AWS Certified Cloud Practitioner Study Guide 1

Question 38 You are developing and planning on deploying an application onto the AWS Cloud. This application needs to be PCI Compliantr. Which of the below steps would you carry out to ensure the compliance is met for the application. Choose 2 answers from the following: A. Choose AWS services which are PCI Compliant B. Ensure the right steps are taken during application development for PCI Compliance C. Ensure the AWS Services are made PCI Compliant D. Do an audit after the deployment of the application for PCI Compliance

Answer: A. Choose AWS services which are PCI Compliant B. Ensure the right steps are taken during application development for PCI Compliance

Question 36 Which of the following can be used to protect EC2 Instances hosted in AWS? Choose 2 answers from the options given below: A. Usage of Security Groups B. Usage of AMI's C. Usage of Network Access Control Lists D. Usage of the Internet gateway

Answer: A. Usage of Security Groups C. Usage of Network Access Control Lists

Question 13 Where can a customer go to get more detail about Amazon Elastic Compute Cloud (Amazon EC2) billing activity that took place 3 month ago? A. Amazon EC2 dashboard B. AWS Cost and Usage reports C. AWS Trusted Advisor dashboard D. AWS Cloud Trail logs stored in Amazon Simple Storage Service (Amazon S3)

Answer: B. AWS Cost and Usage reports

Question 34 What best describes the "Principal of Least Privilege"? Choose the correct answer from the options given below A. All users should have the same baseline permissions granted to them to use basic AWS services B. Users should be granted permission to access only resources they need to do their assigned job C. Users should submit all access requests in writing so that there is a paper trail of who needs access to different AWS resources D. Users should always have a little more access granted to them then they need, just in case they end up needed it in the future

Answer: B. Users should be granted permission to access only resources they need to do their assigned job

Question 39 Which of the below can be used to get data onto Amazon Glacier? Choose 3 answers from the options given below: A. AWS Glacier API B. AWS Console C. AWS Glacier SDK D. AWS S3 Lifecycle policies

Answer: A. AWS Glacier API, C. AWS Glacier SDK, D. AWS S3 Lifecycle policies

Question 23 Which AWS Cloud service is used to turn on Multi-Factor Authentication (MFA)? A. AWS Identity and Access Management (IAM) B. Amazon Elastic Compute Cloud (Amazon EC2) C. AWS Config D. Amazon Inspector

Answer: A. AWS Identity and Access Management (IAM)

Question 20 What AWS feature enables a user to manage services through a web-based user interface? A. AWS Management Console B. AWS Application Programming Interface (API) C. AWS Software Development Kit (SDK) D. Amazon CloudWatch

Answer: A. AWS Management Console

Question 11 Which AWS service automates infrastructure provisioning and administrative tasks for an analytical data warehouse? A. Amazon Redshift B. Amazon DynamoDB C. Amazon ElastiCache D. Amazon Aurora

Answer: A. Amazon Redshift Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse that makes it simple and cost-effective to analyze all your data using your existing business intelligence tools.

Question 7 Which service should an administrator use to register a new domain name with AWS? A. Amazon Route 53 B. Amazon Cloud Fron C. Elastic Load Balancing D. Amazon Virtual Private Cloud (Amazon VPC)

Answer: A. Amazon Route 53 - highly available and scalable cloud Domain Name System (DNS) web service.

Question 22 How can the AWS Management Console be secured against unauthorized access? A. Apply Multi-Factor Authentication (MFA) B. Set up a secondary password C. Request root access privileges D. Disable AWS console access

Answer: A. Apply Multi-Factor Authentication (MFA)

Question 8 What is the value of having AWS Cloud services accessible through an Application Programming Interface (API)? A. Cloud resources can be managed programmatically B. AWS infrastructure use will always be cost-optimized C. All application testing is managed by AWS D. Customer-owned, on-premises infrastructure becomes programmable

Answer: A. Cloud resources can be managed programmatically

Question 12 Which of the following is the responsibility of the AWS customer according to the Shared Security Model? A. Managing AWS Identity and Access Management (IAM) B. Securing edge locations C. Monitoring physical device security D. Implementing service organization Control (SOC) standards

Answer: A. Managing AWS Identity and Access Management (IAM)

Question 17 Which of the following security requirements are managed by AWS customers? Select 2 answers from the options given below. A. Password Policies B. User permissions C. Physical security D. Disk disposal E. Hardware patching

