AWS Solutions Architect, AWS Knowledge Check, AWS Terminology, AWS Module Quizzes + Services, AWS Certified Cloud Practitioner Study Guide, AWS Services, AWS Certified Developer - Associate, AWS SECURITY, AWS Certified Solutions Architect - Associate...

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which of the following are attributes to the costing for using the Simple Storage Service?

- The total size in GB - The storage class used

Which of the following can be used to protect EC2 Instances hosted in AWS. (Choose 2 Options)

- Usage of Security Groups - Usage of Network Access Control Lists

When creating an IAM policy, what are the two types of access can be granted to a user?

-AWS Management Console Access -Programmatic Access

Which design principles are recommended when considering performance efficiency?

-Democratize advanced technologies -Serverless architecture

Which of the following AWS tools help your application scale up or down based on demand?

-Elastic Load Balancing -Auto Scaling

Which type of AWS data transfers are free?

-Free inbound data transfer across all AWS in all regions -Free outbound data transfer between AWS within the same region

Which of the following are high availability characteristics of Amazon Route 53?

-Geolocation Routing -Latency-based routing

Which of the following are some of the security benefits that AWS offers?

-Meet compliance requirements -Secure Global Infrastructure

Which of the following statements are true about Availability Zones?

-Multiple zones are connected by low latency network links -A single zone can span multiple data centers

When calculating the cost of Amazon EC2, what factors will impact pricing?

-Number of instances -Number of hours Elastic Load Balancer runs

What are the characteristics of the Developer Support Plan?

-One primary contact may open the case -Business hours access to Cloud Support Associates via email

What is true about Regions?

-Physical location with multiple Availability -Each region is located in separate geographic area

Which of the following are NOT a benefits of AWS cloud computing?

-Temporary and disposable resources -High latency

Which of the following are advantages of AWS cloud security?

-You retain complete control & ownership of your data region -AWS uses multi-factor access control systems

AWS DeepRacer

1/18th scale race car which gives you a way to get started with reinforcement learning (RL).

Amazon SQS allows you to send up to _______ attributes on each message. With message attributes, you can separate the body of a message from the metadata that describes it.

10

You have a motion sensor which writes 300 items every 30 seconds. Each item consists of 5 kb. Your app uses eventually consistent reads. What should read throughput be set to?

10 items per seconds. 2 reads per item (8 kb). Eventually consistent, so divide by 2. Read throughput = 10

How long does Amazon CloudWatch keep metric data?

15 months

You can purchase up to ___ Reserved Instances per Availability Zone each month.

20

Which one of the following features is normally present in all of AWS Support plans?

24/7 Access to Customer ...

________ IAM roles can be created in an AWS account.

250

What is the default SQS visibility time out?

30 seconds

What is the default visibility timeout for SQS?

30 seconds

How many virtual private clouds (VPCs) can be had in each AWS region by default?

5

____________ Amazon VPCs per AWS account per region are currently allowed.

5

Maximum elastic IP count per account be default

5 Elastic IPs

What is the largest file size you can transfer to S3 using a PUT request?

5 GB

__ __ data can be uploaded by a single PUT command.

5 GB

Each Amazon Route 53 account is limited to a maximum of __________ hosted zones and 10,000 resource record sets per hosted zone.

500

What is the maximum size on S3?

5TB

RRS availability is _____________ .

99.99%

10. You have changed the permissions associated with a role, and that role is assigned to an existing running EC2 instance. When will the permissions you updated take effect for the instance? A. Immediately B. Within 5 minutes C. Within 1 hour D. The next time the EC2 instance is restarted

A

202. For which of the following are you not responsible for security? A. DynamoDB B. Operating system configuration C. Server-side encryption D. Application keys

A

What is an AWS IAM instance profile?

A container for a IAM role that you can use to pass role information an EC2 instance when the instance starts

Elastic Load Balancer

A network device designed for managing the optimal distribution of workloads across multiple computing resources automatically provisioned through AWS

What is Amazon EFS (Elastic File System)?

A simple, scalable, elastic file system for Linux-based workloads for use with AWS Cloud services and on-premises resources

What is included in an AMI?

A template for the root volume of an instance, launch permissions that control which AWS accounts can use to launch instances, and a block device mapping that specifies the volumes to attach to the instance when it's launched

MySQL installations default to port _____. A. 3306 B. 443 C. 80 D. 1158

A. 3306

What does Amazon EBS stand for? A. Elastic Block Storage. B. Elastic Business Server. C. Elastic Blade Server. D. Elastic Block Store.

A. Elastic Block Storage.

What is the Reduced Redundancy option in Amazon S3? A. Less redundancy for a lower cost. B. It doesn't exist in Amazon S3, but in Amazon EBS. C. It allows you to destroy any copy of your files outside a specific jurisdiction. D. It doesn't exist at all

A. Less redundancy for a lower cost.

Disabling automated backups disables the point-in-time recovery feature. A. True B. False

A. True

SQL Server stores logins and passwords in the master database. A. True B. False

A. True

A______ is an individual, system, or application that interacts with AWS programmatically. A. User B. AWS Account C. Group D. Role

A. User

Can I attach more than one policy to a particular entity? A. Yes always B. Only if within GovCloud C. No D. Only if within VPC

A. Yes always

If I want my instance to run on a single-tenant hardware, which value do I have to set the instance's tenancy attribute to? A. dedicated B. isolated C. one D. reserved

A. dedicated

In regards to IAM you can edit user properties later, but you cannot use the console to change the _____. A. user name B. password C. default group

A. user name

Where can a customer find information about prohibited actions on AWS infrastructure?

AWS Acceptable Use Policy

Derek is running a web application and is noticing that he is paying for way more server capacity than required. What AWS feature should Derek set up and configure to ensure that his application is automatically adding/removing server capacity to closely match the required demand?

AWS Autoscaling

Which of the below AWS services allows you to base the number of resources on the demand of the application or users?

AWS Autoscaling

Which of the following can be used to manage identities in AWS?

AWS IAM

Which of the following is AWS services allows you to build a data warehouse on the cloud?

AWS Redshift

A disaster recovery strategy on AWS should be based on launching infrastructure in a separate:

AWS Region

Where can a customer find information about prohibited actions on AWS infrastructure?

AWS accepted use policy

AWS Federated Security

AWS authenticates through SAML w/ AD FIRST then assigned credential to AWS

AWS Elemental MediaStore

AWS storage service optimized for media.

Which of the following should an IAM user provide to interact with AWS services using the AWS CLI?

Access keys

What is the number one reason customers are switching to cloud computing?

Agility

What are the benefits of having infrastructure hosted in the AWS Cloud?

All of the physical security and most of the data/network security are taken care of for you, Increase speed and agility

Which of the following storage options is best when you want to store archive data?

Amazon Glacier

_____ _______ is a service connecting an on-premises software appliance with cloud based storage.

Amazon Storage Gateway

Question 161 Which of the following is an AWS managed database service provides processing power that is up to 5X faster than a traditional MySQL database? A. MariaDB B. Aurora C. PostgreSQL D. DynamoDB

Answer: B. Aurora

Question 165 AWS provides a storage option known as Amazon Glacier. What is this AWS service designed for? Please specify 2 correct options: A. Cached session data B. Infrequently accessed data C. Data archives D. Active database storage

Answer: B. Infrequently accessed data C. Data archives

Question 104 Your company currently uses VM Templates to spin up virtual machines on their on-premise infrastructure. Which of the following can be used in a similar way to spin up EC2 instances on the AWS Cloud? A. EBS Volumes B. EBS Snapshots C. Amazon Machines Images D. Amazon VMware

Answer: C. Amazon Machines Images

Question 125 Which of the following can be used to view one bill when you have multiple AWS Accounts? A. Consolidating billing B. Combined Billing C. Cost Explorer D. IAM

Answer: A. Consolidating Billing

Question 175 Which AWS service uses Edge Locations for content caching? A. AWS SNS B. AWS SQS C. AWS CloudFront D. AWS Inspector

Answer: C. AWS CloudFront

Question 133 Which one of the following features is normally present in all of AWS Support plans? A. 24*7 access to customer support B. Access to all features in the Trusted Advisor C. A technical Account Manager D. A dedicated support person

Answer: A 24*7 access to customer support

Question 113 Your company wants to move an existing Oracle database to the AWS Cloud. Which of the following services can help facilitate this move? A. AWS Database Migration Service B. AWS VM Migration Service C. AWS Inspector D. AWS Trusted Advisor

Answer: A AWS Database Migration Service

Question 22 How can the AWS Management Console be secured against unauthorized access? A. Apply Multi-Factor Authentication (MFA) B. Set up a secondary password C. Request root access privileges D. Disable AWS console access

Answer: A. Apply Multi-Factor Authentication (MFA)

Question 32 The Trusted Advisor service provides insight regarding which four categories of an AWS account? A. Security, fault tolerance, high availability, and connectivity B. Security, access control, high availability, and performance C. Performance, cost optimization, security, and fault tolerance D. Performance, cost optimization, access control, and connectivity

Answer: C. Performance, cost optimization, security, and fault tolerance

Question 21 Which tool can display the distribution of AWS spending? A. AWS organizations B. Amazon Dev Pay C. AWS Trusted Advisor D. AWS Cost Explorer

Answer: D. AWS Cost Explorer

What API call is used to gain temporary security credentials when authenticating using WebIdentityFederation?

AssumeRoleWithWebIdentity

Amazon Elastic Inference

Attach low-cost GPU-powered acceleration to EC2 and SageMaker instances to reduce the cost of deep learning inference.

A company currently has an application which consist of a .Net layer which connects to a MySQL database. They now want to move this application onto AWS. They want to make use of all AWS features such as high availability and automated backups. Which of the following would be an ideal database in AWS to migrate to for this requirement?

Aurora

What is AWS proprietary database?

Aurora

Which of the following is AWS managed database service provides processing power that is up to 5X faster than a traditional MySQL database?

Aurora

What tool helps avoid limitations of being able to create new resources on-demand or scheduled?

Auto Scaling

__________ helps you maintain application availability and allows you to scale your Amazon EC2 capacity up or down automatically according to conditions you define.

Auto Scaling

_______________ is well suited both to applications that have stable demand patterns or that experience hourly, daily, or weekly variability in usage.

Auto Scaling

___________ allows organizations to scale Amazon EC2 capacity up or down automatically according to conditions defined for the particular workload.

Auto scaling

A company has decided to migrate to AWS. What design principles should they consider to facilitate good design in the cloud?

Automate to make architectural experimentation easier.

What is AWS CodeDeploy?

Automates software deployments to a variety of compute services such as EC2, Lambda, etc. Makes it easier to rapidly release new features and handles complexity of updating applications

AWS Control Tower

Automates the set-up of a baseline environment, or landing zone, that is a secure, well-architected multi-account AWS environment. Configures AWS management and security services based on best practices.

Advantages of cloud computing over on-premises?

Avoid large capital purchases, on-demand capacity, go global in minutes, increase speed and agility

106. By default, how many VPCs can you create per region? A. 1 B. 5 C. 20 D. 200

B

108. By default, how many IPv4 CIDR blocks can you create per VPC? A. 1 B. 5 C. 20 D. 200

B

135. Where should a bastion host be located? A. In a private subnet B. In a public subnet C. In a private VPC D. In a VPC with a virtual private gateway

B

18. Which of the following is a security group associated with? A. An ELB B. A network interface C. An ALB D. A network access list

B

33. You want to provide maximum protection against data in your S3 object storage being deleted accidentally. What should you do? A. Enable versioning on your EBS volumes. B. Turn on MFA Delete on your S3 buckets. C. Set up a Lambda job to monitor and block delete requests to S3. D. Turn off the DELETE endpoints on the S3 REST API.

B

31. Which of the following options could be used to provide availability-zone-resilient faulttolerant storage that complies with EU privacy laws? (Choose two.) A. S3 buckets in US West 1 B. S3 buckets in EU West 2 C. S3-IA buckets in EU Central 1 D. S3 One Zone-IA buckets in EU-West-1

B,C

43. What types of data are not automatically encrypted when you create an encrypted EBS volume? (Choose two.) A. A snapshot created from the EBS volume B. Any data on additional volumes attached to the same instance as the encrypted volume C. Data created on an instance that has the encrypted volume attached D. Data moving between the volume and the attached instance

B,C

65. Which of these are true about security groups? (Choose two.) A. Support allow and deny rules B. Evaluate all rules before deciding whether to allow traffic C. Operate at the instance level D. Apply to all instances in the associated subnet

B,C

Which service enables AWS customers to manage users and permissions in AWS? A. AWS Access Control Service (ACS) B. AWS Identity and Access Management (IAM) C. AWS Identity Manager (AIM) D. AWS Security Groups

B. AWS Identity and Access Management (IAM)

What happens when you create a topic on Amazon SNS? A. The topic is created, and it has the name you specified for it. B. An ARN (Amazon Resource Name) is created. C. You can create a topic on Amazon SQS, not on Amazon SNS. D. This question doesn't make sense.

B. An ARN (Amazon Resource Name) is created.

What does Amazon RDS stand for? A. Regional Data Server. B. Relational Database Service. C. Nothing. D. Regional Database Service.

B. Relational Database Service.

Will my standby RDS instance be in the same Region as my primary? A. Only for Oracle RDS types B. Yes C. Only if configured at launch D. No

B. Yes

Location of Instances are _____ A. Regional B. based on Availability Zone C. Global

B. based on Availability Zone

What is the command line instruction for running the remote desktop client in Windows? A. desk.cpl B. mstsc

B. mstsc

Which is the default region in AWS? A. eu-west-1 B. us-east-1 C. us-east-2 D. ap-southeast-1

B. us-east-1

Which of the following disaster recovery deployment mechanisms has the highest downtime?

Backup and Restore

AWS Outposts

Bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. Come in two variants: VMware Cloud variant and a native variant.

AWS Elemental MediaLive

Broadcast-grade live video processing service.

Session Manager

Browser-based interactive shell and CLI for managing Windows and Linux EC2 instances without the need to open inbound ports, manage SSH keys, or use bastion hosts. Part of AWS System Manager.

Which of the AWS Support levels offers 24 x 7 support via phone or chat?

Business and Enterprise

What are the characteristics of the Developer Support Plan?

Business hours access to cloud support associates via email and one primary contact may open a case

213. Which of the following AWS services is associated with privilege management? A. AWS Config B. RDS C. IAM D. VPC

C

which of the following languages is not supported by the aws sdk? (bad question)

C++

In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send _____ minute metrics to Amazon CloudWatch. A. 5 B. 2 C. 1 D. 3

C. 1

You must assign each server to at least _____ security group? A. 4 B. 3 C. 1 D. 2

C. 1

What is the maximum groups an IAM user be a member of? A. 20 B. 5 C. 10 D. 15

C. 10

What is the default per account limit of Elastic IPs? A. 1 B. 3 C. 5 D. 0

C. 5

What does a "Domain" refer to in Amazon SWF? A. A security group in which only tasks inside can communicate with each other B. A special type of worker C. A collection of related Workflows D. The DNS record for the Amazon SWF service

C. A collection of related Workflows

What is Amazon Glacier? A. It's a security tool that allows to "freeze" an EC2 instance and perform computer forensics on it. B. A security tool that allows to "freeze" an EBS volume and perform computer forensics on it. C. A low-cost storage service that provides secure and durable storage for data archiving and backup. D. You mean Amazon "Iceberg": it's a low-cost storage service.

C. A low-cost storage service that provides secure and durable storage for data archiving and backup.

What is Amazon Glacier? A. There is no such thing B. A security tool that allows "freezing" an EBS volume to perform computer forensics on it. C. A low-cost storage service that provides secure and durable storage for data archiving and backup. D. A security tool that allows "freezing" an EC2 instance to perform computer forensics on it.

C. A low-cost storage service that provides secure and durable storage for data archiving and backup.

What does Amazon ElastiCache provide? A. A service by this name doesn't exist. Perhaps you mean Amazon CloudCache. B. A virtual server with a huge amount of memory. C. A managed In-memory cache service. D. An Amazon EC2 instance with the Memcached software already pre-installed.

C. A managed In-memory cache service.

What does Amazon Route53 provide? A. A global Content Delivery Network. B. None of these. C. A scalable Domain Name System. D. An SSH endpoint for Amazon EC2.

C. A scalable Domain Name System.

What does Amazon CloudFormation provide? A. The ability to setup Autoscaling for Amazon EC2 instances. B. None of these. C. A template resource creation for Amazon Web Services. D. A template to map network resources for Amazon Web Services.

C. A template resource creation for Amazon Web Services.

The _____ service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon SimpleDB, and the AWS Management Console. A. Amazon RDS B. AWS Integrity Management C. AWS Identity and Access Management D. Amazon EMR

C. AWS Identity and Access Management

What can I access by visiting the URL: http://status.aws.amazon.com/ ? A. Amazon Cloud Watch B. Status of the Amazon RDS DB C. AWS Service Health Dashboard D. AWS Cloud Monitor

C. AWS Service Health Dashboard

You are creating your own relational database on an EC2 instance and you need to maximize IOPS performance. What can you do to achieve this goal? A. Add a single additional volume to the EC2 instance with provisioned IOPS. B. Create the database on an S3 bucket. C. Add multiple additional volumes with provisioned IOPS and then create a RAID 0 stripe across those volumes. D. Attach the single volume to multiple EC2 instances so as to maximize performance.

C. Add multiple additional volumes with provisioned IOPS and then create a RAID 0 stripe across those volumes.

What are the initial settings of an user created security group? A. Allow all inbound traffic and Allow no outbound traffic B. Allow no inbound traffic and Allow no outbound traffic C. Allow no inbound traffic and Allow all outbound traffic D. Allow all inbound traffic and Allow all outbound traffic

C. Allow no inbound traffic and Allow all outbound traffic

Which Amazon Storage behaves like raw, unformatted, external block devices that you can attach to your instances? A. None of these. B. Amazon Instance Storage C. Amazon EBS D. All of these

C. Amazon EBS

Fill in the blanks: Resources that are created in AWS are identified by a unique identifier called an _____. A. Amazon Resource Number B. Amazon Resource Name tag C. Amazon Resource Name D. Amazon Reesource Namespace

C. Amazon Resource Name

You have an VPC with a public subnet. Three EC2 instances currently running inside the subnet can successfully communicate with other hosts on the internet. You launch a fourth instance in the same subnet, using the same AMI and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet. What should you do to enable Internet access? A. Deploy a NAT instance into the public subnet. B. Modify the routing table for the public subnet. C. Assign an elastic IP address to the fourth instance. D. Configure a publicly routable IP address in the host OS of the fourth instance.

C. Assign an elastic IP address to the fourth instance.

You are appointed as your company's Chief Security Officer and you want to be able to track all changes made to your AWS environment, by all users and at all times, in all regions. What AWS service should you use to achieve this? A. CloudAudit B. CloudWatch C. CloudTrail D. CloudDetective

C. CloudTrail

By default, when an EBS volume is attached to a Windows instance, it may show up as any drive letter on the instance. You can change the settings of the _____ Service to set the drive letters of the EBS volumes per your specifications. A. EBSConfig Service B. AMIConfig Service C. Ec2Config Service D. Ec2-AMIConfig Service

C. Ec2Config Service

Please select the Amazon EC2 resource which cannot be tagged. A. Images (AMIs, kernels, RAM disks) B. Amazon EBS volumes C. Elastic IP addresses D. VPCs

C. Elastic IP addresses

Read Replicas require a transactional storage engine and are only supported for the _____ storage engine. A. OracleISAM B. MSSQLDB C. InnoDB D. MyISAM

C. InnoDB

Can I initiate a "forced failover" for my MySQL Multi-AZ DB Instance deployment? A. Only in certain regions B. Only in VPC C. Yes D. No

C. Yes

Every user you create in the IAM system starts with ______. A. partial permissions B. full permissions C. no permissions

C. no permissions

Fill in the blanks : _____ let you categorize your EC2 resources in different ways, for example, by purpose, owner, or environment. A. wildcards B. pointers C. tags D. special filters

C. tags

To help you manage your Amazon EC2 instances, images, and other Amazon EC2 resources, you can assign your own metadata to each resource in the form of_____. A. special filters B. functions C. tags D. wildcards

C. tags

Which instances support Enhanced Networking?

C3, C4, D2, I2, M4, X1 and R3

Steps for calculating read throughput?

Calculate items per second. Calculate read capacity units per item (4 KB). Multiply items per second by read capacity units per item. If eventually consistent, divide by two.

You have a motion sensor which writes 600 items of data every minute. Each item is 5 KB. What should write throughput be?

Calculate items per second. Multiply items per second by write capacity units per item. Answer: 50 provisioned write capacity units

You have an app that needs 25 items of 13KB per second. Your app uses STRONGLY consistent reads. What should the throughput be set to? (Math problem)

Calculate read capacity units (items up to 4 KB in size) Multiply number of items by read capacity units Do NOT divide by 2 because strongly consistent Answer: 100

Application needs to read 25 items of 13KB per second. App uses EVENTUALLY consistent reads. What should you set read throughput to?

Calculate read capacity units (items up to 4 KB in size). Multiply number of items by read capacity units. Divide by two because EVENTUALLY consistent. Answer: 50

AWS Single Sign-On

Cloud SSO service, centrally manage SSO access to multiple AWS accounts and business applications.

AWS Cloud Map

Cloud resource discovery service. Register any application resources such as databases, queues, microservices, etc.

What is the value of having AWS Cloud services accessible through an Application Programming Interface (API)?

Cloud resources can be managed programmatically

AWS CloudHSM

Cloud-based hardware security model. Generate and use your own encryption keys on the cloud.

_______ gives developers and admin an effective way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly fashion.

CloudFormation

AWS Security Hub

Comprehensive view of high-priority security alerts and compliance status across AWS accounts.

To enable encryption at rest using ec2 and elastic block store, you need to?

Configure encryption when creating the EBS volume

in order to enable encryption at rest using ec2 and elastic block store (EBS) you need to?

Configure encryption when creating the ebs volume

VPC Peering

Connecting VPCs to each other

In AWS billing what option can be used to ensure costs can be reduced if you have multiple accounts?

Consolidated Billing

Your logs show that one or more AWS-owned IP addresses are sending packets to multiple ports on your server, and you believe this is an attempt to discover unsecured ports. What should you do?

Contact the AWS Abuse team.

An organization has decided to reserve EC2 compute capacity for three years to get more discounts. Their application workloads are likely to change during this time period. What is the EC2 Reserved Instance (RI) type that allows them to change the attributes of the RI whenever they need?

Convertible RIs

What service from AWS can help manage the costs for all resources in AWS?

Cost Explorer

What is CORS?

Cross Origin Resource Sharing (CORS)

What are the the transport options when subscribing to SNS messages?

Customers can select one the following transports as part of the subscription requests: "HTTP", "HTTPS" - Subscribers specify a URL as part of the subscription registration; notifications will be delivered through an HTTP POST to the specified URL. "Email", "Email-JSON" - Messages are sent to registered addresses as email. Email-JSON sends notifications as a JSON object, while Email sends text-based email. "SQS" - Users can specify an SQS queue as the endpoint; Amazon SNS will enqueue a notification message to the specified queue "SMS" - Messages are sent to registered phone numbers as SMS text messages.

64. What do you use to permit and restrict control of a NACL? A. VPC B. WAF C. AWS Organizations D. IAM

D

91. How many availability zones in a single region does a single VPC span? A. None, VPCs do not span availability zones. B. One C. At least two D. All of them

D

What is the maximum response time for a Business level Premium Support case? A. 30 minutes B. You always get instant responses (within a few seconds). C. 10 minutes D. 1 hour

D. 1 hour

If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines, you can scale the throughput of your database Instance by specifying the IOPS rate from _____ . A. 1,000 to 1,00,000 B. 100 to 1,000 C. 10,000 to 1,00,000 D. 1,000 to 10,000

D. 1,000 to 10,000

You must increase storage size in increments of at least _____ % A. 40 B. 20 C. 50 D. 10

D. 10

A Provisioned IOPS SSD volume must be at least _____ GB in size. A. 1 B. 6 C. 20 D. 4

D. 4

While launching an RDS DB instance, on which page I can select the Availability Zone? A. Review B. DB Instance Details C. Management Options D. Additional Configuration

D. Additional Configuration

Amazon SWF is designed to help users do what? A. Design graphical user interface interactions B. Manage user identification and authorization C. Store Web content D. Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.

D. Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.

What's an ECU? A. Extended Cluster User. B. None of these. C. Elastic Computer Usage. D. Elastic Compute Unit

D. Elastic Compute Unit

What does specifying the mapping /dev/sdc=none do when launching an EC2 instance? A. Prevents /dev/sdc from creating the instance. B. Prevents /dev/sdc from deleting the instance. C. Set the value of /dev/sdc to 'zero'. D. Prevents /dev/sdc from attaching to the instance.

D. Prevents /dev/sdc from attaching to the instance.

When you view the block device mapping for your instance, you can see only the EBS volumes, not the instance store volumes. A. Depends on the instance type B. FALSE C. Depends on whether you use API call D. TRUE

D. TRUE

Amazon EC2 provides a repository of public data sets that can be seamlessly integrated into AWS cloud- based applications. What is the monthly charge for using the public data sets? A. A 1 time charge of 10$ for all the datasets. B. 1$ per dataset per month C. 10$ per month for all the datasets D. There is no charge for using the public data sets

D. There is no charge for using the public data sets

What are the two permission types used by AWS? A. Resource-based and Product-based B. Product-based and Service-based C. Service-based D. User-based and Resource-based

D. User-based and Resource-based

To view information about an Amazon EBS volume, open the Amazon EC2 console, go to EC2, click _____ in the Navigation pane. A. EBS B. Describe C. Details D. Volumes

D. Volumes

Which of the following is not a service of the security category of the AWS trusted advisor service? A. Security Groups - Specific Ports Unrestricted B. MFA on Root Account C. IAM Use D. Vulnerability scans on existing VPCs.

D. Vulnerability scans on existing VPCs.

Fill in the blanks: The base URI for all requests for instance metadata is _____ A. http://254.169.169.254/latest/ B. http://169.169.254.254/latest/ C. http://127.0.0.1/latest/ D. http://169.254.169.254/latest/

D. http://169.254.169.254/latest/

What will be the status of the snapshot until the snapshot is complete. A. running B. working C. progressing D. pending

D. pending

Which of the following is not a supported database in the AWS RDS service?

DB2

Why is Route53 named as such?

DNS port is 53

What should you consider when choosing a database type?

Data size, data access period, query frequency, high availability

What are 3 features of Amazon Elastic Block Store (EBS)?

Data stored on Amazon EBS is automatically replicated within an availability zone and Amazon EBS volumes can be encrypted transparently to workloads on the attached instance

Your design team is planning to design an application that will be hosted on the AWS Cloud. One of their main non-functional requirements is to reduce inter-dependencies so failures do not impact other components. Which of the following concepts does this requirement relate to?

Decoupling

Which Amazon Elastic Compute Cloud (Amazon EC2) feature ensures your instances will not share a physical host with instances from any other AWS customer?

Dedicated Instances

What does AWS recommend as the best practice for the AWS Account Root User after initial login?

Delete root user ACCESS KEYS

After initial login, what does AWS recommend as the best practice for the AWS Account Root User?

Delete root user access keys

What design principles are recommended when considering performance efficiency?

Democratize advanced tech and serverless architecture

Opsworks

DevOps Application Management Service

AWS __________ does not involve the Internet; instead, it uses dedicated, private network connections between your intranet and Amazon VPC. In many circumstances, private network connections can reduce costs, increase bandwidth, and provide a more consistent network experience than Internet-based connections. ___________ supports 1Gbps and 10Gbps ports. Speeds of 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, and 500Mbps can be ordered from any APN partners supporting AWS ________________.

Direct Connect

You have added a NAT (Network address translator) ec2 instance to your vpc, but your ec2 instances in the private subnet still cannot access the internet. What should you do with the NAT?

Disable the source/destination checks on the NAT

Web applications often store session-state data in memory. However, this approach doesn't scale well; once the application grows beyond a single web server, the session state must be shared between servers. A common solution is to set up a dedicated session-state server with MySQL. This approach also has drawbacks: you must administer another server, the session-state server is a single pointer of failure, and the MySQL server itself can cause performance problems. __________ _____________ database store from Amazon Web Services (AWS), avoids these drawbacks by providing an effective solution for sharing session state across web servers.

DynamoDB, a NoSQl

Which of the following can be used to control access to your Amazon EC2 instances?

EC2 security groups

How would a system administrator add an additional layer of login security to a user's AWS Management Console?

Enable Multi-Factor Authentication

You have a fleet of EC2 instances that are constantly polling empty SQS queues which is burning CPU complete cycles. What should you do?

Enable SQS long polling

How would a system administrator add an additional layer of login security to a user's AWS Management Console?

Enable multi-factor authentication

What is AWS CloudTrail?

Enables governance, compliance, operational and risk auditing of your AWS account.

What is AWS Config?

Enables you to assess, audit and evaluate the configurations of your AWS resources

What is AWS CodeStar?

Enables you to develop, build, and deploy applications on AWS. Provides a unified UI, allows whole team to work together securely, no additional charge you only pay for resources running your application (EC2 Instances, etc)

Parameter Store

Encrypted location for storing important administrative information such as passwords and database connection strings. Part of AWS Systems Manager.

Which of the following is a best practice when working with permissions in AWS?

Ensure the least ...

You are creating a virtual data center using cloud formation and you need to output the DNS name of your load balancer. What command would you use to achieve this?

FN::GetAtt

T/F: Edge locations are only located in the same general area as regions

False

T/F: The Access Key and Secret Access Key are used to log into the AWS Management Console

False

T/F: To receive the discounted rate associated with Reserved Instances, you must make a full, up-front payment for the term of the agreement.

False

T/F: Unlimited services are available via the free tier to new AWS customers for 12 months following their AWS sign-up date.

False

There is additional charge for using the cross-region replication application. True or False?

False

What means that the infrastructure has built in component redundancy?

Fault tolerant

TensorFlow on AWS

Framework to get started with deep learning, research and application development, particularly in areas such as computer vision, natural language understanding and speech translation.

You are designing an application which needs to locate the public ip address on the ec2 instance on which it is stored. What do you do?

Get the instance metedata by visiting http://169.254.169.254/latest/meta-data/

Which of the following is not a part of the Cloud Computing models?

Hardware as a Service (HaaS)

Which of the following is not a category recommendation given by the AWS Trusted Advisor?

High Availability

AWS Elemental MediaConnect

High-quality transport service for live video. Provides the reliability and security of satellite and fiber.

Which family of instances includes the High Storage Instances that provide very fast SSD-backed instance storage optimized for very high random I/O performance, and provide high IOPS at a low cost.

I2

Your company has a set of EC2 Instances hosted in AWS. There is a requirement to create snapshots from the EBS volumes attached to these EC2 Instances in another geographical location. As per this requirement, where would you create the snapshots?

In another Region

S3 replicates all objects _______

In multiple availability zones within the same region

What is the #1 reason businesses are switching to cloud computing?

Increased speed and agility

The AWS Risk and Compliance Programs is made up of which 3 components?

Information security, Risk management, and Control environment

A company is planning to introduce a new product to their customers. They are expecting high traffic to their web application. As part of the Enterprise support plan, which of the following could provide them with architectural and scaling guidance?

Infrastructure Event Management

What is NOT a consideration when estimating the cost of Amazon S3?

Input Output Operations per second (IOPS)

______________ is data about your instance that you can use to configure or manage the running instance.

Instant Metadata

Amazon Athena

Interactive query service for analyzing data in Amazon S3 using SQL. Integrated with AWS Glue Data Catalog.

What is Amazon DynamoDB?

Key value and document database w/ built in security, backup, intense scalability, and can handle more than 10 trillion requests per day. Used for mobile, web, gaming, ad tech w companies like Snapchat, Lyft, Netflix

What services does AWS offer for Real Time Big Data analytics?

Kinesis firehose Kinesis streams Kinesis analysis

Amazon Lightsail

Launch and manage a virtual private server, jumpstart project. Includes virtual machine, SSD storage, data transfer, DNS management, and a static IP address.

What will help increase the availability of a web server farm?

Launching a web server instance across multiple AV'S and leveraging auto scaling to recover from failed instances

What is included in AWS Assurance Programs?

Laws, regulation, privacy and certifications/attestations

Resource Groups

Logical grouping of resources associated with a specific workload (or subject area, project, etc.) Part of the AWS Systems Manager.

AWS Inferentia

Machine learning inference chip. Supports the TensorFlow, Apache MXNet, and PyTorch deep learning frameworks.

Amazon Personalize

Machine learning service that allows developers to create individualized recommendations for customers using their applications.

What is AWS's responsibility under the AWS shared responsibility model?

Maintaining physical hardware

Which of the following is AWS's responsibility under the AWS shared responsibility model?

Maintaining physical hardware

What is AWS Key Management Service?

Makes it easy to create and manage keys and control the use on encryption across AWS services

Amazon MQ

Managed message broker for Apache ActiveMQ.

AWS IoT SiteWise

Managed service that makes it easy to collect, store, organize and monitor data from industrial equipment at scale.

AWS Database Migration Service

Migrate databases from on-premises to the cloud. Source database remains fully operational during the migration. Supports most widely used commercial and open-source databases. Supports homogeneous (i.e., Oracle-to-Oracle) and heterogenous (i.e., Oracle-to-MySQL) migrations.

What are required elements of an Auto Scaling group?

Minimum size and launch configuration

What are AWS IAM best practices?

Monitor activity in your AWS account and rotate credentials regularly

AWS App Mesh

Monitor and control microservices running on AWS, standardizes how microservices communicate.

Amazon CloudWatch

Monitoring and management service. Provides you with data and actionable insights to monitor applications, understand system-wide performance changes, and optimize resource utilization. Logs, metrics, and events.

AWS Auto Scaling

Monitors applications and automatically adjusts to maintain steady, predictable performance. Includes EC2 instances, EC2 Spot fleets, ECS tasks, DynamoDB tables and indexes, and Amazon Aurora replicas.

What is AWS Auto Scaling?

Monitors your apps and auto adjusts capacity to maintain performance at the lowest possible cost

Network ACL stands for?

Network Access Control List

VPC is a component of which AWS Service?

Networking Service

AWS Global Accelerator

Networking service that improves the availability and performance of your applications by continuously monitoring the health of your application endpoints and routing traffic to the closest healthy endpoints.

Amazon Translate

Neural machine translation service that offers language translation to localize content - such as websites and applications.

Does DynamoDB allow embedded data structures?

No, DynamoDB allow embedded data structures; however, MongoDB does.

Does EBS use object (file) based storage?

No, EBS uses block storage

There is a requirement for a development and test environment for 3 months. Which would you use?

On-Demand

What types of AWS data transfer is free for Amazon S3?

Outbound data transfer from s3 to cloudfront and Inbound data transfer from internet to s3

What are the benefits provided by the AWS Personal Health Dashboard?

Personalized View of Service Health, Detailed Troubleshooting Guidance

AWS Application Discovery Service

Plan migration projects by gathering information about on-premises data centers. Collects and presents configuration, usage, and behavior data from servers to better understand workloads and plan for migration into the cloud.

What is a document that provides a formal statement of one or more permissions?

Policy

When giving permission to users via the AWS Identity and Access Management tool , which of the following principles should be applied when granting permissions?

Principle of least privilege

AWS IoT Button

Programmable button based on the Amazon Button hardware.

AWS Secrets Manager

Protect secrets needed to access your applications, services, and resources. Easily rotate, manage, and retrieve database credentials.

Your company provides media content via the Internet to customers through a paid subscription model. You leverage Amazon CloudFront to distribute content to your customers with low latency. What approach can you use to serve this private content securely to your paid subscribers?

Provide Signed amazon Cloudfront URLs to authenticated users to access paid content

Using the AWS portal, you are trying to scale DynamoDB past preconfigured maximums. Which service can be increased through AWS support?

Provisioned throughput limits

In Amazon DynamoDB, what does the query operation allow you to do?

Query a table using a partition key and an optional short key filter, query any secondary indexes that exist for a table and efficiently retrieve items from a table or secondary index

AWS Elemental MediaPackage

Reliably prepares and protects your video for delivery over the Internet.

AWS Well-Architected Tool

Review the state of your workloads and compare them to the architectural best practices, based on the AWS Well-Architected Framework.

Amazon's scalable DNS is called?

Route53

Amazon Kinesis Video Streams

Securely stream video from connected devices to AWS for analytics, machine learning, and other processing.

AWS Lake Formation

Service that helps you set up a data lake on S3.

Using ___________ helps to eliminate challenges that can be encountered with large-scale data transfers including high network costs, long transfer times, and security concerns.

Snowball

What are the 3 ways to access AWS core services?

Software development kits (SDK's), AWS command line interface (CLI), AWS Management Console

An s3 endpoint always contains?

Tee phrase "s3-website" followed by the region name

What information is required to calculate the Total Cost of Ownership for the AWS Cloud?

The number of on-premise virtual machines

Which of the following is a factor when calculating Total Cost of Ownership (TCO) for the AWS Cloud?

The number of servers migrated to AWS

What does a 2xx code mean?

The request was successful.

What does a 5xx error mean?

There has been a server side error

How much data can be stored in a DynamoDB table?

There is no limit to the amount of data you can store in an Amazon DynamoDB table. As the size of your data set grows, Amazon DynamoDB will automatically spread your data over sufficient machine resources to meet your storage requirements.

Which of the following initiatives from AWS helps organizations reduce the overall expenditure for IT companies when they host resources on the AWS Cloud?

They continually reduce the cost of cloud computing

Which of the following is the concept of the Elastic load balancer?

To distribute traffic to multiple EC2 Instances

Redshift Security

Transit - SSL Rest - AES-256

AWS Native Variant of AWS Outposts

Use the same APIs and control plane you use to run in the AWS cloud, but on-premises.

VMware Cloud on AWS Outposts

Use the same VMware control plane and APIs that are used to run the on-premises VMware infrastructure.

What is AWS Snowball?

Used to securely transfer large amounts of data in and out of the cloud. Used to migrate analytics data, video libraries, etc. Extremely high speed and scalable and low cost

When you launch an instance in Amazon EC2, you have the option of passing ___________ to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of _________ to Amazon EC2: shell scripts and cloud-init directives.

User data

What best describes the "Principal of Least Privilege"?

Users should be granted permission to access only resources they need to do their assigned job.

What best describes the "Principle of Least Privilege"?

Users should be granted permissions to access only the resources they need to do their assigned job.

Which of the following is NOT considered a fault tolerant tool?

WAF

When is Amazon EBS recommended?

When data must be quickly accessibly, requiring long term persistence and when it requires an encryption solution

In amazon Simple Workflow Service (SWF), what is a worker?

Workers are programs that interact with amazon SWF to get tasks, process received tasks, and return the results.

A company has decided to migrate to the AWS Cloud. AWS offers a wide range of services and instance types. They want to reduce costs as much as possible. Which of the following is the main factor to consider when choosing the instance type of services like Amazon RDS and Amazon Redshift?

Workload utilization of CPU & RAM.

Does S3 provide unlimited storage?

Yes

Is Elastic Load Balancer Service chargeable?

Yes, ELB is chargeable because it is a service

Developers store session data in Elasticache?

Yes, developers store session data in Elasticache.

Can you have multiple certs on an elastic load balancer?

Yes, you can have multiple certs on an elastic load balancer

True

You can create a hardware virtual private network (VPN) connection between your corporate data center and your VPC.

True

You have complete control over the VPC environment, including selection of your own IP range, creation of subnets, and configuration of routing tables and gateways.

What does the error "ProvisionedThroughputExceededException" mean?

You have exceeded your maximum allowed provisioned throughput

security group

a semi-stateful firewall with 1 or more rules that permit a certain protocol to reach a destination port range from a source IP range or another group

Import/Export

accelerates moving of data by using AWS internal network through physical device

what is the default encryption used on s3?

advanced encryption standard (AES) 256

AWS Server Migration Service

agentless service for migrating thouands of on-premise workloads to aws. SMS allows for automation, scheduling, and tracking replications of live server volumes

Amazon Route 53 offers a special type of record called an _________ record that lets you map your zone apex (example.com) DNS name to your ELB DNS name (i.e. elb1234.elb.amazonaws.com).

alias

Auto-scaling

allows provisional deployment and collection of virtual instances to handle load traffic

AWS Device Farm

an app testing service that lets you test and interact with your Android, iOS, and web apps on many devices at once, or reproduce issues on a device in real time.

Which region is Japan in?

ap-northwest-1

Which region is Singapore in?

ap-southeast-1

Which region is Sydney, Australia in?

ap-southeast-2

AWS Glacier

archiving storage service

Elastic Load Balancing

automatically distributes incoming app traffic across multiple instances, such as EC2, containers, and IP addresses.

Each EBS volume is _________ __________ within it's availability zone to protect organizations from component failure.

automatically replicated

Security Group Availability

available across AZs

Subnet availability

available in 1 AZ

Which service sends notifications or automatically makes changes to the resources being monitored based on rules you established? a. Amazon EC2 b. Amazon CloudWatch c. Elastic Load Balancing d. Amazon Aurora

b. Amazon CloudWatch

You have been tasked with distributing a newsletter that will be pushed out to administrators by email. Which of the following is the best solution? a. Route the newsletters to an Amazon ElastiCache store b. Create a topic in Amazon Simple Notification Service (Amazon SNS) that administrators can subscribe to. c. Store the letters in an Amazon S3 bucket and distribute them with AWS CloudTrail d. Create a messaging queue in Amazon CloudFront

b. Create a topic in Amazon Simple Notification Service (Amazon SNS) that administrators can subscribe to.

Which component of the AWS global infrastructure supports the caching of content for faster access? a. AWS Direct Connect locations b. Edge locations c. Availability Zones d. Regions

b. Edge locations

In AWS Trusted Advisor, which of the following options are included among the five categories being considered to analyze your AWS environment and provide the best practice recommendations? (Select TWO) a. Instance Usage b. Fault Tolerance c. Performance d. Infrastructure e. Storage Capcity

b. Fault Tolerance c. Performance This is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. It inspects your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps. Cost Optimization Security Fault Tolerance Performance Service Limits

Simple Email Service

bulk and transactional email-sending service for the cloud

Move from Magnetic to SSD

by creating a volume from a Snapshot

What is the minimum number of Availability Zones that you should set up for your Application Load Balancer in order to create a highly available architecture? a. 3 b. 1 c. 2 d. 4

c. 2 A load balancer serves as the single point of contact for clients. Clients send requests to the load balancer, and the load balancer sends them to targets, such as EC2 instances, in two or more Availability Zones. At the very minimum, you have to select at least two Availability Zones from your VPC. To configure your load balancer, you have to create target groups and then register targets with your target groups. You also create listeners to check for connection requests from clients, and listener rules to route requests from clients to the targets in one or more target groups.

