AWS Certified Practitioner

What are the 4 pricing models for EC2?

On-Demand Instances - pay for compute capacity per hour or per second , Reserved Instances, Spot Instances, and Dedicated Hosts

What is AWS Artifac?

On-demand access to compliance reports/.

Your application has recently experienced significant global growth, and international users are complaining of high latency. What is the AWS characteristic that can help improve your international users' experience?

Global Research

What is AWS Free Tier and what is included?

Enables you to gain free, hands-on experience with the AWS platform, products, and services. AWS Free Tier includes offers that expire 12 months after sign-up and others that never expire. EC2 S3 Amazon RDS Amazon CloudFront

What is AWS Snowball?

PB-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers, including high network costs, long transfer times, and security concerns. Transferring data with Snowball is simple, fast, and secure, and can be as little as one-fifth the cost of high-speed internet.

When is a Dedicated Host Pricing recommended?

Physical EC2 server dedicated for your use. Use your existing server-bound software licenses, including Windows Server, SQL Server, and SUSE Linux Enterprise Server. They can also help you meet compliance requirements.

According to the AWS Shared responsibility model, which of the following are the responsibility of the customer? (Choose two)

1) Patching applications installed on Amazon EC2 2) Protecting the confidentiality of data in transit in Amazon S3.

Which of the following are examples of AWS-Managed Services, where AWS is responsible for the operational and maintenance burdens of running the service? (Choose TWO)

1) Amazon DynamDB 2) Amazon Elastic MapReduce For managed services such as Amazon Elastic MapReduce (Amazon EMR) and DynamoDB, AWS is responsible for performing all the operations needed to keep the service running. Amazon EMR launches clusters in minutes. You don't need to worry about node provisioning, infrastructure setup, Hadoop configuration, or cluster tuning. Amazon EMR takes care of these tasks so you can focus on analysis. DynamoDB is serverless with no servers to provision, patch, or manage and no software to install, maintain, or operate. DynamoDB automatically scales tables up and down to adjust for capacity and maintain performance. Availability and fault tolerance are built in, eliminating the need to architect your applications for these capabilities. Other managed services include: AWS Lambda, Amazon RDS, Amazon Redshift, Amazon CloudFront, and several other services. For these managed services, AWS is responsible for most of the configuration and management tasks, but customers are still responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.

Which of the following is not a benefit of Amazon S3? (Choose TWO)

1) Amazon S3 can run any type of application to backed system 2) Amazon S3 can be scaled manually to store and retrieve any amount of data from anywhere "Amazon S3 can run any type of application or backend system" is not a benefit of S3 and thus is a correct answer. Amazon S3 is a storage service not a compute service. "Amazon S3 can be scaled manually to store and retrieve any amount of data from anywhere" is not a benefit of S3 and thus is a correct answer. Amazon S3 scales automatically to store and retrieve any amount of data from anywhere. Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere - web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It's a simple storage service that offers highly available, and infinitely scalable data storage infrastructure at very low costs. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry. S3 provides comprehensive security and compliance capabilities that meet even the most stringent regulatory requirements. It gives customers flexibility in the way they manage data for cost optimization, access control, and compliance. S3 provides query-in-place functionality, allowing you to run powerful analytics directly on your data at rest in S3. And Amazon S3 is the most supported cloud storage service available, with integration from the largest community of third-party solutions, systems integrator partners, and other AWS services. Amazon S3 stores any number of objects, but each object does have a size limitation. Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes.

What does the AWS Personal Health Dashboard provide? (Choose two)

1) Detailed troubleshooting guidance to address AWS events impacting your resources 2) Personalized view of AWS service health AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. The benefits of the AWS personal health dashboard include: **A personalized View of Service Health: Personal Health Dashboard gives you a personalized view of the status of the AWS services that power your applications, enabling you to quickly see when AWS is experiencing issues that may impact you. For example, in the event of a lost EBS volume associated with one of your EC2 instances, you would gain quick visibility into the status of the specific service you are using, helping save precious time troubleshooting to determine root cause. **Proactive Notifications: The dashboard also provides forward looking notifications, and you can set up alerts across multiple channels, including email and mobile notifications, so you receive timely and relevant information to help plan for scheduled changes that may affect you. In the event of AWS hardware maintenance activities that may impact one of your EC2 instances, for example, you would receive an alert with information to help you plan for, and proactively address any issues associated with the upcoming change. **Detailed Troubleshooting Guidance: When you get an alert, it includes remediation details and specific guidance to enable you to take immediate action to address AWS events impacting your resources. For example, in the event of an AWS hardware failure impacting one of your EBS volumes, your alert would include a list of your affected resources, a recommendation to restore your volume, and links to the steps to help you restore it from a snapshot. This targeted and actionable information reduces the time needed to resolve issues.

What should you do in order to keep the data on EBS volumes safe? (Choose two)

1) Ensure that EBS Data is encrypted at rest 2) Create EBS Snapshots

Which statement is correct with regards to AWS service limits? (Choose TWO)

1) You can use the AWS Trusted Advisor to monitor your service limits 2) You can contact AWS Support to increase the service limits

What are the main differences between a VPNs, VPS and VPC?

A VPN (Virtual Private Network) is essentially an encrypted "channel" connecting two networks, or a machine to a network, generally over the public internet. A VPS (Virtual Private Server) is a rented virtual machine running on someone else's hardware. AWS EC2 can be thought of as a VPS, but the term is usually used to describe low-cost products offered by lots of other hosting companies. A VPC (Virtual Private Cloud) is a virtual network in AWS (Amazon Web Services). It can be divided into private and public subnets, have custom routing rules, have internal connections to other VPCs, etc. EC2 instances and other resources are placed in VPCs similarly to how physical data centers have operated for a very long time.

What are the default security credentials that are required to access the AWS management console for an IAM user account?

A user name and password

A company has created a solution that helps AWS customers improve their architectures on AWS. Which AWS program may support this company?

APN Consulting Partners

In your on-premises environment, you can create as many virtual servers as you need from a single template. What can you use to perform the same in AWS?

AMI An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). This pre-configured template save time and avoid errors when configuring settings to create new instances. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.

A company has created a solution that helps AWS customers improve their architectures on AWS. Which AWS program may support this company?

APN Consulting Partners APN Consulting Partners are professional services firms that help customers design, architect, build, migrate, and manage their workloads and applications on AWS. Consulting Partners include System Integrators, Strategic Consultancies, Agencies, Managed Service Providers, and Value-Added Resellers. AWS supports the APN Consulting Partners by providing a wide range of resources and training to support their customers.

A developer needs to set up an SSL security certificate for a client's eCommerce website in order to use the HTTPS protocol. Which of the following AWS services can be used to deploy the required SSL server certificates?

AWS ACM AWS Identity and Access Management o enable HTTPS connections to your website or application in AWS, you need an SSL/TLS server certificate. You can use a server certificate provided by AWS Certificate Manager (ACM) or one that you obtained from an external provider. You can use ACM or IAM to store and deploy server certificates. Use IAM as a certificate manager only when you must support HTTPS connections in a region that is not supported by ACM. IAM supports deploying server certificates in all regions, but you must obtain your certificate from an external provider for use with AWS. Amazon Route 53 is used to register domain names or use your own domain name to route your end users to Internet applications. Route 53 is not responsible for creating SSL certifications.

There is a requirement to grant a DevOps team full administrative access to all resources in an AWS account. Who can grant them these permissions?

AWS Account Owner

Which of the following AWS Services helps with planning application migration to the AWS Cloud?

AWS Application Discovery Service helps systems integrators quickly and reliably plan application migration projects by automatically identifying applications running in on-premises data centers, their associated dependencies, and their performance profiles.

A company has deployed a new web application on multiple Amazon EC2 instances. Which of the following should they use to ensure that the incoming HTTP traffic is distributed evenly across the instances?

AWS Application Load Balancer

Which of the following services allows customers to manage their agreements with AWS?

AWS Artifact AWS Artifact is a self-service audit artifact retrieval portal that provides customers with on-demand access to AWS' compliance documentation and AWS agreements. You can use AWS Artifact Agreements to review, accept, and track the status of AWS agreements such as the Business Associate Addendum (BAA). Additional information: You can also use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports.

Which of the following services gives you access to all AWS auditor-issued reports and certifications?

AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements. Reports available in AWS Artifact include AWS Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).

A company is concerned that they are spending money on underutilized compute resources in AWS. Which AWS feature will help ensure that their applications are automatically adding/removing EC2 compute capacity to closely match the required demand?

AWS Auto Scaling AWS Auto Scaling is the feature that automates the process of adding/removing server capacity (based on demand). Autoscaling allows you to reduce your costs by automatically turning off resources that aren't in use. On the other hand, Autoscaling ensures that your application runs effectively by provisioning more server capacity if required.

What is the framework created by AWS Professional Services that helps organizations design a road map to successful cloud adoption?

AWS CAF (Cloud Adoption Framework) Helps organizations design and travel an accelerated path to successful cloud adoption. The guidance and best practices provided by the framework help you build a comprehensive approach to cloud computing across your organization, and throughout your IT lifecycle. Using the AWS CAF helps you realize measurable business benefits from cloud adoption faster and with less risk.

Which AWS service enables you to quickly purchase and deploy SSL/TLS certificates?

AWS Certificate Manager (AWS ACM) is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks.

