier.
Make sure you are ok with it taking at minimum a few minutes for expedited retrieval of the data once stored in Glacier. * Objects stored in Glacier take time to retrieve. You can pay for expedited retrieval, which will take several minutes - OR wait several hours (for normal retrieval).
What SQL database engine options are available in RDS? (Choose 3) * MariaDB * PostgreSQL * MongoDB * MySQL
MariaDB, PostgresSQL, MySQL * RDS offers the following SQL options: Aurora MySQL MariaDB PostgreSQL Oracle Microsoft SQLServer
What are two open source in-memory engines supported by ElastiCache? (Choose 2) * CacheIt * Aurora * MemcacheD * Redis
MemcasheD, Redis
CloudWatch falls into which category of management options? * Provisioning * Managed Services for Configuration * Operations Management * Monitoring and Logging
Monitoring and Logging
You have a mission-critical application which must be globally available at all times. Which deployment strategy should you follow? * Multi-Availability Zone * Multi-VPC in two AWS Regions * Multi-Region * Deploy to all Availability Zones in your home region.
Multi-Region * A Multi-Region deployment will best ensure global availability.
What best describes the purpose of having many Availability Zones in each AWS region? * Multiple Availability Zones allow for duplicate and redundant compute, and data backups. * Multiple Availability Zones allow for fault tolerance but not high availability. *None of the above. * Multiple Availability Zones allow for cheaper prices due to competition between them.
Multiple Availability Zones allow for duplicate and redundant compute, and data backups. * Availability Zones work together within a region to provide users with the ability to easily setup and configure redundant architecture and backup solutions
How does S3 ensure the durability of your data? * Muliple high-speed Internet connections are made to every major directory you create * Data is storage-tiered by default * Data is automatically replicated to an alternate region * Multiple copies of your data are stored in separate Availability Zone
Multiple copies of your data is stored in separate Availability Zones.
You need to allow resources in a private subnet to access the internet. Which of the following must be present to enable this access? * Network Access Control Lists * Security Groups * NAT Gateway * Route Tables
NAT Gateway * A NAT Gateway is required to allow resources in a private subnet to access the internet.
What are the TWO main security layers (firewalls) used inside a VPC? * NetProtect * Security Lists * Security Group * Network Access Control List
Network Access Control List, Security Group * Network Access Control Lists (NACL) act as a firewall on the subnet level, and Security Groups act as a firewall on the instance level.
What mechanism is used to ensure that Port 80 traffic is allowed into a subnet? * Communication on specific ports cannot be controlled within the VPC. It must be configured directly at the Availability Zone. * Network Access Control Lists (NACLs) can be used to allow and deny communication via a specific port into the subnet. * The Internet Gateway is responsible for ensuring that Port 80 traffic is allowed to communicate with a subnet. * A Router can be used to allow and deny communication via into the subnet.
Network Access Control Lists (NACLs) can be used to allow and deny communication via a specific port into the subnet.
AWS VPC is a component of which of the following overall services categories? * Migration Services * Compute * Management Tools * Database * Networking and Content Delivery * Storage
Networking and Content Delivery * In the AWS Console, VPC is found under the Networking and Content Delivery services. In the past it was also under Compute services however a VPC is fundamentally an network construction.
Which of the following statements are true related to security assessments on your own EC2 instances? * Contact your ISP. * Always contact AWS and let them know first. * No notification is needed for many security assessments on your own EC2 instances (There are some prohibited activities though). * Do NOT do any penetration testing. Penetration testing is NOT allowed.
No notification is needed for many security assessments on your own EC2 instances (There are some prohibited activities though). * No action is needed for certain services. Not all activities are permitted though. For details, see: https://aws.amazon.com/security/penetration-testing/
Thomas is managing the access rights and credentials for all the employees that have access to his company's AWS account. This morning, he was notified that some of these accounts may have been compromised, and he now needs to change the password policy and re-generate a new password for all users. What AWS service does Thomas need to use in order to accomplish this? * Password Management System * Elastic Compute Cloud * Policy and Access Management * None of the above
None of the above * Identity and Access Management (IAM) is the AWS service where password policies and user credentials are managed. (Policy and Access Management as a service does not exist).
What services has built-in DDoS mitigation and/or protection? * EC2 * RDS * SNS * None of the above
None of the above AWS services with built-in DDoS mitigation/protection include: 1) Route 53 2) CloudFront 3) WAF (web application firewall) 4) Elastic Load Balancing 5) VPCs and Security Groups
Which of the following are criteria affecting your billing for RDS? (Choose 3) * Number of requests * Data transfer in * Clock hours of server time * Standby time * Additional storage
Number of requests, Clock hours of server time, Additional storage * Clock hours of server time, additional storage, and number of requests are among the criteria defining charges for RDS.
