Cloud Prac Failed, AWS Cloud Practitioner Ultimate Guide

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which valuable AWS design principle can be a valuable feature when deploying applications?

Loose Coupling

Compared to traditional data centers, AWS Cloud has: Fixed usage and upfront costs Lower variable costs and greater upfront costs Lower variable costs and lower upfront costs Greater variable costs and greater upfront costs

Lower variable costs and lower upfront costs

Which of the following are valid EC2 pricing options? Choose 2 Reserved Enterprise Stop On-Demand

On-Demand and Reserved are the valid EC2 pricing options.

True or False: A CloudFront Origin can be an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53. False True

True

True or False: S3 is object storage suitable for the storage of 'flat' files like Word documents, photos, etc. False True

True

True or false: With AWS Organizations, there are two available feature sets — so you may choose to use the consolidated billing features, or use all the offered features. False True

True

What is Amazon Aurora?

a MySQL and PostgreSQL compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost effectiveness of open source databases. It's up to 5x faster than standard MySQL databases and 3x faster than standard PostreSQL databases

Which of the following data archival services is extremely inexpensive, but has a several hour data-retrieval window? S3-1Zone-IA Glacier S3-RRS S3-IA S3

Glacier

A Healthcare agency needs to store certain patient information for up to 10 years. To save cost, they want to archive this data to cheaper storage. The data needs to be retrieved within 12 hours. Which is the cheapest option?

Glacier Deep Archive: meets the requirement and is the cheapest option. Amazon S3 Glacier and S3 Glacier Deep Archive are a secure, durable, and extremely low-cost Amazon S3 cloud storage classes for data archiving and long-term backup. They are designed to deliver 99.999999999% durability, and provide comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements.

Your application has recently experienced significant global growth, and international users are complaining of high latency. What is the AWS characteristic that can help improve your international users' experience? ​ Global reach (Correct)

Global Reach

What does the Basic Support plan include?

24x7 access to customer service AWS Trusted Advisor AWS Personal Health Dashboard

How many security Groups can you assign to an instance in a VPC

5

The AWS Web Application Firewall can go down to which of the following OSI layers? 7 4 6 5

7

A large company needs to benefit from available volume discounts in AWS. Which AWS feature will enable the company to get volume discounts?

Enable consolidated billing in AWS Organizations.

A large company needs to benefit from available volume discounts in AWS. Which AWS feature will enable the company to get volume discounts? Use free tier as much as possible. Enable consolidated billing in AWS Organizations. Upgrade to an Enterprise Support Plan. Contact AWS to request volume discounts.

Enable consolidated billing in AWS Organizations.

Which of the following Compliance certifications attests to the security of the AWS platform regarding credit card transactions? SOC 1 ISO 27001 SOC 2 PCI DSS Level 1

PCI DSS Level 1

Which AWS service provides alerts and remediation guidance when AWS id experiencing events that may impact your AWS resources? Service Health Dashboard Personal Health Dashboard Cloudwatch AWS X-Ray

Personal Health Dashboard

How can SNS not alert you?

Phone call notification

Your company is moving to the AWS Cloud and is reviewing the shared responsibility model. Which item is entirely the responsibility of AWS? Storing CloudFormation Templates in another region for Disaster Recovery. Patching of the guest OS Physical and Environmental Controls Implementing IAM Groups

Physical and Environmental Controls

Under the AWS shared responsibility model, which of the following is not a shared control? Patch MNGT Config MNGT Physical protection and security of infrastructure Awareness and training

Physical protection and security of infrastructure

Under the AWS shared responsibility model, which of the following is the responsibility of AWS? Firewall configuration Physical security of infrastructure Patching guest operating system Security groups configuration

Physical security of infrastructure

Which of the following is the document used to grant permissions to users, groups, and roles? Policy Passbook Paradigm Protocol

Policy

Which of the following is a document that provides a formal statement of permissions in AWS?

Policy A policy is a JSON document that specifies what an AWS user is allowed to do. It is attached to a user and defines that user's permissions.

What does the Developer Support Plan Include?

$29/month Tech Support- Business hour access via email 1 person can open unlimited # of cases

Which S3 storage class is the best value for long-term storage?

Glacier

What are the three ways you can create a Lambda function?

- Author from scratch - Using a blueprint - Browsing the server-less app repository

Cloud Trail is a service that enables

- Governance - Operational Auditing - Compliance - Risk Auditing

What is true (& false) about KMS tools?

- Keys can be generated in CloudHSM cluster - Keys may be generated in KMS - Keys may be imported from other encryption key services - WRONG: KMS is integrated w/ S3 for the purpose of loggin AWS KMS keys use

Which two options below allow RDS to offer high availability of databases?

- Multi-AZ Enable Multi-AZ to increase your data durability and high availability - Read replicas Use read replicas to increase your data durability and scaling benefits.

What are the EC2 price models?

- On-Demand: you pay by the hour - Reserved: 1-3 year terms. The longer the terms, the cheaper the price. Gives significant discount. - Spot: terminated by Amazon when they need the capacity. If Amazon kills it you don't pay the partial hours. If you terminate it you pay everything. this comes at a very cheap price. -Dedicated Hosts: Useful for regulatory requirements that may not support multi tenant. Can be purchased on demand

What does the Business Support Plan Include?

$100/month Tech SUpport- 24/7, email+chat+phone Unlimited # of Contacts can open cases

What does the Enterprise Support Plan include?

$15k/month Tech SUpport- 24/7, email+chat+phone TAM Unlimited # of Contacts can open cases

EC2 instance pricing varies depending on:

- The buying option (On-demand, Reserved, Spot, Dedicated) - Selected AMI - Selected instance type - Region - Data Transfer in/out - Storage capacity.

EC2 Reserved Instance Types

-Standard RI's Most significant discount. NOT Modifiable -Scheduled RI's available to launch within the time window you reservve -Convertible

How many VPCs are created in a region by default?

1 VPC in a region

What are the 3 types of Cloud Computing?

1- IaaS 2-PaaS 3-SaaS

4 EC2 Pricing Models

1- On Demand allows you to pay a fixed rate by the hour or by the second with no commitment 2-Reserved pay up front. Contract term are 1-3 years 3-Spot 4- Dedicated Host

What are the pillars of Well Architected Famework?

1- Operational Excellence: The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. 2- Security: The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. 3- Reliability: The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. 4- Performance Efficiency: The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve. 5- Cost Optimization: The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or sub-optimal resources.

What are the 3 types of cloud deployment?

1-Public Cloud 2-Hybrid 3-Private Cloud

What are the 6 advantages of Cloud Computing?

1-Trade Capital expense for variable expense 2-Benefits from massive economies of scale 3-Stop guessing about capacity 4-Increase speed and agility 5-Stop spending money running and maintaining data centers 6-Go global in minutes

There are at least ___ Availability Zones per AWS Region. 1 4 2 3

2

By default, what is the maximum number of Linked Accounts per Paying Account under Consolidated Billing? 50 100 20 10

20

Which HTTP code indicates successful upload of an object to Amazon S3? 400 300 200 200

200

Which of the following are valid EC2 pricing options? Choose 2 A) Reserved B) Enterprise C) On-Demand D) Stop

A and C On-Demand and Reserved are the valid EC2 pricing options.

Which of the following are AWS compute services? Choose 2 A) Lambda B) SNS C) EBS D) EC2

A and D EC2 and Lambda are AWS Compute Services.

What is AWS Lambda?

A code execution service Run code without provisioning or managing servers. You only pay for the compute time you consume

Which of the following are included in the "Enterprise" AWS Support Plan? A designed TAM Code development Well-Architected Reviews and Operations Reviews Performing system administration tasks

A designed TAM Performing system administration tasks

Which of the following best describes an AWS Region? A collection of databases that can only be accessed from a specific geographic region. A console that gives you a quick, global picture of your cloud computing environment. A collection of data centers that is spread evenly around a specific continent. A distinct location within a geographic area designed to provide high availability to a specific geography.

A distinct location within a geographic area designed to provide high availability to a specific geography.

What is Amazon API Gateway?

A fully managed service that makes it easy for developers to create, pulish, maintain, monitor and secure API's at any scale. API's act as the "front door" for applications to access data, business logic, or functionality from your backend services

What is an Internet Gateway?

A horizontally scaled redundant, and highly available VPC component that allows communication between your VPC and internet Serves 2 Purposes- 1-provide a target in your VPC route tables for internet routable traffic 2-perform network addres translation (NAT) for instances that have been assigned public IPv4

What is an AWS region? A region is a subset of AWS technologies. For example, the Compute region consists of EC2, ECS, Lambda, etc. A region is a geographical area divided into Availability Zones. Each region contains at least two Availability Zones. A region is an independent data center, located in different countries around the globe. A region is a collection of Edge Locations available in specific countries.

A region is a geographical area divided into Availability Zones. Each region contains at least two Availability Zones.

Which of the following best describes a Resource Group? A resource group is a collection of resources of the same type (EC2, S3, etc.) that are deployed in the same Availability Zone. A resource group is a collection of resources of the same type (EC2, S3, etc.) that share one or more tags or portions of tags. A resource group is a collection of resources that share one or more tags (or portions of tags.) A resource group is a collection of resources that are deployed in the same AWS Region.

A resource group is a collection of resources that share one or more tags (or portions of tags.)

What is Amazon GuardDuty?

A threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time-consuming for security teams to analyze event log data for potential threats continuously. It does not provide a testing mechanisms for IAM policies.

Which of the following best describes EBS? A NoSQL database service A managed database service A bitcoin-mining service A virtual hard-disk in the cloud

A virtual hard-disk in the cloud

Which AWS service can you use to connect your AWS cloud with an on-premises data center?

A virtual private gateway is a logical, fully redundant distributed edge routing function that sits at the edge of your VPC. As it is capable of terminating VPN connections from your on-prem or customer environments, the VPG is the VPN concentrator on the Amazon side of the Site-to-Site VPN connection.

AWS offers a free-tier option for a duration of _ months. A) 12 B) 18 C) 6 D) 3

A) 12

By default, which timeframe does CloudWatch provide free analysis metrics? A) 5 minutes B) 1 minute C) 30 seconds D) 10 minutes

A) 5 Minutes

What is Amazon DynamoDB? A) A Non-relational Database service B) A Relational Database service C) A Data Caching Database service D) A Data Warehousing Database service

A) A Non-relational Database Service

What is Amazon RDS? A) A Relational Database Service B) A Data Caching Database Service C) A Data Warehousing Database Service D) A Non-Relational Database Service

A) A Relational Database Service

Which of the following best describes an AWS Region? A) A physical location with multiple, isolated, and physically separate AZ's within a geographic area. B) A console that gives you a quick, global picture of your cloud computing environment. C) A collection of databases that can only be accessed from a specific geographic region. D) A collection of data centers that is spread evenly around a specific continent.

A) A physical location with multiple, isolated, and physically separate AZ's within a geographic area. AWS has the concept of a Region, which is a physical location around the world where data centers are clustered. Each group of logical data centers is called an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate AZ's within a geographic area. Reference: Regions and Availability Zones.

Which of the following are true statements about public subnets and private subnets? A) A public subnet has a route table pointing to an Internet Gateway B) A public subnet does not have a route table pointed to an Internet Gateway C) A public subnet points to a private subnet D) A private subnet does not have a route table pointed to an Internet Gateway E) A private subnet has a route table pointing to an Internet Gateway

A) A public subnet has a route table pointing to an Internet Gateway D) A private subnet does not have a route table pointed to an Internet Gateway

Which of the following are true statements about public subnets and private subnets? (pick 2) A) A public subnet has a route table pointing to an Internet Gateway B) A public subnet does not have a route table pointed to an Internet Gateway C) A public subnet points to a private subnet D) A private subnet does not have a route table pointed to an Internet Gateway E) A private subnet has a route table pointing to an Internet Gateway

A) A public subnet has a route table pointing to an Internet Gateway D) A private subnet does not have a route table pointed to an Internet Gateway

Which of the following AWS services can assist you with cost optimization? A) AWS Trusted Advisor B) AWS Shield C) AWS Inspector D) AWS WAF

A) AWS Trusted Advisor Trusted Advisor can assist you with the cost optimization of your AWS environment.

Your company is migrating its services to the AWS cloud. The DevOps team has heard about infrastructure as code, and wants to investigate this concept. Which AWS service would they investigate? A) AWS CloudFormation B) CodeCommit C) AWS Lambda D) Elastic Beanstalk

A) AWS CloudFormation AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. https://aws.amazon.com/cloudformation/

You are about to migrate a MySQL database to the AWS Cloud. Which AWS service can help with this? A) AWS Database Migration Service B) AWS Direct Connect C) AWS SnowBall D) AWS VPN

A) AWS Database Migration Service AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data both to and from most of the widely used commercial and open-source databases

Which of the following are AWS networking services? A) AWS Direct Connect B) EC2 C) Lambda D) Route 53 E) VPC F) S3

A) AWS Diret Connect D) Route53 E) VPC

What AWS Service can be used to centrally manage policies from a master account for security and compliance purposes? A) AWS Organizations B) AWS Artifact C) AWS Systems Manager D) IAM

A) AWS Organizations

Which of the following statements is true? A) AWS Organizations is a service available to all AWS customers at no additional costs. B) AWS Organizations is a service available to all AWS customers for an additional cost. C) AWS Organizations is a service only available to enterprise customers. D) AWS Organizations is a service only available to development accounts.

A) AWS Organizations is a service available to all AWS customers at no additional costs

In regards to AWS Organizations, which of the following is true? A) AWS Organizations provides policy-based management for multiple AWS accounts. B) AWS Organizations do not provide consolidated billing for multiple AWS accounts. C) AWS Organizations, do not enable centrally managing the use of AWS services. D) AWS Organizations do not enable centrally managing policies across multiple AWS accounts.

A) AWS Organizations provides policy-based management for multiple AWS accounts

A small company wants to deploy a new system in the AWS cloud but does not have anyone with the required AWS skill set to perform the deployment. Which AWS service can help with this? A) AWS Partner Network (APN) Consulting Partners B) Trusted Advisor C) AWS Partner Network (APN) Technology Partners D) AWS CloudFormation

A) AWS Partner Network (APN) Consulting Partners APN Consulting Partners are professional services firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their journey to the cloud. APN Consulting Partners often implement Technology Partner solutions in addition to the professional services they offer.

After experiencing unusual behavior in your AWS account, you need to determine if there are any issues with AWS that may be affecting your account? A) AWS Personal Health Dashboard B) AWS Service Health Dashboard C) AWS SNS D) AWS CloudWatch

A) AWS Personal Health Dashboard AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

After experiencing unusual behavior in your AWS account, you need to determine if there are any issues with AWS that may be affecting your account. What section of the AWS portal helps you to inspect account alerts and find remediation guidance for your account? A) AWS Personal Health Dashboard B) AWS SNS C) AWS CloudWatch D) AWS Service Health Dashboard

A) AWS Personal Health Dashboard AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

VPCs span all of these except for _. A) AWS Regions B) Availability Zones C) AWS resources D) Subnets

A) AWS Regions

Your organization is multi-national and uses multiple AWS regions. Which AWS service can be used to route users to the nearest datacenter to reduce latency? A) AWS Route 53 B) AWS VPC C) AWS IAM D) AWS Organizations

A) AWS Route 53

Your organization is multi-national and uses multiple AWS regions. Which AWS service can be used to route users to the nearest datacenter to reduce latency? A) AWS Route 53 B) AWS VPC C) AWS Organizations D) AWS IAM

A) AWS Route 53 Amazon Route 53 effectively connects user requests to infrastructure running in AWS - such as Amazon EC2 instances, Elastic Load Balancing load balancers, or Amazon S3 buckets - and can also be used to route users to infrastructure outside of AWS. You can use Amazon Route 53 to configure DNS health checks to route traffic to healthy endpoints or to independently monitor the health of your application and its endpoints. Amazon Route 53 Traffic Flow makes it easy for you to manage traffic globally through a variety of routing types, including Latency Based Routing, Geo DNS, Geoproximity, and Weighted Round Robin—all of which can be combined with DNS Failover to enable a variety of low-latency, fault-tolerant architectures. Using Amazon Route 53 Traffic Flow's simple visual editor, you can easily manage how your end-users are routed to your application's endpoints—whether in a single AWS region or distributed around the globe. Amazon Route 53 also offers Domain Name Registration - you can purchase and manage domain names such as example.com, and Amazon Route 53 will automatically configure DNS settings for your domains

In this scenario, we want to calculate our anticipated bill for resources we are about to create, which of the following tools can accomplish this task? A) AWS Simple Calculator B) AWS Cost Explorer C) AWS TCO Calculator D) AWS Organizations

A) AWS SImple Calculator

Which of the following is capable of inspecting your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps? A) AWS Trusted Advisor B) AWS Cost Explorer C) AWS Inspector D) AWS Budgets

A) AWS Trusted Advisor

A gaming company is using the AWS Developer Tool Suite to develop, build, and deploy their applications. Which AWS service can be used to trace user requests from end-to-end through the application? A) AWS X-Ray B) CloudTrail C) AWS Inspector D) CloudWatch

A) AWS X-Ray AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application's underlying components.

What type of service(s) does AWS provide? Please select the most appropriate answer. A) AWS offers all of these types of services B) SaaS C) IaaS D) PaaS

A) AWS offers all of these types of services

Developers in your company need to interact with AWS from the Command Line Interface. Which security item will you need to provide to the developers? A) Access Key B) Login ID C) Security Token D) Root password

A) Access Key When working with AWS from the CLI, you need to provide an access key and secret access key.

As an AWS account administrator, you are in charge of creating AWS accounts and securing those accounts. What steps can you take? (pick 2) A) Add IP restrictions for all accounts B) Create functional groups for each department and use a common password for each group. C) Grant admin access to all users. D) Create multi-factor authentication for the root account. E) Store the root account credentials in sharepoint.

A) Add IP restrictions for all accounts D) Create multi-factor authentication for the root account.

Three developers need access to S3. What is the most appropriate and efficient way to give all the developers (IAM users) access to S3 out of the available answers? By efficient we mean consisting of the least amount of administration overhead. A) Add the developers to an IAM Group and attach an IAM policy to that group. B) Assign a policy to each developer. C) Assign an IAM to each developer. D) Give each developer S3 credentials.

A) Add the developers to an IAM Group and attach an IAM policy to that group.

Which of these are relational database engines supported by Amazon RDS? A) Amazon Aurora B) PostgreSQL C) MySQL D) OracleNoSQL E) DynamoDB F) Redis

A) Amazon Aurora B) PostgreSQL C) MySQL

You have many database backups that you need to store for an indefinite amount of time. If the backups are ever needed, they just need to be retrieved within 6 hours. What is the lowest cost solution for this scenario? A) Amazon Glacier B) Amazon S3 C) Amazon EFS D) Amazon S3 Standard-IA

A) Amazon Glacier

A network security team has noticed some malicious activity on the company AWS account. Which AWS service can be used to detect malicious activity and help protect the account? A) Amazon GuardDuty B) Amazon Macie C) AWS Inspector D) AWS Shield

A) Amazon GuardDuty Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time-consuming for security teams to continuously analyze event log data for potential threats. With GuardDuty, you now have an intelligent and cost-effective option for continuous threat detection in the AWS Cloud

Which of the listed statements are true? A) Amazon RDS does support alternative database software options. B) Amazon DynamoDB supports alternative database software options. C) Amazon DynamoDB is a data warehousing database service. D) Amazon DynamoDB is a NoSQL database service. E) Amazon RDS is a SQL database service. F) Amazon RDS is an in-memory data caching database service.

A) Amazon RDS does support alternative database software options. D) Amazon DynamoDB is a NoSQL database service. E) Amazon RDS is a SQL database service.

What AWS service lets you provision a logically isolated section of the AWS Cloud? A) Amazon Virtual Private Cloud B) Elastic Network Interface C) Amazon Route 53 D) Amazon RDS

A) Amazon Virtual Private Cloud Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud. You have complete control over your virtual networking environment, including the selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications. https://aws.amazon.com/vpc/

With which AWS service, coupled with EC2, can you implement elasticity by adding and removing instances as needed? A) Auto Scaling B) CloudFormation C) AWS Systems Manager D) Elastic Beanstalk

A) Auto Scaling AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. In this way, the necessary EC2 instances will expand and contract based on the current demands placed on the application

With which AWS service, coupled with EC2, can you implement elasticity by adding and removing instances as needed? A) Auto Scaling B) Elastic Beanstalk C) AWS Systems Manager D) CloudFormation

A) Auto Scaling AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. In this way, the necessary EC2 instances will expand and contract based on the current demands placed on the application.

In regards to the AWS Shared Responsibility Model, for which of these is AWS Responsible? A) CPU on physical hardware B) Host virtualization hardware C) Security Groups D) Availability Zones E) NACLs F) IAM

A) CPU on physical hardware B) Host virtualization hardware D) Availability Zones

Which AWS service allows the deployment of resources in code templates, otherwise known as infrastructure as code? A) CloudFormation B) Elastic Beanstalk C) OpsWorks D) Systems Manager

A) CloudFormation AWS CloudFormation provides a common language for you to model and provision AWS and third-party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts

True or False: It's safer to use Access Keys than it is to use IAM roles. A) False B) True

A) False It's safer to use IAM roles than it is to use Access Keys.

You have been tasked to create an S3 bucket for storing templates. A team member has forwarded you the templates, which are used for creating multiple different AWS resources such as S3 buckets, EC2 instances, and VPCs. Which service uses these templates to create AWS resources? A) CloudFormation B) Elastic Beanstalk C) OpsWorks D) EC2

A) CloudFormation AWS CloudFormation simplifies provisioning and management on AWS. You can create templates for the service or application architectures you want and have AWS CloudFormation use those templates for quick and reliable provisioning of the services or applications (called "stacks"). You can also easily update or replicate the stacks as needed.