Which of the following defines the AWS Command Line Interface (AWS CLI)? a. A systematic approach to evaluating and implementing architectures b. Packages that enable access to AWS in a variety of programming languages. c. A suite of utilities that can be launched from a command program in Linux, macOS, or Windows. d. A rich graphical interface to majority of the features offered by AWS.

c. A suite of utilities that can be launched from a command program in Linux, macOS, or Windows.

Which of the following statements best describes AWS Trusted Advisor? a. A tool that estimates savings when using AWS and provides a detailed set of reports b. A tool that helps customers estimate their monthly AWS bill more efficiently c. A tool the provides you real time guidance to help you provision your resources following AWS best practices. d. A tool that enables you to view and analyze your costs and usage.

c. A tool the provides you real time guidance to help you provision your resources following AWS best practices.

For security audit, a company needs to download the compliance-related documents in AWS such as ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports. Which of the following should they use to retrieve these files? a. AWS Trusted Advisor b. AWS Certificate Manager c. AWS Artifact d. AW CloudTrail

c. AWS Artifact This service is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).

Which of the following is a key design principle when running an application in AWS? a. Logical coupling b. Semantic coupling c. Loose coupling d. Tight coupling

c. Loose coupling

Which of the following is NOT a pillar of the AWS Well-Architected Framework? a. Cost Optimization b. Operational Excellence c. Persistence d. Security

c. Persistence

Cloud Search

cloud search service that allows customers to integrate search functionality into websites or applications

Group

collection of users

redshift ultilizes __________ storage technology that improves I/O efficiency.

columnar

AWS Directory Service

connect to AWS resources from on-premises MS Active directory or set up a new, stand-alone directory in AWS cloud. Users can connect with existing corporate credentials

Storage Gateway

connects on-premise storage appliance to AWS Cloud Storage

Amazon CloudFront

content delivery service gives developers and businesses an easy way to distribute content to end users low-latency, high data transfer speeds Have locations around the world chooses close proximity to end use for faster rates

Identity Access Management

controls AWS services and resources through users, groups and roles

Governance is done by enabling IAM __________ access for all corporate IT administrators in each child account. You can us IAM role to delegate access to resources that are in different AWS accounts that you own (Sales and Development). You'll share resources in one account with users in a different account. By setting up __________ access in this way, you don't need to create individual IAM users in each account, and users don't have to sign out of one account and sign into another in order to access resources that are in different AWS accounts.

cross-account

Which of the following allows you to set coverage targets and receive alerts when your utilization drops below the threshold you define? a. AWS Trusted Advisor b. AWS Cost Explorer c. Amazon CloudWatch Billing Alarms d. AWS Budgets

d. AWS Budgets AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations.

Which method would you used to access AWS services through an easy-to-use graphical interface? a. Software Development Kits (AWS SDK) b. AWS EasyLauch c. AWS Command Line Interface (AWS CLI) d. AWS Management Console

d. AWS Management Console

Which AWS sevice is a managed DDos protection service that safeguards applications running on AWS? a. Amazon Inspector b. Amazon CloudWatch c. AWS Identity and Access Management d. AWS Shield

d. AWS Shield

"Increase speed and ______" is one of the six advantages of Cloud Computing which refers to the reduction of acquisition time for making new compute resources available to your developers from weeks to just minutes. a. Elasticity b. Reliability c. High Availability d. Agility

d. Agility There are six advantages of using Cloud Computing: 1. Trade capital expense for variable expense 2. Benefit from massive economies of scale 3. Stop guessing capacity 4. Increase speed and agility 5. Stop spending money running and maintaining data centers 6. Go global in minutes

A company is currently using an On-Demand EC2 instance for their application which they plan to migrate to a Reserved EC2 Instance to save on cost. Which of the following is the most cost-effective option if the application being hosted would be used for more than 3 years? a. All upfront Convertible Reserved Instance pricing for a 1 year term b. No upfront Standard Reserved Instance pricing for a 1 year term that is renewed every year. c. No Upfront Convertible Reserved Instance pricing for a 3 year term d. All Upfront, Standard Reserved Instance pricing for a 3 year term

d. All Upfront, Standard Reserved Instance pricing for a 3 year term

Which service provides persistent block storage volumes for use with Amazon EC2 instances? a. Amazon S3 b. Amazon EFS c. Amazon DynamoDB d. Amazon EBS

d. Amazon EBS

There is a requirement to launch a new database in AWS where the customer assumes the responsibility and management of the guest operating system, including updates and security patches. Which of the following services should the customer use? a. Amazon DocumentDB b. Amazon DynamoDB c. Amazon Aurora d. Amazon EC2

d. Amazon EC2 Since you have more control over your EC2 instance, you can install any database that you prefer and manage its guest operating system, including the required updates and security patches. You can also choose an AMI with a pre-installed database (such as PostgreSQL or MySQL) in the Amazon EC2 Dashboard to save your time. Hence, the correct answer is Amazon EC2.

Which type of Elastic Load Balancer supports path-based routing, host-based routing, and bi-directional communication channels using WebSockets? a. Classic Load Balancer b. Network Load Balancer c. Both Application Load Balancer and Network Load Balancer d. Application Load Balancer

d. Application Load Balancer This is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers. Operating at the individual request level (Layer 7), Application Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request.

You need to launch a new EC2 Instance for a beta program which is scheduled to change its instance family, operating system and tenancy exactly 3 months after its trial period. Which type of Reserved Instance (RI) should you use? a. Zonal RI b. Standard RI c. Scheduled RI d. Convertible RI

d. Convertible RI Convertible Reserved Instances (RI) provide you with a significant discount (up to 54%) compared to On-Demand Instances and can be purchased for a 1-year or 3-year term. Purchase Convertible Reserved Instances if you need additional flexibility, such as the ability to use different instance families, operating systems, or tenancies over the Reserved Instance term.

A company has 70 employees divided into 10 departments. The IT admin wants to customize each departments access to AWS. Which of the following options is most appropriate? a. Make each employee an AWS account root user. b. Create an IAM role for each department, and assign IAM users to the roles. c. Create a temporary role for each employee, and revise their access as needed. d. Create an IAM Group for ach department and assign IAM users to the groups

d. Create an IAM Group for ach department and assign IAM users to the groups

Glacier Data Archival

database solution for infrequent access and that allow for retrieval times b/w 3-5 hours

A _____________ in SWF is used for coordinate the application execution across workers.

decider

You can run applications and workloads from a region to _____ latency to end users

decrease

Amazon Elastic Kubernetes Service (EKS)

deploy, manage, and scale container applications using Kubernetes on AWS.

What is AWS Elastic Beanstalk?

easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, etc

________ is a web service that simplifies deployment, operation, and scaling of an in-memory cache in the cloud.

elasticache

Amazon Route 53

highly available and scalable DNS (Domain Name System) web service Queries for your domain are automatically routed to closest DNS server (around world)

to retrieve instance metadata of userdata you will need to use the following ip address

http://169.254.169.254

Create a static hosting website in a bucket called "eric" in japan using s3. What is the new url?

http://eric.s3-website-ap-northeast-1.amazonaws.com

What is the link to an S3 bucket created in Japan?

https://s3-ap-northeast-1.amazonaws.com/sitename/

You can't move an existing _________ into a placement group. You can create an AMI from your existing ___________, and then launch a new ___________ from the AMI into a placement group.

instance

Which command line command will tell you the internal ip address?

ipconfig (windows) ifconfig (linux)

Amazon Aurora

is a MySQL and PostgreSQL-compatible relational database engine that combines the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases.

AWS Lambda

is a compute service that lets you run code without provisioning or managing servers. It executes your code only when needed and scales automatically, from a few requests per day to thousands per second

A_____________ is a template that an Auto Scaling group uses to launch EC2 instances.When you create a ______________, you specify information for the instances such as the ID of the Amazon Machine Image (AMI), the instance type, a key pair, one or more security groups, and a block device mapping. If you've launched an EC2 instance before, you specified the same information in order to launch the instance.

launch configuration

Cloud Trail

logging/auditing service; records API calls

Availability zones in a region are connected thru ____ ______ links

low latency

Amazon EMR

managed Hadoop framework that runs across dynamically scalable EC2 instances. Also supports other distributed frameworks (Apache, HBase) and interacts with S3 and DynamoDB.

Leader Node

manages client connection and receives queries

Cloud Formation

manages/creates templates of AWS resources

Elastic Transcoder

media transcoder

Cloud Watch

monitoring service for AWS resources and your applications

______________ Is used to delete large number of objects.

multi-object delete

AWS highly recommends provisioning your compute resources across _____ Availability Zones

multiple

A __________ is a logical grouping of instances within a single Availability Zone. Using ______________ enables applications to participate in a low-latency, 10 Gigabits per second (Gbps) network. __________________ are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your ______________, choose an instance type that supports enhanced networking.

placement group

You can't merge _________. Instead, you must terminate the instances in one ______________, and then relaunch those instances into the other ___________.

placement groups

Amazon Elastic Block Store (Amazon EBS)

provides raw block-level storage that can be attached to Amazon EC2 instances. These block devices can then be used like any raw block device. In a typical use case, this would include formatting the device with a filesystem and mounting said filesystem. Persistent storage.

Amazon Machine Image

provides the information required to launch an instance.

Elastic Cloud Compute

provisional virtual compute instances

SNS follows the _______________ messaging paradigm, with notifications being delivered to clients using a _______ mechanism.

publish subscribe, push

Read Only Access

read only

AWS Kinesis

real-time streaming data processing

You can distribute private content using a _________ that is valid for only a short time—possibly for as little as a few minutes. ____________s that are valid for such a short period are good for distributing content on-the-fly to a user for a limited purpose, such as distributing movie rentals or music downloads to customers on demand. If your ____________s will be valid for just a short period, you'll probably want to generate them automatically using an application that you develop. When the user starts to download an object or starts to play a media file, CloudFront compares the expiration time in the URL with the current time to determine whether the URL is still valid.

signed URL

SRV Recrods

specifies location of data using hostname and port

Role

state/function of user or AWS instance; cannot be given after an EC2 instance has been created

A ________ in SWF represents invocations of logical steps in applications.

task

Simple Workflow Service

task coordination and state management service for cloud applications • 12 month Timer • Differs from SQS in that it can be performed by human actions rather than automated computer action • Can be used in warehouses and distribution systems • Ensures task is only assigned once and never duplicated • Delivered once and only once

when you create new subnets within a custom virtual private cloud (vpc), by default, they can communicate with each other, across availability zone

true, every subnet created is automatically associated with the VPCs default network ACL

it is possible to transfer a reserved instasnce from one availability zone to another

true, it is possible to transfer a reserved instasnce from one availability zone to another

What is the default region for an sdk?

us-east-1

virtual private cloud

virtual network; subset of public cloud that has highly restricted, secure access.

EBS Snapshots

• (backups) of an EBS volume stored redundantly in multiple Availability Zones. • You cannot delete a snapshot of an EBS Volume that is used as the root device of a registered AMI • You must de-register the AMI before being able to delete the root device

General Purpose EBS Storage

• 99.999% Availability • 3 IOPS per GB • Burst up to IOPS

EC2 Placement Groups

• A logical grouping of instances within a single AZ • Recommended for low latency, high network throughput or both • ALWAYS within 1 AZ • Name must be unique • Must be of type Compute, GPU, Memory, Storage Optimized instances • Can't merge or move instances into them

S3 Security

• Buckets are private by default •Can enable Access Control Lists • Integrates with IAM • Endpoints encrypted by SSL

Cloud Front CDN

• Distributed servers that serve web-pages locally across geographic locations • Origin is where the file came from • Web Distribution • RTMP - Media Streaming

S3 Use Cases

• File shares • Backup/archiving • CDN origin • Hosting Static Files/Websites

68. Which of these are true about NACLs? (Choose two.) A. Apply to all instances in an associated subnet B. Only apply if no security group is present C. Support allow and deny rules D. Evaluate all rules before deciding whether to allow or disallow traffic

A,C

125. Which of the following could be used to allow instances within one VPC to communicate with instances in another region? (Choose two.) A. VPN connections B. NACLs C. Internet gateways D. Public IP addresses

A,D

14. What types of rules does a security group allow? (Choose two.) A. Allow rules B. Prevent rules C. Deny rules D. Inbound rules

A,D

16. Which of the following are not true about security groups? (Choose two.) A. Allow rules take priority over deny rules. B. Responses to allowed inbound traffic are allowed to flow back out. C. You can specify specific separate rules for inbound and outbound traffic. D. If there are no outbound rules, then all outbound traffic is allowed to flow out.

A,D

173. Which of the following are true about IPv6 addresses? (Choose two.) A. They are globally unique. B. They are in the format x.y.z.w. C. They require underlying IPv4 addresses. D. They are public by default.

A,D

185. Which of the following would you need to do to create an elastic IP address? (Choose two.) A. Allocate an elastic IP address for use in a VPC. B. Allocate an IP address in Route 53. C. Detach the primary network interface on an instance. D. Associate the elastic IP to an instance in your VPC.

A,D

192. You need to make a change to a role attached to a running instance. What do you need to do to ensure the least amount of downtime? (Choose two.) A. Update the IAM role via the console or AWS API or CLI. B. Re-attach the updated role to the instance. C. Restart the instance. D. Other than updating the role, no additional changes are needed.

A,D

20. Which of the following are parts of a security group rule? (Choose two.) A. A protocol B. A subnet C. An instance ID D. A description

A,D

200. For which of the following is AWS responsible for security? (Choose two.) A. Edge locations B. Firewall configuration C. Network traffic D. Availability zones

A,D

220. The AWS's well-architected framework defines five areas to consider with respect to security. Choose the two that are part of this set. (Choose two.) A. Identity and Access Management B. User management C. Virtual private networks D. Incident response

A,D

47. If you take a snapshot of an encrypted EBS volume, which of the following will be true? (Choose two.) A. The snapshot will be encrypted. B. All data on the bucket on which the snapshot is stored will be encrypted. C. Any instances using the snapshot will be encrypted. D. Any volumes created from the snapshot will be encrypted.

A,D

48. If you take a snapshot of an encrypted EBS volume, which of the following must you do to use that snapshot as a volume in a separate region? (Choose two.) A. Copy the snapshot to the new region. B. Delete the snapshot from the old region. C. Unencrypt the snapshot once it is in the new region. D. Create a new volume from the snapshot in the new region

A,D

66. Which of these are true about security groups? (Choose two.) A. Stateful B. Stateless C. Process rules in order D. Associated with an instance

A,D

75. Which of the following statements is not true? (Choose two.) A. A network ACL has separate inbound and outbound rules. B. Network ACLs are stateful. C. Each subnet in your VPC must be associated with a NACL. D. A network ACL can only be associated with a single subnet.

A,D

You receive a Spot Instance at a bid of $0.05/hr. After 30 minutes, the Spot Price increases to $0.06/hr and your Spot Instance is terminated by AWS. What was the total EC2 compute cost of running your Spot Instance? A. $0.00 B. $0.02 C. $0.03 D. $0.05 E. $0.06

A. $0.00

In the Shared Responsibility Model, which of the following are an example of "Security in the cloud"?

-Which AWS services are used with the content -In which country the content is stored

What is the maximum size IP address range you can have in an Amazon VPC?

/16

What is the minimum size subnet you can have in an Amazon VPC?

/28

How many internet gateways (IG) can be attached to a custom VPC?

1

How many internet gateways can I attach to a custom VPC?

1

How many internet gateways can you attached to an Amazon VPC at any one time?

1

Only _______ IAM role(s) can I associate with a running EC2 instance.

1

What is the minimum file size on s3?

1 byte

What is the response time of urgent issues for Enterprise Support Plan customers?

1 hour or less

190. How many IAM roles can you attach to a single instance? A. One B. One or two C. As many as you want D. None, roles are not assigned to instances.

A

Amazon SNS messages can contain up to ________ of text data, including XML, JSON and unformatted text.

256 KB

194. How can you delete a snapshot of an EBS volume when it's used as the root device of a registered AMI? A. You can't. B. You can, but only using the AWS API or CLI. C. Delete the snapshot using the AWS console. D. Ensure that you have correct IAM privileges and delete the AMI.

A

195. Which of these is the best option for encrypting data at rest on an EBS volume? A. Configure the volume's encryption at creation time. B. Configure AES 256 encryption on the volume once it's been started. C. Configure encryption using the OS tools on the attached EC2 instance. D. Back up the data in the volume to an encrypted S3 bucket.

A

62. Which of the following can be added to a VPC, in addition to security groups on included instances, to further secure the VPC? A. A NACL B. A port filter C. An ALB D. A flow log

A

120. What type of filtering does a security group perform? A. Stateful B. Synchronous C. Whitelist D. Stateless

A

149. At what OSI layer does a network load balancer operate? A. 4 B. 7 C. 4 and 7 D. 6

A

154. What type of subnets are the default subnets in a custom VPC? A. Private B. Hybrid C. Public D. Transport

A

158. Which of the following would you use to allow outbound Internet traffic while preventing unsolicited inbound connections? A. A NAT device B. A bastion host C. A VPC endpoint D. A VPN

A

164. Which of the following, without proper security, could be most dangerous to your private instances? A. Bastion host B. VPC endpoint C. Internet gateway D. NAT instance

A

177. If an elastic network interface is moved from one instance to another, what happens to network traffic directed at the interface? A. It is redirected to the elastic network interface that has moved to the new instance. B. It is redirected to the primary network interface on the original instance. C. It is redirected to the primary network interface on the new instance. D. It is lost and must be re-sent to the elastic network interface on the new instance.

A

183. Which of the following can you not do with an elastic IP address? A. Change the IP address associated with it while it is in use. B. Move it from one instance to another. C. Move it across VPCs. D. Associate it with a single instance in a VPC.

A

188. How are EBS snapshots backed up to S3? A. Incrementally B. In full, every time they are changed C. EBS snapshots are backed up to RDS. D. Sequentially

A

189. You have an existing IAM role in use by several instances in your VPC. You make a change in the role, removing permissions to access S3. When does this change take effect on the instances already attached to the role? A. Immediately B. Within 60 seconds C. The next time the instances are restarted D. The instances preserve the pre-change permissions indefinitely.

A

What does Amazon Elastic Beanstalk provide? A. An application container on top of Amazon Web Services. B. A scalable storage appliance on top of Amazon Web Services. C. A scalable cluster of EC2 instances. D. A service by this name doesn't exist.

A. An application container on top of Amazon Web Services.

Regarding Amazon Glacier, what is a vault?

A container for storing archives

Simple Queue Service

A highly available hosted buffer for storing messages between computers/devices. It asynchronously pulls messages and does not preserve order. Timer (30 seconds default; Max 12 hours) is used for processing messages and starts once message is delivered to compute resource. It's billed in 64 KB chunks. It operates as follows: • Asynchronously pulls message from queue -> Retrieves named file -> Processes the conversion -> Writes image back to S3 -> Writes "task complete" -> Deletes original message; and finishes task -> Checks for more messages

101. Which of the following are allowed when creating a new VPC? (Choose two.) A. An IPv4 CIDR block B. VPC description C. An IPv6 CIDR block D. A security group

A, C

102. Which of the following is not a required part of creating a custom VPC? (Choose two.) A. An IPv6 CIDR block B. A VPC name C. A set of VPC tags D. An IPv4 CIDR block

A, C

198. Which of the following should you attempt to automate, according to the AWS wellarchitected framework? (Choose two.) A. Security best practices B. Scaling instances C. Responses to security events D. IAM policy creation

A, C

212. Which of the following might be used to detect or identify a security breach in AWS? (Choose two.) A. CloudWatch B. CloudFormation C. CloudTrail D. Trusted Advisor

A, C

6. Your company is setting up a VPN connection to connect its local network to an AWS VPC. Which of the following components are not necessary for this setup? (Choose two.) A. A NAT instance B. A virtual private gateway C. A private subnet in the AWS VPC D. A customer gateway

A,C

60. Which of the following does a security group attached to an instance control? (Choose two.) A. Inbound traffic B. HTTP error messages C. Outbound traffic D. Access control lists

A,C

EBS Snapshots occur _____ A. Asynchronously B. Synchronously C. Weekly

A. Asynchronously

Regarding the attaching of ENI to an instance, what does 'warm attach' refer to? A. Attaching an ENI to an instance when it is stopped. B. This question doesn't make sense. C. Attaching an ENI to an instance when it is running D. Attaching an ENI to an instance during the launch process

A. Attaching an ENI to an instance when it is stopped.

What is the type of monitoring data (for Amazon EBS volumes) which is available automatically in 5-minute periods at no charge called? A. Basic B. Primary C. Detailed D. Local

A. Basic

What are the four levels of AWS Premium Support? A. Basic, Developer, Business, Enterprise B. Basic, Startup, Business, Enterprise C. Free, Bronze, Silver, Gold D. All support is free

A. Basic, Developer, Business, Enterprise

What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS? A. Bring Your Own License B. Role Bases License C. Enterprise License D. License Included

A. Bring Your Own License

How can I change the security group membership for interfaces owned by other AWS, such as Elastic Load Balancing? A. By using the service specific console or API\CLI commands B. None of these C. Using Amazon EC2 API/CLI D. Using all these methods

A. By using the service specific console or API\CLI commands

If I want an instance to have a public IP address, which IP address should I use? A. Elastic IP Address B. Class B IP Address C. Class A IP Address D. Dynamic IP Address

A. Elastic IP Address

What combination of the following options will protect S3 objects from both accidental deletion and accidental overwriting? A. Enable S3 versioning on the bucket. B. Access S3 data using only signed URLs. C. Disable S3 delete using an IAM bucket policy. D. Enable S3 Reduced Redundancy Storage. E. Enable multi-factor authentication (MFA) protected access.

A. Enable S3 versioning on the bucket.

What is the charge for the data transfer incurred in replicating data between your primary and standby? A. No charge. It is free. B. Double the standard data transfer charge C. Same as the standard data transfer charge D. Half of the standard data transfer charge

A. No charge. It is free.

When using consolidated billing there are two account types. What are they? A. Paying account and Linked account B. Parent account and Child account C. Main account and Sub account. D. Main account and Secondary account.

A. Paying account and Linked account

What are the two primary cloud computing deployment models?

All-in Cloud based application Hybrid deployment

AWS Elemental MediaTailor

Allows video providers to insert individually targeted advertising into their video streams without sacrificing broadcast-level of service.

What is Amazon ElastiCache used for?

Allows you to retrieve information from fast, in-memory data stores vs slower disk-based databases

What is AWS CloudFormation?

Allows you to use a simple text file to model and provision all the resources needed for your applications

A company is deploying a new two-tier web application in AWS. Where should the most frequently accessed data be stored so that the application's response time is optimal?

Amazon ElastiCache

Which of the following services allows you to run containerized applications on a cluster of EC2 instances?

Amazon Elastic Container Service.

A company is deploying a new two-tier web application in AWS. The company wants to store their most frequently used data so that the response time for the application is improved. Which AWS service provides the solution for the company's requirements?

Amazon ElasticCache

A company wants to store data that is not frequently accessed. What is the best and cost efficient solution that should be considered?

Amazon Glacier

What is an example of a Platform as a Service?

Amazon Lightsail

A company currently uses VM Templates to spin up virtual machines on their on-premise infrastructure. Which of the following can be used in a similar way to spin up EC2 instances on the AWS Cloud?

Amazon Machine Images

You work for a company that is planning on using the AWS EC2 service. They currently create golden images of their deployed Operating system. Which of the following correspond to a golden image in AWS.

Amazon Machine Images

Your company currently uses VM Templates to spin up virtual machines on their on-premise infrastructure. Which of the following can be used in a similar way to spin up EC2 instances on the AWS Cloud?

Amazon Machine Images

True

Amazon Neptune provides read replicas, point-in-time recovery, continuous backup to S3, and replication across availability zones.

You work as an on-premises MySQL DBA. The work of database configuration, backups, patching, and DR can be time-consuming and repetitive. Your company has decided to migrate to the AWS Cloud. Which of the following can help save time on the regular database tasks so you can focus on giving users the fast performance and high availability that they need?

Amazon RDS

What products does Amazon database services comprise?

Amazon RDS, Amazon DynamoDB, Amazon Redshift, Amazon Elasticache.

Which AWS Cloud service is best suited for Online Analytics Processing (OLAP)?

Amazon Redshift

Which AWS service automates infrastructure provisioning and administrative tasks for an analytical data warehouse?

Amazon Redshift

Which of the following services is a fully managed, petabyte-scale data warehouse service in the AWS cloud?

Amazon Redshift

Amazon RDS stands for?

Amazon Relational Database Services (RDS)

ARN

Amazon Resource Name

Which of the following service is most useful when a Disaster Recovery method is triggered in AWS?

Amazon Route 53

Which service should an administrator use to register a new domain name with AWS?

Amazon Route 53

A company is deploying a 2-tier, highly available web application to AWS. Which service provides durable storage for static content while utilizing lower Overall CPU resources for the web tier?

Amazon S3

A company is deploying a two-tier, highly available web application to AWS. The application needs a storage layer to store items such as photos and videos. Which of the following services can be used as the underlying storage mechanism?

Amazon S3

A company is deploying a two-tier, highly available web application to AWS. Which service provides durable storage for static content while utilizing lower overall CPU resources for the web tier?

Amazon S3

There is a requirement for storage of objects. The objects should be able to be downloaded via a URL. Which storage option would you choose?

Amazon S3

Which of the following services in AWS allows for object level storage on the cloud?

Amazon S3

Which of the following services provides object-level storage in AWS?

Amazon S3

Which of the following storage options provides the option of Lifecycle policies that can be used to move objects to archive storage?

Amazon S3

Your company is trying to deploy a two-tier, highly available web application to AWS. The application needs a storage layer to store artifacts such as photos and videos. Which of the following services can best be used as the underlying storage mechanism?

Amazon S3

Which of the following S3 storage classes is ideal for data with unpredictable access patterns?

Amazon S3 Intelligent-Tiering.

What are the AWS Storage options?

Amazon S3, Glacier, and EBS

Which of the following storage mechanisms can be used to store messages effectively which can be used across distributed systems?

Amazon SQS

Which service is used to ensure that messages between software components are not lost if one or more components fail?

Amazon SQS

Which protocols are supported by SNS?

Amazon SQS, HTTP/S, email, SMS, Lambda

Which service would you use to send alerts based on Amazon CloudWatch alarms?

Amazon Simple Notification Service (Amazon SNS)

Which service would you use to send alerts based on Amazon CloudWatch alarms?

Amazon Simple Notification System (SNS)

There is a requirement to move 10 TB data warehouse to the AWS cloud. Which of the following is an ideal service which can be used to move this amount of data to the AWS Cloud?

Amazon Snowball

Which AWS networking service enables a company to create a virtual network within AWS?

Amazon VPC

Which AWS networking service enables a company to create a virtual network within AWS?

Amazon Virtual Private Cloud (Amazon VPC)

False

Amazon maintains complete control over the VPC environment.

An independent collection of AWS computing resources in a defined geography is called?

An AWS region

A distinct location within a geographic area designed to provide high availability to a specific geography is called?

An Availability Zone (AZ)

Question 187 What are the four levels of AWS Premium Support? A. Basic, Developer, Business, Enterprise B. Basic, Startup, Business, Enterprise C. Free, Bronze, Silver, Gold D. All support is free

Answer: A Basic, Developer, Business, Enterprise

Question 194 Which of the following concepts is used when you want to manage the bills for multiple accounts under one master account? A. Consolidated Billing B. Combined Billing C. Cost Explorer D. IAM

Answer: A Consolidating billing

Question 184 What service from AWS can help manage the costs for all resources in AWS? A. Cost Explorer B. Cost Allocation Tags C. AWS Consolidated billing D. Payment History

Answer: A Cost Explorer

Question 132 You are exploring what services AWS has off-hand. You have a large number of data sets that need to be processed. Which of the following services can help fulfil this requirement? A. EMR B. S3 C. Glacier D. Storage gateway

Answer: A EMR

99. You have a public subnet in a VPC and an EC2 instance serving web traffic within that public subnet. Can that EC2 instance be reached via the Internet? A. Yes B. Yes, as long as it has a public IPv4 address. C. Yes, as long as the VPC is marked as public. D. No

B

How can software determine the public and private IP addresses of the EC2 instance that it is running on? A. Query the local instance metadata. B. Query the local instance userdata. C. Query the appropriate Amazon CloudWatch metric. D. Use an ipconfig or ifconfig command.

A. Query the local instance metadata.

The Amazon EC2 web service can be accessed using the _____ web services messaging protocol. This interface is described by a Web Services Description Language (WSDL) document. A. SOAP B. DCOM C. CORBA D. XML-RPC

A. SOAP

Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a _____ DB Instance. A. SQL Server B. MySQL C. Oracle

A. SQL Server

Using SAML (Security Assertion Markup Language 2.0) you can give your federated users single sign-on (SSO) access to the AWS Management Console. A. True B. False

A. True

When creating an RDS instance you can select which availability zone in which to deploy your instance. A. True B. False

A. True

When you create new subnets within a custom VPC, by default they can communicate with each other, across availability zones. A. True B. False

A. True

You can add multiple volumes to an EC2 instance and then create your own RAID 5/RAID 10/RAID 0 configurations using those volumes. A. True B. False

A. True

Question 151 Which of the following is a best practice when working with permissions in AWS? A. Ensure the least privilege access is used B. Use the root account credentials C. Don't use IAM users and groups D. Ensure the highest privilege access is used

Answer: A Ensure the least privilege access is used

Question 193 There is a requirement for hosting a set of servers in the Cloud for a short period of 3 months. Which of the following types of instances should be chosen to be cost effective? A. On-Demand B. Spot Instances C. No Upfront costs Reserved D. Partial Upfront costs Reserved

Answer: A On-Demand

Question 172 Which of these is a document that provides a formal statement of one or more permissions? A. Policy B. Permission C. Role D. Resource

Answer: A Policy

Question 178 What is the service provided by AWS that lets you host Domain Name systems? Please choose on answer from the options below. A. Route 53 B. VPC C. Direct Connect D. VPN

Answer: A Route 53

By default when you create an _______, it will be available only in current region. You can copy an _______ within or across an AWS region using the AWS Management Console, the command line, or the Amazon EC2 API, all of which support the CopyImage action.

AMI

You want to take a snapshot of an EC2 Instance and create a new instance out of it. In AWS what is this snapshot equivalent to?

AMI

What must be specified when launching a new Amazon Elastic Compute Cloud (Amazon EC2) Windows instance?

AMI and Amazon EC2 instance type

What are the minimum elements required to create an Auto Scaling launch configuration?

AMI, Instance Type, Launch configuration name

A company created a solution that will help AWS customers improve their architectures on AWS. Which AWS program may support this company?

APN Consulting Partners

By default who from the below roles has complete administrative control over all resources in the respective AWS account?

AWS Account Owner

Who has control of the data in an AWS account?

AWS Account Owner

Which of the following services allows you to manage your agreements with AWS?

AWS Artifact.

True

AWS Budgets can send alerts via e-mail and/or Amazon SNS.

True

AWS Budgets can track costs associated with multiple dimensions, such as AWS service, linked account, tag, etc.

Which of the following can be used to automate the management of multiple AWS services through scripts?

AWS CLI

Which of the following can be used to work with AWS services in a programmatic manner?

AWS CLI

A company needs to know which user was responsible for terminating several critical Amazon Elastic Compute Cloud (Amazon EC2) Instances. Where can the customer find this information?

AWS Cloud Trail logs

Which of the following services can provide a complete audit trail of all AWS services used within an account?

AWS Cloud Trail logs

Question 173 What acts as a firewall that controls the traffic allowed to reach one or more instances? A. Security group B. ACL C. IAM D. IAM

Answer: A Security group

A company has a DevOps team in its organizational structure. They are looking forward to moving to the AWS Cloud. They are wondering if there is an AWS service that can help them manage infrastructure as code. Which of the following would you suggest for them?

AWS CloudFormation

A company wants to create standard templates for deployment of their Infrastructure. Which AWS service can be used in this regard?

AWS CloudFormation

What AWS tool utilizes edge locations to cache content and reduce latency?

AWS CloudFront

Which AWS service uses Edge Locations for content caching?

AWS CloudFront

You are planning to host your education website on AWS. Most of your video courses will be streamed all around the world. Which of the following AWS services would help you achieve high transfer speeds?

AWS CloudFront

There is an external audit being carried out on your company. The IT auditor needs to have a log of all access to the AWS resources in the company's account. Which of the below services can assist in providing these details?

AWS CloudTrail

Which of the following services helps in governance, compliance, and risk auditing in AWS?

AWS CloudTrail

Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated?

AWS CloudTrail

You noticed that several critical Amazon Elastic Compute Cloud (Amazon EC2) instances have been terminated. Which of the following AWS services would help you determine who took this action?

AWS CloudTrail

You want to monitor the CPU utilization of an EC2 resource in AWS. Which of the below services can help?

AWS CloudWatch

You want to monitor the CPU utilization of an EC2 resource in AWS. Which of the below services can help in this regard?

AWS Cloudwatch

True

AWS Code can be automatically triggered from other AWS services or called directly from a web or mobile app.

What capabilties enable compliance, auditing, security analysis, resource change trakcing, and troubleshooting?

AWS Config

With __________, organizations can discover existing AWS resources, export an inventory of their AWS resources with all configuration details, and describe how a resource was configured at any point in time.

AWS Config

________ is a fully managed service that provides orgs wih an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance.

AWS Config

Which of the below cannot be used to get data onto Amazon Glacier?

AWS Console

True

AWS Cost & Usage Report can be configured to aggregate your usage data to the daily and monthly level.

Which tool can display the distribution of AWS spending?

AWS Cost Explorer

Where can a customer go to get more detail about Amazon Elastic Compute Cloud (Amazon EC2) billing activity that took place 3 month ago?

AWS Cost and Usage reports (Cost Explorer)

Which of the following AWS services should you use to migrate an existing database to AWS?

AWS DMS

A company decides to migrate its Oracle database to AWS. Which AWS service can help achieve this without negatively impacting the functionality of the source database?

AWS Database Migration Service

Your company wants to move an existing Oracle database to the AWS Cloud. Which of the following services can help facilitate this move?

AWS Database Migration Service

Which AWS service would simplify migration of a database to AWS?

AWS Database Migration Service (AWS DMS)

Which AWS network feature can establish a private network connection between AWS and your datacenter?

AWS Direct Connect

Which of the following services helps provide a dedicated connection from on-premise infrastructure to resources hosted in the AWS Cloud?

AWS Direct Connect

_____________ allows organizations to establish a dedicated network connection from their data center to AWS.

AWS Direct Connect

Which of the following is a fully managed NoSQL database service available in AWS?

AWS DynamoDB

Which of the following is a fully managed NoSQL database service available with AWS?

AWS DynamoDB

Which of the below mentioned services can be used to host virtual servers in the AWS Cloud?

AWS EC2

Which of the below mentioned services is equivalent to hosting virtual servers on an on-premise location?

AWS EC2

Which AWS service allows for distribution of incoming application traffic across multiple EC2 instances?

AWS ELB

What does Amazon CloudFront use to distribute content to global users with low latency?

AWS Edge Locations

Which component of AWS Global infrastructure does Amazon CloudFront use to ensure low latency delivery?

AWS Edge Locations

Which AWS Cloud service helps in quick deployment of resources which can make use of different programming languages such as .Net and Java

AWS Elastic Beanstalk

A company wants to utilize AWS storage. For them, low storage cost is paramount, the data is rarely retrieved, and data retrieval times of several hours is acceptable to them. What is the best storage option to use?

AWS Glacier

Your web application is generating digital policy files for verifying users. Once the files are verified, they may not be required in the future unless there are some compliance issues. If you want to save them in a cost-effective way, what is the best possible solution?

AWS Glacier

Which of the following items allow an application deployed on an EC2 instance to write data to S3 in a secure manner?

AWS IAM Roles

An organization runs many systems and uses many AWS products. Which of the following services allow them to control how each developer interacts with these products?

AWS Identity and Access Management

Currently your organization has an operational team that takes care of ID management in their on-premise data center. They now also need to manage users and groups created in AWS. Which of the following AWS tools would they need to use for performing?

AWS Identity and Access Management (IAM)

Which AWS Cloud service is used to turn on Multi-Factor Authentication (MFA)?

AWS Identity and Access Management (IAM)

Which service allows an administrator to create and modify AWS user permissions?

AWS Identity and Access Management (IAM)

Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities?

AWS Inspector

Which service analyzes EC2 Instances against pre-defined security templates to check for vulnerabilities?

AWS Inspector

A company has moved to AWS recently. They have a lot of concerns about their security. Which of the following would help them ensure that the right security settings are put in place?

AWS Inspector, AWS Trusted Advisor

___________ is a managed service that makes it easy for organizations to create and control the encryption keys used to encrypt their data and uses harware security modules (HSMs) to protect the security of your keys.

AWS Key Manage Services (KMS)

Redshift Key Management

AWS Key Management or Hardware security module

Which of the following is a serverless compute offering from AWS?

AWS Lambda

Which of the following services allow you to run your application when needed, without having to provision servers all the time?

AWS Lambda

Which of the following services is a serverless compute service in AWS?

AWS Lambda

AWS allows users to manage their resources using a web based user interface. What is the name of this interface?

AWS Management Console

What AWS feature enables a user to manage services through a web-based user interface?

AWS Management Console

Which of the following needs a user name and password to access AWS resources?

AWS Management Console

What can be used to access AWS Cloud Services?

AWS Management Console AWS Command Line Interface AWS Software Development Kits

Which AWS offering enables customers to find, buy, and immediately start using software solutions in their AWS environment?

AWS Marketplace

Which AWS offering enables customers to find, buy, and immediately start using software solutions in their AWS environment?

AWS Marketplace

Which of the following options of AWS RDS allows for AWS to failover to a secondary database in case the primary one fails?

AWS Multi-AZ

There is a need to automate the creation of sandbox accounts for developers and granting entities in those accounts access only to the necessary AWS services. Which of the following services would help?

AWS Organizations

What is a geographic area that hosts two or more Availability Zones?

AWS Regions

If you want to develop an application in Java, which of the following tools would you use?

AWS SDK

Which of the following can be used to call AWS services from programming languages?

AWS SDK

You have a set of developers that need to use .Net to call AWS Services. Which of the following tools can be used to achieve this purpose?

AWS SDK

You have a Web application hosted in an EC2 Instance that needs to send notifications based on events. Which of the below services can assist in sending notifications?

AWS SNS

Your company is planning to host its applications in the AWS Cloud. Which of the following services can be used to help decouple distributed software systems and components?

AWS SNS,AWS SQS

Your company is planning to host resources in the AWS Cloud. They want to use services which can be used to decouple resources hosted on the cloud. Which of the following services can help fulfill this requirement?

AWS SQS

Which of the following from AWS can be used to transfer petabytes of data from on-premise locations to the AWS Cloud?

AWS Snowball

True

AWS Snowball Edge has two formats: a 100TB version with 24 vCPUs for local storage and large data transfer and a 100TB version with 52 vCPUs and an optional GPU for advanced machine learning and full motion video analysis.

The ______ ___________ is a service connecting an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization's on-premises IT environment and AWS's storage infrastructure. The service enables you to securely store data to the AWS cloud for scalable and cost-effective storage.

AWS Storage Gateway

A company is currently using the Enterprise Support plan. They want quick and efficient guidance with their billing and account inquiries. Which of the following included services could assist them?

AWS Support Concierge

A company is planning to migrate their existing AWS Services to the Cloud. Which of the following would help them do a cost benefit analysis of moving to the AWS Cloud?

AWS TCO Calculator

In order to predict the cost of moving resources from on-premise to the cloud, which of the following can be used?

AWS TCO Calculator

Which of the following is used to derive the costs for moving resources from on-premise to AWS?

AWS TCO calculator

Which AWS service provides infrastructure security optimization recommendations?

AWS Trusted Advisor

Which of the following AWS services can assist you with cost optimization?

AWS Trusted Advisor

Your company is developing a critical application and the security of the application is one of the top priorities. Which of the following AWS services will provide infrastructure security optimization recommendations?

AWS Trusted Advisor

Which of the following allows you to carve out a portion of the AWS Cloud?

AWS VPC

Which of the following networking component can be used to host EC2 resources in the AWS Cloud?

AWS VPC

Which of the following services can be used as a web application firewall in AWS?

AWS WAF

Which of the following services can help protect your web applications from SQL injection and other vulnerabilities in your application code?

AWS WAF

Which of the following is NOT included in the AWS Free TIer?

AWS Web Application Firewall (WAF)

A company is planning to develop an application consisting of hundreds of microservices. They decide to host the application on the AWS Cloud. Since there are a large number of services produced by the application, it needs a powerful tool for analysis and debugging. Which of the following services can best meet this requirement?

AWS X-Ray

AWS Command Line

AWS [options] <command> <subcommand> [parameters]

You have 2 ec2 instances which sit in a custom VPC in a public subnet. You add a 3rd instance to the subnet, but it cannot access the internet. What should you do?

Add an elastic ip address to the new instance

________ records work like a CNAME record in that you can map one DNS name (example.com) to another 'target' DNS name (elb1234.elb.amazonaws.com). They differ from a CNAME record in that they are not visible to resolvers. Resolvers only see the A record and the resulting IP address of the target record.

Alias

An organization has set up consolidated billing with 3 different AWS accounts. Which of the following advantages will the organization receive in terms of the AWS pricing?

All AWS accounts will be charged for S3 storage by combining the total storage of each account

What does "ap" stand for in AWS regions?

Asian Pacific

What API call requests temporary security credentials from the AWS platform when federating with Active Directory

AssumeRoleWithSAML Security Assertion Markup Language (SAML)

Which of the following is a compatible MySQL database which also has the ability to grow in storage size on its own?

Aurora

You have developed a web application that has a ".NET layer"that connects to a MySQL database. Which of the following AWS database deployments would provide automated backups to your application?

Aurora

Which of the following services relates the concept of "Scaling up resources based on demand"?

AutoScaling

Amazon Transcribe

Automatic speech recognition (ASR) service that adds speech-to-text functionality to applications.

Amazon EC2 Auto Scaling

Automatically add or remove EC2 instances according to conditions you define. Includes fleet management features and dynamic and predictive scaling.

Distinct locations within an AWS region that are isolated from failure are called?

Availability Zones (AZ)

The principle "design for failure and nothing will fail"is very important when designing your AWS Cloud architecture. Which of the following would help adhere to this principle?

Availability Zones, Elastic Load Balancer

By placing resources in separate ____________ ___________ , you can protect your _________ from a service disruption.

