AWS Cloud Practitioner Exam Study Guide
Key Management Service (KMS)
A managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.
AWS Partner Network (APN) Consulting Partners
APN Consulting Partners include professional services organizations like system integrators, strategic consultancies, agencies, managed service providers (MSPs), and value-added resellers. In this case, we would engage a Consulting Partner to help us deploy a new system to the AWS Cloud.
Where would you find the AWS Attestation of Compliance Documentation for PCI DSS?
AWS Artifact
AWS Artifact
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements. AWS Support's site provides general information about compliance, but it does not hold the secure reports or certificates. AWS IAM is used to control security within your AWS Account. Amazon Macie is a data security classification service.
A recent audit has dictated that a company begin keeping a log of AWS Management Console actions and API calls. Which AWS service can help with this?
AWS CloudTrail
You need to visualize, understand, and identify trends for future charges, as well as manage your AWS costs and usage over time. Which AWS tool would you use?
AWS Cost Explorer
You need to stream data in real time for a dashboard application. Which AWS service would you use?
AWS Kinesis
Service control policies (SCPs)
AWS Organizations provides central governance and management for multiple accounts. Organization SCPs allow you to create permissions guardrails that apply to all accounts within a given organization.
A small company has purchased a new system which they want to deploy in the AWS Cloud but does not have anyone with the required AWS skill set to perform the deployment. Which service can help with this?
AWS Partner Network (APN) Consulting Partners
After experiencing unusual behavior in your AWS account, you need to determine if there are any issues with AWS that may be affecting your account. What section of the AWS Management Console helps you inspect account alerts and find remediation guidance for your account?
AWS Personal Health Dashboard
You would like to set up a loosely coupled architecture. Which service would allow you to send and receive messages and store them if they are not consumed immediately?
AWS SQS
A financial company needs to migrate large amounts of data, at a petabyte scale, to AWS. Which AWS service can perform this type of migration?
AWS Snowball
Which AWS service can help you optimize your AWS environment by giving recommendations to reduce cost, increase performance, and improve security?
AWS Trusted Advisor
Which of the following AWS services can help you assess the fault tolerance of your AWS environment?
AWS Trusted Advisor
The CTO of a software company has requested an executive summary detailing the advantages of a potential move to the AWS Cloud. What can you say is an advantage of an RDS database over a traditional database?
AWS maintains the underlying OS and performs software patching on the database.
You have a MySQL database that you want to migrate to the cloud, and you need it to be significantly faster there. You are looking for a speed increase up to 5 times the current performance. Which AWS offering could you use?
Amazon Aurora
CloudFront
Amazon CloudFront is a content delivery network that speeds up the delivery of content to your users.
CloudFront
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds, all within a developer-friendly environment.
Which of the following are classified as migration services?
1. AWS Snowball 2. AWS Application Discovery Service
A developer is building a new application and is given the option to deploy the application on-premises or to the AWS Cloud. What benefits does the AWS Cloud provide over an on-premises deployment?
1. Ability to focus on building the application instead of managing servers 2. Ability to grow and shrink computing capacity based on demand 3. Ability to pay-as-you-go without upfront contracts or long-term commitments
Which of the following can be specified as an origin when creating a CloudFront distribution?
1. An S3 Bucket 2. A domain name 3. An elastic load balancer
A popular company that sells products online just experienced a distributed denial-of-service (DDoS) attack that consumed all available bandwidth on their network and didn't allow legitimate requests to be processed. Which AWS services can the company integrate and combine going forward to prevent future attacks?
1. CloudFront 2. Web Application Firewall (WAF) 3. AWS Shield 4. Route 53
A huge department store sells products online and in-person. Most of their customers use credit cards instead of cash when making purchases. For security purposes, the credit card data must be encrypted at rest. Which services allow the department store to generate and store the encryption key used to secure the credit card numbers?