Answer: A. Password Policies, B. User Permissions

Question 29 You are currently hosting an infrastructure and most of the EC2 instances are near 90 - 100% utilized. What is the type of EC2 instances you would utilize to ensure costs are minimized? A. Reserved instances B. On-demand instances C. Spot instances D. Regular instances

Answer: A. Reserved instances

Question 25 Which of the following is a factor when calculating Total Cost of Ownership (TCO) for the AWS Cloud? A. The number of servers migrated to AWS B. The number of users migrated to AWS C. The number of passwords migrated to AWS D. The number of keys migrated to AWS

Answer: A. The number of servers migrated to AWS

Question 15 The main benefit of decoupling an application is to: A. Create a tightly integrated application B. Reduce inter-dependencies so failures do not impact other components C. Enable data synchronization across the web application layer D. Have the ability to execute automated bootstrapping actions

Answer: B reduce inter-dependencies so failures do not impact other components

Question 14 Who has control of the data in an AWS account? A. AWS Support Team B. AWS Account Owner C. AWS Security Team D. AWS Technical Account Manager (TAM)

Answer: B. AWS Account Owner

Question 27 Which of the following is a fully managed NoSQL database service available with AWS? A. AWS RDS B. AWS DynamoDB C. AWS Redshift D. AWS MongoDB

Answer: B. AWS DynamoDB

Question 24 A disaster recovery strategy on AWS should be based on launching infrastructure in a separate: A. Subnet B. AWS Region C. AWS edge location D. Amazon Virtual Private Cloud (Amazon VPC)

Answer: B. AWS Region

Question 28 A company wants to store data that is not frequently accessed. What is the best and cost-efficient solution that should be considered? A. Amazon Storage Gateway B. Amazon Glacier C. Amazon EBS D. Amazon S3

Answer: B. Amazon Glacier - is a secure, durable, and extremely low-cost storage service for data archiving and long-term backup. To keep costs low yet suitable for varying retrieval needs, Amazon Glacier provides three options for access to archives, from a few minutes to several hours.

Question 33 A company is deploying a two-tier, highly available web application to AWS. Which service provides durable storage for static content while utilizing lower Overall CPU resources for the web tier? A. Amazon EBS volume B. Amazon S3 C. Amazon EC2 instance store D. Amazon RDS instance

Answer: B. Amazon S3

Question 18 Systems applying the cloud architecture principle of elasticity will: A. Minimize storage requirements by reducing logging and auditing activities B. Create systems that scale to the required capacity based on changes in demand C. Enable AWS to automatically select the most cost-effective services D. Accelerate the design process because recovery from failure is automated, reducing the need for testing

Answer: B. Create systems that scale to the required capacity based on changes in demand

Which of the following is a benefit of Amazon Elastic Compute Cloud (Amazon EC2) over physical servers? A. Automated backup B. Paying only for what you use C. The ability to choose hardware vendors D. Root /administrator access

Answer: B. Paying only for what you use

Question 19 Amazon Elastic Compute Cloud (Amazon EC2) Spot instances are appropriate for which of the following workloads? A. Workloads that are only run in the morning and stopped at night B. Workloads where the availability of the Amazon EC2 instances can be flexible C. Workloads that need to run for long periods of time without interruption D. Workloads that are critical and need Amazon EC2 instances with termination protection

Answer: B. Workloads where the availability of the Amazon EC2 instances can be flexible

Question 26 Which AWS service is used to as a global content delivery network (CDN) service in AWS? A. Amazon SES B. Amazon CloudTrail C. Amazon CloudFront D. Amazon S3

Answer: C Amazon CloudFront

Question 35 Which of the below mentioned services can be used to host virtual servers in the AWS Cloud? A. AWS IAM B. AWS Server C. AWS EC2 D. AWS Regions

Answer: C. AWS EC2

Question 4 Which AWS service provides infrastructure security optimization recommendations? A. AWS Price List Application Programming Interface (API) B. Reserved Instances C. AWS Trusted Advisor D. Amazon Elastic Compute Cloud (Amazon EC2) SpotFleet

Answer: C. AWS Trusted Advisor - is an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment

Question 5 Which service allows for the collection and tracking of metrics for AWS services? A. Amazon CloudFront B. Amazon CloudSearch C. Amazon CloudWatch D. Amazon Machine Learning (Amazon ML)

Answer: C. Amazon CloudWatch - monitoring service for AWS Cloud resources and the applications you run on AWS.64 - collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. - monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate. - to gain system-wide visibility into resource utilization, application performance, and operational health.