What is the key AWS Service essential to operational excellence?

AWS CloudFormation - which you can use to create templates based on best practices. This enables you to provision resources in an orderly and consistent fashion from your development through production environments. • Prepare: AWS Config and AWS Config rules can be used to create standards for workloads and to determine if environments are compliant with those standards before being put into production. • Operate: Amazon CloudWatch allows you to monitor the operational health of a workload. • Evolve: Amazon Elasticsearch Service (Amazon ES) allows you to analyze your log data to gain actionable insights quickly and securely.

What are the change management tools that helps AWS customers audit and monitor all resource changes in their AWS environment? (Choose TWO)

AWS Config AWS Cloudtrail

Which of the following services enables you to easily generate and use your own encryption keys in the AWS Cloud?

AWS CloudHSM (hardware security module) is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

An organization uses a hybrid cloud architecture to run their business. Which AWS service enables them to deploy their applications to any AWS or on-premises server?

AWS CodeDeploy is a service that automates application deployments to any instance, including Amazon EC2 instances and instances running on-premises.

Which of the following AWS services can help you perform security analysis and regulatory compliance auditing? (Choose TWO)

AWS Config Amazon Inspector With AWS Config, you can discover existing and deleted AWS resources, determine your overall compliance against rules, and dive into configuration details of a resource at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. This allows you to make security testing a more regular occurrence as part of development and IT operations.

What is AWS Config?

AWS Config is a service that enables customers to monitor, assess, and audit all changes made to AWS resources.

Which of the following helps a customer view the Amazon EC2 billing activity for the past month?

AWS Cost & Usage Reports The AWS Cost & Usage Report is your one-stop shop for accessing the most detailed information available about your AWS costs and usage.The AWS Cost & Usage Report lists AWS usage for each service category used by an account and its IAM users in hourly or daily line items, as well as any tags that you have activated for cost allocation purposes.

Which AWS Service can be used to establish a dedicated, private network connection between AWS and your datacenter?

AWS Direct Connect AWS Direct Connect is used to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your data center, office, or co-location environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.

What are the connectivity options that can be used to build hybrid cloud architectures? (Choose two)

AWS Direct Connect AWS VPN In cloud computing, hybrid cloud refers to the use of both on-premises resources in addition to public cloud resources. A hybrid cloud enables an organization to migrate applications and data to the cloud, extend their datacenter capacity, utilize new cloud-native capabilities, move applications closer to customers, and create a backup and disaster recovery solution with cost-effective high availability. By working closely with enterprises, AWS has developed the industry's broadest set of hybrid capabilities across storage, networking, security, application deployment, and management tools to make it easy for you to integrate the cloud as a seamless and secure extension of your existing investments.

What services do not expire at the end of the AWS Free Tier?

AWS DynamoDB Amazon Glacier AWS Lambda Up to a certain amount per month

What does Amazon CloudFront use to distribute content to global users with low latency?

AWS Edge Locations

What is the service essential to security?

AWS Identity and Access Management (IAM), which allows you to securely control access to AWS services and resources for your users. The following services and features support the five areas in security: • Identity and Access Management: IAM enables you to securely control access to AWS services and resources. MFA adds an additional layer of protection on user access. AWS Organizations lets you centrally manage and enforce policies for multiple AWS accounts. • Detective Controls: AWS CloudTrail records AWS API calls, AWS Config provides a detailed inventory of your AWS resources and configuration. Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior. Amazon CloudWatch is a monitoring service for AWS resources which can trigger CloudWatch Events to automate security responses. • Infrastructure Protection: Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. Amazon CloudFront is a global content delivery network that securely delivers data, videos, applications, and APIs to your viewers which integrates with AWS Shieldfor DDoS mitigation. AWS WAF is a web application firewall that is deployed on either Amazon CloudFront or Application Load Balancer to help protect your web applications from common web exploits. • Data Protection: Services such as ELB, Amazon Elastic Block Store (Amazon EBS), Amazon S3, and Amazon Relational Database Service (Amazon RDS) include encryption capabilities to protect your data in transit and at rest. Amazon Macie automatically discovers, classifies and protects sensitive data, while AWS Key Management Service (AWS KMS) makes it easy for you to create and control keys used for encryption. • Incident Response: IAM should be used to grant appropriate authorization to incident response teams and response tools. AWS CloudFormation can be used to create a trusted environment or clean room for conducting investigations. Amazon CloudWatch Events allows you to create rules that trigger automated responses including AWS Lambda.

Which of the following services is used when encrypting EBS volumes?

AWS KMS

Which of the following would you use to manage your encryption keys in the AWS Cloud? (Choose TWO)

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

Which of the following compute resources are serverless? (Choose TWO)

AWS Lambda AWS Fargate is a compute engine for deploying and managing containers, which frees you from having to manage any of the underlying infrastructure. With AWS Fargate, you no longer have to provision, configure, and scale clusters of virtual machines to run containers. AWS Fargate seamlessly integrates with Amazon ECS, so you can deploy and manage containers without having to provision or manage servers.

Which of the following are true regarding the languages that are supported on AWS Lambda? (Choose TWO)

AWS Lambda natively supports Java, Go, PowerShell, Node.js, C#, Python, and Ruby code, and provides a Runtime API which allows customers to use any additional programming languages to author their functions.

Which of the following allows you to create new RDS instances?

AWS Management Console AWS CloudFormation The AWS Management Console lets you create new RDS instances through a web-based user interface. You can also use AWS CloudFormation to create new RDS instances using the CloudFormation template language.

Which AWS Service provides integration with Chef to automate the configuration of EC2 instances?

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.

What is the AWS service that enables you to manage all of your AWS accounts from a single master account?

AWS Organizations

As part of the AWS Migration Acceleration Program (MAP), what does AWS provide to accelerate Enterprise adoption of AWS? (Choose TWO)

AWS Partners AWS Professional Services

What are AWS Quick Start Reference deployments?

AWS Quick Start Reference Deployments outline the architectures for popular enterprise solutions on AWS and provide AWS CloudFormation templates to automate their deployment. Each Quick Start launches, configures, and runs the AWS compute, network, storage, and other services required to deploy a specific workload on AWS, using AWS best practices for security and availability. Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices. These accelerators reduce hundreds of manual installation and configuration procedures into just a few steps, so you can build your production environment quickly and start using it immediately.

What does AWS provide to deploy popular technologies - such as IBM MQ - on AWS with the least amount of effort and time?

AWS Quick Start Reference deployments

You manage a blog on AWS that has different environments: development, testing, and production. What can you use to create a custom console for each environment to view and manage your resources easily?

AWS Resource Groups If you work with multiple resources in multiple environments, you might find it useful to manage all the resources in each environment as a group rather than move from one AWS service to another for each task. Resource Groups help you do just that. By default, the AWS Management Console is organized by AWS service. But with the Resource Groups tool, you can create a custom console that organizes and consolidates information based on your project and the resources that you use.

Which AWS Service provides the current status of all AWS Services in all AWS Regions?

AWS Service Health Dashboard

How can you estimate your AWS monthly bill?

AWS Simple Monthly Calculator/ AWS Pricing Calculator

You want to transfer 200 Terabytes of data from on-premises locations to the AWS Cloud, which of the following can do the job in a cost-effective way?

AWS Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Snowmobile is not a cost effective solution here. AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can transfer up to 100 Petabytes (100,000 Terabytes) per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck.

Your company is developing a critical web application in AWS, and the security of the application is a top priority. Which of the following AWS services will provide infrastructure security optimization recommendations?

AWS Trusted Advisor AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. AWS Trusted Advisor offers a rich set of best practice checks and recommendations across five categories: cost optimization; security; fault tolerance; performance; and service limits. AWS Trusted Advisor improves the security of your application by closing gaps, enabling various AWS security features, and examining your permissions.

A company has moved to AWS recently. Which of the following AWS Services will help ensure that they have the proper security settings? (Choose TWO)

AWS Trusted Advisor Amazon Inspector Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of a detailed assessment report which is available via the Amazon Inspector console or API. To help get started quickly, Amazon Inspector includes a knowledge base of hundreds of rules mapped to common security best practices and vulnerability definitions. Examples of built-in rules include checking for remote root login being enabled, or vulnerable software versions installed. These rules are regularly updated by AWS security researchers. AWS Trusted Advisor offers a rich set of best practice checks and recommendations across five categories: cost optimization; security; fault tolerance; performance; and service limits. Like your customized cloud security expert, AWS Trusted Advisor analyzes your AWS environment and provides security recommendations to protect your AWS environment. The service improves the security of your applications by closing gaps, examining permissions, and enabling various AWS security features.

Which AWS service provides cost-optimization recommendations?

AWS Trusted Advisor is an application that draws upon best practices learned from AWS' aggregated operational history of serving hundreds of thousands of AWS customers. Trusted Advisor inspects your AWS environment and makes recommendations that can potentially save you money by highlighting unused resources and opportunities to reduce your bill. AWS Trusted Advisor also provide recommendations to improve system performance, and close security gaps.

Which AWS Service creates a virtual network in AWS?

AWS VPN

Which of the following services can help protect your web applications from SQL injection and other vulnerabilities in your application code?

AWS WAF AWS WAF (Web Application Firewall) helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application.