1. CloudHSM 2. Key Management Service (KMS)
How can a customer with the Enterprise Support plan get help with billing and account questions?
1. Contact the Support Concierge team. 2. Use the AWS Support API to programmatically open a case with AWS Support.
A company wants to ensure all AWS accounts in their environment conform to company-wide policies. Which services can help?
1. Control Tower 2. Organizations
A company with a business-critical application needs to ensure business continuity and that they will not be impacted by capacity restraints in a given Region. How can the company ensure this?
1. Convertible Reserved Instance (RI) with a capacity reservation 2. Standard Reserved Instance (RI) with a capacity reservation 3. On-demand capacity reservation
Which of the following are best practices when it comes to securing your AWS account?
1. Delete your root access keys. 2. Activate MFA on the root account 3. Use groups to assign permissions 4. Create individual IAM users 5. Apply an IAM password policy
A company is using Trusted Advisor to ensure they are following AWS best practices. What real-time guidance does Trusted Advisor provide?
1. Exposed access keys 2. S3 bucket permissions for public access 3. Low utilization on EC2 instances
Which of the following engines are classified as relational databases on AWS?
1. MariaDB 2. Aurora
Which of the following are pillars found in the AWS Well-Architected Framework?
1. Operational Excellence 2. Cost Optimization
Which of the following database migrations are classified as heterogeneous?
1. Oracle to Amazon Aurora PostgreSQL 2. Microsoft SQL Server to Amazon Aurora PostgreSQL
By default, what can a private subnet communicate with?
1. Public subnets in the same VPC 2. Other private subnets in the same VPC
A company is considering migrating its applications to AWS. Which costs should the company consider when comparing its on-premises total cost of ownership (TCO) to the TCO when running on AWS?
1. Software license costs 2. Hardware and infrastructure 3. Data center cooling, power, and space requirements
An independent developer needs help with monitoring service limits to ensure they don't exceed free-tier usage on their account. Which services will help them monitor service limits?
1. Trusted Advisor 2. CloudWatch
A company is using CloudTrail to simplify operational analysis and troubleshooting. When tracking user activity, which content fields does CloudTrail track when a user accesses the AWS Management Console?
1. Username 2. Region
A company is developing a new web application that has high availability requirements. How can the company increase availability when deploying the application?
1. Utilize a multi-Region deployment when deploying the application. 2. Deploy the application to span across multiple Availability Zones (AZs).
You have upgraded your AWS Support plan to the Business Support level. What is true of the Business Support plan?
< 1 hour response time support when your production system goes down.
Your sales operations group would like to perform monthly analyses on large amounts of sales activity. They want to be able to rank the performance of different territories, product categories, and sales channels. They will use visualization tools to generate graphical representations of the data. Which AWS service will provide the best solution for storing the sales data?
Amazon Redshift
Amazon Redshift
Amazon Redshift provides the best solution for performing queries based on a predefined set of dimensions. Redshift organizes data for high performance based on user-specified distribution schemes. Amazon ElastiCache provides in-memory performance, but no data organization assistance. Amazon Aurora and Amazon DynamoDB are good solutions, but Redshift's columnar storage gives it the edge.
Which of the following support services do all accounts receive as part of the AWS Support Basic tier?
Billing support
How can Auto Scaling help your resources handle changes on demand?
By adding or removing EC2 instances from your EC2 fleet based on conditions you specify
A company has an application with user bases in both Australia and Canada. The company has deployed their application to servers currently provisioned in the Canada (Central) Region. Unfortunately, Australian users are experiencing high latency and slow download times. How can the company reduce latency?
Provision resources to the Asia Pacific (Sydney) Region in Australia.
A company is considering the cloud deployment models when planning a new application. Which deployment model allows the company to fully stop spending money running and maintaining data centers?
Public cloud
Which of the following is AWS' data warehousing service?
Redshift
You have 2 software systems that need to communicate, and you also need to ensure messages are not lost between them. Which AWS service can help meet these requirements?