Question 37 You work for a company that is planning on using the AWS EC2 service. They currently create golden images of their deployed operating system. Which of the following correspond to a golden image in AWS? A. EBS Volumes B. EBS Snapshots C. Amazon Machines Images D. EC2 Copies

Answer: C. Amazon Machines Images

Question 9 Which of the following examples supports the cloud design principle "design for failure and nothing will fail''? A. Adding an elastic load balancer in front of a single Amazon Elastic Compute Cloud (Amazon EC2) instance B. Creating and deploying the most cost-effective solution C. Deploying an application in multiple Availability Zones D. Using Amazon CloudWatch alerts to monitor performance

Answer: C. Deploying an application in multiple Availability Zones

Question 32 The Trusted Advisor service provides insight regarding which four categories of an AWS account? A. Security, fault tolerance, high availability, and connectivity B. Security, access control, high availability, and performance C. Performance, cost optimization, security, and fault tolerance D. Performance, cost optimization, access control, and connectivity

Answer: C. Performance, cost optimization, security, and fault tolerance

Question 30 What is the ability provided by AWS to enable fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket? A. File Transfer B. HTTP Transfer C. Transfer Acceleration D. S3 Acceleration

Answer: C. Transfer Acceleration

Question 6 A company needs to know which user was responsible for terminating several critical Amazon Elastic Compute Cloud (Amazon EC2) Instances. Where can the customer find this information? A. AWS Trusted Advisor B. Amazon EC2 instance usage report C. Amazon CloudWatch D. AWS CloudTrail logs

Answer: D. AWS CloudTrail - a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. - You can get a history of AWS API calls for your account, including API calls made using the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services (such as AWS CloudFormation). - AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.

Question 21 Which tool can display the distribution of AWS spending? A. AWS organizations B. Amazon Dev Pay C. AWS Trusted Advisor D. AWS Cost Explorer

Answer: D. AWS Cost Explorer

Question 10 Which service allows an administrator to create and modify AWS user permissions? A. AWS Config B. AWS Cloud Trail C. AWS Key Management Service (AWS KMS) D. AWS Identity and Access Management (IAM)

Answer: D. AWS Identity and Access Management (IAM) - IAM , Create users in IAM, security credentials (access keys, passwords, permissions, and multi-factor authentication devices), Federated and temporary security credentials

Question 40 Which of the following in the AWS Support plans gives access to a Support Concierge? A. Basic B. Developer C. Business D. Enterprise

Answer: D. Enterprise

Question 16 Which of the following is a benefit of running an application across two Availability Zones? A. Performance is improved over running in a single Availability Zone. B. It is more secure than running in a single Availability Zone. C. It significantly reduces the total cost of ownership versus running in a single Availability Zone. D. It increases the availability of an application compared to running in a single Availability Zone.

Answer: D. It increases the availability of an application compared to running in a single Availability Zone.

Question 31 As per the AWS Acceptable Use Policy, penetration testing of EC2 instances: A. May be performed by AWS and will be performed by AWS upon customer request B. May be performed by AWS and is periodically performed by AWS C. Are expressly prohibited under all circumstances D. May be performed by the customer on their own instances with prior authorization from AWS E. May be performed by the customer on their own instances, only if performed from EC2 instances

Answer: D. May be performed by the customer on their own instances with prior authorization from AWS

Question 2 Which of the following services uses AWS edge locations? A. Amazon Virtual Private Cloud (Amazon VPC) B. Amazon CloudFront C. Amazon Elastic Compute Cloud (Amazon EC2) D. AWS Storage Gateway

B. Amazon CloudFront - global content delivery network (CDN) service that accelerates delivery of your websites, APIs, video content, or other web assets.

Question 1 Which AWS services can be used to store files? Choose 2 answers from the options given below A. Amazon CloudWatch B. Amazon Simple Storage Service (Amazon S3) C. Amazon Elastic Block Store (Amazon EBS) D. AWS Config E. Amazon Athena

B.Amazon Simple Storage Service (Amazon S3) is an object storage service that offers scalability, data availability, security, and performance. C. Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud.