AWS Practice Exam 2
What are the default security credentials that are required to access the AWS management console for an IAM user account? Security tokens Access keys A user name and password MFA
The AWS Management Console allows you to access and manage Amazon Web Services through a simple and intuitive web-based user interface. You can only access the AWS management console if you have a valid user name and password.
Which of the following services will help businesses ensure compliance in AWS? CloudEndure Migration CloudTrail CloudWatch CloudFront
AWS CloudTrail is designed to log all actions taken in your AWS account. This provides a great resource for governance, compliance, and risk auditing.
What does Amazon Elastic Beanstalk provide? A NoSQL database service A compute engine for Amazon ECS A scalable file storage solution for use with AWS and on-premises servers A PaaS solution to automate application deployment
AWS Elastic Beanstalk is an application container on top of Amazon Web Services. Elastic Beanstalk makes it easy for developers to quickly deploy and manage applications in the AWS Cloud. Developers simply upload their application code, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. PAAS
Which AWS services can be used to improve the performance of a global application and reduce latency for its users? (Choose TWO) AWS Glue Amazon CloudFront AWS Global accelerator AWS Direct Connect AWS KMS
AWS Global Accelerator and CloudFront are two separate services that use the AWS global network and its edge locations around the world. Amazon CloudFront improves performance for global applications by caching content at the closest Edge Location to end-users. AWS Global Accelerator improves performance for global applications by routing end-user requests to the closest AWS Region. Amazon CloudFront improves performance for both cacheable (e.g., images and videos) and dynamic content (e.g. dynamic site delivery). Global Accelerator is a good fit for specific use cases, such as gaming, IoT or Voice over IP.
What is the AWS serverless service that allows you to run your applications without any administrative burden? Amazon LightSail Amazon EC2 instances Amazon RDS instances AWS Lambda
AWS Lambda is an AWS-managed compute service. It lets you run code without provisioning or managing servers. With Lambda, you can run code for virtually any type of application or backend service - all with zero administration. Just upload your code, and Lambda takes care of everything required to run and scale your code with high availability. You pay only for the compute time you consume - there is no charge when your code is not running.
A company is developing a new application using a microservices framework. The new application is having performance and latency issues. Which AWS Service should be used to troubleshoot these issues? AWS CloudTrail AWS X-Ray AWS CodePipeline Amazon Inspector
AWS X-Ray helps developers analyze and debug distributed applications in production or under development, such as those built using microservice architecture. With X-Ray, you can understand how your application and its underlying services are performing so you can identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application's underlying components. You can use X-Ray to analyze both applications in development and in production, from simple three-tier applications to complex microservices applications consisting of thousands of services.
Based on the AWS Shared Responsibility Model, which of the following are the sole responsibility of AWS? (Choose TWO) Creating hypervisors Hardware maintenance Monitoring network performance Configuring Access Control Lists (ACLs) Installing software on EC2 instances
AWS is responsible for items such as the physical security of its data centers, creating hypervisors, replacement of old disk drives, and patch management of the infrastructure. The customers are responsible for items such as building application schema, analyzing network performance, configuring security groups and network ACLs and encrypting their data.
Under the Shared Responsibility Model, which of the following controls do customers fully inherit from AWS? (Choose TWO) Patch management controls Database controls Physical controls Awareness & Training Environmental controls
AWS is responsible for physical controls and environmental controls. Customers inherit these controls from AWS. As mentioned in the AWS Shared Responsibility Model page, Inherited Controls are controls which a customer fully inherits from AWS such as physical controls and environmental controls. As a customer deploying an application on AWS infrastructure, you inherit security controls pertaining to the AWS physical, environmental and media protection, and no longer need to provide a detailed description of how you comply with these control families. For example: Let's say you have built an application in AWS for customers to securely store their data. But your customers are concerned about the security of the data and ensuring compliance requirements are met. To address this, you assure your customer that "our company does not host customer data in its corporate or remote offices, but rather in AWS data centers that have been certified to meet industry security standards." That includes physical and environmental controls to secure the data, which is the responsibility of Amazon. Companies do not have physical access to the AWS data centers, and as such, they fully inherit the physical and environmental security controls from AWS.
Which of the following is equivalent to a user name and password and is used to authenticate your programmatic access to AWS services and APIs? Instance Password MFA Access Keys Key pairs
Access keys consist of two parts: an access key ID and a secret access key. You must provide your AWS access keys to make programmatic requests to AWS or to use the AWS Command Line Interface or AWS Tools for PowerShell. Like a user name and password, you must use both the access key ID and secret access key together to authenticate your requests.
Which of the following AWS offerings is a MySQL-compatible relational database service that can scale capacity automatically based on demand? Amazon RDS for PostgreSQL Amazon Aurora Amazon RDS for SQL Server Amazon Neptune
Amazon Aurora is a MySQL and PostgreSQL compatible relational database built for the cloud, that combines the performance and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. Aurora is up to five times faster than standard MySQL databases and three times faster than standard PostgreSQL databases. It provides the security, availability, and reliability of commercial-grade databases at 1/10th the cost. Aurora is fully managed by Amazon Relational Database Service (RDS), which automates time-consuming administration tasks like hardware provisioning, database setup, patching, and backups.
What is the AWS service that provides you the highest level of control over the underlying virtual infrastructure? Amazon DynamoDB Amazon Redshift Amazon EC2 Amazon RDS
Amazon EC2 provides you the highest level of control over your virtual instances, including root access and the ability to interact with them as you would any machine.
An organization needs to analyze and process a large number of data sets. Which AWS service should they use? Amazon MQ Amazon SNS Amazon EMR Amazon SQS
Amazon EMR helps you analyze and process vast amounts of data by distributing the computational work across a cluster of virtual servers running in the AWS Cloud. The cluster is managed using an open-source framework called Hadoop. Amazon EMR lets you focus on crunching or analyzing your data without having to worry about time-consuming setup, management, and tuning of Hadoop clusters or the compute capacity they rely on.
Which of the following services allows you to run containerized applications on a cluster of EC2 instances? (Choose TWO) Amazon Elastic Kubernetes Service AWS Cloud9 Amazon ECS AWS Health Dashboard AWS Data Pipeline
Amazon Elastic Container Service (Amazon ECS) is a highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS. Amazon ECS eliminates the need for you to install and operate your own container orchestration software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines. Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that allows you to use Kubernetes to run and scale containerized applications in the cloud or on-premises. Kubernetes is an open-source container orchestration system that allows you to deploy and manage containerized applications at scale. AWS handles provisioning, scaling, and managing the Kubernetes instances in a highly available and secure configuration. This removes a significant operational burden and allows you to focus on building applications instead of managing AWS infrastructure.
Where can you store files in AWS? (Choose TWO) Amazon EFS Amazon SNS Amazon ECS Amazon EMR Amazon EBS
Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. It is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily. Amazon EFS is built to elastically scale on demand without disrupting applications, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. It is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS that scale as a file system grows, with consistent low latencies. As a regional service, Amazon EFS is designed for high availability and durability storing data redundantly across multiple Availability Zones. ** Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 and Amazon RDS instances. AWS recommends Amazon EBS for data that must be quickly accessible and requires long-term persistence. EBS volumes are particularly well-suited for use as the primary storage for operating systems, databases, or for any applications that require fine granular updates and access to raw, unformatted, block-level storage. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability.
Using Amazon RDS falls under the shared responsibility model. Which of the following are customer responsibilities? (Choose TWO) Building the relational database schema Installing the database software Performing backups Managing the database settings Patching the database software
Amazon RDS manages the work involved in setting up a relational database, from provisioning the infrastructure capacity you request to installing the database software. Once your database is up and running, Amazon RDS automates common administrative tasks such as performing backups and patching the software that powers your database. With optional Multi-AZ deployments, Amazon RDS also manages synchronous data replication across Availability Zones with automatic failover. Since Amazon RDS provides native database access, you interact with the relational database software as you normally would. This means you're still responsible for managing the database settings that are specific to your application. You'll need to build the relational schema that best fits your use case and are responsible for any performance tuning to optimize your database for your application's workflow. SCHEMA DB SETTINGS
Your company is designing a new application that will store and retrieve photos and videos. Which of the following services should you recommend as the underlying storage mechanism? Amazon Instance store Amazon S3 Amazon EBS Amazon SQS
Amazon S3 is object storage built to store and retrieve any amount of data from anywhere on the Internet. It is a storage service that offers an extremely durable, highly available, and infinitely scalable data storage infrastructure at very low costs. Common use cases of Amazon S3 include: Media Hosting - Build a redundant, scalable, and highly available infrastructure that hosts video, photo, or music uploads and downloads. Backup and Storage - Provide data backup and storage services for others. Hosting static websites - Host and manage static websites quickly and easily. Deliver content globally - Use S3 in conjunction with CloudFront to distribute content globally with low latency. Hybrid cloud storage - Create a seamless connection between on-premises applications and Amazon S3 with AWS Storage Gateway in order to reduce your data center footprint, and leverage the scale, reliability, and durability of AWS.
Which AWS service can be used to store and reliably deliver messages across distributed systems? Amazon Simple Queue Service AWS Storage Gateway Amazon Simple Email Service Amazon Simple Storage Service
Amazon SQS is a highly reliable, scalable message queuing service that enables asynchronous message-based communication between distributed components of an application. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.
In your on-premises environment, you can create as many virtual servers as you need from a single template. What can you use to perform the same in AWS? An internet gateway IAM EBS Snapshot AMI
An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). This pre-configured template save time and avoid errors when configuring settings to create new instances. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.
Sarah has deployed an application in the Northern California (us-west-1) region. After examining the application's traffic, she notices that about 30% of the traffic is coming from Asia. What can she do to reduce latency for the users in Asia? Migrate the application to a hosting provider in Asia Replicate the current resources across multiple Availability Zones within the same region Create a CDN using CloudFront, so that content is cached at Edge Locations close to and in Asia Recreate the website content
CloudFront is AWS's content delivery network (CDN) service. Amazon CloudFront employs a global network of edge locations and regional edge caches that cache copies of your content close to your end-users. Amazon CloudFront ensures that end-user requests are served by the closest edge location. As a result, end-user requests travel a short distance, reducing latency and improving the overall performance.
What is the primary storage service used by Amazon RDS database instances? Amazon EBS Amazon S3 AWS Storage Gateway Amazon EFS
DB instances for Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server use Amazon Elastic Block Store (Amazon EBS) volumes for database and log storage.
What are two advantages of using Cloud Computing over using traditional data centers? (Choose TWO) Distributed infrastructure Dedicated hosting Eliminating Single Points of Failure (SPOFs) Virtualized compute resources Reserved Compute capacity
High-availability (eliminating single points of failure): A system is highly available when it can withstand the failure of an individual component or multiple components, such as hard disks, servers, and network links. The best way to understand and avoid the single point of failure is to begin by making a list of all major points of your architecture. You need to break the points down and understand them further. Then, review each of these points and think what would happen if any of these failed. AWS gives you the opportunity to automate recovery and reduce disruption at every layer of your architecture. Additionally, AWS provides fully managed services that enable customers to offload the administrative burdens of operating and scaling the infrastructure to AWS so that they don't have to worry about high availability or Single Point of Failures. For example, AWS Lambda and DynamoDB are serverless services; there are no servers to provision, patch, or manage and no software to install, maintain, or operate. Availability and fault tolerance are built-in, eliminating the need to architect your applications for these capabilities.
What are the Amazon RDS features that can be used to improve the availability of your database? (Choose TWO) Automatic patching Edge Locations AWS Regions Multi-AZ Deployment Read Replicas
In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups. Running a DB instance with high availability can enhance availability during planned system maintenance, and help protect your databases against DB instance failure and Availability Zone disruption. Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This feature makes it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas provide a complementary availability mechanism to Amazon RDS Multi-AZ Deployments. You can promote a read replica if the source DB instance fails. You can also replicate DB instances across AWS Regions as part of your disaster recovery strategy. This functionality complements the synchronous replication, automatic failure detection, and failover provided with Multi-AZ deployments.