Hundreds of thousands of DDoS attacks are recorded every month worldwide. What service does AWS provide to help protect AWS Customers from these attacks? (Choose TWO)

AWS WAF AWS Shield AWS provides flexible infrastructure and services that help customers implement strong DDoS mitigations and create highly available application architectures that follow AWS Best Practices for DDoS Resiliency. These include services such as Amazon Route 53, Amazon CloudFront, Elastic Load Balancing, and AWS WAF to control and absorb traffic, and deflect unwanted requests. These services integrate with AWS Shield, a managed DDoS protection service that provides always-on detection and automatic inline mitigations to safeguard web applications running on AWS.

Which of the following services can be used to monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront?

AWS WAF is a web application firewall that lets customers monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront or an Application Load Balancer. AWS WAF also lets customers control access to their content by defining customizable web security rules.

What are the services that AWS provides to protect against network and application layer DDoS attacks? (Choose TWO)

AWS Web Application Firewall AWS CloudFront Amazon CloudFront, AWS Shield, AWS Web Application Firewall (WAF), and Amazon Route 53 work seamlessly together to create a flexible, layered security perimeter against multiple types of attacks including network and application layer DDoS attacks. All of these services are co-resident at the AWS edge location and provide a scalable, reliable, and high-performance security perimeter for your applications and content.

A company is developing a new application using a microservices framework. The new application is having performance and latency issues. Which AWS Service should be used to troubleshoot these issues?

AWS X-Ray AWS X-Ray helps developers analyze and debug distributed applications in production or under development, such as those built using microservice architecture. With X-Ray, you can understand how your application and its underlying services are performing so you can identify and troubleshoot the root cause of performance issues and errors.

The TCO gap between AWS infrastructure and traditional infrastructure has widened over the recent years. Which of the following could be the reason for that?

AWS continues to lower the cost of cloud computing for its customers, making everything from web apps to big data on AWS even more cost-effective and widening the TCO (Total Cost of Ownership) gap with traditional infrastructure. Since 2014, AWS has reduced the cost of compute by an average of 30%, storage by an average of 51% and relational databases by an average of 28%.

You are using several on-demand EC2 Instances to run your development environment. What is the best way to reduce your charges when these instances are not in use?

AWS doesn't charge usage for a stopped instance, or data transfer fees. For a stopped instance AWS will only charge you for EBS storage volumes attached to the instances. "Terminating the instances" is incorrect. If you terminate the instances without taking an image (AMI) of them, you will lose their data.

How does AWS notify customers about security and privacy events pertaining to AWS services?

AWS publishes security bulletins about the latest security and privacy events with AWS services on the Security Bulletins page.

Which of the below options are related to the reliability of AWS? (Choose two)

Ability to recover quickly from failures Automatically provisioning new resources to meet demand. The reliability term encompasses the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. The automatic provisioning of resources and the ability to recover from failures meet these criteria.

Which of the following must an IAM user provide to interact with AWS services using the AWS Command Line Interface (AWS CLI)?

Access Keys Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests to AWS using the CLI or the SDK.

Which of the following is an example of horizontal scaling in the AWS Cloud?

Adding more EC2 instances of the same size to handle an increase in traffic Horizontal Scaling: Scaling horizontally takes place through an increase in the number of resources (e.g., adding more hard drives to a storage array or adding more servers to support an application). This is a great way to build Internet-scale applications that leverage the elasticity of cloud computing. Vertical Scaling: Scaling vertically takes place through an increase in the specifications of an individual resource (e.g., upgrading a server with a larger hard drive, adding more memory, or provisioning a faster CPU). On Amazon EC2, this can easily be achieved by stopping an instance and resizing it to an instance type that has more RAM, CPU, I/O,or networking capabilities. This way of scaling can eventually hit a limit and it is not always a cost efficient or highly available approach. However, it is very easy to implement and can be sufficient for many use cases especially as a short term solution.

An organization needs to analyze and process a large number of data sets. Which AWS service should they use?

Amazon EMR

Which features are included in the AWS Business Support Plan? (Choose TWO)

All AWS customers - including Business support plan subscribers - have 24x7 access to customer service. The Business support plan also provides access to Infrastructure Event Management for additional fee. AWS Infrastructure Event Management is a structured program available to Enterprise Support customers (and Business Support customers for an additional fee) that helps customers plan for large-scale events such as product or application launches, infrastructure migrations, and marketing events.

You have set up consolidated billing for several AWS accounts. One of the accounts has purchased a number of reserved instances for 3 years. Which of the following is true regarding this scenario?

All account can receive the hourly cost benefits of the reserved instances

What is the AWS service that provides five times the performance of a standard MySQL database?

Amazon Aurora

What is the AWS service that provides five times the performance of a standard MySQL database?

Amazon Aurora is a fully-managed, MySQL and PostgreSQL-compatible relational database engine. It combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. It delivers up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications.

Which of the below options is true of Amazon Cloud Directory?

Amazon Cloud Directory is a cloud-native, highly scalable, high-performance directory service that provides web-based directories to make it easy for you to organize and manage all your application resources such as users, groups, locations, devices, and policies, and the rich relationships between them.

How is Amazon CloudFront priced?

Amazon CloudFront charges are based on the data transfers and requests used to deliver content to your customers. There are no upfront payments or fixed platform fees When you begin to estimate the cost of Amazon CloudFront, consider the following: • Traffic distribution: Data transfer and request pricing varies across geographic regions, and pricing is based on the edge location through which your content is served. • Requests: The number and type of requests (HTTP or HTTPS) made and the geographic region in which the requests are made. • Data transfer out: The amount of data transferred out of your Amazon CloudFront edge locations.

Which AWS service collects metrics from running EC2 instances?

Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.

Which AWS Service enables customers to set up an AWS billing alarm to inform them when their spending exceeds a certain threshold?

Amazon CloudWatch is the AWS service that allows you to monitor the usage of your AWS resources.

What is the easiest way to launch and manage a Virtual Private Server (VPS) in the AWS Cloud?

Amazon Lightsail is designed to be the easiest way to launch and manage a virtual private server (VPS) with AWS. Lightsail plans include everything you need to jumpstart your project -a virtual machine, SSD-based storage, data transfer, DNS management, and a static IPaddress-for a low, predictable price.

What AWS Service is essential to Reliability in AWS?

Amazon CloudWatch, which monitors runtime metrics. The following services and features support the three areas in reliability: Foundations: AWS IAM enables you to securely control access to AWS services and resources. Amazon VPC lets you provision a private, isolated section of the AWS Cloud where you can launch AWS resources in a virtual network. AWS Trusted Advisor provides visibility into service limits. AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS. • Change Management: AWS CloudTrail records AWS API calls for your account and delivers log files to you for auditing. AWS Config provides a detailed inventory of your AWS resources and configuration, and continuously records configuration changes. Amazon Auto Scaling is a service that will provide an automated demand management for a deployed workload. Amazon CloudWatch provides the ability to alert on metrics, including custom metrics. Amazon CloudWatch also has a logging feature that can be used to aggregate log files from your resources. • Failure Management: AWS CloudFormation provides templates for the creation of AWS resources and provisions them in an orderly and predictable fashion. Amazon S3 provides a highly durable service to keep backups. Amazon Glacier provides highly durable archives. AWS KMS provides a reliable key management system that integrates with many AWS services.

A company is developing a mobile application and wants to allow users to use their Amazon, Apple, Facebook, or Google identities to authenticate to the application. Which AWS Service should the company use for this purpose?

Amazon Cognito lets customers add user sign-up, sign-in, and access control to their web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.

You are facing a lot of problems with your current contact center. Which service provides a cloud-based contact center that can deliver a better service for your customers?

Amazon Connect is a cloud-based contact center solution. Amazon Connect makes it easy to set up and manage a customer contact center and provide reliable customer engagement at any scale

What is the AWS database service that allows you to upload data structured in key-value format?

Amazon DynamoDB Amazon DynamoDB is a NoSQL database service. NoSQL databases are used for non-structured data that are typically stored in JSON-like, key-value documents.

Your company has a data store application that requires access to a NoSQL database. Which AWS database offering would meet this requirement?

Amazon DynamoDB Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models. Its flexible data model, reliable performance, and automatic scaling of throughput capacity, makes it a great fit for mobile, web, gaming, ad tech, IoT, and many other applications.

Which DynamoDB feature can be used to reduce the latency of requests to a database from milliseconds to microseconds?

Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers performance improvements from milliseconds to microseconds - even at millions of requests per second. DAX adds in-memory acceleration to your DynamoDB tables without requiring you to manage cache invalidation, data population, or cluster management.

What is the primary storage service used by Amazon RDS database instances?

Amazon EBS

Where can you store files in AWS? (Choose TWO)

Amazon EBS - Connected to EC2 instance Amazon EFS - Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. Outside of EC2

What is Amazon Elastic Block Store (Amazon EBS)

Amazon EBS is not for storing images or videos. Provides block level storage volumes for use with Amazon EC2 instances. Amazon EBS volumes are off-instance storage that persists independently from the life of an instance. Two types: SSD and HDD

Which of the following are factors should be considered for Amazon EBS pricing? (Choose TWO)

Amazon EBS pricing has two factors: 1- Volumes: Volume storage for all EBS volume types is charged by the amount of GB you provision per month, until you release the storage. 2- Snapshots: Snapshot storage is based on the amount of space your data consumes in Amazon S3. Because Amazon EBS does not save empty blocks, it is likely that the snapshot size will be considerably less than your volume size. Copying EBS snapshots is charged based on the volume of data transferred across regions. For the first snapshot of a volume, Amazon EBS saves a full copy of your data to Amazon S3. For each incremental snapshot, only the changed part of your Amazon EBS volume is saved. After the snapshot is copied, standard EBS snapshot charges apply for storage in the destination region.