In S3, what is a file that you upload called? * Bucket * Folder * Object * Static File
Object * Files that are stored in S3 are referred to as objects.
Which of the following are true about Amazon S3? Choose all that apply. * S3 is block storage that is attached to EC2 instances. * Objects on Amazon S3 are always private and only accessible by the person who uploaded them. * Objects and Buckets on Amazon S3 can be made public. * Amazon S3 has multiple classes of storage.
Objects and Buckets on Amazon S3 can be made public., Amazon S3 has multiple classes of storage.
How many Availability Zones can one subnet utilize? * There is no limit. * One * Two * Three
One
What repalces CapEx as an advantage of the cloud? * FIFO * GARP * ROI * OpEx
OpEx
What is the fully managed configuration management service in AWS? * CloudTrail * OpsWorks * CloudFormation * CloudWatch
OpsWorks
Which of the following Compliance certifications attests to the security of the AWS platform regarding credit card transactions? * SOC 2 * SOC 1 * PCI DSS Level 1 * ISO 27001
PCI DSS Level 1 * A PCI DSS Level 1 certification attests to the security of the AWS platform regarding credit card transactions.
What model is often followed in order to charge for cloud usage? * Pay as you terminate * Pay as you go * Pay as you can * Pay as you will
Pay as you go
What are the primary benefits of using Lambda? (Choose 2) * Pay for only the compute time you consume. * Actively select and manage instance type and capacity. * Wide variety of operating systems to select from. * Run code without provisioning servers.
Pay for only the compute time you consume. Run code without provisioning servers. * Lambda, being AWS's serverless compute platform, means there are no servers, instance types, or capacity to select. That is all managed for you. With Lambda, you only for the when your code is actually being executed.
What type of billing does Amazon engage in for AWS? * Pay-as-you-terminate * Pay-for-reservations * Pay-as-you-go * Pay-as-you-estimate
Pay-as-you-go
What term best describes the AWS pricing model? * Pay-all-up-front * Pay-as-you-go * Pay-all-at-end * None of the above
Pay-as-you-go * AWS operates on a pay-as-you-go model. No upfront cost or termination fees.
Which of the following are characteristics of cloud computing? (Choose 3) * Pay-as-you-go pricing * Cloud charges are capital expenditures. * Services are delivered via the Internet * On-demand delivery
Pay-as-you-go pricing, Services are delivered via the Internet, On-demand delivery * Cloud computing is an operating expense, not a capital expenditure. The others characterize cloud computing.
For which of the following categories does AWS Trusted Advisor provide best practices and/or or checks of your AWS environment? (Choose 4) * Performance * Availability of AWS resources * Fault Tolerance * Right-size * High-Availability * Security * Cost Optimization
Performance, Fault Tolerance, Security, Cost Optimization * Trusted Advisor provide best practices and/or or checks on Cost Optimization, Performance, Security, and Fault Tolerance. Trusted Advisor - Features
Which of the following is not something Amazon typically provides to AWS customers in the area of compliance? * Mapping documents * Compliance playbooks * Security features * Physical host security playbooks
Physical host security playbooks
Amazon Lightsail is an example of which of the following? * Functions as a Service * Software as a Service * Infrastructure as a Service * Platform as a Service
Platform as a Service * Lightsail is AWS' Platform-as-a-Service offering.
Which of the following is the document used to grant permissions to users, groups, and roles? * Protocol * Policy * Paradigm * Passbook
Policy * A Policy is the document used to grant permissions to users, groups, and roles.
Kim is managing a web application running on the AWS cloud. The application is currently utilizing eight EC2 servers for its compute platform. Earlier today, two of those web servers crashed; however, none of her customers were affected. What has Kim done correctly in this scenario? * None of the above. * Properly built a scalable system * Properly built a fault tolerant system. * Properly built an elastic system.
Properly built a fault tolerant system. * A fault tolerant system is one that can sustain a certain amount of failure while still remaining operational.
Which of the following are types of cloud computing deployments? (Choose 3) * Public cloud * Hybrid cloud * Mixed cloud * Private cloud
Public cloud, Hybrid cloud, Private cloud * The three types of cloud deployments are Public, Hybrid, and Private (also called 'on-prem').
What two protocols are commonly permitted in security groups in order to permit remote administration of systems? (Choose two.) * RDP * ICMP * SFTP * SSH
RDP SSh
John is working with a data set, and he needs to import it into a relational database service. Which AWS service will meet his needs? * DynamoDB * NoSQL * Redshift * RDS
RDS * RDS is AWS's relational database service.