Availability Zones, applications

162. For which of the following do you not need to worry about operating system updates? A. NAT instance B. NAT gateway C. EC2 instance D. ECS container

B

163. Which of the following does not automatically scale to meet demand? A. DynamoDB B. NAT instance C. SNS topic D. NAT gateway

B

168. With which of the following is an egress-only internet gateway most closely associated? A. IPv4 B. IPv6 C. A NAT instance D. A NAT gateway

B

179. Which of these is not a reason to attach multiple network interfaces to an instance? A. You are creating a management network. B. You are attempting to increase network throughput to the instance. C. You need a high-availability solution and have a low budget. D. You need dual-homed instances.

B

Amazon S3 doesn't automatically give a user who creates a _____ permission to perform other actions on that bucket or object. Therefore, in your IAM policies, you must explicitly give users permission to use the Amazon S3 resources they create. A. file B. bucket or object C. bucket or file D. object or file

B. bucket or object

Amazon Glacier is designed for: (Choose 2 answers) A. active database storage. B. infrequently accessed data. C. data archives. D. frequently accessed data. E. cached session data.

B. infrequently accessed data. C. data archives.

Every user you create in the IAM system starts with ______. A. full permissions B. no permissions C. partial permissions

B. no permissions

If I scale the storage capacity provisioned to my DB Instance by mid of a billing month, how will I be charged? A. you will be charged for the highest storage capacity you have used B. on a proration basis C. you will be charged for the lowest storage capacity you have used

B. on a proration basis

Fill in the blanks: "To ensure failover capabilities, consider using a _____ for incoming traffic on a network interface". A. primary public IP B. secondary private IP C. secondary public IP D. add on secondary IP

B. secondary private IP

If your DB instance runs out of storage space or file system resources, its status will change to _____ and your DB Instance will no longer be available. A. storage-overflow B. storage-full C. storage-exceed D. storage-overage

B. storage-full

One of the most important AWS best practices to follow is the cloud architecture principle of elasticity. How does following this principle improve your architecture's design?

By automatically provisioning the required AWS resources based on changes in demand.

133. Which of the following might you need to create for using a VPC endpoint attached to S3? A. A NAT instance B. A NAT gateway C. An IAM role D. A security group

C

136. What is another name for a bastion host? A. A remote host B. A box host C. A jump server D. A bastion connection

C

141. To which of the following does an internet gateway attach? A. An AWS account B. A subnet within a VPC C. A VPC D. An instance within a subnet

C

143. Which of the following destination routes would be used for routing IPv6 traffic to an internet gateway? A. 0.0.0.0/24 B. 0.0.0.0/0 C. ::/0 D. 192.168.1.1

C

150. At what OSI layer does a classic load balancer operate? A. 4 B. 7 C. 4 and 7 D. 6

C

153. What type of subnets are the default subnets in the default VPC? A. Private B. Hybrid C. Public D. Transport

C

155. Which of the following is not automatically created for an instance launched into a nondefault subnet? A. A private IPv4 address B. A security group C. A public IPv4 address D. A route to other instances in the subnet

C

169. You are responsible for securing an EC2 instance with an IPv6 address that resides in a public subnet. You want to allow traffic from the instance to the Internet but restrict access to the instance. Which of the following would you suggest? A. VPC endpoint B. Internet gateway C. Egress-only internet gateway D. A NAT gateway

C

172. Which of these would be used as the destination address in a routing table for a VPC that uses an egress-only internet gateway? A. 0.0.0.0/0 B. 0.0.0.0/16 C. ::/0 D. ::/24

C

176. How many network interfaces can a single instance have? A. None B. One and only one C. One or more D. At least two, up to five

C

178. To how many instances can an elastic network interface be attached? A. One and only one B. One or more C. One at a time, but it can be moved from one instance to another. D. Up to five

C

59. Can you copy an EBS snapshot across regions? A. Yes, as long as the snapshot is not encrypted. B. Yes, as long as the snapshot is marked for multi-region use. C. Yes D. No

C

61. How many security groups can you attach to a single instance in a VPC? A. None, security groups aren't attached to instances. B. 1 C. 1 or more D. 2 or more

C

63. Which of the following statements is true about a custom, user-created NACL? A. A NACL by default allows all traffic out of a VPC. B. A NACL by default allows all traffic into a VPC. C. A NACL is a virtual firewall for associated subnets. D. A NACL functions at the instance level.

C

184. Which of the following are advantages of an elastic IP? (Choose two.) A. Reduces the number of IP addresses your VPC uses B. Provides protection in case of an instance failure C. Allows all attributes of a network interface to be moved at one time D. Provides multiple IP addresses for a single instance

B,C

21. Which of the following allows you to securely upload data to S3? (Choose two.) A. HTTP endpoints using HTTP B. SSL endpoints using HTTPS C. HTTP endpoints using HTTPS D. SSL endpoints using HTTP

B,C

24. Which of the following are valid steps in enabling client-side encryption for S3? (Choose two.) A. Download the AWS CLI and SSH to your S3 key store. B. Use a KMS-managed customer master key. C. Download an AWS SDK for encrypting data on the client side. D. Turn on bucket encryption for the target S3 buckets.

B,C

True or False: Manually created DB Snapshots are deleted after the DB Instance is deleted. A. TRUE B. FALSE

B. FALSE

Amazon S3 buckets in all other regions (other than US Standard) do not provide eventual consistency for overwrite PUTS and DELETES. A. True B. False

B. False

Amazon S3 buckets in the US Standard region do not provide eventual consistency. A. True B. False

B. False

New database versions will automatically be applied to AWS RDS instances as they become available. A. True B. False

B. False

Placement Groups can be created across 2 or more Availability Zones. A. True B. False

B. False

You can have 1 subnet stretched across multiple availability zones. A. True B. False

B. False

You can select a specific Availability Zone in which to place your DynamoDB Table A. True B. False

B. False

In Amazon CloudWatch, which metric should I be checking to ensure that your DB Instance has enough free storage space? A. FreeStorage B. FreeStorageSpace C. FreeStorageVolume D. FreeDBStorageSpace

B. FreeStorageSpace

Which of the following cannot be used in EC2 to control who has access to specific EC2 instances? A. Security Groups B. IAM System C. SSH keys D. Windows passwords

B. IAM System

When should I choose Provisioned IOPS over Standard RDS storage? A. If you have batch-oriented workloads B. If you use production online transaction processing (OLTP) workloads. C. If you have workloads that are not sensitive to consistent performance D. If you infrequently read or write to the drive.

B. If you use production online transaction processing (OLTP) workloads.

You are a security architect working for a large antivirus company. The production environment has recently been moved to AWS and is in a public subnet. You are able to view the production environment over HTTP however when your customers try to update their virus definition files over a custom port, that port is blocked. You log in to the console and you allow traffic in over the custom port. How long will this take to take effect? A. Straight away but to the new instances only. B. Immediately. C. After a few minutes this should take effect. D. Straight away to the new instances, but old instances must be stopped and restarted before the new rules apply.

B. Immediately.

How are the EBS snapshots saved on Amazon S3? A. Exponentially B. Incrementally C. EBS snapshots are not stored in the Amazon S3 D. Decrementally

B. Incrementally

Amazon RDS automated backups and DB Snapshots are currently supported for only the ______ storage engine. A. MyISAM B. InnoDB

B. InnoDB

You are a systems administrator and you need to monitor the health of your production environment. You decide to do this using Cloud Watch, however you notice that you cannot see the health of every important metric in the default dash board. Which of the following metrics do you need to design a custom cloud watch metric for, when monitoring the health of your EC2 instances? A. CPU Usage B. Memory usage C. Disk read operations D. Network in E. Estimated charges

B. Memory usage

Can I detach the primary (eth0) network interface when the instance is running or stopped? A. Yes B. No C. Depends on the state of the interface at the time

B. No

Can we attach an EBS volume to more than one EC2 instance at the same time? A. Yes B. No C. Only EC2-optimized EBS volumes. D. Only in read mode.

B. No

Does Amazon RDS allow direct host access via Telnet, Secure Shell (SSH), or Windows Remote Desktop Connection? A. Yes B. No C. Depends on if it is in VPC or not

B. No

If an Amazon EBS volume is the root device of an instance, can I detach it without stopping the instance? A. Yes but only if Windows instance B. No C. Yes D. Yes but only if a Linux instance

B. No

Is Federated Storage Engine currently supported by Amazon RDS for MySQL? A. Only for Oracle RDS instances B. No C. Yes D. Only in VPC

B. No

What is the minimum charge for the data transferred between Amazon RDS and Amazon EC2 Instances in the same Availability Zone? A. USD 0.10 per GB B. No charge. It is free. C. USD 0.02 per GB D. USD 0.01 per GB

B. No charge. It is free.

What are the different types of virtualization available on EC2? A. Pseudo-Virtual (PV) & Hardware Virtual Module (HSM) B. Para-Virtual (PV) & Hardware Virtual Machine (HVM) C. Pseudo-Virtual (PV) & Hardware Virtual Machine (HVM) D. Para-Virtual (PV) & Hardware Virtual Module (HSM) Submit

B. Para-Virtual (PV) & Hardware Virtual Machine (HVM)

Before I delete an EBS volume, what can I do if I want to recreate the volume later? A. Create a copy of the EBS volume (not a snapshot) B. Store a snapshot of the volume C. Download the content to an EC2 instance D. Back up the data in to a physical disk

B. Store a snapshot of the volume

Amazon S3 provides; A. Unlimited File Size for Objects B. Unlimited Storage C. A great place to run a No SQL database from D. The ability to act as a web server for dynamic content (i.e. can query a database)

B. Unlimited Storage

Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance? A. No B. Only if instructed to when created C. Yes

C. Yes

Does AWS Direct Connect allow you access to all Availabilities Zones within a Region? A. Depends on the type of connection B. No C. Yes D. Only when there's just one availability zone in a region. If there are more than one, only one availability zone can be accessed directly.

C. Yes

Does DynamoDB support in-place atomic updates? A. It is not defined B. No C. Yes D. It does support in-place non-atomic updates

C. Yes

Will I be alerted when automatic failover occurs? A. Only if SNS configured B. No C. Yes D. Only if Cloudwatch configured

C. Yes

EC2 instances download jobs from SQS queue, but are taking too long to process. What api call can you use to the length of time to process jobs?

ChangeMessageVisibility

AWS Cloud9

Cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. Supports JavaScript, Python, and AWS IoT Greengrass Connectors.

__________ defines a JSON based templating language that can be used to describe all the aws resources that a necessary for a workload.

CloudFormation

What AWS service has built-in Distributed Denial-of-Service (DDoS) attack mitigation?

CloudFront

You are planning to host a large eCommerce application on the AWS Cloud. One of your major concerns is Internet attacks, such as DDoS attacks. Which of the following services can help mitigate this concern?

CloudFront, AWS Shield

Amazon Chime

Communication service, online meetings, video conferencing calls, and chat.

201. For which of the following is AWS not responsible for security? A. Networking infrastructure B. RDS database installations C. S3 buckets D. Networking traffic

D

209. Which of the following can be part of a strategy to avoid accidental data overwriting of S3 data? A. IAM roles B. MFA Delete C. Versioning D. All of these

D

214. Which of the following AWS services is associated with privilege management? A. Internet gateway B. S3-IA C. CloudTrail D. MFA

D

219. Which of the following is one of the security principles recommended by AWS's wellarchitected framework? A. Make sure all users have passwords. B. Only protect data at rest. C. Turn on MFA Delete for S3 buckets. D. Keep people away from data.

D

27. Which of the following encryption key management options is best for managing keys but allowing S3 to handle the actual encryption of data? A. SSE-S3 B. SSE-KMS C. Client-side encryption keys D. SSE-C

D

49. How do you encrypt an RDS instance? A. Enable encryption on the running instance via the CLI. B. Enable encryption on the running instance via the console. C. Run the encryption process on the running instance via the console. D. Enable encryption when creating the instance

D

50. Which of the following will ensure that data on your RDS instance is encrypted? A. Use client-side encryption keys. B. Enable encryption on the running RDS instance via the AWS API. C. Encrypt the instance on which RDS is running. D. None of these will encrypt all data on the instance.

D

Within the IAM service a GROUP is regarded as a: A. A collection of AWS accounts B. It's the group of EC2 machines that gain the permissions specified in the GROUP. C. There's no GROUP in IAM, but only USERS and RESOURCES. D. A collection of users.

D. A collection of users.

You have started a new role as a solutions architect for an architectural firm that designs large sky scrapers in the Middle East. Your company hosts large volumes of data and has about 250Tb of data on internal servers. They have decided to store this data on S3 due to the redundancy offered by it. The company currently has a telecoms line of 2Mbps connecting their head office to the internet. What method should they use to import this data on to S3 in the fastest manner possible. A. Upload it directly to S3 B. Purchase and AWS Direct connect and transfer the data over that once it is installed. C. AWS Data pipeline D. AWS Import/Export

D. AWS Import/Export

In Identity and Access Management, when you first create a new user, certain security credentials are automatically generated. Which of the below are valid security credentials? A. Access Key ID, Authorized Key B. Private Key, Secret Access Key C. Private Key, Authorized Key D. Access Key ID, Secret Access Key

D. Access Key ID, Secret Access Key

IAM provides several policy templates you can use to automatically assign permissions to the groups you create. The _____ policy template gives the Admins group permission to access all account resources, except your AWS account information. A. Read Only Access B. Power User Access C. AWS CloudFormation Read Only Access D. Administrator Access

D. Administrator Access

Through which of the following interfaces is AWS Identity and Access Management available? A. AWS Management Console B. Command line interface (CLI) C. IAM Query API D. All of the above

D. All of the above

Which Amazon storage do you think is the best for my database-style applications that frequently encounter many random reads and writes across the dataset. A. None of these B. Amazon Instance Storage C. Any of these D. Amazon EBS

D. Amazon EBS

Without _____, you must either create multiple AWS accounts, each with its own billing and subscriptions, or your employees must share the security credentials of a single AWS account. A. Amazon RDS B. Amazon Glacier C. Amazon EMR D. Amazon IAM

D. Amazon IAM

When you resize the Amazon RDS DB instance, Amazon RDS will perform the upgrade during the next maintenance window. If you would rather perform the change now, specify the _____ option. A. ApplyNow B. ApplySoon C. ApplyThis D. ApplyImmediately

D. ApplyImmediately

While creating an EC2 snapshot using the API, which Action should I be using? A. MakeSnapShot B. FreshSnapshot C. DeploySnapshot D. CreateSnapshot

D. CreateSnapshot

Please select the Amazon EC2 resource which can be tagged. A. Key pairs B. Elastic IP addresses C. Placement groups D. EBS snapshots

D. EBS snapshots

What does Amazon ELB stand for? A. Elastic Linux Box B. Encrypted Linux Box C. Encrypted Load Balancing D. Elastic Load Balancer

D. Elastic Load Balancer

What action is required to establish a VPC VPN connection between an on-premises data center and an Amazon VPC virtual private gateway? A. Modify the main route table to allow traffic to a network address translation instance. B. Use a dedicated network address translation instance in the public subnet. C. Assign a static Internet-routable IP address to an Amazon VPC customer gateway. D. Establish a dedicated networking connection using AWS Direct Connect.

D. Establish a dedicated networking connection using AWS Direct Connect.

Amazon RDS supports SOAP only through _____. A. HTTP or HTTPS B. TCP/IP C. HTTP D. HTTPS

D. HTTPS

While signing in REST/ Query requests, for additional security, you should transmit your requests using Secure Sockets Layer (SSL) by using _____. A. HTTP B. Internet Protocol Security(IPsec) C. TLS (Transport Layer Security) D. HTTPS

D. HTTPS

What happens to the I/O operations while you take a database snapshot? A. I/O operations to the database are suspended for an hour while the backup is in progress. B. I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is in progress. C. I/O operations will be functioning normally D. I/O operations to the database are suspended for a few minutes while the backup is in progress.

D. I/O operations to the database are suspended for a few minutes while the backup is in progress.

What is a Security Group? A. None of these. B. A list of users that can access Amazon EC2 instances. C. An Access Control List (ACL) for AWS resources. D. It acts as a virtual firewall that controls the traffic for one or more instances.

D. It acts as a virtual firewall that controls the traffic for one or more instances.

State Manager

Define and maintain consistent OS configurations to comply with your policies. Monitor configuration over large number of instances, automatically apply configuration changes. Part of AWS Systems Manager.

Maintenance Window

Define recurring window of time to run administrative and maintenance tasks across instances. Part of AWS Systems Manager.

Amazon RDS on VMware

Deploy managed databases in on-premises VMware environments using RDS technology.

You have developed a web application targeting a global audience. Which of the following will help you achieve the highest redundancy and fault tolerance?

Deploy the application in Multiple AZs in many AWS regions.

Amazon ElastiCache

Deploy, operate, and scale in-memory cache in the cloud for memcached and Redis.

Which of the following examples supports the cloud design principle "design for failure and nothing will fail''?

Deploying an application in multiple Availability Zones

Which of the following can be used to increase the fault tolerance of an application?

Deploying resources across multiple Availability Zones

A company has developed an eCommerce web application and the application needs an uptime of at least 99.5%. Which of the following deployment strategies should they use?

Deploying the application across multiple Regions

Your company handles a crucial e-commerce application. This applications needs to have an uptime of at least 99.5%. There is a decision to move the application to the AWS Cloud. Which of the following deployment strategies can help build a robust architecture for such an application?

Deploying the application across multiple Regions

You have a mission-critical application which must be globally available at all times. If this is the case, which of the below deployment mechanisms would you employ?

Deployment to multiple Regions

Data that is stored on an Amazon EBS volume will persist independently of the life of the instance, If you are using an Amazon _____________ as a root partition, you will need to set the Delete On Terminate flag to "N" if you want your Amazon _______________ to persist outside the life of the instance.

EBS volume

You can assign one or more secondary private IP addresses to an Elastic Network Interface or an ____________ in Amazon VPC.

EC2 Instance

Why is AWS more economical than traditional data centers for applications with varying compute workloads?

EC2 Instances can be launched on-demand when needed

". operating system privileges can be obtained only when you deploy your DataBase in ________, and not _________.

EC2/RDS

In order to implement best practices when dealing with a "Single Point of Failure,"you should aim to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help?

ELB, Auto Scaling

There is a need to analyze and process a large number of data sets. Which of the following services can help fulfill this requirement?

EMR

You are exploring what services AWS has off-hand. You have a large number of data sets that need to be processed. Which of the following services can help fulfill this requirement?

EMR

Data Pipeline

ETL process for Cloud & on-premise resources

What is AWS Glue?

Extract, transform, and load (ETL) service that allows customers to prepare and load their data for analytics

Amazon S3 Glacier

Extremely low cost storage for data archiving and long-term backup. Offers query-in-place functionality for analytics directly on the archived data.

Name a protocol not supported by SNS.

FPS. SNS supported protocols are: Amazon SQS, HTTP/S, email, SMS, Lambda

, it is possible to explicitly reserve capacity for a placement group. T or F?

False

A placement group can span multiple Availability Zones. T or F?

False

T/F: A data center can be used for more than one Availability Zone

False

T/F: AWS IAM is appropriate for OS and application authentication

False

T/F: AWS is responsible for the security of everything about the hypervisor layer

False

T/F: Access Control Lists are used to make entire buckets public

False

T/F: By default, all data stored in S3 is viewable by the public

False

T/F: Private subnets have direct access to the Internet

False

A VPC can have 3 internet gateways attached to it?

False, A VPC can only have one internet gateway attached to it

Amazon S3 buckets in the US standard region do NOT provide eventual consistency

False, Amazon S3 buckets in the US standard region do provide eventual consistency

If you make an ami public, this AMI is immediately available across all regions by default (t/f)

False, If you make an ami public, the AMI is NOT immediately available across all regions by default (t/f)

Messages can NOT be customized for each protocol used in SNS?

False, Messages can NOT be customized for each protocol used in SNS.

Is RDS an OLAP? (T/F)

False, RDS is Online Transaction Processing (OLTP)

SNS is PULL based rather than PUSH based?

False, SNS is PUSH based.

An SQS message can NOT be delivered multiple times?

False, SQS messages can be delivered multiple times

SQS was the second service on AWS?

False, SQS was the first

Amazon Simple Queue Service (SQS) was the 3rd service on AWS (t/f) ?

False, SQS was the first.

Fn::GetAZs returns a list of regions? (t/f)

False, The intrinsic function Fn::GetAZs returns an array that lists Availability Zones for a specified region. Because customers have access to different Availability Zones, the intrinsic function Fn::GetAZs enables template authors to write templates that adapt to the calling user's access. That way you don't have to hard-code a full list of Availability Zones for a specified region.

You are required to patch the operating system (OS) and application in Amazon Relational Database Service (RDS)?

False, You are NOT required to patch the operating system (OS) and application in Amazon Relational Database Service (RDS)

You can have 1 subnet attached across multiple availability zones (t/f)

False, You can have more than 1 subnet attached across multiple availability zones

A scan is more efficient than query in terms of performance? (T/F)

False, a query is more efficient that a scan in terms of performance.

A subnet can only be associated with MULTIPLE Access Cotnrol List (ACL)

False, a subnet can be associated with only one network ACL at a time.

amazon s3 buckets in all other regions (other than us standard) do NOT provide eventual consistency for overwrite PUTS and DELETES (t/f)

False, amazon s3 buckets in all other regions (other than us standard) DO provide eventual consistency for overwrite PUTS and DELETES (t/f)

Unlike Cloud formation, Elastic Beanstalk itself is not free AND you must pay for the resource it provisions?

False, both Elastic Beanstalk and Cloud Formation are free, but you must pay for the underlying resources.

Amazon s3 provides unlimited file size for objects

False, it provides unlimited storage, but there is a maximum file size

An instance does NOT retain its private IP address in Amazon Virtual Private Cloud (VPC)?

False, it retains its IP address (weird question)

DynamoDB local secondary indexes are fixed at 10 per table?

False, local secondary indexes are fixed at 5 per table.

There are more regions than edge locations?

False, there are more edge locations than regions

There is a hard limit on how much data you can store on s3?

False, there is no hard limit on how much data you can store on s3.

DynomaDB writes are measured in 2 KB per write?

False, they are measured in 1 KB per write.

AWS recommends storing credentials on Ec2 over using IAM roles? (T/F)

False, use IAM roles

You may only have 1 internet gateway per virtual private cloud (VPC)

False, you may have more than one internet gateway (IG) per Virtual Private Cloud (VPC)

Elastic beanstalk is object based storage?

False. An application version points to an Amazon Simple Storage Service (Amazon S3) object that contains the deployable code such as a Java WAR file.

Apache MXNet on AWS

Fast and scalable training and inference framework with API for machine learning. Includes the Gluon interface.

What is Amazon CloudFront?

Fast content delivery network service that securely delivers data, videos, applications and API's to customers. Massively scaled and globally distributed. Used by Hulu and Prime Video for streaming

Amazon QuickSight

Fast, cloud-powered BI service. Supports interactive dashboards for browser and mobile devices. SaaS solution.

Amazon Redshift

Fast, scalable data warehouse. Uses machine learning to deliver faster performance than traditional warehouses.Supports petabytes of data.

What is defined as the ability for a system to remain operational even if some of the components of that system fail?

Fault tolerance

What is defined as the ability for a system to remain operational even if some of the components of that system fail?

Fault tolerance

Object Based storage is synonymous with?

File based storage

AWS Elemental MediaConvert

File-based video transcoding service with broadcast-grade features.

AWS Security Features

Firewalls, Subnets TLS Encryption Direct connections DDos Mitigation Deployment Management Inventory/Config Management Template Management Data Encryption Key Management HSMs IAM Multi-Factor Authentication Integrated/Federated Directories Monitoring & Logging

When are free data transfers applicable across AWS?

Free inbound data transfer for EC2 instances, Free outbound data transfer between services within the same region

AWS IoT Events

Fully managed IoT service for detecting and responding to events from IoT sensors and applications. Events are patterns of data identifying more complicated circumstances than expected.

Amazon AppStream 2.0

Fully managed application streaming service. Centrally manage desktop applications and securely deliver them to any computer.

What is AWS CodeBuild?

Fully managed continuous integration service that compiles source code, runs tests and produces software packages ready to deploy.

Amazon Quantum Ledger Database (QLDB)

Fully managed ledger database that provides transparent, immutable, and cryptographically verifiable transaction log. Change history is immutable - it cannot be changed or deleted.

Amazon CloudSearch

Fully managed search service in the AWS Cloud that makes it simple to add a search solution to your website or application.

What is the Amazon API Gateway?

Fully managed service for developers to create, publish, maintain and monitor API's at any scale. You pay for the API calls you receive and the amount of data transferred out

AWS IoT Device Defender

Fully managed service that helps secure the fleet of IoT devices. Continuously audits device configurations and encrypts device data. Continuous monitoring of security metrics.

AWS Ground Station

Fully managed service that lets you control satellite communications, downlink and process satellite data, and scale satellite operations quickly.

Amazon Elastic Container Registry (ECR)

Fully-managed Docker container registry used to store, manage, and deploy Docker container images.

AWS Glue

Fully-managed ETL service for AWS. Also creates a metadata catalog that is immediately searchable, queryable, and available for ETL.

CodeBuild

Fully-managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy. Use pre-packaged build environments or create custom environments.

CodePipeline

Fully-managed continuous delivery service that automates release pipelines for fast and reliable application and infrastructure updates. Automates build, test, and deploy.

Amazon FSx for Lustre

Fully-managed file system optimized for compute-intensive workloads, such as machine learning. Integrated with S3.

Amazon Neptune

Fully-managed graph database servicefor applications that work with highly connected datasets.

Amazon Forecast

Fully-managed machine learning service used to deliver forecasts. Uses time series data and additional variables.

Amazon SQS

Fully-managed message queueing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Can store messages for up to 14 days.

Amazon FSx for Windows File Server

Fully-managed native Windows file system. Includes full support for SMB, NTFS, Active Directory, and Distributed File System.

SageMaker

Fully-managed platform that enables developers and data scientists build, train, and deploy machine learning models at any scale.

Amazon SNS

Fully-managed pub/sub messaging service that enables you to decouple and scale microservices, distributed systems, and serverless applications.

Amazon Managed Blockchain

Fully-managed service for creating and managing scalable blockchain networks using Hyperledger Fabric and Ethereum. Amazon Quantum Ledger Database is an associated service that can store the blockchain ledger.

AWS IoT Analytics

Fully-managed service that makes it easy to run and operationalize analytics for massive volumes of IoT data. Filters, transforms, and enriches IoT data before storing it in a time series data store.

AWS CodeCommit

Fully-managed source control service using private Git repositories. Securely store anything from source code to binaries.

Amazon Timestream

Fully-managed time series database for IoT and operational applications. Store and analyze trillions of events per day.

Amazon Workspaces

Fully-managed, secure cloud desktop service. Provision Windows or Linus desktop within minutes.

Amazon WorkDocs

Fully-managed, secure enterprise storage and sharing service with administrative controls and feedback capabilities.

_______ instances work best for applications with massive parallelism, for example workloads using thousands of threads. You can cluster _______ instances into a placement group.

GPU

Instances are grouped into 5 families: __________________.

General Purpose, Compute Optimized, Memory Optimized, GPU, and Storage Optimized instances.

You are going to create snapshots from EBS volumes in another geographical location using the console. Where would you create the snapshots?

In another Region

You are working on a project that involves creating thumbnails of millions of images; however, consistent uptime is not really an issue, and continuous processing is not required. Which type of EC2 buying option would be the most cost-effective?

Spot instances

What is Amazon S3 (Simple Storage Service)?

Storage for the internet designed to make web-scale computing easier for developers

What can you use S3 for with your web application?

Store static content such as images, video, javascript, etc

You must launch your ________ instances using an EBS volume as the root device.

T2

As part of the Enterprise support plan, who is the primary point of contact for ongoing support needs?

TAM

_______ enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment. Each _______ consists of a key and an optional value, both of which you define. Using a consistent set of _______ keys makes it easier for you to manage your resources. You can search and filter the resources based on the ________ you add. You can use ________ to organize your AWS bill to reflect your own cost structure. To do this, sign up to get your AWS account bill with ________ key values included.

Tags

AWS Serverless Application Model (SAM)

Template that defines the AWS resources used by applications in the AWS Serverless Application Repository.

What is Amazon VPC?

Lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. Complete control including IP address range, subnets, network gateways, etc

Application Load Balancer

Load balancing of HTTP and HTTPS traffic and provides advanced request routing. Operates at Layer 7 of the OSI model. Routes traffic within VPC.

Network Load Balancer

Load balancing of TCP traffic. Operates at Layer 4 of the OSI model. Routes traffic within the VPC.

Amazon Kinesis Data Firehose

Load streaming data into data stores and analytical tools. Includes S3, Redshift, Elasticsearch, and Splunk, enabling near real-time analytics with existing BI tools.

Amazon VPC

Logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

AWS provides a storage option known as Amazon Glacier, which is designed for____________ & ______________.

Long-term analytics, Active archive storage

AWS Support has five different severity levels for support cases. What are they?

Low, Normal, High, Urgent, Critical

As per the AWS Acceptable Use Policy, penetration testing of EC2 instances:

May be performed by the customer on their own instances with prior authorization from AWS.

According to the AWS Acceptable Use Policy, penetration testing of EC2 instances:

May be performed by the customer on their own instances without prior authorization from AWS.

Amazon Elastic Transcoder

Media transcoding in the cloud. Convert media files from their source format into version that will play back on devices like smartphones, tablets, and PCs.

What are the two Elasticache engines offered?

Memcached and Redis

How long can SQS messages be?

Messages can contain up to 256 KB of text in any format

What is an optional security control that can be applied at the subnet layer of a VPC?

Network ACL

Do Availability Zones (AZ) automatically sync data between them?

No, not in terms of EBS and EC2

Do static hosted websites on S3 have www in their names?

No, static hosted websites on S3 do NOT have www in their names

Is 1 TB the largest size file you can transfer to S3 using a PUT?

No, the largest is 5GB. After 5 GB you must use multipart upload

Are autoscaling, Elastic Beanstalk, and Cloud formation chargeable?

No, the resources they use are.

Are newly created S3 buckets public by default?

No, they are not public by default

TXT Records

Text records

Must you use the appropriate OS when encrypting an EBS volume?

No, used to be the case, but now you can encrypt upon creation

Amazon Corretto

No-cost, production-ready distribution of the Open Java Development Kit (OpenJDK). Supports Amazon Linux 2, Windows, and MacOS

You are designing an e-commerce web application that will scale to hundreds of thousands of concurrent users. Which database technology is best suited to hold the session state?

NoSQL Database table using Amazon DynamoDB

Non-Relational

NoSQL Databases (e.g. DynamoDB, MongoDB

A Basic Support Plan allows how many support cases per month?

None

NoSQL Notes: NoSQL : RDS collection: table document: row key value pair: fields _id is required can embed key value pairs (KVP) embedded data = nested KVP

Not a question

Redshift Availability

Not across AZs; can restore snapshot to new AZ

The data types DynamoDB supports are _________________

Number, String, Binary, and Boolean.

Redshift

OLAP Data-warehousing Database that is a petabyte-scale data warehouse service in the cloud; It is 10x faster than traditional data warehousing

In Amazon VPC, __________ have complete _______ over the virtual environment, including selection of IP address range, creation of subnets, and the configuration of route tables and network gateways.

Organizations, control

There is a requirement hosting a set of servers in the Cloud for a short period of 6 months. Which of the following types of instances should be chosen to be cost effective?

On-Demand

There is a requirement to host a set of servers in the Cloud for a short period of 3 months. Which of the following types of instances should be chosen to be cost effective?

On-Demand

You want to run a questionnaire application for only one day (without interruption), which AWS EC2 purchase option would you choose?

On-demand instances

You have 2 accounts in your AWS account. One for the Dev and the other for QA. All are part of consolidated billing. The master account has purchased 3 reserved instances. The Dev department is currently using 2 reserved instances. The QA team is planning on using 3 instances of the same instance type. What is the pricing tier of the instances that can be used by the QA Team?

One Reserved and 2 on-demand

In a physical data center, security is typically considered in what area?

Only on the perimeter

When can you give an EC2 instance a role?

Only upon creation

The Trusted Advisor service provides insight regarding which four categories of an AWS account?

Performance, cost optimization, security, and fault tolerance

AWS Organizations

Policy-based management for multiple AWS accounts. Group accounts, automate account creation, apply and manage policies for the groups. Create service control policies (SCPs). Simplify billing for multiple accounts - consolidate billing.

Your company is planning to move to the AWS Cloud. You need to give a presentation on the cost perspective when moving existing resources to the AWS Cloud. When it comes to Amazon EC2, which of the following is an advantage when it comes to the cost perspective?

The ability to only pay for what you use

In Amazon Simple Workflow Services (SWF), what is a decider?

The decider is a program that controls the coordination of tasks, i.e. their ordering, concurrency, and scheduling according to the application logic.

Amazon Redshift Spectrum

Query exabytes of data in your data lake built on Amazon S3.

AWS Serverless Application Repository

Quickly deploy code samples, components, and complete applications for common use cases, such as web back ends, event and data processing, etc.

What is AWS Business Intelligence (BI) tool?

Quicksight

Miller is working with a large data set, and he needs to import it into a relational database service. What AWS service will meet his needs?

RDS

You can also purchase __________ Instances to apply to _________ instances that you intend to purchase in the future. As long as the reservation and instance specifications match, the discount will be applied.

Reserved, On-Demand,

What are 3 characteristics of the Auto Scaling service on AWS?

Responds to changing conditions by adding or terminating Amazon EC2 instances, Launches instances from a specified Amazon Machine Image (AMI), Enforces a minimum number of running Amazon EC2 instances

Which statement is true regarding the AWS shared responsibility model?

Responsibilities vary depending on the services used.

In the shared responsibility model, what is AWS's responsibility?

Restricting access to datacenters Proper destruction of decommisioned disks Patching of firmware for the hardware on which your AWS resources reside

Your web application needs four instances to support steady traffic all of the time. On the last day of the month, the traffic triples. What is the most cost-effective way to handle this pattern?

Run 4 reserved instances constantly, then add 8 on-demand instances on the last day of the month

A user is planning to host a scalable, dynamic web application on AWS. Which service may not be required by the user to achieve automated scalability?

S3

What service offers object (file) based storage?

S3

What is the feature provided by AWS that enables fast and secure transfer of files over long distances between your client and your Amazon S3 bucket?

S3 Transfer Acceleration

What are the characteristics of Amazon S3?

S3 allows you to store unlimited amounts of data., Objects are directly accessible via a URL.

What can be used as a storage class for an S3 object lifecycle policy?

S3 standard access, Amazon glacier, S3 infrequent access

Amazon __________ stores unstructured blobs and suited for storing large objects up to 5 TB. In order to optimize your costs across AWS services, large objects or infrequently accessed data sets should be stored in Amazon __________, while smaller data elements or file pointers are best saved in Amazon __________.

S3, S3, DynamoDB

Amazon ______ allows applications to send time-critical messages to multiple subscribers through a "push" mechanism, eliminating the need to periodically check or "poll" for updates.

SNS

What AWS service can you use to "fan out" SQS messages to multiple queues?

SNS

Name the certifications and standards with which AWS complies:

SOC1,2 & 3 FISMA FedRAMP PCI DSS ISO 9001, 27001, and 27018

Amazon Kinesis Data Analytics

SQL users can easily query streaming data or build entire streaming applications using templates and an interactive SQL editor. Analyze streaming data in real-time without complexity of building, managing, and integrating streaming applications with other AWS services.

AWS Budgets

Set custom budgets that alert you when your costs or usage exceed or are forecasted to exceed your budgeted amount. Can be tracked at the monthly, quarterly, and yearly level with custom start and end dates.

In AWS, which security aspects are the customer's responsibilities?

Set password complexity rules, Network traffic protection

Kim is managing a web application running on the AWS Cloud. The application is currently utilizing eight EC2 servers for its computing platform. Earlier today, two of those web servers crashed; however, none of her customers were affected. What has Kim done correctly in this scenario?

She has properly built a fault tolerant system.

Your company is planning to offload some of the batch processing workloads on to AWS. These jobs can be interrupted and resumed at any time. Which of the following instance types would be the most cost effective to use for this purpose?

Spot

You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost-effective way. Which of the following will meet your requirements?

Spot Instances

When using On-Demand instances in AWS, which of the following is a false statement when it comes to the costing for the Instance?

You have to pay a termination fee

When using on-demand instances in AWS, which of the following is a false statement about its cost?

You have to pay the termination fees if you terminate the instance

What does a 404 error mean?

The resource being accessed is not available on the server

Direct Connect

a dedicated network connection from your premises to AWS

Massively Parallel Processing

a form of multiprocessing that speeds processing by linking hundreds or thousands of processors to operate at the same time, or in parallel, with each processor having its own bus, memory, disks, copy of the operating system and applications

Amazon API Gateway

a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.

In Amazon DynamoDB, an attribute is _________

a fundamental data element

What must be configured on an Elastic Load Balancing load balancer to accept incoming traffic?

a listener

Which of the following is the concept of Auto Scaling?

To scale up resources based on demand

What AWS tool compares the cost of running your application in an on-premises data center to AWS?

Total Cost of Ownership (TCO) calculator

What AWS tool compares the cost of running your application in an on-premises data center to AWS?

Total cost of ownership (TCO) calculator

Which of the following is NOT one of the four areas of the performance efficiency pillar?

Traceability

Which of the following is not one of the four areas of the performance efficiency pillar?

Traceability

RDS

Transactional Databases; (e.g. MySQL, SQL, Postgres, Oracle)

What is the ability provided by AWS to enable fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket?

Transfer Acceleration

What is the ability provided by AWS to enable very fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket?

Transfer Acceleration

AWS Lambda

a service to run code without managing compute resources in response to events and triggers

A scan reads every item in a table or secondary index?

Tru

A Reserved Instance is associated with a specific region, which is fixed for the duration of the reservation's term. T or F?

True

A global secondary index contains a selection of attributes from the table, but are organized by a primary key that is different from the table's? (T/F)

True

Amazon Simple Workflow Service (SWF) is sueful for automating workflows that include long running human tasks (e.g. approvals, reviews, investigations, etc). Amazon SWF reliably tracks the status of processing steps that run up to several days or months.

True

DynamoDB is a NoSQL database by AWS?

True

In DynamoDB, you specify provisioned throughput requirements in terms of capacity units?

True

Is DynamoDB NoSQL?

True

Is ElastiCache in memory?

True

Is Redshift OLAP? (T/F)

True

Local secondary indexes give your table a choice of sort keys?

True

Maintaining your applications execution state (e.g. which steps have completed, which ones are running) is a perfect use case for SWF?

True

Multiple policies can be attached to an IAM role. T or F?

True

One read capacity unit represents one strongly consistent read per second, or two eventually consistent reads per second, for items up to 4 KB in size?

True

Only one internet gateway can be allowed inside a VPC. T or F?

True

SWF consists of a domain, worker, and decider?

True

T/F: A region is a physical location that has multiple availability zones

True

T/F: AWS offers services like Virtual Private Cloud, Consolidated Billing, Auto Scaling and Cloud Formation at no charge

True

T/F: AWS owns and maintains the network-connected hardware required for application services, while you provisor and use what you need

True

T/F: Amazon RDS automatically patches the database software and backs up your database, storing the backups for a user-defined retention period and enabling point-in-time recovery

True

T/F: Availability Zones within a region are connected through low-latency links

True

T/F: Each Availability Zone is designed to be isolated from failures in other Availability Zones

True

T/F: Each region is located in a separate physical geographic area

True

T/F: S3 is an object storage suitable for the storage of "flat" files like Word docs, photos, etc

True

T/F: Using IAM Groups is the recommended way to manage IAM users' permissions by job function

True

T/F: You can launch multiple instances of different types from a single AMI when launching an EC2 instance.

True

True or False: You cannot switch roles on an AWS resource when signed in as root user?

True

VPCs currently cannot be addressed from IPv6 IP address ranges. T or F?

True

When you create a table, you specify how much provisioned throughput capacity you want to reserve for reads and writes?

True

When you purchase a Reserved Instance you specify the Availability Zone in which you want to reserve capacity for instances. T or F?

True

You can't terminate, stop, or delete a resource based solely on its tags; you must specify the resource identifier. T or F?

True

An EC2 which needs its private and public ip address should Retrieve the instance metadata from http://169.254.169.254? (T/F)

True, An EC2 which needs its private and public ip address should Retrieve the instance metadata from http://169.254.169.254.

Cloud formation is free; however, the resources it provisioned will be charged at the usual rates

True, Cloud formation is free; however, the resources it provisioned will be charged at the usual rates

IAM allows you to manage these 3 things: Users, Groups, Roles? (t/f)

True, IAM allows you to manage these 3 things: Users, Groups, Roles

AWS Data Pipeline

Web service that helps you reliably process and move data between compute and storage services, as well as on-premises data sources, at specified intervals. Supports complex data workloads that are fault tolerant.

What is Amazon EC2?

Web service that provides secure, resizable compute capacity in the cloud

Amazon EC2

Web service that provides secure, resizable compute capacity in the cloud. Virtual servers.

S3 Lifecycle Management

enables you to automatically archive your objects to the Glacier Storage Class and/or remove them after a specified time period.

User

end-user

Workspaces

end-user computing

AWS Direct Connect

establish private connectivity between AWS and your datacenter, office, or co-lo reduce network costs, increase bandwidth throughput, provide more consistent network experience than internet-based connections (alternative to using internet for AWS)

The default number of VPCs allowed in an AWS region is 4?

false, 5 is the default number of VPCs allowed in each AWS region

amazon s3 buckets in all other regions (other than us standard) provide read after write consistency for PUTS of new objects (t/f)

false, amazon s3 buckets in all other regions (other than us standard) do NOT provide read after write consistency for PUTS of new objects (t/f)

you can select a specific availability zone in which to place your dynamo DB table (t/f)

false, you can NOT select a specific availability zone in which to place your dynamo DB table

Basic Monitoring provides metrics at ____________ frequency for Amazon EC2 instances are free of charge, but you have to pay for _________ frequency.

five-minute, One minute

Power User Access

full access except user and group management

Simple Storage Service

fully redundant data storage for object-based storage

Elastic Beanstalk

platform to develop scalable web apps

Elastic MapReduce

processes vast amounts of data using Hadoop across clusters of EC2 instances

in the shared responsibility model, what is aws's responsibility?

restricting access to data centers proper destruction of decommissioned disks patching of firmware

you have an ec2 instance which needs to find out both its private ip address and its public ip address

retrieve instance metadata from http://169.254.169.254/latest/metadata/

PTR Records

servers a domain name when given an IP

In the event of a planned or unplanned outage of your DB instance, Amazon RDS automatically switches to a _____________ in another Availability Zone if you have enabled Multi-AZ. However, you can't use the secondary database ____________ as an independent read replica.

standby replica

Compute Node

store data and perform queries and computations (128 max nodes)

Who is responsible for management of the guest OS (including updates and security patches), any application software or utilities you install on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. Amazon or the subscriber?

subscriber

S3 Functionality

• Multipart uploads • Cloud Front CDN Integration • Resume/Stopped file uploads • Eventual Consistency

When a ___________ is created, Amazon SNS will assign a unique ARN (Amazon Resource Name) to the __________, which will include the service name (SNS), region, AWS ID of the user and the ________________ name.

topic

A visibility timeout is a period of time during which AWS SQS prevents other consuming components from receiving and processing the message?

true

AWS SQS long polling allows the SQS service to wait until a message is available in the queue before sending a response?

true

you can have multiple ssl certs (for multiple domain names) on a single ELB?

true, you can have multiple ssl certs (for multiple domain names) on a single ELB

At a minimum, the goal is to have an independent copy of each application stack in ______ or more Avaliability zones

two

Immediate (Strong) Consistency

updates to a database is streamed consistently and non-writing nodes cannot read until the writing is complete

what is the default region for all SDKs

us-east-1

When you launch an instance in Amazon EC2, you have the option of passing _____________ to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of _____________ to Amazon EC2: shell scripts and cloud-init directives.

user data

Administrator Access

user that has full control

Dedicated Tenancy

will make all EC2 instances deployed on dedicated hardware

The name of an S3 bucket must be unique _______

worldwide across all AWS accounts

What languages and development stacks are not supported by the AWS elastic beanstalk?

