AWS Cloud Practitioner Exam Study Guide

Where would you find the AWS Attestation of Compliance Documentation for PCI DSS?

AWS Artifact

AWS Artifact

AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements. AWS Support's site provides general information about compliance, but it does not hold the secure reports or certificates. AWS IAM is used to control security within your AWS Account. Amazon Macie is a data security classification service.

A recent audit has dictated that a company begin keeping a log of AWS Management Console actions and API calls. Which AWS service can help with this?

AWS CloudTrail

You need to visualize, understand, and identify trends for future charges, as well as manage your AWS costs and usage over time. Which AWS tool would you use?

AWS Cost Explorer

You need to stream data in real time for a dashboard application. Which AWS service would you use?

AWS Kinesis

A financial company needs to migrate large amounts of data, at a petabyte scale, to AWS. Which AWS service can perform this type of migration?

AWS Snowball

Which AWS service can help you optimize your AWS environment by giving recommendations to reduce cost, increase performance, and improve security?

AWS Trusted Advisor

The CTO of a software company has requested an executive summary detailing the advantages of a potential move to the AWS Cloud. What can you say is an advantage of an RDS database over a traditional database?

AWS maintains the underlying OS and performs software patching on the database.

CloudFront

Amazon CloudFront is a content delivery network that speeds up the delivery of content to your users.

Which of the following are classified as migration services?

1. AWS Snowball 2. AWS Application Discovery Service

Which of the following can be specified as an origin when creating a CloudFront distribution?

1. An S3 Bucket 2. A domain name 3. An elastic load balancer

How can a customer with the Enterprise Support plan get help with billing and account questions?

1. Contact the Support Concierge team. 2. Use the AWS Support API to programmatically open a case with AWS Support.

A company wants to ensure all AWS accounts in their environment conform to company-wide policies. Which services can help?

1. Control Tower 2. Organizations

By default, what can a private subnet communicate with?

1. Public subnets in the same VPC 2. Other private subnets in the same VPC

A company is considering migrating its applications to AWS. Which costs should the company consider when comparing its on-premises total cost of ownership (TCO) to the TCO when running on AWS?

1. Software license costs 2. Hardware and infrastructure 3. Data center cooling, power, and space requirements

Which of the following support services do all accounts receive as part of the AWS Support Basic tier?

Billing support

How can Auto Scaling help your resources handle changes on demand?

By adding or removing EC2 instances from your EC2 fleet based on conditions you specify

A company has an application with user bases in both Australia and Canada. The company has deployed their application to servers currently provisioned in the Canada (Central) Region. Unfortunately, Australian users are experiencing high latency and slow download times. How can the company reduce latency?

Provision resources to the Asia Pacific (Sydney) Region in Australia.

A company is considering the cloud deployment models when planning a new application. Which deployment model allows the company to fully stop spending money running and maintaining data centers?

Public cloud

Which of the following is AWS' data warehousing service?

Redshift

Which is the most efficient AWS feature that allows a company to restrict IAM users from making changes to a common administrator IAM role created in all accounts in their organization?

Service control policies (SCPs)

AWS Pricing Calculator.

The Pricing Calculator provides an estimate of AWS fees and charges. Since the company knows the workload details, the AWS Pricing Calculator can also help with calculating the total cost of ownership.

A company is migrating its workloads to AWS. Which tool will help the company estimate their potential cloud bill and calculate their overall total cost of ownership (TCO) based on their current workloads?

The company can use the AWS Pricing Calculator.

Which of the following is correct regarding the number of Regions, Availability Zones, edge locations, and data centers?

There are more Availability Zones than Regions.

AWS Trusted Advisor

Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.

You are managing the company's AWS account. The current support plan is Basic, but you would like to begin using Infrastructure Event Management. What support plan (that already includes Infrastructure Event Management without an additional fee) should you upgrade to?

Upgrade to Enterprise plan.

Enterprise

Enterprise Support provides access to a Technical Account Manager (TAM) who helps coordinate access to subject matter experts among other things.

When talking about AWS security, what does "authentication" refer to?

Identifying who is accessing the system

When you upload an object to S3 storage, where will AWS keep it?

In multiple Availability Zones within the Region you select

Which service powers the creation of encrypted EBS volumes for Amazon EC2?

Key Management Service (KMS)

A company with a popular website would like to analyze website clickstreams in real time to determine site usability. How can they obtain the data in real time for analysis?

Kinesis

AWS Kinesis

Kinesis allows you to analyze data and video streams in real time.

A customer is on the Enterprise Support plan, and they've reported a business-critical system down support case. What is the guaranteed response time from AWS Support?