You have been tasked to create an S3 bucket for storing templates. A team member has forwarded you the templates, which are used for creating multiple different AWS resources such as S3 buckets, EC2 instances, and VPCs. Which service uses these templates to create AWS resources? A) CloudFormation B) EC2 C) OpsWorks D) Elastic Beanstalk

A) CloudFormation AWS CloudFormation simplifies provisioning and management on AWS. You can create templates for the service or application architectures you want and have AWS CloudFormation use those templates for quick and reliable provisioning of the services or applications (called "stacks"). You can also easily update or replicate the stacks as needed. https://aws.amazon.com/cloudformation/resources/templates/

What service does AWS KMS integrate with for logging of key events? A) CloudTrail B) SNS C) S3 D) AWS Storage Gateway

A) CloudTrail

What is CloudFront? A) Content Delivery Network B) Cloud compute service C) A bulk storage service D) DNS service

A) Content Delivery Network

Which of the listed answers are the benefits of Amazon RDS? A) Cost-Efficient B) Scalable C) Fully-managed D) Resizeable Database E) Uses JSON document store model F) Key-value store model

A) Cost-Efficient B) Scalable C) Fully-managed D) Resizeable Database

A company is configuring IAM for its new AWS account. There are 5 departments with between 5 to 10 users in each department. How can they efficiently apply access permissions for each of these departments and simplify management of these users? A) Create policies for each department that define the permissions needed. Create an IAM group for each department and attach the policy to each group. Add each department's members to their respective IAM group. B) Create an IAM role defining the permissions needed. Create an IAM group and attach the policy to the group. Add the department's members to the group. C) Create an IAM group for each department. Add the department's members to the group. D) Create a policies defining the permissions needed. Attach the policies to all users in each department.

A) Create policies for each department that define the permissions needed. Create an IAM group for each department and attach the policy to each group. Add each department's members to their respective IAM group.

A company is configuring IAM for its new AWS account. There are 5 departments with between 5 to 10 users in each department. How can they efficiently apply access permissions for each of these departments and simplify management of these users? A) Create policies for each department that define the permissions needed. Create an IAM group for each department and attach the policy to each group. Add each department's members to their respective IAM group. B) Create a policies defining the permissions needed. Attach the policies to all users in each department. C) Create an IAM role defining the permissions needed. Create an IAM group and attach the policy to the group. Add the department's members to the group. D) Create an IAM group for each department. Add the department's members to the group

A) Create policies for each department that define the permissions needed. Create an IAM group for each department and attach the policy to each group. Add each department's members to their respective IAM group. By creating an IAM group, all like users can be managed all at one time. Once the permissions are defined within the policy, it can be attached to the IAM group, allowing them access to the resources/services stated within the policy.

Microsoft has announced a new patch for its operating system on an AWS service you use as platform as a service. Within the Shared Responsibility Model, who needs to apply the patch to the guest OS? A) Customer B) AWS C) The customer for spot instances only. D) Either can apply this patch.

A) Customer

Microsoft has announced a new patch for its operating system on an AWS service you use as platform as a service. Within the Shared Responsibility Model, who needs to apply the patch to the guest OS? A) Customer B) Either can apply this patch. C) AWS D) The customer for spot instances only.

A) Customer The customer is responsible for patching the guest OS, not the host OS.

You are reviewing the AWS Shared Responsibility model to present an overview to management on what your company is responsible for in AWS. Which option is a customer responsibility? A) Customer Data B) Edge Locations C) Networking D) Availability Zones

A) Customer Data Customers are responsible for the storage and securing of their own data

Which of the following penetration testing activities are prohibited on AWS? A) DDoS attacks B) Port flooding C) Penetration testing of EC2 instances D) DNS Zone walking via Amazon Route 53 hosted zones E) Penetration testing AWS CloudFront

A) DDoS attacks B) Port flooding D) DNS Zone walking via Amazon Route 53 hosted zones

What is Route 53? A) DNS service B) Storage service C) Monitoring service D) Computing service

A) DNS service

Your company has decided to use Amazon WorkSpaces. They can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes. What type of solution is this? A) DaaS B) IaaS C) PaaS D) SaaS

A) DaaS A good example of PaaS is AWS Elastic Beanstalk. Platforms as a Service remove the need for organizations to manage the underlying infrastructure (usually hardware and operating systems) and allow you to focus on the deployment and management of your applications. Amazon WorkSpaces provides a Desktop as a Service (DaaS) solution. https://aws.amazon.com/workspaces/?workspaces-blogs.sort-by=item.additionalFields.createdDate&workspaces-blogs.sort-order=desc

Your company has decided to use Amazon WorkSpaces. They can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes. What type of solution is this? A) DaaS B) SaaS C) PaaS D) IaaS

A) DaaS Amazon WorkSpaces provides a Desktop as a Service (DaaS) solution.

True or False: Objects stored in S3 are stored in a single, central location within AWS. A) False B) True

A) False Objects stored in S3 are stored in multiple servers in multiple facilities across AWS.

Which is a core design principle for deploying resources in AWS? A) Deploy in Multiple Availability Zones. B) Use a tight coupling of your resources and applications. C) Estimate your S3 storage needs up front. D) Plan ahead for hardware capacity.

A) Deploy in Multiple Availability Zones Deploying in Multiple Availability zones will protect against downtime should an Availability Zone be lost.

Which is a core design principle for deploying resources in AWS? A) Deploy in Multiple Availability Zones. B) Plan ahead for hardware capacity. C) Estimate your S3 storage needs up front. D) Use a tight coupling of your resources and applications.

A) Deploy in Multiple Availability Zones. Deploying in Multiple Availability zones will protect against downtime should an Availability Zone be lost.

Which of the following were business challenges before the cloud? A) Differing security protocols for a distributed workforce. B) Slow Provisioning of on-premise data centers. C) Cost Control of an on-premise datacenter. D) Fully-customizable infrastructure with on-premise data centers

A) Differing security protocols for a distributed workforce. B) Slow Provisioning of on-premise data centers. C) Cost Control of an on-premise datacenter.

Which of the following were business challenges before the cloud? (Pick 3) A) Differing security protocols for a distributed workforce. B) Slow Provisioning of on-premise data centers. C) Cost Control of an on-premise datacenter. D) Fully-customizable infrastructure with on-premise data centers

A) Differing security protocols for a distributed workforce. B) Slow Provisioning of on-premise data centers. C) Cost Control of an on-premise datacenter.

AWS uses the shared responsibility model. For security, which of the following are the responsibilities of AWS? (Choose 3) A) Disk disposal B) Physically securing compute resources C) Network patching D) User password rules E) Configure Security Groups

A) Disk disposal B) Physically securing compute resources C) Network patching Disk disposal is one of AWS's responsibilities, as it is connected to the infrastructure, which AWS handles. AWS is in charge of physically securing compute resources, as it is part of the infrastructure that runs all of the services offered in the AWS Cloud. Network patching is one of AWS's responsibilities, as it is connected to the infrastructure that AWS handles.

You need to store key-value pairs of users and their high scores for a gaming application. Which is the best option for this type of data? A) DynamoDB B) AWS S3 C) RDS MySQL D) Amazon RedShift

A) DynamoDB DynamoDB is ideally suited for storing key-value pairs as it is a key-value and document database that delivers single-digit millisecond performance at any scale. https://aws.amazon.com/dynamodb/

Which of the following is an AWS Regional Service (Pick 3) A) EC2 B) VPC C) Amazon RDS D) IAM

A) EC2 B) VPC C) Amazon RDS

Which of the following are AWS computing services? A) EC2 B) WS Direct Connect C) Lambda D) Route 53 E) S3 F) VPC

A) EC2 C) Lambda

Which of the following are AWS computing services? (Pick 2) A) EC2 B) AWS Direct Connect C) Lambda D) Route 53 E) S3 F) VPC

A) EC2 C) Lambda

In which of the following is CloudFront content cached? A) Edge Location B) Region C) Data Center D) Availability Zone

A) Edge Location CloudFront content is cached in Edge Locations.

Your design team has recommended the need to distribute incoming traffic across multiple EC2 instances and also across multiple availability zones. Which AWS service can accomplish this? A) Elastic Load Balancer B) CloudFront C) Auto Scaling Group D) CloudFormation

A) Elastic Load Balancer Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault-tolerant. https://aws.amazon.com/elasticloadbalancing/

An application that experiences highly variable traffic throughout the day has been configured in AWS. The capacity configured to serve this application adjusts to demands throughout the day. Which AWS principle does this describe? A) Elasticity B) High Availability C) Viscosity D) Durability

A) Elasticity The ability to acquire resources as you need them and release resources when you no longer need them. In the cloud, you want to do this automatically

An application that experiences highly variable traffic throughout the day has been configured in AWS. The capacity configured to serve this application adjusts to demands throughout the day. Which AWS principle does this describe? A) Elasticity B) Durability C) High Availability D) Viscosity

A) Elasticity The ability to acquire resources as you need them and release resources when you no longer need them. In the cloud, you want to do this automatically. https://wa.aws.amazon.com/wat.concept.elasticity.en.html

In Identity and Access Management, which term refers to the IAM resource objects that AWS uses for authentication? A) Entity B) Resource C) Identity D) Principal

A) Entity The IAM resource objects that AWS uses for authentication. These include IAM users, federated users, and assumed IAM roles.

Which of the following Route 53 policies allow you to a) route data to a second resource if the first is unhealthy, and b) route data to resources that have better performance? A) Failover Routing and Latency-based Routing B) Failover Routing and Simple Routing C) Geoproximity Routing and Geolocation Routing D) Geolocation Routing and Latency-based Routing

A) Failover Routing and Latency-based Routing Failover Routing and Latency-based Routing are the only two correct options, as they consider routing data based on whether the resource is healthy or whether one set of resources is more performant than another. Any answer containing location based routing (Geoproximity and Geolocation) cannot be correct in this case, as these types only consider where the client or resources are located before routing the data. They do not take into account whether a resource is online or slow. Simple Routing can also be discounted as it does not take into account the state of the resources.

True or False: Security in the cloud is the responsibility of AWS. A) False B) True

A) False AWS is responsible for the security OF the cloud. The customer is responsible for security IN the cloud -- that is, the security of her AWS resources.

True or False: There are more Regions than there are Availability Zones. A) True B) False

A) False As there are at least two Availability Zones (AZ) per AWS Region, there will always be more AZs than Regions.

True or False: Access Control Lists are used to make entire buckets (like one hosting an S3 website) public. A) False B) True

A) False Bucket Policies are used to make entire buckets (like one hosting an S3 website) public.

True or False: Identity Access Management (IAM) is a Regional service. A) False B) True

A) False Identity Access Management is a Global service.

The ability to withstand a certain amount of failure and still remain functional (and/or be self-healing and return to full capacity) is: A) Fault Tolerant B) Highly Available C) Scalable D) Elastic

A) Fault Tolerant

Which of these components does a security group represent for an EC2 instance? A) Firewall B) Network card C) AMI D) CPU

A) Firewall

A security group is a _ on the _ level. A) Firewall, instance B) Firewall, AWS C) Firewall, VPC D) Firewall, subnet

A) Firewall on the Instance level

A Healthcare agency needs to store certain patient information for up to 10 years. To save cost, they want to archive this data to cheaper storage. The data needs to be retrieved within 12 hours. Which is the cheapest option? A) Glacier Deep Archive B) Redshift C) S3 Standard IA D) Glacier

A) Glacier Deep Archive Glacier Deep Archive meets the requirement and is the cheapest option. Amazon S3 Glacier and S3 Glacier Deep Archive are a secure, durable, and extremely low-cost Amazon S3 cloud storage classes for data archiving and long-term backup. They are designed to deliver 99.999999999% durability, and provide comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements.

Your company has decided to migrate entirely to the AWS Cloud. Which answers are a part of the 6 advantages of cloud computing? (Pick 2) A) Go global in minutes B) Benefit from minor economies of scale. C) Trade variable expense for capital expense D) Stop spending money running and maintaining data centers

A) Go global in minutes D) Stop spending money running and maintaining data centers Go global in minutes - Easily deploy your application in multiple regions around the world with just a few clicks. This means you can provide lower latency and a better experience for your customers at a minimal cost Stop spending money running and maintaining data centers - Focus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on your own customers, rather than on the heavy lifting of racking, stacking, and powering servers

AWS CloudTrail is a service that enables which of the following? (Pick 4) A) Governance B) Operational auditing C) Compliance D) Resource metrics E) Risk auditing

A) Governance B) Operational auditing C) Compliance E) Risk auditing

Which of the following is not a feature of AWS Organizations? A) Granular configuration of Security Groups within a VPC B) Grouping all of your AWS accounts into organizational Units (OUs) as part of a hierarchy C) AWS accounts which are members of an Organization can have the benefit of Consolidated Billing D) Hierarchical based control over groups of IAM users and roles, within multiple Accounts

A) Granular configuration of Security Groups within a VPC AWS Organizations is an account management service which allows you manage multiple accounts centrally.

What is the AWS storage gateway? A) Hybrid Storage Service B) Computing Service C) Networking Service D) Monitoring Service

A) Hybrid Storage Service

In this scenario, we want to grant an IAM User access to certain AWS services. What could we attach directly to an IAM User that will allow only that user access to that specific AWS service? A) IAM Policy B) IAM Role C) IAM Group D) MFA

A) IAM Policy

What does IAM stand for? A) Identity and Access Management B) Identity Alias Management C) Identity Authentication Manager D) Internal Access Management

A) Identity and Access Management

A developer is trying to programmatically retrieve information from an EC2 instance such as public keys, ip address, and instance id. From where can this information be retrieved? A) Instance metadata B) CloudWatch Logs C) Instance Snapshot D) Instance userdata

A) Instance metadata

IAM policies are written using ____. A) JSON B) XML C) SGML D) SAML

A) JSON IAM policies are written using JSON.

An ELB is a __. A) Load Balancer B) Elastic Block Store C) Storage volume D) Auto Scaling Group

A) Load Balancer

An Auto Scaling Group is a _. A) Logical grouping of EC2 instances for the purpose of scaling B) None of these is an Auto Scaling Group. C) EC2 Group D) Auto Scaling Collection

A) Logical grouping of EC2 instances for the purpose of scaling

A colleague tells you about a service that uses machine learning to discover and protect sensitive data stored in S3 Buckets. Which AWS service does this? A) Macie B) Inspector C) Rekognition D) Cognito

A) Macie Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.

After configuring your VPC and all of the resources within it, you want to add an extra layer of security at the subnet level. Which will you use to add this security? A) Network ACL B) Private IP Address C) Security Group D) IAM

A) Network ACL A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups to add an additional layer of security to your VPC

AWS uses the shared responsibility model. For security, which of the following are the responsibilities of AWS? (Select 3) A) Network patching B) Disk disposal C) User password rules D) Physically securing compute resources E) Configure Security Groups

A) Network patching B) Disk disposal D) Physically securing remote resources Network patching is one of AWS's responsibilities, as it is connected to the infrastructure that AWS handles. Disk disposal is one of AWS's responsibilities, as it is connected to the infrastructure, which AWS handles. AWS is in charge of physically securing compute resources, as it is part of the infrastructure that runs all of the services offered in the AWS Cloud.

Which of these is not a basic component of the cloud that is accessible to a cloud customer? A) On-premise data center B) Compute C) Storage D) Networking

A) On-premise data center

Which of these are allowed penetration testing without prior approval from AWS? A) RDS B) CloudFront C) EC2 instances D) Route 53 E) Port flooding

A) RDS B) CloudFront D) Route 53

What two AWS services receive bulk discounted pricing for agreeing to pay for a term? A) RDS B) EC2 C) AWS Organizations D) S3 E) AWS Lambda

A) RDS B) EC2

You need to set up a data warehouse on AWS for financial/actuary data. Which AWS service will you use? A) Redshift B) DynamoDB C) Elasticache D) RDS

A) Redshift Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers.

Which of the following are examples of storage? (Pick 5) A) Remote Hard Disk B) iCloud C) Local Hard Disk D) Google Drive E) Gmail F) Dropbox

A) Remote Hard Disk B) iCloud C) Local Hard Disk D) Google Drive F) Dropbox

A company has a large number of S3 buckets and needs to manage and automate tasks on these buckets at one time. Which AWS feature can do this? A) Resource Groups B) Tagging C) IAM Groups D) IAM

A) Resource Groups You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time. This guide shows you how to create and manage resource groups in AWS Resource Groups.

What AWS service is used to manage DNS? A) Route 53 B) EC2 C) S3 D) VPC

A) Route 53

Software as a Service (SaaS) is the Entire Infrastructure operating system, and software provided by a third party A) True B) False

A) True

During Disaster Recovery exercises, you need to re-route traffic from EC2 instances to instances in another region. With which service can you do this? A) Route 53 B) VPC Peering C) CloudFront D) AWS Auto Scaling

A) Route 53 Route 53 can be used for Disaster Recovery by simply shifting traffic to the new region. Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well.

In this scenario, we want to enable notifications for KMS activity. What AWS service could be used with AWS KMS to send these notifications? A) SNS B) AWS KMS C) S3 D) CloudTrail

A) SNS

Which is not included in Elastic Load Balancer functionality? A) Scale-out EC2 resources to meet demand B) Routes traffic to healthy instances C) Distributes traffic across EC2 instances D) Increase an application's fault tolerance

A) Scale-out EC2 resources to meet demand

Which of the following were datacenter challenges before the cloud? A) Server sprawl(space), cooling, and power B) Server sprawl(space) C) Cooling and power D) Server sprawl(space) and power

A) Server Sprawl (space), cooling, and power

What are the three cloud computing models? (pick 3) A) Software as a Service (SaaS) B) Infrastructure as a Service (IaaS) C) Hardware as a Service (HaaS) D) PlatForm as a Service (PaaS)

A) Software as a Service (SaaS) B) Infrastructure as a Service (IaaS) D) PlatForm as a Service (PaaS)

A healthcare company has nightly batch jobs that can afford to be interrupted. Which EC2 pricing model can meet this need and provide great savings by using a supply and demand model? A) Spot Instances B) On-Demand C) Scheduled Reserved Instances D) Standard Reserved Instances

A) Spot Instances Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. You can use Spot Instances for various stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, CI/CD, web servers, high-performance computing (HPC), and test and development workloads.

You have used on-demand instances for a month, but have met unexpected costs with this choice. Which EC2 option provides up to 90% discount on on-demand instances while taking advantage of AWS unused EC2 capacity? A) Spot Instances B) Virtual Instances C) Dedicated Host D) Reserved Instances

A) Spot Instances Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. You can use Spot Instances for various stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, CI/CD, web servers, high-performance computing (HPC), and test and development workloads. Because Spot Instances are tightly integrated with AWS services such as Auto Scaling, EMR, ECS, CloudFormation, Data Pipeline and AWS Batch, you can choose how to launch and maintain your applications running on Spot Instances

Which of the following is true about subnets? A) Subnets cannot span Availability Zones B) Subnets connect a subsection of the internet to another C) Subnets are stateless firewalls D) Subnets are stateful firewalls

A) Subnets cannot span Availability Zones

The components of SNS are _. A) Subscribers B) SNS Category C) Publishers D) SNS Subject E) SNS Topics

A) Subscribers C) Publishers E) SNS Topics

You want to group together EC2 instances and manage them as a group. One thing you want to do is issue commands remotely to these instances. Which AWS service will you use? A) Systems Manager B) Load Balancing C) CloudFormation D) Auto Scaling

A) Systems Manager AWS Systems Manager Run Command lets you remotely and securely manage the configuration of your managed instances. A managed instance is any EC2 instance or on-premises machine in your hybrid environment that has been configured for Systems Manager. https://docs.aws.amazon.com/systems-manager/latest/userguide/execute-remote-commands.html

A company is contemplating a move to the AWS Cloud. What benefits can be gained from such a move? A) The company can focus on its business rather than setting up a data center. B) The worry of long term cost is eliminated. C) There is no need to patch guest operating systems. D) All encryption is handled by AWS.

A) The company can focus on its business rather than setting up a data center.

Platform as a Service (PaaS) is the Entire Infrastructure and operating system is provided by a third party A) True B) False

A) True

RedShift is at times the recipient of streaming data, but it can not itself stream data in real-time A) True B) False

A) True

Redshift is a Data Warehouse, not to be confused with Redis, which is a version of Elasticache A) True B) False

A) True

True or False: A CloudFront Origin can be an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53. A) True B) False

A) True A CloudFront Origin can be an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53.

What does VPC stand for? A) Virtual Private Cloud B) Virtualization Platform Cloud C) Virtualized Private Cloud D) Virtual Public Cloud

A) Virtual Private Cloud

Which AWS service can you use to connect your AWS cloud with an on-premises data center? A) Virtual Private Gateway B) IAM C) Internet Gateway D) VPC Peering

A) Virtual Private Gateway A virtual private gateway is a logical, fully redundant distributed edge routing function that sits at the edge of your VPC. As it is capable of terminating VPN connections from your on-prem or customer environments, the VPG is the VPN concentrator on the Amazon side of the Site-to-Site VPN connection.

Which of these types of operating systems will we see in AWS? A) Windows B) macOS C) Linux D) DOS

A) Windows C) Linux

NACLs _ traffic on the _. A) allow/deny, subnet level B) allow/deny, instance level C) only explicitly allow, subnet level D) explicitly deny, instance level

A) allow/deny traffic on the subnet level

In regards to the AWS Shared Responsibility Model, AWS maintains responsibility __. A) of the cloud B) for no part of the cloud C) in the cloud D) of the customers

A) of the cloud

Which of the following are advantages of cloud computing? Choose 4 A) Elasticity - you need not worry about capacity. B) The capital expenditure (CapEx) funding model C) Increased speed and agility D) Variable expense E) The ability to 'go global' in minutes

A, C, D and E The 'pay-as-you-go' nature of cloud computing ensures that a large up-front capital expense is not required.

Which of the following are steps you should take in securing your AWS account? Choose 3 A) Activate Multifactor Authentication (MFA) on your root account. B) Create a Root IAM role. C) Create individual IAM users. D) Use Groups to assign permissions to IAM users.

A, C and D The Root account should have MFA enabled; you should always create individual users (the Root account should never be used for actual work); and groups should be used to grant permissions to the users you create.

Which of the following are types of cloud computing deployments? Choose 3 A) Hybrid cloud B) Mixed cloud C) Public cloud D) Private cloud

A, C and D The three types of cloud deployments are Public, Hybrid, and Private (also called 'on-prem'). Next question

Which of the following are criteria affecting your billing for RDS? Choose 3 A) Clock hours of server time B) Data transfer in C) Number of requests D) Standby time E) Additional storage

A, C and E Clock hours of server time, additional storage, and number of requests are among the criteria defining charges for RDS.