Jetty for JBoss application (weird question) AWS Elastic Beanstalk supports Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker web applications.

Amazon DynamoDB

Key-value and document database that delivers millisecond performance at any scale. Fully managed, multi-region, multi-master database with built-in secure back up and restore.

You can use Route 53 health checks to check for the presence of a designated string in a server response by selecting the ___________________ option.

"Enable String Matching"

When launching an EC2 instance on Amazon Web Services, the EBS volume is set to ______________ by default. So you will need to set the ____________________ flag to "N".

'Delete on Termination'

Access Control Lists

- acts like firewall for subnet - across multiple subnets - overrules security groups - rules evaluated from lowest to greatest - default traffic permissions denies inbound and outbound

S3 Versioning

- can preserve, and restore from every version of an object stored - once enabled can't be disabled -delete a delete marker to restore file

RDS Availability

- 2 copies stored in each AZ -Minimum of 3 AZs - Can lose 2 copies w/o affecting write availability - Can lose 3 copies w/o affecting read availability -self-healing

RDS Features

- 3 TB Max Volume - Backup Retention Period - Max 35 days - Not allowed to RDP/SSH into underlying server - resizable instances - New endpoint from snapshot restoration - Cannot use secondary database as read node - 30,000 max IOPS

VPC Restrictions

- 5 Elastic IPs - 5 Internet Gateways - 5 VPCs per region - 50 VPN connections per region - 50 customer gateways per region - 200 route tables per region - 100 security groups per VPC

Which of the below can be used to get data onto Amazon Glacier? (Choose 3 Options)

- AWS Glacier API - AWS S3 Lifecycle policies - AWS Glacier SDK

Which of the following are 2 ways that AWS allows to link accounts?

- AWS Organizations - Consolidating billing

Which of the following can be used to protect against DDoS attacks?(Choose 2 Options)

- AWS Shield - AWS Shield Advanced

Your company is planning on moving to the AWS Cloud. Once the movement to the Cloud is complete, they want to ensure that the right security settings are put in place. Which of the below tools can assist from a Security compliance? (Choose 2 Options)

- AWS Trusted Advisor - AWS Inspector

Which of the following services helps provide a connection from on-premise infrastructure to resources hosted in the AWS Cloud? (Choose 2 Options)

- AWS VPN - AWS Direct Connect

Which AWS services can be used to store files? (Choose 2 Options)

- Amazon Elastic Block Store (Amazon EBS) - Amazon Simple Storage Service (S3)

Which of the following are right principles when designing cloud based systems? (Choose 2 Options)

- Assume everything will fail - Build loosely-coupled ...

Which of the following are features of an edge location? (Choose 3 Options)

- Cache common responses - Used in conjunction with the CloudFront service - Distribute content to users

You are developing and planning on deployment an application onto the AWS Cloud. This application needs to be PCI Compliance. Which of the below steps would you carry out to ensure the compliance is met for the application? (Choose 2 Options)

- Choose AWS services which are PCI Compliant - Ensure the right steps are taken during application development for PCI Compliance

Your company is planning to host a large e-commerce application on the AWS Cloud. One of their major concerns is Internet attacks such as DDos attacks. Which of the following services can help mitigate this concern? (Choose 2 Options)

- CloudFront - AWS Shield

Which of the following helps in DDos protection? (Choose 2 Options)

- Cloudfront - AWS Shield

Which of the following security requirements are managed by AWS? (Choose 3 Options)

- Disk disposal - Physical security - Hardware patching

Which of the following statements are FALSE when it comes to elasticity? (Choose 2 Options)

- Diverting traffic across multiple regions - Diverting traffic to instances with higher capacity

Which of the following statements are TRUE when it comes to elasticity? (Choose 2 Options)

- Diverting traffic to instances with the least load - Diverting traffic to instances based on the demand

Which of the following are services where you don't need to manage the underlying Infrastructure? (Choose 2 Options)

- DynamoDB - Simple Storage Service

When designing a system, you use the principle of "design for failure and nothing will fail". Which of the following services/features of AWS can assist in supporting this design principle? (Choose 3 Options)

- Elastic Load Balancer - Regions - Availability Zones

When creating security groups, which of the following is a responsibility of the customer? (Choose 2 Options)

- Giving a name and description for the security group - Defining the rules as per the customer requirements.

Which of the following options would entice a company to use AWS over an on-premises data center? (Choose 2 Options)

- Having a highly available - Ability to use resources ...

When working with the AWS Cloud which of the following are headaches you don't need to worry about? (Choose 2 Options)

- Having the pay as you go model, so you don't need to worry if you are burning costs for non-running resources - No Upfront costs

AWS provides a storage option known as Amazon Glacier. What is this AWS service designed for? (Choose 2 Options)

- Infrequently Accessed - Data Archives are correct

When working on the cost for on-demand EC2 instances, which of the following are attributes which determine the costing of an EC2 Instance? (Choose 3 Options)

- Instance Type - AMI Type - Region

Local Instance Storage v. EBS

- Local Instance - stored locally; data is lost when instance is terminated - EBS - persists independently of instance's life; EBS Snapshots are backed up incrementally - You cannot mount 1 EBS instance to 2 EC2 instances

Which of the following is the responsibility of AWS according to the Shared Security Model? (Choose 3 Options)

- Monitoring physical device security - Implementing service organization Control (SOC) standards - Securing edge locations

Which of the following features of Amazon RDS allows for better availability of databases? (Choose 2 Options)

- Multi-AZ - Read Replicas

AWS Aurora

- MySQL compatible - 5x better performance - 1/10 price

DynamoDB

- NOSQL Database; slightly differs from MongoDB in that you can't have embedded data structures (key-value store) - backed up across 3 random AZs

Which of the following are advantages of having infrastructure hosted on the AWS Cloud? (Choose 2 Options)

- No Upfront costs - Having the pay as you go model

Which of the following security requirements are managed by AWS customers? (Choose 2 Options)

- Password Policies - User permissions

What are characteristics of Amazon S3? (Choose 2 Options)

- S3 allows you to store - Objects are directly accessible by URL

RDS Scaling

- Scales in 10 GB increments to 64TB - Compute up to 32 vCPUs and 244 GB Memory

In AWS, which security aspects are the customer's responsibility? (Choose 4 Options)

- Security Group and ACL - Life-cycle management of - Patch management on the - Encryption of EBS

The AWS Risk and Compliance Program is made up of which of the following components?

-Risk management -Control Environment -Information Security

S3 Storage Types

- Standard - 99.99% availability | 99.^9% durability - Reduced Redundancy - 99.99% availability | 99.99% durability

You have a set of EC2 Instances hosted on the AWS Cloud. The EC2 Instances are hosting a web application. If you get a DDos attack from the internet which of the following can help in reducing the overall threat to your EC2 Instances? (Choose 2 Options)

- Usage of Network Access Control Lists - Usage of Security Groups

DNS Failover

- When failing over Time to Live (TTL) should be as low as possible

Which of the following are benefits of the AWS's Relational Database Service (RDS)? (Choose 2 Options)

- You can resize the ... - Automated patches and ...

Identity & Access Management

- integrates with AD - Temporary Access, Multifactor Authentication options - User/Group/Roles access - Password rotation policy

Simple Notification Service

- push messaging service • Topic is an "access point" • Publish messages from app to subscriber • Unlike SQS; it Uses push mechanism • Simple APIs • Multiple protocols

S3 Object Storage Features

- up to 5 TB files - unlimited storage files stored in buckets (directories) - regionally unique namespace for each bucket - 99.99% Availability - spreads across AZs - 99.999999999% durability (RAID 1) collects Metadata on each storge

Which of the following are resources that AWS provides to customers as guidance to secure their data in the cloud?

-AWS Security Learning Pat -AWS Enterprise Support

Which of the following is true about security groups?

-All inbound traffic is denied and outbound traffic is allowed by default -Acts as a virtual firewall to control inbound and outbound traffic

Which of the following are included in AWS Assurance Programs?

-Certifications/Attestations -Laws, Regulations, and Privacy -Alignment and Frameworks

When using AD to authenticate to AWS, what steps are performed?

1) User navigates to Active Directory Federation Services (ADFS) 2) user enters Single Sign On (SSO) credentials 3) user's web browser receives SAML assertion from the AD server 4) user's web browser receives Security Assertion Markup Language (SAML) assertion to AWS SAML endpoint: AssumeRoleWithSAML api request is used to request temporary credentials 5)user is then able to access the AWS console

When using Web Identity Federation to allow a user to access AWS, what is the correct order of the steps?

1) user auths with facebook first. Theyt are given an id token by facebook 2) an api call to AssumeRoleWithWebIdentity is then used in conjunction with the ID token 3) the user gains temporary credentials

An AWS account can have maximum ____ buckets, this can be increased by request to increase with AWS Services

100

Amazon Redshift uses a block size of ________ KB/1 MB, which is more efficient and further reduces the number of I/O requests needed to perform any database loading or other operations that are part of query execution.

1024

How many regions are the on AWS at present?

11 us-east-1 US East (N. Virginia) us-west-2 US West (Oregon) us-west-1 US West (N. California) eu-west-1 EU (Ireland) eu-central-1 EU (Frankfurt) ap-southeast-1 Asia Pacific (Singapore) ap-northeast-1 Asia Pacific (Tokyo) ap-southeast-2 Asia Pacific (Sydney) ap-northeast-2 Asia Pacific (Seoul) ap-south-1 Asia Pacific (Mumbai) sa-east-1 South America (São Paulo)

The SQS default visibility time is ________. Amazon SQS supports up to ________ maximum visibility timeout.

12 hours

The default expiration for temporary credentials is ________; the minimum is 15 minutes, and the maximum is _________.

12 hours 36 hours

A workflow execution can run for ___________________.

12 months

How to add Disk I/O

Add EBS Volumes and RAID across

(SQS) What is the maximum long poll timeout?

20 seconds

: In general, the maximum long poll timeout of ___________ should be used. All of the AWS SDK's work with ____________ long polls by default.

20 seconds

__________ subnets per VPC can be created . If you would like to create more, you need to submit a case at the AWS support center.

200

after successfully uploading a file to s3, what http response code is expected?

200

132. To which of the following can a VPC endpoint not attach? A. S3 B. SNS C. Internet gateway D. DynamoDB

C

Amazon Route 53 account is limited to a maximum of ___ domains. You need to submit the request form for a higher limit.

5

By default, all AWS accounts are limited to ____ Elastic IP addresses, because public (IPv4) Internet addresses are a scarce public resource.

5

215. Which of the following AWS services is associated with identifying potential security holes? A. Trusted Advisor B. CloudFormation C. Security Detector D. Security Advisor

A

22. Which of the following describes client-side encryption for S3 bucket data? A. You encrypt and upload data to S3, managing the encryption process yourself. B. You encrypt and upload data to S3, allowing AWS to manage the encryption process. C. You request AWS to encrypt an object before saving it to S3. D. You encrypt an object, but AWS uploads and decrypts the object.

A

29. You want to begin encrypting your S3 data, but your organization is new to encryption. Which option is a low-cost approach that still offloads most of the work to AWS rather than the organization new to encryption? A. SSE-S3 B. SSE-KMS C. Client-side encryption keys D. SSE-C

A

52. Which of the following will allow you to bring a non-encrypted EBS volume into compliance with an "all data must be encrypted at rest" policy? A. Stop the volume, snapshot it, and encrypt a copy of the snapshot. Then restore from the encrypted snapshot. B. Stop the volume, select "Turn on encryption," and restart the volume. C. Encrypt the volume via the AWS API and turn on the "encrypt existing data" flag. D. None of these will encrypt all data on the volume.

A

74. In which order are rules in a NACL evaluated? A. From low to high, using the number on the rule B. From high to low, using the number on the rule C. From low to high, using the port of the rule D. From high to low, using the port of the rule

A

77. With how many NACLs can a subnet be associated? A. One B. One or more C. A subnet is associated with security groups, not NACLs. D. A subnet is associated with VPCs, not NACLs.

A

83. If all of the following inbound rules existed on the default VPC's default NACL, would SSH traffic be allowed? Rule #800 // HTTP // TCP // 80 // 0.0.0.0/0 -> ALLOW Rule #100 // HTTPS // TCP // 443 // 0.0.0.0/0 -> ALLOW A. Yes, the default VPC's default NACL allows all inbound traffic by default. B. Yes, SSH is included in the HTTPS protocol. C. Only if the SSH access permission in IAM is granted. D. No

A

9. Which of the following statements is true? A. A VPC's default NACLs allow all inbound and outbound traffic. B. NACLs are stateful. C. Security groups are stateless. D. Traffic allowed into a NACL is automatically allowed back out.

A

AWS Snowball Edge

A 100 TB data transfer device with on-board storage and compute capabilities. You can use Snowball Edge to move large amounts of data into and out of AWS, as a temporary storage tier for large local datasets, or to support local workloads in remote or offline locations

You have just set up a brand-new AWS account. You want to keep monthly billing under $100, but you are worried about going over that limit. What can you use in order to be notified when the monthly bill approaches $100?

A CloudWatch billing alarm that triggers an SNS notification to your email address

What is Amazon Connect?

A cloud-based contact center service that makes it easy for any business to deliver better customer service at lower cost. Easy for non-tech users to design contact flows, manage agents and track performance metrics

What is Amazon Redshift?

A fast, scalable data warehouse that makes it simple and cost-effective to analyze all your data across your data warehouse and data lake. Uses ML and can run queries in parallel

What is AWS Storage Gateway?

A hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. Can be used to backup, disaster recovery and helps reduce/simplify office storage infrastructure. It connects to AWS storage services

What happens when you create a new Amazon VPC?

A main route table is created by default

AWS Shield

A managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS standard and advanced

What does Amazon ElastiCache provide?

A managed In-memory cache service.

Eventual Consistency

A model for database consistency in which updates to the database will propagate through the system

AWS Snowball

A petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS address common challenges of large transfer: high network costs, long transfer times, and security concerns

Elastic Load Balancing health checks may be what?

A ping, a connection attempt or an EC2 Instance status check

What is Amazon Glacier?

A secure, durable, and extremely low-cost cloud storage service for data archiving and long-term backup with 99.999% durability and the ability to run queries and analytics on your data at rest

What is Amazon WorkMail?

A secure, managed business email and calendar service with support for existing desktop and mobile email client applications. Users can access email, calendar, etc using application of their choice

You have a list of subscribers email addresses that you need to push emails out to on a periodic basis. What do you subscribe them to?

A topic.

Is the SQL Server Audit feature supported in the Amazon RDS SQL Server engine? A. No B. Yes

A. No

3. You are creating a bastion host to allow SSH access to a set of EC2 instances in a private subnet within your organization's VPC. Which of the following should be done as part of configuring the bastion host? (Choose two.) A. Ensure that the bastion host is exposed directly to the Internet. B. Place the bastion host within the private subnet. C. Add a route from the bastion host IP into the private subnet into the subnet's NACLs. D. Ensure that the bastion host is within the same security group as the hosts within the private subnet.

A, C

161. Which of the following requires selecting an AMI? (Choose two.) A. Launching an EC2 instance B. Backing up an EBS volume C. Creating an EBS volume D. Launching a NAT instance

A, D

105. Which of the following are required components in a VPN-only subnet? (Choose two.) A. A routing table B. A virtual private gateway C. An elastic IP address D. An internet gateway

A,B

145. Which of the following are possible options for assigning to an instance that needs public access? (Choose two.) A. A public IP address B. An elastic IP address C. An IAM role D. A NACL

A,B

199. Which of the following statements are true? (Choose two.) A. You are responsible for security in the cloud. B. AWS is responsible for security of the cloud. C. AWS is responsible for security in the cloud. D. You are responsible for security of the cloud.

A,B

205. Which of the following are principles of the well-architected framework's security section? (Choose two.) A. Encrypt data at rest. B. Encrypt data in transit. C. Encrypt data in groups rather than individually. D. Encrypt data at the destination.

A,B

210. Which of the following should always be done to protect your AWS environment? (Choose two.) A. Enable MFA on the root account. B. Enable MFA Delete on your S3 buckets. C. Set a password rotation policy for users. D. Create custom IAM roles for all users.

A,B

34. You want to provide maximum protection against data in your S3 object storage being deleted accidentally. What steps should you take? (Choose two.) A. Enable versioning on your S3 buckets. B. Turn on MFA Delete on your S3 buckets. C. Enable versioning in CloudWatch's S3 API. D. Remove IAM permissions for deleting objects for all users.

A,B

38. Which of the following are included in the core AWS Trusted Advisor checks? (Choose two.) A. S3 bucket permissions B. MFA on root account C. Quantity of CloudWatch alarms D. Use of VPC endpoints

A,B

42. What types of data are encrypted when you create an encrypted EBS volume? (Choose two.) A. Data at rest inside the volume B. Data moving between the volume and the attached instance C. Data inside S3 buckets that store the encrypted instance D. Data in an EFS on instances attached to the volume

A,B

70. Which of these statements are true? (Choose two.) A. A security group can apply to two instances at the same time. B. A NACL applies to all instances within a subnet at the same time. C. A security group can apply to only one instance at the same time. D. A NACL can apply to only one instance at the same time.

A,B

72. Which of the following are true about the default NACL that comes with the default VPC? (Choose two.) A. It allows all inbound traffic. B. It allows all outbound traffic. C. It disallows all inbound traffic. D. It disallows all outbound traffic.

A,B

8. Which of the following statements regarding NAT instances and NAT gateways are false? (Choose two.) A. Both NAT instances and NAT gateways are highly available. B. You must choose the instance type and size when creating a NAT gateway but not when creating a NAT instance. C. It is your responsibility to patch a NAT instance and AWS's responsibility to patch a NAT gateway. D. You assign a security group to a NAT instance but not to a NAT gateway.

A,B

80. Which of the following are part of a network ACL rule? (Choose two.) A. An ALLOW or DENY specification B. A CIDR range C. An IP address D. A VPC identifier

A,B

113. Which of the following are required for a VPC VPN connection? (Choose two.) A. A customer gateway B. An internet gateway C. A virtual private gateway D. A public subnet

A,C

117. You have a subnet with five instances within it. Two are serving public APIs and three are providing backend compute power through database instances. What is the best way to secure these instances? (Choose two.) A. Apply NACLs at the subnet level. B. Attach a single security group to all the instances. C. Move the two backend database instances into a different subnet. D. Attach an internet gateway to the VPC.

A,C

146. Which of the following will have internet gateways available? (Choose two.) A. A public subnet B. An IPv6 elastic IP address C. The default VPC D. An ALB

A,C

167. You are building out a site-to-site VPN connection from an on-site network to a custom VPC. Which of the following might you need for this connection to function properly? (Choose two.) A. A NAT instance B. A DynamoDB instance C. A private subnet D. An internet gateway

A,C

170. You have just created a NAT instance and want to launch the instance into a subnet. Which of these need to be true of the subnet into which you want to deploy? (Choose two.) A. The subnet is public. B. The subnet is private. C. The subnet has routing into the private subnets in your VPC. D. The subnet has routing to the public subnets in your VPC.

A,C

30. You are the architect for a company whose data must comply with current EU privacy restrictions. Which of the following S3 buckets are valid options? (Choose two.) A. Buckets in EU Central 1 B. Buckets in US East 2 C. Buckets in EU West 1 D. Buckets in SA East 1

A,C

39. Which of the following recommendations might AWS Trusted Advisor make? (Choose two.) A. Turn on MFA for the root account. B. Turn on antivirus protection for EC2 instances. C. Update S3 buckets with public write access. D. Update NAT instances to NAT gateways.

A,C

4. Which of the following are invalid IAM actions? (Choose two.) A. Limiting the root account SSH access to all EC2 instances B. Allowing a user account SSH access to all EC2 instances C. Removing console access for the root account D. Removing console access for all non-root user accounts

A,C

What is the default maximum number of MFA devices in use per AWS account (at the root account level)? A. 1 B. 5 C. 15 D. 10

A. 1

In the Amazon RDS which uses the SQL Server engine, what is the maximum size for a Microsoft SQL Server DB Instance with SQL Server Express edition? A. 10 GB per DB B. 100 GB per DB C. 2 TB per DB D. 1TB per DB

A. 10 GB per DB

Using Amazon CloudWatch's Free Tier, what is the frequency of metric updates which you receive? A. 5 minutes B. 500 milliseconds. C. 30 seconds D. 1 minute

A. 5 minutes

What is the default VPC security group limit? A. 500 B. 50 C. 5 D. There is no limit

A. 500

What is the durability of S3 RRS? A. 99.99% B. 99.95% C. 99.995% D. 99.999999999%

A. 99.99%

HTTP Query-based requests are HTTP requests that use the HTTP verb GET or POST and a Query parameter named _____. A. Action B. Value C. Reset D. Retrieve

A. Action

Select the correct set of options. The initial settings for the default security group are: A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other B. Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security group to talk to each other C. Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other D. Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other

A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other

Amazon RDS DB snapshots and automated backups are stored in A. Amazon S3 B. Amazon ECS Volume C. Amazon RDS D. Amazon EMR

A. Amazon S3

Which of the following is a durable key-value store? A. Amazon Simple Storage Service B. Amazon Simple Workflow Service C. Amazon Simple Queue Service D. Amazon Simple Notification Service

A. Amazon Simple Storage Service

Which Amazon service can I use to define a virtual network that closely resembles a traditional data center? A. Amazon VPC B. Amazon ServiceBus C. Amazon EMR D. Amazon RDS

A. Amazon VPC

In order to enable encryption at rest using EC2 and Elastic Block Store you need to A. Configure encryption when creating the EBS volume B. Configure encryption using the appropriate Operating Systems file system C. Configure encryption using X.509 certificates D. Mount the EBS volume in to S3 and then encrypt the bucket using a bucket policy.

A. Configure encryption when creating the EBS volume

You are building a system to distribute confidential training videos to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publicly accessible from S3 directly? A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI. B. Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket policy. C. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User. D. Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).

A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.

What is an isolated database environment running in the cloud (Amazon RDS) called? A. DB Instance B. DB Unit C. DB Server D. DB Volume

A. DB Instance

By default, EBS volumes that are created and attached to an instance at launch are deleted when that instance is terminated. You can modify this behavior by changing the value of the flag _____ to false when you launch the instance. A. DeleteOnTermination B. RemoveOnDeletion C. RemoveOnTermination D. TerminateOnDeletion

A. DeleteOnTermination

You work for a cosmetic company which has their production website on AWS. The site itself is in a two-tier configuration with web servers in the front end and database servers at the back end. The site uses using Elastic Load Balancing and Auto Scaling. The databases maintain consistency by replicating changes to each other as and when they occur. This requires the databases to have extremely low latency. Your website needs to be highly redundant and must be designed so that if one availability zone goes offline and Auto Scaling cannot launch new instances in the remaining Availability Zones the site will not go offline. How can the current architecture be enhanced to ensure this? A. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum to handle 50 percent of the peak load per zone. B. Deploy your website in 2 different regions. Configure Route53 with a failover routing policy and set up health checks on the primary site. C. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum to handle 33 percent of the peak load per zone. D. Deploy your website in 2 different regions. Configure Route53 with Weighted Routing. Assign a weight of 25% to region 1 and a weight of 75% to region 2.

A. Deploy your site in three different AZ's within the same region. Configure the Auto Scaling minimum to handle 50 percent of the peak load per zone.

Which route must be added to your routing table in order to allow connections to the Internet from your subnet? A. Destination: 0.0.0.0/0 --> Target: your Internet gateway B. Destination: 192.168.1.257/0 --> Target: your Internet gateway C. Destination: 0.0.0.0/33 --> Target: your virtual private gateway D. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24 E. Destination: 10.0.0.0/32 --> Target: your virtual private gateway

A. Destination: 0.0.0.0/0 --> Target: your Internet gateway

Your company has decided to set up a new AWS account for test and dev purposes. They already use AWS for production, but would like a new account dedicated for test and dev so as to not accidentally break the production environment. You launch an exact replica of your production environment using a CloudFormation template that your company uses in production. However CloudFormation fails. You use the exact same CloudFormation template in production, so the failure is something to do with your new AWS account. The CloudFormation template is trying to launch 60 new EC2 instances in a single AZ. After some research you discover that the problem is; A. For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the limit increase form and retry the template after your limit has been increased. B. For all new AWS accounts there is a soft limit of 20 EC2 instances per availability zone. You should submit the limit increase form and retry the template after your limit has been increased. C. You cannot launch more than 20 instances in your default VPC, instead reconfigure the CloudFormation template to provision the instances in a custom VPC. D. Your CloudFormation template is configured to use the parent account and not the new account. Change the account number in the CloudFormation template and relaunch the template. Submit

A. For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the limit increase form and retry the template after your limit has been increased.

Which of the following is not a valid configuration type for AWS Storage gateway. A. Gateway-accessed volumes B. Gateway-cached volumes C. Gateway-stored volumes D. Gateway-Virtual Tape Library

A. Gateway-accessed volumes

A VPC public subnet is one that: A. Has at least one route in its associated routing table that uses an Internet Gateway (IGW). B. Includes a route in its associated routing table via a Network Address Translation (NAT) instance. C. Has a Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0. D. Has the Public Subnet option selected in its configuration.

A. Has at least one route in its associated routing table that uses an Internet Gateway (IGW).

What happens to the I/O operations while you take a database snapshot in a single AZ database? A. I/O operations to the database are suspended for a few minutes while the backup is in progress. B. I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is in progress. C. I/O operations will be functioning normally D. I/O operations to the database are suspended for an hour while the backup is in progress

A. I/O operations to the database are suspended for a few minutes while the backup is in progress.

When should I choose Provisioned IOPS over Standard RDS storage? A. If you use production online transaction processing (OLTP) workloads. B. If you have batch-oriented workloads C. If you have workloads that are not sensitive to consistent performance

A. If you use production online transaction processing (OLTP) workloads.

You have an EC2 security group with several running EC2 instances. You change the security group rules to allow inbound traffic on a new port and protocol, and launch several new instances in the same security group. The new rules apply: A. Immediately to all instances in the security group. B. Immediately to the new instances only. C. Immediately to the new instances, but old instances must be stopped and restarted before the new rules apply. D. To all instances, but it may take several minutes for old instances to see the changes.

A. Immediately to all instances in the security group.

Making your snapshot public shares all snapshot data with everyone. Can the snapshots with AWS Marketplace product codes be made public? A. No B. Yes

A. No

By definition a public subnet within a VPC is one that; A. In it's routing table it has at least one route that uses an Internet Gateway (IGW). B. Has at least one route in it's routing table that routes via a Network Address Translation (NAT) instance. C. Where the the Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0. D. Has had the public subnet check box ticked when setting up this subnet in the VPC console.

A. In it's routing table it has at least one route that uses an Internet Gateway (IGW).

Amazon RDS automated backups and DB Snapshots are currently supported for only the ______ storage engine A. InnoDB B. MyISAM

A. InnoDB

What does the AWS Storage Gateway provide? A. Integration of on-premises IT environments with Cloud Storage. B. A direct encrypted connection to Amazon S3. C. A backup solution that provides an on-premises Cloud storage. D. It provides an encrypted SSL endpoint for backups in the Cloud.

A. Integration of on-premises IT environments with Cloud Storage.

Which DNS name can only be resolved within Amazon EC2? A. Internal DNS name B. External DNS name C. Global DNS name D. Private DNS name

A. Internal DNS name

Which of the following requires a custom CloudWatch metric to monitor? A. Memory use B. CPU use C. Disk read operations D. Network in E. Estimated charges

A. Memory use

Can I move a Reserved Instance from one Region to another? A. No B. Yes C. Only if they are moving into GovCloud D. Only if they are moving to US East from another region

A. No

Can a 'user' be associated with multiple AWS accounts? A. No B. Yes

A. No

Can an EBS volume be attached to more than one EC2 instance at the same time? A. No B. Yes. C. Only EC2-optimized EBS volumes. D. Only in read mode.

A. No

Can the string value of 'Key' be prefixed with ":aws:"? A. No B. Only for EC2 not S3 C. Yes D. Only for S3 not EC2

A. No

Does Amazon RDS for SQL Server currently support importing data into the msdb database? A. No B. Yes

A. No

What are the valid methodologies for encrypting data on S3? A. Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3 Encryption Client. B. Server Side Encryption (SSE)-S3, SSE-A, SSE-KMS or a client library such as Amazon S3 Encryption Client. C. Server Side Encryption (SSE)-S3, SSE-C, SSE-SSL or a client library such as Amazon S3 Encryption Client. D. Server Side Encryption (SSE)-S3, SSE-C, SSE-SSL or a server library such as Amazon S3 Encryption Client.

A. Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3 Encryption Client.

_____ embodies the "share-nothing" architecture and essentially involves breaking a large database into several smaller databases. A. Sharding B. Failure recovery C. Federation D. DDL operations

A. Sharding

What does Amazon S3 stand for? A. Simple Storage Solution. B. Storage Storage Storage (triple redundancy Storage). C. Storage Server Solution. D. Simple Storage Service.

A. Simple Storage Solution.

How many relational database engines does RDS currently support? A. Six: Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB B. Just two: MySQL and Oracle. C. Five: MySQL, PostgreSQL, MongoDB, Cassandra and SQLite. D. Just one: MySQL.

A. Six: Amazon Aurora, Oracle, Microsoft SQL Server, PostgreSQL, MySQL and MariaDB

What does the command 'ec2-run-instances ami-e3a5408a -n 20 -g appserver' do? A. Start twenty instances as members of appserver group. B. Creates 20 rules in the security group named appserver C. Terminate twenty instances as members of appserver group. D. Start 20 security groups

A. Start twenty instances as members of appserver group.

Automated backups are enabled by default for a new DB Instance. A. TRUE B. FALSE

A. TRUE

The new DB Instance that is created when you promote a Read Replica retains the backup window period. A. TRUE B. FALSE

A. TRUE

When using IAM to control access to your RDS resources, the key names that can be used are case sensitive. For example, aws:CurrentTime is NOT equivalent to AWS:currenttime. A. TRUE B. FALSE

A. TRUE

Please select the most correct answer regarding the persistence of the Amazon Instance Store: A. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance B. The data on an instance store volume is lost when the security group rule of the associated instance is changed. C. The data on an instance store volume persists even after associated Amazon EC2 instance is deleted

A. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance

When trying to grant an amazon account access to S3 using access control lists what method of identification should you use to identify that account with? A. The email address of the account or the canonical user ID B. The AWS account number C. The ARN D. An email address with a 2FA token Submit

A. The email address of the account or the canonical user ID

Using Amazon IAM, I can give permissions based on organizational groups? A. True B. False

A. True

If I have multiple Read Replicas for my master DB Instance and I promote one of them, what happens to the rest of the Read Replicas? A. The remaining Read Replicas will still replicate from the older master DB Instance B. The remaining Read Replicas will be deleted C. The remaining Read Replicas will be combined to one read replica

A. The remaining Read Replicas will still replicate from the older master DB Instance

Amazon S3 buckets in all other regions (other than US Standard) provide read-after-write consistency for PUTS of new objects. A. True B. False

A. True

If I modify a DB Instance or the DB parameter group associated with the instance, I should reboot the instance for the changes to take effect? A. True B. False

A. True

It is possible to transfer a reserved instance from one Availability Zone to another. A. True B. False

A. True

Multi-AZ deployment is supported for Microsoft SQL Server DB Instances. A. True B. False

A. True

Reserved Instances are available for Multi-AZ Deployments. A. True B. False

A. True

You are deploying an application on EC2 that must call AWS APIs. What method of securely passing credentials to the application should you use? A. Use AWS Identity and Access Management roles for EC2 instances. B. Pass API credentials to the instance using instance userdata. C. Embed the API credentials into your JAR files. D. Store API credentials as an object in Amazon Simple Storage Service.

A. Use AWS Identity and Access Management roles for EC2 instances.

What does Amazon EC2 provide? A. Virtual servers in the Cloud. B. A platform to run code (Java, PHP, Python), paying on an hourly basis. C. Computer Clusters in the Cloud. D. Physical servers, remotely managed by the customer.

A. Virtual servers in the Cloud.

A group can contain many users. Can a user belong to multiple groups? A. Yes B. No C. Only if they are using two factor authentication D. Only in VPC

A. Yes

Can I initiate a "forced failover" for my Oracle Multi-AZ DB Instance deployment? A. Yes B. Only in certain regions C. Only in VPC D. No

A. Yes

Does Route 53 support MX Records? A. Yes B. It supports CNAME records, but not MX records. C. No D. Only Primary MX records. Secondary MX records are not supported.

A. Yes

Is the encryption of connections between my application and my DB Instance using SSL for the MySQL server engines available? A. Yes B. Only in VPC C. Only in certain regions D. No

A. Yes

Is there a limit to how many groups a user can be in? A. Yes for all users except root B. Yes unless special permission granted C. Yes for all users D. No

A. Yes for all users except root

Are you able to integrate a multi-factor token service with the AWS Platform? A. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform. B. No, you cannot integrate multi-factor token devices with the AWS platform. C. Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.

A. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

Does AWS allow for the use of Multi Factor Authentication tokens? A. Yes, with both hardware or virtual MFA devices B. Yes, but only virtual MFA devices. C. Yes, but only physical (hardware) MFA devices. D. No

A. Yes, with both hardware or virtual MFA devices

After creating a new AWS account, you use the API to request 40 on-demand EC2 instances in a single AZ. After 20 successful requests, subsequent requests failed. What could be a reason for this issue, and how would you resolve it? A. You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved. B. AWS allows you to provision no more than 20 instances per Availability Zone. Select a different Availability Zone and retry the failed request. C. You need to use Amazon Virtual Private Cloud (VPC) in order to provision more than 20 instances in a single Availability Zone. Simply terminate the resources already provisioned and re-launch them all in a VPC. D. You encountered an API throttling situation and should try the failed requests using an exponential decay retry algorithm.

A. You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved.

My Read Replica appears "stuck" after a Multi-AZ failover and is unable to obtain or apply updates from the source DB Instance. What do I do? A. You will need to delete the Read Replica and create a new one to replace it. B. You will need to disassociate the DB Engine and re associate it. C. The instance should be deployed to Single AZ and then moved to Multi- AZ once again D. You will need to delete the DB Instance and create a new one to replace it.

A. You will need to delete the Read Replica and create a new one to replace it.

The SQL Server _____ feature is an efficient means of copying data from a source database to your DB Instance. It writes the data that you specify to a data file, such as an ASCII file. A. bulk copy B. group copy C. dual copy D. mass copy

A. bulk copy

While performing volume status checks using volume status checks, if the status is insufficient-data, if the status is 'insufficient-data', what does it mean? A. checks may still be in progress on the volume B. check has passed C. check has failed D. there is no such status

A. checks may still be in progress on the volume

You are hosting a website in Ireland called aloud.guru and you decide to have a static DR site available on S3 in the event that your primary site would go down. Your bucket name is also called "acloudguru". What would be the S3 URL of the static website? A. https://acloudguru.s3-website-eu-west-1.amazonaws.com B. https://s3-eu-east-1.amazonaws.com/acloudguru C. https://acloudguru.s3-website-us-east-1.amazonaws.com D. https://s3-eu-central-1.amazonaws.com/acloudguru

A. https://acloudguru.s3-website-eu-west-1.amazonaws.com

A _____ is a document that provides a formal statement of one or more permissions. A. policy B. permission C. Role D. resource

A. policy

Amazon RDS creates an SSL certificate and installs the certificate on the DB Instance when Amazon RDS provisions the instance. These certificates are signed by a certificate authority. The _____ is stored at https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem. A. private key B. foreign key C. public key D. protected key

A. private key

A/An _____ acts as a firewall that controls the traffic allowed to reach one or more instances. A. security group B. ACL C. IAM D. Private IP Addresses

A. security group

_______ act as additional layer of security that act at the subnet level,__________ act like a firewall at the instance level .

ACLs, Security Groups

Temporary security credentials consist of the _________________. Temporary security credentials are valid for a specified duration and for a specific set of permissions. Temporary security credentials are sometimes simply referred to as tokens. Tokens can be requested for IAM users or for federated users you manage in your own corporate directory.

AWS access key ID, secret access key, and security token

Web Identity Federation

AWS allows authentication w/ web companies like Facebook, Google, Amazon to verify identity. - Use of Access Token to obtain temporary security credentials is needed - API: "CallAssumeRolewithWebIdentity"

Which component of AWS global infrastructure does Amazon CloudFront use to ensure low- latency delivery?

AWS edge locations

Which component of AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery?

AWS edge locations

What is the Shared Responsibility Model?

AWS is responsible for security OF the cloud and customers are responsible for security IN the cloud based on the cloud service they select (management of an operating system, etc)

When creating an IAM policy, what are the two types of access that can be granted to a user?

AWS management console access and Programmatic access

Shared Security Approach

AWS manages the cloud; you get to define and control everything in it

Your company is planning to use the AWS Cloud. But there is a management decision that resources need to split department wise. And the decision is tending towards managing multiple AWS accounts. Which of the following would help in effective management and also provide an efficient costing model?

AWS organizations

What does shared control in a shared responsibility model entail?

AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services

Your company's IT management team is looking for an online tool to provide recommendations to save money, improve system availability and performance, and to help close security gaps. What can help the management team?

AWS trusted advisor

What are two advantages of AWS Cloud security?

AWS uses multi factor access control systems and you retain complete control and ownership of your data region

One of the main benefits of using AWS as a cloud computing service is reliability. What does it actually mean?

Ability to recover quickly from failures., Automatically provision new resources to meet demand.

Security groups act like a firewall at the instance level where as ________ are an additional layer of security that act at the subnet level

Access Conrtol List (ACL)

Which of the following is NOT available in the Business Support?

Access to Well-Architected Review delivered by AWS Solutions Architects

What is not available in the Business Support Plan?

Access to well architected review delivered by AWS solutions architect

What encryption does AWS use on s3 buckets?

Advanced encryption standard (AES) 256

________ records are used to map resource record sets in your hosted zone to Amazon Elastic Load Balancing load balancers, Amazon CloudFront distributions, AWS Elastic Beanstalk environments, or Amazon S3 buckets that are configured as websites.

Alias

This program is up to five times faster than standard MySQL databases and 3 times faster than standard PostgreSQL databases

Amazon Aurora

True

Amazon Aurora features a distributed, fault-tolerant, self-healing storage system that auto-scales up to 64 TB per database instance.

True

Amazon Aurora provides continuous backup to S3.

True

Amazon Aurora provides replication across three availability zones.

Which AWS service is used to as a global content delivery network (CDN) service in AWS?

Amazon CloudFront

Which of the following can be described as a global content delivery network (CDN) service?

Amazon CloudFront

Which of the following services uses AWS edge locations?

Amazon CloudFront

You are planning on deploying a video based application onto the AWS Cloud. These videos will be accessed by users across the world. Which of the below services can help stream the content in an efficient manner to the users across the globe?

Amazon CloudFront

There is a requirement to collect important metrics from AWS RDS and EC2 Instances. Which of the following services can help fulfill this requirement?

Amazon CloudWatch

Which service allows for the collection and tracking of metrics for AWS services?

Amazon CloudWatch

__________ _______ is a content delivery web service and can be used to deliver your entire website

Amazon Cloudfront

If you are developing an application that requires a database with extremely fast performance, fast scalability, and flexibility in the database schema, what should you consider?

Amazon DynamoDB

True

Amazon DynamoDB can handle up to 10 trillion requests per day and support peaks of more than 20 million requests per second.

Which of the following AWS Cloud services is designed with native Multi-AZ fault tolerance in mind?

Amazon DynamoDB, Amazon Simple Storage Service (Amazon S3)

Which of the following can be attached to EC2 Instances to store data?

Amazon EBS Volumes

Which service allows the customer to retain full administrative privileges of the underlying virtual infrastructure?

Amazon EC2

Which services allow the customer to retain full administrative privileges of the underlying virtual infrastructure?

Amazon EC2

Why is AWS more economical than traditional data centers for applications with varying compute workloads?

Amazon EC2 instances can be launched on-demand when needed.

False

Amazon EC2 is a PaaS service since it provides complete control of your computing resources.

Fargate Launch Type

Amazon ECS mode with high-level controls. Simply package application in containers, specify the CPU and memory requirements, define IAM and networking requirements, and launch the application.

EC2 Launch Type

Amazon ECS mode with more granular, server-level control.

Which of the following components of the CloudFront service can be used to distribute contents to users across the globe?

Amazon Edge locations

Can I delete a snapshot of the root device of an EBS volume used by a registered AMI? A. Only via API B. Only via Console C. Yes D. No

C. Yes

What is the key difference between an availability zone and an edge location?

An availability zone is ...