Less than 15 minutes

A company would like to add a support chatbot to the help page on their website. Which service will allow the users to build a conversational interface using voice and text?

Lex

Lex

Lex helps you build conversational interfaces like chatbots.

Edge location

An edge location uses cached copies of your content for fast delivery to users. Don't forget CloudFront speeds up delivery using edge locations.

A developer would like to build a serverless application but doesn't want to install files or configure their local development machine. Which service will allow the developer to build the application by writing code in a web browser?

Cloud9

Which of the following is an AWS Well-Architected Framework design principle related to operational excellence?

Deploy smaller, reversible changes.

Which of the following are regarded as regional services in AWS? (Select TWO.)

1. Amazon EFS 2. AWS Batch

A company with a business-critical application needs to ensure business continuity and that they will not be impacted by capacity restraints in a given Region. How can the company ensure this?

1. Convertible Reserved Instance (RI) with a capacity reservation 2. Standard Reserved Instance (RI) with a capacity reservation 3. On-demand capacity reservation

Which of the following is a shared control of the AWS shared responsibility model?

Awareness and training

What is the most efficient way for a customer to continuously monitor CloudTrail event logs, Amazon VPC Flow Logs, and DNS logs looking for unauthorized behavior?

GuardDuty

A company is launching a new product and needs help with assessing its operational readiness and identifying and mitigating risks. Which feature of the Enterprise Support plan provides this?

Infrastructure Event Management

You have 2 software systems that need to communicate, and you also need to ensure messages are not lost between them. Which AWS service can help meet these requirements?

SQS

AWS SQS

SQS is a message queuing service that allows you to build loosely coupled systems.

A MariaDB RDS database is known to have high memory consumption during peak hours which deteriorates the overall performance of your application. What cost-effective change can you introduce to resolve this issue if the database is handling write-intensive operations?

Scale the instance vertically to a higher memory capacity

APN Consulting Partners

professional services firms that help customers of all sizes design, architect, migrate, or build new applications on AWS. Consulting Partners include System Integrators (SIs), Strategic Consultancies, Resellers, Digital Agencies, Managed Service Providers (MSPs), and Value-Added Resellers (VARs).

APN Technology Partners

provide software solutions that are either hosted on, or integrated with, the AWS platform. Technology Partners include Independent Software Vendors (ISVs), SaaS, PaaS, developer tools, management and security vendors.

A developer is building a new application and is given the option to deploy the application on-premises or to the AWS Cloud. What benefits does the AWS Cloud provide over an on-premises deployment?

1. Ability to focus on building the application instead of managing servers 2. Ability to grow and shrink computing capacity based on demand 3. Ability to pay-as-you-go without upfront contracts or long-term commitments

Which of the following statements are true about who can use IAM roles?

1. An IAM user in a different AWS account than the role. 2. A web service offered by AWS. 3. An IAM user in the same AWS account as the role.

A popular company that sells products online just experienced a distributed denial-of-service (DDoS) attack that consumed all available bandwidth on their network and didn't allow legitimate requests to be processed. Which AWS services can the company integrate and combine going forward to prevent future attacks?

1. CloudFront 2. Web Application Firewall (WAF) 3. AWS Shield 4. Route 53

A huge department store sells products online and in-person. Most of their customers use credit cards instead of cash when making purchases. For security purposes, the credit card data must be encrypted at rest. Which services allow the department store to generate and store the encryption key used to secure the credit card numbers?

1. CloudHSM 2. Key Management Service (KMS)

Which of the following are best practices when it comes to securing your AWS account?

1. Delete your root access keys. 2. Activate MFA on the root account 3. Use groups to assign permissions 4. Create individual IAM users 5. Apply an IAM password policy

In order to improve fault tolerance, you would like to begin using services that provide fault tolerance. Which AWS services provide automatic replication across Availability Zones?

1. DynamoDb 2. S3

Which services can host a MariaDB database?

1. EC2 2. RDS

A development team wants to gain full observability into the health of their applications and instances in order to provide the best service level to users of their applications. Which services can help them monitor the health of their applications and instances?

1. Elastic Load Balancing 2. Elastic Beanstalk 3. Route 53

A company is using Trusted Advisor to ensure they are following AWS best practices. What real-time guidance does Trusted Advisor provide?

1. Exposed access keys 2. S3 bucket permissions for public access 3. Low utilization on EC2 instances

Which of the following are advantages of Cloud Computing?

1. Increase speed and agility. 2. Trade capital expense for variable expense.

Which of the following engines are classified as relational databases on AWS?

1. MariaDB 2. Aurora

Which of the following are pillars found in the AWS Well-Architected Framework?