You need a managed, low-cost relational database for your e-commerce store. Which of the following should you use? * MySQL on EC2 * RDS * DynamoDB * AWS ElastiCache
RDS * RDS is your best option: it's a low-cost, managed database solution.
What AWS service supports Amazon Aurora, MySQL, MariaDB, Oracle, SQL Server, and PostgreSQL relational database engines? * Redshift * RDS * ElastiCache * DynamoDB
RDS * RDS offers SQL database options - otherwise known as relational databases.
What is the major difference between AWS's RDS and DynamoDB database services? * RDS offers NoSQL database options, and DynamoDB offers SQL database options. * RDS offers one SQL database option, and DynamoDB offers many NoSQL database options. * RDS offers SQL database options, and DynamoDB offers a NoSQL database option. * None of the above
RDS offers SQL database options, and DynamoDB offers a NoSQL database option. * RDS is a SQL database service (that offers several database engine options), and DynamoDB is a NoSQL database option that only offers one NoSQL engine.
You need to re-create an EBS volume that you have used previously. How might you go about doing that? * Copy the AMI the volume was based on and spin it up. * Use a CloudFormation template to recreate the volume. * Re-create the volume from a snapshot. * Use the copy that lives in the Auto Scaling group.
Re-create the volume from a snapshot. * you should re-create the volume from a snapshot.
What AWS database service is used for data warehousing of petabytes of data? * DynamoDB * Redshift * RDS * Elasticache
Redshift
Which of the following is a datawarehouse solution in AWS? * Redshift * Aurora * RDS * ElastiCache
Redshift
What AWS data warehouse is primarily used to analyze data using standard SQL formatting with compatibility for your existing business intelligence tools? * Redshift * RDS * ElastiCache * DynamoDB
Redshift * Redshift is a data warehouse offering that is fully-managed and used for data warehousing and analytics, including compatibility with existing business intelligence tools.
Which of the following is not considered a benefit of automation? * Reduction in required security measures * Lowered operating costs * Simpler and faster code deployment * Reduction in the potential errors
Reduction in required security measures
Which of the following are geographic areas that host two or more Availability Zones? * Regions * Edge Locations * AWS Origins * Compute Zones
Regions * A Region is a geographic area that hosts two or more Availability Zones.
Which statement regarding regions in AWS is not correct? * Regions in North America rely on the presence of the other North American regions. * Regions are connected with fast connections to other regions * Edge Locations exist inside of regions * Availability Zones exist inside of regions
Regions in North America rely on the presence of the other North American regions.
Which of the following is true about Reserved Instances? * Reserved Instances guarantee the amount of storage available for use by an EC2 instance. * Reserved instances must be paid for in advance. * You can bid on pricing for reserved instances to get the best price. * Reserved Instances are purchased for a period of one or more years at a reduced cost.
Reserved Instances are purchased for a period of one or more years at a reduced cost.
What are the three types of EC2 Instances with regards to billing options? Choose all that apply. * Bid Instances * Reserved Instances * On-Demand Instances * Spot Instances
Reserved Instances, On-Demand Instances, Spot Instances
Which of the following EC2 instance types will realize a savings over time in exchange for a contracted term-of-service? * Spot instances * Reserved instances * Discount instances * On-demand instances
Reserved instances * EC2 Reserved Instances offer significant discounts for a contracted term-of-service.
Which of the following EC2 options is best for long-term workloads with predictable usage patterns? * On-Demand instances * Reserved instances * Spot instances * Dedicated Host
Reserved instances * Reserved instances are the most economical option for long-term workloads with predictable usage patterns.
Which of the following are valid EC2 pricing options? (Choose 2) * Stop * Reserved * Enterprise * On-Demand
Reserved, On-Demand * On-Demand and Reserved are the valid EC2 pricing options.
Which of the following are benefits of AWS's Relational Database Service (RDS)? (Choose 2) * Resizable capacity * Use of a NoSQL database service * Best method for storing unstructured data * Automated patches and backups
Resizable capacity, Automated patches and backups
What should you do if you believe your AWS account has been compromised? (Choose 2) * Wait 48 hours in case it's a false alarm * Respond to any notifications you received from AWS through the AWS Support Center. * Delete your AWS account * Change all IAM user's passwords.
Respond to any notifications you received from AWS through the AWS Support Center. Change all IAM user's passwords. * If you believe your account has been compromised, you should immediately change all IAM user's passwords, and Respond to any notifications you received from AWS through the AWS Support Center. You should NEVER wait for any amount of time, and you do not have to delete you account.