Which of the following will impact the price paid for an EC2 instance? (Choose TWO) Load balancing Number of private IPs Number of buckets The Availability Zone where the instance is provisioned Instance type
Load balancing: The number of hours the Elastic Load Balancer runs and the amount of data it processes contribute to the EC2 monthly cost. Instance type: Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity.
According to the AWS Shared responsibility model, which of the following are the responsibility of the customer? (Choose TWO) Ensuring that the underlying EC2 host is configured properly Patching applications installed on Amazon EC2 Protecting the confidentiality of data in transit in Amazon S3 Managing environmental events of AWS data centers Controlling physical access to AWS Regions
Patching applications installed on Amazon EC2 (Correct) Protecting the confidentiality of data in transit in Amazon S3 (Correct)
How are AWS customers billed for Linux-based Amazon EC2 usage? EC2 instances will be billed on one day increments, with a minimum of one month EC2 instances will be billed on one hour increments, with a minimum of one day EC2 instances will be billed on one minute increments, with a minimum of one hour EC2 instances will be billed on one second increments, with a minimum of one minute
Pricing is per instance-hour consumed for each instance, from the time an instance is launched until it is terminated or stopped. Each partial instance-hour consumed will be billed per-second (minimum of 1 minute) for Linux, Windows, or Ubuntu Instances and as a full hour for all other instance types.
Amazon S3 Glacier Flexible Retrieval is an Amazon S3 storage class that is suitable for storing ____________ & ______________. (Choose TWO) Dynamic websites' assets Long-term analytic data Cached data Active databases Active archives
S3 Glacier Flexible Retrieval (Formerly S3 Glacier) delivers the most flexible retrieval options that balance cost with access times ranging from minutes to hours and with free bulk retrievals. Amazon S3 Glacier Flexible Retrieval provides three retrieval options to fit your use case. Expedited retrievals typically return data in 1-5 minutes, and are best used for ACTIVE ARCHIVE use cases. Standard retrievals typically complete between 3-5 hours work, and work well for less time-sensitive needs like backup data, media editing, or LONG-TERM ANALYTICS. Bulk retrievals are the free retrieval option, returning large amounts of data within 5-12 hours.
Which of the following can help protect your EC2 instances from DDoS attacks? (Choose TWO) AWS Batch AWS IAM AWS CloudHSM Security Groups Network Access Control Lists (Network ACLs)
Security groups allow you to control inbound and outbound traffic to your Amazon EC2 instances by specifically allowing communication only on the ports and protocols required for your applications. Access to any other port or protocol is automatically denied. Network ACLs provide an additional layer of defense for your VPC by allowing you to create allow and deny rules that are processed in numeric order, much like a traditional firewall. This is useful for allowing or denying traffic at a subnet level, as opposed to security groups that filter traffic at an EC2 instance level. For example, if you have identified Internet IP addresses or ranges that are unwanted or potentially abusive, you can block them from reaching your application with a Network ACL deny rule.
A company has a large amount of structured data stored in their on-premises data center. They are planning to migrate all the data to AWS, what is the most appropriate AWS database option? Amazon DynamoDB Amazon RDS Amazon SNS Amazon ElastiCache
Since the data is structured, then it is best to use a relational database service such as Amazon RDS.
The Well-Architected Framework
The 6 Pillars of the AWS Well-Architected Framework: 1- Operational Excellence: The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. 2- Security: The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. 3- Reliability: The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. 4- Performance Efficiency: The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve. 5- Cost Optimization: The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or sub-optimal resources. 6- Sustainability: The discipline of sustainability addresses the long-term environmental, economic, and societal impact of your business activities. Your business or organization can have negative environmental impacts like direct or indirect carbon emissions, unrecyclable waste, and damage to shared resources like clean water. When building cloud workloads, the practice of sustainability is understanding the impacts of the services used, quantifying impacts through the entire workload lifecycle, and applying design principles and best practices to reduce these impacts.