Which of the following services allows you to run containerized applications on a cluster of EC2 instances?

Amazon ECS Amazon Elastic Container Service (Amazon ECS) is a highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS. Amazon ECS eliminates the need for you to install and operate your own container orchestration software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines.

A company is deploying a new two-tier web application in AWS. Where should the most frequently accessed data be stored so that the application's response time is optimal?

Amazon ElastiCache Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases. The primary purpose of an in-memory data store is to provide ultrafast (submillisecond latency) and inexpensive access to copies of data. Querying a database is always slower and more expensive than locating a copy of that data in a cache. Some database queries are especially expensive to perform. An example is queries that involve joins across multiple tables or queries with intensive calculations. By caching (storing) such query results, you pay the price of the query only once. Then you can quickly retrieve the data multiple times without having to re-execute the query.

Which of the following are examples of AWS-Managed Services, where AWS is responsible for the operational and maintenance burdens of running the service? (Choose TWO)

Amazon Elastic MapReduce Amazon DynamoDB For managed services such as Amazon Elastic MapReduce (Amazon EMR) and DynamoDB, AWS is responsible for performing all the operations needed to keep the service running. Amazon EMR launches clusters in minutes. You don't need to worry about node provisioning, infrastructure setup, Hadoop configuration, or cluster tuning. Amazon EMR takes care of these tasks so you can focus on analysis. DynamoDB is serverless with no servers to provision, patch, or manage and no software to install, maintain, or operate. DynamoDB automatically scales tables up and down to adjust for capacity and maintain performance. Availability and fault tolerance are built in, eliminating the need to architect your applications for these capabilities. Other managed services include: AWS Lambda, Amazon RDS, Amazon Redshift, Amazon CloudFront, and several other services. For these managed services, AWS is responsible for most of the configuration and management tasks, but customers are still responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.

What is Amazon GuardDuty?

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.

Amazon Pinpoint

Amazon Pinpoint makes it easy to run targeted campaigns to drive user engagement in mobile apps.112 Amazon Pinpoint helps you understand user behavior, define which users to target, determine which messages to send, schedule the best time to deliver the messages, and then track the results of your campaign.

You work as an on-premises MySQL DBA. The work of database configuration, backups, patching, and DR can be time-consuming and repetitive. Your company has decided to migrate to the AWS Cloud. Which of the following can help save time on database maintenance so you can focus on data architecture and performance?

Amazon RDS Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity while automating time-consuming administration tasks such as hardware provisioning, operating system maintenance, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.

What is the AWS data warehouse service that supports a high level of query performance on large amounts of datasets?

Amazon Redshift

What is the AWS data warehouse service that supports a high level of query performance on large amounts of datasets?

Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. It allows you to run complex analytic queries against petabytes of structured data. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. Amazon Redshift manages the work needed to set up, operate, and scale a data warehouse, from provisioning the infrastructure capacity to automating ongoing administrative tasks such as backups, and patching.

Which AWS Service can perform health checks on Amazon EC2 instances?

Amazon Route 53 provides highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like example.com into the numeric IP addresses, such as 192.0.2.1, that computers use to connect to each other. Route 53 also offers health checks to monitor the health and performance of your application as well as your web servers and other resources. Route 53 can be configured to route traffic only to the healthy endpoints to achieve greater levels of fault tolerance in your applications.

Which of the following AWS services is designed with native Multi-AZ fault tolerance in mind? (Choose two)

Amazon S3 Amazon DynamoDB The Multi-AZ principle involves deploying an AWS resource in multiple Availability Zones to achieve high availability for that resource. DynamoDB automatically spreads the data and traffic for your tables over a sufficient number of servers to handle your throughput and storage requirements, while maintaining consistent and fast performance. All of your data is stored on solid-state disks (SSDs) and is automatically replicated across multiple Availability Zones in an AWS Region, providing built-in fault tolerance in the event of a server failure or Availability Zone outage. Amazon S3 provides durable infrastructure to store important data and is designed for durability of 99.999999999% of objects. Data in all Amazon S3 storage classes is redundantly stored across multiple Availability Zones (except S3 One Zone-IA).

Which S3 storage class is best for data with unpredictable access patterns?

Amazon S3 Intelligent-Tiering The S3 Intelligent-Tiering storage class is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. It works by storing objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. For a small monthly monitoring and automation fee per object, Amazon S3 monitors access patterns of the objects in S3 Intelligent-Tiering, and moves the ones that have not been accessed for 30 consecutive days to the infrequent access tier. If an object in the infrequent access tier is accessed, it is automatically moved back to the frequent access tier. There are no retrieval fees when using the S3 Intelligent-Tiering storage class, and no additional tiering fees when objects are moved between access tiers. It is the ideal storage class for long-lived data with access patterns that are unknown or unpredictable.

What is the AWS service\feature that takes advantage of Amazon CloudFront's globally distributed edge locations to transfer files to S3 with higher upload speeds?

Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront's globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network pat

Which service is used to ensure that messages between software components are not lost if one or more components fail?

Amazon SQS Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available. SQS lets you decouple application components so that they run independently, increasing the overall fault tolerance of the system. Multiple copies of every message are stored redundantly across multiple availability zones so that they are available whenever needed.

What is the main purpose of using Amazon SWF?

Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. Amazon SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks. Tasks represent invocations of various processing steps in an application which can be performed by executable code, web service calls, human actions, and scripts. The coordination of tasks involves managing execution dependencies, scheduling, and concurrency in accordance with the logical flow of the application. With Amazon SWF, developers get full control over implementing processing steps and coordinating the tasks that drive them, without worrying about underlying complexities such as tracking their progress and keeping their state.

Each AWS Region is composed of multiple Availability Zones. Which of the following best describes what an Availability Zone is?

Availability Zones are distinct locations within a region that are insulated from failures in other Availability Zones. Note: Although Availability Zones are insulated from failures in other Availability Zones, they are connected through private, low-latency links to other Availability Zones in the same region.

What are dedicated Instances?

Available for EC2. Run in a VPC on hardware that's dedicated to a single customer

What are the 5 best practices for security in the cloud?

Before you architect any system, you need to put in place practices that influence security. You will want to control who can do what. • Identity and Access Management How do you manage credentials and authentication? How do you control human access? How do you control programmatic access? • Detective Controls - to identify a potential security threat or incident How do you defend against emerging security threats? How do you detect and investigate security events? • Infrastructure Protection - encompasses control methodologies, such as defense in depth, necessary to meet best practices and organizational or regulatory obligations. How do you protect your networks? How do you protect your compute resources? • Data Protection How do you classify your data? How do you protect your data at rest? How do you protect your data in transit? • Incident Response How do you respond to an incident?

What are the factors that drive costs of Amazon RDS?

Clock hours of server time: Database characteristics Database purchase type Number of database instances Provisioned storage: Backup storage Requests Deployment type:single versus multiple AZs Data transfer

Your CTO has asked you to contact AWS support using the chat feature to ask for guidance related to EBS. However, when you open the AWS support center you can't see a way to contact support via Chat. What should you do?

Chat access to AWS Support Engineers is available at the Business and Enterprise support tiers only.

Which of the following AWS services are free to use?

CloudFormation Auto-scaling he AWS Auto Scaling service itself is free to use, you only pay for the resources that Auto-scaling provisions on your behalf (e.g. scaling EC2 capacity up). Additional information: AWS Auto Scaling is a service that can help you optimize your utilization and cost efficiencies when consuming AWS services so you only pay for the resources you actually need. When demand drops, AWS Auto Scaling will automatically remove any excess resource capacity so you avoid overspending. When demand increases, AWS Auto Scaling will automatically add capacity to maintain performance. AWS CloudFormation is available at no additional charge, and you pay only for the AWS resources needed to run your applications. Additional information: AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion.

A company needs to track resource changes using the API call history. Which AWS service can help the company achieve this goal?

CloudTrail

Differences between CloudWatch and CloudTrail?

CloudWatch Logs reports on application logs, while CloudTrail Logs provide you specific information on what occurred in your AWS account. CloudWatch Events is a near real time stream of system events describing changes to your AWS resources. CloudTrail focuses more on AWS API calls made in your AWS account.

Which of the following enables you to monitor and collect log files from your Amazon EC2 instances?

CloudWatch Logs to monitor, store, and access your log files

What are the three fundamental drivers of cost with AWS?

Compute, Storage, Outbound Data Transfer

What are the differences between AWS Config and AWS Opsworks?

Config: understand and monitor your AWS resources. OpsWorks: configure your servers with Chef or Puppet. Very little overlap between the two. AWS Config is used to create inventory of all the resources in your AWS account like number of EC2 instances, Security Groups etc. Also you can create rules or policies to govern these resources like ELBs without https etc. AWS provides a vast number of rules by default that you can use. The catch is you have to pay for each active rule. AWS config would be benificial in case of an audit.

Under the shared responsibility model, Which of the following is the AWS' responsibility?