What identity in IAM is very similar to a user account but has no credentials associated with it? * Groups * Roles * Proxy users * Principles
Roles
Which of the following are components of IAM? (Choose 4) * Roles * Permissions * Access controls * Users * Authenticator * Groups * Authorizer
Roles, Permissions, Users, Groups * Users, Groups, Roles, and Permissions are integral to IAM.
What is the DNS service offered by AWS? * SQS * Route 53 * CloudFront * CloudFormation
Route 53
Jacky is creating a website using AWS infrastructure. She has a great idea for a domain name but needs to see if it's available and, if so, register it. What AWS service will allow her to do this? * DomainServices * CloudWatch * Route 53 * CloudFront
Route 53 Route 53 is AWS's domain and DNS management service. (DomainServices does not exist).
What is the object-based storage solution in AWS? * S3 * EC2 * VPC * IAM
S3
You need to store a collection of objects that can also be accessed from a different AWS Region. Which service should you use to do this? * DynamoDB * S3 * EBS * Elastic Container Service
S3 * S3 allows you to access objects from anywhere in the world.
You need to host a file in a location that's publicly accessible from anywhere in the world. Which AWS service would best meet that need? * EBS * S3 * EC2 * RDS
S3 * With S3, objects can be accessed from anywhere in the world via a dedicated URL.
Which of the following are programmatic access types enabling users to interact with AWS services? (CLI, API, SDK, PHP) (Choose 3) * SDK * API * PHP * CLI
SDK, API, CLI * The CLI, the API, and the SDK are programmatic access types enabling users to interact with AWS services.
Which AWS service uses a combination of publishers and subscribers? * Lambda * SNS * RDS * EC2
SNS * In SNS, there are two types of clients: publishers and subscribers. Publishers send the message, and subscribers receive the message.
If you want to have SMS or email notifications sent to various members of your department with status updates on resources in your AWS account, what service should you choose? * RDS * SNS * GetSMS * STS
SNS * Simple Notification Service (SNS) is what publishes messages to SMS and/or email endpoints.
What is the very popular "as a Service" model that permits a cloud provider to make applications that are typically accessible from anywhere? * IaaS * Saas * PaaS * GaaS
SaaS
What is scalability? * Scalability is the ability to increase and shrink in size based on demand. * Scalability is the ability of a system to grow to meet increased demand. There is both horizontal and vertical scaling options in AWS. * Scalability on AWS requires reserved instances to be pre-provisioned to support scaling. * Scalability is the AWS firewall service.
Scalability is the ability of a system to grow to meet increase demand. There is both horizontal and vertical scaling options in AWS.
Which of the following are principles of sound cloud design? (Choose 4) * Disposable resources * Scalability * Infrastructure as code * Assume *everything* will fail. * Treat your servers like pets, not cattle. * Tightly-coupled components * Limit the number of 3rd-party services.
Scalability, Disposable resources, Infrastructure as code, Assume *everything* will fail. * Build your systems to be scalable, use disposable resources, reduce infrastructure to code, and, please, assume EVERYTHING will fail sooner or later.
Which of the following are principles of sound design when it comes to reliability? (Choose 2) * Stop guessing about your capacity requirements. * When in doubt, over-provision. * Scale horizontally. * Manage change at the individual resource level.
Scale horizontally., Stop guessing about your capacity requirements. * The elasticity of cloud computing means that you need never over-provision or manage change at the resource level.
You need to find an item in a DynamoDB table using an attribute other than the item's primary key. Which of the following operations should you use? * Scan * POST * GET * Query
Scan * A table scan will allow you to do this.
Ensuring that you have "traceability" is critical in AWS. This is typically under what AWS design pillar? * Cost optimization * Operational excellence * Performance efficiency * Security
Security
What component related to an EC2 instance do you modify in order to permit the correct traffic forms? * Security group * Container * VPC * Instance type
Security Group
Which of the following is not part of the AWS Global infrastructure? * Regions * Availability Zones * Security Groups * Edge Locations
Security Groups * Regions, AZs, and Edge Locations are part of the AWS Global Infrastructure.
Which of the following acts like built-in firewalls for your virtual servers? * Availability Zones * Security Groups * Route Tables * Network Access Control Lists
Security Groups * Security Groups act like built-in firewalls for your virtual servers.
What is the difference between NACLs and security groups? Choose all that apply. * NACLs apply security to an EC2 instance. * Security groups apply security to a subnet. * Security groups apply security to an EC2 instance. * NACLs apply security to a subnet.
Security groups apply security to an EC2 instance., NACLs apply security to a subnet.