Which of the following AWS services is designed with native Multi-AZ fault tolerance in mind? (Choose TWO) Amazon Redshift Amazon EBS Amazon DynamoDB Amazon Simple Storage Service AWS Snowball
The Multi-AZ principle involves deploying an AWS resource in multiple Availability Zones to achieve high availability for that resource. DynamoDB automatically spreads the data and traffic for your tables over a sufficient number of servers to handle your throughput and storage requirements, while maintaining consistent and fast performance. All of your data is stored on solid-state disks (SSDs) and is automatically replicated across multiple Availability Zones in an AWS Region, providing built-in fault tolerance in the event of a server failure or Availability Zone outage. Amazon S3 provides durable infrastructure to store important data and is designed for durability of 99.999999999% of objects. Data in all Amazon S3 storage classes is redundantly stored across multiple Availability Zones (except S3 One Zone-IA).
Which statement best describes the operational excellence pillar of the AWS Well-Architected Framework? The ability to monitor systems and improve supporting processes and procedures The ability of a system to recover gracefully from failure The efficient use of computing resources to meet requirements The ability to manage datacenter operations more efficiently
The ability to monitor systems and improve supporting processes and procedures (Correct)
Which of the following should be considered when performing a TCO analysis to compare the costs of running an application on AWS instead of on-premises? Market research Physical hardware Business analysis Application development
Weighing the financial considerations of owning and operating a data center facility versus employing a cloud infrastructure requires detailed and careful analysis. The Total Cost of Ownership (TCO) is often the financial metric used to estimate and compare costs of a product or a service. When comparing AWS with on-premises TCO, customers should consider all costs of owning and operating a data center. Examples of these costs include facilities, physical servers, storage devices, networking equipment, cooling and power consumption, data center space, and Labor IT cost.
Which statement is correct with regards to AWS service limits? (Choose TWO) You can use the AWS Trusted Advisor to monitor your service limits There are no service limits on AWS The Amazon Simple Email Service is responsible for sending email notifications when usage approaches a service limit You can contact AWS support to increase the service limits Each IAM user has the same service limits
Which statement is correct with regards to AWS service limits? (Choose TWO) You can use the AWS Trusted Advisor to monitor your service limits (Correct) You can contact AWS support to increase the service limits
Your application has recently experienced significant global growth, and international users are complaining of high latency. What is the AWS characteristic that can help improve your international users' experience? High availability Global reach Elasticity Data durability
With AWS, you can deploy your application in multiple regions around the world. The user will be redirected to the Region that provides the lowest possible latency and the highest performance. You can also use the CloudFront service that uses edge locations (which are located in most of the major cities across the world) to deliver content with low latency and high performance to your global users.
Which of the following EC2 instance purchasing options supports the Bring Your Own License (BYOL) model for almost every BYOL scenario? Dedicated Hosts On-demand Instances Dedicated Instances Reserved Instances
You have a variety of options for using new and existing Microsoft software licenses on the AWS Cloud. By purchasing Amazon Elastic Compute Cloud (Amazon EC2) or Amazon Relational Database Service (Amazon RDS) license-included instances, you get new, fully compliant Windows Server and SQL Server licenses from AWS. The BYOL model enables AWS customers to use their existing server-bound software licenses, including Windows Server, SQL Server, and SUSE Linux Enterprise Server. Your existing licenses may be used on AWS with Amazon EC2 Dedicated Hosts, Amazon EC2 Dedicated Instances or EC2 instances with default tenancy using Microsoft License Mobility through Software Assurance. Dedicated Hosts provide additional control over your instances and visibility into Host level resources and tooling that allows you to manage software that consumes licenses on a per-core or per-socket basis, such as Windows Server and SQL Server. This is why most BYOL scenarios are supported through the use of Dedicated Hosts, while only certain scenarios are supported by Dedicated Instances.