SQS
AWS SQS
SQS is a message queuing service that allows you to build loosely coupled systems.
Which is the most efficient AWS feature that allows a company to restrict IAM users from making changes to a common administrator IAM role created in all accounts in their organization?
Service control policies (SCPs)
You want to use an AWS service that enables you to notify select Tech Support members in your company (via email) of any cloud-related issues to attend to. Which of the following services will accomplish that?
Simple Notification Service
AWS Snowball
Snowball is a petabyte-scale data transport solution.
A customer is migrating their on-premises data center to AWS and has bandwidth constraints. Which service allows them to transport exabyte-scale datasets into AWS in a cost-effective and secure manner?
Snowmobile
Upon attempting to create an additional S3 bucket, you realize you have reached your S3 bucket limit in your AWS account. You anticipate creating even more S3 buckets in the future for your photos and documents. Which of the following is the quickest solution?
Submit a service limit increase.
AWS Pricing Calculator.
The Pricing Calculator provides an estimate of AWS fees and charges. Since the company knows the workload details, the AWS Pricing Calculator can also help with calculating the total cost of ownership.
Snowmobile
The Snow Family allows you to transfer large amounts of on-premises data to AWS using a physical device. Snowmobile transports multi-petabyte or exabyte-scale data.
A company is migrating its workloads to AWS. Which tool will help the company estimate their potential cloud bill and calculate their overall total cost of ownership (TCO) based on their current workloads?
The company can use the AWS Pricing Calculator.
A developer deployed an application that consisted of 1 Lambda function, a DynamoDB table, and a firewall using Web Application Firewall (WAF) via the AWS Command Line Interface (CLI). When attempting to access the application's resources via the AWS Management Console, the developer cannot find the Lambda function or DynamoDB table. What could be the problem?
The developer is probably in a different Region from where the resources were initially deployed.
Which of the following is correct regarding the number of Regions, Availability Zones, edge locations, and data centers?
There are more Availability Zones than Regions.
AWS Trusted Advisor
Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.
You are managing the company's AWS account. The current support plan is Basic, but you would like to begin using Infrastructure Event Management. What support plan (that already includes Infrastructure Event Management without an additional fee) should you upgrade to?
Upgrade to Enterprise plan.
A company wants to provide access to an Amazon S3 bucket to all applications running on a Reserved Instance (RI) that's been assigned to a specific Availability Zone. What's the best way to give S3 access to all applications running on the EC2 instance?
Use an instance profile to pass an IAM role with Amazon S3 permissions to the EC2 instance
Which service allows users to record software configuration changes within servers running on-premises over time?
Config
Config
Config allows you to assess, audit, and evaluate the configurations of your resources over time. Config works with EC2 instances, servers running on-premises, and servers and VMs in environments provided by other cloud providers.
When configuring an Application Load Balancer (ALB), what step should you take to ensure a highly available architecture?
Configure the load balancer to serve traffic to multiple Availability Zones.
AWS Cost Explorer
Cost Explorer allows you to visualize and forecast your costs and usage over time.
Enterprise
Enterprise Support provides access to a Technical Account Manager (TAM) who helps coordinate access to subject matter experts among other things.
A solutions architect is designing a system to withstand the failure of one or more components. What type of system is able to withstand failure?
Highly available
Highly available
Highly available systems are designed to operate continuously without failure for a long time. These systems avoid loss of service by reducing or managing failures.
A company is considering establishing a dedicated network connection from their on-premises data center to their AWS Cloud environment. They want a private connection that provides a more consistent network experience than the internet. Which cloud type gives access to the cloud from on-premises infrastructure?
Hybrid cloud
Which of the following is an AWS global service?
IAM
When talking about AWS security, what does "authentication" refer to?
Identifying who is accessing the system
When you upload an object to S3 storage, where will AWS keep it?