Which of the following are principles of sound cloud design? Choose 4 A) Scalability B) Tightly-coupled components C) Assume everything will fail. D) Disposable resources E) Infrastructure as code F) Limit the number of 3rd-party services. G) Treat your servers like pets, not cattle.

A, C, D and E Build your systems to be scalable, use disposable resources, reduce infrastructure to code, and, please, assume EVERYTHING will fail sooner or later. Next question

Which of the following are Support Levels offered by AWS? Choose 3 A) Business B) Individual C) Basic D) Start-up E) Developer

A, C, E The AWS Support levels are Basic, Developer, Business, and Enterprise.

Which of the following are valid access types for an IAM user? Choose 3 A) AWS Management Console access B) Emergency access via Identity Access Management (IAM) C) Programmatic access via the command line D) Security Group access via the AWS command line E) Using the AWS Software Developers Kit

A, C, E The types of access are AWS Management Console access and Programmatic Access via the AWS API, the CLI, and the SDKs.

After experiencing unusual behavior in your AWS account, you need to determine if there are any issues with AWS that may be affecting your account? A-AWS Personal Health Dashboard B-AWS CloudWatch C-AWS SNS D-AWS Service Health Dashboard

A-AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you.

A network security team has noticed some malicious activity on the company AWS account. Which AWS service can be used to detect malicious activity and help protect the account? A-Amazon GuardDuty B-AWS Inspector C-AWS Shield D-Amazon Macie

A-Amazon GuardDuty GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.

You need to visualize, understand, and manage your AWS costs and usage over time. Which AWS tool would you use? A-Cost Explorer B-CloudWatch C-AWS Cost and Usage Report D-Trusted Advisor

A-Cost Explorer Lets you visualize, understand, and manage your AWS costs and usage over time. You can analyze your cost and usage data at a high level or specifics

Several EC2 instances in a public subnet need internet access. Which will you configure as one step in granting internet access? A-Internet Gateway B-NAT Gateway C-API Gateway D-VPC Peering

A-Internet Gateway An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

You have two Software systems that need to communicate, and you also need to ensure that messages are not lost between them. Which AWS service can help meet these requirements? A-SQS B-CloudWatch C-SES D-SNS

A-SQS Simple Queue Service (SQS) offers a secure, durable, and available hosted queue that lets you integrate and decouple distributed software systems and components.

Microsoft has announced a new patch for its operating system. For a Platform as a Service solution, who would be responsible for applying the patch?

AWS

Which policy will provide information on performing penetration testing on your EC2 instances?

AWS Acceptable use policy

Which policy will provide information on performing penetration testing on your EC2 instances? AWS Acceptable use policy IAM Policy AWS Terms and Conditions Policy JSON Policy

AWS Acceptable use policy

What is used to retrieve compliance reports?

AWS Artifact

What is AWS CloudFormation?

AWS CloudFormation simplifies provisioning and management on AWS. You can create templates for the service or application architectures you want and have AWS CloudFormation use those templates for quick and reliable provisioning of the services or applications (called "stacks"). You can also easily update or replicate the stacks as needed

With which AWS service, coupled with EC2, can you implement elasticity by adding and removing instances as needed?

AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. In this way, the necessary EC2 instances will expand and contract based on the current demands placed on the application.

You want to be notified when your AWS usage costs exceed a specific dollar amount. Which of the following AWS services provided you this feature? AWS Budgets Cost Explorer Trusted Advisor QuickSight

AWS Budgets

Which of the following AWS services should you use if you'd like to be notified when you have crossed a billing threshold? Choose 2 AWS Budgets Trusted Advisor CloudWatch AWS Cost Allocation

AWS Budgets CloudWatch

What is the AWS tool that enables you to use scripts to manage all AWS services and resources?

AWS CLI

Your company is migrating its services to the AWS cloud. The DevOps team has heard about infrastructure as code, and wants to investigate this concept. Which AWS service would they investigate?

AWS CloudFormation

Your company is migrating its services to the AWS cloud. The DevOps team has heard about infrastructure as code, and wants to investigate this concept. Which AWS service would they investigate? A) Elastic Beanstalk B) AWS CloudFormation C) AWS Lambda D) CodeCommit

AWS CloudFormation AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS

Your company is migrating its services to the AWS cloud. The DevOps team has heard about infrastructure as code, and wants to investigate this concept. Which AWS service would they investigate?

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS.

There have been some questionable activities in your AWS account. You need to review your event history, such as actions taken from the Management Console and the CLI. Which service records this type of information?

AWS CloudTrail

You have been tasked with developing a plan to move applications to AWS and use AWS services to house code, build, and deploy these applications. Which AWS service will allow you to host Git-based repositories?

AWS CodeCommit

You have been tasked with developing a plan to move applications to AWS and use AWS services to house code, build, and deploy these applications. Which AWS service will allow you to host Git-based repositories? AWS CodeCommit AWS CodeDeploy AWS CodeBuild GitHub

AWS CodeCommit

You have been tasked with developing a plan to move applications to AWS and use AWS services to house code, build, and deploy these applications. Which AWS service will allow you to host Git-based repositories?

AWS CodeCommit AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools

What is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers

AWS CodeDeploy

A software development team has begun using the AWS Developer Tools Suite. Which service will enable creating, managing, and working with software development projects on AWS? AWS CodeDeploy AWS CodeBuild AWS CodeCommit AWS CodeStar

AWS CodeStar

A software development team has begun using the AWS Developer Tools Suite. Which service will enable creating, managing, and working with software development projects on AWS?

AWS CodeStar is a cloud-based service for creating, managing, and working with software development projects on AWS. You can quickly develop, build, and deploy applications on AWS with an AWS CodeStar project.

What is the AWS tool that enables you to use scripts to manage all AWS services and resources?

AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

What has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time

AWS Cost Explorer

Which AWS service would enable you to view the spending distribution in one of your AWS accounts?

AWS Cost Explorer

You have just set up a new environment in AWS and want to see what costs are being incurred for the resources you are using. What would you use to get an idea of the costs and resources being used?

AWS Cost Explorer Cost Explorer is a free tool you can use to view your costs and view data for the last 13 months. You can also forecast how much you might spend for the next three months and get recommendations for which instances to purchase.

You need to visualize, understand, and manage your AWS costs and usage over time. Which AWS tool would you use?

AWS Cost Explorer lets you visualize, understand, and manage your AWS costs and usage over time. You can analyze your cost and usage data at a high level (e.g., total costs and usage across all accounts in your organization) or for highly specific requests.

Which tool can be used to view your AWS Costs and usage of the past months and to get a better idea of what your AWS costs may look like in the future? TCO Calculator AWS Cost explorer AWS Budgets AWS Simple Monthly Calculator

AWS Cost explorer

What is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals. In this scenario, the data files are not moved between AWS services, the data is moved into AWS S3

AWS Data Pipeline

You are about to migrate a MySQL database to the AWS Cloud. Which AWS service can help with this?

AWS Database Migration Service

You are about to migrate a MySQL database to the AWS Cloud. Which AWS service can help with this?

AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data both to and from most of the widely used commercial and open-source databases.

You are trying out AWS on a trial basis and need to deploy an application without having to configure servers. Which AWS service can you use?

AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.

A small startup is configuring its AWS cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group?

AWS IAM

A small startup is configuring its AWS cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group? AWS Organizations AWS IAM Tagging Resource Groups

AWS IAM

A small startup is configuring its AWS cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group?

AWS IAM AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

Under the AWS shared responsibility model, which of the following is the responsibility of the customer? Physical security of infrastructure Environment risk management AWS IAM policies Edge locations Management

AWS IAM policies

A small startup is configuring its AWS cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group?

AWS IAM: AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

A small startup is configuring its AWS cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group?

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

You are managing the company's AWS account, and the current support plan is Basic, but you would like to begin using Infrastructure Event Management. What steps should you take?

AWS Infrastructure Event Management is a structured program available to Enterprise Support customers (and Business Support customers for an additional fee) that helps you plan for large-scale events such as product or application launches, infrastructure migrations, and marketing events. With Infrastructure Event Management, you get strategic planning assistance before your event, as well as real-time support during these moments that matter most for your business.

What is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS

AWS Inspector

Which AWS security assesses apps to improve their security and compliance? Service health dashboard AWS X-Ray AWS Inspector AWS Trusted Advisor

AWS Inspector

Which of the following tools can best assist with identifying common security vulnerabilities?

AWS Inspector

You need to use an AWS service to assess the security and compliance of your EC2 instances. Which of the following services should you use? AWS Inspector AWS WAF AWS Shield AWS Trusted Advisor

AWS Inspector

You need to stream data in real-time for a dashboard application. Which AWS service would you use? AWS CloudWatch AWS CloudTrail Amazon RedShift AWS Kinesis

AWS Kinesis

Which services belong to the AWS serverless platform?

AWS Lambda, AWS Fargate, Amazon S3, Amazon EFS, Amazon DymanoDB, Amazon API Gateway, Amazon SNS, AWS Step Functions, Amazon Kinesis, Amazon Athena

Which of the following are valid access types for an IAM user? Choose 3 AWS Management Console access Using the AWS Software Developers Kit Security Group access via the AWS command line Programmatic access via the command line Emergency access via Identity Access Management (IAM)

AWS Management Console access Using the AWS Software Developers Kit Programmatic access via the command line

A small software company is starting to work with the AWS Cloud. Which service will allow them to find, test, buy, and deploy software that runs on AWS?

AWS Marketplace

A small software company is starting to work with the AWS Cloud. Which service will allow them to find, test, buy, and deploy software that runs on AWS?

AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS

You need to deploy a specific software configuration that you currently have on one EC2 instance in your environment to hundreds of other EC2 instances in your environment. Which AWS service is best suited for this implementation and would be most efficient at automating the replication and deployment?

AWS OpsWorks - provides fully managed configuration automation and management of Chef and Puppet.

A company has multiple AWS accounts across multiple regions. Which AWS service can be used to manage these accounts and provide consolidated billing? CloudFormation Identity and Access Management Trusted Advisor AWS Organizations

AWS Organizations

Which AWS service provides central governance and management across multiple AWS accounts? CloudFormation AWS Systems Manager AWS Organizations Identity and Access Management

AWS Organizations

Which AWS service provides centralized management and consolidated billing for all your AWS accounts? Cloudtrail AWS Organizations Cloudwatch AWS Direct Connect

AWS Organizations

What AWS Service can be used to centrally manage policies from a master account for security and compliance purposes?

AWS Organizations can be used to centrally manage policies from a master account, NOT IAM

A small company wants to deploy a new system in the AWS cloud but does not have anyone with the required AWS skill set to perform the deployment. Which AWS service can help with this?

AWS Partner Network (APN) Consulting Partners APN Consulting Partners are professional services firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their journey to the cloud. APN Consulting Partners often implement Technology Partner solutions in addition to the professional services they offer.

Which of the following is AWS' managed DDoS protection service? AWS Shield AWS WAF Access Control Lists Security Groups

AWS Shield

After experiencing unusual behavior in your AWS account, you need to determine if there are any issues with AWS that may be affecting your account. What section of the AWS portal helps you to inspect account alerts and find remediation guidance for your account? AWS Service Health Dashboard AWS Personal Health Dashboard AWS CloudWatch AWS SNS

AWS Personal Health Dashboard

You suspect that one of the AWS services your company is using has gone down. How can you check on the status of this service? AWS Personal Health Dashboard AWS Trusted Advisor AWS Organizations Amazon Inspector

AWS Personal Health Dashboard

What is AWS Personal Health Dashboard?

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. **Detailed Troubleshooting Guidance: **Proactive Notifications: **A personalized View of Service Health:

You are leading a pilot program to try the AWS Cloud for one of your applications. You have been instructed to provide an estimate of your AWS bill. Which service will allow you to do this by manually entering your planned resources by service? AWS Pricing Calculator AWS Cost and Usage Report AWS CloudTrail AWS Cost Explorer

AWS Pricing Calculator

Your organization is multi-national and uses multiple AWS regions. Which AWS service can be used to route users to the nearest datacenter to reduce latency?

AWS Route 53

Your developers need to use .NET to call certain AWS services in your environment. What tool would you use?

AWS SDK SDK can be plugged in for various programming languages and used to call the required services.

You would like to set up a loosely coupled architecture. Which service would allow you to send and receive messages, but most importantly, store messages if they are not consumed immediately?

AWS SQS Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

Which AWS service can be used to detect and prevent Distributed Denial of Service attacks against services hosted on AWS?

AWS Sheild

A financial company needs to migrate large amounts of data, at a peta-byte scale, to AWS. Which AWS service can perform this type of migration?

AWS Snowball: Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns.

Which native AWS service will act as a file system mounted on an S3 bucket? AWS Storage Gateway Amazon S3 Amazon Elastic Block Store Amazon Elastic File System

AWS Storage Gateway

Which AWS Calculator can be used to estimate the cost savings when using AWS Cloud instead of using on-premises or traditional hosting environments? AWS Cost Explorer AWS Budgets AWS TCO AWS Simple Monthly Calculator

AWS TCO

What tool below helps estimate the costs of moving your on-premise environment of AWS?

AWS TCO Calculator

Which AWS service can help you optimize your AWS environment by giving recommendations to reduce cost, increase security, and improve performance?

AWS Trusted Advisor

Which AWS services can assist you with ensuring cost optimization in your AWS environment?

AWS Trusted Advisor

Which of the following AWS services can assist you with cost optimization? AWS Inspector AWS Shield AWS WAF AWS Trusted Advisor

AWS Trusted Advisor

Which of the following AWS services can help you assess the fault-tolerance of your AWS environment? AWS WAF AWS Shield AWS Trusted Advisor AWS Inspector

AWS Trusted Advisor

Which of the following services will help you optimize your entire AWS environment in real time following AWS best practices? AWS Shield AWS Inspector AWS WAF AWS Trusted Advisor

AWS Trusted Advisor

You have been tasked with going into the AWS company account and getting information on saving money, improving system performance and reliability, and closing security gaps. Which tool can you use to get this information? AWS Trusted Advisor AWS Inspector AWS Cost and Usage Report CloudWatch

AWS Trusted Advisor

Which AWS service can assist you with ensuring cost optimization in your AWS environment?

AWS Trusted Advisor AWS Trusted Advisor gives you proactive recommendations about how to optimize your AWS environment for cost, performance, security, fault tolerance and service limits.

A gaming company is using the AWS Developer Tool Suite to develop, build, and deploy their applications. Which AWS service can be used to trace user requests from end-to-end through the application? CloudWatch CloudTrail AWS Inspector AWS X-Ray

AWS X-Ray

A gaming company is using the AWS Developer Tool Suite to develop, build, and deploy their applications. Which AWS service can be used to trace user requests from end to end through the application?

AWS X-Ray AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application's underlying components.

What AWS service would you use to help troubleshoot consistent runtime errors of your underlying micro service in your environment?

AWS X-Ray Helps analyze and debug production distributed applications built on micro-services architectures.

Under the AWS shared responsibility model, who is responsible for Security and Compliance? AWS is responsible . The customer is responsible. AWS and the customer share responsibility. AWS is responsible for security and the customer is responsible for compliance.

AWS and the customer share responsibility.

Which of the following is an AWS way to help companies reduce their IT costs when they host their resources in the AWS Cloud? AWS continually reduces the pricing of cloud computing. AWS handles secutiry so companies dont need to think about it AWS allows companies to connect their on-premises infrastructure to the AWS cloud services AWS offers regularly pricing promotions on its cloud services.

AWS continually reduces the pricing of cloud computing.

The CFO of a software company had requested an Executive Summary detailing the advantages of a potential move to the AWS Cloud. What can you say is an advantage of an RDS database over a traditional database?

AWS maintains the underlying OS and performs software patching on the database.

The CFO of a software company had requested an Executive Summary detailing the advantages of a potential move to the AWS Cloud. What can you say is an advantage of an RDS database over a traditional database? There is much greater access for DBAs. AWS maintains the underlying OS and performs software patching on the database. It is much easier to convert to a NoSQL database. It is 5 times faster than traditional databases.

AWS maintains the underlying OS and performs software patching on the database.

What is CloudFront?

AWS's CDN service. System of distributed servers that deliver webpages and other web content to a user based on the geographic locations of the user, the origin of the webpage and a content delivery server

Developers in your company need to interact with AWS from the Command Line Interface. Which security item will you need to provide to the developers? Security Token Root password Access Key Login ID

Access Key

Users need to access AWS resources from the command-line interface. Which IAM option can be used for authentication?

Access Keys

Users need to access AWS resources from the command-line interface. Which IAM option can be used for authentication? IAM Policy Access Keys IAM Group IAM Role

Access Keys

Which of the following are steps you should take in securing your AWS account? Choose 3 Create a Root IAM role. Activate Multifactor Authentication (MFA) on your root account. Use Groups to assign permissions to IAM users. Create individual IAM users.

Activate Multifactor Authentication (MFA) on your root account. Use Groups to assign permissions to IAM users. Create individual IAM users.

Which of the following helps secure access to an AWS account? Use Cloudwatch Logs Insights Enable AWS Organizations MFA Enable AWS Config

Activate multi-factor authentication (MFA)

Which of the following are criteria affecting your billing for RDS? Choose 3 Standby time Data transfer in Additional storage Clock hours of server time Number of requests

Additional storage Clock hours of server time Number of requests

Your Finance Department has instructed you to save cost wherever possible when using the AWS Cloud. You notice that using reserved EC2 instances on a 1 year contract will save money. But payment method will save the most money?

All Upfront With the All Upfront option, you pay for the entire Reserved Instance term with one upfront payment. This option provides you with the largest discount compared to On-Demand Instance pricing.

Which of the following is the AMazon EC2 pricing model that gives the highest discount? No upfront reserved instances for a 3 year term All upfront reserved instances for a 1 year term Partial upfront reserved instances for a 1 year term All upfront reserved instances for a 3 year term.

All upfront reserved instances for a 3 year term.

AWS Trusted Advisor provide checks in 5 different categories. Which item is not one of those checks?

Although this is a valued concept in AWS, it is not one of the 5 checks provided in Trusted Advisor.

You have a MySQL database that you want to migrate to the cloud, and you need it to be significantly faster there. You are looking for a speed increase up to 5 times the current performance. Which AWS offering could you use? Amazon RDS MySQL Amazon Aurora DynamoDB Elasticache

Amazon Aurora

What is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers

Amazon CloudWatch

Your team needs to begin monitoring the applications running in your AWS account. Which AWS service can you use?

Amazon CloudWatch

Your team needs to begin monitoring the applications running in your AWS account. Which AWS service can you use?AWS Config Amazon Cloudtrail AWS App Monitoring Amazon CloudWatch

Amazon CloudWatch

Which of the following statements are true? Choose two Amazon Cloudfront services enables caching content at Edge Locations for fast distribution to customers There are more availability Zones than Edge Locations and more Edge locations than regions. There are more Edge locations than Availability Zones, and more Availability Zones than regions. There are more regions than edge locations, and more edge locations than Availability Zones.

Amazon Cloudfront services enables caching content at Edge Locations for fast distribution to customers. There are more Edge locations than Availability Zones, and more Availability Zones than regions.

What is the primary storage service used by Amazon RDS database instances?

Amazon EBS DB instances for Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server use Amazon Elastic Block Store (Amazon EBS) volumes for database and log storage. EBS volumes are performant for your most demanding workloads, including mission-critical applications such as SAP, Oracle, and Microsoft products. Amazon EBS scales with your performance needs, whether you are supporting millions of gaming customers or billions of e-commerce transactions.

You have many database backups that you need to store for an indefinite amount of time. If the backups are ever needed, they just need to be retrieved within 6 hours. What is the lowest cost solution for this scenario?

Amazon Glacier

A network security team has noticed some malicious activity on the company AWS account. Which AWS service can be used to detect malicious activity and help protect the account?

Amazon GuardDuty Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time-consuming for security teams to continuously analyze event log data for potential threats. With GuardDuty, you now have an intelligent and cost-effective option for continuous threat detection in the AWS Cloud.

What is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS, automatically assesses applications for exposure, vulnerabilities, and deviations from best practices, and after performing an assessment, it produces a detailed list of security findings prioritized by level of severity

Amazon Inspector

Your company has recently migrated large amounts of data to the AWS cloud in S3 buckets. But it is necessary to discover and protect the sensitive data in these buckets. Which AWS service can do that?

Amazon Macie

Your company has recently migrated large amounts of data to the AWS cloud in S3 buckets. But it is necessary to discover and protect the sensitive data in these buckets. Which AWS service can do that? Amazon Macie CloudTrail AWS Inspector GuardDuty

Amazon Macie

Your company has recently migrated large amounts of data to the AWS cloud in S3 buckets. But it is necessary to discover and protect the sensitive data in these buckets. Which AWS service can do that?

Amazon Macie Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS

Your company has recently migrated large amounts of data to the AWS cloud in S3 buckets. But it is necessary to discover and protect the sensitive data in these buckets. Which AWS service can do that?

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. https://aws.amazon.com/macie/

Which of the following is an AWS Domain Name System (DNS) web service? Amazon Route 53 Amaozn Lightsail AWS Snowball AWS Direct Connect

Amazon Route 53

Which AWS service can be used to host a static website? Elastic Block Storage Elastic File System Route 53 Amazon S3

Amazon S3

You would like to set up a loosely coupled architecture. Which service would allow you to send and receive messages, but most importantly, store messages if they are not consumed immediately?

Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.

Free AWS Services

Amazon VPC Elastic Beanstalk CloudFormation IAM Auto Scaling OpsWorks Consolidated Billing

You need to launch an EC2 instance in AWS and control access to it. Which AWS service can help with this? Amazon Virtual Private Cloud Elastic Network Interface Amazon Route 53 Amazon RDS

Amazon Virtual Private Cloud

What provides Desktop as a Service?

Amazon WorkSpace

Which AWS service can provide a Desktop as a Service (DaaS) solution?

Amazon WorkSpaces

Which AWS service can provide a Desktop as a Service (DaaS) solution? EC2 Elastic Beanstalk AWS Systems Manager Amazon WorkSpaces

Amazon WorkSpaces

Your company has decided to use Amazon WorkSpaces. They can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes. What type of solution is this?