Matt is working on a project that involves converting images format from .png to .jpg. Thousands of images have to be converted; however, time is not really an issue and continuous processing is not required. Which type of EC2 buying option would be most cost-effective for Matt to use? * Spot * On-demand * Reserved * None of the above
Spot * Spot instances offer the cheapest option of all EC2's buying options. However, spot instances should only be used when there can be interruptions in the processing jobs being conducted. This is due to the fluctuation in spot pricing. If the spot price goes above your bid price, then you will lose access to the spot instance (thus causing a stoppage in processing).
What EC2 pricing model allows you to bid on availability capacity? * Temporary instances * Spot instances * Reserved instances * On-demand instances
Spot instances
You have a project that will require 90 hours of computing time. There is no deadline, and the work can be stopped and restarted without adverse effect. Which of the following computing options offers the most cost-effective solution? * ECS instances * Spot instances * Reserved instances * On-demand instances
Spot instances
If you have a set of frequently accessed files that are used on a daily basis, what S3 storage class should you store them in? * Standard * Fast Access * Infrequent Access * Reduced Redundancy
Standard
You have alot of regularly accessed reproducible objects. What S3 storage class would be low cost, but fit that use case? * Glacier * Standard S3 * Reduced Redundancy * None of the above
Standard S3 * The reduced redundancy storage class is no longer recommended. The Standard storage class is now lower in cost than RRS.
How much data can you store in S3? * You can store up to 1 petabyte of data, then you are required to pay an additional fee. * Each account is given 50 gigabytes of storage capacity and no more can be used. * You can store up to 1 petabyte of data. * Storage capacity is virtually unlimited.
Storage capacity is virtually unlimited. * Although there is theoretically a capacity limit, as an S3 user, there is no limited on the amount of data you can store in S3.
What type of service is AWS S3? * Cloud security service * Storage service * Compute service * Database service
Storage service
What are some common uses of AWS? (Choose 2) * Storage * Mobile phone service * Virtualization * Home personal computing
Storage, Virtualization * All of the answers are common uses of AWS. AWS has thousands of different uses. In this course we discussed some of the major categories, including: Storage Compute Power Databases Networking Analytics Developer Tools Virtualization Security AWS is not a cell services provider, and it is not configured to replace your personal home desktop computer.
Which of the following features of an Amazon VPC allows your VPC to span multiple Availability Zones? * Route Tables * Subnets * Network Access Control Lists * None of these
Subnets * Subnets allow your VPC to span multiple Availability Zones.
Who can act as a dedicated voice for you within AWS and serve as your technical point of contact and advocate? * Cloud Practitioner * Primary Solution Architect * TAM * Concierge
TAM
What AWS service helps you estimate the cost of using AWS vs. an on-premises data center? * Cost Explorer * Consolidated Billing * TCO Calculator * None of the above
TCO Calculator * The TCO (total cost of ownership) calculator helps you estimate the cost of using AWS vs. an on-premises data center.
Which of the following are cost calculators found in AWS? (Choose two.) * TCO calculators * AWS Fee Estimator * AWS Cost Comparison Calculator * AWS Simple Monthly Calculator
TCO calculators AWS Simple Monthly Calculator
What best describes penetration testing? * Testing your IAM users access to AWS services. * None of the above. * Testing your own network/application for vulnerabilities. * Testing your applications ability to penetrate other applications.
Testing your own network/application for vulnerabilities.
I can interact with Glacier using ________. (Choose 4) * CloudFormation templates * The AWS CLI * The Java or .NET SDKs * The RESTful Glacier web service * Amazon S3 Lifecycle Policies
The AWS CLI, The Java or .NET SDKs, The RESTful Glacier web service, Amazon S3 Lifecycle Policies * You can interact with Glacier using the RESTful Glacier web service, the Java or .NET SDKs, or by using Amazon S3 Lifecycle Policies. CloudFormation control of Glacier is currently limited to invoking Lifecycle Policies.
The AWS Shared Responsibility model divides security responsibilities between which two parties? * The AWS customer * The AWS partner * The community cloud vendor * AWS
The AWS customer AWS
Which of the following will affect the price you pay for an EC2 instance? (Choose 3) * The Amazon Machine Image (AMI) you select * How long you use the instance for * The S3 Storage Class you select * The Instance Type you select
The Amazon Machine Image (AMI) you select. How long you use the instance for. The Instance Type you select. * EC2 instance pricing various depending on many variables. 1) The type of buying option 2) Selected Ami 3) Selected instance type 4) Region 5) Data in/out 6) Storage capacity
What is the term used to describe the security procedure of giving an AWS user only access to the exact services he/she needs to do the required job (and nothing more)? * The Least Privilege User Principal * The Principle of Least Privilege * The Only Access Principal * None of the above
The Principle of Least Privilege
True or False: Customer responsibility for the security of services in the cloud vary by service. * True * False
True * AWS is responsible for the security of their Managed Services, and the customer is responsible for the security of applications running on services such as EC2.