1. Operational Excellence 2. Cost Optimization

Which of the following database migrations are classified as heterogeneous?

1. Oracle to Amazon Aurora PostgreSQL 2. Microsoft SQL Server to Amazon Aurora PostgreSQL

For which of the below is S3 a suitable storage solution?

1. Pictures 2. Documents

An independent developer needs help with monitoring service limits to ensure they don't exceed free-tier usage on their account. Which services will help them monitor service limits?

1. Trusted Advisor 2. CloudWatch

You want to streamline access management for your AWS administrators by assigning them a pre-defined set of permissions based on their job role. Which options below are the best way to approach this?

1. Use IAM groups 2. Use IAM policies

How can a customer with the Enterprise Support plan get help with billing and account questions?

1. Use the AWS Support API to programmatically open a case with AWS Support. 2. Contact the Support Concierge team.

A company is using CloudTrail to simplify operational analysis and troubleshooting. When tracking user activity, which content fields does CloudTrail track when a user accesses the AWS Management Console?

1. Username 2. Region

A company is developing a new web application that has high availability requirements. How can the company increase availability when deploying the application?

1. Utilize a multi-Region deployment when deploying the application. 2. Deploy the application to span across multiple Availability Zones (AZs).

You have upgraded your AWS Support plan to the Business Support level. What is true of the Business Support plan?

< 1 hour response time support when your production system goes down.

Region

A Region is a geographical area of the world that is a collection of data centers logically grouped into Availability Zones.

Key Management Service (KMS)

A managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.

AWS Partner Network (APN) Consulting Partners

APN Consulting Partners include professional services organizations like system integrators, strategic consultancies, agencies, managed service providers (MSPs), and value-added resellers. In this case, we would engage a Consulting Partner to help us deploy a new system to the AWS Cloud.

Service control policies (SCPs)

AWS Organizations provides central governance and management for multiple accounts. Organization SCPs allow you to create permissions guardrails that apply to all accounts within a given organization.

A small company has purchased a new system which they want to deploy in the AWS Cloud but does not have anyone with the required AWS skill set to perform the deployment. Which service can help with this?

AWS Partner Network (APN) Consulting Partners

A company is planning to launch a new system in AWS but they do not have an employee who has AWS-related expertise. Which of the following AWS channels can instead help the company design, architect, build, migrate, and manage their workloads and applications on AWS?

AWS Partner Network Consulting Partners

Which of the following provides software solutions that are either hosted on or integrated with the AWS platform which may include Independent Software Vendors (ISVs), SaaS, PaaS, developer tools, management, and security vendors?

AWS Partner Network Technology Partners

After experiencing unusual behavior in your AWS account, you need to determine if there are any issues with AWS that may be affecting your account. What section of the AWS Management Console helps you inspect account alerts and find remediation guidance for your account?

AWS Personal Health Dashboard

Which of the following AWS services gives you a personalized view of the performance and availability of the AWS services underlying your AWS resources, alerting you and providing remediation guidance when AWS is experiencing events that may affect you?

AWS Personal Health Dashboard

AWS Personal Health Dashboard

AWS Personal Health Dashboard gives you a personalized view of the performance and availability of the AWS services underlying your AWS resources.

You would like to set up a loosely coupled architecture. Which service would allow you to send and receive messages and store them if they are not consumed immediately?

AWS SQS

Which of the following AWS services can help you assess the fault tolerance of your AWS environment?

AWS Trusted Advisor

A gaming company is using the AWS Developer Tools suite to develop, build, and deploy their applications. Which AWS service can be used to trace user requests from end to end through the application?

AWS X-Ray

AWS X-Ray

AWS X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application's underlying components. You can use X-Ray to analyze from simple three-tier applications to complex microservices applications consisting of thousands of services.

Developers in your company need to interact with AWS from the Command Line Interface. Which security item will you need to provide to the developers?

Access key

You have a MySQL database that you want to migrate to the cloud, and you need it to be significantly faster there. You are looking for a speed increase up to 5 times the current performance. Which AWS offering could you use?

Amazon Aurora

CloudFront

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds, all within a developer-friendly environment.

Your sales operations group would like to perform monthly analyses on large amounts of sales activity. They want to be able to rank the performance of different territories, product categories, and sales channels. They will use visualization tools to generate graphical representations of the data. Which AWS service will provide the best solution for storing the sales data?

Amazon Redshift

Amazon Redshift

Amazon Redshift provides the best solution for performing queries based on a predefined set of dimensions. Redshift organizes data for high performance based on user-specified distribution schemes. Amazon ElastiCache provides in-memory performance, but no data organization assistance. Amazon Aurora and Amazon DynamoDB are good solutions, but Redshift's columnar storage gives it the edge.