Amazon WorkSpaces provides a Desktop as a Service (DaaS) solution.

You have decided to use the AWS Cost and Usage Report to track your EC2 Reserved Instance costs. To where can these reports be published? CloudWatch An S3 Bucket that you own. An AWS owned S3 Bucket. Trusted Advisor

An S3 Bucket that you own.

What is AWS Redshift best suited for?

Analyzing data using standard SQL and Business Intelligence tools.

A new application rolled out by the development team is going to require load balancing of HTTP and HTTPS traffic. Which Load Balancer is best suited for this type of traffic? Classic Load Balancer Network Load Balancer HTTP Load Balancer Application Load Balancer

Application Load Balancer

Which of the following services provides on demand access to AWS security and compliance reports? Artifact Trusted Advisor Cloudtrail Inspector

Artifact

Which of the following is one of the designs principles related to Reliability in the cloud? Protect data in transit and at rest Automatically recover from failure Perform operations as code Go global in minutes

Automatically recover from failure

What are AWS Shared Controls?

Apply to both the infrastructure layer and customer layers but in completely separate context or perspectives. Examples: Patch Mgmt Configuration Mgmt Awareness and Training

A new application rolled out by the development team is going to require load balancing of HTTP and HTTPS traffic. Which Load Balancer is best suited for this type of traffic?

Application Load Balancer

What is an interactive query service that allows you to query data located in S3 using standard SQL

Athena

What is commonly used to analyze log data in S3

Athena

What AWS service can do standard SQL queries on data in an S3 Bucket?

Athena Can do standard SQL queries on data in an S3 bucket.

Which of the following is AWS' managed database service that is up to 5X faster than a traditional MySQL database. PostgreSQL MariaDB Aurora DynamoDB

Aurora

Your company needs an application with a .NET layer that connects to a MySQL database. They want this application to be in AWS and use benefits such as five-times throughput, high availability, and automated backups. What database would be the ideal choice for this new application?

Aurora Aurora is a fully managed MySQL and PostgreSQL compatible relational database engine. It combines the speed and reliability of high-end commercial databases with the simple cost-effectiveness of open-sources databases. It also delivers up to five times the throughput of MySQL and up to three times the throughout of PostgreSQL.

With which AWS service, coupled with EC2, can you implement elasticity by adding and removing instances as needed?

Auto Scaling

In AWS Global Infrastructure, which component has one or more discrete data centers with redundant power, networking, and connectivity?

Availability Zone

Which policy will provide information on performing penetration testing on your EC2 instances? A) AWS Terms and Conditions Policy B) AWS Acceptable use policy C) JSON Policy D) IAM Policy

B) AWS Acceptable use policy The policy states that penetration testing may be performed by customers on their own instances with prior approval from AWS.

A software development team has begun using the AWS Developer Tools Suite. Which service will enable creating, managing, and working with software development projects on AWS? A) AWS CodeCommit B) AWS CodeStar C) AWS CodeDeploy D) AWS CodeBuild

B) AWS CodeStar AWS CodeStar is a cloud-based service for creating, managing, and working with software development projects on AWS. You can quickly develop, build, and deploy applications on AWS with an AWS CodeStar project.

Your Development team uses four on-demand EC2 instances and your QA team has 5 reserved instances, only three of which are being used. All Dev & QA instances have the same type and are launched in the same AZ. Assuming all AWS accounts are under a single AWS Organization, how will the Development team's instances be billed? A) All the Dev team's instances will be billed at the on-demand rate. B) The Dev team will be billed for two instances at on-demand prices and two instances at the reserved instance price. C) All the Dev instances will be billed at the reserved instance rate. D) The pricing for the reserved instances will shift from QA to Dev.

B Assuming all instances are in the same AWS Organization, the reserved instance pricing for the unused QA instances will be applied to two of the four Dev instances.

There have been some questionable activities in your AWS account. You need to review your event history, such as actions taken from the Management Console and the CLI. Which service records this type of information? A) AWS CLoudWatch B) AWS CloudTrail C) AWS Config D) IAM

B) AWS CloudTrail AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides the event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. In addition, you can use CloudTrail to detect unusual activity in your AWS accounts. These capabilities help simplify operational analysis and troubleshooting.

Which of the following support plans features unlimited (customer-side) contacts and unlimited support cases? Choose 2 A) Developer B) Business C) Basic D) Enterprise

B and D Both Enterprise and business support plans feature unlimited (customer-side) contacts and unlimited support cases.

When thinking about the AWS global infrastructure and the numbers of regions, availability zones, and edge locations, which of the following is correct? A) # of Availability Zones > # of Regions > # of Edge Locations B) # of Edge Locations > # of Availability Zones > # of Regions C) # of Availability Zones > # of Edge Locations > # of Regions D) # of Regions > # of Availability Zones > # of Edge Locations

B) # of Edge Locations > # of Availability Zones > # of Regions The number of Edge Locations is greater than the number of Availability Zones, which is greater than the number of Regions.

How many subnets are created by default in each region when an AWS account is created? A) 0 subnet per Availability Zone B) 1 subnet per Availability Zone C) 3 subnet per Availability Zone D) 2 subnet per Availability Zone

B) 1 Subnet per Availability Zone

The AWS Web Application Firewall can operate up to what layer of the OSI model? A) 4 B) 7 C) 6 D) 5

B) 7 WAF operates up to (and including) Layer 7 of the OSI Model.

Several S3 Buckets have been deleted, and a few EC2 instances have been terminated. Which AWS service can you use to determine who took these actions? A) AWS CloudWatch B) AWS CloudTrail C) AWS Inspector D) Trusted Advisor

B) AWS CloudTrail CloudTrail provides the event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services

Which of the following best describes a Resource Group? A) A resource group is a collection of resources of the same type (EC2, S3, etc.) that are deployed in the same Availability Zone. B) A resource group is a collection of resources that share one or more tags (or portions of tags.) C) A resource group is a collection of resources of the same type (EC2, S3, etc.) that share one or more tags or portions of tags. D) A resource group is a collection of resources that are deployed in the same AWS Region.

B) A resource group is a collection of resources that share one or more tags (or portions of tags.) A resource group is useful for describing and reporting on resources for grouping identification and internal cost recovery.

Microsoft has announced a new patch for its operating system. For a Platform as a Service solution, who would be responsible for applying the patch? A) Customer B) AWS C) The customer for spot instances only. D) Either can apply this patch.

B) AWS Platforms as a service remove the need for organizations to manage the underlying infrastructure (usually hardware and operating systems) and allow you to focus on the deployment and management of your applications.

Which AWS service would enable you to view the spending distribution in one of your AWS accounts? A) Billing Advisor B) AWS Cost Explorer C) AWS Spending Explorer D) AWS Organizations

B) AWS Cost Explorer AWS Cost Explorer is a free tool that you can use to view your costs and usage. You can view data up to the last 13 months, forecast how much you are likely to spend for the next three months, and get recommendations for what Reserved Instances to purchase. You can use AWS Cost Explorer to see patterns in how much you spend on AWS resources over time, identify areas that need further inquiry, and see trends that you can use to understand your costs. You can also specify time ranges for the data, and view time data by day or by month

Your company has entered into a 3-year contract with a government agency. Your best option for EC2 is reserved instances. Which AWS service would you use to track your reserved instance usage? A) AWS CloudTrail B) AWS Cost and Usage Report C) AWS Organizations D) Trusted Advisor

B) AWS Cost and Usage Report The AWS Cost & Usage Report contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, and reservations (e.g., Amazon EC2 Reserved Instances (RIs))

Your company has entered into a 3-year contract with a government agency. Your best option for EC2 is reserved instances. Which AWS service would you use to track your reserved instance usage? A) Trusted Advisor B) AWS Cost and Usage Report C) AWS CloudTrail D) AWS Organizations

B) AWS Cost and Usage Report The AWS Cost & Usage Report contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, and reservations (e.g., Amazon EC2 Reserved Instances (RIs)). https://aws.amazon.com/aws-cost-management/aws-cost-and-usage-reporting/

A small startup is configuring its AWS cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group? A) AWS Organizations B) AWS IAM C) Resource Groups D) Tagging

B) AWS IAM

A company has multiple AWS accounts across multiple regions. Which AWS service can be used to manage these accounts and provide consolidated billing? A) Trusted Advisor B) AWS Organizations C) CloudFormation D) Identity and Access Management

B) AWS Organizations AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Whether you are a growing startup or a large enterprise, Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts. https://aws.amazon.com/organizations/

You would like to set up a loosely coupled architecture. Which service would allow you to send and receive messages, but most importantly, store messages if they are not consumed immediately? A) AWS CloudSearch B) AWS SQS C) AWS SES D) AWS S3

B) AWS SQS Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

Which of the following is AWS' managed DDoS protection service? A) AWS WAF B) AWS Shield C) Access Control Lists D) Security Groups

B) AWS Shield AWS Shield is AWS' managed DDoS protection service.

Which AWS service can help you optimize your AWS environment by giving recommendations to reduce cost, increase security, and improve performance? A) AWS Optimizations B) AWS Trusted Advisor C) AWS Inspector D) AWS CloudWatch

B) AWS Trusted Advisor AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. Trusted Advisor checks help optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits. Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally

Which of the following services will help you optimize your entire AWS environment in real time following AWS best practices? A) AWS Inspector B) AWS Trusted Advisor C) AWS Shield D) AWS WAF

B) AWS Trusted Advisor Trusted Advisor helps you optimize your entire AWS environment in real time following AWS best practices. It helps you optimize cost, fault-tolerance, and more.

Which AWS managed policy could be attached to an IAM User to grant all access permissions? A) AdminAccess B) AdministratorAccess C) Billing D) PowerUserAccess

B) AdministratorAccess

Which of the following is an example of a SaaS? A) All of or most of an infrastructure platform being provided by a third party. B) All of the infrastructure, operating system and software are provided by a third party. C) All of the infrastructure and operating system is provided by a third party. D) Being responsible for infrastructure, operating systems, and software without help from a third party.

B) All of the infrastructure, operating system and software are provided by a third party.

You have a MySQL database that you want to migrate to the cloud, and you need it to be significantly faster there. You are looking for a speed increase up to 5 times the current performance. Which AWS offering could you use? A) Amazon RDS MySQL B) Amazon Aurora C) Elasticache D) DynamoDB

B) Amazon Aurora Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases. Amazon Aurora is up to five times faster than standard MySQL databases and three times faster than standard PostgreSQL databases

A development team has created a large amount of CloudFormation templates in the JSON format. Which AWS database can store these documents? A) AWS MySQL B) DynamoDB C) Amazon RedShift D) Amazon Aurora

B) DynamoDB The latest Amazon DynamoDB update added support for JSON data, making it easy to store JSON documents in a DynamoDB table while preserving their complex and possibly nested shape. Now, the AWS SDK for .NET has added native JSON support, so you can use raw JSON data when working with DynamoDB. This is especially helpful if your application needs to consume or produce JSON (for instance, if your application is talking to a client-side component that uses JSON to send and receive data), as you no longer need to manually parse or compose this data. https://aws.amazon.com/blogs/developer/dynamodb-json-support/

Your team needs to begin monitoring the applications running in your AWS account. Which AWS service can you use? A) AWS App Monitoring B) Amazon CloudWatch C) AWS Config D) Amazon Cloudtrail

B) Amazon CloudWatch Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers. You can use CloudWatch to detect anomalous behavior in your environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly

Which of the following is an example of block storage? A) Google Drive B) Amazon EBS C) Amazon Web Services D) AWS Storage Gateway

B) Amazon EBS

Which of the following is not one of the seven core checks performed by AWS Trusted Advisor? (pick 2) A) IAM use B) Amazon EC2 Reserved Instances Optimization C) Unassociated Elastic IP Addresses D) EBS Public Snapshots E) Security Groups (port checks) F) RDS Public Snapshots

B) Amazon EC2 Reserved Instances Optimization C) Unassociated Elastic IP Addresses

Your company has recently migrated large amounts of data to the AWS cloud in S3 buckets. But it is necessary to discover and protect the sensitive data in these buckets. Which AWS service can do that? A) CloudTrail B) Amazon Macie C) AWS Inspector D) GuardDuty

B) Amazon Macie Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. https://aws.amazon.com/macie/

Which storage service can provide very high durability storage for Objects? A) RDS MySQL B) Amazon S3 C) Amazon Aurora D) DynamoDB

B) Amazon S3 S3 provides high durability storage of objects. https://aws.amazon.com/s3/

Which of the following is AWS' managed database service that is up to 5X faster than a traditional MySQL database. A) DynamoDB B) Aurora C) PostgreSQL D) MariaDB

B) Aurora Aurora is AWS' managed database service that is up to 5X faster than a traditional MySQL database. Next question

Which of the following are options for creating Lambda functions? Please select the most appropriate answer. A) AWS Lambda does not require functions B) Author from scratch, using a blueprint, and browsing the serverless app repository C) Only Author from scratch and use a blueprint D) Only Author from scratch

B) Author from scratch, using a blueprint, and browsing the serverless app repository

A software company is looking for a tool to automate their deployments from end to end. Which AWS service can provide this continuous delivery functionality? A) CodeBuild B) CodePipeline C) CodeDeploy D) CodeCommit

B) CodePipeline AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers. https://aws.amazon.com/codedeploy/ AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This enables you to rapidly and reliably deliver features and updates. https://aws.amazon.com/codepipeline/

What is AWS Lambda? A) DNS service B) Compute service C) Storage service D) Relational database service

B) Compute Service

Which of the following is an AWS Regional Service? A) RDS B) EC2 C) CloudFront D) VPC

B) EC2

Which of the following types of AWS accounts have access to AWS Trusted Advisor? Please select the most appropriate answer. A) Basic B) Basic, Developer, Business, and Enterprise C) Business and Enterprise D) Basic, Professional, Developer, Business, and Enterprise E) Developer, Business, and Enterprise F) Basic and Developer

B) Basic, Developer, Business, and Enterprise

Which statement below is one of the 6 advantages of cloud computing? A) Trade variable expense for capital expense. B) Benefit from increased speed and agility. C) Easily guess capacity. D) Benefit from minor economies of scale.

B) Benefit from increased speed and agility. Increase speed and agility - In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization since the cost and time it takes to experiment and develop is significantly lower. https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

EBS is an example of _. A) Bulk storage B) Block storage C) Simple Storage Service D) Storage array

B) Block Storage

You have joined a small company and inherited an AWS application built within the EC2 Classic network. Which Load Balancer will work with this application? A) None, the application needs to be upgraded. B) Classic Load Balancer C) Application Load Balancer D) Network Load Balancer

B) Classic Load Balancer Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. Classic Load Balancer is intended for applications that were built within the EC2-Classic network.

A travel company has an application that serves customers worldwide. Which AWS service can speed up delivery of content to this widespread customer base? A) OpsWorks B) CloudFront C) S3 D) CodeDeploy

B) CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS - both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services

In this scenario, we want to set up a service that will allow for auditing IAM users. Which of the following services would be most appropriate? A) IAM B) CloudTrail C) SNS D) CloudWatch

B) CloudTrail

In order to improve fault tolerance, you would like to begin using services that provide fault tolerance. Which AWS services provide automatic replication across Availability Zones? (Pick 2) A) EC2 B) S3 C) VPC D) DynamoDb

B) S3 D) DynamoDb

You need to track your AWS costs on a detailed level. Which tool will allow you to do this? A) AWS Organizations B) Cost Allocation Tags C) AWS CloudTrail D) AWS CloudWatch

B) Cost Allocation Tags A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a value. For each resource, each tag key must be unique, and each tag key can have only one value. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report to make it easier for you to categorize and track your AWS costs. AWS provides two types of cost allocation tags, an AWS generated tags and user-defined tags. AWS defines, creates, and applies the AWS generated tags for you, and you define, create, and apply user-defined tags. You must activate both types of tags separately before they can appear in Cost Explorer or on a cost allocation report. https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html

A new application needs temporary access to resources in AWS. How can this best be achieved? A) Store access key in an S3 Bucket and give the application access to the bucket. B) Create an IAM Role and have the application assume the role. C) Create an IAM Policy and attach it to the application. D) Add the application to a group that has the appropriate permissions.

B) Create an IAM Role and have the application assume the role. Use an IAM role to manage temporary credentials for applications that run on an EC2 instance. When you use a role, you don't have to distribute long-term credentials (such as a user name and password or access keys) to an EC2 instance. Instead, the role supplies temporary permissions that applications can use when they make calls to other AWS resources. When you launch an EC2 instance, you specify an IAM role to associate with the instance. Applications that run on the instance can then use the role-supplied temporary credentials to sign API requests.

A company is configuring IAM for its new AWS account. There are 5 departments with between 5 to 10 users in each department. How can they efficiently apply access permissions for each of these departments and simplify management of these users? A) Create an IAM group for each department. Add the department's members to the group. B) Create policies for each department that define the permissions needed. Create an IAM group for each department and attach the policy to each group. Add each department's members to their respective IAM group. C) Create a policies defining the permissions needed. Attach the policies to all users in each department. D) Create an IAM role defining the permissions needed. Create an IAM group and attach the policy to the group. Add the department's members to the group.

B) Create policies for each department that define the permissions needed. Create an IAM group for each department and attach the policy to each group. Add each department's members to their respective IAM group. By creating an IAM group, all like users can be managed all at one time. Once the permissions are defined within the policy, it can be attached to the IAM group, allowing them access to the resources/services stated within the policy.

What is Amazon Mechanical Turk used for? A) Buying and selling unused EC2 reserved instances. B) Crowdsourcing marketplace where you can outsource tasks. C) Getting deploy ready software. D) Scheduling and running a batch of computing jobs.

B) Crowdsourcing marketplace where you can outsource tasks

Your company has decided to migrate a SQL Server database to a newly created AWS account. Which service can be used to migrate the database? A) AWS RDS B) Database Migration Service C) DynamoDB D) ElastiCache

B) Database Migration Service AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from the most widely used commercial and open-source databases

Which of the following is not an available EC2 Instance Type? A) General Purpose B) Database Optimized C) Memory Optimized D) Compute Optimized E) Accelerated Computing F) Storage Optimized

B) Database Optimized Database Optimized is not an Instance Type

Which of the following best describes Availability Zones? A) Two zones containing compute resources that are designed to automatically maintain synchronized copies of each other's data. B) Distinct locations from within an AWS region that are engineered to be isolated from failures. C) A Content Distribution Network used to deliver content to users. Restricted areas designed specifically for the creation of Virtual D) Private Clouds.

B) Distinct locations from within an AWS region that are engineered to be isolated from failures. Availability Zones are distinct locations from within an AWS region that are engineered to be isolated from failures.

Which of the following is a non-relational database service provided by AWS? A) PostgreSQL B) DynamoDB C) Amazon Aurora D) Amazon RDS

B) DynamoDB

Which of the following is not a SQL database engine? A) Amazon Aurora B) DynamoDB C) MySQL D) PostgreSQL

B) DynamoDB

What does EC2 stand for? A) Extensible Cloud Computing B) Elastic Compute Cloud C) Ethernet Cloud Compute D) Elastic Cloud Computer

B) Elastic Compute Cloud

If you have an RDS database, which is very I/O intensive, which service is most suitable to improve performance? A) DAX B) Elasticache C) DynamoDB D) RedShift

B) Elasticache You can use Elasticache to store the results of often-used queries, and this will allow quicker retrieval of this data

The ability to not only grow when required but also reduce in size when required is: A) Scalability B) Elasticity C) Autoscaling D) Load Balancing

B) Elasticity

How does Elasticity differ from Scalability? A) Scalability differs in its ability to not only scale-out but to shrink back down resources based on-demand as well. B) Elasticity differs in its ability to not only scale-out but to shrink back down resources based on-demand as well. C) Elasticity is the ability to be available from many locations. D) Elasticity is the ability to scale up in size, and/or scope of resources when required.

B) Elasticity differs in its ability to not only scale-out but to shrink back down resources based on-demand as well.

A large company needs to benefit from available volume discounts in AWS. Which AWS feature will enable the company to get volume discounts? A) Upgrade to an Enterprise Support Plan. B) Enable consolidated billing in AWS Organizations. C) Contact AWS to request volume discounts. D) Use free tier as much as possible.

B) Enable consolidated billing in AWS Organizations You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) accounts.

Which of the following type of AWS account receives the highest priority access to customer service and technical support? A) Business B) Enterprise C) Developer D) Basic

B) Enterprise

Which of the following type of AWS account will receive support in less than 15 minutes when the support care is related to business-critical systems down? A) Basic B) Enterprise C) Business D) Developer

B) Enterprise

In Identity and Access Management, which term refers to the IAM resource objects that AWS uses for authentication? A) Principal B) Entities C) Identity D) Resource

B) Entities A Principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS. https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html IAM entities are the users (IAM users and federated users) and roles that are created and used for authentication. https://docs.aws.amazon.com/IAM/latest/UserGuide/intro-structure.html

True or False: S3 can be used to host a dynamic website, like one that runs on a LAMP stack. A) True B) False

B) False

True or False: The Standard version of AWS Shield offers automated application (layer 7) traffic monitoring. A) True B) False

B) False AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your website or applications. For higher levels of protection against attacks, including Automated application (layer 7) traffic monitoring, you can subscribe to AWS Shield Advanced. Reference: How AWS Shield works.

Platform as a Service (PaaS) if part or all of an infrastructure platforma provided by a third party A) True B) False

B) False Infrastructure as a Service (IaaS) does this

True or False: With Consolidated Billing, the Paying Account can make changes to any of the resources owned by a Linked Account. A) True B) False

B) False False. The Paying Account cannot make changes to any of the resources owned by a Linked Account.

True or False: Both you and a friend can have an S3 bucket called 'mytestbucket'. A) False B) True

B) False S3 bucket names are global, and must be unique.

True or False: To restrict access to an entire bucket, you use bucket control lists; and to restrict access to an individual object, you use object policies. A) True B) False

B) False To restrict access to an entire bucket, you use bucket policies; and to restrict access to an individual object, you use access control lists.