Configuring infrastructure devices Under the shared responsibility model, AWS is responsible for the hardware and software that run AWS services. This includes patching the infrastructure software and configuring infrastructure devices. As a customer, you are responsible for implementing best practices for data encryption, patching guest operating system and applications, identity and access management, and network & firewall configurations.

In the AWS Shared responsibility Model, which of the following are the responsibility of the customer? (Choose TWO)

Configuring network access rules Setting password complexity rules The customer is responsible for securing their network by configuring Security Groups, Network Access control Lists (NACLs), and Routing Tables. The customer is also responsible for setting a password policy on their AWS account that specifies the complexity and mandatory rotation periods for their IAM users' passwords.

You have AWS Basic support, and you have discovered that some AWS resources are being used maliciously, and those resources could potentially compromise your data. What should you do?

Contact the AWS Abuse Team The AWS Abuse team can assist you when AWS resources are being used to engage in the following types of abusive behavior: I. Spam: You are receiving unwanted emails from an AWS-owned IP address, or AWS resources are being used to spam websites or forums. II. Port scanning: Your logs show that one or more AWS-owned IP addresses are sending packets to multiple ports on your server, and you believe this is an attempt to discover unsecured ports. III. Denial of service attacks (DOS): Your logs show that one or more AWS-owned IP addresses are being used to flood ports on your resources with packets, and you believe this is an attempt to overwhelm or crash your server or software running on your server. IV. Intrusion attempts: Your logs show that one or more AWS-owned IP addresses are being used to attempt to log in to your resources. V. Hosting objectionable or copyrighted content: You have evidence that AWS resources are being used to host or distribute illegal content or distribute copyrighted content without the consent of the copyright holder. VI. Distributing malware: You have evidence that AWS resources are being used to distribute software that was knowingly created to compromise or cause harm to computers or machines on which it is installed.

An organization has decided to reserve EC2 compute capacity for three years in order to reduce costs. It is possible that the application workloads could change during the reservation time period. What is the EC2 Reserved Instance (RI) type that will allow the company to modify the reservation if they need to?

Convertible RIs Convertible RIs provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. These attributes include instance family, instance type, platform, scope, and tenancy.

What Basic Support is included for all AWS customers?

Customer Service & Communities - 24x7 access to customer service, documentation, whitepapers, and support forums. AWS Trusted Advisor - Schecks and guidance to provision your resources following best practices to increase performance and improve security. AWS Personal Health Dashboard - A personalized view of the health of AWS services, and alerts when your resources are impacted.

What does AWS offer to secure your network?

Customer-controlled encryption in transit

Which methods can be used by customers to interact with AWS Identity and Access Management (IAM)? (Choose TWO)

Customers can work with AWS Identity and Access Management in any of the following ways: 1- AWS Management Console: The console is a browser-based interface that can be used to manage IAM and AWS resources. 2- AWS Command Line Tools: Customers can use the AWS command line tools to issue commands at your system's command line to perform IAM and AWS tasks. Using the command line can be faster and more convenient than the console. The command line tools are also useful if you want to build scripts that perform AWS tasks. AWS provides two sets of command line tools: the AWS Command Line Interface (AWS CLI) and the AWS Tools for Windows PowerShell. 3- AWS SDKs: AWS provides SDKs (software development kits) that consist of libraries and sample code for various programming languages and platforms (Java, Python, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to IAM and AWS. For example, the SDKs take care of tasks such as cryptographically signing requests, managing errors, and retrying requests automatically.

Which of the following factors should be considered when determining the region in which AWS Resources will be deployed? (Choose TWO)

Cost Data Sovereignty Data sovereignty is the concept that information which has been converted and stored in binary digital form is subject to the laws of the country in which it is located.

What are key AWS services to ensure Cost Optimization?

Cost Explorer, which helps you gain visibility and insights into your usage, across your workloads and throughout your organization. The following services and features support the four areas in cost optimization: Expenditure Awareness: AWS Cost Explorer allows you to view and track your usage in detail. AWS Budgets notify you if your usage or spend exceeds actual or forecast budgeted amounts. • Cost-Effective Resources: You can use Cost Explorer for Reserved Instance recommendations, and see patterns in how much you spend on AWS resources over time. Use Amazon CloudWatch and Trusted Advisor to help right size your resources. You can use Amazon Aurora on RDS to remove database licensing costs. AWS Direct Connect and Amazon CloudFront can be used to optimize data transfer. • Matching supply and demand: Auto Scaling allows you to add or remove resources to match demand without overspending. • Optimizing Over Time: The AWS News Blog and the What's New section on the AWS website are resources for learning about newly launched features and services. AWS Trusted Advisor inspects your AWS environment and finds opportunities to save you money by eliminating unused or idle resources or committing to Reserved Instance capacity.

What are the AWS Well-Architected Framework five pillars? CORPS

Cost Optimization The ability to run systems to deliver business value at the lowest price point. Operational Excellence The ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. Reliability The ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. Performance Efficiency The ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve. Security The ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Sarah has deployed an application in the Northern California (us-west-1) region. After examining the application's traffic, she notices that about 30% of the traffic is coming from Asia. What can she do to reduce latency for the users in Asia?

Create a CDN using CloudFront, so that content is cached at Edge Locations close to and in Asia.

According to the AWS shared responsibility model, what are the controls that customers fully inherit from AWS? (Choose TWO)

Data Center Security Controls Environmental Controls

Which of the following EC2 instance purchasing options supports the Bring Your Own License (BYOL) model for almost every BYOL scenario?

Dedicated Hosts An important difference between a Dedicated Host and a Dedicated instance is that a Dedicated Host gives you additional visibility and control over how instances are placed on a physical server, and you can consistently deploy your instances to the same physical server over time.

What are the 5 design principles of performance efficiency?

Democratize advanced technologies: Technologies that are difficult to implement can become easier to consume by pushing that knowledge and complexity into the cloud vendor's domain. Rather than having your IT team learn how to host and run a new technology, they can simply consume it as a service. For example, NoSQL databases, media transcoding, and machine learning are all technologies that require expertise that is not evenly dispersed across the technical community. In the cloud, these technologies become services that your team can consume while focusing on product development rather than resource provisioning and management. • Go global in minutes: Easily deploy your system in multiple Regions around the world with just a few clicks. This allows you to provide lower latency and a better experience for your customers at minimal cost. • Use serverless architectures: In the cloud, serverless architectures remove the need for you to run and maintain servers to carry out traditional compute activities. For example, storage services can act as static websites, removing the need for web servers, and event services can host your code for you. This not only removes the operational burden of managing these servers, but also can lower transactional costs because these managed services operate at cloud scale. • Experiment more often: With virtual and automatable resources, you can quickly carry out comparative testing using different types of instances, storage, or configurations. • Mechanical sympathy: Use the technology approach that aligns best to what you are trying to achieve. For example, consider data access patterns when selecting database or storage approaches.

A company has developed an eCommerce web application in AWS. What should they do to ensure that the application has the highest level of availability?

Deploy the application across multiple Regions and Availability. The AWS Global infrastructure is built around Regions and Availability Zones (AZs). Each AWS Region is a separate geographic area. Each AWS Region has multiple, isolated locations known as Availability Zones. Availability Zones in a region are connected with low latency, high throughput, and highly redundant networking. These Availability Zones offer AWS customers an easier and more effective way to design and operate applications and databases, making them more highly available, fault tolerant, and scalable than traditional single datacenter infrastructures or multi-datacenter infrastructures. In addition to replicating applications and data across multiple data centers in the same Region using Availability Zones, you can also choose to increase redundancy and fault tolerance further by replicating data between geographic Regions (especially if you are serving customers from all over the world). You can do so using both private, high speed networking and public internet connections to provide an additional layer of business continuity, or to provide low latency access across the globe.

What does the AWS Personal Health Dashboard provide? (Choose two)

Detailed troubleshooting guidance to address AWS events impacting your resources Personalized view of AWS service health WS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. The benefits of the AWS personal health dashboard include: **A personalized View of Service Health: Personal Health Dashboard gives you a personalized view of the status of the AWS services that power your applications, enabling you to quickly see when AWS is experiencing issues that may impact you. For example, in the event of a lost EBS volume associated with one of your EC2 instances, you would gain quick visibility into the status of the specific service you are using, helping save precious time troubleshooting to determine root cause. **Proactive Notifications: The dashboard also provides forward looking notifications, and you can set up alerts across multiple channels, including email and mobile notifications, so you receive timely and relevant information to help plan for scheduled changes that may affect you. In the event of AWS hardware maintenance activities that may impact one of your EC2 instances, for example, you would receive an alert with information to help you plan for, and proactively address any issues associated with the upcoming change. **Detailed Troubleshooting Guidance: When you get an alert, it includes remediation details and specific guidance to enable you to take immediate action to address AWS events impacting your resources. For example, in the event of an AWS hardware failure impacting one of your EBS volumes, your alert would include a list of your affected resources, a recommendation to restore your volume, and links to the steps to help you restore it from a snapshot. This targeted and actionable information reduces the time needed to resolve issues.

What is the pricing structure for AWS Lambda?