Amazon Aurora

Aurora is a relational database compatible with MySQL and PostgreSQL that was created by AWS.

A company would like to call AWS support to open cases when issues arise. What's the minimum support plan they need to subscribe to in order to have telephone access?

Business Support

AWS Trusted Advisor provides checks and recommended actions. Which of the following is not one of those checks?

Checks to determine if an administrative user is used instead of the root account

Cloud9

Cloud9 allows application developers to write code within an integrated development environment (IDE) from within their web browser.

Which of the following is an AWS global service?

CloudFront

Which of the following services helps you deliver content to your customers faster?

CloudFront

Which service allows users to record software configuration changes within servers running on-premises over time?

Config

Config

Config allows you to assess, audit, and evaluate the configurations of your resources over time. Config works with EC2 instances, servers running on-premises, and servers and VMs in environments provided by other cloud providers.

When configuring an Application Load Balancer (ALB), what step should you take to ensure a highly available architecture?

Configure the load balancer to serve traffic to multiple Availability Zones.

You need to track your AWS costs on a detailed level. Which tool will allow you to do this?

Cost Allocation Tags

AWS Cost Explorer

Cost Explorer allows you to visualize and forecast your costs and usage over time.

A company has designed a hybrid architecture and needs to connect its on-premises database to an application running on an EC2 instance in the AWS cloud using a fast, private, and secure manner. Which method allows the company to securely connect on-premises to the cloud?

Direct Connect

An on-premises application requires a consistent, high-speed connection to the AWS Cloud environment that is better than an internet-based connection. Which AWS service can provide this connection?

Direct Connect

Direct Connect

Direct Connect is a private (bypasses the public internet), dedicated physical network connection from your on-premises data center to AWS. Since the connection is private, it is extremely fast.

Which of the following best describes DynamoDB?

DynamoDB is a NoSQL database.

Which AWS service is specifically designed to assist you in processing large datasets?

EMR

EMR

EMR is a service that makes it easy to process large amounts of data efficiently.

A solutions architect is designing a new application for a customer. In designing the system, the architect recommends that content be cached to reduce latency to the end user. Which piece of the AWS global infrastructure allows for content to be cached and served from the nearest point to the user?

Edge location

In which of the following is CloudFront content cached?

Edge location

Edge location

Edge locations consist of over 200+ points of presence around the world that provide fast entry into Amazon's global network. Because of how widespread they are, users can connect to their nearest edge location and have their traffic sent through Amazon's fast global network to reach the resources it needs sooner. This is how CloudFront's caching mechanism works. There are far less Availability Zones and Regions than edge locations, which is why CloudFront does not use them for caching content.

When analyzing application performance, a developer realizes the queries to the database are taking a long time. What can the developer implement to store common queries and improve performance?

ElastiCache

ElastiCache

ElastiCache helps you alleviate database load for data that is accessed often. ElastiCache is a great way to cache common queries.

A company would like someone to help them coordinate access to AWS subject matter experts when they need help. Which support plan do they need to have?

Enterprise

Which of the following best describes a system that will remain operational even in the event of a component failure?

Fault tolerant

A healthcare agency needs to store certain patient information for up to 10 years. To save cost, they want to archive this data to cheaper storage. The data needs to be retrieved within 12 hours. Which is the cheapest option?

Glacier Deep Archive

A solutions architect is designing a system to withstand the failure of one or more components. What type of system is able to withstand failure?

Highly available

Highly available

Highly available systems are designed to operate continuously without failure for a long time. These systems avoid loss of service by reducing or managing failures.

A company is considering establishing a dedicated network connection from their on-premises data center to their AWS Cloud environment. They want a private connection that provides a more consistent network experience than the internet. Which cloud type gives access to the cloud from on-premises infrastructure?

Hybrid cloud

Which of the following is an AWS global service?

IAM

When you pay a subscription fee to a hosting company to serve your website on an instance you manage, which cloud computing model are you using?

Infrastructure as a Service (IaaS)

Several EC2 instances in a public subnet need internet access. Which will you configure as 1 step in granting internet access?

Internet gateway

Which of the following is AWS' event-driven, serverless compute service?

Lambda

A company would like to reduce operational overhead when operating AWS infrastructure. Which service can help them do this?

Managed Services

Managed Services

Managed Services helps you efficiently operate your AWS infrastructure and reduces operational risks and overhead.

You have a mission-critical application that must be globally available at all times. Which deployment strategy should you follow?

Multi-Region

How can a customer on the Developer Support plan open a system impaired support case?