Which S3 storage class is the best value for long-term storage? A) S3 Standard Infrequent-Access B) Glacier C) S3 Intelligent-Tiering D) S3 Standard

B) Glacier Glacier is a low-cost storage option for Data Archiving. It can take several hours to retrieve the data, but if this is acceptable, it is the best value for long-term storage of data.

Which of these are examples of cloud bulk storage? (pick 3) A) Netflix B) Google Drive C) Amazon S3 D) Amazon EBS E) Dropbox

B) Google Drive C) Amazon S3 E) Dropbox

In this scenario, we want to automate emails and SMS messages for events taking place in an AWS account. Which of the following services is the most appropriate? A) CloudWatch B) SNS C) CloudTrail D) S3

B) SNS (Simple Notification Service)

Which of the following is not an S3 storage class? A) Standard-IA B) Intelligent-IA C) Standard D) Intelligent-Tiering

B) Intelligent-IA

Several EC2 instances in a public subnet need internet access. Which will you configure as one step in granting internet access? A) API Gateway B) Internet Gateway C) VPC Peering D) NAT Gateway

B) Internet Gateway An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html

Which valuable AWS design principle can be a valuable feature when deploying applications? A) Hardware Coupling B) Loose Coupling C) Regional Coupling D) Tight Coupling

B) Loose Coupling Implement loosely coupled dependencies: Dependencies such as queuing systems, streaming systems, workflows, and load balancers are loosely coupled. Loose coupling helps isolate the behavior of a component from other components that depend on it, increasing resiliency and agility

You have two Software systems that need to communicate, and you also need to ensure that messages are not lost between them. Which AWS service can help meet these requirements? A) SES B) SQS C) SNS D) CloudWatch

B) SQS Amazon Simple Queue Service (Amazon SQS) offers a secure, durable, and available hosted queue that lets you integrate and decouple distributed software systems and components.

You are concerned about access to your top-secret application by stolen passwords. What additional layer of security can you add for logging in to AWS Management Console, in addition to user passwords? A) AWS Voice Recognition B) Multi-Factor Authentication C) Secret Access Keys D) AWS Transcribe

B) Multi-Factor Authentication AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password. With MFA enabled, when a user signs in to an AWS Management Console, they will be prompted for their user name and password (the first factor—what they know), as well as for an authentication code from their AWS MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources. https://aws.amazon.com/iam/features/mfa/

You have a mission-critical application which must be globally available at all times. Which deployment strategy should you follow? A) Multi-VPC in two AWS Regions B) Multi-Region C) Multi-Availability Zone D) Deploy to all Availability Zones in your home region.

B) Multi-Region A Multi-Region deployment will best ensure global availability.

What are the three types of AWS load balancers? A) Adaptable Load Balancer B) Network Load Balancer C) Classic Load Balancer D) Application Load Balancer E) Reverse Proxy Load Balancer

B) Network Load Balancer C) Classic Load Balancer D) Application Load Balancer

AWS uses the shared responsibility model. For security, which of the following are the responsibilities of AWS? (pick 3) A) Configure Security Groups B) Network patching C) Disk disposal D) Physically securing compute resources E) User password rules

B) Network patching C) Disk disposal D) Physically securing compute resources

Upon venturing into using the AWS Cloud, your company decides to follow the 5 pillars of the AWS Well Architected Framework. Which items are pillars of the Well Architected Framework? (pick 2) A) Elasticity B) Operational Excellence C) Ease of Use D) Scalability E) Reliability

B) Operational Excellence E) Reliability The 5 pillars of a Well Architected Framework - Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization.

In Identity and Access Management, which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS? A) Entity B) Principal C) Resource D) Identity

B) Principal A Principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.

In Identity and Access Management, which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS? A) Entity B) Principal C) Identity D) Resource

B) Principle A Principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.

Which of the following AWS services can be used to store and archive data for 5 years at the lowest cost? Glacier S3 EFS Snowball

Glacier

Your company is considering migrating its data center to the cloud. What are the advantages of the AWS cloud over an on-premises data center? A) Replace low variable costs with upfront capital expenses. B) Replace upfront capital expenses with low variable costs. C) Maintain physical access to the new data center, but share responsibility with AWS. D) Replace upfront operational expenses with low variable operational expenses.

B) Replace upfront capital expenses with low variable costs.

Your company is considering migrating its data center to the cloud. What are the advantages of the AWS cloud over an on-premises data center? A) Replace low variable costs with upfront capital expenses. B) Replace upfront capital expenses with low variable costs. C) Replace upfront operational expenses with low variable operational expenses. D) Maintain physical access to the new data center, but share responsibility with AWS.

B) Replace upfront capital expenses with low variable costs. All the hardware purchased upfront for a data center will be replaced by resources which are variable in nature with low upfront costs. https://d1.awsstatic.com/whitepapers/introduction-to-aws-cloud-economics-final.pdf

Which of the following EC2 instance types will realize a savings over time in exchange for a contracted term-of-service? A) On-demand instances B) Reserved instances C) Discount instances D) Spot instances

B) Reserved instances EC2 Reserved Instances offer significant discounts for a contracted term-of-service.

QUESTION 3 Which of the following EC2 options is best for long-term workloads with predictable usage patterns? A) On-Demand instances B) Reserved instances C) Dedicated Host D) Spot instances

B) Reserved instances Reserved instances are the most economical option for long-term workloads with predictable usage patterns.

Which of the following guidelines should be followed if an AWS account is compromised? A) Respond to any email about AWS account credentials. B) Respond to AWS through the AWS Support Center. C) Change the AWS account root password. D) Rotate and delete all API access keys. E) Delete any resources that you do not remember creating. F) Change all IAM user passwords.

B) Respond to AWS through the AWS Support Center. C) Change the AWS account root password. D) Rotate and delete all API access keys. E) Delete any resources that you do not remember creating. F) Change all IAM user passwords.

During Disaster Recovery exercises, you need to re-route traffic from EC2 instances to instances in another region. With which service can you do this? A) VPC Peering B) Route 53 C) AWS Auto Scaling D) CloudFront

B) Route 53 Route 53 can be used for Disaster Recovery by simply shifting traffic to the new region. Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like "www.example.com" into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well.

Which AWS service can you use to connect your AWS cloud with an on-premises data center? A) IAM B) Virtual Private Gateway C) Internet Gateway D) VPC Peering

B) Virtual Private Gateway

You need to set up a virtual firewall for your EC2 instance. Which would you use? A) Network ACL B) Security Group C) IAM Policy D) Subnet

B) Security Group A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.

You have a web application that needs to run for a short period of time (a couple days). It is alright if there are interruptions in the application. Which EC2 instance type would be best for this use case? A) On_Demand B) Spot C) Dedicated Instance D) Reserved

B) Spot Spot Instances are a great choice for this use case. Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. You can use Spot Instances for various stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, CI/CD, web servers, high-performance computing (HPC), and other test & development workloads. The key phrase in this question is, "It is alright if there are interruptions in the application". If the application could not accept interruptions, then the best option would be on-demand.

Which of the following will create subsections of a VPC? A) ELB B) Subnet C) Security Group D) Internet Gateway E) NACL

B) Subnet

A subnet is a _. A) Table that directs traffic B) Subsection of a network C) Firewall D) VPC

B) Subsection of a network

Which of these statements is true of subnets? (AZ = Availability Zones) A) We can not add more than one subnets in each AZ. B) The default VPC already has subnets created for each AZ by default. C) Subnets can span AZs. D) Subnets cannot span AZs. E) We can add one or more subnets in each AZ.

B) The default VPC already has subnets created for each AZ by default. D) Subnets cannot span AZs. E) We can add one or more subnets in each AZ.

Which of the following is correct? A) Number of Availability Zones is greater than the Number of Edge Locations. The Number of Edge locations is greater than the Number of Regions B) Number of Edge Locations is greater than the Number of Availability Zones. The number of Availability Zones are greater than the Number of Regions C) Number of Availability Zones is greater than the Number of Regions. The Number of Regions is greater than the Number of Edge Locations D) Number of Regions is greater than the Number of Availability Zones. The Number of Availability Zones is greater than Number of Edge Locations

B) The number of edge locations is greater than the number of Availability Zones, which is greater than the number of regions.

True or false: With AWS Organizations, there are two available feature sets — so you may choose to use the consolidated billing features, or use all the offered features. A) False B) True

B) True With AWS Organizations, you can use either the consolidated billing features or all the offered features. If you create an organization with consolidated billing features only, you can later enable all features.

True or False: S3 is object storage suitable for the storage of 'flat' files like Word documents, photos, etc. A) False B) True

B) True S3 is object storage suitable for the storage of 'flat' files like Word documents, photos, etc.

True or False: A Distribution is what we call a series of Edge Locations that make up CDN. A) False B) True

B) True The collection of a CDN's Edge Locations is called a Distribution.

A video archiving company is storing files between 50 and 100 MB, but they need to minimize the upload time. What can they do? A) Use Cross-region replication B) Use Multipart Upload C) Upgrade the instance class performing the upload. D) Use AWS Data Pipeline

B) Use Multipart Upload Multipart Upload allows you to upload a single object as a set of parts. After all parts of your object are uploaded, Amazon S3 then presents the data as a single object. You can use a multipart upload for objects from 5 MB to 5 TB in size. Amazon S3 customers are encouraged to use multipart uploads for objects greater than 100 MB

What can we do in AWS to receive the benefits of volume pricing for your multiple AWS accounts? A) Purchase services in bulk from AWS Marketplace. B) Use consolidated billing in AWS Organizations. C) You will receive volume pricing by default. D) Use AWS Trusted Advisor

B) Use consolidated billing in AWS Organizations You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. You can combine the usage across all accounts in the organization to share the volume pricing discounts, Reserved Instance discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts

What can we do in AWS to receive the benefits of volume pricing for your multiple AWS accounts? A) You will receive volume pricing by default. B) Use consolidated billing in AWS Organizations. C) Purchase services in bulk from AWS Marketplace. D) Use AWS Trusted Advisor

B) Use consolidated billing in AWS Organizations. You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. You can combine the usage across all accounts in the organization to share the volume pricing discounts, Reserved Instance discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts.

You want to define a virtual network in your AWS cloud to be able to launch resources in that virtual network. What do you need to configure? A) Virtual Private Gateway B) VPC C) AWS Organizations D) Internet Gateway

B) VPC Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications. https://aws.amazon.com/vpc/

A Security Group is used to _ traffic on the _. A) explicitly deny, subnet level B) explicitly allow, instance level C) explicitly deny, instance level D) allow/deny, subnet level

B) explicitly allow, instance level

An EBS volume is a _. A) local storage volume B) highly available and reliable storage volume C) preconfigured package required to launch an EC2 instance D) central processing unit for the instance E) storage volume that can be attached to any instance in the same AZ (Availability Zone)

B) highly available and reliable storage volume E) storage volume that can be attached to any instance in the same AZ (Availability Zone)

Choose the features of Consolidated Billing. Choose 3 A) Charging is based per VPC B) Multiple standalone accounts are combined and may reduce your overall bill C) Account charges can be tracked individually. D) A single bill is issued containing the charges for all AWS Accounts

B, C and D Consolidated Billing is a feature of AWS organizations. Once enabled and configured, you will receive a bill containing the costs and charges for all of the AWS accounts within the organization. Although each of the individual AWS accounts are combined into a single bill, they can still be tracked individually and the cost data can be downloaded in a separate file. Using Consolidated Billing may ultimately reduce the amount you pay, as you may qualify for Volume Discounts. There is no charge for using Consolidated Billing. Consolidated Billing is a feature of AWS organizations. Once enabled and configured, you will receive a bill containing the costs and charges for all of the AWS accounts within the organization. Although each of the individual AWS accounts are combined into a single bill, they can still be tracked individually and the cost data can be downloaded in a separate file. Using Consolidated Billing may ultimately reduce the amount you pay, as you may qualify for Volume Discounts. There is no charge for using Consolidated Billing.

What are the three cloud computing models? (Choose 3) A) Hardware as a Service (HaaS) B) Infrastructure as a Service (IaaS) C) PlatForm as a Service (PaaS) D) Software as a Service (SaaS)

B, C and D IaaS is one of the three cloud computing models. https://docs.aws.amazon.com/whitepapers/latest/aws-overview/types-of-cloud-computing.html PaaS is one of the three cloud computing models. https://docs.aws.amazon.com/whitepapers/latest/aws-overview/types-of-cloud-computing.html SaaS is one of the three cloud computing models. https://docs.aws.amazon.com/whitepapers/latest/aws-overview/types-of-cloud-computing.html

Which of the following are characteristics of cloud computing? Choose 3 A) Cloud charges are capital expenditures. B) Services are delivered via the Internet. C) On-demand delivery D) Pay-as-you-go pricing

B, C and D Services incurred from a cloud services provider are operating expenses, not capital expenses. The other answers are correct.

Microsoft has announced a new patch for its operating system on an AWS service you use as platform as a service. Within the Shared Responsibility Model, who needs to apply this patch? A-Customer B-AWS C-The customer for spot instances only. D-Either can apply this patch.

B-AWS Customer is only responsible for patching the guest OS, not the host OS.

You need to store key-value pairs of users and their high scores for a gaming application. Which is the best option for this type of data? A-Amazon RedShift B-DynamoDB C-AWS S3 D-RDS MySQL

B-DynamoDB DyanmoDB is ideally suited for storing key-value pairs as it is a key-value and document database that delivers single digit millisecond performance at any scale

An application that experiences highly variable traffic throughout the day has been configured in AWS. The capacity configured to serve this application adjusts to demands throughout the day. Which AWS principle does this describe? A-Viscosity B-Elasticity C-Durability D-High Availability

B-Elasticity The ability to acquire resources as you need them and release resources when you no longer need them.

In Identity and Access Management, which term refers to the IAM resource objects that AWS uses for authentication? A-Identity B-Entity C-Principal D-Resource

B-Entity

You are creating a few IAM policies. This is the first time you have worked with IAM policies. Which tool can you use to test IAM policies? A-Amazon Inspector B-IAM Policy Simulator C-Amazon GuardDuty D-CloudWatch

B-IAM Policy Simulator With IAM Policy Simulator you can test and troubleshoot identity-based policies, IAM permissions boundaries, Organizations service control policies, and resource based policies

After configuring your VPC and all of the resources within it, you want to add an extra layer of security at the subnet level. Which will you use to add this security? A-Security Group B-Network ACL C-IAM D-Private IP Address

B-Network ACL A Network Access Control List (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

You have upgraded your AWS support plan to the Business support level. What is true of the Business Support Plan? A-Fifteen minute support on production system failure. B-One hour support on production system failure. C-Twenty-four hour support on production system failure. D-15-minute response time support if your business-critical system goes down.

B-One hour support on production system failure.

A company needs to manage and automate tasks on large numbers of resources at one time. Which AWS feature can do this? A-Tagging B-Resource Groups C-IAM Groups D-IAM

B-Resource Groups You can use Resource Groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time.

You have infrequently accessed data in S3 buckets that you want to transfer to Glacier. What can you use in AWS to do this? A-Cross Origin Resource Sharing (CORS) B-S3 Lifecycle Policy C-Bucket Policy D-Database Migration Service

B-S3 Lifecycle Policy You can add rules in an S3 Lifecycle configuration to tell Amazon S3 to transition objects to another Amazon S3 storage class.

You want to group together EC2 instances and manage them as a group. One thing you want to do is issue commands remotely to these instances. Which AWS service will you use? A-Auto Scaling B-Systems Manager C-CloudFormation D-Load Balancing

B-Systems Manager Lets you remotely and securely manage the configuration of your managed instances. A managed instance is any EC2 instance or on-premise machine in your hybrid environment that has been configured for Systems Manager

How can you enable MFA for an AWS account, via a browser-based interface> By using IAM service via the AWS Command Line Tools. By using IAM service via the AWS Management Console. By using Amaozn EC2 Service via he AWS SDKs. By using the IAM HTTPS API

By using IAM service via the AWS Management Console.

What is AWS KMS? A) A firewall B) A user management service C) A key management service D) A storage service

C) A key management service

Which of the following support plans features unlimited (customer-side) contacts and unlimited support cases? Choose 2 Basic Business Developer Enterprise

Both Enterprise and business support plans feature unlimited (customer-side) contacts and unlimited support cases.

Which of the following are Support Levels offered by AWS? Choose 3 Individual Basic Developer Business Start-up

Basic Developer Business

What are spot instances?

Bid for unused EC2 capacity. Prices set by Amazon, fluctuate depending on the supply and demand for capacity.

Which of the following support services do all accounts receive as standard? Billing support 24/7 support via phone and chat Technical Account Manager Technical support

Billing support

You are storing sensitive employee information in an S3 Bucket. What can you use to give bucket access only to authorized personnel?

Bucket Policy

Which of the following are principles of sound cloud design? Choose 3 Scalability Infrastructure as code Tightly-coupled components Assume everything will fail. Limit the number of 3rd-party services. Treat your servers like pets, not cattle. Disposable resources

Build your systems to be scalable, use disposable resources, reduce infrastructure to code, and, please, assume EVERYTHING will fail sooner or later.

Which of the following support plans features a < 4-hour response time in the event of an impaired production system? Developer Basic Individual Business

Business

Whta is the minimum AWS support plan that provides full set of AWS Trusted Advisor checks, and 24x7 phone, emailm and chat access to Cloud Support Engineers? Enterprise Business Developer Basic

Business

Which of the following AWS Support levels offers 24x7 support via phone or chat? Individual Business Developer Basic

Business; The Business and Enterprise support plans offer 24 X 7 technical support via phone or chat.

Which of the following AWS accounts do not have 24/7 access to Cloud Support Engineers? Please select the most appropriate answer. A) Business B) Basic, Business, and Enterprise C) Basic and Developer D) Basic E) Business and Enterprise F) Developer

C) Basic and Developer

Which of the following AWS Support levels offers the assistance of a Technical Account Manager? A) Elite B) Business C) Enterprise D) Developer

C) Enterprise Only Enterprise support offers the services of a Technical Account Manager.

In Identity and Access Management, which term refers to the IAM resource objects that AWS uses for authentication? A) Identity B) Principal C) Entity D) Resource

C) Entity

Which of the following AWS services should you use if you'd like to be notified when you have crossed a billing threshold? Choose 2 A) AWS Cost and Usage Reports B) Trusted Advisor C) CloudWatch D) AWS Budgets

C and D In both AWS-Budget & CloudWatch, alarms can be set to monitor spending on your AWS Account.

Including the current month, how many months of billing information are viewable from the AWS Cost Explorer? A) 12 months B) 1 month C) 13 months D) 3 months

C) 13 Months

What is a NACL? A) A logically isolated section of AWS B) A table of rules that directs traffic flow in a network C) A firewall on the subnet level D) A firewall on the instance level

C) A firewall on the subnet level

Amazon S3 bucket names must be unique across _. A) VPCs B) Availability Zones C) AWS D) Regions

C) AWS

Which policy will provide information on performing penetration testing on your EC2 instances? A) AWS Terms and Conditions Policy B) JSON Policy C) AWS Acceptable use policy D) IAM Policy

C) AWS Acceptable use policy The policy states that penetration testing may be performed by customers on their own instances with prior approval from AWS.

A recent audit has dictated that a company begin keeping a log of AWS Management Console actions and API calls. Which AWS service can help with this? A) CloudWatch B) AWS Inspector C) AWS CloudTrail D) AWS X-Ray

C) AWS CloudTrail AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred

In regards to security and compliance on AWS, what AWS service is a threat detection service that monitors for threats to AWS accounts and workloads? A) AWS Shield B) AWS WAF C) AWS GuardDuty D) Amazon Inspector

C) AWS GuardDuty

A small startup is configuring its AWS cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group? A) Resource Groups B) Tagging C) AWS IAM D) AWS Organizations

C) AWS IAM This is for resources, not users. You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time. https://docs.aws.amazon.com/ARG/latest/userguide/welcome.html AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. https://aws.amazon.com/iam/

What AWS service will perform serverless computing? A) Lightsail B) EC2 C) AWS Lambda D) VPC

C) AWS Lambda

Which of these statements are true in regards to AWS Lambda? A) AWS Lambda does require server management. B) AWS Lambda does not integrate with other AWS services. C) AWS Lambda integrates with most AWS services D) AWS Lambda is scalable. E) AWS Lambda does not require server management. F) AWS Lambda is not scalable. G) AWS Lambda only charges when code is executed and running.

C) AWS Lambda integrates with most AWS services D) AWS Lambda is scalable. E) AWS Lambda does not require server management. G) AWS Lambda only charges when code is executed and running.

Which of the following can you use as a web-based interface to view processes in AWS? A) AWS SDK B) AWS API C) AWS Management Console D) AWS CLI

C) AWS Management Console AWS Management Console is a web application for managing Amazon Web Services.

A company has multiple AWS accounts across multiple regions. Which AWS service can be used to manage these accounts and provide consolidated billing? A) CloudFormation B) Trusted Advisor C) AWS Organizations D) Identity and Access Management

C) AWS Organizations AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Whether you are a growing startup or a large enterprise, Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts

A small company wants to deploy a new system in the AWS cloud but does not have anyone with the required AWS skill set to perform the deployment. Which AWS service can help with this? A) Trusted Advisor B) AWS Partner Network (APN) Technology Partners C) AWS Partner Network (APN) Consulting Partners D) AWS CloudFormation

C) AWS Partner Network (APN) Consulting Partners Incorrect: APN Technology Partners provide hardware, connectivity services, or software solutions that are either hosted on, or integrated with, the AWS Cloud. Technology Partner products are often delivered as components to broader AWS customer solutions. They can be delivered globally by Consulting Partners through AWS Marketplace, bundled solutions, or directly from APN Technology Partners. The AWS Partner Network (APN) is the global partner program for technology and consulting businesses that leverage Amazon Web Services to build solutions and services for customers. The APN helps companies build, market, and sell their AWS offerings by providing valuable business, technical, and marketing support. https://aws.amazon.com/partners/ APN Consulting Partners are professional services firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their journey to the cloud. APN Consulting Partners often implement Technology Partner solutions in addition to the professional services they offer. https://aws.amazon.com/partners/

You are leading a pilot program to try the AWS Cloud for one of your applications. You have been instructed to provide an estimate of your AWS bill. Which service will allow you to do this by manually entering your planned resources by service? A) AWS CloudTrail B) AWS Cost and Usage Report C) AWS Pricing Calculator D) AWS Cost Explorer

C) AWS Pricing Calculator With the AWS Pricing Calculator, you can input the services you will use, and the configuration of those services, and get an estimate of the costs these services will accrue. AWS Pricing Calculator lets you explore AWS services, and create an estimate for the cost of your use cases on AWS.