Question 71 Your company is planning on moving to the AWS Cloud. Once the movement to the Cloud is complete, they want to ensure that the right security settings are put in place. Which of the below tools can assist with security compliance. Choose 2 answers from the options given below: A. AWS Inspector B. AWS Trusted Advisor C. AWS Support D. AWS Kinesis

Answer: A. AWS Inspector B. AWS Trusted Advisor

Question 121 A company is planning to migrate their existing services to the AWS Cloud. Which of the following would help them do a cost benefit analysis of moving to the AWS Cloud? A. AWS TCO calculator B. AWS Config C. AWS Cost Explorer D. AWS Consolidating billing

Answer: A. AWS TCO calculator

Question 38 You are developing and planning on deploying an application onto the AWS Cloud. This application needs to be PCI Compliantr. Which of the below steps would you carry out to ensure the compliance is met for the application. Choose 2 answers from the following: A. Choose AWS services which are PCI Compliant B. Ensure the right steps are taken during application development for PCI Compliance C. Ensure the AWS Services are made PCI Compliant D. Do an audit after the deployment of the application for PCI Compliance

Answer: A. Choose AWS services which are PCI Compliant B. Ensure the right steps are taken during application development for PCI Compliance

Question 53 Which of the following statements are TRUE when it comes to elasticity. Choose 2 answers from the options given below: A. Diverting traffic to instances based on the demand B. Diverting traffic to instances with the least load C. Diverting traffic across multiple regions D. Diverting traffic to instances with higher capacity

Answer: A. Diverting traffic to instances based on the demand B. Diverting traffic to instances with the least load

Question 128 Which of the following are services where you don't need to manage the underlying infrastructure? Choose 2 answers from the options given below: A. DynamoDB B. EC2 C. Simple Storage Service D. AWS Auto Scaling

Answer: A. DynamoDB C. Simple Storage Service

Question 153 When working on the costing for on-demand EC2 instances, which of the following are attributes which determine the costing of the EC2 Instance? Choose 3 answers from the options given below: A. Instance Type B. AMI Type C. Region D. Edge location

Answer: A. Instance Type B. AMI Type C. Region

Question 149 In AWS, which security aspects are the customer's responsibility? Choose 4 answers from the options given below: A. Security Group and ACL (Access Control List) settings B. Decommissioning storage devices C. Patch management on the EC2 instance's operating system D. Life-cycle management of IAM credentials E. Controlling physical access to compute resources F. Encryption of EBS (Elastic Block Storage) volumes

Answer: A. Security Group and ACL (Access Control List) settings C. Patch management on the EC2 instance's operating system D. Life-cycle management of IAM credentials F. Encryption of EBS (Elastic Block Storage) volumes

Question 189 Which of the following are attributes of the costs for using the Simple Storage Service? Choose 2 answers from the options given below: A. The storage class used for the objects stored. B. Number of S3 buckets C. The total size in gigabytes of all objects stored. D. Using encryption in S3

Answer: A. The storage class used for the objects stored C. The total size in gigabytes of all objects stored

Question 103 You have a set of EC2 Instances hosted on the AWS Cloud. The EC2 Instances are hosting a web application. If you get a DDos attack from the internet, which of the following can help in reducing the overall threat to your EC2 Instances? Choose 2 answers from the options given below: A. Usage of Security Groups B. Usage of AWS Config C. Usage of Network Access Control Lists D. Usage of the Internet gateway

Answer: A. Usage of Security Groups C. Usage of Network Access Control Lists

Question 36 Which of the following can be used to protect EC2 Instances hosted in AWS? Choose 2 answers from the options given below: A. Usage of Security Groups B. Usage of AMI's C. Usage of Network Access Control Lists D. Usage of the Internet gateway

Answer: A. Usage of Security Groups C. Usage of Network Access Control Lists

Question 155 What are characteristics of Amazon S3? Choose 2 answers from the options given below: A. S3 allows you to store objects of virtually unlimited size. B. S3 allows you to store unlimited amounts of data. C. S3 should be used to host a relational database. D. Objects are directly accessible via a URL.

Answer: B S3 allows you to store unlimited amounts of data. D Objects are directly accessible via a URL.

Question 13 Where can a customer go to get more detail about Amazon Elastic Compute Cloud (Amazon EC2) billing activity that took place 3 month ago? A. Amazon EC2 dashboard B. AWS Cost and Usage reports C. AWS Trusted Advisor dashboard D. AWS Cloud Trail logs stored in Amazon Simple Storage Service (Amazon S3)

Answer: B. AWS Cost and Usage reports

Question 186 Which of the following items allow an application deployed on an EC2 instance to write data to S3 in a secure manner? A. AWS IAM Users B. AWS IAM Roles C. AWS IAM Groups D. AWS IAM Permissions

Answer: B. AWS IAM Roles

Question 114 Which of the following features of AWS RDS allows for offloading reads of the database? A. Cross region replication B. Creating Read Replicas C. Using snapshots D. Using Multi-AZ feature

Answer: B. Creating Read Replicas

Question 47 Which of the following are advantages of having infrastructure hosted on the AWS Cloud? Choose 2 answers from the options given below. A. Having complete control over the physical infrastructure B. Having the pay as you go model C. No upfront costs D. Having no need to worry about security

Answer: B. Having the pay as you go model C. No upfront costs

Question 80 Which of the following is the responsibility of AWS according to the Shared Security Model? Choose 3 answers from the options given below: A. Managing AWS Identity and Access Management (IAM) B. Securing edge locations C. Monitoring physical device security D. Implementing service organization Control (SOC) standards

Answer: B. Securing edge locations C. Monitoring physical device security D. Implementing service organization Control (SOC) standards

Question 34 What best describes the "Principal of Least Privilege"? Choose the correct answer from the options given below A. All users should have the same baseline permissions granted to them to use basic AWS services B. Users should be granted permission to access only resources they need to do their assigned job C. Users should submit all access requests in writing so that there is a paper trail of who needs access to different AWS resources D. Users should always have a little more access granted to them then they need, just in case they end up needed it in the future

Answer: B. Users should be granted permission to access only resources they need to do their assigned job

Question 118 Which of the following statements are FALSE when it comes to elasticity? Choose 2 answers from the options given below A. Diverting traffic to instances based on the demand B. Diverting traffic to instances with the least load C. Diverting traffic across multiple regions D. Diverting traffic to instances with higher capacity

Answer: C. Diverting traffic across multiple regions D. Diverting traffic to instances with higher capacity

Question 85 Which of the following security requirements are managed by AWS? Select 3 answers from the options given below: A. Password Policies B. User permissions C. Physical security D. Disk disposal E. Hardware patching

Answer: C. Physical security D. Disk disposal E. Hardware patching

Question 73 Which of the following services can provide a complete audit trail of all AWS services used within an account? A. AWS Trusted Advisor B. Amazon EC2 instance usage report C. Amazon CloudWatch D. AWS Cloud Trail logs

Answer: D. AWS Cloud Trail logs

Question 44 There is a requirement to host a database server for a minimum period of one year. Which of the following would result in the least cost? A. Spot Instances B. On-Demand C. No Upfront costs Reserved D. Partial Upfront costs Reserved

Answer: D. Partial Upfront costs Reserved

Question 156 What is the AWS service provided which provides a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability? A. AWS RDS B. DynamoDB C. Oracle RDS D. Elastic Map Reduce

Answer: B. DynamoDB

Question 154 A company wants to utilize AWS storage. For them low storage cost is paramount, the data is rarely retrieved, and data retrieval times of several hours are acceptable for them. What is the best storage option to use? A. AWS Glacier B. AWS S3 Reduced Redundancy Storage C. EBS backed storage connected to EC2 D. AWS Cloud Front

Answer: A AWS Glacier

Question 183 Which of the following options of AWS RDS allows for AWS to failover to a secondary database in case the primary one fails? A. AWS Multi-AZ B. AWS Failover C. AWS Secondary D. AWS Standby

Answer: A AWS Multi-AZ

Question 123 You have a set of developers that need to use .Net to call AWS Services. Which of the following tools can be used to achieve this purpose? A. AWS SDK B. AWS Console C. AWS CLI D. AWS IAM

Answer: A AWS SDK

Question 141 Which services allow the customer to retain full administrative privileges of the underlying virtual infrastructure? A. Amazon EC2 B. Amazon S3 C. Amazon Lambda D. Amazon DynamoDB

Answer: A Amazon EC2

Question 108 Which of the following storage options provides the option of Lifecycle policies that can be used to move objects to archive storage? A. Amazon S3 B. Amazon Glacier C. Amazon Storage Gateway D. Amazon EBS

Answer: A Amazon S3

Question 167 There is a requirement to move a 10 TB data warehouse to the AWS cloud. Which of the following is an ideal service which can be used to move this amount of data to the AWS Cloud? A. Amazon Snowball B. Amazon Direct Connect C. Amazon S3 MultiPart Upload D. Amazon S3 Connector

Answer: A Amazon Snowball

Question 117 A company currently has an application which consist of a .Net layer which connects to a MySQL database. They now want to move this application onto AWS. They want to make use of all AWS features such as high availability and automated backups. Which of the following would be an ideal database in AWS to migrate to for this requirement? A. Aurora B. DynamoDB C. An EC2 instance with MySQL installed. D. An EC2 instance with Aurora installed.

Answer: A Aurora

Question 195 Which of the following is not a disaster recovery deployment technique? A. Pilot light B. Warm standby C. Single Site D. Multi-Site

Answer: C Single Site

Question 177 You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost-effective way. Which of the following will meet your requirements? A. Spot Instances B. Reserved instances C. Dedicated instances D. On-Demand instances

Answer: A Spot Instance

Question 182 What does Amazon EC2 provide? A. Virtual servers in the Cloud. B. A platform to run code (Java, PHP, Python), paying on an hourly basis. C. Computer Clusters in the Cloud. D. Physical servers remotely managed by the customer.

Answer: A Virtual servers in the Cloud

Question 174 Which of the following are benefits of the AWS's Relational Database Service (RDS)? Choose the 2 correct answers from the options below: A. Automated patches and backups B. You can resize the capacity accordingly C. It allows you to store unstructured data D. It allows you to store NoSQL data

Answer: A, B Automated patches and backups, You can resize the capacity accordingly

Question 126 Your company is planning to host a large ecommerce application on the AWS Cloud. One of their major concerns is Internet attacks such as DDos attacks. Which of the following services can help mitigate this concern? Choose 2 answers from the options given below: A. CloudFront B. AWS Shield C. AWS EC2 D. AWS Config

Answer: A, B CloudFront, AWS Shield

Question 107 Which of the following are features of an edge location? Choose 3 answers from the options given below: A. Distribute content to users B. Cache common responses C. Distribute load across multiple resources D. Used in conjunction with the CloudFront service

Answer: A, B, D Distribute content to users, Cache common responses, Used in conjunction with the CloudFront service

Question 95 Which of the following is a fully managed NoSQL database service available in AWS? A. AWS DynamoDB B. AWS RDS C. AWS Redshift D. AWS MongoDB

Answer: A. AWS DynamoDB

Question 91 Which AWS Cloud service helps in quick deployment of resources which can make use of different programming languages such as .Net and Java? A. AWS Elastic Beanstalk B. AWS Elastic Compute Cloud (Amazon EC2) C. AWS VPC D. AWS SQS

Answer: A. AWS Elastic Beanstalk

Question 39 Which of the below can be used to get data onto Amazon Glacier? Choose 3 answers from the options given below: A. AWS Glacier API B. AWS Console C. AWS Glacier SDK D. AWS S3 Lifecycle policies

Answer: A. AWS Glacier API, C. AWS Glacier SDK, D. AWS S3 Lifecycle policies

Question 23 Which AWS Cloud service is used to turn on Multi-Factor Authentication (MFA)? A. AWS Identity and Access Management (IAM) B. Amazon Elastic Compute Cloud (Amazon EC2) C. AWS Config D. Amazon Inspector

Answer: A. AWS Identity and Access Management (IAM)

Question 20 What AWS feature enables a user to manage services through a web-based user interface? A. AWS Management Console B. AWS Application Programming Interface (API) C. AWS Software Development Kit (SDK) D. Amazon CloudWatch

Answer: A. AWS Management Console

Question 88 Which of the following needs a user name and password to access AWS resources? A. AWS Management Console B. AWS Application Programming Interface (API) C. AWS Software Development Kit (SDK) D. AWS CLI

Answer: A. AWS Management Console

Question 58 Which of the following can be used to call AWS services from programming languages? A. AWS SDK B. AWS Console C. AWS CLI D. AWS IAM

Answer: A. AWS SDK

Question 56 Which of the following is used to derive the costs for moving artefacts from on-premise to AWS? A. AWS TCO calculator B. AWS Config C. AWS Cost Explorer D. AWS Consolidating billing

Answer: A. AWS TCO calculator

Question 89 Your company is planning to use the AWS Cloud, but there is a management decision that resources need to split department-wise, and the decision is tending towards managing multiple AWS accounts. Which of the following would help in effective management, and also provide an efficient costing model? A. AWS organizations B. Amazon Dev Pay C. AWS Trusted Advisor D. AWS Cost Explorer

Answer: A. AWS organizations

Question 158 A company is deploying a 2-tier, highly available web application to AWS. Which service provides durable storage for static content while utilizing lower overall CPU resources for the web tier? A. Amazon EBS volume B. Amazon S3 C. Amazon EC2 instance store D. Amazon RDS instance

Answer: B Amazon S3

Question 11 Which AWS service automates infrastructure provisioning and administrative tasks for an analytical data warehouse? A. Amazon Redshift B. Amazon DynamoDB C. Amazon ElastiCache D. Amazon Aurora

Answer: A. Amazon Redshift

Question 79 Which of the following services is a fully managed, petabyte-scale data warehouse service in the AWS cloud? A. Amazon Redshift B. Amazon DynamoDB C. Amazon ElastiCache D. Amazon Aurora

Answer: A. Amazon Redshift

Question 7 Which service should an administrator use to register a new domain name with AWS? A. Amazon Route 53 B. Amazon Cloud Fron C. Elastic Load Balancing D. Amazon Virtual Private Cloud (Amazon VPC)

Answer: A. Amazon Route 53

Question 74 Which of the following service is most useful when a Disaster Recovery method is triggered in AWS? A. Amazon Route 53 B. Amazon SNS C. Amazon SQS D. Amazon Inspector

Answer: A. Amazon Route 53

Question 43 There is a requirement for storage of objects. The objects should be able to be downloaded via a URL. Which storage option would you choose? A. Amazon S3 B. Amazon Glacier C. Amazon Storage Gateway D. Amazon EBS

Answer: A. Amazon S3

Question 52 Which of the following is a compatible MySQL database which also can grow in storage size on its own? A. Aurora B. DynamoDB C. RDS Microsoft SQL Server D. RDS MySQL

Answer: A. Aurora

Question 120 Which of the following services relates the concept of "scaling up resources based on demand"? A. Auto Scaling B. Elastic Load Balancer C. VPC D. Subnet

Answer: A. Auto Scaling

Question 76 When designing a system, you use the principle of "design for failure and nothing will fail". Which of the following services/features of AWS can assist in supporting this design principle? Choose 3 answers from the options given below: A. Availability Zones B. Regions C. Elastic Load Balancer D. Pay as you go

Answer: A. Availability Zones, B. Regions, C. Elastic Load Balancer

Question 8 What is the value of having AWS Cloud services accessible through an Application Programming Interface (API)? A. Cloud resources can be managed programmatically B. AWS infrastructure use will always be cost-optimized C. All application testing is managed by AWS D. Customer-owned, on-premises infrastructure becomes programmable

Answer: A. Cloud resources can be managed programmatically

Question 61 Which of the following helps in DDos protection? Choose 2 answers from the options given below A. CloudFront B. AWS Shield C. AWS EC2 D. AWS Config

Answer: A. CloudFront, B. AWS Shield

Question 60 Which of the following are 2 ways AWS provides to link accounts? A. Consolidated Billing B. AWS Organizations C. Cost Explorer D. IAM

Answer: A. Consolidating billing, B. AWS Organizations

Question 46 When creating security groups, which of the following is a responsibility of the customer? Choose 2 answers from the options given below: A. Giving a name and description for the security group B. Defining the rules as per the customer requirements. C. Ensure the rules are applied immediately D. Ensure the security groups are linked to the Elastic Network interface

Answer: A. Giving a name and description for the security group, B. Defining the rules as per the customer requirements.

Question 12 Which of the following is the responsibility of the AWS customer according to the Shared Security Model? A. Managing AWS Identity and Access Management (IAM) B. Securing edge locations C. Monitoring physical device security D. Implementing service organization Control (SOC) standards

Answer: A. Managing AWS Identity and Access Management (IAM)

Question 90 Which of the following can be used as an additional layer of security in addition to using a user name and password when logging into the AWS Console? A. Multi-Factor Authentication (MFA) B. Secondary password C. Root access privileges D. Secondary user name

Answer: A. Multi-Factor Authentication (MFA)

Question 97 If there is a requirement to host EC2 Instances in the AWS Cloud wherein the utilization is guaranteed to be consistent for a long period of time, which of the following would you utilize to ensure costs are minimized? A. Reserved instances B. On-demand instances C. Spot instances D. Regular instances

Answer: A. Reserved instances

Question 17 Which of the following security requirements are managed by AWS customers? Select 2 answers from the options given below. A. Password Policies B. User permissions C. Physical security D. Disk disposal E. Hardware patching

Answer: A. Password Policies, B. User Permissions

Question 101 When giving permission to users via the AWS Identity and Access Management tool, which of the following principles should be applied when granting permissions? A. Principle of least privilege B. Principle of greatest privilege C. Principle of most privilege D. Principle of lower privilege

Answer: A. Principle of least privilege

Question 29 You are currently hosting an infrastructure and most of the EC2 instances are near 90 - 100% utilized. What is the type of EC2 instances you would utilize to ensure costs are minimized? A. Reserved instances B. On-demand instances C. Spot instances D. Regular instances

Answer: A. Reserved instances

Question 25 Which of the following is a factor when calculating Total Cost of Ownership (TCO) for the AWS Cloud? A. The number of servers migrated to AWS B. The number of users migrated to AWS C. The number of passwords migrated to AWS D. The number of keys migrated to AWS

Answer: A. The number of servers migrated to AWS

Question 54 Which of the following is the concept of the Elastic load balancer? A. To distribute traffic to multiple EC2 Instances B. To scale up EC2 Instances C. To distribute traffic to AWS resources across multiple regions D. To increase the size of the EC2 Instance based on demand

Answer: A. To distribute traffic to multiple EC2 Instances

Question 55 Which of the following is the concept of Auto Scaling? A. To scale up resources based on demand B. To distribute traffic to multiple EC2 Instances C. To distribute traffic to AWS resources across multiple regions D. To increase the size of the EC2 Instance based on demand

Answer: A. To scale up resources based on demand

Question 146 Which of the following allows you to carve out a portion of the AWS Cloud? A. AWS Subnets B. AWS VPC C. AWS Regions D. AWS Availability Zones

Answer: B AWS VPC

Question 65 Which of the following services in AWS allows for object level storage on the cloud? A. Amazon EBS B. Amazon Storage gateway C. Amazon S3 D. Amazon SQS

Answer: C. Amazon S3

Question 78 You have a DevOps team in your current organization structure. They are keen to know if there is any service available in AWS which can be used to manage infrastructure as code. Which of the following can be met with such a requirement? A. Using AWS CloudFormation B. Using AWS Config C. Using AWS Inspector D. Using AWS Trusted Advisor

Answer: A. Using AWS CloudFormation

Question 192 You want to take a snapshot of an EC2 Instance and create a new instance out of it. In AWS what is this snapshot equivalent to? A. EBS Volumes B. AMI C. EC2 Snapshot D. EBS Snapshot

Answer: B AMI

Question 160 Which of the below AWS services allows you to base the number of resources on the demand of the application or users? A. AWS EC2 B. AWS Autoscaling C. AWS ELB D. AWS Inspector

Answer: B AWS Autoscaling

Question 163 Which of the following services helps in governance, compliance, and risk auditing in AWS? A. AWS Config B. AWS CloudTrail C. AWS CloudWatch D. AWS SNS

Answer: B AWS CloudTrail

Question 105 Which of the below cannot be used to get data onto Amazon Glacier? A. AWS Glacier API B. AWS Console C. AWS Glacier SDK D. AWS S3 Lifecycle policies

Answer: B AWS Console

Question 150 Which of the following can be used to manage identities in AWS? A. AWS Config B. AWS IAM C. AWS Trusted Advisor D. AWS

Answer: B AWS IAM

Question 130 Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities? A. AWS Trusted Advisor B. AWS Inspector C. AWS WAF D. AWS Shield

Answer: B AWS Inspector

Question 145 Which of the following is a serverless compute offering from AWS? A. AWS EC2 B. AWS Lambda C. AWS SNS D. AWS SQS

Answer: B AWS Lambda

Question 190 If you want to develop an application in Java, which of the following tools would you use? A. AWS PowerShell B. AWS SDK C. AWS CLI D. AWS Console

Answer: B AWS SDK

Question 171 You have a Web application hosted in an EC2 Instance that needs to send notifications based on events. Which of the below services can assist in sending notifications? A. AWS SES B. AWS SNS C. AWS SQS D. AWS EC2

Answer: B AWS SNS

Question 147 To predict the cost of moving resources from on-premise to the cloud, which of the following can be used: A. AWS Inspector B. AWS TCO C. AWS WAF D. AWS Trusted Advisor

Answer: B AWS TCO

Question 168 What is the key difference between an availability zone and an edge location? A. An availability zone is a grouping of AWS resources in a specific region; an edge location is a specific resource within the AWS region B. An availability zone is an Amazon resource within an AWS region, whereas an edge location will deliver cached content to the closest location to reduce latency C. Edge locations are used as control stations for AWS resources D. None of the above

Answer: B An availability zone is an Amazon resource within an AWS region, whereas an edge location will deliver cached content to the closest location to reduce latency

Question 170 In AWS billing what option can be used to ensure costs can be reduced if you have multiple accounts? A. Combined billing B. Consolidated billing C. Costs are automatically reduced for multiple accounts by AWS. D. It is not possible to reduce costs with multiple accounts

Answer: B Consolidating billing

Question 188 A company does not want to manage their database. Which of the following services is a fully managed NoSQL database provided by AWS? A. AWS RDS B. DynamoDB C. Oracle RDS D. Elastic Map Reduce

Answer: B DynamoDB

Question 179 What is the service provided by AWS that allows developers to easily deploy and manage applications on the cloud? Please choose on answer from the options below. A. CloudFormation B. Elastic Beanstalk C. Opswork D. Container service

Answer: B Elastic Beanstalk

Question 119 Which of the following services relates the concept of "Distributing traffic to multiple EC2 Instances"? A. AutoScaling B. Elastic Load Balancer C. VPC D. Subnets

Answer: B Elastic Load Balancer

Question 124 You have an EC2 Instance in development that interacts with the Simple Storage Service. The EC2 Instance is going to be promoted to the production environment. Which of the following features should be used for secure communication between the EC2 Instance and the Simple Storage Service? A. IAM Users B. IAM Roles C. IAM Groups D. IAM policies

Answer: B IAM Roles

Question 110 There is a requirement hosting a set of servers in the Cloud for a short period of 6 months. Which of the following types of instances should be chosen to be cost effective? A. Spot Instances B. On-Demand C. No Upfront costs Reserved D. Partial Upfront costs Reserved

Answer: B On-Demand

Question 137 You have 2 accounts in your AWS account, one for Dev and the other for QA. All are part of Consolidated Billing. The master account has purchase 3 reserved instances. The Dev department is currently using 2 reserved instances. The QA team is planning on using 3 instances. What is the pricing tier of the instances that can be used by the QA Team? A. No Reserved and 3 on-demand B. One Reserved and 2 on-demand C. Two Reserved and 1 on-demand D. Three Reserved and no on-demand

Answer: B One Reserved and 2 on-demand (The unused RI and two new OD)

Question 122 Which of the following does AWS perform on its customer's behalf for EBS volumes to make it less prone to failure? A. Replication of the volume across Availability Zones B. Replication of the volume in the same Availability Zone C. Replication of the volume across Regions D. Replication of the volume across Edge locations

Answer: B Replication of the volume in the same Availability Zone

Question 15 The main benefit of decoupling an application is to: A. Create a tightly integrated application B. Reduce inter-dependencies so failures do not impact other components C. Enable data synchronization across the web application layer D. Have the ability to execute automated bootstrapping actions

Answer: B reduce inter-dependencies so failures do not impact other components

Question 191 Which of the following services helps provide a connection from on-premise infrastructure to resources hosted in the AWS Cloud? Choose 2 answers from the options given below: A. AWS VPC B. AWS VPN C. AWS Direct Connect D. AWS Subnets

Answer: B, C AWS VPN, AWS Direct Connect

Question 138 Which of the following are right principles when designing cloud-based systems? Choose 2 answers from the options below: A. Build Tightly-coupled components B. Build loosely-coupled components C. Assume everything will fail D. Use as many services as possible

Answer: B, C Build loosely-coupled components, Assume everything will fail

Question 112 When working with the AWS Cloud which of the following are headaches you don't need to worry about? Choose 2 answers from the options given below. A. Having complete control over the physical infrastructure, so you don't need to worry about what AWS is doing. B. Having the pay as you go model, so you don't need to worry if you are burning costs for non-running resources. C. No Upfront costs D. Having no need to worry about security

Answer: B, C Having the pay as you go model, so you don't need to worry if you are burning costs for non-running resources, No Upfront costs

Question 109 Which of the following features of Amazon RDS allows for better availability of databases. Choose 2 answers from the options given below: A. VPC Peering B. Multi-AZ C. Read Replicas D. Multi-Region

Answer: B, C Multi-AZ, Read Replicas

Question 14 Who has control of the data in an AWS account? A. AWS Support Team B. AWS Account Owner C. AWS Security Team D. AWS Technical Account Manager (TAM)

Answer: B. AWS Account Owner

Question 82 By default, who from the below roles has complete administrative control over all resources in the respective AWS account? A. AWS Support Team B. AWS Account Owner C. AWS Security Team D. AWS Technical Account Manager (TAM)

Answer: B. AWS Account Owner

Question 48 There is an external audit being carried out on your company. The IT auditor needs to have a log of all access to the AWS resources in the company's account. Which of the below services can assist in providing these details? A. AWS CloudWatch B. AWS CloudTrail C. AWS EC2 D. AWS SNS

Answer: B. AWS CloudTrail

Question 27 Which of the following is a fully managed NoSQL database service available with AWS? A. AWS RDS B. AWS DynamoDB C. AWS Redshift D. AWS MongoDB

Answer: B. AWS DynamoDB

Question 24 A disaster recovery strategy on AWS should be based on launching infrastructure in a separate: A. Subnet B. AWS Region C. AWS edge location D. Amazon Virtual Private Cloud (Amazon VPC)

Answer: B. AWS Region

Question 67 Which of the following networking component can be used to host EC2 resources in the AWS Cloud? A. AWS Trusted Advisor B. AWS VPC C. AWS Elastic Load Balancer D. AWS Autoscaling

Answer: B. AWS VPC

Question 62 Which of the following services can be used as a web application firewall in AWS? A. AWS EC2 B. AWS WAF C. AWS Firewall D. AWS Protection

Answer: B. AWS WAF

Question 66 Which of the following can be attached to EC2 Instances to store data? A. Amazon Glacier B. Amazon EBS Volumes C. Amazon EBS Snapshots D. Amazon SQS

Answer: B. Amazon EBS Volumes

Question 28 A company wants to store data that is not frequently accessed. What is the best and cost-efficient solution that should be considered? A. Amazon Storage Gateway B. Amazon Glacier C. Amazon EBS D. Amazon S3

Answer: B. Amazon Glacier

Question 96 Which of the following storage options is best when you want to store archive data? A. Amazon Storage Gateway B. Amazon Glacier C. Amazon EBS D. Amazon S3

Answer: B. Amazon Glacier

Question 100 A company is deploying a two-tier, highly available web application to AWS. The application needs a storage layer to store artifacts such as photos and videos. Which of the following services can be used as the underlying storage mechanism? A. Amazon EBS volume B. Amazon S3 C. Amazon EC2 instance store D. Amazon RDS instance

Answer: B. Amazon S3

Question 33 A company is deploying a two-tier, highly available web application to AWS. Which service provides durable storage for static content while utilizing lower Overall CPU resources for the web tier? A. Amazon EBS volume B. Amazon S3 C. Amazon EC2 instance store D. Amazon RDS instance

Answer: B. Amazon S3

Question 81 Your company has just started using the resources on the AWS Cloud. They want to get an idea on the costs being incurred so far for the resources being used. How can this be achieved? A. By going to the Amazon EC2 dashboard. Here you can see the costs of the running EC2 resources. B. By using the AWS Cost and Usage reports Explorer. Here you can see the running and forecast costs. C. By using the AWS Trusted Advisor dashboard. This dashboard will give you all the costs. D. By seeing the AWS Cloud Trail logs.

Answer: B. By using the AWS Cost and Usage reports Explorer. Here you can see the running and forecast costs.

Question 18 Systems applying the cloud architecture principle of elasticity will: A. Minimize storage requirements by reducing logging and auditing activities B. Create systems that scale to the required capacity based on changes in demand C. Enable AWS to automatically select the most cost-effective services D. Accelerate the design process because recovery from failure is automated, reducing the need for testing

Answer: B. Create systems that scale to the required capacity based on changes in demand

Question 57 Which of the following is the responsibility of the customer when ensuring that data on EBS volumes is left safe? A. Deleting the data when the device is destroyed B. Creating EBS snapshots C. Attaching volumes to EC2 Instances D. Creating copies of EBS Volumes

Answer: B. Creating EBS snapshots

Question 49 Which of the following features of RDS allows for data redundancy across regions? A. Cross region replication B. Creating Read Replica's C. Using snapshots D. Using Multi-AZ feature

Answer: B. Creating Read Replica's

Question 83 Your design team is planning to design an application that will be hosted on the AWS Cloud. One of their main non-functional requirements is given below. Reduce inter-dependencies so failures do not impact other components. Which of the following concepts does this requirement relate to? A. Integration B. Decoupling C. Aggregation D. Segregation

Answer: B. Decoupling

Question 92 Your company handles a crucial ecommerce application. This application needs to have an uptime of at least 99.5%. There is a decision to move the application to the AWS Cloud. Which of the following deployment strategies can help build a robust architecture for such an application? A. Deploying the application across multiple VPC's B. Deploying the application across multiple Regions C. Deploying the application across Edge locations D. Deploying the application across multiple subnets

Answer: B. Deploying the application across multiple Regions

Question 86 Which of the following terms relate to "creating systems that scale to the required capacity based on changes in demand"? A. Disaster Recovery B. Elasticity C. Decoupling D. Aggregation

Answer: B. Elasticity

Question 99 Which of the following is not a category recommendation given by the AWS Trusted Advisor? A. Security B. High Availability C. Cost Optimization D. Performance E. Fault tolerance

Answer: B. High Availability

Question 148 What is the concept of an AWS region? A. It is a collection of Edge locations B. It is a collection of Compute capacity C. It is a geographical area divided into Availability Zones D. It is the same as an Availability zone

Answer: C It is a geographical area divided into Availability Zones

Question 59 Which of the following is the secure way of using AWS API to call AWS services from EC2 Instances? A. IAM Users B. IAM Roles C. IAM Groups D. IAM policies

Answer: B. IAM Roles

Question 45 There is a requirement for a development and test environment for 3 months. Which would you use? A. Spot Instances B. On-Demand C. No Upfront costs Reserved D. Partial Upfront costs Reserved

Answer: B. On-Demand

Which of the following is a benefit of Amazon Elastic Compute Cloud (Amazon EC2) over physical servers? A. Automated backup B. Paying only for what you use C. The ability to choose hardware vendors D. Root /administrator access

Answer: B. Paying only for what you use

Question 87 Your company is planning to offload some of the batch processing workloads on to AWS. These jobs can be interrupted and resumed at any time. Which of the following instance types would be the most cost effective to use for this purpose? A. On-Demand B. Spot C. Full Upfront Reserved D. Partial Upfront Reserved

Answer: B. Spot

Question 115 Which of the following terms refers to another geographic location in AWS? A. Availability Zone B. Data center C. Region D. Edge location

Answer: C Region

Question 93 Which of the following initiatives from AWS helps organizations reduce the overall expenditure for IT companies when they host resources on the AWS Cloud? A. They decommission older hardware B. They continually reduce the cost of cloud computing C. They use better security mechanisms, so you don't need to think about security at all D. They allow deployment of multiple resources

Answer: B. They continually reduce the cost of cloud computing

Question 64 Which of the following disaster recovery deployment mechanisms that has the lowest downtime? A. Pilot light B. Warm standby C. Backup Restore D. DevOps

Answer: B. Warm standby

Question 19 Amazon Elastic Compute Cloud (Amazon EC2) Spot instances are appropriate for which of the following workloads? A. Workloads that are only run in the morning and stopped at night B. Workloads where the availability of the Amazon EC2 instances can be flexible C. Workloads that need to run for long periods of time without interruption D. Workloads that are critical and need Amazon EC2 instances with termination protection

Answer: B. Workloads where the availability of the Amazon EC2 instances can be flexible

Question 176 A company wants to create standard templates for deployment of their Infrastructure. Which AWS service can be used in this regard? A. Amazon Simple Workflow Service B. AWS Elastic Beanstalk C. AWS CloudFormation D. AWS OpsWorks

Answer: C AWS CloudFormation

Question 142 Which of the following AWS services should you use to migrate an existing database to AWS? A. AWS Lambda B. AWS Storage gateway C. AWS DMS D. AWS Snowball

Answer: C AWS DMS

Question 159 Which AWS service allows for distribution of incoming application traffic across multiple EC2 instances? A. AWS EC2 B. AWS Autoscaling C. AWS ELB D. AWS Inspector

Answer: C AWS ELB

Question 127 Which of the following services is a serverless compute service in AWS? A. AWS EC2 B. AWS Config C. AWS Lambda D. AWS Opswork

Answer: C AWS Lambda

Question 111 Which of the following from AWS can be used to transfer petabytes of data from on-premise locations to the AWS Cloud? A. AWS Import/Export B. AWS EC2 C. AWS Snowball D. AWS Transfer

Answer: C AWS Snowball

Question 26 Which AWS service is used to as a global content delivery network (CDN) service in AWS? A. Amazon SES B. Amazon CloudTrail C. Amazon CloudFront D. Amazon S3

Answer: C Amazon CloudFront

Question 180 A company is deploying a new two-tier web application in AWS. The company wants to store their most frequently used data so that the response time for the application is improved. Which AWS service provides the solution for the company's requirements? A. MySQL Installed on two Amazon EC2 Instances in a single Availability Zone B. Amazon RDS for MySQL with Multi-AZ C. Amazon ElastiCache D. Amazon DynamoDB

Answer: C Amazon ElastiCache

Question 136 What AWS service has built-in DDoS mitigation? A. CloudTrail B. EC2 C. CloudFront D. CloudWatch

Answer: C CloudFront

Question 181 If you wanted to take a backup of an EBS Volume, what would you do? A. Store the EBS volume in S3 B. Store the EBS volume in an RDS database C. Create an EBS snapshot D. Store the EBS volume in DynamoDB

Answer: C Create an EBS snapshot

Question 116 A company wants to have a database hosted on AWS. As much as possible they want to have control over the database itself. Which of the following would be an ideal option for this? A. Using the AWS DynamoDB service B. Using the AWS RDS service C. Hosting on the database on an EC2 Instance D. Using the Amazon Aurora service

Answer: C Hosting on the Database on an EC2 Instance

Question 164 When using On-Demand instances in AWS, which of the following is a false statement when it comes to the costing for the Instance? A. You pay no upfront costs for the instance B. You are charged per second based on the hourly rate C. You must pay the termination fees if you terminate the instance D. You pay for much you use.

Answer: C You must pay the termination fees if you terminate the instance

Question 144 Which of the following can be used to protect against DDos attacks? Choose 2 answers from the options given below: A. AWS EC2 B. AWS ELB C. AWS Shield D. AWS Shield Advanced

Answer: C, D AWS Shield, AWS Shield Advanced

Question 135 Which of the following options would entice a company to use AWS over an on-premises data center? Choose 2 answers from the options given below: A. Having access to Free and Unlimited Storage B. Having access to Unlimited Physical servers C. Having a highly available infrastructure D. Ability to use resources on demand

Answer: C, D Having a highly available infrastructure, Ability to use resources on demand

Question 75 Which of the following can be used to work with AWS services in a programmatic manner? A. AWS PowerShell B. AWS Bash C. AWS CLI D. AWS Console

Answer: C. AWS CLI

Question 98 Which of the following services helps provide a dedicate connection from on-premise infrastructure to resources hosted in the AWS Cloud? A. AWS VPC B. AWS VPN C. AWS Direct Connect D. AWS Subnets

Answer: C. AWS Direct Connect

Question 102 Which of the below mentioned services is equivalent to hosting virtual servers on an on-premise location? A. AWS IAM B. AWS Server C. AWS EC2 D. AWS Regions

Answer: C. AWS EC2

Question 35 Which of the below mentioned services can be used to host virtual servers in the AWS Cloud? A. AWS IAM B. AWS Server C. AWS EC2 D. AWS Regions

Answer: C. AWS EC2

Question 4 Which AWS service provides infrastructure security optimization recommendations? A. AWS Price List Application Programming Interface (API) B. Reserved Instances C. AWS Trusted Advisor D. Amazon Elastic Compute Cloud (Amazon EC2) SpotFleet

Answer: C. AWS Trusted Advisor

Question 94 You are planning on deploying a video-based application onto the AWS Cloud. These videos will be accessed by users across the world. Which of the below services can help stream the content in an efficient manner to the users across the globe? A. Amazon SES B. Amazon CloudTrail C. Amazon CloudFront D. Amazon S3

Answer: C. Amazon CloudFront

Question 5 Which service allows for the collection and tracking of metrics for AWS services? A. Amazon CloudFront B. Amazon CloudSearch C. Amazon CloudWatch D. Amazon Machine Learning (Amazon ML)

Answer: C. Amazon CloudWatch

Question 72 There is a requirement to collect important metrics from AWS RDS and EC2 Instances. Which of the following services can help fulfil this requirement? A. Amazon CloudFront B. Amazon CloudSearch C. Amazon CloudWatch D. Amazon Config

Answer: C. Amazon CloudWatch

Question 37 You work for a company that is planning on using the AWS EC2 service. They currently create golden images of their deployed operating system. Which of the following correspond to a golden image in AWS? A. EBS Volumes B. EBS Snapshots C. Amazon Machines Images D. EC2 Copies

Answer: C. Amazon Machines Images

Question 9 Which of the following examples supports the cloud design principle "design for failure and nothing will fail''? A. Adding an elastic load balancer in front of a single Amazon Elastic Compute Cloud (Amazon EC2) instance B. Creating and deploying the most cost-effective solution C. Deploying an application in multiple Availability Zones D. Using Amazon CloudWatch alerts to monitor performance

Answer: C. Deploying an application in multiple Availability Zones

Question 84 Which of the following can be used to increase the fault tolerance of an application? A. Deploying resources across multiple edge locations B. Deploying resources across multiple VPC's C. Deploying resources across multiple Availability Zones D. Deploying resources across multiple AWS Accounts

Answer: C. Deploying resources across multiple Availability Zones

Question 42 Which of the following is NOT a feature of an edge location do? A. Distribute content to users B. Cache common responses C. Distribute load across multiple resources D. Used in conjunction with the CloudFront service

Answer: C. Distribute load across multiple resources

Question 51 A company wants to host a self-managed database in AWS. How would you ideally implement this solution? A. Using the AWS DynamoDB service B. Using the AWS RDS service C. Hosting a database on an EC2 Instance D. Using the Amazon Aurora service

Answer: C. Hosting a database on an EC2 Instance

Question 50 Your company has a set of EC2 Instances hosted in AWS. There is a requirement to create snapshots from the EBS volumes attached to these EC2 Instances in another geographical location. As per this requirement, where would you create the snapshots? A. In another Availability Zone B. In another data center C. In another Region D. In another Edge location

Answer: C. In another Region

Question 70 Your company is planning to move to the AWS Cloud. You need to give a presentation on the cost perspective when moving existing resources to the AWS Cloud. When it comes to Amazon EC2, which of the following is an advantage when it comes to the cost perspective? A. Having the ability of automated backups of the EC2 instance, so that you don't need to worry about the maintenance costs. B. The ability to choose low cost AMI's to prepare the EC2 Instances C. The ability to only pay for what you use D. Ability to tag instances to reduce the overall cost

Answer: C. The ability to only pay for what you use

Question 30 What is the ability provided by AWS to enable fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket? A. File Transfer B. HTTP Transfer C. Transfer Acceleration D. S3 Acceleration

Answer: C. Transfer Acceleration

Question 157 You want to monitor the CPU utilization of an EC2 resource in AWS. Which of the below services can help in this regard? A. AWS CloudTrail B. AWS Inspector C. AWS Trusted Advisor D. AWS CloudWatch

Answer: D AWS CloudWatch

Question 162 Which of the following is AWS services allows you to build a data warehouse on the cloud? A. AWS Snowball B. AWS Storage Gateway C. AWS EMR D. AWS Redshift

Answer: D AWS Redshift

Question 139 Which of the following AWS services can assist you with cost optimization? A. AWS Shield B. AWS Inspector C. AWS WAF D. AWS Trusted Advisor

Answer: D AWS Trusted Advisor

Question 131 Which of the following storage mechanisms can be used to store messages effectively which can be used across distributed systems? A. Amazon Glacier B. Amazon EBS Volumes C. Amazon EBS Snapshots D. Amazon SQS

Answer: D Amazon SQS

Question 129 Which of the following disaster recovery deployment mechanisms has the highest downtime? A. Pilot light B. Warm standby C. Multi Site D. Backup and Restore

Answer: D Backup and Restore

Question 185 What service helps you to aggregate logs from your EC2 instance? Choose one answer from the options below: A. SQS B. S3 C. CloudTrail D. CloudWatch Logs

Answer: D CloudWatch Logs

Question 166 Which of the following is not a supported database in the AWS RDS service? A. Aurora B. MariaDB C. MySQL D. DB2

Answer: D DB2

Question 143 You have a mission-critical application which must be globally available at all times. If this is the case, which of the below deployment mechanisms would you employ? A. Deployment to multiple edge locations B. Deployment to multiple Availability Zones C. Deployment to multiple Data Centers D. Deployment to multiple Regions

Answer: D Development to multiple Regions

Question 106 Your company is planning to pay for an AWS Support plan. They have the following requirements as far as the support plan goes: • 24x7 access to Cloud Support Engineers via email, chat & phone • A response time of less than 1 hour for any critical faults Which of the following plans will suffice keeping in mind the cost factor? A. Basic B. Developer C. Business D. Enterprise

Answer: D Enterprise

Question 169 Which of the following security features is associated with a Subnet in a VPC to protect against incoming traffic requests? A. AWS Inspector B. Subnet Groups C. Security Groups D. NACL

Answer: D NACL

Question 152 What is the ability provided by AWS to enable very fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket? A. File Transfer B. HTTP Transfer C. S3 Acceleration D. Transfer Acceleration

Answer: D Transfer Acceleration

Question 134 You are planning to serve a web application on the AWS Platform by using EC2 Instances. Which of the below principles would you adopt to ensure that even if some of the EC2 Instances crashes, you still have a working application? A. Using a scalable system B. Using an elastic system C. Using a regional system D. Using a fault tolerant system

Answer: D Using a fault tolerant system

Question 140 Which of the following is the amount of storage that can be stored in the Simple Storage service? A. 1 TB B. 5 TB C. 1 PB D. Virtually unlimited storage

Answer: D Virtually unlimited storage

Question 6 A company needs to know which user was responsible for terminating several critical Amazon Elastic Compute Cloud (Amazon EC2) Instances. Where can the customer find this information? A. AWS Trusted Advisor B. Amazon EC2 instance usage report C. Amazon CloudWatch D. AWS CloudTrail logs

Answer: D. AWS CloudTrail logs

Question 10 Which service allows an administrator to create and modify AWS user permissions? A. AWS Config B. AWS Cloud Trail C. AWS Key Management Service (AWS KMS) D. AWS Identity and Access Management (IAM)

Answer: D. AWS Identity and Access Management (IAM)

Question 77 Currently your organization has an operational team that takes care of ID management in their on-premise data center. They now also need to manage users and groups created in AWS. Which of the following AWS tools would they need to use for performing this management function? A. AWS Config B. AWS Cloud Trail C. AWS Key Management Service (AWS KMS) D. AWS Identity and Access Management (IAM)

Answer: D. AWS Identity and Access Management (IAM)

Question 68 Your company is planning to host resources in the AWS Cloud. They want to use services which can be used to decouple resources hosted on the cloud. Which of the following services can help fulfil this requirement? A. AWS EBS Volumes B. AWS EBS Snapshots C. AWS Glacier D. AWS SQS

Answer: D. AWS SQS

Question 69 Which of the following components of the CloudFront service can be used to distribute contents to users across the globe? A. Amazon VPC B. Amazon Regions C. Amazon Availability Zones D. Amazon Edge locations

Answer: D. Amazon Edge locations

Question 40 Which of the following in the AWS Support plans gives access to a Support Concierge? A. Basic B. Developer C. Business D. Enterprise

Answer: D. Enterprise

Question 41 A company is planning to use AWS to host critical resources. Most of their systems are business critical and need to have response times less than 15 minutes. Which of the following support plans should they consider? A. Basic B. Developer C. Business D. Enterprise

Answer: D. Enterprise

Question 16 Which of the following is a benefit of running an application across two Availability Zones? A. Performance is improved over running in a single Availability Zone. B. It is more secure than running in a single Availability Zone. C. It significantly reduces the total cost of ownership versus running in a single Availability Zone. D. It increases the availability of an application compared to running in a single Availability Zone.