Duration is calculated from the time your code begins executing until it returns or otherwise terminates, rounded up to the nearest 100 milliseconds. The price depends on the amount of memory you allocate to your function. Request pricing • Free Tier: 1 million requests per month, 400,000 GB-seconds of compute time per month • $0.20 per 1 million requests thereafter, or $0.0000002 per request Duration pricing • 400,000 GB-seconds per month free, up to 3.2 million seconds of compute time • $0.00001667 for every GB-second used thereafter

What is the name of the DynamoDB replication capability that provides fast read \ write performance for globally deployed applications?

DynamoDB global tables are ideal for massively scaled applications with globally dispersed users. Global tables provide automatic replication to AWS Regions world-wide. They enable you to deliver low-latency data access to your users no matter where they are located.

Spot Instances

EC2 Pricing mechanism. Purchase spare computing capacity with no upfront commitment at discounted hourly rates

In order to implement best practices when dealing with a "Single Point of Failure," you should attempt to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help? (Choose TWO)

ELB Auto Scaling You should attempt to build as much automation as possible in both detecting and reacting to failure. You can use services like ELB and Amazon Route53 to configure health checks and mask failure by only routing traffic to healthy endpoints. In addition, Auto Scaling can be configured to automatically replace unhealthy nodes. You can also replace unhealthy nodes using the Amazon EC2 auto-recovery feature or services such as AWS OpsWorks and AWS Elastic Beanstalk. It won't be possible to predict every possible failure scenario on day one. Make sure you collect enough logs and metrics to understand normal system behavior. After you understand that, you will be able to set up alarms that trigger automated response or manual intervention.

The principle "design for failure and nothing will fail" is very important when designing your AWS Cloud architecture. Which of the following would help adhere to this principle? (Choose two)

ELB Availability Zones Each AWS Region is a separate geographic area. Each AWS Region has multiple, isolated locations known as Availability Zones. When designing your AWS Cloud architecture, you should make sure that your system will continue to run even if failures happen. You can achieve this by deploying your AWS resources in multiple Availability zones. Availability zones are isolated from each other, therefore if one availability zone goes down, the other AZ's will still be up and running and hence your application will be more fault tolerant. In addition to availability zones you can build a disaster recovery solution by deploying your AWS resources in other regions. If an entire region goes down you will still have resources in another region able to continue to provide a solution. Finally, you can use the Elastic Load Balancer to regularly perform health checks and distribute traffic only to the healthy instances.

In order to implement best practices when dealing with a "Single Point of Failure," you should attempt to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help? (Choose TWO)

ELB - Elastic Load Balancing Auto Scaling You should attempt to build as much automation as possible in both detecting and reacting to failure. You can use services like ELB and Amazon Route53 to configure health checks and mask failure by only routing traffic to healthy endpoints. In addition, Auto Scaling can be configured to automatically replace unhealthy nodes. You can also replace unhealthy nodes using the Amazon EC2 auto-recovery feature or services such as AWS OpsWorks and AWS Elastic Beanstalk. It won't be possible to predict every possible failure scenario on day one. Make sure you collect enough logs and metrics to understand normal system behavior. After you understand that, you will be able to set up alarms that trigger automated response or manual intervention.

What do you gain from setting up consolidated billing for five different AWS accounts under another master account?

Each AWS Account gets volume discounts. AWS consolidated billing enables an organization to consolidate payments for multiple Amazon Web Services (AWS) accounts within a single organization by making a single paying account. For billing purposes, AWS treats all the accounts on the consolidated bill as one account. Some services, such as Amazon EC2 and Amazon S3 have volume pricing tiers across certain usage dimensions that give the user lower prices when they use the service more. For example if you use 50 TB in each account you would normally be charged $23 *50*3 (because they are 3 different accounts), But with consolidated billing you would be charged $23*50+$22*50*2 (because they are treated as one account) which means that you would save $100.

What are two advantages of using Cloud Computing over using traditional data centers?

Eliminating single points of failure Distributed infrastructure

Which AWS Support Plan gives customers access to a "Well-Architected Review" for business critical workloads?

Enterprise This review provides guidance and best practices to help customers design reliable, secure, efficient, and cost-effective systems in the cloud.

Which support plan includes AWS Support Concierge Service?

Enterprise Support

Under the Shared Responsibility Model, which of the following controls do customers fully inherit from AWS? (Choose TWO)

Environmental Controls Physical Controls AWS is responsible for physical controls and environmental controls. Customers inherit these controls from AWS.

Under the Shared Responsibility Model, which of the following controls do customers fully inherit from AWS? (Choose two)

Environmental Controls Physical controls

Amazon Glacier provides several access time options that are suitable for varying data retrieval needs. Select TWO of these access time options.

Expedited & Bulk To keep costs low yet suitable for varying retrieval needs, Amazon Glacier provides three options for access to archives that span a few minutes to several hours: (Access option : Data access time) 1- Expedited : 1-5 minutes 2- Standard : 3-5 hours 3- Bulk : 5-12 hours

Which of the following are valid Amazon EC2 Reserved Instance types? (Choose TWO)

Explanation There are three types of EC2 Reserved Instances(RIs) that you can choose from based on your applications needs: 1- Standard RIs: These provide the most significant discount (up to 75% off On-Demand) and are best suited for steady-state usage. 2- Convertible RIs: These provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. Like Standard RIs, Convertible RIs are best suited for steady-state usage.

What is Amazon DynamoDB?

Fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models.

What does AWS Cost Explorer provide to help manage your AWS spend?

Highly accurate cost forecasts for up to 12 months ahead

Which of the following is NOT a factor when estimating the costs of Amazon EC2? (Choose TWO)

Hosted Zones Number of Security Groups Hosted Zones are not free, but they are not related to Amazon EC2 costs. Hosted Zones is one of the factors of the Amazon Route 53 costs.

An organization has a large number of technical employees who operate their AWS Cloud infrastructure. What does AWS provide to help organize them into teams and then assign the appropriate permissions for each team?

IAM Groups An IAM group is a collection of IAM users that are managed as a unit. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group. If a new user joins your organization and needs administrator privileges, you can assign the appropriate permissions by adding the user to that group. Similarly, if a person changes jobs in your organization, instead of editing that user's permissions, you can remove him or her from the old groups and add him or her to the appropriate new groups.

What can you use to assign permissions directly to an IAM user?

IAM Policy - A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. Each policy consists of: 1- Actions: What actions to allow or deny. 2- Resources: Which resources to allow or deny the action on. 3- Effect: What will be the effect when the user requests access—either allow or deny. 4- Conditions: Which conditions must be present for the policy to take effect. For example, you might allow access only to the specific S3 buckets if the user is connecting from a specific IP range or has used multi-factor authentication at login. Note: Permissions are granted to IAM identities (users, groups, and roles) to determine whether they are authorized to perform an action or not.

Which IAM entity can best be used to grant temporary access to your AWS resources?

IAM Roles An IAM role is an IAM entity that defines a set of permissions for making AWS service requests. IAM roles are not associated with a specific user or group. Instead, trusted entities assume roles, such as IAM users, applications, or AWS services such as EC2. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials such as a password or access keys associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session.

What does Amazon ElastiCache provide?

In-memory caching for read-heavy applications.

A company is introducing a new product to their customers, and is expecting a surge in traffic to their web application. As part of their Enterprise Support plan, which of the following provides the company with architectural and scaling guidance?

Infrastructure Event Management

Availability Zones within a Region are connected over low-latency links. Which of the following is a benefit of these links?

Make synchronous replication of you data possible Each AWS Region contains multiple distinct locations, or Availability Zones. Each Availability Zone is engineered to be independent from failures in other Availability Zones. An Availability Zone is a data center, and in some cases, an Availability Zone consists of multiple data centers. Availability Zones within a Region provide inexpensive, low-latency network connectivity to other zones in the same Region. This allows you to replicate data across data centers in a synchronous manner so that failover can be automated and appear transparent to your users.

Using Amazon RDS falls under the shared responsibility model. Which of the following are customer responsibilities? (Choose TWO)

Managing the database setting Building the schema

What factors determine how you are charged when using AWS Lambda? (Choose TWO)

Number of requests to your functions Compute time consumed

What are 4 pricing models depending on the product?

On Demand Dedicated Instances Spot Instances Reservations

Select TWO examples of the AWS shared controls.

Patch Management Configuration Management Shared Controls are controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: ** Patch Management - AWS is responsible for patching the underlying hosts and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. ** Configuration Management - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. ** Awareness & Training - AWS trains AWS employees, but a customer must train their own employees.

Reservations

Paying for capacity ahead of time. Up to 75% discounts. Examples include: EC2 Reserved Instances, DynamoDB Reserved Capacity, ElasticCache Reserved Nodes, Relational Database Service Reserved Instances, Redshift Reserved Nodes

According to the AWS Acceptable Use Policy, which of the following statements is true regarding penetration testing of EC2 instances?

Penetration testing can be performed by the customer on their own instances with prior authorization from AWS.

What best describes penetration testing?

Penetration testing is the practice of testing a network or web application to find security vulnerabilities that an attacker could exploit.

What are the Amazon RDS features that can be used to improve the availability of your database? (Choose two)

Read replicas Multi-AZ Deployment In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups. Running a DB instance with high availability can enhance availability during planned system maintenance, and help protect your databases against DB instance failure and Availability Zone disruption. Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This feature makes it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas provide a complementary availability mechanism to Amazon RDS Multi-AZ Deployments. You can promote a read replica if the source DB instance fails. You can also replicate DB instances across AWS Regions as part of your disaster recovery strategy. This functionality complements the synchronous replication, automatic failure detection, and failover provided with Multi-AZ deployments.