True or False: AWS is responsible for the security of managed Foundation Services, such as Amazon RDS. * True * False
True * AWS is responsible for the security of their Managed Services.
True or False: Auto Scaling allows you to add or remove EC2 instances from your EC2 fleet based on conditions you specify. * False * True
True * Auto Scaling allows you to add or remove EC2 instances based on conditions you specify.
What best describes the difference between the TCO Calculator and the Cost Explorer? * The TCO Calculator helps you estimate the cost savings of using AWS; the Cost Explorer help you analyze current AWS usage charges. * The Cost Explorer helps you calculate hourly EC2 Usage cost; the TCO Calculator is a price list for each AWS service. * The Cost Explorer is a price list for each AWS service; the TCO Calculator helps you calculate hourly EC2 Usage cost. * The TCO Calculator help you analyze current AWS usage charges; the Cost Explorer helps you estimate the cost savings of using AWS.
The TCO Calculator helps you estimate the cost savings of using AWS; the Cost Explorer help you analyze current AWS usage charges. * The TCO calculator is a free tool provided by AWS that allows you to estimate the cost savings of using AWS vs. using an on-premises data center. The Cost Explorer is a free tool that allows you to view charges of your cost (helps you analyze where you are spending money).
What best describes the concept of scalability? * The ability for a system to grow in size, capacity, and/or scope * The ability for a system to grow and shrink base on demand * The ability for a system to be accessible when you attempt to access it * The ability for a system to withstand a certain amount of failure and still remain functional
The ability for a system to grow in size, capacity, and/or scope. * Scalability refers to the concept of a system being able to easily (and cost-effectively) scale UP. For web applications, this means the ability to add server capacity when demand requires.
Which is not considered a benefit of orchestration? * The lowering of overall IT costs * The elimination of the need for experimentation * Improved delivery times * Reduced friction between different teams
The elimination of the need for experimentation
In the AWS Shared Responsibility Model, what is AWS responsible for? (Choose 2) * The maintenance of the hosts virtualization software. * Server-side encryption * Physical security of the AWS data centers * Network level security
The maintenance of the hosts virtualization software. Physical security of the AWS data centers
With AWS Relational Database Service (RDS), you are responsible for which of the following? * Database software installation and patching * Scaling * Operating system installation and patching * Database backups * The optimization of your application using RDS
The optimization of your application using RDS * You are responsible only for the optimization of your application that uses RDS.
Which of the following will affect how much you are charged for storing objects in S3? (Choose 2) * Encrypting data (objects) stored in S3. * The total size in gigabytes of all objects stored. * The storage class used for the objects stored. * Creating and deleting S3 buckets
The total size in gigabytes of all objects stored. The storage class used for the objects stored.
In which order is a user granted access to AWS services? * The user is Authenticated, then Authorized to use AWS services. * The user is Authorized, then Authenticated.
The user is Authenticated, then Authorized to use AWS services. * The user is Authenticated, then Authorized to use AWS services.
Which of the following are true about Availability Zones? Choose all that apply. * There are typically two or more Availability Zones per Region. * AWS does not use Availability Zones. * Resources in different Availability Zones are not allowed to communicate with each other. * A subnet can only exist in one Availability Zone.
There are typically two or more Availability Zones per Region. A subnet can only exist in one Availability Zone.
Kunal is logged into his company's AWS account. He tries to access EC2 but is getting an error. What is the most likely reason why he cannot access EC2? * There is not an IAM access policy attached to his IAM role. * There is not an IAM access policy attached to his IAM user. * He is not part of any IAM Groups. * He does not have multi-factor authentication (MFA) enabled.
There is not an IAM access policy attached to his IAM user * When an IAM user is created, that user has NO access to any AWS services. To gain access to an AWS server, an IAM user must have permission granted to them. This is done by attached an IAM access policy to their IAM user (or through an attached group). However, just being in a group does not grant access. A proper policy would need to be attached to that group.
Which of the following is true about Amazon Machine Images (AMIs)? Choose all that apply. * They are templates that provide information required to launch instances. * You can create, share, and/or buy AMI's. * AMI operating systems can be Linux or Windows. * AMI operating systems can be Linux, Windows, or Mac OS.
They are templates that provide information required to launch instances., You can create, share, and/or buy AMI's., AMI operating systems can be Linux or Windows.
What are the main benefits of On-Demand EC2 instances? (Choose 2) * They require 1-2 days for setup and configuration. * They are the most flexible buying option. * They are the cheapest buying option. * You can create, start, stop, and terminate them at any time.