Answer: D. It increases the availability of an application compared to running in a single Availability Zone.

Question 31 As per the AWS Acceptable Use Policy, penetration testing of EC2 instances: A. May be performed by AWS and will be performed by AWS upon customer request B. May be performed by AWS and is periodically performed by AWS C. Are expressly prohibited under all circumstances D. May be performed by the customer on their own instances with prior authorization from AWS E. May be performed by the customer on their own instances, only if performed from EC2 instances

Answer: D. May be performed by the customer on their own instances with prior authorization from AWS

Question 63 You want to add an extra layer of protection to the current authentication mechanism of user names and passwords for AWS. Which of the following can help in this regard? A. Using Password Policies B. Using a mix of user names C. Using AWS WAF D. Using MFA

Answer: D. Using MFA

You have developed a microservices-based application. Which of the following should you use to make sure that each EC2 instance in the system gets the same amount of traffic?

Application Load Balancer

Which type of applications are recommended for Amazon EC2 reserved instances?

Application with steady state or predictable usage

What is Amazon EBS used for?

Application workloads that benefit from fine tuning for performance, cost and capacity

What are the three types of load balancers that ELB offers?

Application, Network, and Classic load balancers

How can the AWS Management Console be secured against unauthorized access?

Apply Multi-Factor Authentication (MFA)

109. By default, how many elastic IPs can you create per region? A. 1 B. 5 C. 20 D. 200

B

128. When you launch an instance within a VPC, in which availability zone is it launched? A. The default availability zone B. You must specify an availability zone. C. The first availability zone without an instance D. The availability zone with the least resources utilized

B

129. You are the architect at a company that requires all data at rest to be encrypted. You discover several EBS-backed EC2 instances that will be commissioned in the next week. How can you ensure that data on these volumes will be encrypted? A. Use OS-level tools on the instance to encrypt the volumes. B. Specify via the AWS console that the volumes should be encrypted when they are created. C. You cannot enable encryption on a specific EBS volume. D. Start the instances with the volumes and then encrypt them via the AWS console.

B

131. Which of the following is not true about a VPC endpoint? A. A VPC endpoint can attach to an S3 bucket. B. A VPC endpoint is a hardware device. C. A VPC endpoint does not require an internet gateway. D. Traffic to a VPC endpoint does not travel over the Internet.

B

134. Is it possible to SSH into a subnet with no public instances? A. Yes B. Yes, as long as you have a bastion host and correct routing. C. Yes, as long as you have an AWS Direct Connect. D. No

B

139. For a bastion host intended to provide shell access to your private instances, what protocols should you allow via a security group? A. SSH and RDP B. Just SSH C. Just RDP D. Just HTTPS

B

142. Which of the following destination routes would be used for routing IPv4 traffic to an internet gateway? A. 0.0.0.0/24 B. 0.0.0.0/0 C. ::/0 D. 192.168.1.1

B

147. What does ALB stand for? A. Access load balancer B. Application load balancer C. Adaptive load balancer D. Applied load balancer

B

148. At what OSI layer does an application load balancer operate? A. 4 B. 7 C. 4 and 7 D. 6

B

15. You want to ensure that no incoming traffic reaches any instances in your VPC. Which of the following is your best option to prevent this type of traffic? A. A blacklist B. A NACL C. A virtual private gateway D. A security group

B

196. How can you ensure that an EBS root volume persists beyond the life of an EC2 instance, in the event that the instance is terminated? A. The volume will persist automatically. B. Configure the EC2 instance to not terminate its root volume and the EBS volume to persist. C. You cannot; root volumes always are deleted when the attached EC2 instance is terminated. D. Ensure that encryption is enabled on the volume and it will automatically persist.

B

2. You have a government-regulated system that will store a large amount of data on S3 standard. You must encrypt all data and preserve a clear audit trail for traceability and third-party auditing. Security policies dictate that encryption must be consistent across the entire data store. Which of the following encryption approaches would be best? A. SSE-C B. SSE-KMS C. SSE-C D. Encrypt the data prior to upload to S3 and decrypt the data when returning it to the client.

B

207. What is the term used to represent the resiliency of data stored in S3? A. 9 9s B. 11 9s C. 7 9s D. 99th percentile

B

217. Which of the following is not one of the five pillars in the cloud defined by the AWS wellarchitected framework? A. Performance efficiency B. Usability C. Security D. Reliability

B

26. Which of the following encryption key management options is best for ensuring strong audit trails? A. SSE-S3 B. SSE-KMS C. Client-side encryption keys D. SSE-C

B

32. What type of replication will your Multi-AZ RDS instances use? A. Offline replication B. Synchronous replication C. Push replication D. Asynchronous replication

B

40. Which of the following is not possible using IAM policies? A. Requiring MFA for the root account B. Denying the root account access to EC2 instances C. Disabling S3 access for users in a group D. Restricting SSH access to EC2 instances to a specific user

B

5. Which of the following statements is true? A. You should store application keys only in your application's .aws file. B. You should never store your application keys on an instance, in an AMI, or anywhere else permanent on the cloud. C. You should only store application keys in an encrypted AMI. D. You should only use your application key to log in to the AWS console.

B

54. Which of the following will allow you to bring a non-encrypted EBS volume into compliance with an "all data must be encrypted at rest" policy? A. Create a new volume, attach the new volume to an EC2 instance, copy the data from the non-encrypted volume to the new volume, and then encrypt the new volume. B. Create a new volume with encryption turned on, attach the new volume to an EC2 instance, and copy the data from the non-encrypted volume to the new volume. C. Create a new volume, attach the new volume to an EC2 instance, and use the encrypted-copy command to copy the data from the non-encrypted volume to the new volume. D. None of these will encrypt all data on the volume.

B

57. Can you copy a snapshot across AWS accounts? A. Yes B. Yes, but you first have to modify the snapshot's access permissions. C. Yes, but you have to be the owner of both AWS accounts. D. No

B

58. You have a snapshot of an EBS volume in US East 2. You want to create a volume from this snapshot in US West 1. Is this possible? A. Yes, create the volume in US West 1 based upon the snapshot in US East 2. B. Yes, but you'll need to copy the snapshot to US West 1 first. C. Yes, but you'll need to create the instance in US East 2 and then move it to US West 1. D. No

B

69. In which order are NACLs and security groups evaluated? A. NACLs and security groups are evaluated in parallel. B. A NACL is evaluated first, and then the security group. C. A security group is evaluated first, and then the NACL. D. It depends on the VPC setup.

B

71. With which of the following is a NACL associated? A. An instance B. A subnet C. A VPC D. A NACL can be associated with all of these.

B

76. With how many subnets can a NACL be associated? A. One B. One or more C. A NACL is associated with instances, not subnets. D. A NACL is associated with VPCs, not subnets.

B

88. What does the CIDR block 0.0.0.0/0 represent? A. The entire Internet B. The entire Internet, limited to IPv4 addresses C. The entire Internet, limited to IPv6 addresses D. Inbound traffic from the entire Internet

B

81. Which of the following inbound rules of a custom NACL would be evaluated first? A. Rule #800 // HTTP // TCP // 80 // 0.0.0.0/0 -> ALLOW. B. Rule #100 // HTTPS // TCP // 443 // 0.0.0.0/0 -> ALLOW. C. Rule * // All // All // All // 0.0.0.0/0 -> DENY. D. Rule #130 // RDP // TCP // 3389 // 192.0.2.0/24 -> ALLOW.

B

84. If all of the following inbound rules existed on a custom NACL, would SSH traffic be allowed? Rule #800 // HTTP // TCP // 80 // 0.0.0.0/0 -> ALLOW Rule #100 // HTTPS // TCP // 443 // 0.0.0.0/0 -> ALLOW Rule #140 // All // All // All // 0.0.0.0/0 -> DENY Rule #120 // SSH // TCP // 22 // 192.0.2.0/24 -> ALLOW A. Yes B. Yes, but only from the CIDR block 192.0.2.0/24. C. Only if the SSH access permission in IAM is granted. D. No

B

87. Which of the following is the most accurate statement about what the following inbound rule on a NACL will do? Rule #120 // HTTP // TCP // 80 // 0.0.0.0/0 -> ALLOW A. Allows inbound HTTP traffic to the associated subnets B. Allows inbound IPv4 HTTP traffic to the associated subnets as long as it is not prevented by lower-numbered rules C. Allows inbound IPv4 HTTP traffic to the associated subnets D. Allows inbound IPv4 TCP traffic to the associated subnets

B

90. Which of the following rules allows IPv6 outbound traffic to flow to the entire Internet through a NAT gateway with the ID nat-123456789? A. 0.0.0.0/0 -> NAT -> nat-123456789 B. ::/0 -> nat-123456789 C. 0.0.0.0/0 -> nat-123456789 D. ::/0 -> NAT -> nat-123456789

B

94. To how many availability zones within a region can a single subnet in a VPC be added? A. None B. One C. One or more D. At least two

B

95. How many availability zones can a subnet span? A. None B. One C. One or more D. At least two

B

96. How many IPv6 CIDR blocks can be assigned to a single VPC? A. None B. One C. One or more D. At least two

B

41. Which of the following are not true about S3 encryption? (Choose two.) A. S3 applies AWS-256 encryption to data when server-side encryption is enabled. B. S3 encryption will use a client key if it is supplied with data. C. Encrypted EBS volumes can only be stored if server-side encryption is enabled. D. S3 will accept locally encrypted data if client-side encryption is enabled.

B, C

1. When creating a new security group, which of the following are true? (Choose two.) A. All inbound traffic is allowed by default. B. All outbound traffic is allowed by default. C. Connections that are allowed in must also explicitly be allowed back out. D. Connections that are allowed in are automatically allowed back out.

B, D

104. Which of the following defines a VPN-only subnet? (Choose two.) A. A routing table that routes traffic through the internet gateway B. A routing table that routes traffic through the virtual private gateway C. A virtual private gateway D. An internet gateway

B,C

15. Which of the following are true about security groups? (Choose two.) A. You can specify deny rules, but not allow rules. B. By default, a security group includes an outbound rule that allows all outbound traffic. C. You can specify specific separate rules for inbound and outbound traffic. D. Security groups are stateless.

B,C

160. Which of the following are NAT devices offered by AWS? (Choose two.) A. NAT router B. NAT instance C. NAT gateway D. NAT load balancer

B,C

17. Which of the following must a security group have when you create it? (Choose two.) A. At least one inbound rule B. A name C. A description D. At least one outbound rule

B,C

171. Which of the following are true about an egress-only internet gateway? (Choose two.) A. It only supports IPv4 traffic. B. It is stateful. C. It only supports IPv6 traffic. D. It is stateless.

B,C

174. What is an elastic network interface? (Choose two.) A. A hardware network interface on an EC2 instance B. A virtual network interface C. An interface that can have one or more IPv6 addresses D. An interface that does not have a MAC address

B,C

Typically, you want your application to check whether a request generated an error before you spend any time processing results. The easiest way to find out if an error occurred is to look for an ______ node in the response from the Amazon RDS API. A. Incorrect B. Error C. FALSE

B. Error

56. Which of the following are not true about EBS snapshots? (Choose two.) A. Snapshots of encrypted volumes are automatically encrypted. B. When you copy an encrypted snapshot, the copy is not encrypted unless you explicitly specify. C. You cannot copy an encrypted snapshot unless you unencrypt the snapshot first. D. Volumes that are created from encrypted snapshots are automatically encrypted.

B,C

67. Which of these are true about NACLs? (Choose two.) A. Stateful B. Stateless C. Process rules in order D. Associated with an instance

B,C

92. Which of these must be specified when creating a new VPC? (Choose two.) A. An availability zone B. A region C. A CIDR block D. A security group

B,C

103. Which of the following defines a subnet as a public subnet? (Choose two.) A. A security group that allows inbound public traffic B. A routing table that routes traffic through the internet gateway C. Instances with public IP addresses D. An internet gateway

B,D

110. Which of the following is not true? (Choose two.) A. A subnet can have the same CIDR block as the VPC within which it exists. B. A subnet can have a larger CIDR block than the VPC within which it exists. C. A subnet can have a smaller CIDR block than the VPC within which it exists. D. A subnet does not have to have a CIDR block specified.

B,D

114. Which of the following would you use to secure a VPC and its instances? (Choose two.) A. A customer gateway B. A NACL C. A virtual private gateway D. A security group

B,D

123. With which of the following can you not create a VPC peering connection? (Choose two.) A. A VPC in another AWS account B. An instance in the same region C. A VPC in the same region D. An internet gateway

B,D

124. You have an instance within a custom VPC, and that instance needs to communicate with an API published by an instance in another VPC. How can you make this possible? (Choose two.) A. Enable cross-VPC communication via the AWS console. B. Configure routing from the source instance to the API-serving instance. C. Add a security group to the source instance. D. Add an internet gateway or virtual private gateway to the source VPC.

B,D

191. How can you attach multiple IAM roles to a single instance? (Choose two.) A. You can attach as many roles as you want to an instance. B. You cannot, but you can combine the policies each role uses into a single new role and assign that. C. You can assign two IAM roles to an instance, but no more than that. D. You cannot; only one role can be assigned to an instance.

B,D

193. You have a new set of permissions that you want to attach to a running instance. What do you need to do to ensure the least amount of downtime? (Choose two.) A. Remove the instance's IAM role via the console or AWS API or CLI. B. Create a new IAM role with the desired permissions. C. Stop the instance, assign the role, and restart the instance. D. Attach the new role to the running instance.

B,D

7. You have a private subnet in a VPC within AWS. The instances within the subnet are unable to access the Internet. You have created a NAT gateway to solve this problem. What additional steps do you need to perform to allow the instances Internet access? (Choose two.) A. Ensure that the NAT gateway is in the same subnet as the instances that cannot access the Internet. B. Add a route in the private subnet to route traffic aimed at 0.0.0.0/0 at the NAT gateway. C. Add a route in the public subnet to route traffic aimed at 0.0.0.0/0 at the NAT gateway. D. Ensure that the NAT gateway is in a public subnet.

B,D

79. Which of the following are part of a network ACL rule? (Choose two.) A. An ASCII code B. A rule number C. An IAM group D. A protocol

B,D

In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send _____ minute metrics to Amazon CloudWatch. A. 3 B. 1 C. 5 D. 2

B. 1

What is the maximum response time for a Business level Premium Support case? A. 120 seconds B. 1 hour C. 10 minutes D. 12 hours

B. 1 hour

You can modify the backup retention period for AWS RDS. Valid values are 0 (for no backup retention) to a maximum of _____ days. A. 45 B. 35 C. 15 D. 5

B. 35

Which of the following will occur when an EC2 instance in a VPC with an associated Elastic IP is stopped and started? (Choose 2 answers) A. The Elastic IP will be dissociated from the instance B. All data on instance-store devices will be lost C. All data on EBS (Elastic Block Store) devices will be lost D. The ENI (Elastic Network Interface) is detached E. The underlying host for the instance is changed

B. All data on instance-store devices will be lost E. The underlying host for the instance is changed

Question 2 Which of the following services uses AWS edge locations? A. Amazon Virtual Private Cloud (Amazon VPC) B. Amazon CloudFront C. Amazon Elastic Compute Cloud (Amazon EC2) D. AWS Storage Gateway

B. Amazon CloudFront

If I want to run a database in an Amazon instance, which is the most recommended Amazon storage option? A. Amazon Instance Storage B. Amazon EBS C. You can't run a database inside an Amazon instance. D. Amazon S3

B. Amazon EBS

_____ is a durable, block-level storage volume that you can attach to a single, running Amazon EC2 instance. A. Amazon S3 B. Amazon EBS C. Amazon EFS D. All of these

B. Amazon EBS

You are developing a highly available web application using stateless web servers. Which services are suitable for storing session state data? Choose 3 answers A. Amazon CloudWatch B. Amazon Relational Database Service (RDS) C. Elastic Load Balancing D. Amazon ElastiCache E. AWS Storage Gateway F. Amazon DynamoDB

B. Amazon Relational Database Service (RDS) D. Amazon ElastiCache F. Amazon DynamoDB

Question 1 Which AWS services can be used to store files? Choose 2 answers from the options given below A. Amazon CloudWatch B. Amazon Simple Storage Service (Amazon S3) C. Amazon Elastic Block Store (Amazon EBS) D. AWS Config E. Amazon Athena

B. Amazon Simple Storage Service (Amazon S3) C. Amazon Elastic Block Store (Amazon EBS)

What does Amazon Elastic Beanstalk provide? A. A scalable storage appliance on top of Amazon Web Services. B. An application container on top of Amazon Web Services. C. A service by this name doesn't exist. D. A scalable cluster of EC2 instances.

B. An application container on top of Amazon Web Services.

You have developed a new web application in us-west-2 that requires six Amazon Elastic Compute Cloud (EC2) instances running at all times. You have three availability zones available in that region (us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance if any single Availability Zone in us-west-2 becomes unavailable. How would you do this, each answer has 2 answers, select the answer with BOTH correct answers. A. Answer 1 - Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances. Answer 2 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances B. Answer 1 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances. C. Answer 1 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances. D. Answer 1 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances. Answer 2 - Us-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances.

B. Answer 1 - Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances. Answer 2 - Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.

You work for a famous bakery who are deploying a hybrid cloud approach. Their legacy IBM AS400 servers will remain on premise within their own datacenter however they will need to be able to communicate to the AWS environment over a site to site VPN connection. What do you need to do to establish the VPN connection? A. Connect to the environment using AWS Direct Connect. B. Assign a public IP address to your Amazon VPC Gateway. C. Create a dedicated NAT and deploy this to the public subnet. D. Update your route table to add a route for the NAT to 0.0.0.0/0.

B. Assign a public IP address to your Amazon VPC Gateway.

You work for a construction company that has their production environment in AWS. The production environment consists of 3 identical web servers that are launched from a standard Amazon linux AMI using Auto Scaling. The web servers are launched in to the same public subnet and belong to the same security group. They also sit behind the same ELB. You decide to do some test and dev and you launch a 4th EC2 instance in to the same subnet and same security group. Annoyingly your 4th instance does not appear to have internet connectivity. What could be the cause of this? A. You need to update your routing table so as to provide a route out for this instance. B. Assign an elastic IP address to the fourth instance. C. You have not configured a NAT in the public subnet. D. You have not configured a routable IP address in the host OS of the fourth instance.

B. Assign an elastic IP address to the fourth instance.

What are the two types of licensing options available for using Amazon RDS for Oracle? A. BYOL and Enterprise License B. BYOL and License Included C. Enterprise License and License Included D. Role based License and License Included

B. BYOL and License Included

How can I change the security group membership for interfaces owned by other AWS services, such as Elastic Load Balancing? A. using all these methods B. By using the service specific console or API\CLI commands C. None of these

B. By using the service specific console or API\CLI commands

If you have chosen Multi-AZ deployment, in the event of an outage of your primary DB Instance, Amazon RDS automatically switches to the standby replica. The automatic failover mechanism simply changes the ______ record of the main DB Instance to point to the standby DB Instance. A. DNAME B. CNAME C. TXT D. MX

B. CNAME

A customer's nightly EMR job processes a single 2-TB data file stored on Amazon Simple Storage Service (S3). The EMR job runs on two On-Demand core nodes and three On-Demand task nodes. Which of the following may help reduce the EMR job completion time? Choose 2 answers A. Use three Spot Instances rather than three On-Demand instances for the task nodes. B. Change the input split size in the MapReduce job configuration. C. Use a bootstrap action to present the S3 bucket as a local filesystem. D. Launch the core nodes and task nodes within an Amazon Virtual Cloud. E. Adjust the number of simultaneous mapper tasks. F. Enable termination protection for the job flow.

B. Change the input split size in the MapReduce job configuration. E. Adjust the number of simultaneous mapper tasks.

What are the Amazon EC2 API tools? A. They don't exist. The Amazon EC2 AMI tools, instead, are used to manage permissions. B. Command-line tools to the Amazon EC2 web service. C. They are a set of graphical tools to manage EC2 instances. D. They don't exist. The Amazon API tools are a client interface to Amazon Web Services.

B. Command-line tools to the Amazon EC2 web service.

You run a website which hosts videos and you have two types of members, premium fee paying members and free members. All videos uploaded by both your premium members and free members are processed by a fleet of EC2 instances which will poll SQS as videos are uploaded. However you need to ensure that your premium fee paying members videos have a higher priority than your free members. How do you design SQS? A. SQS allows you to set priorities on individual items within the queue, so simply set the fee paying members at a higher priority than your free members. B. Create two SQS queues, one for premium members and one for free members. Program your EC2 fleet to poll the premium queue first and if empty, to then poll your free members SQS queue. C. SQS would not be suitable for this scenario. It would be much better to use SNS to encode the videos. Submit

B. Create two SQS queues, one for premium members and one for free members. Program your EC2 fleet to poll the premium queue first and if empty, to then poll your free members SQS queue.

What does ec2-create-group do with respect to the Amazon EC2 security groups? A. Creates a new rule inside the security group. B. Creates a new security group for use with your account. C. Creates a new group inside the security group. D. Groups the user created security groups in to a new group for easy access.

B. Creates a new security group for use with your account.

What does the ec2-create-group command do with respect to the Amazon EC2 security groups? A. Groups the user created security groups in to a new group for easy access. B. Creates a new security group for use with your account. C. Creates a new group inside the security group. D. Creates a new rule inside the security group.

B. Creates a new security group for use with your account.

Which is an operational process performed by AWS for data security? A. AES-256 encryption of data stored on any shared storage device B. Decommissioning of storage devices using industry-standard practices C. Background virus scans of EBS volumes and EBS snapshots D. Replication of data across multiple AWS Regions E. Secure wiping of EBS data when an EBS volume is unmounted

B. Decommissioning of storage devices using industry-standard practices

You working in the media industry and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to be able to function. Where should you store your API credentials whilst maintaining the maximum level of security. A. Save the API credentials to your php files. B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it. C. Save your API credentials in a public Github repository. D. Pass API credentials to the instance using instance userdata.

B. Don't save your API credentials. Instead create a role in IAM and assign this role to an EC2 instance when you first create it.

Which of the following services allows you root access (i.e. you can login using SSH)? A. Elastic Load Balancer B. Elastic Map Reduce C. Elasticache D. RDS

B. Elastic Map Reduce

You are a solutions architect working for a biotech company who is pioneering research in immunotherapy. They have developed a new cancer treatment that may be able to cure up to 94% of cancers. They store their research data on S3, however recently an intern accidentally deleted some critical files. You've been asked to prevent this from happening in the future. What options below can prevent this? A. Make sure the interns can only access data on S3 using signed URLs. B. Enable S3 versioning on the bucket & enable Enable Multifactor Authentication (MFA) on the bucket. C. Use S3 Infrequently Accessed storage to store the data on. D. Create an IAM bucket policy that disables deletes. Submit

B. Enable S3 versioning on the bucket & enable Enable Multifactor Authentication (MFA) on the bucket.

Amazon Web Services offer 3 different levels of support, which of the below are valid support levels. A. Corporate, Business, Developer B. Enterprise, Business, Developer C. Enterprise, Business, Free Tier D. Enterprise, Company, Free Tier

B. Enterprise, Business, Developer

Select the most correct answer: The device name /dev/sda1 (within Amazon EC2 ) is _____ A. Possible for EBS volumes B. Reserved for the root device C. Recommended for EBS volumes D. Recommended for instance store volumes

B. Reserved for the root device

You have an EC2 instance which needs to find out both its private IP address and its public IP address. To do this you need to; A. Run IPCONFIG (Windows) or IFCONFIG (Linux) B. Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/ C. Retrieve the instance Userdata from http://169.254.169.254/latest/meta-data/ D. Use the following command; AWS EC2 displayIP

B. Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/

You work for a major news network in Europe. They have just released a new app which allows users to report on events as and when they happen using their mobile phone. Users are able to upload pictures from the app and then other users will be able to view these pics. Your organization expects this app to grow very quickly, essentially doubling it's user base every month. The app uses S3 to store the media and you are expecting sudden and large increases in traffic to S3 when a major news event takes place (as people will be uploading content in huge numbers). You need to keep your storage costs to a minimum however and it does not matter if some objects are lost. Which storage media should you use to keep costs as low as possible? A. S3 - Infrequently Accessed Storage. B. S3 - Reduced Redundancy Storage (RRS). C. Glacier. D. S3 - Provisioned IOPS.

B. S3 - Reduced Redundancy Storage (RRS).

Which of the following is NOT a valid SNS subscribers? A. Lambda B. SWF C. SQS D. Email E. HTTPS F. SMS

B. SWF

Select the correct set of steps for exposing the snapshot only to specific AWS accounts: A. Select public for all the accounts and check mark those accounts with whom you want to expose the snapshots and click save. B. SelectPrivate, enter the IDs of those AWS accounts, and clickSave. C. SelectPublic, enter the IDs of those AWS accounts, and clickSave. D. SelectPublic, mark the IDs of those AWS accounts as private, and clickSave.

B. SelectPrivate, enter the IDs of those AWS accounts, and clickSave.

What does Amazon SES stand for? A. Simple Elastic Server. B. Simple Email Service. C. Software Email Solution. D. Software Enabled Server.

B. Simple Email Service.

What does Amazon SWF stand for? A. Simple Web Flow B. Simple Work Flow C. Simple Wireless Forms D. Simple Web Form

B. Simple Work Flow

You are a solutions architect working for a company that specializes in ingesting large data feeds (using Kinesis) and then analyzing these feeds using Elastic Map Reduce (EMR). The results are then stored on a custom MySQL database which is hosted on an EC2 instance which has 3 volumes, the root/boot volume, and then 2 additional volumes which are striped in to a RAID 1. Your company recently had an outage and lost some key data and have since decided that they will need to run nightly back ups. Your application is only used during office hours, so you can afford to have some down time in the middle of the night if required. You decide to take a snapshot of all three volumes every 24 hours. In what manner should you do this? A. Take a snapshot of each volume independently, while the EC2 instance is running. B. Stop the EC2 instance and take a snapshot of each EC2 instance independently. Once the snapshots are complete, start the EC2 instance and ensure that all relevant volumes are remounted. C. Add two additional volumes to the existing RAID 0 volume and mirror these volumes creating a RAID 10. Take a snap of only the two new volumes. D. Create a read replica of the existing EC2 instance and then take your snapshots from the read replica and not the live EC2 instance.

B. Stop the EC2 instance and take a snapshot of each EC2 instance independently. Once the snapshots are complete, start the EC2 instance and ensure that all relevant volumes are remounted.

You are designing a site for a new start up which generates cartoon images for people automatically. Customers will log on to the site, upload an image which is stored in S3. The application then passes a job to AWS SQS and a fleet of EC2 instances poll the queue to receive new processing jobs. These EC2 instances will then turn the picture in to a cartoon and will then need to store the processed job somewhere. Users will typically download the image once (immediately), and then never download the image again. What is the most commercially feasible method to store the processed images? A. Rather than use S3, store the images inside a BLOB on RDS with Multi-AZ configured for redundancy. B. Store the images on S3 RRS, and create a lifecycle policy to delete the image after 24 hours. C. Store the images on glacier instead of S3. D. Use elastic block storage volumes to store the images.

B. Store the images on S3 RRS, and create a lifecycle policy to delete the image after 24 hours.

If you add a tag that has the same key as an existing tag on a DB Instance, the new value overwrites the old value. A. FALSE B. TRUE

B. TRUE

True or False: When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint. A. FALSE B. TRUE

B. TRUE

When you add a rule to a DB security group, you do not need to specify port number or protocol. A. Depends on the RDMS used B. TRUE C. FALSE

B. TRUE

When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint. A. FALSE B. TRUE

B. TRUE

When you use the AWS Management Console to delete an IAM user, IAM also deletes any signing certificates and any access keys belonging to the user. A. FALSE B. TRUE

B. TRUE

Without IAM, you cannot control the tasks a particular user or system can do and what AWS resources they might use. A. FALSE B. TRUE

B. TRUE

You are charged for the IOPS and storage whether or not you use them in a given month? A. FALSE B. TRUE

B. TRUE

By default, what happens to ENIs that are automatically created and attached to EC2 instances when the attached instance terminates? A. Remain as is B. Terminate C. Hibernate D. Pause

B. Terminate

After an Amazon EC2-VPC instance is launched, can I change the VPC security groups it belongs to? A. No B. Yes C. Only if you are the root user D. Only if the tag "VPC_Change_Group" is true

B. Yes

After an EC2-VPC instance is launched, can I change the VPC security groups it belongs to? A. Only if the tag "VPC_Change_Group" is true B. Yes C. No D. Only if the tag "VPC Change Group" is true

B. Yes

Can I encrypt connections between my application and my DB Instance using SSL? A. No B. Yes C. Only in VPC D. Only in certain regions

B. Yes

Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance? A. Only if instructed to when created B. Yes C. No

B. Yes

If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect? A. No B. Yes

B. Yes

Is decreasing the storage size of a DB Instance permitted? A. Depends on the RDMS used B. Yes C. No

B. Yes

Will I be charged if the DB instance is idle? A. No B. Yes C. Only is running in GovCloud D. Only if running in VPC

B. Yes

A startup company hired you to help them build a mobile application, that will ultimately store billions of images and videos in S3. The company is lean on funding, and wants to minimize operational costs, however, they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business, they are expecting sudden and large increases in traffic to and from S3, and need to ensure that it can handle the performance needs of their application. What other information must you gather from this customer in order to determine whether S3 is the right option? A. You must know how many customers the company has today, because this is critical in understanding what their customer base will be in two years. B. You must find out the total number of requests per second at peak usage. C. You must know the size of the individual objects being written to S3, in order to properly design the key namespace. D. In order to build the key namespace correctly, you must understand the total amount of storage needs for each S3 bucket.

B. You must find out the total number of requests per second at peak usage.

You work in the genomics industry and you process large amounts of genomic data using a nightly Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR job runs on 3 on-demand core nodes and four on-demand task nodes. The EMR job is now taking longer than anticipated and you have been asked to advise how to reduced the completion time? A. Use four Spot Instances for the task nodes rather than four On-Demand instances. B. You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once. C. Store the file on Elastic File Service instead of S3 and then mount EFS as an independent volume for your core nodes. D. Configure an independent VPC in which to run the EMR jobs and then mount EFS as an independent volume for your core nodes. E. Enable termination protection for the job flow.

B. You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once.

Security Groups can't _____. A. be nested more than 3 levels B. be nested at all C. be nested more than 4 levels D. be nested more than 2 levels

B. be nested at all

Classic Load Balancer

Basic load balancing across multiple EC2 instances. Operates at both the request level and the connection level.

Amazon CloudWatch supports which types of monitoring plans?

Basic monitoring (free) and detailed monitoring (extra cost)

What are the four levels of AWS Premium Support?

Basic, Developer, Business, Enterprise

What is the api call to receive multiple items from a DynamoDB table?

BatchGetItem

What do the following have in common: Fault tolerant databases, High availability, temporary and disposable resources

Benefits of AWS Cloud computing

How can you view the distribution of AWS spending in one of your AWS accounts?

By using AWS Cost Explorer

Your company has just started using the resources on the AWS Cloud. They want to get an idea on the costs being incurred so far for the resources being used. How can this be achieved?

By using the AWS Cost and Usage reports Explorer. Here you can see the running and forecast costs.

How can you access AWS Auto Scaling?

By using the AWS Management Console, Command Line Interface (CLI), or SDK

11. Which of the following statements is true? A. When creating a new security group, by default, all traffic is allowed in, including SSH. B. If you need inbound HTTP and HTTPS access, create a new security group and accept the default settings. C. You must explicitly allow any inbound traffic into a new security group. D. Security groups are stateless.

C

111. A VPC peering connection connects a VPC to which of the following? A. A subnet within another VPC B. A specific instance within another VPC C. Another VPC D. A virtual private gateway

C

112. An Amazon VPC VPN connection links your on-site network to which of the following? A. A customer gateway B. An internet gateway C. An Amazon VPC D. A virtual private gateway

C

118. Security groups operate most like which of the following? A. A blacklist B. A NACL C. A whitelist D. A greylist

C

12. Which of the following statements is not true? A. When creating a new security group, by default, no inbound traffic is allowed. B. When creating a new security group, by default, all traffic is allowed out, including SSH. C. When creating a new security group, by default, all traffic is allowed out, with the exception of SSH. D. When creating a new security group, inbound HTTPS traffic is not allowed.

C

13. How would you enable encryption of your EBS volumes? A. Use the AWS CLI with the aws security command. B. Take a snapshot of the EBS volume and copy it to an encrypted S3 bucket. C. Select the encryption option when creating the EBS volume. D. Encrypt the volume using the encryption tools of the operating system of the EC2 instance that has mounted the EBS volume.

C

180. Which of the following can you not do with regard to network interfaces? A. Detach a secondary interface from an instance. B. Attach an elastic network interface to an instance with an existing interface. C. Detach a primary interface from an instance. D. Attach an elastic network interface to a different instance than originally attached.

C

182. Why might you use an elastic IP address? A. You need an IPv4 address for a specific instance. B. You need an IPv6 address for a specific instance. C. You want to mask the failure of an instance to network clients. D. You want to avoid making changes to your security groups.

C

187. Where are individual instances provisioned? A. In a VPC B. In a region C. In an availability zone D. In an Auto Scaling group

C

19. Which of the following are default rules on a default security group, such as the one that comes with the default VPC? (Choose two.) A. Outbound: 0.0.0.0/0 for all protocols allowed B. Inbound: 0.0.0.0/0 for all protocols allowed C. Outbound: ::/0 for all protocols allowed D. Inbound: ::/0 for all protocols allowed

C

197. Which of the following is not part of the well-architected framework? A. Apply security at all layers. B. Enable traceability. C. Use defaults whenever possible. D. Automate responses to security events.

C

203. Which of the following is not included in the well-architected framework's definition of security? A. Data protection B. Infrastructure protection C. Reduction of privileges D. Defective controls

C

204. Which of the following is a principle of the well-architected framework's security section? A. Encrypt the least amount of data possible. B. Always encrypt the most important data. C. Encrypt everything where possible. D. Encrypt data at rest.

C

206. Who is responsible for encrypting data in the cloud? A. You B. AWS C. AWS provides mechanisms such as key rotation for which they are responsible, but you are responsible for appropriate usage of those mechanisms. D. AWS provides an API, but you are responsible for security when using that API.

C

208. Which of these statements is not true? A. AWS recommends encrypting data at rest and in transit. B. AWS will never move data between regions unless initiated by the customer. C. AWS will initiate moving data between regions if needed. D. Customers move data between regions rather than AWS.

C

211. At what level does infrastructure protection exist in AWS? A. The physical hardware layer B. OSI layer 4 C. The VPC layer D. OSI layer 7

C

216. Which of the following is not one of the five pillars in the cloud defined by the AWS wellarchitected framework? A. Operational excellence B. Performance efficiency C. Organizational blueprint D. Cost optimization

C

218. Which of the following is not one of the security principles recommended by AWS's wellarchitected framework? A. Automate security best practices. B. Enable traceability. C. Apply security at the highest layers. D. Protect data in transit and at rest.

C

23. Which of the following describes server-side encryption for S3 bucket data? A. You encrypt and upload data to S3, managing the encryption process yourself. B. You encrypt and upload data to S3, allowing AWS to manage the encryption process. C. You request AWS to encrypt an object before saving it to S3. D. You encrypt an object, but AWS uploads and decrypts the object.

C

25. Which of the following is not a way to manage server-side encryption keys for S3? A. SSE-S3 B. SSE-KMS C. SSE-E D. SSE-C

C

28. You have a customer that has a legacy security group that is very suspicious of all things security in the cloud. The customer wants to use S3, but doesn't trust AWS encryption, and you need to enable its migration to the cloud. What option would you recommend to address the company's concerns? A. SSE-S3 B. SSE-KMS C. Client-side encryption keys D. SSE-C

C

45. What encryption service is used by encrypted EBS volumes? A. S3-KMS B. S3-C C. KMS D. Customer-managed keys

C

46. How can you access the private IP address of a running EC2 instance? A. http://169.254.169.254/latest/user-data/ B. http://169.254.169.254/latest/instance-data/ C. http://169.254.169.254/latest/meta-data/ D. http://169.254.169.254/latest/ec2-data/

C

51. Which of the following will allow you to bring a non-encrypted RDS instance into compliance with an "all data must be encrypted at rest" policy? A. Snapshot the RDS instance and restore it, encrypting the new copy upon restoration. B. Use the AWS Database Migration Service to migrate the data from the instance to an encrypted instance. C. Create a new encrypted instance and manually move data into it. D. None of these will encrypt all data on the instance.

C

89. What does the CIDR block ::/0 represent? A. The entire Internet B. The entire Internet, limited to IPv4 addresses C. The entire Internet, limited to IPv6 addresses D. Inbound traffic from the entire Internet

C

93. How many subnets can be added to an availability zone within a VPC? A. None B. One C. One or more D. At least two

C

97. How many IPv4 CIDR blocks can be assigned to a single VPC? A. None B. One C. One or more D. At least two

C

119. If you have a NACL and a security group, at what two levels is security functioning? (Choose two.) A. The VPN level B. The service level C. The subnet level D. The instance level

C,D

156. Which of the following would be needed to allow an instance launched into a non-default subnet Internet access? (Choose two.) A. A private IPv4 address B. A security group C. An elastic IP address D. An internet gateway

C,D

166. You are building out a site-to-site VPN connection from an on-site network to a private subnet within a custom VPC. Which of the following might you need for this connection to function properly? (Choose two.) A. An internet gateway B. A public subnet C. A virtual private gateway D. A customer gateway

C,D

55. Which of the following are valid options on an EBS volume? (Choose two.) A. Encrypt the volume. B. Encrypt a snapshot of the volume. C. Encrypt a copy of a snapshot of the volume. D. Restore an encrypted snapshot to an encrypted volume.

C,D

73. Which of the following are true about a user-created NACL? (Choose two.) A. It allows all inbound traffic. B. It allows all outbound traffic. C. It disallows all inbound traffic. D. It disallows all outbound traffic.

C,D

You have a high performance compute application and you need to minimize network latency between EC2 instances as much as possible. What can you do to achieve this? A. Use Elastic Load Balancing to load balance traffic between availability zones B. Create a CloudFront distribution and to cache objects from an S3 bucket at Edge Locations. C. Create a placement group within an Availability Zone and place the EC2 instances within that placement group. D. Deploy your EC2 instances within the same region, but in different subnets and different availability zones so as to maximize redundancy.

C. Create a placement group within an Availability Zone and place the EC2 instances within that placement group.

Amazon Glacier is designed for: Choose 2 answers A. Frequently accessed data B. Active database storage C. Data archives D. Infrequently accessed data E. Cached session data

C. Data archives D. Infrequently accessed data

You have a business-critical two-tier web app currently deployed in two AZs in a single region, using Elastic Load Balancing and Auto Scaling. The app depends on synchronous replication (very low latency connectivity) at the database layer. The application needs to remain fully available even if one application AZ goes off-line, and Auto Scaling cannot launch new instances in the remaining Availability Zones. How can the current architecture be enhanced to ensure this? A. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 50 percent peak load per Region. B. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 100 percent peak load per region. C. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone. D. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 33 percent peak load per zone.

C. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone.

When automatic failover occurs, Amazon RDS will emit a DB Instance event to inform you that automatic failover occurred. You can use the _____ to return information about events related to your DB Instance. A. FetchFailure B. DescribeFailure C. DescribeEvents D. FetchEvents

C. DescribeEvents

What is the maximum write throughput I can provision per table for a single DynamoDB table? A. 5,000 us east, 1,000 all other regions B. 100,000 us east, 10, 000 all other regions C. Designed to scale without limits, but if you go beyond 40,000 us east/10,000 all other regions you have to contact AWS first. D. There is no limit

C. Designed to scale without limits, but if you go beyond 40,000 us east/10,000 all other regions you have to contact AWS first.