What is the advantage of the AWS-recommended practice of "decoupling" applications?

Reduces inter-dependencies so that failures do not impact other components of the application As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components. On the other hand if the components of an application are tightly coupled and one component fails, the entire application will also fail. Therefore when designing your application, you should always decouple its components.

A company needs to host a database in Amazon RDS for at least three years. Which of the following options would be the most cost-effective solution?

Reserved instances - Partial Upfront Since the database server will be hosted for a period of at least three years, then it is better to use the RDS Reserved Instances as it provides you with a significant discount compared to the On-Demand Instance pricing for the DB instance. With the Partial Upfront option, you make a low upfront payment and are then charged a discounted hourly rate for the instance for the duration of the Reserved Instance term. The Partial Upfront option is more cost-effective than the No upfront option (The more you spend upfront the more you save).

Which statement is true regarding the AWS Shared Responsibility Model?

Responsibilities vary depending on the services used. Customers should be aware that their responsibilities may vary depending on the AWS services chosen. For example, when using Amazon EC2, you are responsible for applying operating system and application security patches regularly. However, such patches are applied automatically when using Amazon RDS.

A customer is seeking to store objects in their AWS environment and to make those objects downloadable over the internet. Which AWS Service can be used to accomplish this?

S3

What is the AWS S3 storage class that has the lowest availability rating?

S3 One Zone-IA has the lowest availability rating: 99.5%. S3 One Zone IA only stores data in 1 availability zone instead of multiple aviailability zones that the other storage classes utilize.

What does AWS Snowball provide?

Secure transfer or large amounts of data into and out of the AWS Cloud

Which of the following is the responsibility of AWS according to the AWS Shared Responsibility Model?

Securing Regions and edge locations.

Which of the following AWS security features is associated with an EC2 instance and functions to filter incoming traffic requests?

Security Groups

How is AWS Snowball priced?

Service fee per job Snowball 50 TB: $200 Snowball 80 TB: $250 Extra-day charge The first 10 days of onsite usage are free. Each extra onsite day is $15. Data transfer Data transfer in to Amazon S3 is free. Data transfer out of Amazon S3 is priced by region.

A startup company is operating on limited funds and is extremely concerned about cost overruns. Which of the below options can be used to notify the company when their monthly AWS bill exceeds $2000?

Setup CloudWatch billing alarm that triggers and SNS notification to their email address. In CloudWatch, you can set up a billing alarm that triggers if your costs exceed a threshold that you set. This CloudWatch alarm can also be configured to trigger an SNS notification to your email address.

What are AWS shared controls?

Shared Controls are controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: ** Patch Management - AWS is responsible for patching the underlying hosts and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. ** Configuration Management - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. ** Awareness & Training - AWS trains AWS employees, but a customer must train their own employees.

A company has developed a media transcoding application in AWS. The application is designed to recover quickly from hardware failures. Which one of the following types of instance would be the most cost-effective choice to use?

Spot Instances The question stated that the application is designed to recover quickly from failures, therefore it can handle any interruption may occur with the instance. Hence, we can use the Spot instances for this application. Spot instances provide a discount (up to 90%) off the On-Demand price. The Spot price is determined by long-term trends in supply and demand for EC2 spare capacity. If the Spot price exceeds the maximum price you specify for a given instance or if capacity is no longer available, your instance will automatically be interrupted. Spot Instances are the most cost-effective choice if you are flexible about when your applications run and if your applications can be interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks.

How is Amazon Glacier priced?

Starting at $0.004 per GB per month. Provides three options for access to archives that span a few minutes to several hours. Faster has higher cost.

As part of the Enterprise support plan, who is the primary point of contact for ongoing support needs?

TAM (Technical Account Manager) For Enterprise-level customers, a TAM (Technical Account Manager) provides technical expertise for the full range of AWS services and obtains a detailed understanding of your use case and technology architecture. TAMs work with AWS Solution Architects to help you launch new projects and give best practices recommendations throughout the implementation life cycle. Your TAM is the primary point of contact for ongoing support needs, and you have a direct telephone line to your TAM.

A company is trying to analyze the costs applied to their AWS account recently. Which of the following provides them the most granular data about their AWS costs and usage?

The AWS Cost & Usage Report contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, and reservations (e.g., Amazon EC2 Reserved Instances (RIs)). The AWS Cost and Usage Report tracks your AWS usage and provides information about your use of AWS resources and estimated costs for that usage. You can configure this report to present the data hourly or daily.

What AWS tools can be used to call AWS Services from different programming languages?

The AWS Software Development Kit (AWS SDK) can simplify using AWS services in your applications with an API tailored to your programming language or platform. Programming languages supported include Java, .NET, Node.js, PHP, Python, Ruby, Go, and C++.

What is the difference between Personal Health Dashboard and AWS Service Health Dashboard?

The Service Health Dashboard gives the general status of AWS services. Personal Health Services gives you a personal view of the status of the AWS services that power your application.

What is the operational excellence pillar of the AWS Well-Architected Framework?

The ability of a system to receiver gracefully from failure.

What is a component in the AWS Well-Architected Framework?

The code, configuration and AWS Resources that together deliver against a requirement. A component is often the unit of technical ownership, and is decoupled from other components.

What is technology portfolio in the AWS Well-Architected Framework?

The collection of workloads that are required for the business to operate.

A key practice when designing solutions on AWS is to minimize dependencies between components so that the failure of a single component does not impact other components. What is this practice called?

The concept of loosely coupling an application refers to breaking the application into components that perform aspects of a task independently of one another. Using this design concept minimizes the risk that a change or a failure in one component will impact other components.

When using the AWS TCO tool, what information is required to calculate the potential savings of using AWS vs. on-premises?

The number of on-premise virtual machines

Security

The pillar that includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies

How Amazon EBS is priced?

There are 3 factors: • Volumes - charged by the amount of GB you provision per month, until you release the storage. • Snapshots - amount of space your data consumes in Amazon S3 • Data transfer - amount of data transferred out of your application

What are the principles for reliability in the cloud?

There are five design principles for reliability in the cloud: • Test recovery procedures: • Automatically recover from failure: • Scale horizontally to increase aggregate system availability: • Stop guessing capacity: • Manage change in automation:

The AWS account administrator of your company has been fired. With the permissions granted to him as an administrator, he was able to create multiple IAM user accounts and access keys. Additionally, you are not sure whether he has access to the AWS root account or not. What should you do immediately to protect your AWS infrastructure? (Choose TWO)

To protect your AWS infrastructure in this situation you should lock down your root user and all accounts that the administrator had access to. Here are some ways to do that: 1- Change the user name and the password of the root user account and all of the IAM accounts that the administrator has access to. 2- Rotate (change) all access keys for those accounts. 3- Enable MFA on those accounts. 4- Place IP restriction on all User accounts.

What are the factors that impact DynamoDB pricing?

Unlike traditional NoSQL deployments that ask you to think about memory, CPU, and other system resources that could affect your throughput, DynamoDB simply asks you to specify the target utilization rate and minimum to maximum capacity that you want for your table. DynamoDB handles the provisioning of resources to achieve your target utilization of read and write capacity, then auto-scales your capacity based on usage. Global Tables replicates your Amazon DynamoDB tables automatically across your choice of AWS regions.

Which of the following can be used to protect data at rest on Amazon S3?

Versioning Permissions 1- Permissions: Use bucket-level or object-level permissions alongside IAM policies to protect resources from unauthorized access and to prevent information disclosure, data integrity compromise or deletion. 2- Versioning: Amazon S3 supports object versions. Versioning is disabled by default. Enable versioning to store a new version for every modified or deleted object from which you can restore compromised objects if necessary. 3- Replication: Amazon S3 replicates each object across all Availability Zones within the respective region. Replication can provide data and service availability in the case of system failure, but provides no protection against accidental deletion or data integrity compromise - it replicates changes across all Availability Zones where it stores copies. 4- Backup: You can use application-level technologies to manually back up data stored in Amazon S3 to other AWS regions or to on-premises backup systems. 5- Encryption - server side: Amazon S3 supports server-side encryption of user data. Server-side encryption is transparent to the end user. AWS generates a unique encryption key for each object, and then encrypts the object using AES-256. 6- Encryption - client side: With client-side encryption you create and manage your own encryption keys. Keys you create are not exported to AWS in clear text. Your applications encrypt data before submitting it to Amazon S3, and decrypt data after receiving it from Amazon S3. Data is stored in an encrypted form, with keys and algorithms only known to you.

You are working on two projects that require completely different network configurations. Which AWS service will allow you to isolate resources and network configurations?

Virtual Private Cloud

Which services does AWS offer for free? (Choose TWO)

WS Identity and Access Management is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your Users. There is no additional charge for AWS Elastic Beanstalk. You pay for AWS resources (e.g. EC2 instances or S3 buckets) you create to store and run your application. You only pay for what you use, as you use it; there are no minimum fees and no upfront commitments.

What is Amazon RDS?

Web service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, so you can focus on your applications and business.

You have just hired a skilled sys-admin to join your team. As usual, you have created a new IAM user for him to interact with AWS services. On his first day, you ask him to create snapshots of all existing Amazon EBS volumes and save them in a new Amazon S3 bucket. However, the new member reports back that he is unable to create neither EBS snapshots nor S3 buckets. What might prevent him from doing this simple task?