Open a technical support case via email.

Which pillar of the Well-Architected Framework encourages the use of CloudFormation?

Operational excellence

What pillar of the Well-Architected Framework would include the use of information gathered through a workload process evaluation to drive adoption of new services or resources when they become available?

Performance Efficiency

In Identity and Access Management (IAM), which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS?

Principal

An EC2 instance in your VPC needs which of the following for the internet gateway to route its traffic to the internet?

Public IP address

You need to set up a data warehouse on AWS for financial/actuary data. Which AWS service will you use?

Redshift

What is a geographical area of the world that is a collection of logically grouped data centers?

Region

You have infrequently accessed data in S3 buckets that you want to transfer to Glacier. What can you use in AWS to do this?

S3 Lifecycle policy

Which of the following options below is solely the responsibility of the customer in accordance with the AWS shared responsibility model?

Service and Communications Protection or Zone Security

You want to use an AWS service that enables you to notify select Tech Support members in your company (via email) of any cloud-related issues to attend to. Which of the following services will accomplish that?

Simple Notification Service

AWS Snowball

Snowball is a petabyte-scale data transport solution.

A customer is migrating their on-premises data center to AWS and has bandwidth constraints. Which service allows them to transport exabyte-scale datasets into AWS in a cost-effective and secure manner?

Snowmobile

A company would like to implement a hybrid storage model where they connect on-premises data storage to storage in the AWS Cloud in order to move their backups to the cloud. What is the best and most efficient way to achieve this?

Storage Gateway

Storage Gateway

Storage Gateway is a hybrid storage service that allows you to connect on-premises and cloud data.

Upon attempting to create an additional S3 bucket, you realize you have reached your S3 bucket limit in your AWS account. You anticipate creating even more S3 buckets in the future for your photos and documents. Which of the following is the quickest solution?

Submit a service limit increase.

Billing support

The AWS Support Basic tier is the free support given to all AWS accounts. All accounts receive billing support, because every customer needs an avenue to lodge disputes or make requests around their billing.

Snowmobile

The Snow Family allows you to transfer large amounts of on-premises data to AWS using a physical device. Snowmobile transports multi-petabyte or exabyte-scale data.

A developer deployed an application that consisted of 1 Lambda function, a DynamoDB table, and a firewall using Web Application Firewall (WAF) via the AWS Command Line Interface (CLI). When attempting to access the application's resources via the AWS Management Console, the developer cannot find the Lambda function or DynamoDB table. What could be the problem?

The developer is probably in a different Region from where the resources were initially deployed.

Performance Efficiency

This Performance Efficiency pillar focuses on the effective use of resources to meet demand. In this pillar, you would use the information gathered through the evaluation process to actively drive adoption of new services or resources. You would also define a process to improve workload performance, and you would need to stay up-to-date on new resources and services.

A company ingests data to S3 using Kinesis. What is the easiest way for the company to run ad hoc SQL queries against the data in S3 without the need to manage servers?

Use Athena.

A retail company has EC2 On-Demand Instances running to serve customer transactions. There is a set pattern of traffic where demand is high at 2 points in the day, but the instances sit idle for much of the day. What is a good way to optimize these resources?

Use an Auto Scaling group to scale out and in based on demand.

A company wants to provide access to an Amazon S3 bucket to all applications running on a Reserved Instance (RI) that's been assigned to a specific Availability Zone. What's the best way to give S3 access to all applications running on the EC2 instance?

Use an instance profile to pass an IAM role with Amazon S3 permissions to the EC2 instance

Hybrid cloud

With the hybrid cloud, some resources run in the cloud while others run on-premises. This means resources run in the AWS Cloud and your internal data center.

S3 Lifecycle policy

You can add rules in an S3 Lifecycle configuration to tell Amazon S3 to transition objects to another Amazon S3 storage class. For example: When you know objects are infrequently accessed, you might transition them to the S3 Standard-IA storage class. You might want to archive objects that you don't need to access in real time to the S3 Glacier storage class.

Amazon EFS

a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability. Amazon EC2 instances can access your file system across AZs, regions, and VPCs, while on-premises servers can access using AWS Direct Connect or AWS VPN.

AWS Batch

a regional service that simplifies running batch jobs across multiple Availability Zones within a region. You can create AWS Batch compute environments within a new or existing VPC. After a compute environment is up and associated with a job queue, you can define job definitions that specify which Docker container images to run your jobs.

AWS Infrastructure Event Management

a structured program available to Enterprise Support customers (and Business Support customers for an additional fee) that helps you plan for large-scale events, such as product or application launches, infrastructure migrations, and marketing events.