They are the most flexible buying option. You can create, start, stop, and terminate them at any time. * On-demand EC2 instances are widely used due to their flexibility. You can create, start, stop, and terminate at any time (with no startup or termination fees). Although due to this flexibility, they are the most expensive buying option.
Under what circumstances would someone want to use ElastiCache? (Choose 2) * They need in-memory data store service. * They need to use Edge Locations to cache content * They need to improve the performance of their web application. * They need a NoSQL database option
They need in-memory data store service. They need to improve the performance of their web application. * ElastiCache is used as an in-memory data store or cache in the cloud. Benefits include improved performance for web applications (that rely on information stored in a database). Edge Locations are used for caching content with the CloudFront service, so that is not a correct answer here.
What is a common use of EBS in AWS? * To receive and process streaming data for IoT * To provide serverless compute resources * To act as the boot volume for an EC2 server instance * To make files available to massive numbers of users and groups
To act as the boot volume for an EC2 server instance
You need to implement an automated service that will scan your AWS environment with the goal of both improving security and reducing costs. Which service should you use? * Trusted Advisor * CloudTrail * Service Catalog * Config Rules
Trusted Advisor * An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment, Trusted Advisor provides real time guidance to help you provision your resources following AWS best practices.
You've been tasked with assessing your AWS infrastructure in terms of cost optimization. Which of the following AWS services would help with this task? * AWS Personal Health Dashboard * Cloud Trail * AWS Systems Manager * Trusted Advisor
Trusted Advisor * Trusted Advisor is the correct choice.
If you want to easily share a file with a friend, family or coworker, what AWS solution should you use? * Mail them a flash drive with the file on it. * None of the above. * Create an EC2 instance and give provide login credentials so others can access the file. * Upload the object to S3 and share it via its object's S3 public object URL.
Upload the object to S3 and share it via its object's S3 public object URL. * You can easily share objects uploaded into S3 by provided others with the object's URL.
In a high security environment, what should you do with privileged user accounts? * Store credentials in an S3 bucket * Create roles that mimic the accounts * Use MFA with these accounts * Share the access keys with other accounts that require access
Use MFA with these accounts
Which of the following are steps you should take in securing your AWS account? (Choose 3) * Use roles to delegate access to IAM users. * Create individual IAM users. * Activate Multifactor Authentication (MFA) on your root account. * Create a Root IAM role.
Use roles to delegate access to IAM users. Create individual IAM users. Activate Multifactor Authentication (MFA) on your root account. * The Root account should have MFA enabled; you should always create individual users (the Root account should never be used for actual work); and roles should be used to delegate permissions to the users you create.
Which of the following are valid ways to access data that is stored on Amazon S3? Choose all that apply. * The only way to access S3 is using a special S3 app. * Mapping a drive using Windows Explorer * Using a HTTP url to access the object * Using a Database. * Using the S3 Dashboard within the AWS Console
Using a HTTP url to access the object, Using the S3 Dashboard within the AWS Console
Where are your own private subnets located in AWS? * IAM * EC2 * Lamda * VPC
VPC
What component allows you to connect privately from your Virtual Private Cloud (VPC) to services you need? * VPC endpoint * Direct Connect * VPN * CloudFront
VPC endpoint
What would you use if you have multiple VPCs in AWS and you need to communicate between them? * Gateway endpoint * VPC peering * Direct Connect * ClassicLink
VPC peering
Which of the following are advantages of cloud computing? (Choose 4) * Requires large amounts of capital * Variable expense * Elasticity - you need not worry about capacity. * Increased speed and agility * The ability to 'go global' in minutes
Variable expense, Elasticity - you need not worry about capacity., Increased speed and agility, The ability to 'go global' in minutes, * Since you only pay for what you use, and can you pay nothing up-front, cloud computing does NOT require vast amounts of capital.
What is Versioning on an S3 bucket? * Versioning is used to keep track of the S3 version. * Versioning allows you to save older versions of your documents to Glacier for archiving. * Versioning is a document numbering system to allow you to version control diagrams and word documents. * Versioning allows you to preserve, retrieve and restore all versions of an object saved since versioning was enabled.
Versioning allows you to preserve, retrieve and restore all versions of an object saved since versioning was enabled.
How is a typical AZ given power in the AWS Global Infrastructure? * Via different grids from independent utilities * From generators powered by Amazon * From a single grid from highest performance utility * From a shared public power station
Via different grids from independent utilities
Which of the folllowing is not a form of ELB in AWS? * Application Load Balancer * Classic Load Balancer * Network Load Balancer * Virtual Load Balancer
Virtual Load Balancer
What AWS service allows you to have your own private network in the AWS cloud? * Virtual Cloud Network (VCN) * Virtual Private Network (VPN) * Virtual Private Cloud (VPC) * None of the above.