You are leading a pilot program to try the AWS Cloud for one of your applications. You have been instructed to provide an estimate of your AWS bill. Which service will allow you to do this by manually entering your planned resources by service? A) AWS Cost and Usage Report B) AWS CloudTrail C) AWS Pricing Calculator D) AWS Cost Explorer

C) AWS Pricing Calculator With the AWS Pricing Calculator, you can input the services you will use, and the configuration of those services, and get an estimate of the costs these services will accrue. AWS Pricing Calculator lets you explore AWS services, and create an estimate for the cost of your use cases on AWS.

Your organization is multi-national and uses multiple AWS regions. Which AWS service can be used to route users to the nearest datacenter to reduce latency? A) AWS IAM B) AWS VPC C) AWS Route 53 D) AWS Organizations

C) AWS Route 53 Amazon Route 53 effectively connects user requests to infrastructure running in AWS - such as Amazon EC2 instances, Elastic Load Balancing load balancers, or Amazon S3 buckets - and can also be used to route users to infrastructure outside of AWS. You can use Amazon Route 53 to configure DNS health checks to route traffic to healthy endpoints or to independently monitor the health of your application and its endpoints. Amazon Route 53 Traffic Flow makes it easy for you to manage traffic globally through a variety of routing types, including Latency Based Routing, Geo DNS, Geoproximity, and Weighted Round Robin—all of which can be combined with DNS Failover to enable a variety of low-latency, fault-tolerant architectures. Using Amazon Route 53 Traffic Flow's simple visual editor, you can easily manage how your end-users are routed to your application's endpoints—whether in a single AWS region or distributed around the globe. Amazon Route 53 also offers Domain Name Registration - you can purchase and manage domain names such as example.com, and Amazon Route 53 will automatically configure DNS settings for your domains. https://aws.amazon.com/route53/

You would like to set up a loosely coupled architecture. Which service would allow you to send and receive messages, but most importantly, store messages if they are not consumed immediately? A) AWS S3 B) AWS CloudSearch C) AWS SQS D) AWS SES

C) AWS SQS Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available

You would like to set up a loosely coupled architecture. Which service would allow you to send and receive messages, but most importantly, store messages if they are not consumed immediately? A) AWS S3 B) AWS CloudSearch C) AWS SQS D) AWS SES

C) AWS SQS Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available. https://aws.amazon.com/sqs/

A financial company needs to migrate large amounts of data, at a peta-byte scale, to AWS. Which AWS service can perform this type of migration? A) AWS Data Pipeline B) Database Migration Service C) AWS Snowball D) API Gateway

C) AWS Snowball Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns

Developers in your company need to interact with AWS from the Command Line Interface. Which security item will you need to provide to the developers? A) Login ID B) Root password C) Access Key D) Security Token

C) Access Key When working with AWS from the CLI, you need to provide an access key and secret access key.

Users need to access AWS resources from the command-line interface. Which IAM option can be used for authentication? A) IAM Group B) IAM Policy C) Access Keys D) IAM Role

C) Access Keys You must provide your AWS access keys to make programmatic calls to AWS or to use the AWS Command Line Interface or AWS Tools for PowerShell.

In this scenario, we have a NACL with the following rules. RulesTraffic Rule #1 Allow SSH Rule #2 Allow HTTP Rule #3 Deny All Rule #4 Allow All Which is true based on the rules within this NACL? A) All traffic will be allowed B) All traffic will be denied C) All traffic except SSH and HTTP will be denied D) SSH traffic will be denied

C) All traffic except SSH and HTTP will be denied

You have a MySQL database that you want to migrate to the cloud, and you need it to be significantly faster there. You are looking for a speed increase up to 5 times the current performance. Which AWS offering could you use? A) DynamoDB B) Amazon RDS MySQL C) Amazon Aurora D) Elasticache

C) Amazon Aurora Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases. Amazon Aurora is up to five times faster than standard MySQL databases and three times faster than standard PostgreSQL databases. https://aws.amazon.com/rds/aurora/

Your team needs to begin monitoring the applications running in your AWS account. Which AWS service can you use? A) Amazon Cloudtrail B) AWS Config C) Amazon CloudWatch D) AWS App Monitoring

C) Amazon CloudWatch Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers. You can use CloudWatch to detect anomalous behavior in your environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly

Your team needs to begin monitoring the applications running in your AWS account. Which AWS service can you use? A) AWS Config B) Amazon Cloudtrail C) Amazon CloudWatch D) AWS App Monitoring

C) Amazon CloudWatch Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers. You can use CloudWatch to detect anomalous behavior in your environments, set alarms, visualize logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly. https://aws.amazon.com/cloudwatch/

Which of the following AWS services uses EBS as a detachable storage? A) Amazon EBS B) Amazon S3 C) Amazon EC2 D) VPC

C) Amazon EC2

Your company has recently migrated large amounts of data to the AWS cloud in S3 buckets. But it is necessary to discover and protect the sensitive data in these buckets. Which AWS service can do that? A) AWS Inspector B) CloudTrail C) Amazon Macie D) GuardDuty

C) Amazon Macie

Which of these database services support SQL? (Choose all that apply). A) Amazon DynamoDB B) Amazon ElastiCache C) Amazon Redshift D) Amazon RDS E) Amazon Aurora

C) Amazon Redshift D) Amazon RDS E) Amazon Aurora

Which storage service can provide very high durability storage for Objects? A) RDS MySQL B) Amazon Aurora C) Amazon S3 D) DynamoDB

C) Amazon S3 S3 provides high durability storage of objects

You need to launch an EC2 instance in AWS and control access to it. Which AWS service can help with this? A) Elastic Network Interface B) Amazon RDS C) Amazon Virtual Private Cloud D) Amazon Route 53

C) Amazon Virtual Private Cloud Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications

You have decided to use the AWS Cost and Usage Report to track your EC2 Reserved Instance costs. To where can these reports be published? A) An AWS owned S3 Bucket. B) Trusted Advisor C) An S3 Bucket that you own. D) CloudWatch

C) An S3 Bucket that you own The AWS Cost and Usage Reports (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use Cost and Usage Reports to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that break down your costs by the hour or day, by product or product resource, or by tags that you define yourself. AWS updates the report in your bucket once a day in comma-separated value (CSV) format. You can view the reports using spreadsheet software such as Microsoft Excel or Apache OpenOffice Calc, or access them from an application using the Amazon S3 API

What is a global content delivery network (CDN) service that securely delivers data, videos, applications, and API's to your viewers with low latency and high transfer speeds A) CloudSword B) CloudShield C) CloudFront D) CloudWatch

C) CloudFront

Which of the following is an AWS Global Service? A) RDS B) EC2 C) CloudFront D) VPC

C) CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment

A travel company has an application that serves customers worldwide. Which AWS service can speed up delivery of content to this widespread customer base? A) CodeDeploy B) OpsWorks C) CloudFront D) S3

C) CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS - both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services

Your company would like to begin using auto-scaling to add servers when CPU utilization reaches a certain threshold (say 70%). What can you use to signal when CPU utilization crosses the threshold? A) EC2 Logs B) Elastic Load Balancers C) CloudWatch Alarms D) Simple Notification Service

C) CloudWatch Alarms A CloudWatch alarm can be set up to monitor CPU utilization and trigger further action. Further action could be an Auto Scaling Group adding another EC2 instance and/or using SNS to notify team members of the occurrence.

A software company is looking for a tool to automate their deployments from end to end. Which AWS service can provide this continuous delivery functionality? A) CodeDeploy B) CodeCommit C) CodePipeline D) CodeBuild

C) CodePipeline AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This enables you to rapidly and reliably deliver features and updates

When configuring an Application Load Balancer, what step will you take to ensure a highly available architecture? A) Set up more than one ALB. B) Set up multiple Edge Locations for your load balancer. C) Configure the Load Balancer to serve traffic to multiple Availability Zones. D) Set up cross-region Load Balancing.

C) Configure the Load Balancer to serve traffic to multiple Availability Zones. You would set up the load balancer to deliver traffic across multiple availability zones.

You have recently started using AWS and now need to launch a large number of instances in your VPC. You learn that this number exceeds the service limits for instances in a VPC. What can you do? A) There is nothing that can be done. Redesign based on a smaller number of instances. B) Use Auto Scaling and the service limit can be exceeded. C) Contact AWS and request a service limit increase. D) Upgrade your support plan to increase this service limit

C) Contact AWS and request a service limit increase Use the Limits page in the Amazon EC2 console to request an increase in the limits for resources provided by Amazon EC2 or Amazon VPC on a per-Region basis.

You need to visualize, understand, and manage your AWS costs and usage over time. Which AWS tool would you use? A) CloudWatch B) Trusted Advisor C) Cost Explorer D) AWS Cost and Usage Repor

C) Cost Explorer AWS Cost Explorer lets you visualize, understand, and manage your AWS costs and usage over time. You can analyze your cost and usage data at a high level (e.g., total costs and usage across all accounts in your organization) or for highly specific requests.

Under the Shared Responsibility model, for which of the following does AWS not assume responsibility? A) Networking B) Physical security of AWS facilities C) Customer data D) Hypervisors

C) Customer data The customer is responsible for their own customer data.

Which of the following AWS services should you use to migrate an existing database to AWS? A) Storage Gateway B) Route 53 C) DMS D) SNS

C) DMS The AWS Database Migrations Service is the best choice for conventional data migrations.

Which valuable AWS design principle can be a valuable feature when deploying applications? A) Hardware Coupling B) Tight Coupling C) Loose Coupling D) Regional Coupling

C) Loose Coupling Implement loosely coupled dependencies: Dependencies such as queuing systems, streaming systems, workflows, and load balancers are loosely coupled. Loose coupling helps isolate the behavior of a component from other components that depend on it, increasing resiliency and agility

Which valuable AWS design principle can be a valuable feature when deploying applications? A) Tight Coupling B) Hardware Coupling C) Loose Coupling D) Regional Coupling

C) Loose Coupling Implement loosely coupled dependencies: Dependencies such as queuing systems, streaming systems, workflows, and load balancers are loosely coupled. Loose coupling helps isolate the behavior of a component from other components that depend on it, increasing resiliency and agility https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf

Which of the following is not a fundamental AWS charge? A) Compute B) Data-out C) Data-in D) Storage

C) Data-in In AWS, data-in is always free-of-charge.

Which of these following stores data in a structured way such as a table, so that it may be easily retrieved? A) CPU B) RAM C) Database D) Storage

C) Database

Your company has decided to migrate a SQL Server database to a newly created AWS account. Which service can be used to migrate the database? A) DynamoDB B) ElastiCache C) Database Migration Service D) AWS RDS

C) Database Migration Service AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from the most widely used commercial and open-source databases. https://aws.amazon.com/dms/

Your company is migrating to the AWS Cloud. For servers, your company has existing server-bound software licenses that they would like to continue to use. Which EC2 purchasing option allows this? A) Spot B) On-Demand C) Dedicated Host D) Reserved

C) Dedicated Host The Dedicated Host option will allow for reuse of these hardware bound licenses.

Which of the following type of account receives only email access to Cloud Support Associates during business hours? A) Basic B) Enterprise C) Developer D) Business

C) Developer

Which of the following support plans features access to AWS Support ONLY during business hours via email? A) Enterprise B) Basic C) Developer D) Business

C) Developer The Developer support plan features access to AWS support explicitly during business hours via email. With the AWS exams you need to be careful of wording. Business and Enterprise offer 24x7 access not just business hours. If you were asked to provide three answers those might be included, but with only 1 answer, you must chose the most precise answer. Get my results

What does a route table do? A) Connects resources within a VPC to the internet B) Allows or denies inbound/outbound traffic on the instance level C) Directs traffic within a network D) Allows or denies inbound/outbound traffic on the subnet level

C) Directs traffic within a network

Which AWS service is specifically designed to assist you in processing large data sets? A) AWS Big Data Processing B) ElastiCache C) EMR D) EC2

C) EMR Amazon EMR is a web service that makes it easy to process large amounts of data efficiently.

Which statement is true regarding the AWS Global Infrastructure? A) Edge Locations contain Regions B) Each AWS Availability Zone contains multiple regions. C) Each AWS region contains multiple availability zones. D) Availability Zones contain Edge Locations

C) Each AWS region contains multiple availability zones.

Which statement is true regarding the AWS Global Infrastructure? A) Edge Locations contain Regions B) Each AWS Availability Zone contains multiple regions. C) Each AWS region contains multiple availability zones. D) Availability Zones contain Edge Locations

C) Each AWS region contains multiple availability zones. Each region contains multiple availability zones. https://aws.amazon.com/about-aws/global-infrastructure/

AWS Trusted Advisor provide checks in 5 different categories. Which item is not one of those checks? A) Fault Tolerance B) Cost Optimization C) Elasticity D) Security

C) Elasticity Although this is a valued concept in AWS, it is not one of the 5 checks provided in Trusted Advisor.

Which of the following Cloud concepts correlate with an Auto Scaling Group? A) Fault Tolerance B) High Availability C) Elasticity D) Scalability

C) Elasticity D) Scalability

You work for a financial company that has several mission-critical workloads. Which AWS Support Plan should you use? A) Basic B) Developer C) Enterprise D) Business

C) Enterprise Recommended if you have business and/or mission critical workloads in AWS

What are the three main functions of Route 53? A) Load balancing instances B) Caching Content C) Health Checks D) DNS (Domain Name System) service E) Domain Registration

C) Health Checks D) DNS (Domain Name System) service E) Domain Registration

Which of these types of a cloud is an example of using on-premises data centers in combination with AWS? A) Private Cloud B) Personal Cloud C) Hybrid Cloud D) Public Cloud

C) Hybrid Cloud

Users need to access AWS resources from the command-line interface. Which IAM option can be used for authentication? A) IAM Policy B) IAM Role C) IAM Group D) Access Keys

C) IAM Group An IAM group is a collection of IAM users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group. If a new user joins your organization and needs administrator privileges, you can assign the appropriate permissions by adding the user to that group. Similarly, if a person changes jobs in your organization, instead of editing that user's permission, you can remove him or her from the old groups and add him or her to the appropriate new groups. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html You must provide your AWS access keys to make programmatic calls to AWS or to use the AWS Command Line Interface or AWS Tools for PowerShell. When you create your access keys, you create the access key ID (for example, AKIAIOSFODNN7EXAMPLE) and secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY) as a set. The secret access key is available for download only when you create it. If you don't download your secret access key or if you lose it, you must create a new one. https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html

You are working with IAM and need to attach policies to users, groups, and roles. Which will you be attaching these policies to? A) Resources B) Principals C) Identities D) Entities

C) Identities Principals are a person or application that uses the AWS account root user, an IAM user, or an IAM role, to sign in and make requests to AWS. Identities are the IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles.

A colleague tells you about a service that uses machine learning to discover and protect sensitive data stored in S3 Buckets. Which AWS service does this? A) Rekognition B) Inspector C) Macie D) Cognito

C) Macie

You have a project that will require 90 hours of computing time. There is no deadline, and the work can be stopped and restarted without adverse effect. Which of the following computing options offers the most cost-effective solution? A) ECS instances B) On-demand instances C) Spot instances D) Reserved instances

C) Spot instances Spot instances would be the most cost-effective solution.

Which of the following services enables you to assess, audit, and evaluate the configurations your AWS resources? Inspector Config GuardDuty CloudWatch

Config

Which of the following will connect instances within a VPC to networks outside of the VPC and provides Internet access for the VPC? A) Subnet B) Route Table C) Internet Gateway D) NACL

C) Internet Gateway

Which AWS service allows you to run code without having to worry about provisioning any underlying resources (such as virtual machines, databases etc.) A) EC2 B) DynamoDB C) Lambda D) EC2 Container Service

C) Lambda Lambda is the AWS Function-as-a-Service (FaaS) offering that lets you run code without provisioning or managing servers. Next question

In regards to penetration testing on AWS, which of these statements is true? Please select the most appropriate response. A) No penetration testing is allowed on AWS. B) All penetration testing on AWS requires permission. C) Limited penetration testing is allowed, but some require permission from AWS. D) All penetration testing is allowed on AWS.

C) Limited penetration testing is allowed, but some require permission from AWS

You are concerned about access to your top-secret application by stolen passwords. What additional layer of security can you add for logging in to AWS Management Console, in addition to user passwords? A) AWS Voice Recognition B) Secret Access Keys C) Multi-Factor Authentication D) AWS Transcribe

C) Multi-Factor Authentication AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password. With MFA enabled, when a user signs in to an AWS Management Console, they will be prompted for their user name and password (the first factor—what they know), as well as for an authentication code from their AWS MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources

Which computer component provides a connection to the internet? A) CPU B) RAM C) Network Card D) Hard Drive

C) Network Card

Any new IAM Users created are granted _. A) Limited access to AWS services. B) Access to all AWS services. C) No access to AWS services. D) Administrative access

C) No access to AWS Services

In this scenario, we have an increase in traffic on a holiday sale. What EC2 purchasing option should we use to acquire the resources to handle the traffic? A) Dedicated Hosts B) Spot C) On-Demand D) Reserved

C) On-Demand Purchasing an On-Demand instance would provide us instances to handle that short duration of time we need the resources, and then we could terminate the instances when the traffic declines after the holiday sale.

Which of the following NoSQL databases does Amazon DynamoDB replace? A) MariaDB B) Amazon Aurora C) Oracle NoSQL D) Cassandra DB E) MongoDB

C) Oracle NoSQL D) Cassandra DB E) MongoDB

Which of the following Compliance certifications attests to the security of the AWS platform regarding credit card transactions? A) ISO 27001 B) SOC 1 C) PCI DSS Level 1 D) SOC 2

C) PCI DSS Level 1 A PCI DSS Level 1 certification attests to the security of the AWS platform regarding credit card transactions.

Your company is moving to the AWS Cloud and is reviewing the shared responsibility model. Which item is entirely the responsibility of AWS? A) Patching of the guest OS B) Storing CloudFormation Templates in another region for Disaster Recovery. C) Physical and Environmental Controls D) Implementing IAM Groups

C) Physical and Environmental Controls Inherited Controls - Controls that a customer fully inherits from AWS.

Amazon Lightsail is an example of which of the following? A) Software as a Service B) Functions as a Service C) Platform as a Service D) Infrastructure as a Service

C) Platform as a Service Lightsail is AWS' Platform-as-a-Service offering.

Which of the following is the document used to grant permissions to users, groups, and roles? A) Paradigm B) Passbook C) Policy D) Protocol

C) Policy A Policy is the document used to grant permissions to users, groups, and roles.

Which of the following is not a pricing factor for EC2? A) Reserved purchasing B) AMI C) Request pricing D) Region E) Instance type

C) Request Pricing

What EC2 purchasing option would we select if we wanted to acquire instances for 3 years while receiving a bulk discount? A) On-Demand B) Scheduled C) Reserved D) Spot

C) Reserved

Which AWS service allows you to configure a DNS record set? A) S3 B) VPC C) Route 53 D) EC2

C) Route 53

A company is migrating to the AWS Cloud. They need to set up DNS in the cloud. Which service is a highly available and scalable cloud DNS service in AWS? A) CloudFront B) Amazon Macie C) Route 53 D) Amazon VPC

C) Route 53 Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect. Amazon Route 53 is fully compliant with IPv6 as well.

Which service stores log events for CloudTrail? A) IAM B) CloudWatch C) S3 D) CloudTrail

C) S3

In order to improve fault tolerance, you would like to begin using services that provide fault tolerance. Which AWS services provide automatic replication across Availability Zones? (pick 2) A) EC2 B) VPC C) S3 D) DynamoDb

C) S3 D) DynamoDb

In order to improve fault tolerance, you would like to begin using services that provide fault tolerance. Which AWS services provide automatic replication across Availability Zones? (Choose 2) A) VPC B) EC2 C) S3 D) DynamoDb

C) S3 D) DynamoDb S3 provides this replication. DynamoDB provides this replication.

You have two Software systems that need to communicate, and you also need to ensure that messages are not lost between them. Which AWS service can help meet these requirements? A) SES B) CloudWatch C) SQS D) SNS

C) SQS Amazon Simple Queue Service (Amazon SQS) offers a secure, durable, and available hosted queue that lets you integrate and decouple distributed software systems and components.

The ability to easily grow in size, capacity, and/or scope when required (usually based on demand) is: A) Elasticity B) Autoscaling C) Scalability D) Load Balancing

C) Scalability

You need to set up a virtual firewall for your EC2 instance. Which would you use? A) IAM Policy B) Network ACL C) Security Group D) Subnet

C) Security Group

You need to set up a virtual firewall for your EC2 instance. Which would you use? A) IAM Policy B) Network ACL C) Security Group D) Subnet

C) Security Group A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html

n this scenario, we have an IAM User with an AWSDenyAll policy, but this user is also in an IAM Group with access to various AWS services. These services include S3, EC2, VPC, and IAM. Which of the following resources can this user access? A) S3 and VPC B) EC2 C) The IAM user cannot access any of the AWS services D) VPC and EC2 E) IAM, S3, EC2, and VPC

C) The IAM user cannot access any of the AWS services This IAM User will not be able to access any of the AWS services because the user is attached to an AWSDenyAll policy regardless of being in an IAM Group with access to these services. This is because an explicit deny always overrides and explicit allow.

What is fault-tolerance? A) The ability to be easily accessible and available from many locations B) The ability to scale out and shrink based on demand C) The ability to maintain operations during and/or after failure D) The ability to scale up in size on demand

C) The ability to maintain operations during and/or after failure

What is the AWS Shared Responsibility Model? A) None of these answers are correct. B) The model used to define only the responsibilities that customers have in the AWS cloud. C) The model used to define the responsibilities that AWS has of the cloud and the responsibilities that customers have in the AWS cloud. D) The model used to define only the responsibilities that AWS has of the cloud.