Which of the services below do you get root access to? A. Elasticache & Elastic MapReduce B. RDS & DynamoDB C. EC2 & Elastic MapReduce D. Elasticache & DynamoDB

C. EC2 & Elastic MapReduce

Which AWS instance address has the following characteristics? :"If you stop an instance, its Elastic IP address is unmapped, and you must remap it when you restart the instance." A. None of these B. EC2-VPC Addresses C. EC2-Classic Addresses

C. EC2-Classic Addresses

In Amazon CloudWatch, which metric should I be checking to ensure that your DB Instance has enough free storage space? A. FreeStorage B. FreeStorageVolume C. FreeStorageSpace D. FreeStorageAllocation

C. FreeStorageSpace

You are a solutions architect working for a large digital media company. Your company is migrating their production estate to AWS and you are in the process of setting up access to the AWS console using Identity Access Management (IAM). You have created 5 users for your system administrators. What further steps do you need to take to enable your system administrators to get access to the AWS console? A. Generate an Access Key ID & Secret Access Key, and give these to your system administrators. B. Enable multi-factor authentication on their accounts and define a password policy. C. Generate a password for each user created and give these passwords to your system administrators. D. Give the system administrators the secret access key and access key id, and tell them to use these credentials to log in to the AWS console.

C. Generate a password for each user created and give these passwords to your system administrators.

You have uploaded a file to S3. What HTTP code would indicate that the upload was successful? A. HTTP 404 B. HTTP 501 C. HTTP 200 D. HTTP 307

C. HTTP 200

Select the incorrect statement. A. In Amazon EC2, private IP address is only returned to Amazon EC2 when the instance is stopped or terminated B. In Amazon VPC, an instance retains its private IP address when the instance is stopped. C. In Amazon VPC, an instance does NOT retain its private IP address when the instance is stopped. D. In Amazon EC2, the private IP address is associated exclusively with the instance for its lifetime

C. In Amazon VPC, an instance does NOT retain its private IP address when the instance is stopped.

What does the "Server Side Encryption" option on Amazon S3 provide? A. It provides an encrypted virtual disk in the Cloud. B. It doesn't exist for Amazon S3, but only for Amazon EC2. C. It encrypts the files that you send to Amazon S3, on the server side. D. It allows to upload files using an SSL endpoint, for a secure transfer.

C. It encrypts the files that you send to Amazon S3, on the server side.

In the Launch Db Instance Wizard, where can I select the backup and maintenance options? A. DB Instance Details B. Review C. Management Options D. Engine Selection

C. Management Options

In reviewing the Auto Scaling events for your application you notice that your application is scaling up and down multiple times in the same hour. What design choice could you make to optimize for cost while preserving elasticity? Choose 2 answers A. Modify the Auto Scaling policy to use scheduled scaling actions B. Modify the Auto Scaling group termination policy to terminate the oldest instance first. C. Modify the Auto Scaling group cool-down timers. D. Modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy. E. Modify the Auto Scaling group termination policy to terminate the newest instance first.

C. Modify the Auto Scaling group cool-down timers. D. Modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.

Security groups act like a firewall at the instance level, whereas _____ are an additional layer of security that act at the subnet level. A. DB Security Groups B. VPC Security Groups C. Network ACLs

C. Network ACLs

What function of an AWS VPC is stateless? A. Security Groups B. Elastic Load Balancers C. Network Access Control Lists D. EC2

C. Network Access Control Lists

Is there a method or command in the IAM system to allow or deny access to a specific instance? A. Only for VPC based instances B. Yes C. No

C. No

What is the charge for the data transfer incurred in replicating data between your primary and standby? A. Same as the standard data transfer charge B. Double the standard data transfer charge C. No charge. It is free D. Half of the standard data transfer charge

C. No charge. It is free

Do the system resources on the Micro instance meet the recommended configuration for Oracle? A. Yes completely B. Yes but only for certain situations C. Not in any circumstance

C. Not in any circumstance

You are a solutions architect working for a large oil and gas company. Your company runs their production environment on AWS and has a custom VPC. The VPC contains 3 subnets, 1 of which is public and the other 2 are private. Inside the public subnet is a fleet of EC2 instances which are the result of an autoscaling group. All EC2 instances are in the same security group. Your company has created a new custom application which connects to mobile devices using a custom port. This application has been rolled out to production and you need to open this port globally to the internet. What steps should you take to do this, and how quickly will the change occur? A. Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate on this port after a reboot. B. Open the port on the existing network Access Control List. Your EC2 instances will be able to communicate over this port immediately. C. Open the port on the existing security group. Your EC2 instances will be able to communicate over this port immediately. D. Open the port on the existing security group. Your EC2 instances will be able to communicate over this port as soon as the relevant Time To Live (TTL) expires.

C. Open the port on the existing security group. Your EC2 instances will be able to communicate over this port immediately.

With which AWS orchestration service can you implement Chef recipes? A. CloudFormation B. Elastic Beanstalk C. Opsworks D. Lambda

C. Opsworks

In the Amazon RDS Oracle DB engine, the Database Diagnostic Pack and the Database Tuning Pack are only available with _____. A. Oracle Standard Edition B. Oracle Express Edition C. Oracle Enterprise Edition D. None of these

C. Oracle Enterprise Edition

All Amazon EC2 instances are assigned two IP addresses at launch. Which one can only be reached from within the Amazon EC2 network? A. Multiple IP address B. Public IP address C. Private IP address D. Elastic IP Address

C. Private IP address

You work for a market analysis firm who are designing a new environment. They will ingest large amounts of market data via Kinesis and then analyze this data using Elastic Map Reduce. The data is then imported in to a high performance NoSQL Cassandra database which will run on EC2 and then be accessed by traders from around the world. The database volume itself will sit on 2 EBS volumes that will be grouped into a RAID 0 volume. They are expecting very high demand during peak times, with an IOPS performance level of approximately 15,000. Which EBS volume should you recommend? A. Magnetic B. General Purpose SSD C. Provisioned IOPS (PIOPS) D. Turbo IOPS (TIOPS)

C. Provisioned IOPS (PIOPS)

Out of the striping options available for the EBS volumes, which one has the following disadvantage : 'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.' ? A. Raid 5 B. Raid 6 C. Raid 1 D. Raid 2

C. Raid 1

Amazon S3 buckets in all Regions provide which of the following? A. Read-after-write consistency for PUTS of new objects AND Strongly consistent for POST & DELETES B. Read-after-write consistency for POST of new objects AND Eventually consistent for overwrite PUTS & DELETES C. Read-after-write consistency for PUTS of new objects AND Eventually consistent for overwrite PUTS & DELETES D. Read-after-write consistency for POST of new objects AND Strongly consistent for POST & DELETES

C. Read-after-write consistency for PUTS of new objects AND Eventually consistent for overwrite PUTS & DELETES

What does the ec2-revoke command do with respect to the Amazon EC2 security groups? A. Removes one or more security groups from a rule. B. Removes one or more security groups from an Amazon EC2 instance. C. Removes one or more rules from a security group. D. Removes a security group from an account.

C. Removes one or more rules from a security group.

It is advised that you watch the Amazon CloudWatch _____ metric carefully and recreate the Read Replica should it fall behind due to replication errors. A. WriteLag B. ReadReplica C. ReplicaLag D. SingleReplica

C. ReplicaLag

Can Amazon S3 uploads resume on failure or do they need to restart? A. Restart from beginning B. You can resume them, if you flag the "resume on failure" option before uploading. C. Resume on failure D. Depends on the file size

C. Resume on failure

In a management network scenario, which interface on the instance handles public-facing traffic? A. Primary network interface B. Subnet interface C. Secondary network interface

C. Secondary network interface

You have been asked to identify a service on AWS that is a durable key value store. Which of the services below meets this definition? A. Mobile Hub B. Kinesis C. Simple Storage Service (S3) D. Elastic File Service (EFS)

C. Simple Storage Service (S3)

What does Amazon SWF stand for? A. Simple Wireless Forms B. Simple Web Form C. Simple Work Flow D. Simple Web Flow

C. Simple Work Flow

Can I control if and when MySQL based RDS Instance is upgraded to new supported versions? A. No B. Only in VPC C. Yes

C. Yes

Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health checks, which statement will be true? A. The instance is replaced automatically by the ELB. B. The instance gets terminated automatically by the ELB. C. The ELB stops sending traffic to the instance that failed its health check. D. The instance gets quarantined by the ELB for root cause analysis.

C. The ELB stops sending traffic to the instance that failed its health check.

You run an automobile reselling company that has a popular online store on AWS. The application sits behind an Auto Scaling group and requires new instances of the Auto Scaling group to identify their public and private IP addresses. How can you achieve this? A. By using Ipconfig for windows or Ifconfig for Linux. B. By using a cloud watch metric. C. Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/meta-data/ D. Using a Curl or Get Command to get the latest user-data from http://169.254.169.254/latest/user-data/

C. Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/meta-data/

Are you able to integrate a multi-factor token service with the AWS Platform? A. No, you cannot integrate multi-factor token devices with the AWS platform. B. Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform. C. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

C. Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

Select the correct statement: A. You don't need not specify the resource identifier while stopping a resource B. You can terminate, stop, or delete a resource based solely on its tags C. You can't terminate, stop, or delete a resource based solely on its tags D. You don't need to specify the resource identifier while terminating a resource

C. You can't terminate, stop, or delete a resource based solely on its tags

While creating the snapshots using the the command line tools, which command should I be using? A. ec2-deploy-snapshot B. ec2-fresh-snapshot C. ec2-create-snapshot D. ec2-new-snapshot

C. ec2-create-snapshot

Changes to the backup window take effect ______. A. from the next billing cycle B. after 30 minutes C. immediately D. after 24 hours

C. immediately

You have a motion sensor which writes 600 items of data every minute. Each item consists of 5 KB. Your application uses eventually consistent reads. What should you set the read throughput to?

Calculate items per second. Calculate read capacity units per item. Eventually consistent reads give 2 reads for items up to 4 KB. Answer: 10 provisioned read capacity units

You have a motion sensor which writes 600 items of data every minute. Each item consists of 5 KB. Your application uses Strongly consistent reads. What should you set read throughput to?

Calculate items per second. Calculate read capacity units per item. Strongly consistent reads are up to 4 KB per read. Multiply items per second by read capacity units per item. Answer: 20 provisioned read capacity units

What is AWS Identity and Access Management (IAM)?

Can be used to create and manager users, groups, and use permissions to allow/deny their access to AWS resources

What is AWS Organizations?

Can create groups of accounts, automate account creation, centrally manage policies across multiple accounts, simplifies billing

What is AWS Direct Connect?

Cloud service solution to establish a dedicated network connection from your premises to AWS. Private connection between AWS and your datacenter, office, etc

You can use _____________ with Amazon Redshift, Amazon Relational Database Service (RDS) Oracle, or third party applications such as SafeNet ProtectV volume encryption for EBS, Apache (SSL termination), or Microsoft SQL Server (transparent data encryption). You can also use __________ when writing your own applications and continue to use the standard cryptographic libraries you're familiar with, including PKCS#11, Java JCA/JCE, and Microsoft CAPI and CNG.

CloudHSM

AWS ____________ enables you to keep track of the calls made to the Elastic Load Balancing API by or on behalf of your AWS account. _______________ stores the information in log files in the Amazon S3 bucket that you specify. You can use these log files to monitor activity of your load balancers by determining which requests were made, the source IP addresses where the requests came from, who made the request, when the request was made, and so on.

CloudTrail

________ is a web service that records AWS API calls for an account and delivers log files for audit and review.

CloudTrail

What service helps you to aggregate logs form your EC2 instance?

CloudWatch

______________ is a monitoring service for AWS cloud resources and applications. _____________ collects a history of AWS API calls and related events for your AWS account. & _____________ Logs enables you to monitor, store, and access your log files from AWS Resources. ______________ log files help to troubleshoot operational or security issues in your AWS account.

CloudWatch/CloudTrail & CloudWatch/CloudTrail

What is AWS's content distribution network (CDN) ?

Cloudfront

AWS console that provides a quick global picture of your cloud computing environment?

Cloudwatch

__________ allows organizations to collect and track metrics, collect and monitor log files, and set alarms

Cloudwatch

___________ is a monitoring service for AWS Cloud resources and the applications running on AWS.

Cloudwatch

using ________, organizations can gain systemwide visibility into resource utilization, application performance, and operational health.

Cloudwatch

what are the AWS management tools:

Cloudwatch, CloudFormation, CloudTrail, Config

Amazon Kinesis

Collect, process and analyze real-time, streaming data at any scale. Includes video, audio, application logs, website clickstreams, and IoT telemetry data.

What are the services offered by AWS? (high level)

Compute and Networking Storage and Content delivery Security and Identity Database Analytics Application Management tools

AWS Fargate

Compute engine for Amazon EC2 that allows you to run containers without having to manage servers or clusters.

Which of the following concepts is used when you want to manage the bills for multiple accounts under one master account?

Consolidated Billing

Which of the following can be used to view one bill when you have multiple AWS Accounts?

Consolidating Billing

When considering cost optimization, what model allows you to pay only for what computing resources you actually use?

Consumption model

181. Which of the following is not a valid attribute for an elastic network interface? A. An IPv6 address B. An IPv4 address C. A source/destination check flag D. A routing table

D

AWS Step Functions

Coordinate multiple AWS services into serverless workflows. Stitch together AWS Lambda and Amazon ECS into feature-rich applications. Automatically triggers and tracks each step, and retries when there are errors.

Reserved Instance (RI) Reporting

Cost management solutions specific to reserved instances. Components can be found in the AWS Cost Explorer and the AWS Cost & Usage Report.

What are the 5 categories AWS provides recommendations in?

Cost optimization, performance, security, fault tolerance, and service limits

What should you do in order to keep the data on EBS volumes safe?

Create EBS snapshots

If you wanted to take a backup of an EBS Volume, what would you do?

Create an EBS snapshot

An organization has 500 employees. The organization wants to set up AWS access for each department. Which of the below-mentioned options is a possible solution?

Create an IAM group for each department and assign IAM users to the groups.

AWS Key Management Service (KMS)

Create and manage keys and control the use of encryption across a wide range of AWS services and your applications. Uses hardware security modules to protect keys. Integrated with AWS CloudTrail.

Amazon Sumerian

Create and run virtual reality (VR), augmented reality (AR), and 3D applications without specialized programming.

Systems applying the cloud architecture principle of elasticity will

Create systems that scale to the required capacity based on changes in demand

you run a website which hosts videos and you have 2 types of members, premium and free. all videos uploaded by both types are processed by a fleet of ec2 instances which will poll sqs as videos are uploaded; however, you need to ensure that premium members have a higher priority. how do you design simple queue service (SQS)?

Create two queues. program ec2 to poll the premium queue first.

Which of the following is the responsibility of the customer when ensuring that data on EBS volumes is left safe?

Creating EBS snapshots

Which of the following features of AWS RDS allows for offloading reads of the database?

Creating Read Replica's

Which of the following features of RDS allows for data redundancy across regions and improves disaster recovery?

Creating Read Replicas

Which of the following features of RDS allows for data redundancy across regions?

Creating Read Replicas

186. Which of these is not a valid means of working with an Amazon EBS snapshot? A. The AWS API B. The AWS CLI C. The AWS console D. The AWS EBS management tool

D

You are hosting a static website in an s3 bucket which uses javascript to reference assets in another S3 bucket. For some reason, these assets are not displaying. What could be the problem?

Cross Origin Resource Sharing (CORS) is not enabled

Amazon DynamoDB now supports ________ ________, a new feature that automatically replicates DynamoDB tables across AWS regions.

Cross-region replication

You can use ________ ___________ to build globally distributed applications with lower-latency data access, better traffic management, easier disaster recovery, and easier data migration.

Cross-region replication

The _____________ load balancing setting also determines how the load balancer selects an instance. If _________ load balancing is disabled, the load balancer node selects the instance from the same Availability Zone that it is in. If __________ load balancing is enabled, the load balancer node selects the instance regardless of Availability Zone.

Cross-zone

100. You have a public subnet within your VPC. Within that subnet are three instances, each running a web-accessible API. Two of the instances are responding to requests from Internet clients, but one is not. What could be the problem? A. The VPC needs to be marked as public-facing. B. The three instances should be moved into an Auto Scaling group. C. There is no internet gateway available for the VPC. D. The unavailable instance needs an elastic IP.

D

107. By default, how many subnets can you create per VPC? A. 1 B. 5 C. 20 D. 200

D

116. You want to ensure that no incoming traffic reaches just the database instances in a particular subnet within your VPC. Which of the following is your best option to prevent this type of traffic? A. A blacklist B. A NACL C. A virtual private gateway D. A security group

D

121. What type of filtering does a network ACL perform? A. Stateful B. Synchronous C. Whitelist D. Stateless

D

122. With which of the following can you create a VPC peering connection? A. A VPC in the same AWS account and same region B. A VPC in another AWS account C. A VPC in the same AWS account but in another region D. All of these

D

126. Which region does not currently support VPCs? A. US East 1 B. EU West 1 C. SA East 1 D. VPC is supported in all AWS regions.

D

127. How many availability zones can a VPC span? A. None, VPCs don't exist within availability zones. B. One C. Two or more D. All the availability zones within a region

D

130. Which of the following is required to use a VPC endpoint? A. An internet gateway B. A VPN connection C. A NAT instance D. A VPC endpoint does not require any of these.

D

137. To which of the following might a bastion host be used to connect? A. A public instance in a public subnet B. A public instance in a private subnet C. A private instance in a public subnet D. A private instance in a private subnet

D

138. Which of these would you use to secure a bastion host? A. A network ACL B. A security group C. OS hardening D. All of the above

D

140. Which of the following statements about internet gateways is false? A. They scale horizontally. B. They are automatically redundant. C. They are automatically highly available. D. They scale vertically.

D

144. Which of the following is not necessary for an instance to have IPv6 communication over the Internet? A. A VPC with an associated IPv6 CIDR block B. A public IPv6 assigned to the instance C. A subnet with an associated IPv6 CIDR block D. A virtual private gateway with IPv6 enabled

D

151. Which type of load balancer operates at the Transport layer? A. Classic load balancer B. Application load balancer C. Network load balancer D. Both classic and network load balancers

D

152. Which type of load balancer operates at the Application layer? A. Classic load balancer B. Application load balancer C. Network load balancer D. Both classic and application load balancers

D

157. Which of the following would you need to add or create to allow an instance launched into a default subnet in the default VPC Internet access? A. A public IPv4 address B. An internet gateway C. An elastic IP address D. None of these

D

159. What does a NAT device allow? A. Incoming traffic from the Internet to reach private instances B. Incoming traffic from other VPCs to reach private instances C. Outgoing traffic to other VPCs from private instances D. Outgoing traffic to the Internet from private instances

D

165. Which of the following could be used as a bastion host? A. NAT gateway B. VPC endpoint C. Internet gateway D. NAT instance

D

175. Which of the following is not part of an elastic network interface? A. A primary IPv4 address B. A MAC address C. A source/destination check flag D. A NACL

D

35. You want to enable MFA Delete on your S3 buckets in the US East 1 region. What step must you take before enabling MFA Delete? A. Disable the REST API for the buckets on which you want MFA Delete. B. Enable cross-region replication on the buckets on which you want MFA Delete. C. Move the buckets to a region that supports MFA Delete, such as US West 1. D. Enable versioning on the buckets on which you want MFA Delete.

D

36. What is AWS Trusted Advisor? A. An online resource to help you improve performance B. An online resource to help you reduce cost C. An online resource to help you improve security D. All of the above

D

37. On which of the following does AWS Trusted Advisor not provide recommendations? A. Reducing cost B. Improving fault tolerance C. Improving security D. Organizing accounts

D

44. What of the following types of data is not encrypted automatically when an encrypted EBS volume is attached to an EC2 instance? A. Data in transit to the volume B. Data at rest on the volume C. Data in transit from the volume D. All of these are encrypted.

D

53. Which of the following will allow you to bring a non-encrypted EBS volume into compliance with an "all data must be encrypted at rest" policy? A. Stop the volume, create a snapshot, and restart from the snapshot, selecting "Encrypt this volume." B. Stop the volume, select "Turn on encryption," and restart the volume. C. Encrypt the volume via the AWS API and turn on the "encrypt existing data" flag. D. None of these will encrypt all data on the volume

D

78. What happens when you associate a NACL with a subnet that already is associated with a different NACL? A. Nothing, both NACLs are associated with the subnet. B. You receive an error. You must remove the first NACL to associate the new one. C. You receive an error. You must first merge the two NACLs to apply them to a subnet. D. The new NACL replaces the previous NACL, and the subnet still only has one NACL association.

D

82. If all of the following inbound rules existed on a custom NACL, would SSH traffic be allowed? Rule #800 // HTTP // TCP // 80 // 0.0.0.0/0 -> ALLOW Rule #100 // HTTPS // TCP // 443 // 0.0.0.0/0 -> ALLOW Rule * // All // All // All // 0.0.0.0/0 -> DENY Rule #130 // RDP // TCP // 3389 // 192.0.2.0/24 -> ALLOW A. Yes, SSH is included as a default protocol on NACLs. B. Yes, SSH is included in the HTTPS protocol. C. Only if the SSH access permission in IAM is granted. D. No

D

85. If all of the following inbound rules existed on a custom NACL, would SSH traffic be allowed? Rule #800 // HTTP // TCP // 80 // 0.0.0.0/0 -> ALLOW Rule #100 // HTTPS // TCP // 443 // 0.0.0.0/0 -> ALLOW Rule #110 // All // All // All // 0.0.0.0/0 -> DENY Rule #120 // SSH // TCP // 22 // 192.0.2.0/24 -> ALLOW A. Yes B. Yes, but only from the CIDR block 192.0.2.0/24. C. Only if the SSH access permission in IAM is granted. D. No

D

86. Which of the following is the most accurate statement about what the following inbound rule on a NACL will do? Rule #120 // SSH // TCP // 22 // 192.0.2.0/24 -> ALLOW A. Allows inbound SSH traffic to the associated subnets B. Allows inbound TCP traffic to the associated subnets C. Allows inbound TCP traffic to the associated subnets from the CIDR block 192.0.2.0/24 D. Allows inbound SSH traffic to the associated subnets from the CIDR block 192.0.2.0/24

D

98. You have a VPC in US East 1 with three subnets. One of those subnets' traffic is routed to an internet gateway. What does this make the subnet? A. A private subnet B. A restricted subnet C. The master subnet of that VPC D. A public subnet

D

You must assign each server to at least _____ security group A. 3 B. 2 C. 4 D. 1

D. 1

What is the maximum key length of a tag? A. 512 Unicode characters B. 64 Unicode characters C. 256 Unicode characters D. 128 Unicode characters

D. 128 Unicode characters

You have been asked to create VPC for your company. The VPC must support both Internet-facing web applications (ie they need to be publicly accessible) and internal private applications (i.e. they are not publicly accessible and can be accessed only over VPN). The internal private applications must be inside a private subnet. Both the internet-facing and private applications must be able to leverage at least three Availability Zones for high availability. At a minimum, how many subnets must you create within your VPC to achieve this? A. 5 B. 3 C. 4 D. 6

D. 6

You have been tasked with creating a VPC network topology for your company. The VPC network must support both Internet-facing applications and internally-facing applications accessed only over VPN. Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for high availability. At a minimum, how many subnets must you create within your VPC to accommodate these requirements? A. 2 B. 3 C. 4 D. 6

D. 6

You work for a toy company that has a busy online store. As you are approaching christmas you find that your store is getting more and more traffic. You ensure that the web tier of your store is behind an Auto Scaling group, however you notice that the web tier is frequently scaling, sometimes multiple times in an hour, only to scale back after peak usage. You need to prevent this so that Auto Scaling does not scale as rapidly, just to scale back again. What option would help you to achieve this? A. Configure Auto Scaling to terminate your oldest instances first, then adjust your CloudWatch alarm. B. Configure Auto Scaling to terminate your newest instances first, then adjust your CloudWatch alarm. C. Change your Auto Scaling so that it only scales at scheduled times. D. Modify the Auto Scaling group cool-down timers & modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.

D. Modify the Auto Scaling group cool-down timers & modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.

Is creating a Read Replica of another Read Replica supported? A. Only in VPC B. Yes C. Only in certain regions D. No

D. No

Is creating a Read Replica of another Read Replica supported? A. Only in certain regions B. Only with MSSQL based RDS C. Only for Oracle RDS types D. No

D. No

When running my DB Instance as a Multi-AZ deployment, can I use the standby for read or write operations? A. Yes B. Only with MSSQL based RDS C. Only for Oracle RDS instances D. No

D. No

Will my standby RDS instance be in the same Availability Zone as my primary? A. Only for Oracle RDS types B. Only if configured at launch C. Yes D. No

D. No

Will my standby RDS instance be in the same Availability Zone as my primary? A. Only for Oracle RDS types B. Yes C. Only if configured at launch D. No

D. No

You are a solutions architect who has been asked to do some consulting for a US company that produces re-useable rocket parts. They have a new web application that needs to be built and this application must be stateless. Which three services could you use to achieve this? A. AWS Storage Gateway, Elasticache & ELB B. ELB, Elasticache & RDS C. Cloudwatch, RDS & DynamoDb D. RDS, DynamoDB & Elasticache.

D. RDS, DynamoDB & Elasticache.

What does RRS stand for when talking about S3? A. Redundancy Removal System B. Relational Rights Storage C. Regional Rights Standard D. Reduced Redundancy Storage

D. Reduced Redundancy Storage

While creating an Amazon RDS DB, your first task is to set up a DB ______ that controls what IP addresses or EC2 instances have access to your DB Instance. A. Security Pool B. Secure Zone C. Security Token Pool D. Security Group

D. Security Group

You have an application running in us-west-2 that requires six EC2 instances running at all times. With three AZs available in that region (us-west-2a, us-west-2b, and us-west-2c), which of the following deployments provides 100 percent fault tolerance if any single AZ in us-west-2 becomes unavailable? Choose 2 answers A. Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances B. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with no EC2 instances C. Us-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances D. Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances E. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances

D. Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances E. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances

Does Amazon Route 53 support NS Records? A. Yes, it supports Name Service records. B. No C. It supports only MX records. D. Yes, it supports Name Server records.

D. Yes, it supports Name Server records.

Is there any way to own a direct connection to Amazon Web Services? A. You can create an encrypted tunnel to VPC, but you don't own the connection. B. Yes, it's called Amazon Dedicated Connection. C. No, AWS only allows access from the public Internet. D. Yes, it's called Direct Connect

D. Yes, it's called Direct Connect

A _____ is a storage device that moves data in sequences of bytes or bits (blocks). Hint: These devices support random access and generally use buffered I/O. A. block map B. storage block C. mapping device D. block device

D. block device

To retrieve instance metadata or userdata you will need to use the following IP Address; A. http://127.0.0.1 B. http://192.168.0.254 C. http://10.0.0.1 D. http://169.254.169.254

D. http://169.254.169.254

In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics: A. web server visible metrics such as number failed transaction requests B. operating system visible metrics such as memory utilization C. database visible metrics such as number of connections D. hypervisor visible metrics such as CPU utilization

D. hypervisor visible metrics such as CPU utilization, disk I/O, network I/O

A _____ is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources. A. user B. AWS Account C. resource D. permission

D. permission

When you run a DB Instance as a Multi-AZ deployment, the _____ serves database writes and reads A. secondary B. backup C. stand by D. primary

D. primary

You can use _____ and _____ to help secure the instances in your VPC. A. security groups and multi-factor authentication B. security groups and 2-Factor authentication C. security groups and biometric authentication D. security groups and network ACLs

D. security groups and network ACLs

Insights Dashboard

Displays operational data that the AWS Systems Manager automatically aggregates for each resource group.

Which of the following is NOT a feature of an edge location?

Distribute load across multiple resources

Which of the following describes Elastic Load Balancers (ELB)?

Distributes incoming traffic amongst your instances

Which of the following is NOT a feature of an edge location?

Distributes load across multiple resources

A company does not want to manage their database. Which of the following services is a fully managed NoSQL database provided by AWS?

DynamoDB

Amazon _______________ stores structured data, indexed by primary key, and allows low latency read and write access to items ranging from 1 byte up to 400KB.

DynamoDB

What is the AWS service provided which provides a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability?

DynamoDB

You are trying to organize and import gigabytes of data into AWS that are currently structured in JSON-like, name-value documents. Which AWS service would best fit your needs?

DynamoDB

Your company has a microservices data store that requires access to a NoSQL database. Your IT department has no desire to manage the NoSQL servers. Which Amazon service provides a fully-managed and highly available NoSQL service?

DynamoDB

Web applications often store session-state data in memory. However, this approach doesn't scale well; once the application grows beyond a single web server, the session state must be shared between servers. A common solution is to set up a dedicated session-state server with MySQL. This approach also has drawbacks: you must administer another server, the session-state server is a single pointer of failure, and the MySQL server itself can cause performance problems. ___________________ store from Amazon Web Services (AWS), avoids these drawbacks by providing an effective solution for sharing session state across web servers.

DynamoDB, a NoSQL database

_______ ____ is a fast and flexible NoSQL database service for applications which need _____ ________

DynamoDB, low latency

One of the benefits of the AWS Cloud is that there are many services available to use of which you don't need to manage their underlying infrastructure. Which of the following are examples of these services?

DynamoDBB, EC2

Amazon's Redshift uses which block size for its columnar storage? A. 2KB B. 8KB C. 16KB D. 32KB E. 1024KB / 1MB

E. 1024KB / 1MB

You need to add a route to your routing table in order to allow connections to the internet from your subnet. What route should you add? A. Destination: 192.168.1.258/0 --> Target: your Internet gateway B. Destination: 0.0.0.0/33 --> Target: your virtual private gateway C. Destination: 0.0.0.0/0 --> Target: 0.0.0.0/24 D. Destination: 10.0.0.0/32 --> Target: your virtual private gateway E. Destination: 0.0.0.0/0 --> Target: your Internet gateway

E. Destination: 0.0.0.0/0 --> Target: your Internet gateway

Which of the following is not supported by AWS Import/Export? A. Import to Amazon S3 B. Export from Amazon S3 C. Import to Amazon EBS D. Import to Amazon Glacier E. Export to Amazon Glacier

E. Export to Amazon Glacier

AWS Batch

Easily and efficiently run hundreds of thousands of batch computing jobs on AWS. Dynamically provisions that optimal quantity and type of compute resources.

AS AWS grows, the general cost of doing business is reduced and savings are passed back to the customer in the form of lower pricing. What is this cost optimization called?

Economies of scale

As AWS grows, the general cost of doing business is reduced and savings are passed back to the customer in the form of lower pricing. What is this optimization called?

Economies of scale

AWS _____________ is an easy-to-use service for deploying and scaling web applications and services. You can simply upload your code and ___________ automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring.

Elastic Beanstalk

AWS ______________ is the fastest and simplest way to get a web application up and running on aws.

Elastic Beanstalk

What is the service provided by AWS that allows developers to easily deploy and manage applications on the cloud?

Elastic Beanstalk

What does EBS stand for?

Elastic Block Storage

To ensure efficient use of _________ addresses, AWS impose a small hourly charge if an ____________ address is not associated with a running instance, or if it is associated with a stopped instance or an unattached network interface.

Elastic IP

Which of the following services relates the concept of "Distributing traffic to multiple EC2 Instances"?

Elastic Load Balancer

What services/features are required to maintain a highly available and fault-tolerant architecture in AWS?

Elastic Load Balancer, Amazon EC2 Auto Scaling

____________ automatically distributes incoming application traffic across multiple amazon EC2 instances in the cloud

Elastic Load Balancing

Which two AWS tools help your application scale up or down based on demand?

Elastic Load Balancing, Auto Scaling

Amazon ______________ simplifies big data processing, providing a managed Hadoop framework that makes it easy, fast, and cost-effective for you to distribute and process vast amounts of your data across dynamically scalable Amazon EC2 instances.

Elastic Map Reduce

What are the AWS big data analytics frameworks?

Elastic Map Reduce (EMR) (Hadoop and spark) Elasticsearch service

What allows organizations to do complex analysis on large volumes of data?

Elastic Map reduce (EMR)

What means that resources dynamically adjust to increase/decrease in capacity requirements?

Elastic and scalable

Amazon Elastic File System

Elastic file system for Linux-based workloads, for use with cloud services and on-premises resources. Scale to petabytes, growing and shrinking automatically

What are some benefits of Amazon EC2?

Elastic web-scale computing, a completely controlled environment, flexible cloud hosting services, an integrated, reliable, secure, inexpensive, and easy to start system

What is AWS in memory cache?

Elasticache

Which of the following terms relate to "Creating systems that scale to the required capacity based on changes in demand"?

Elasticity

What are two advantages of using Cloud Computing over using traditional data centers?

Eliminating SPOFs., Distributed infrastructure

Alexa for Business

Enables employees and organizations to use Alexa to get work done.

A company is planning to use AWS to host critical resources. Most of their systems are business critical and need to have response times less than 15 minutes. Which of the following support plans should they consider?

Enterprise

Which of the following in the AWS Support plans gives access to a Support Concierge?

Enterprise

Your company is planning to pay for an AWS Support plan. They have the following requirements as far as the support plan goes (1) 24x7 access to Cloud Support Engineers via email, chat & phone, and (2) A response time of less than 1 hour for any critical faults. Which of the following plans will suffice keeping in mind the cost factor?

Enterprise

What AWS support level includes the assistance of a Technical Account Manager (TAM)?

Enterprise Support

What are the four support plans offered by AWS?

Enterprise, Business, Developer, Basic

What does the IAM policy simulator do?

Evaluates the policies you choose and determines the effective permissions for each of the actions you specify

What are the two consistency models used when reading data from DynamoDB?

Eventually Consistent and Strongly consistent

What is AWS X-Ray?

Helps developers analyze and debug production. Used to understand how your application is performing and troubleshoot root cause of performance issues

Inventory

Helps you collect and query configuration and inventory information about your instances. Part of AWS Systems Manager.

What is AWS Database Migration Service?

Helps you migrate databases to AWS quickly and securely. Supports homogenous like Oracle to Oracle as well as heterogenous like Oracle to Aurora.

What is Amazon Route 53?

Highly available and scalable cloud DNS service. Designed to give developers and businesses a reliable and cost effective way to route end users to Internet applications

What is Amazon Elastic Container Service (ECS)?

Highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS

What best describes a system that is always available, without the need for human intervention?

Highly-available

Amazon Elastic Container Service (ECS)

Highly-scalable, high- performance container orchestration service that supports Docker containers.

To use your AWS Direct Connect connection with another AWS account, you can create a _____ _____ _____ for that account.

Hosted Virtual Interface

A company wants to host a self-managed database in AWS. How would you ideally implement this solution?

Hosting a database on an EC2 Instance

A company wants to have a database hosted on AWS. As much as possible they want to have control over the database itself. Which of the following would be an ideal option for this?

Hosting on the database on an EC2 Instance

What will AWS Trusted Advisor tell you?

How well the infrastructure is performing, deployed resources not being used but incurring charges, and whether or not you are using fault tolerance

What service allows you to manage users, groups, roles, and their access to the AWS platform?

IAM

You can and should use an _________ to manage temporary credentials for applications that run on an EC2 instance. When you use a ________, you don't have to distribute long-term credentials to an EC2 instance. Instead, the _______ supplies temporary permissions that applications can use when they make calls to other AWS resources. When you launch an EC2 instance, you specify an _________ to associate with the instance. Applications that run on the instance can then use the role-supplied temporary credentials to sign API requests.

IAM Role

Which of the following is the secure way of using AWS API to call AWS services from EC2 Instances?

IAM Roles

You have an EC2 Instance in development that interacts with the Simple Storage Service. The EC2 Instance is going to be promoted to the production environment. Which of the following features should be used for secure communication between the EC2 Instance and the Simple Storage Service?

IAM Roles

IAM allows: 1) centralized control of account? 2) integrates with active directory? 3) Fine grained access control to AWS resources? 4) Biometric Auth?

IAM allows centralized control of account IAM integrates with active directory IAM give Fine grained access control to AWS resources IAM, does NOT do Biometric Auth

An ___________ can be associated with a Auto Scaling group. To launch EC2 instances with an ____________ in Auto Scaling, you'll have to create an Auto Scaling launch configuration with an EC2 instance profile.

IAM role

You can not currently add an ____________ to an already launched instance. You can only associate an _____________ with an EC2 instance when you launch the instance.

IAM role

You cannot change the __________ on a running EC2 instance. You can change the permissions on the ___________ associated with a running instance, and the updated permissions take effect almost immediately.

IAM role

Which of the following is the secure way of using AWS API to call AWS services from EC2 Instances?

IAM roles

VMware Cloud on AWS

Ideal for organizations looking to migrate on-premises vSphere-based workloads into the public cloud. Jointly developed by AWS and VMware.

Which of the following cloud security controls ensures that only authorized and authenticated users are able to access your resources?

Identity and Access Management

AWS _________ _____________ is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using storage appliances designed to be secure for physical transport.

Import/Export Snowball

There is no charge for these services..

Inbound data transfer, Data transfer between services in the same region

Amazon DocumentDB

Includes MongoDB compatibility. Fully managed document database service that supports MongoDB workloads.

A VPC VPN Connection utilizes _________ to establish encrypted network connectivity between your intranet and Amazon VPC over the Internet. VPN Connections can be configured in minutes and are a good solution if you have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity.

Ipsec

What is AWS Elastic Load Balancing?

It automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions.

Which of the following is a benefit of running an application across two Availability Zones?

It increases the availability of an application compared to running in a single Availability Zone.

What is the concept of an AWS Region?

It is a geographical area...

What is AWS Lambda?

It lets you run code without provisioning or managing servers. You pay only for the compute time you consume

What happens if cloud formation encounters and error by default?

It will terminate and rollback all resources created on failure.

THe default scripting language for cloud formation is?

JSON

What language are cloud formation templates written in?

JSON

What is Amazon RDS?

Makes it easy to set up, operate, and scale a relational database in the cloud and is cost-efficient, resizable and automates things like backups and database setup - can used Aurora, MySQL, Oracle, SQL Server, etc

Which of the following is NOT a feature of AWS Identity and Access Management?

Manage services and their capacities

Amazon MSK

Managed streaming for Apache Kafka without infrastructure management expertise. Continuously monitors cluster health and automatically replaces unhealthy nodes with no downtime to your application.

You can view a list of Amazon EC2 instances running your Elastic Beanstalk application environment through the AWS ____________. You can connect to the instances using any SSH client.

Management Console

Which of the following is the responsibility of the AWS customer according to the Shared Security Model?

Managing AWS Identity and Access Management (IAM)

Using Amazon RDS falls under the shared responsibility model. Which of the following are customer responsibilities?

Managing the database settings., Building the relational database schema.

With the "Pay as you go" pricing model, what is the billing interval for compute resources from the time you launch a resource until you terminate it?

Monthly

Which of the following is NOT an AWS region?

Moscow

Which of the following can be used as an additional layer of security to using a user name and password when logging into the AWS Console?

Multi-Factor Authentication (MFA)

Which of the following can be used to provide an additional level of security above your username and password when logging into the AWS Console?

Multi-Factor Authentication (MFA)

What is Amazon Aurora?

MySQL and NOSQL compatible relational database built for the cloud. 5x faster than standard databases and features a fault-tolerant scalable system. Replicates over 3 AZ's w continuous backup to S3

Which of the following AWS security features is associated with a subnet in a VPC and functions to filter incoming traffic requests?

NACL

Which of the following security features is associated with a Subnet in a VPC to protect against Incoming traffic requests?

NACL

A __________ is used to provide private subnet to access internet.

NAT Gateway

You need to allow resources in a private subnet to access the internet. What must be present to enable this access?

NAT gateway

What is Amazon ElastiCache?

Offers fully managed Redis and Memcached (in memory, open source data stores). Can be used to build data intensive apps or improve performance of existing apps. Popular choice for Gaming, Ad Tech, Healthcare, etc

What are the three capacity unit sizes in DynamoDB?

One read capacity unit represents one strongly consistent read per second, for items up to 4 KB in size. One read capacity unit represents two eventually consistent reads per second, for items up to 4 KB in size. One write capacity unit represents one write per second for items up to 1 KB in size.

One read capacity unit represents one X type of read per second, or two Y type of read per second?

One strongly consistent read per second. Two eventually consistent reads per second. For items up to 4 KB in size.

What does OLTP stand for?

Online Transaction Processing (OLTP)

What is more frequent Online Transaction Processing (OLTP) or Online Analytics Processing (OLAP)?

Online Transaction Processing (OLTP) because it is similar to a traditional query. Online Analytics Processing (OLAP) is more of a management tool used at the end of a day.

What does OLAP stand for?

Online analytics processing (OLAP)

What is AWS Trusted Advisor?

Online tool that helps you configure resources to follow best practices

In a physical data center, security is typically considered in what area?

Only in the perimeter

Which Cloud Computing model removes the need for your organization to manage operating systems?

PaaS

There is a requirement to host a database server for a minimum period of one year. Which of the following would result in the least cost?

Partial Upfront costs Reserved

Select TWO examples of the AWS shared controls.

Patch Management., Configuration Management.

What is the pricing model that allows AWS customers to pay for resources on an as needed basic?

Pay as you go

pricing model that allows AWS customers to pay for resources on an as-needed basis

Pay as you go

Which of the following is NOT an advantage of cloud computing over on-premises computing?

Pay for racking, stacking, and powering servers

What is not a primary benefit of cloud computing over on-premises computing?

Paying for racking, stacking, and powering servers

Which of the following is a benefit of Amazon Elastic Compute Cloud (Amazon EC2) over physical servers?

Paying only for what you use

Under the Shared Responsibility Model, which of the following are controls which a customer fully inherits from AWS?

Physical controls, Awareness & Training

_________ backed by solid-state drives (SSDs) is the highest performance EBS storage option designed for critical, I/O intensive database and application workloads, as well as throughput-intensive database and data warehouse workloads, such as HBase, Vertica, and Cassandra.

Piops

Amazon Deep Learning AMIs

Provide the infrastructure and tools to accelerate deep learning in the cloud, at any scale.

CloudWatch Frequency

Provides Real-time Monitoring - Standard Monitoring - Poles EC2 instance every 5 minutes - Detailed Monitoring - every minute on the minute

What is Amazon EMR?

Provides a managed Hadoop framework that makes easy fast and easy to process vast amount of data across dynamically scalable EC2 instances. Can do ML, financial analysis, etc

Run Command

Provides a simple way of automating common administrative tasks like shell scripts or PowerShell commands. Part of AWS Systems Manager.

What is Amazon EBS (Elastic Block Store)?

Provides persistent block storage volumes for use w EC2 instances and is auto replicated within its availability zone

AWS PrivateLink

Provides private connectivity between VPCs, AWS services, and on-premises applications using only the Amazon network.

What is Amazon CloudWatch?

Provides you with actionable insights to monitor your applications, optimize resource utilization, etc. Collects data as metrics and logs, can set alarms, troubleshoot issues, etc

_______________ Volumes are designed for heavy I/O intensive workloads like databases and consistent high I/O throughput. You can specify an IOPS rate when you create the volume. _____________ Volumes size can range between 10 GB and 1 TB. For greater I/O performance than you can achieve with a single volume, RAID 0 can stripe multiple volumes together.