In multiple Availability Zones within the Region you select
A company is launching a new product and needs help with assessing its operational readiness and identifying and mitigating risks. Which feature of the Enterprise Support plan provides this?
Infrastructure Event Management
Which service powers the creation of encrypted EBS volumes for Amazon EC2?
Key Management Service (KMS)
A company with a popular website would like to analyze website clickstreams in real time to determine site usability. How can they obtain the data in real time for analysis?
Kinesis
AWS Kinesis
Kinesis allows you to analyze data and video streams in real time.
A customer is on the Enterprise Support plan, and they've reported a business-critical system down support case. What is the guaranteed response time from AWS Support?
Less than 15 minutes
A company would like to add a support chatbot to the help page on their website. Which service will allow the users to build a conversational interface using voice and text?
Lex
Lex
Lex helps you build conversational interfaces like chatbots.
A company would like to reduce operational overhead when operating AWS infrastructure. Which service can help them do this?
Managed Services
Managed Services
Managed Services helps you efficiently operate your AWS infrastructure and reduces operational risks and overhead.
How can a customer on the Developer Support plan open a system impaired support case?
Open a technical support case via email.
Edge location
An edge location uses cached copies of your content for fast delivery to users. Don't forget CloudFront speeds up delivery using edge locations.
Amazon Aurora
Aurora is a relational database compatible with MySQL and PostgreSQL that was created by AWS.
A developer would like to build a serverless application but doesn't want to install files or configure their local development machine. Which service will allow the developer to build the application by writing code in a web browser?
Cloud9
Cloud9
Cloud9 allows application developers to write code within an integrated development environment (IDE) from within their web browser.
Which of the following is an AWS global service?
CloudFront
Which of the following services helps you deliver content to your customers faster?
CloudFront
Which of the following is an AWS Well-Architected Framework design principle related to operational excellence?
Deploy smaller, reversible changes.
A company has designed a hybrid architecture and needs to connect its on-premises database to an application running on an EC2 instance in the AWS cloud using a fast, private, and secure manner. Which method allows the company to securely connect on-premises to the cloud?
Direct Connect
An on-premises application requires a consistent, high-speed connection to the AWS Cloud environment that is better than an internet-based connection. Which AWS service can provide this connection?
Direct Connect
Direct Connect
Direct Connect is a private (bypasses the public internet), dedicated physical network connection from your on-premises data center to AWS. Since the connection is private, it is extremely fast.
Which of the following best describes DynamoDB?
DynamoDB is a NoSQL database.
A solutions architect is designing a new application for a customer. In designing the system, the architect recommends that content be cached to reduce latency to the end user. Which piece of the AWS global infrastructure allows for content to be cached and served from the nearest point to the user?
Edge location
In which of the following is CloudFront content cached?
Edge location
Edge location
Edge locations consist of over 200+ points of presence around the world that provide fast entry into Amazon's global network. Because of how widespread they are, users can connect to their nearest edge location and have their traffic sent through Amazon's fast global network to reach the resources it needs sooner. This is how CloudFront's caching mechanism works. There are far less Availability Zones and Regions than edge locations, which is why CloudFront does not use them for caching content.
When analyzing application performance, a developer realizes the queries to the database are taking a long time. What can the developer implement to store common queries and improve performance?
ElastiCache
ElastiCache
ElastiCache helps you alleviate database load for data that is accessed often. ElastiCache is a great way to cache common queries.
A company would like someone to help them coordinate access to AWS subject matter experts when they need help. Which support plan do they need to have?
Enterprise
Hybrid cloud
With the hybrid cloud, some resources run in the cloud while others run on-premises. This means resources run in the AWS Cloud and your internal data center.
AWS Infrastructure Event Management
a structured program available to Enterprise Support customers (and Business Support customers for an additional fee) that helps you plan for large-scale events, such as product or application launches, infrastructure migrations, and marketing events.