C) The model used to define the responsibilities that AWS has of the cloud and the responsibilities that customers have in the AWS cloud.

Which AWS service can you use to connect your AWS cloud with an on-premises data center? A-VPC Peering B-Internet Gateway C-Virtual Private Gateway D-IAM

C-Virtual Private Gateway This scenario describes a hybrid environment. A virtual private gateway is a logical, fully redundant distributed edge routing function that sits at the edge of your VPC.

You are gathering information to present to management on a potential move to the AWS cloud. Which items are part of the 6 advantages of cloud computing? (pick 2) A) Benefit from small economies of scale B) Easily predict capacity C) Trade capital expense for variable expense D) Increase speed and agility

C) Trade capital expense for variable expense D) Increase speed and agility

You are gathering information to present to management on a potential move to the AWS cloud. Which items are part of the 6 advantages of cloud computing? (Pick 2) A) Benefit from small economies of scale B) Easily predict capacity C) Trade capital expense for variable expense D) Increase speed and agility

C) Trade capital expense for variable expense D) Increase speed and agility Instead of having to invest heavily in data centers and servers before you know how you're going to use them, you can only pay when you consume computing resources, and you only for how much you consume Increase speed and agility - In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization since the cost and time it takes to experiment and develop is significantly lower.

A video archiving company is storing files between 50 and 100 MB, but they need to minimize the upload time. What can they do? A) Upgrade the instance class performing the upload. B) Use Cross-region replication C) Use Multipart Upload D) Use AWS Data Pipeline

C) Use Multipart Upload Multipart Upload allows you to upload a single object as a set of parts. After all parts of your object are uploaded, Amazon S3 then presents the data as a single object. You can use a multipart upload for objects from 5 MB to 5 TB in size. Amazon S3 customers are encouraged to use multipart uploads for objects greater than 100 MB

How can an application achieve high availability and fault-tolerance? A) Scaling up the size of resources B) Utilizing one Availability Zone C) Utilizing multiple Availability Zones D) Scaling in resources

C) Utilizing Multiple Availability Zones

Community AMIs are _. A) created from your snapshots B) equipped with pre-packed additional licensed software C) free to use D) purchased

C) free to use

AWS works on a _ pricing model. A) free B) pay-all-in-advance C) pay-as-you-go D) contract-based

C) pay-as-you-go

A software development team has begun using the AWS Developer Tools Suite. Which service will enable creating, managing, and working with software development projects on AWS? A-AWS CodeBuild B-AWS CodeDeploy C-AWS CodeStar D-AWS CodeCommit

C-AWS CodeStar CodeStar is a cloud based service for creating, managing and working with software development projects on AWS.

A small startup is configuring its AWS cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group? A-Tagging B-AWS Organizations C-AWS IAM D-Resource Groups

C-AWS IAM Enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources

A gaming company is using the AWS Developer Tool Suite to develop, build, and deploy their applications. Which AWS service can be used to trace user requests from end-to-end through the application? A-CloudWatch B-CloudTrail C-AWS X-Ray D-AWS Inspector

C-AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture

You are storing sensitive employee information in an S3 Bucket. What can you use to give bucket access only to authorized personnel? A-Login and password B-Network Access Control List C-Bucket Policy D-Access Keys

C-Bucket Policy S3 bucket policies specify what actions are allowed or denied for which principles on the bucket that the bucket policy is attached to.

A development team has created a large amount of CloudFormation templates in the JSON format. Which AWS database can store these documents? A-Amazon RedShift B-Amazon Aurora C-DynamoDB D-AWS MySQL

C-DynamoDB The latest DynamoDB update added support for JSON data, making it easy to store JSON documents in a DynamoDB table while preserving their complex and possibly nested shape.

You need an AWS service that can identify objects, people, text, scenes, and activities in images and videos. Which service would you choose? A-CloudSearch B-CloudWatch C-Rekognition D-AWS Inspector

C-Rekognition Rekognition makes it easy to add images and video analysis to your applications using proven, highly scalable, deep learning technology that requires no ML expertise

After creating an EC2 instance to host an application, the traffic to the site far exceeds what was expected. You decide to move to a larger instance type. What AWS principal does this represent? A-Horizontal Scaling B-Elasticity C-Vertical Scaling D-Durability

C-Vertical Scaling The increasing in the size and computing power of a single instance or node without increasing the number of nodes or instances.

What services does AWS KMS integrate with for logging of key events?

Cloud Trail

You need to purchase reserved instances for a 3-year project. But a company initiative may change all the company compute operating systems from Windows to Linux midway through this project. What type of reserved instance should you purchase?

Can be exchanged during the term for another Convertible Reserved Instance with new attributes including instance family, instance type, platform, scope, or tenancy.

What is CloudWatch?

Can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate. Think of it like a trainer at the gym!! provides you with data and actionable insights to monitor your applications, understand and respond to system-wide performance changes, and get a unified view of operational health.

You have joined a small company and inherited an AWS application built within the EC2 Classic network. Which Load Balancer will work with this application?

Classic Load Balancer

Which AWS service allows the deployment of resources in code templates, otherwise known as infrastructure as code?

CloudFormation

Which AWS service allows the deployment of resources in code templates, otherwise known as infrastructure as code? Systems Manager CloudFormation OpsWorks Elastic Beanstalk

CloudFormation

Which AWS service allows you to codify your infrastructure and treat it as just code? CodeDeploy CloudFormation Opworks CodePipeline

CloudFormation

Which of the following AWS services are free to use? Choose 5 RDS CloudFormation VPC Elastic Beanstalk EBS EC2 IAM Auto-Scaling Route53 S3

CloudFormation VPC Elastic Beanstalk IAM Auto-Scaling

A travel company has an application that serves customers worldwide. Which AWS service can speed up delivery of content to this widespread customer base?

CloudFront

A travel company has an application that serves customers worldwide. Which AWS service can speed up delivery of content to this widespread customer base? OpsWorks CodeDeploy CloudFront S3

CloudFront

Which of the following is an AWS Global Service? CloudFront RDS EC2 VPC

CloudFront

What will not provide any kind of examination of IAM Policies

CloudWatch

Your company would like to begin using auto-scaling to add servers when CPU utilization reaches a certain threshold (say 70%). What can you use to signal when CPU utilization crosses the threshold?

CloudWatch Alarms

Your company would like to begin using auto-scaling to add servers when CPU utilization reaches a certain threshold (say 70%). What can you use to signal when CPU utilization crosses the threshold? Elastic Load Balancers Simple Notification Service EC2 Logs CloudWatch Alarms

CloudWatch Alarms

What helps you aggregate your logs from your EC2 instance?

CloudWatch Logs

Which AWS service can be used to monitor and retain AWS account activity related to actions across your AWS infrastructure? KMS Cloudtrail CloudFront Athena

Cloudtrail

Which of the following services can be used to automate software deployments to your AWS compute services and your on-premises servers? choose two. CodeDeploy CodeCommit Elastic Beanstalk Opworks

CodeDeploy OpsWorks

A software company is looking for a tool to automate their deployments from end to end. Which AWS service can provide this continuous delivery functionality? CodeDeploy CodeBuild CodePipeline CodeCommit

CodePipeline

A software company is looking for a tool to automate their deployments from end to end. Which AWS service can provide this continuous delivery functionality?

CodePipeline EXPLANATION AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It does not automate deployments. https://aws.amazon.com/codecommit/ AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This enables you to rapidly and reliably deliver features and updates. https://aws.amazon.com/codepipeline/

When configuring an Application Load Balancer, what step will you take to ensure a highly available architecture? Set up multiple Edge Locations for your load balancer. Set up more than one ALB. Set up cross-region Load Balancing. Configure the Load Balancer to serve traffic to multiple Availability Zones.

Configure the Load Balancer to serve traffic to multiple Availability Zones.

When configuring an Application Load Balancer, what step will you take to ensure a highly available architecture?

Configure the Load Balancer to serve traffic to multiple Availability Zones. EXPLANATION Load Balancing can be set up to serve traffic across multiple availability zones (not multi-region). You would set up the load balancer to deliver traffic across multiple availability zones. https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html

Which of the following is used to manage billing and payment for multiple AWS accounts under one master payer account? AWS IAM Centered Billing AWS Budgets Consolidated Billing

Consiolidated Billing

What is AWS Organization

Consolidated billing Consolidate multiple AWS accounts into an organization that you create and centrally manage Limit of 20 accounts for consolidated billing!!

What is AWS Organizations?

Consolidated billing, and multiple organization account. Helps you centrally govern your environment as you grow and scale your workloads on AWS. It does not view the spending distributions.

You have recently started using AWS and now need to launch a large number of instances in your VPC. You learn that this number exceeds the service limits for instances in a VPC. What can you do?

Contact AWS and request a service limit increase.

You need to purchase reserved instances for a 3-year project. But a company initiative may change all the company compute operating systems from Windows to Linux midway through this project. What type of reserved instance should you purchase? Convertible Automatic Zonal Standard

Convertible

As an AWS account administrator, you are in charge of creating AWS accounts and securing those accounts. What steps can you take? Choose 2 Create multi-factor authentication for the root account. Create functional groups for each department and use a common password for each group. Add IP restrictions for all accounts Grant admin access to all users. Store the root account credentials in sharepoint

Create multi-factor authentication for the root account. Add IP restrictions for all accounts

A company is configuring IAM for its new AWS account. There are 5 departments with between 5 to 10 users in each department. How can they efficiently apply access permissions for each of these departments and simplify management of these users?

Create policies for each department that define the permissions needed. Create an IAM group for each department and attach the policy to each group. Add each department's members to their respective IAM group.

A company is configuring IAM for its new AWS account. There are 5 departments with between 5 to 10 users in each department. How can they efficiently apply access permissions for each of these departments and simplify management of these users? -Create an IAM group for each department. Add the department's members to the group. -Create policies for each department that define the permissions needed. Create an IAM group for each department and attach the policy to each group. Add each department's members to their respective IAM group. -Create an IAM role defining the permissions needed. Create an IAM group and attach the policy to the group. Add the department's members to the group. -Create a policies defining the permissions needed. Attach the policies to all users in each department.

Create policies for each department that define the permissions needed. Create an IAM group for each department and attach the policy to each group. Add each department's members to their respective IAM group.

ET - The use of what AWS feature or service allows companies to track and categorize spending on a detailed level? A. Cost allocation tags B. Consolidated billing C. AWS Budgets D. AWS Marketplace

Correct Answer: A https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html

ET - Under the shared responsibility model, which of the following is the customer responsible for? A. Ensuring that disk drives are wiped after use. B. Ensuring that firmware is updated on hardware devices. C. Ensuring that data is encrypted at rest. D. Ensuring that network cables are category six or higher.

Correct Answer: C AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes

Under the Shared Responsibility model, for which of the following does AWS not assume responsibility? Hypervisors Customer data Networking Physical security of AWS facilities

Customer data

In the AWS Shared Responsibility Model, what does AWS perform on your behalf for EBS volumes?

Replication of the EBS volume across the same AZ

A new application needs temporary access to resources in AWS. How can this best be achieved?

Create an IAM Role and have the application assume the role. EXPLANATION A policy can not be attached directly to an application. A policy can be attached to a role, and the application could assume the role. Use an IAM role to manage temporary credentials for applications that run on an EC2 instance. When you use a role, you don't have to distribute long-term credentials (such as a user name and password or access keys) to an EC2 instance. Instead, the role supplies temporary permissions that applications can use when they make calls to other AWS resources. When you launch an EC2 instance, you specify an IAM role to associate with the instance. Applications that run on the instance can then use the role-supplied temporary credentials to sign API requests.

How can you make sure your organization does not exceed its monthly budget?

Create an email alert in AWS Budgets.

You need to track your AWS costs on a detailed level. Which tool will allow you to do this?

Cost Allocation Tags EXPLANATION Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. It does not track your costs. https://aws.amazon.com/cloudwatch/ A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a value. For each resource, each tag key must be unique, and each tag key can have only one value. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report to make it easier for you to categorize and track your AWS costs. AWS provides two types of cost allocation tags, an AWS generated tags and user-defined tags. AWS defines, creates, and applies the AWS generated tags for you, and you define, create, and apply user-defined tags. You must activate both types of tags separately before they can appear in Cost Explorer or on a cost allocation report. https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html

You need to track your AWS costs on a detailed level. Which tool will allow you to do this?

Cost Allocation Tags: A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a value. For each resource, each tag key must be unique, and each tag key can have only one value. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report to make it easier for you to categorize and track your AWS costs

Which AWS service you should use to have an overview of your Reserved Instances utilization and caluculations about recommended Reserved Instances that could save you money if you purchased them? Simple Monthly Calc Trusted Advisor Personal Health Dashboard Cost Explorer

Cost Explorer

A new application needs temporary access to resources in AWS. How can this best be achieved? Add the application to a group that has the appropriate permissions. Create an IAM Policy and attach it to the application. Create an IAM Role and have the application assume the role. Store access key in an S3 Bucket and give the application access to the bucket.

Create an IAM Role and have the application assume the role

A new application needs temporary access to resources in AWS. How can this best be achieved? Create an IAM Role and have the application assume the role. Add the application to a group that has the appropriate permissions. Store access key in an S3 Bucket and give the application access to the bucket. Create an IAM Policy and attach it to the application.

Create an IAM Role and have the application assume the role.

Which of the following data archival services is extremely inexpensive, but has a several hour data-retrieval window? A) S3 B) S3-RRS C) S3-1Zone-IA D) Glacier E) S3-IA

D) Glacier Glacier offers extremely inexpensive data archival, but requires a 3-5 hour data-retrieval window. Next question

What is an AWS region? A) A region is a subset of AWS technologies. For example, the Compute region consists of EC2, ECS, Lambda, etc. B) A region is a collection of Edge Locations available in specific countries. C) A region is an independent data center, located in different countries around the globe. D) A region is a geographical area divided into Availability Zones. Each region contains at least two Availability Zones.

D A region is a geographical area divided into Availability Zones. Each region contains at least two Availability Zones.

How many VPCs are created by default in a region? A) 2 B) 3 C) 4 D) 1

D) 1

How many VPCs can an EC2 instance be attached to at a time? A) 2 B) 3 C) 4 D) 1

D) 1

There are at least ___ Availability Zones per AWS Region. A) 3 B) 4 C) 5 D) 2 (with the exception of the special request Asia Pacific (Osaka) Local Region at 1).

D) 2 (with the exception of the special request Asia Pacific (Osaka) Local Region at 1). There are at least 2 Availability Zones per AWS Region (with the exception of the special request Asia Pacific (Osaka) Local Region at 1).

By default, what is the maximum number of Linked Accounts per Paying Account under Consolidated Billing? A) 100 B) 10 C) 50 D) 20

D) 20 The default maximum is 20 linked accounts. This soft limit can be increased by contacting AWS. Next question

AWS Cost Explorer will forecast _ months of billing. A) 6 months B) 1 month C) 13 months D) 3 months

D) 3 Months

What should the permissions of a key pair (.pem file) be before connecting to an EC2 instance? A) 777 B) 600 C) None of these answers is correct D) 400

D) 400

Which of the following is descriptive of an Internet Gateway? A) A logically isolated section of AWS B) A stateless firewall for inbound/outbound traffic C) A stateful firewall for inbound/outbound traffic D) A route to and from the internet

D) A Route to and from the internet

What is a VPC? A) A public cloud B) A subsection of a private network C) A type of AWS account D) A logically isolated section of the AWS Cloud used as a virtual network

D) A logically isolated section of the AWS Cloud used as a virtual network

Which of the following best describes EBS? A) A managed database service B) A bitcoin-mining service C) A NoSQL database service D) A virtual hard-disk in the cloud

D) A virtual hard-disk in the cloud An EBS volume is best described as a virtual hard-disk in the cloud.

In this scenario, an AWS datacenter was breached by unauthorized personnel. In terms of the AWS Shared Responsibility Model, who is responsible for this? A) Customer B) No one is responsible C) AWS and Customer D) AWS

D) AWS

Which policy will provide information on performing penetration testing on your EC2 instances? A) JSON Policy B) AWS Terms and Conditions Policy C) IAM Policy D) AWS Acceptable use policy

D) AWS Acceptable use policy The policy states that penetration testing may be performed by customers on their own instances with prior approval from AWS.

A recent audit has dictated that a company begin keeping a log of AWS Management Console actions and API calls. Which AWS service can help with this? A) AWS Inspector B) CloudWatch C) AWS X-Ray D) AWS CloudTrail

D) AWS CloudTrail AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.

There have been some questionable activities in your AWS account. You need to review your event history, such as actions taken from the Management Console and the CLI. Which service records this type of information? A) AWS Config B) IAM C) AWS CLoudWatch D) AWS CloudTrail

D) AWS CloudTrail AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides the event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. In addition, you can use CloudTrail to detect unusual activity in your AWS accounts. These capabilities help simplify operational analysis and troubleshooting.

Which AWS service would enable you to view the spending distribution in one of your AWS accounts? A) AWS Spending Explorer B) AWS Organizations C) Billing Advisor D) AWS Cost Explorer

D) AWS Cost Explorer AWS Cost Explorer is a free tool that you can use to view your costs and usage. You can view data up to the last 13 months, forecast how much you are likely to spend for the next three months, and get recommendations for what Reserved Instances to purchase. You can use AWS Cost Explorer to see patterns in how much you spend on AWS resources over time, identify areas that need further inquiry, and see trends that you can use to understand your costs. You can also specify time ranges for the data, and view time data by day or by month.

Which of these is an example of the hierarchy in the AWS global infrastructure from largest to smallest? Please select the most appropriate answer. A) AWS Regions, Data Center, AWS Global Infrastructure, and Availability Zones B) Data Center, Availability Zones, AWS Regions, and AWS Global Infrastructure C) Availability Zones, AWS Regions, Data Center, and AWS Global Infrastructure D) AWS Global Infrastructure, AWS Regions, Availability Zones, and Data Center

D) AWS Global Infrastructure, AWS Regions, Availability Zones, and Data Center

You need to use an AWS service to assess the security and compliance of your EC2 instances. Which of the following services should you use? A) AWS Shield B) AWS WAF C) AWS Trusted Advisor D) AWS Inspector

D) AWS Inspector AWS Inspector assesses the security and compliance of your EC2 instances.

You need to stream data in real-time for a dashboard application. Which AWS service would you use? A) Amazon RedShift B) AWS CloudTrail C) AWS CloudWatch D) AWS Kinesis

D) AWS Kinesis Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information

A company wants to deploy applications entirely on a serverless platform. Which AWS service can they use to build their applications without worrying about managing servers? A) CloudFormation B) Elasticache C) EC2 D) AWS Lambda

D) AWS Lambda AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume. https://aws.amazon.com/lambda/

In this scenario, we want to consolidate billing between multiple AWS accounts. Which of these services would help us accomplish this goal? A) AWS Cost Explorer B) AWS TCO Calculator C) AWS Simple Calculator D) AWS Organizations

D) AWS Organizations

Which AWS service provides central governance and management across multiple AWS accounts? A) Identity and Access Management B) CloudFormation C) AWS Systems Manager D) AWS Organizations

D) AWS Organizations AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Whether you are a growing startup or a large enterprise, AWS Organizations helps you to centrally manage billing, control access, compliance, and security, and share resources across your AWS accounts. Using AWS Organizations, you can automate account creation, create groups of accounts to reflect your business needs, and apply policies for these groups for governance. You can also simplify billing by setting up a single payment method for all of your AWS accounts. Through integrations with other AWS services, you can use Organizations to define central configurations and resource sharing across accounts in your organization. AWS Organizations is available to all AWS customers at no additional charge. https://aws.amazon.com/organizations/

You suspect that one of the AWS services your company is using has gone down. How can you check on the status of this service? A) AWS Organizations B) Amazon Inspector C) AWS Trusted Advisor D) AWS Personal Health Dashboard

D) AWS Personal Health Dashboard AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

You suspect that one of the AWS services your company is using has gone down. How can you check on the status of this service? A) AWS Trusted Advisor B) AWS Organizations C) Amazon Inspector D) AWS Personal Health Dashboard

D) AWS Personal Health Dashboard AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. The dashboard displays relevant and timely information to help you manage events in progress, and provides proactive notifications to help you plan for scheduled activities. With Personal Health Dashboard, alerts are triggered by changes in the health of AWS resources, giving you event visibility and guidance to help quickly diagnose and resolve issues

Which of the following Compliance guarantees attests to the fact that the AWS Platform has met the standard required for the secure storage of medical records in the US? A) GLBA B) PCI DSS C) HITECH D) HIPAA E) FERPA

D) HIPAA A HIPAA certification attests to the fact that the AWS Platform has met the standard required for the secure storage of medical records in the US

You suspect that one of the AWS services your company is using has gone down. How can you check on the status of this service? A) AWS Organizations B) Amazon Inspector C) AWS Trusted Advisor D) AWS Personal Health Dashboard

D) AWS Personal Health Dashboard AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. The dashboard displays relevant and timely information to help you manage events in progress, and provides proactive notifications to help you plan for scheduled activities. With Personal Health Dashboard, alerts are triggered by changes in the health of AWS resources, giving you event visibility and guidance to help quickly diagnose and resolve issues. https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

Which of the following AWS Tools will be replacing the AWS Simple Calculator? A) AWS Organizations B) AWS Cost Explorer C) TCO Calculator D) AWS Pricing Calculator

D) AWS Pricing Calculator

In this scenario, we want a video/image analysis service for facial recognition purposes. Which of the following services can serve this purpose? A) Amazon Athena B) Amazon Polly C) Amazon EMR D) AWS Rekognition

D) AWS Rekognition

Which of the following AWS services can help you assess the fault-tolerance of your AWS environment? A) AWS Inspector B) AWS Shield C) AWS WAF D) AWS Trusted Advisor

D) AWS Trusted Advisor AWS Trusted Advisor can help you assess the fault-tolerance of your AWS environment. Next question

You have been tasked with going into the AWS company account and getting information on saving money, improving system performance and reliability, and closing security gaps. Which tool can you use to get this information? A) AWS Cost and Usage Report B) CloudWatch C) AWS Inspector D) AWS Trusted Advisor

D) AWS Trusted Advisor AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. Trusted Advisor helps optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits

You have been tasked with going into the AWS company account and getting information on saving money, improving system performance and reliability, and closing security gaps. Which tool can you use to get this information? A) AWS Inspector B) AWS Cost and Usage Report C) CloudWatch D) AWS Trusted Advisor

D) AWS Trusted Advisor AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. Trusted Advisor helps optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits

In regards to security and compliance on AWS, what AWS service provides protection for web applications behind an ELB? Please select the best available answer. A) AWS Shield B) Amazon Inspector C) AWS GuardDuty D) AWS WAF

D) AWS WAF (Web Application Firewall)

Which of the following is true about the AWS Pricing Model? A) AWS requires full payment in advance for all services used. B) AWS charges a sign-up fee for starting an AWS account. C) AWS requires a notice of termination 30 days before cancellation. D) AWS does not charge a termination fee.