Virtual Private Cloud (VPC) * A Virtual Private Cloud (VPC) is a private sub-section of AWS that is your own private network. You control what resources you place inside the VPC and the security features around it.
Which of the following is not a type of EC2 purchase plan? * On-Demand * Virtual-Only * Reserved * Spot
Virtual-Only
What are some of the common features or services offered by cloud services provider, such as AWS, iCloud, and Dropbox (Choose three). * Virtualization * Internet Access * Storage * Computing Power
Virtualization Storage Computing Power
Which of the following is not an example of a client responsibility in the AWS Shared Responsibility model? * Data integrity authentication * Guest operating system * Virtualization software on the host * Customer data
Virtualization software on the host
Under what circumstances would you choose to use the AWS service CloudTrail? * When you want to log what actions various IAM users are taking in your AWS account. * When you want to collect and view resource metrics. * When you want a serverless compute platform. * When you want to send SMS notifications based on events that occur in your account.
When you want to log what actions various IAM users are taking in your AWS account. * CloudTrail is AWS's logging service used to log actions taken by users in your AWS account.
Client responsibilities will vary in the Shared Responsibility model based on what major factor? * The number of AWS employees in the region used by the customer * The amount of customer data intended for cloud storage * Which services the customer chooses to use AWS * How much money the customer is willing to spend on support
Which services the customer chooses to use of AWS
If you are using an on-demand EC2 instance, how are you being charged for it? * You are charged by the hour or second (minimum of 60 seconds), and there are no termination fees. * You must commit to a one or three year term and pay upfront. * You are charged by the hour and must pay a partial upfront fee. * You are charged per second, based on an hourly rate, and there is a termination fee.
You are charged by the hour or second (minimum of 60 seconds), and there are no termination fees. * On-demand EC2 instances are exactly that, on-demand. There are no upfront or termination fees, and you are charged for each second of usage (based on an hourly rate).
What is one benefit AND one drawback of buying a reserved EC2 instance? (Choose 2) * You are locked in to either a one- or three-year pricing commitment. * Reserved instances can be purchased at a significant discount over on-demand instances. * You can terminate the instance at any time without any further pricing commitment. * You can potentially save a lot of money by placing a lower "bid" price.
You are locked in to either a one- or three-year pricing commitment. Reserved instances can be purchased at a significant discount over on-demand instances * Reserved instances require a one- or three-year purchase term, so you are committing to paying for that much compute capacity for that full time period. However, in exchange for the long-term commitment, you will receive a discount (of up to 75%) over using an on-demand instance (for that same time period).
Which statement regarding the AWS documentation is false? * The AWS documentation is carefully categorized to assist your usage. * The documentation consists of user guides and reference broken down by topic. * You cannot access the documentation of AWS without at least a Free Tier account. * The documentation is accessed online.
You cannot access the documentation of AWS without at least a Free Tier account.
You have been tasked by your department head to upload a batch of files to an S3 bucket; however, when you select S3 on the AWS console, you see a notification stating that you do not have permission to access S3. What is the most probable cause of this error? * Your boss has not enabled proper bucket permissions. * The S3 service is currently down for maintenance. * It takes 24 hours go get access to S3. * You do not have an S3 access policy attached to your IAM user.
You do not have an S3 access policy attached to your IAM user. * If you get an error stating that you do not have proper permissions to access/use and AWS service, then most likely your IAM user does not have the proper permission policy attached.
If an object is stored in the Standard S3 storage class and you want to move it to Glacier, what could you do in order to properly migrate it? (Choose 2) * Delete the object and reupload it, selecting Glacier as the storage class. * create a lifecycle policy that will migrate the object during a specified time of your choosing * Change the storage class directly on the object. * None of the above.
create a lifecycle policy that will migrate the object during a specified time of your choosing. Change the storage class directly on the object. * Any object uploaded to S3 must first be placed into either the Standard, Reduced Redundancy, or Infrequent Access storage class. Once in S3, it can be migrated to glacier via a lifecycle policy or now directly from the object's properties.
Which of the following URLs is a valid link for an AWS IAM user to log into the AWS console? * https://aws.amazon.com/console/4738293029 * https://signin.Your_account_id.aws.amazon.com/console/ * https://signin.aws.amazon.com/console/Your_AWS_Account_ID * https://4738293029.signin.aws.amazon.com/console/
https://4738293029.signin.aws.amazon.com/console/