Provisioned IOPS (PIOPS)

You can create a ________ ______ __________ to connect to public resources, or a _______ ______ ______ to connect to your VPC.

Public Virtual Interfaces, Private Virtual Interfaces

Reserved Instances are available in what 3 options

Puri, Nuri, Auri

AWS DeepLens

Puts deep learning in the hands of developers with a fully programmable video camera, tutorials, code, and pre-trained models.

AWS RoboMaker

Service to develop, test, and deploy intelligent robotics applications at scale.

AWS IoT 1-Click

Services that enables simple devices to trigger AWS Lambda functions.

If there is a requirement to host EC2 Instances in the AWS Cloud wherein the utilization is guaranteed to be consistent for a long period of time, which of the following would you utilize to ensure costs are minimized?

Reserved instances

You are currently hosting an infrastructure and most of the EC2 instances are near 90 - 100% utilized. What is the type of EC2 instances you would utilize to ensure costs are minimized?

Reserved instances

With Amazon RDS ______________, which employ supported engines' native, asynchronous replication, database writes occur on a ______________ after they have already occurred on the source DB Instance, and this replication "lag" can vary significantly. In contrast, the replication used by Multi-AZ deployments is synchronous, meaning that all database writes are concurrent on the primary and standby.

Read Replicas

NS Records

Records that list the DNS servers for a Web site.

What is amazons data warehouse called?

Redshift

The main benefit of decoupling an application is to:

Reduce inter-dependencies so failures do not impact other components

What is the main benefit of decoupling an application?

Reduce inter-dependencies so failures do not impact other components of the application.

How does an edge location help end users?

Reduces latency

Which of the following terms refers to another geographic location in AWS?

Region

What's the difference between an AWS region and an availability zone?

Region is a geographic area. Availability Zone is an isolated area inside of a region Regions have multiple Availability Zones

AWS IoT Device Management

Register connected IoT devices (individually or in bulk) and easily manage permissions so that devices remain secure. Organize devices, monitor and troubleshoot device functionality.

Which of the following does AWS perform on its behalf for EBS volumes to make it less prone to failure?

Replication of the volume in the same Availability Zone

Which EC2 option is best for long-term workloads with predictable usage patterns?

Reserved

What is the service provided by AWS that lets you host Domain Name systems?

Route 53

Which service provides DNS in the AWS cloud?

Route 53

AAAA Records

Routes IPv6s to Domain name

You have decided to pay a low upfront fee in order to get a significantly discounted hourly rate. What payment model are you planning to use?

Save when you reserve.

Route 53

Scalable DNS and Domain Name Registration - Named after DNS Port - Globally configured - Can set up Public or Private Zones

Amazon Kinesis Data Streams

Scalable and durable real-time data streaming service. Also known as KDS.

Which of the following is one of the benefits of AWS Security?

Scales Quickly

You need to find an item in a DynamoDB table using an attribute other than the item's primary key. What operation should you use?

Scan

If your proj requires you to run monthly reports that iterate through very large amounts of data, which EC2 purchasing option should you consider?

Scheduled reserved

Amazon Elasticsearch Service

Search, analyze, and visualize data in real-time using APIs and real-time analytics. Log analytics, full-text search, application monitoring, clickstream analytics.

With the "pay as you go" pricing model, how often do you pay for compute resources from the time you launch a resource until you terminate it?

Secondly and hourly

What are some of the security benefits that AWS offers?

Secure global infrastructure and meeting compliance requirements

What does the AWS Snowball provide?

Secure transfer of large amounts of data into and out of the AWS Cloud.

What is the AWS Management Console?

Secure, easy to access, web based portal where you can manage cloud computing, storage, and other resources running in AWS

Amazon WorkMail

Secure, managed business e-mail and calendar service with support for existing desktop and mobile e-mail client applications. Can be integrated with existing corporate directory.

Distributor

Securely distribute and install software packages while maintaining control over versioning. Part of AWS Systems Manager.

Which of the following aspects of security are managed by AWS?

Securing global physical infrastructure, Hardware patching

SAML

Security Assertions Markup Language

What acts as a firewall that controls the traffic allowed to reach one or more instances?

Security Group

_________ cannot span multiple regions.

Security Groups

VPC Components

Security Groups, subnets, control lists, IP ranges, Route Tables, Internet Gateways

In the Shared Responsibility Model, for which aspect of securing the cloud customers responsible?

Security IN the cloud

In the Shared Responsibility Model, for which aspect of securing the cloud is AWS responsible?

Security OF the cloud

What service provides trusted users with temporary security credentials that can control access to your AWS resources?

Security Token Service (STS)

AWS Firewall Manager

Security management service for centrally configuring and managing AWS WAF (web application firewall) rules across your accounts and applications.

In the Shared Responsibility Model, AWS has responsibility of providing what?

Security of the cloud

Patch Manager

Select and deploy operating system and software patches automatically across large groups of instances. Part of AWS Systems Manager.

Amazon Connect

Self-service, cloud-based contact center service. Design contact flows, manage agents, and track performance metrics without special skills. Pay by the minute for usage plus any associated telephony services.

Which of the following is not a characteristic of the Auto Scaling service on AWS?

Sends traffic to healthy instances

AWS AppSync

Serverless back-end for mobile, web and enterprise applications. Handles data management tasks like online and offline data access, data synchronization, and data manipulation.

AWS Elastic Beanstalk

Service for deploying and scaling web apps and services with popular program languages Java, .NET, PHP, Node.js, Python and Ruby Retain full control over the AWS resources powering your app Browse log files, monitor app health, adjust auto-scaling rules, setup email notifications

CodeDeploy

Service that automates code deployments to any instance, including EC2 and instances running on-premises.

Amazon Textract

Service that automatically extracts text and data from scanned documents.

AWS Transit Gateway

Service that enables customers to connect to their VPCs and their on-premises networks to a single gateway.

AWS IoT Things Graph

Service that makes it easy to visually connect different devices and web services to build IoT applications.

___________ is a Microsoft Active Directory-compatible directory from AWS Directory Service that is powered by Samba 4. _____________ is a proxy service for connecting your on-premises Microsoft Active Directory to the AWS cloud. & ___________ is the least expensive option and your best choice if you have 5,000 or less users. Conversely, ___________ is your best choice when you want to use your existing on-premises directory with AWS services.

Simple AD Last one: AD Connector

What does S3 stand for?

Simple Storage Service

Amazon S3

Simple Storage Service (SaaS), a scalable, high-speed, low-cost, web-based cloud storage service designed for online backup and archiving of data and application programs, buckets

Amazon SES

Simple e-mail sending service for sending marketing, notification, and transactional e-mails.

Amazon SWF

Simple workflow service that helps developers create background jobs that have sequential and parallel steps. Fully-managed state tracker and task coordinator.

Cross-region replication currently supports ___________ in DynamoDB. A _________ master has one master table and one or more replica tables

Single Master Mode, single

Which of the following is not a disaster recovery deployment technique?

Single Site

AWS Cost & Usage Report

Single location for accessing comprehensive information about AWS costs and usage. Lists usage for each service category used by an account and its IAM users in hourly or daily line items. Includes tags that have been activated for cost allocation purposes.

AWS Migration Hub

Single location to track the progress of application migrations across multiple AWS and partner solutions.

In the Shared Responsibility Model, what are examples of "security in the cloud?"

The country in which content is stored and which AWS services are used with the content

What is AWS CodeCommit?

Source Control service that hosts secure repositories. Makes it easy for teams to collab on code and don't have to worry about scaling infrastructure.

Which of these is not a cloud deployment model: Infrastructure as a service, Platform as a service, Software as a service, System Administration as a service

System Administration as a service

True

The AWS Database Migration Service can be used for continuous data replication with high availability.

elastic block storage

block level storage for use with EC2 instances allowing the install of different file system

What is Amazon CLI (Command Line Interface)?

Tool to manage your AWS Services. Can control multiple services and automate them through scripts

In identity access management (IAM), using security access markup language (SAML) 2.0, you can give federated users single sing on (SSO) access to the aws console. (t/f)

True, In identity access management (IAM), using security access markup language (SAML) 2.0, you can give federated users single sing on (SSO) access to the aws console.

Messages CAN be customized for each protocol used in SNS?

True, Messages CAN be customized for each protocol used in SNS.

Network ACLs are an additional layer of security that act at the subnet level?

True, Network ACLs are an additional layer of security that act at the subnet level?

SNS is push based?

True, SNS is push based.

Security groups act like a firewall at the instance level?

True, Security groups act like a firewall at the instance level

The AWS sign in endpoint is https://signin.aws.amazon.com/saml ? (T/F)

True, The AWS sign in endpoint is https://signin.aws.amazon.com/saml

A subnet can only be associated with one Access Cotnrol List (ACL)

True, You can associate a network ACL with multiple subnets; however, a subnet can be associated with only one network ACL at a time. When you associate a network ACL with a subnet, the previous association is removed.

You can use SNS in conjunction iwth SQS to fan a single message out to multiple SQS Queries?

True, You can use SNS in conjunction iwth SQS to fan a single message out to multiple SQS Queries

It is possible to have private subnets in VPC?

True, it is possible to have private subnets in VPC

With ec2 you can have 2 types of storage. EBS storage or Instance store. EBS is persistent and if an ec2 instance is stopped with an ebs volume attached, there will be no data lost. instance store is ephemeral and if the ec2 is stopped, all data will be lost. (t/f)

True. EBS is persistent and if an ec2 instance is stopped with an ebs volume attached, there will be no data lost. Instance store is ephemeral and if the ec2 is stopped, all data will be lost.

You have 2 accounts in AWS. One for Dev and the other for QA. All are part of consolidated billing. The master account has purchased 4 reserved instances. The Dev department is currently using 2 reserved instances. The QA team is planning on using 3 instances, which are of the same instance type. What is the pricing tier of the instances that can be used by the QA Team?

Two Reserved and 1 on-demand

Spot instances are available in all regions except the ____________ region.

US GovCloud

AWS CodeStar

Unified user interface that enables development, build, and deployment of applications on AWS. Project management dashboard, integrated issue tracking, etc.

AWS Systems Manager

Unified user interface to view operational data from multiple AWS services. Allows you to automate operational tasks across resources. Group resources, monitor, and take action on groups.

How do you use AWS Elastic Beanstalk?

Upload your code and EB automatically handles deployment, load balancing and auto scaling

S3 Encryption

Upload/download through SSL Encrypted Points

(SQS) You are designing a new app which processes payments and delivers promotional emails to customers. Your need to ensure that the payment process takes priority over the creation of emails. What is the best way to achieve this?

Use 2 SQS queues. Poll that payment queue first.

You have a devops team in your current organization structure. They are keen to know if there is any service available in AWS which can be used to manage infrastructure as code. Which of the following can be met with such a requirement?

Using AWS CloudFormation

You want to add an extra layer of protection to the current authentication mechanism of user names and passwords for AWS. Which of the following can help in this regard?

Using MFA

A company is hosting a web application in the AWS Cloud using a set of EC2 instances. Which of the following can help to protect them from DDoS attacks?

Using Network Access Control Lists, Using Security Groups

You are planning to serve a web application on the AWS Platform by using EC2 Instances. Which of the below principles would you adopt to ensure that even if some of the EC2 Instances crashes , you still have a working application?

Using a fault tolerant ...

Amazon _____________ is used to configure, highly reliable, and provide a secure connection to S3 that does not require a gateway or NAT instances.

VPC Endpoint

Upgrading a server with a larger hard drive is an example of __________ , while adding more hard drives to a storage array is an example of __________ .

Vertical Scaling, Horizontal Scaling.

You can now create AWS Direct Connect _______ __________ for multiple AWS accounts on a single 1 Gigabit or 10 Gigabit Connection.

Virtual Interfaces

VPC Stands for?

Virtual Private Cloud

What does Amazon EC2 provide?

Virtual Servers in the cloud

Which of the following is the amount of storage that can be stored in the Simple Storage service?

Virtually unlimited storage

AWS Cost Explorer

Visualize, understand, and manage AWS costs and usage over time. Supports charts and tabular data for high-level and highly-specific requests. Maintains 12 months of historical data.

Which of the following disaster recovery deployment mechanisms that has the lowest downtime?

Warm standby

Name of service allowing users to use social media account to gain temporary access to AWS platform?

Web Identity Ferderation

Amazon Elastic Compute Cloud (Amazon EC2) Spot instances are appropriate for which of the following workloads?

Workloads where the availability of the Amazon EC2 instances can be flexible

What are the steps for calculating write throughput?

Write capacity units are 1 KB per write. Calculate items per second. Multiply items per second by writes per item.

Cloudfront Edge location

a CDN endpoint

Region

a Geographical location that has 2 or more availability zones

What is Amazon Route 53 a. A highly available and scalable Domain Name System (DNS) web service b. A monitoring and management service that collects and tracks metrics c. A fast and flexible nonrelational database service for all applications that need consistent, single-digit millisecond latency at any scale. d. A cloud service solution that establishes private connectivity between AWS and your data center, office, or colocation environment.

a. A highly available and scalable Domain Name System (DNS) web service

Who is responsible for security of the cloud according to the shared responsibility model? a. AWS b. Customer c. AWS Support d. IAM roles

a. AWS

Which AWS service enable you to repeatedly and predictably provision resources to power your applications? a. AWS CloudFormation b. AWS Cloud Map c. AWS CloudTrail d. Amazon CloudFront

a. AWS CloudFormation

Which among the options below can you use to launch a new Amazon RDS database cluster to your VPC? (Select TWO) a. AWS CloudFormation b. AWS CodePipeline c. AWS Management Console d. AWS Concierge e. AWS Systems Manager

a. AWS CloudFormation c. AWS Management Console You can launch a new RDS database cluster using the AWS Management Console, AWS CLI, and AWS CloudFormation. The AWS Management Console provides a web-based way to administer AWS services. You can sign in to the console and create, list, and perform other tasks with AWS services for your account. These tasks might include starting and stopping Amazon EC2 instances and Amazon RDS databases, creating Amazon DynamoDB tables, creating IAM users, and so on. The AWS Command Line Interface (CLI), on the other hand, is a unified tool to manage your AWS services.

Which service should a company use to centrally manage policies and consolidate billing across multiple AWS accounts? a. AWS Organizations b. AWS Trusted Advisor c. AWS Budgets d. AWS Config

a. AWS Organizations AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Whether you are a growing startup or a large enterprise, Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts.

A company is planning to launch a new system in AWS but they do not have an employee who has an AWS-related expertise. Which of the following can help the company to design, architect, build, migrate, and manage their workloads and applications on AWS? a. AWS Partner Network Consulting Partners b. AWS Partner Network Technology Partners c. AWS Marketplace d. Technical Account Management

a. AWS Partner Network Consulting Partners The AWS Partner Network (APN) is focused on helping partners build successful AWS-based businesses to drive superb customer experiences. This is accomplished by developing a global ecosystem of Partners with specialties unique to each customer's needs. There are two types of APN Partners: 1. APN Consulting Partners 2. APN Technology Partners

Your company is developing a critical application, and the security of the application is one of the top priorities. Which of the following AWS service will provide recommendations for security optimization for your infrastructure? a. AWS Trusted Advisor b. Amazon CloudWatch c. Amazon Inspector d. Amazon Aurora

a. AWS Trusted Advisor

Which of the following tasks is the customer's responsibility when creating Amazon VPC security groups? a. Adding rules regarding inbound traffic to the security group b. Choosing the level of physical security for the network c. Ensuring that the security groups are linked to Amazon EC2 d. Selecting an appropriate load balancing strategy for the network routers

a. Adding rules regarding inbound traffic to the security group

Which of the following are the things that Amazon CloudWatch Logs can accomplish? (Select TWO) a. Adjust the retention policy for each log group b. Create alarms that automatically stop, terminate, reboot, or recover your EC2 instances. c. Store your log data at absolutely no charge d. Record AWS Management Console actions and API calls e. Monitor application logs from Amazon EC2 Instances.

a. Adjust the retention policy for each log group e. Monitor application logs from Amazon EC2 Instances. You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources. CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service

You need to host a new Microsoft SQL Server database in AWS for an urgent project. Which AWS services should you use to meet this requirement? (Select TWO) a. Amazon Relational Database Service (Amazon RDS) b. Amazon EC2 c. Amazon Redshift d. Amazon Aurora Backtrack e. Amazon Aurora

a. Amazon Relational Database Service (Amazon RDS) b. Amazon EC2 Amazon Web Services offers you the flexibility to run Microsoft SQL Server for as much or as little time as you need and select from a number of versions and editions. SQL Server on Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Block Store (Amazon EBS) gives you complete control over every setting, just like when it's installed on-premises. Amazon Relational Database Service (Amazon RDS) is a fully managed service that takes care of all the maintenance, backups, and patching for you

You have am application composed of individual services and you need to route a request to a service based on the content of the request. What type of load balancer should you use? a. Application Load Balancer b. Network Load Balancer c. Classic Load Balancer d. VPN Load Balancer

a. Application Load Balancer

_________ is one of the components of AWS Global Infrastructure which consists of one or more discrete data centers each with redundant power, networking, and connectivity, and housed in separate facilities. a. Availability Zone b. VPC c. Edge location d. AWS Region

a. Availability Zone The AWS Cloud infrastructure is built around AWS Regions and Availability Zones. An AWS Region is a physical location in the world where we have multiple Availability Zones. Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities.

How is storage typically priced on AWS Cloud? a. Charged per GB b. Charged by speed of transfer c. Charged by instance type d. Charged per hour or second

a. Charged per GB

Which of the following cloud architecture principles below is followed if you distribute your workloads across multiple Availability Zones in AWS as well as using Amazon RDS Multi-AZ? a. Design for failure b. Decouple your components c. Think parallel d. Implement elasticity

a. Design for failure

You have an application composed of individual services. You need to route a request to a service based on the content of the request. Which service would you use? a. Elastic Load Balancing b. EC2 Auto Scaling c. Amazon Route S3 d. AWS CloudTrail

a. Elastic Load Balancing

Which of the following is true on how AWS lessens the time to provision your IT resources? a. It provides various ways to programmatically provision IT resources b. It provides an AI-powered IT ticketing platform for fulfilling resource requests c. It provides express service to deliver your servers to you data centers faster d. It provides an automated system of requesting and fulfilling IT resources from third-party vendors.

a. It provides various ways to programmatically provision IT resources With the cloud, businesses no longer need to plan for and procure servers and other IT infrastructure weeks or months in advance. Instead, they can instantly spin up hundreds or thousands of servers in minutes and deliver results faster. AWS provides you various ways and tools to programmatically provision IT resources such as AWS CLI, AWS API and the web-based AWS Management Console.

Which of the following is a key financial benefit of migrating systems hosted on your on-premises data center to AWS? a. Opportunity to replace upfront capital expenses (CAPEX) with low variable costs b. Opportunity to replace upfront operational expenses (OPEX) with low variable operational expenses (OPEX) c. Opportunity to replace variable capital expenses (CAPEX) with low upfront costs. d. Opportunity to replace variable operational expenses (OPEX) with low upfront capital expenses (CAPEX)

a. Opportunity to replace upfront capital expenses (CAPEX) with low variable costs

Which Amazon EC2 instance purchasing option lets you take advantage of unused EC2 capacity in the AWS Cloud and provides up to a 90% discount compared to On-Demand prices? a. Spot Instance b. Convertible Reserved Instance c. Standard Reserved Instance d. Dedicated Host

a. Spot Instance Lets you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices.

What are the benefits of using Amazon EC2 instances compared to physical servers in your infrastructure? (Select two) a. The ability to have different storage requirements b. Resizible c. The ability to and additional RAM d. Automatic automated backups e. Pay only for the capacity you use

a. The ability to have different storage requirements e. Pay only for the capacity you use

Which of the following AWS concepts refers to "Established best practices developed through lessons learned by working with customers"? a. Well-Architected Framework b. Reference architecture c. Security of the Cloud d. AWS Trusted Advisor

a. Well-Architected Framework

Each region is completely ________ and is designed to be completely ________ from the other regions.

independent and isolated

Which of the following best describes what CloudWatch is? a. An automated security assessment service b. A metric repository c. An audit service that records all API calls made to your AWS account d. A rules repository

b. A metric repository

A company has hybrid cloud architecture where their on-premises data center interacts with their cloud resources in AWS. Which of the following services in AWS could you use to deploy a web application to servers running on-premises? (Select TWO) a. AWS CloudFormation b. AWS OpsWorks c. AWS Elasitc Beanstalk d. AWS Batch e. AWS CodeDeploy

b. AWS OpsWorks e. AWS CodeDeploy OpsWorks - AWS OpsWorks is a configuration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef and Puppet. CodeDeploy - AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier to rapidly release new features, avoids downtime during application deployment, and handles the complexity of updating applications.

Which of the following is a managed Distribution Denial of Service (DDoS) protection service? a. AWS Trusted Advisor b. AWS Shield c. AWS Identity and Access Management d. Amazon Inspector

b. AWS Shield

Which of the following is capable of inspecting your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps? a. AWS Cost Explorer b. AWS Trusted Advisor c. AWS Inspector d. AWS Budgets

b. AWS Trusted Advisor This is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. It inspects your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps. Cost Optimization Security Fault Tolerance Performance Service Limits

Which of the following is a responsibility of the customer according to the shared responsibility model? a. Physical security of the facilities in which the services operate b. AWS identify and Access management (IAM) c. Protection of the global infrastructure d. Availability of third-party audit reports

b. AWS identify and Access management (IAM)

A company which has a basic support plan needs resources to deploy, test, and improve their AWS environment. Which of the following can they use for free? a. Technical Account Manager b. AWS online documentation, whitepapers, blogs and support forums c. AWS Support API for programmatic case management d. In-person classes with an accredited AWS instructor

b. AWS online documentation, whitepapers, blogs and support forums

Which AWS service should you use if you need to launch a highly scalable MySQL database? a. Amazon DynamoDB b. Amazon Aurora c. Amazon Redshift d. Amazon ElastiCache

b. Amazon Aurora This service is a MySQL and PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases.

Which of the following services provides you with data and actionable insights to monitor your applications, understand and respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health? a. AWS Cloud9 b. Amazon CloudWatch c. AWS CloudFormation d. AWS CloudTrail

b. Amazon CloudWatch

Which of the following instance types provides you with a significant discount compared to On-Demand Instance pricing? a. Amazon EC2 Instant Instance b. Amazon EC2 Reserved Instance c. Amazon EC2 Dedicated Hosts d. Amazon EC2 Dedicated Instances

b. Amazon EC2 Reserved Instance

Which AWS services should you use to store rapidly changing data with low read and write latencies? (Select TWO) a. Amazon S3 b. Amazon RDS c. Amazon AppStream 2.0 d. Amazon EBS d. AWS Snowball

b. Amazon RDS d. Amazon EBS Data that must be updated very frequently might be better served by a storage solution with lower read / write latencies, such as Amazon EBS volumes, Amazon RDS or other relational databases, or Amazon DynamoDB.

What is Elastic Load Balancing? a. Automatically stopping traffic when targets get overloaded b. Automatically distributing traffic across multiple targets c. Automatically slowing traffic to decrease latency d. Automatically monitoring traffic to ensure that cost are kept beneath a specified threshold

b. Automatically distributing traffic across multiple targets

Which components of the AWS infrastructure can be described as multiple, isolated locations within on geographic area? a. S3 Buckets b. Availability Zones c. Regions d. Edge Locations

b. Availability Zones

Which of the following is an advantage of using managed services like RDS, ElastiCache, and CloudSearch in AWS? a. Simplifies all of your OS patching and backup activities to help keep your resources current and secure b. Better performance than customer-managed services such as EC2 instances. c. Automatically scales the capacity without any customer intervention d. Frees up the customer from the task of choosing and optimizing the underlying instance type and size of the service

b. Better performance than customer-managed services such as EC2 instances.

Which of the following is a best practice for adding an additional layer of security when logging into the AWS Management Console? a. Root access permissions b. Multi-factor authentication (MFA) c. Secondary password d. Secondary user name

b. Multi-factor authentication (MFA)

Which parts of the AWS infrastructure support increased resilience? a. Multiple Regions distributed globally b. Multiple Availability Zones within a Region c. Multiple edge locations with a Region d. Multiple AWS Direct Connet (DX) gateways within a data center

b. Multiple Availability Zones within a Region

Which of the following statements is true of Amazon Virtual Private Clouds (VPC)? a. Each AWS account can have one VPC associated with in b. You can create many subnets in a VPC though fewer is recommended to limit complexity c. Each VPC is a private, dedicated network connected from you premises to AWS d. A VPC acts as a physical firewall to your cloud infrastructure

b. You can create many subnets in a VPC though fewer is recommended to limit complexity

Amazon RDS manages time-consuming administration tasks such as (allowing organizational resources to focus on Business related tasks):

backups, software patching, monitoring, scaling, and replication.

Which of the following Cost Management Tools allows you to track your Amazon EC2 Reserved Instance (RI) usage and view the discounted RI rate that was charged to your resources? a. AWS Systems Manager b. AWS Budgets c. AWS Cost and Usage report d. AWS Cost Explorer

c. AWS Cost and Usage report This service is your one-stop-shop for accessing the most granular data about your AWS costs and usage. You can also load your cost and usage information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice.

Which of the following shares a collection of offerings to help you achieve specific business outcomes related to enterprise cloud adoption through paid engagements in several specialty practice areas? a. Concierge Support b. AWS Technical Account Manager c. AWS Professional Services d. AWS Enterprise Support

c. AWS Professional Services Shares a collection of offerings to help you achieve specific outcomes related to enterprise cloud adoption. Each offering delivers a set of activities, best practices, and documentation reflecting our experience supporting hundreds of customers in their journey to the AWS Cloud. AWS Professional Services' offerings use a unique methodology based on Amazon's internal best practices to help you complete projects faster and more reliably while accounting for evolving expectations and dynamic team structures along the way. It created the AWS Cloud Adoption Framework (AWS CAF) to help organizations design and travel an accelerated path to successful cloud adoption.

A company is planning to adopt a hybrid cloud architecture with AWS. Which of the following can they use to assist them in estimating their costs? (Select TWO) a. AWS Cost Explorer b. Consolidated Billing c. AWS Simple Monthly Calculator d. Cost Allocation Tag e. AWS Total Cost of Ownership (TCO) Calculator

c. AWS Simple Monthly Calculator e. AWS Total Cost of Ownership (TCO) Calculator

Users from different parts of the globe are complaining about the slow performance of the newly launched photo-sharing website in loading their high-resolution images. Which combination of AWS services should you use to serve the files with lowest possible latency? (Select TWO) a. Amazon Glacier b. AWS Storage Gateaway c. Amazon CloudFront d. Amazon S3 e. Amazon Elastic File System

c. Amazon CloudFront d. Amazon S3 You can configure your application to deliver static content and decrease the end-user latency using Amazon S3 and Amazon CloudFront. High-resolution images, videos, and other static files can be stored in Amazon S3. CloudFront speeds up content delivery by leveraging its global network of data centers, known as edge locations, to reduce delivery time by caching your content close to your end-users. CloudFront fetches your content from an origin, such as an Amazon S3 bucket, an Amazon EC2 instance, an Amazon Elastic Load Balancing load balancer or your own web server, when it's not already in an edge location. CloudFront can be used to deliver your entire website or application, including dynamic, static, streaming, and interactive content. You can set your Amazon S3 bucket as the origin of your CloudFront web distribution.

Which statement below is correct regarding the components of the AWS Global Infrastructure? a. An edge location contains multiple AWS Regions b. An Availability Zone contains multiple AWS Regions c. An AWS Region contains multiple Availability Zones d. An Availability Zone contains edge locations

c. An AWS Region contains multiple Availability Zones

A company is using Amazon S3 to store their static media contents such as photos and videos. Which of the following should you use to provide specific users access to the bucket? a. Security Group b. SSH Key c. Bucket Policy d. Network Access Control List

c. Bucket Policy

What are the things that you can implement to improve the security of your Identity and Access Management (IAM) users? (Select TWO) a. Configure a strong password policy for your users b. Block incoming traffic via network ACL c. Enable Multi-Factor Authentication (MFA) d. Enable AWS Mobile Push Notification

c. Enable Multi-Factor Authentication (MFA)

A company is in the process of choosing the most suitable AWS Region to migrate their applications. Which of the following factors should they consider? (Select TWO) a. Potential volume discounts for the specific AWS Region b. Proximity of your end-users for on-site visits to your on-premises data center c. Enhance customer experiences by reducing latency to users d. Support country-specific data sovereignty compliance requirements

c. Enhance customer experiences by reducing latency to users d. Support country-specific data sovereignty compliance

Which of the following is true regarding Elastic Load Balancing? a. It automatically increases or decreases the number of instances as the demand of your application changes b. It translates domain names into numeric IP addresses that Amazon EC2 instances use to connect to each other. c. It distributes incoming application traffic across multiple targets such as Amazon EC2 instances, in multiple Availability Zones. d. It is a virtual server that allows you to run applications in the AWS Cloud

c. It distributes incoming application traffic across multiple targets such as Amazon EC2 instances, in multiple Availability Zones. It automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones.

Your web application requires temporary authorization to use AWS services. Which IAM entity should be used? a. Group b. MFA c. Role d. User

c. Role

Which of the following statements best describes Amazon CloudFront? a. Provides topics for high-throughout, push-based, many to many messaging b. Provides a common language for you to describe and provision all the infrastructure resources in you cloud environmnet c. Speeds up the delivery of your content to viewers across the globe. d. Provides you with data and actionable insights to monitor your applications

c. Speeds up the delivery of your content to viewers across the globe.

Which of the following examples best demonstrates the agility that cloud computing offers? a. Protect your data by centralizing your applications in one Availability Zone b. Quickly deploy multi-factor authentication (MFA) to multiple data centers c. Spin up servers in minutes, and shut down servers when you don't need them. d. Increase network throughout with AWS Direct Connect (DX) nodes.

c. Spin up servers in minutes, and shut down servers when you don't need them.

Which category of services includes Amazon S3? a. Security b. Migration c. Storage d. Computing

c. Storage

Which of the following can you use to connect your on-premises data center and your cloud architecture in AWS? (Select TWO) a. VPC Peering b. NAT Gateway c. Virtual Private Gateway (VPC) d. Egress-Only Internet Gateway e. Amazon Route 53

c. Virtual Private Gateway (VPC) e. Amazon Route 53 An Amazon VPC VPN connection can link your data center (or network) to your Amazon Virtual Private Cloud (VPC). A customer gateway is the anchor on your side of that connection. It can be a physical or software appliance. The anchor on the AWS side of the VPN connection is called a virtual private gateway. Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.tutorialsdojo.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.

Which of the following below are the benefits of using Consolidated billing in AWS? (Select TWO) a. Consolidate together the billing and payment of both AWS accounts and Amazon Internet Service b. Consolidate using the bills from multiple AWS accounts for only $1 every month c. You get one bill for multiple accounts d. Allow member account to pay the charges of all the master accounts e. Share the volume pricing and Reserved Instance discounts by combining the usage across all accounts in the organization

c. You get one bill for multiple accounts e. Share the volume pricing and Reserved Instance discounts by combining the usage across all accounts in the organization

Cost oversight is done by enabling __________________ to link the divisions' accounts to a parent corporate account. It allows you to consolidate payments from multiple Amazon Web Services (AWS) accounts within your organization to a single account by designating it to be the Payer Account. _________________________ is strictly an accounting and billing feature. It is not a method for controlling accounts, or provisioning resources for accounts.

consolidated billing

Peering connections are only available between VPCs in the same __________.

region

Which of the following AWS services has no additional charge associated with its use? (The resources provisioned within the service may incur costs.) a. Amazon Elastic Computer Cloud (Amazon EC2) b. Amazon Elastic Block Store (Amazon EBS) c. Amazon Simple Storage Service (Amazon S3) d. AWS Identity and Access Management (IAM)

d. AWS Identity and Access Management (IAM)

Among the following services, which is the most suitable one to use to store the results of I/O-intensive SQL database queries to improve application performance? a. AWS Greengrass b. Amazon CloudFront c. Amazon DynamoDB Accelerator (DAX) d. Amazon ElasticCache

d. Amazon ElasticCache Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, run, and scale popular open source compatible in-memory data stores. With this service, you can build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. In-memory caching improves application performance by storing critical pieces of data in memory for low-latency access. Cached information may include the results of I/O-intensive database queries or the results of computationally-intensive calculations.

Which of the following allows you to categorize and track your AWS costs on a detailed level? a. Amazon Aurora Backtrack b. Consolidated Billing c. AWS Budgets d. Cost Allocation tags

d. Cost Allocation tags A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a value. A key can have more than one value. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses these tags to organize your resource costs on your cost allocation report, to make it easier for you to categorize and track your AWS costs. AWS provides two types of cost allocation tags, an AWS generated tags and user-defined tags. AWS defines, creates, and applies the AWS generated tags for you, and you define, create, and apply user-defined tags. You must activate both types of tags separately before they can appear in Cost Explorer or on a cost allocation report.

Which of the following Amazon EC2 instance purchasing options can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses? a. Reserved Instance b. On-Demand Instance c. Dedicated Instance d. Dedicated Host

d. Dedicated Host

Users of your services are reporting latency. With on-premises architecture you would notify your Administrator to launch another server to balance the load. How can this be automated using AWS? a. Create six Amazon EC2 instances in different Availability Zones. b. Create a new template using AWS CloudFormation. c. Enable AWS CloudTrail to monitor latency issues. d. Enable an Amazon CloudWatch alarm to trigger a scaling policy.

d. Enable an Amazon CloudWatch alarm to trigger a scaling policy.

A company has web servers running on Amazon EC2 instances that access a RESTful API hosted on their on-premises data center. What kind of architecture is the company using? a. Software as a Service (SaaS) b. Serverless architecture c. Platform as a Service (PaaS) d. Hybrid architecture

d. Hybrid architecture Since the company has web servers running on Amazon EC2 instances that access a RESTful API hosted on their on-premises data center, they are considered to be using a hybrid cloud computing deployment model. Hence, the correct answer is Hybrid architecture

Which of the following IAM identities is associated with the access keys that are used in managing your cloud resources via the AWS Command Line Interface (AWS CLI)? a. IAM Policy b. IAM Role c. IAM Group d. IAM User

d. IAM User Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). Access keys consist of two parts: 1. Access key ID (for example: AKIAIOSTUTORIALSDOJO) 2. Secret access key (for example: wJalrXUtnFEMI/K7MDENG/bTutorialsDojoKEY).

Which of the following components is included in the value proposition of the AWS Cloud? a. Fully independent development without parameters b. Informal security restrictions c. Physical relocation of your servers d. Massive economies of scale

d. Massive economies of scale

Which of the following is true regarding the Developer support plan in AWS? (Select TWO) a. Full access to the AWS Support API b. Recommended if you have business and /or mission critical workloads in AWS c. Has access to the full set of Trusted Advisor checks d. No access to the AWS Support API e. Limited access to the 7 Core Trusted Advisor checks

d. No access to the AWS Support API e. Limited access to the 7 Core Trusted Advisor checks

Which of the pillars of the well-Architected Framework is defined as the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures? a. Performance efficiency b. Security c. Reliability d. Operational excellence

d. Operational excellence

Which of the following options describes the most common AWS billing model? a. Annual Billing b. Pay in Advance c. Daily Billing d. Pay as you Go

d. Pay as you Go

Which among the options below is a highly available and scalable cloud Domain Name System (DNS) web service in AWS? a. Lighttail b. Active Directory Domain Service c. Rekcognition d. Route 53

d. Route 53 Is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.tutorialsdojo.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well

Which of the following use cases is appropriate for Amazon CloudFront (Select Three) a. Schema Generation b. Database Backups c. Auto Scaling d. Static Asset Caching e. Live on-demand video streaming f. Security and encryption

d. Static Asset Caching e. Live on-demand video streaming f. Security and encryption

What is the first step in getting started with AWS Lambda? a. Pay for estimated computer time b. Deploy an OS image c. Provision EC2 instances d. Upload your code

d. Upload your code

A company is designing a new cloud architecture for its mission-critical application in AWS which must be highly-available. Which of the following is the recommended pattern to meet this requirement? a. Make sure that each component of the application is high bandwidth and low-latency network connectivity using ENI's b. Deploy an Amazon EC2 Spot Fleet with a diversified allocation strategy. c Adopt a monolithic application architecture d. Using multiple Availability Zones to ensure that the application can handle the failure of any single component.

d. Using multiple Availability Zones to ensure that the application can handle the failure of any single component.

Economies of scale results from..

having hundreds of thousands of customers aggregated in the cloud

You create a static hosting website in a bucket called 'eric' in sydney using S3. What would the new URL endpoint be?

http://eric.s3-website-ap-southeast-2.amazonaws.com

SOA Records

identifies base DNS info

SPF Records

identifies which mail servers are permitted to send emails on behalf of your domain

AWS supports_____________ with SAML 2.0 (Security Assertion Markup Language 2.0), an open standard that many identity providers (IdPs) use. This feature enables federated single sign-on (SSO), so users can log into the AWS Management Console or call the AWS APIs without you having to create an IAM user for everyone in your organization. AssumeRoleWithSAML returns set of temporary security credentials for federated users who are authenticated by your organization's existing identity system and who use SAML 2.0 (Security Assertion Markup Language) to pass authentication and authorization information to AWS. This API is useful in organizations that have integrated their identity systems (such as Windows Active Directory or OpenLDAP) with software that can produce SAML assertions to provide information about user identity and permissions (such as Active Directory Federation Services or Shibboleth)

identity federation

Elasticache

in memory cache environments (Memcached, Redis) that helps improve performance of web apps

AWS Storage Gateway

is a hybrid storage service that enables your on-premises applications to seamlessly use storage in the AWS Cloud. You can use the service for backup and archiving, disaster recovery, cloud bursting, storage tiering, and migration.

which languages are supported by the aws sdk?

python, ruby, nodejs, php, java

If you anticipate that your workload will consistently exceed 100 requests per second, you should avoid sequential key names. If you must use sequential numbers or date and time patterns in key names, add a __________ to the key name. The randomness of the prefix more evenly distributes key names across multiple index partitions.

random prefix

____________ is a fast, fully managed, petabyta scale data warehouse, that is simple and cost effective to analyze _____ data

redshift, structured

EC2 ________ is designed to be completely isolated from the other Amazon EC2 _________. This achieves the greatest possible fault tolerance and stability. When you view your resources, you'll only see the resources tied to the _________ you've specified. This is because ________ are isolated from each other, and we don't replicate resources across ________ automatically.

region(s)

A Records

resolve host names to IP addresses.

Set a ____________ to delegate access to resources that are in different AWS accounts that you own (Production and Development). You'll share resources in one account with users in a different account. By setting up cross-account access in this way, you don't need to create individual IAM users in each account, and users don't have to sign out of one account and sign into another in order to access resources that are in different AWS accounts.

role

which of these aws services do not use key value pairs?

route53

CNAME Records

routes domain names domain names

MX Records

routes to Mail host

Aws manages the underlying infrastructure, and the organization can __________ anything it deploys on AWS

secure

: If you try to connect to your instance and get an error message Network error: Connection timed out orError connecting to [instance], reason: -> Connection timed out: connect, try the following. Check your ______________ rules. You need a ____________ rule that allows inbound traffic from your public IP address on the proper port. •[EC2-VPC] Check the route table for the subnet. You need a route that sends all traffic destined outside the VPC (0.0.0.0/0) to the Internet gateway for the VPC. •[EC2-VPC] Check the network access control list (ACL) for the subnet. The network ACLs must allow inbound and outbound traffic from your public IP address on the proper port. The default network ACL allows all inbound and outbound traffic. •If your computer is on a corporate network, ask your network administrator whether the internal firewall allows inbound and outbound traffic from your computer on port 22 (for Linux instances) or port 3389 (for Windows instances). •Check that your instance has a public IP address. If not, you can associate an Elastic IP address with your instance. •Check the CPU load on your instance; the server may be overloaded. AWS automatically provides data such as Amazon CloudWatch metrics and instance status, which you can use to see how much CPU load is on your instance and, if necessary, adjust how your loads are handled

security group

Availability Zone

separate data centers contained in a region

When creating ______________ of EBS volumes that are configured in a RAID array, it is critical that there is no data I/O to or from the volumes when the _____________ are created. RAID arrays introduce data interdependencies and a level of complexity not present in a single EBS volume configuration. To create an "application-consistent" _______________ of your RAID array, stop applications from writing to the RAID array, and flush all caches to disk. Then ensure that the associated EC2 instance is no longer writing to the RAID array by taking steps such as freezing the file system, unmounting the RAID array, or shutting down the associated EC2 instance. After completing the steps to halt all I/O, take a _________________ of each EBS volume.

snapshots

Each EC2 instance performs _______________ checks by default. This means that the instance must be the ________ or _________ of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the _________ or ___________ is not itself. Therefore, you must disable _____________ checks on the NAT instance. You can disable the ___________ attribute for a NAT instance that's either running or stopped using the console or the command line.

source/destination SrcDestCheck

When you create a ________, you specify how much provisioned throughput capacity you want to reserve for reads and writes. DynamoDB will reserve the necessary resources to meet your throughput needs while ensuring consistent, low-latency performance. You can also change your provisioned throughput settings, increasing or decreasing capacity as needed.

table

You can let users sign in using a well-known third party identity provider such as Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC) 2.0 compatible provider. You can exchange the credentials from that provider for temporary permissions to use resources in your AWS account. This is known as the ________________________ approach to temporary access. When you use _________________________ for your mobile or web application, you don't need to create custom sign-in code or manage your own user identities. Using ___________________________ helps you keep your AWS account secure, because you don't have to distribute long-term security credentials, such as IAM user access keys, with your application. AWS STS ________________________ supports Login with Amazon, Facebook, Google, and any OpenID Connect (OICD)-compatible identity provider.

web identity federation

Magnetic EBS Storage

• Lowest cost • Infrequent access

Provisional IOPS SSD EBS Storage

• storage designed for NoSQL and other databases

EC2 Tier Options

•Free Tier •On Demand - Fixed rate per hour; no long-term commitments •Reserved - Capacity reservation with discount for 1 or 3 year teams •Spot - Applications who use large amounts of computing that can have flexible start & end times and needing low compute prices


Set pelajaran terkait

STRONA BIERNA- PRESENT CONTINUOUS, SIMPLE, PERFECT,PAST SIMPLE, FUTURE SIMPLE,PAST PERFECT

View Set

Flexible permanent life insurance

View Set

Assignment 9 - Property Policy Provision Underwriting Considerations

View Set

Psychology - UNIT 3 REVIEW (quiz 2)

View Set

Intake and Output Practice Questions for Nurses

View Set