When a new IAM user is created, that user has NO access to any AWS service. This is called a non-explicit deny. For that user, access must be explicitly allowed via IAM permissions.

How is S3 priced?

With Amazon S3, you pay only for the storage you use, with no minimum fee. Prices are based on the location of your Amazon S3 bucket. Storage class Storage size Number of Requests Data transfered out

Which feature enables users to sign in to their AWS accounts with their existing corporate credentials?

With Federation, you can use single sign-on (SSO) to access your AWS accounts using credentials from your corporate directory. Federation uses open standards, such as Security Assertion Markup Language 2.0 (SAML), to exchange identity and security information between an identity provider (IdP) and an application.

You want to run a questionnaire application for only one day (without interruption), which Amazon EC2 purchase option should you use?

With On-Demand instances, you pay for compute capacity by the hour with no long-term commitments. You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified hourly rate for the instances you use. The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. On-Demand instances also remove the need to buy "safety net" capacity to handle periodic traffic spikes. "Dedicated instances" is incorrect. Dedicated instances can be used if you require your instance be physically isolated at the host hardware level from instances that belong to other AWS accounts.

An AWS customer has used one Amazon Linux instance for 2 hours, 5 minutes and 9 seconds, and one Windows instance for 4 hours, 23 minutes and 7 seconds. How much time will the customer be billed for?

With per-second billing in EC2 you pay for only what you use. It takes cost of unused minutes and seconds in an hour off of the bill, so you can focus on improving your applications instead of maximizing usage to the hour. Per-second billing is available for instances launched in Amazon Linux or Ubuntu. For other instances, including Windows, each partial instance-hour consumed will be billed as a full hour. In this case, the customer will be charged for 2 hours, 5 minutes and 9 seconds for the Linux instance, and 5 hours for the Windows instance.

Which of the following is used to control network traffic in AWS?

You can control network traffic in AWS by configuring security groups, network access control lists, and route tables. 1- Security groups: Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. 2- Network access control lists (ACLs): Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. 3- Route Tables: A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.

What does the "Principle of Least Privilege" refer to?

You should grant your users only the permissions they need when they need then and nothing more. he principle of least privilege is one of the most important security practices and it means granting users the required permissions to perform the tasks entrusted to them and nothing more. The security administrator determines what tasks users need to perform and then attaches the policies that allow them to perform only those tasks. You should start with a minimum set of permissions and grant additional permissions when necessary. Doing so is more secure than starting with permissions that are too lenient and then trying to tighten them down.

What is a workload in the AWS Well-Architected Framework?

a set of components that together deliver business value. Is usually the level of detail that business and technology leaders communicate about.

What does AWS Service Catalog provide?

allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures.

What is the AWS Support Concierge Service

assists enterprise customers only with account and billing inquiries.

How do ELBs(Elastic Load Balancing) improve the reliability of your application?

by ensuring that only healthy targets receive traffic.

What is Amazon CloudFront?

global content delivery network (CDN) service that caches content near customers wanting to access your content?

What is architecture in the AWS Well-Architected Framework?

how components work together in a workload. How components communicate and interact is often the focus of architecture diagrams.

What is the Reliability pillar?

includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.

What is the Cost Optimization pillar of AWS?

includes the ability to run systems to deliver business value at the lowest price point.

What is AWS Lambda?

lets you run code without provisioning or managing servers. You pay only for the compute time you consume—there is no charge when your code is not running

What is a Milestone in the AWS Well-Architected Framework?

mark key changes in your architecture as it evolves throughout the product lifecycle (design, testing, go live, and in production).

What is the performance Efficiency pillar?

the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

AWS Partners

the global partner program for technology and consulting businesses who leverage Amazon Web Services to build solutions and services for customers. The APN helps companies build, market, and sell their AWS offerings by providing valuable business, technical, and marketing support.

What is On Demand Pricing?

you pay for compute or database capacity with no long-term commitments or upfront costs

What are the five design principles for cost optimization in the cloud?

• Adopt a consumption model: Pay only for the computing resources that you require and increase or decrease usage depending on business requirements, not by using elaborate forecasting. For example, development and test environments are typically only used for eight hours a day during the work week. You can stop these resources when they are not in use for a potential cost savings of 75% (40 hours versus 168 hours). • Measure overall efficiency: Measure the business output of the workload and the costs associated with delivering it. Use this measure to know the gains you make from increasing output and reducing costs. • Stop spending money on data center operations: AWS does the heavy lifting of racking, stacking, and powering servers, so you can focus on your customers and organization projects rather than on IT infrastructure. • Analyze and attribute expenditure: The cloud makes it easier to accurately identify the usage and cost of systems, which then allows transparent attribution of IT costs to individual workload owners. This helps measure return on investment (ROI) and gives workload owners an opportunity to optimize their resources and reduce costs. • Use managed and application level services to reduce cost of ownership: In the cloud, managed and application level services remove the operational burden of maintaining servers for tasks such as sending email or managing databases. As managed services operate at cloud scale, they can offer a lower cost per transaction or service.

Spot Instances for EC2 Instances are recommended for?

• Applications that have flexible start and end times • Applications that are only feasible at very low compute prices • Users with urgent computing needs for a lot of additional capacity

Amazon EC2 Reserved Instances are recommended for?

• Applications with steady-state usage • Applications that require reserve capacity • Customers who can commit to using EC2 over a 1- or 3-year term to reduce their total computing costs

What should be considered for estimating EC2 costs?

• Clock hours of server time • Instance type - varying combinations of CPU, memory, storage, and networking • Pricing model • Number of instances- An Elastic Load Balancer can be used to distribute traffic among Amazon EC2 Instances • Load balancing • Detailed monitoring (i.e. CloudWatch) • Auto Scaling - Automatically adjusts the number of Amazon EC2 instances in your deployment • Elastic IP addresses • Operating systems and software packages

What are the 4 best practices for cost optimization in the cloud?

• Expenditure Awareness How do you govern usage? How do you monitor usage and cost? How do you decommission resources? • Cost-Effective Resources How do you evaluate cost when you select services? How do you meet cost targets when you select resource type and size? How do you use pricing models to reduce cost? How do you plan for data transfer charges? • Matching supply and demand How do you match supply of resources with demand? • Optimizing Over Time How do you evaluate new services?

What are the 3 best practices areas for reliability in the cloud?

• Foundations - Before architecting any system, foundational requirements that influence reliability should be in place. For example, you must have sufficient network bandwidth to your data center. How do you manage service limits? How do you manage your network topology? • Change Management How does your system adapt to changes in demand? How do you monitor your resources? How do you implement change? • Failure Management How do you back up data? How does your system withstand component failures? How do you test resilience? How do you plan for disaster recovery?

What are the design principles for security in the cloud?

• Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest • Keep people away from data • Prepare for security events:

What are the 6 Operational Excellence Design Principles?

• Perform operations as code • Annotate documentation • Make frequent, small, reversible changes • Refine operations procedures frequently • Anticipate failure • Learn from all operational failures

What are three best practice areas for operational excellence?

• Prepare - shared goals and understanding across the business, development, and operations. How do you determine what your priorities are? How do you design your workload so that you can understand its state? How do you reduce defects, ease remediation, and improve flow into production? How do you mitigate deployment risks? How do you know that you are ready to support a workload? • Operate - Define expected outcomes, determine how success will be measured, and identify the workload and operations metrics that will be used in those calculations to determine if operations are successful. How do you understand the health of your workload? How do you understand the health of your operations? How do you manage workload and operations events? • Evolve - Dedicate work cycles to making continuous incremental improvements. Regularly evaluate and prioritize opportunities for improvement How do you evolve operations?

What are the 4 best practice areas for performance efficiency in the cloud?

• Selection - optimal compute and storage solutions for a particular system may vary based on application design, usage patterns, and configuration settings How do you select the best performing architecture? How do you select your compute solution? How do you select your storage solution? How do you select your database solution? How do you configure your networking solution? • Review - over time new technologies and approaches become available that could improve the performance of your architecture. How do you evolve your workload to take advantage of new releases? • Monitoring - After you have implemented your architecture you will need to monitor its performance so that you can remediate any issues before your customers are aware. How do you monitor your resources to ensure they are performing as expected? • Tradeoffs - Depending on your situation you could trade consistency, durability, and space versus time or latency to deliver higher performance. How do you use tradeoffs to improve performance?

What are the Well-Architected Framework general design principles to facilitate good design in the cloud?

• Stop guessing your capacity needs • Test systems at production scale - create a production-scale test environment on demand, complete your testing, and then decommission the resources • Automate to make architectural experimentation easier - Automation allows you to create and replicate your systems at low cost and avoid the expense of manual effort. You can track changes to your automation, audit the impact, and revert to previous parameters when necessary. • Allow for evolutionary architectures • Drive architectures using data - collect data on how your architectural choices affect the behavior of your workload. This lets you make fact-based decisions on how to improve your workload. • Improve through game days - simulate events in production

On Demand EC2 Instances are recommended for?

• Users who prefer the low cost and flexibility of Amazon EC2 without upfront payment or long-term commitments • Applications with short-term, spiky, or unpredictable workloads that cannot be interrupted • Applications being developed or tested on Amazon EC2 for the first time