D) AWS does not charge a termination fee

The CFO of a software company had requested an Executive Summary detailing the advantages of a potential move to the AWS Cloud. What can you say is an advantage of an RDS database over a traditional database? A) It is much easier to convert to a NoSQL database. B) It is 5 times faster than traditional databases. C) There is much greater access for DBAs. D) AWS maintains the underlying OS and performs software patching on the database.

D) AWS maintains the underlying OS and performs software patching on the database. Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security, and the compatibility they need.

A software development team has requested IAM access to be able to work with AWS from the CLI. What will you provide these developers? A) Root user credentials B) Username and password C) Security Token D) Access Keys

D) Access Keys Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API.

Which of these is a storage gateway deployment option? Please select the most appropriate answer. A) File Gateway B) Tape Gateway C) Volume Gateway D) All of these answers are correct

D) All of these answers are correct

Which of the following services is a serverless interactive query service for analytics? A) AWS Lambda B) Amazon EMR C) Amazon Aurora D) Amazon Athena

D) Amazon Athena

Which database service uses a JSON document and key-value store model? A) Amazon RDS B) Amazon Aurora C) Amazon Redshift D) Amazon DynamoDB

D) Amazon DynamoDB

What does AMI stand for? A) Amazon Machine Installation B) AWS Machine Image C) Amazon Machine Installer D) Amazon Machine Image

D) Amazon Machine Image

Which of the following services is not allowed penetration testing without prior approval? A) Amazon RDS B) Amazon EC2 C) Amazon Lightsail D) Amazon S3

D) Amazon S3

Which AWS service can provide a Desktop as a Service (DaaS) solution? A) EC2 B) Elastic Beanstalk C) AWS Systems Manager D) Amazon WorkSpaces

D) Amazon WorkSpaces Amazon WorkSpaces is a managed, secure Desktop-as-a-Service (DaaS) solution. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe.

You have decided to use the AWS Cost and Usage Report to track your EC2 Reserved Instance costs. To where can these reports be published? A) Trusted Advisor B) An AWS owned S3 Bucket. C) CloudWatch D) An S3 Bucket that you own.

D) An S3 Bucket that you own

A new application rolled out by the development team is going to require load balancing of HTTP and HTTPS traffic. Which Load Balancer is best suited for this type of traffic? A) HTTP Load Balancer B) Classic Load Balancer C) Network Load Balancer D) Application Load Balancer

D) Application Load Balancer Application Load Balancer is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers.

In AWS Global Infrastructure, which component has one or more discrete data centers with redundant power, networking, and connectivity? A) Placement Group B) Route 53 C) VPC D) Availability Zone

D) Availability Zone

Which of the following support services do all accounts receive as standard? A) Technical support B) Technical Account Manager C) 24/7 support via phone and chat D) Billing support

D) Billing support All accounts receive billing support.

What is the root level folder you create in S3 called? A) File B) Folder C) Object D) Bucket

D) Bucket

You are storing sensitive employee information in an S3 Bucket. What can you use to give bucket access only to authorized personnel? A) Login and password B) Access Keys C) Network Access Control List D) Bucket Policy

D) Bucket Policy S3 bucket policies specify what actions are allowed or denied for which principals on the bucket that the bucket policy is attached to (e.g., allow user Alice to PUT but not DELETE objects in the bucket)

S3 is an example of _. A) Elastic Block Store B) Storage array C) Block storage D) Bulk storage

D) Bulk Storage

What is the most cost effective AWS Support Plan if you want the full set of Trusted Advisor checks? A) Enterprise B) Basic C) Developer D) Business

D) Business

Which of the following support plans features a < 4-hour response time in the event of an impaired production system? A) Developer B) Individual C) Basic D) Business

D) Business Both the Business and Enterprise support levels offer a < 4-hour response time in the event of an impaired production system. Next question

Which of the following AWS Support levels offers 24x7 support via phone or chat? A) Basic B) Individual C) Developer D) Business

D) Business The Business and Enterprise support plans offer 24 X 7 technical support via phone or chat.

Which of these will allow an organization to cache their environment locally and store the data within the AWS cloud? Please select the best answer. A) Tape Gateway B) File Gateway C) Stored volumes D) Cached volumes

D) Cached Volumes Cached volumes are used to store all data in the AWS cloud and cache data locally.

Which of the following is an AWS Global Service? A) EC2 B) RDS C) VPC D) CloudFront

D) CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment

A travel company has an application that serves customers worldwide. Which AWS service can speed up delivery of content to this widespread customer base? A) CodeDeploy B) OpsWorks C) S3 D) CloudFront

D) CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS - both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. https://aws.amazon.com/cloudfront/

When configuring an Application Load Balancer, what step will you take to ensure a highly available architecture? A) Set up more than one ALB. B) Set up cross-region Load Balancing. C) Set up multiple Edge Locations for your load balancer. D) Configure the Load Balancer to serve traffic to multiple Availability Zones.

D) Configure the Load Balancer to serve traffic to multiple Availability Zones. An edge location is where the end user's access services are located at AWS. They are located in most of the major cities around the world and are specifically used by CloudFront (CDN) to distribute content to an end user to reduce latency. You would set up the load balancer to deliver traffic across multiple availability zones. https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html

After configuring your VPC and all of the resources within it, you want to add an extra layer of security at the subnet level. Which will you use to add this security? A) Private IP Address B) IAM C) Security Group D) Network ACL

D) Network ACL A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups to add an additional layer of security to your VPC

You need to track your AWS costs on a detailed level. Which tool will allow you to do this? A) AWS Organizations B) AWS CloudTrail C) AWS CloudWatch D) Cost Allocation Tags

D) Cost Allocation Tags A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a value. For each resource, each tag key must be unique, and each tag key can have only one value. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report to make it easier for you to categorize and track your AWS costs. AWS provides two types of cost allocation tags, an AWS generated tags and user-defined tags. AWS defines, creates, and applies the AWS generated tags for you, and you define, create, and apply user-defined tags. You must activate both types of tags separately before they can appear in Cost Explorer or on a cost allocation report

You need to visualize, understand, identify trends for future charges, and manage your AWS costs and usage over time. Which AWS tool would you use? A) CloudWatch B) Trusted Advisor C) AWS Cost and Usage Report D) Cost Explorer

D) Cost Explorer AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. Trusted Advisor checks help optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits. Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally. https://aws.amazon.com/premiumsupport/technology/trusted-advisor/ AWS Cost Explorer lets you visualize, understand, and manage your AWS costs and usage over time. You can analyze your cost and usage data at a high level (e.g., total costs and usage across all accounts in your organization) or for highly specific requests. https://docs.aws.amazon.com/whitepapers/latest/cost-optimization-reservation-models/aws-cost-explorer.html

You are reviewing the AWS Shared Responsibility model to present an overview to management on what your company is responsible for in AWS. Which option is a customer responsibility? A) Availability Zones B) Edge Locations C) Networking D) Customer Data

D) Customer Data

Which of the following is not a use case for AWS Lambda? A) Data processing B) Real-time stream processing C) Real-time file processing D) Data warehousing

D) Data warehousing

Your company has decided to migrate a SQL Server database to a newly created AWS account. Which service can be used to migrate the database? A) AWS RDS B) ElastiCache C) DynamoDB D) Database Migration Service

D) Database Migration Service AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from the most widely used commercial and open-source databases

Your company is migrating to the AWS Cloud. For servers, your company has existing server-bound software licenses that they would like to continue to use. Which EC2 purchasing option allows this? A) On-Demand B) Reserved C) Spot D) Dedicated Host

D) Dedicated Host The Dedicated Host option will allow for reuse of these hardware bound licenses. https://aws.amazon.com/ec2/dedicated-hosts/

An on-premises application requires a consistent, high-speed connection to the AWS Cloud environment that is better than an internet-based connection. Which AWS service can provide this connection? A) AWS VPN B) STS C) VPC Peering D) Direct Connect

D) Direct Connect AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations.

A development team has created a large amount of CloudFormation templates in the JSON format. Which AWS database can store these documents? A) Amazon RedShift B) AWS MySQL C) Amazon Aurora D) DynamoDB

D) DynamoDB The latest Amazon DynamoDB update added support for JSON data, making it easy to store JSON documents in a DynamoDB table while preserving their complex and possibly nested shape. Now, the AWS SDK for .NET has added native JSON support, so you can use raw JSON data when working with DynamoDB. This is especially helpful if your application needs to consume or produce JSON (for instance, if your application is talking to a client-side component that uses JSON to send and receive data), as you no longer need to manually parse or compose this data

We have 3 EC2 instances and notice that traffic is routing to only one EC2 instance. Which of the following will allow us to distribute traffic amongst the EC2 instances? A) VPC B) S3 C) Auto Scaling Group D) ELB

D) ELB (Elastic Load Balancer)

Which of the below does S3 Transfer Acceleration use to get your data into AWS quicker? A) AWS Regions B) VPCs C) Availability Zones D) Edge Locations

D) Edge Locations S3 Transfer Acceleration uses AWS' network of Edge Locations to more quickly get your data into AWS.

You are trying out AWS on a trial basis and need to deploy an application without having to configure servers. Which AWS service can you use? A) Auto Scaling B) ECS C) CloudFormation D) Elastic Beanstalk

D) Elastic Beanstalk AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. https://aws.amazon.com/elasticbeanstalk/

Which AWS service acts as a file system mount on S3? A) Amazon Elastic Block Store B) Amazon Elastic File System C) Amazon S3 D) File Gateway

D) File Gateway A file gateway supports a file interface into Amazon Simple Storage Service (Amazon S3) and combines a service and a virtual software appliance. By using this combination, you can store and retrieve objects in Amazon S3 using industry-standard file protocols such as Network File System (NFS) and Server Message Block (SMB). You can think of a file gateway as a file system mount on S3. Reference: What is AWS Storage Gateway?

What protects a computer from undesired and/or possibly threatening traffic? A) CPU B) Network card C) RAM D) Firewall

D) Firewall

The concept of something being accessible when you attempt to access it (and/or the ability to access something via multiple platforms) is: A) Scalable B) Elastic C) Fault Tolerant D) Highly Available

D) Highly Available

A new web application is getting much more traffic than expected. You decide to add another EC2 instance to share the load. Which AWS principle does this represent? A) Vertical Scaling B) Durability C) Elasticity D) Horizontal Scaling

D) Horizontal Scaling Horizontal Scaling is the act of changing the number of nodes in a computing system without changing the size of any individual node. So, with horizontal scaling, we would add instances.

Which of the following is an AWS Global Service? A) EC2 B) VPC C) Amazon RDS D) IAM

D) IAM Identity and Access Management is a Global Service

A developer is trying to programmatically retrieve information from an EC2 instance such as public keys, ip address, and instance id. From where can this information be retrieved? A) CloudWatch Logs B) Instance userdata C) Instance Snapshot D) Instance metadata

D) Instance Metadata This type of data is stored in Instance metadata

Which of these is not a feature of AWS Organizations? A) It provides the ability to centrally manage multiple AWS accounts. B) It provides the ability to centrally manage the billing of multiple AWS accounts. C) It provides the ability to centrally manage service usage. D) It provides the ability to centrally manage all AWS accounts from any account within the organization. E) It provides the ability to automate account creation and management.

D) It provides the ability to centrally manage all AWS accounts from any account within the organization

A colleague tells you about a service that uses machine learning to discover and protect sensitive data stored in S3 Buckets. Which AWS service does this? A) Inspector B) Cognito C) Rekognition D) Macie

D) Macie Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. https://aws.amazon.com/macie/

CloudWatch is a service for _. A) Sending notifications B) Logging API calls to AWS resources C) Caching content D) Monitoring AWS resources

D) Monitoring AWS Resources

You are concerned about access to your top-secret application by stolen passwords. What additional layer of security can you add for logging in to AWS Management Console, in addition to user passwords? A) Secret Access Keys B) AWS Transcribe C) AWS Voice Recognition D) Multi-Factor Authentication

D) Multi-Factor Authentication

A company needs to use a Load Balancer which can serve traffic at the TCP, and UDP layers. Additionally, it needs to handle millions of requests per second at very low latencies. Which Load Balancer should they use? A) Application Load Balancer B) TCP Load Balancer C) Classic Load Balancer D) Network Load Balancer

D) Network Load Balancer Network Load Balancer is best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies. https://aws.amazon.com/elasticloadbalancing/

What S3 term is used in place of "file"? A) Folder B) File C) Bucket D) Object

D) Object

What is AWS Lightsail? A) Virtual Private Networking Service B) Serverless Compute Service C) Elastic Container Service D) One of AWS's VPS Services

D) One of AWS's VPS Services

Which of the following is not a way SNS can send a notification? A) HTTP B) SMS C) Email D) Phone call

D) Phone Call

Configuring user permissions so that users can access only the resources they need to do their job follows what principle? A) Principle of Organizations B) IAM Principle C) Principle of minimum permissions D) Principle of Least Privilege

D) Principle of Least Privilege

Configuring user permissions so that users can access only the resources they need to do their job follows what principle? A) Principle of minimum permissions B) Principle of Organizations C) IAM Principle D) Principle of Least Privilege

D) Principle of Least Privilege When you create IAM policies, follow the standard security advice of granting the least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do, and then craft policies that allow them to perform only those tasks.

Configuring user permissions so that users can access only the resources they need to do their job follows what principle? A) IAM Principle B) Principle of Organizations C) Principle of minimum permissions D) Principle of Least Privilege

D) Principle of Least Privilege When you create IAM policies, follow the standard security advice of granting the least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do, and then craft policies that allow them to perform only those tasks. https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege

Which of the following components stores data temporarily before it becomes committed to storage? A) Database B) CPU C) Network D) RAM

D) RAM

Which of the following is AWS' Data Warehousing service? A) Elastic Map Reduce B) S3 Big Data C) Snowball D) Redshift

D) Redshift Redshift is AWS' data warehousing service.

Upon venturing into using the AWS Cloud, your company decides to follow the 5 pillars of the AWS Well Architected Framework. Which items are pillars of the Well Architected Framework? (Choose 2) A) Elasticity B) Scalability C) Ease of Use D) Reliability E) Operational Excellence

D) Reliability E) Operational Excellence The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/ The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to improve supporting processes and procedures continually. https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

In what service could we use KMS to encrypt an object? A) VPC B) EC2 C) AWS Storage Gateway D) S3

D) S3

You need to host a file in a location that's publicly accessible from anywhere in the world. Which AWS service would best meet that need? A) RDS B) EC2 C) EBS D) S3

D) S3 With S3, objects can be accessed from anywhere in the world via a dedicated URL.

In this scenario, we want to control service usage across multiple AWS accounts using AWS Organizations. Which of the following would be used to accomplish this task? A) IAM Policies B) IAM Roles C) IAM Users D) Service Control Policies

D) Service Control Policies

You have used on-demand instances for a month, but have met unexpected costs with this choice. Which EC2 option provides up to 90% discount on on-demand instances while taking advantage of AWS unused EC2 capacity? A) Dedicated Host B) Reserved Instances C) Virtual Instances D) Spot Instances

D) Spot Instances Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. You can use Spot Instances for various stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, CI/CD, web servers, high-performance computing (HPC), and test and development workloads. Because Spot Instances are tightly integrated with AWS services such as Auto Scaling, EMR, ECS, CloudFormation, Data Pipeline and AWS Batch, you can choose how to launch and maintain your applications running on Spot Instances. https://aws.amazon.com/ec2/spot/

Which of the following accurately describes the function of the AWS Cost Explorer? A) The AWS Cost Explorer is a free tool that allows for an estimation of the cost savings to be had by migrating to the AWS Cloud from an on-premises datacenter. B) The AWS Cost Explorer is used to estimate the anticipated AWS bill. C) The AWS Cost Explorer is a tool for consolidating billing between multiple AWS accounts. D) The AWS Cost Explorer is a free, easy to use tool that allows for viewing charts and usage history in order to manage AWS costs over time.

D) The AWS Cost Explorer is a free, easy to use tool that allows for viewing charts and usage history in order to manage AWS costs over time.

Which of the following describes the function of the TCO Calculator? A) The TCO Calculator is used to estimate the anticipated AWS bill. B) The TCO Calculator will forecast 3 months of AWS billing. C) The TCO Calculator is a free tool that allows for viewing charts and a history of AWS costs. D) The TCO Calculator is a free tool that allows for an estimation of the cost savings to be had by migrating to the AWS Cloud from an on-premises datacenter.

D) The TCO Calculator is a free tool that allows for an estimation of the cost savings to be had by migrating to the AWS Cloud from an on-premises datacenter.

What is scalability? A) The ability to maintain operation during and/or after failure. B) The ability to always be available and easily accessible. C) The ability to not only scale-out when required, but also reduce in size when required. D) The ability to easily scale up in size, capacity, and/or scope when required.

D) The ability to easily scale up in size, capacity, and/or scope when required.

You need to implement an automated service that will scan your AWS environment with the goal of both improving security and reducing costs. Which service should you use? A) CloudTrail B) Config Rules C) Service Catalog D) Trusted Advisor

D) Trusted Advisor An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment, Trusted Advisor provides real time guidance to help you provision your resources following AWS best practices.

You are managing the company's AWS account, and the current support plan is Basic, but you would like to begin using Infrastructure Event Management. What steps should you take? A) Upgrade to Developer Plan. B) Do nothing. It is included in the Basic plan. C) Upgrade to the Business Plan. No other steps are necessary. D) Upgrade to Enterprise Plan.

D) Upgrade to the Enterprise Plan AWS Infrastructure Event Management is a structured program available to Enterprise Support customers (and Business Support customers for an additional fee) that helps you plan for large-scale events such as product or application launches, infrastructure migrations, and marketing events. With Infrastructure Event Management, you get strategic planning assistance before your event, as well as real-time support during these moments that matter most for your business

A retail company has EC2 On-Demand instances running to serve customer transactions. There is a set pattern of traffic where demand is high at two points in the day, but the instances sit idle for much of the day. What is a good way to optimize these resources? A) Use reserved instances instead of on-demand instances. B) Use an Elastic Load Balancer to scale out and in based on demand. C) Write a script to stop instances when demand is low. D) Use an Auto Scaling Group to scale out and in based on demand.

D) Use an Auto Scaling Group to scale out and in based on demand

By default, Security Groups __. A) deny all outbound traffic and deny all inbound traffic B) operate on the subnet level C) implicitly allow all traffic D) allow all outbound traffic and deny all inbound traffic

D) allow all outbound traffic and deny all inbound traffic

You have a MySQL database that you want to migrate to the cloud, and you need it to be significantly faster there. You are looking for a speed increase up to 5 times the current performance. Which AWS offering could you use? A-DynamoDB B-Amazon RDS MySQL C-Elasticache D-Amazon Aurora

D-Amazon Aurora Amazon Aurora is a MySQL and PostgreSQL compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost effectiveness of open source databases. It's up to 5x faster than standard MySQL databases and 3x faster than standard PostreSQL databases

You have joined a small company and inherited an AWS application built within the EC2 Classic network. Which Load Balancer will work with this application? A-Application Load Balancer B-None, the application needs to be upgraded. C-Network Load Balancer D-Classic Load Balancer

D-Classic Load Balancer Provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. It is intended for applications that were built within the EC2 Classic network.

You have recently started using AWS and now need to launch a large number of instances in your VPC. You learn that this number exceeds the service limits for instances in a VPC. What can you do? A-Use Auto Scaling and the service limit can be exceeded. B- Upgrade your support plan to increase this service limit. C-There is nothing that can be done. Redesign based on a smaller number of instances. D-Contact AWS and request a service limit increase.

D-Contact AWS and request a service limit increase. Use the Limits page in the Amazon EC2 console to request an increase in the limits for resources provided by Amazon EC2 or Amazon VPC on a per-region basis

You are working with IAM and need to attach policies to users, groups, and roles. Which will you be attaching these policies to? A-Resources B-Entities C-Principals D-Identities

D-Identities Identities are the IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users,groups, and roles.

You need to set up a virtual firewall for your EC2 instance. Which would you use? A-Subnet B-Network ACL C-IAM Policy D-Security Group

D-Security Group A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to 5 security groups to the instance.

A video production company uploads large video files to S3 buckets using multipart upload. To which AWS Cloud best practice does this adhere? A-Design for Failure B-Decouple your components C-Implement Elasticity D-Think Parallel

D-Think Parallel Multipart uploads use multithreading to upload large files to S3 buckets in parallel.

A retail company has EC2 On-Demand instances running to serve customer transactions. There is a set pattern of traffic where demand is high at two points in the day, but the instances sit idle for much of the day. What is a good way to optimize these resources? A-Write a script to stop instances when demand is low. B-Use an Elastic Load Balancer to scale out and in based on demand. C-Use reserved instances instead of on-demand instances. D-Use an Auto Scaling Group to scale out and in based on demand.

D-Use an Auto Scaling Group to scale out and in based on demand. The Auto Scaling Group can be used to scale out and scale in the instances as the demand dictates. This will save money and avoid having instances sitting idle for long periods of time.

Your company has decided to use Amazon WorkSpaces. They can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes. What type of solution is this? IaaS PaaS DaaS SaaS

DaaS

Which of the following AWS services should you use to migrate an existing database to AWS? DMS SNS Storage Gateway Route 53

DMS

Which AWS service is specifically designed to assist you in processing large data sets? ElastiCache EC2 EMR AWS Big Data Processing

EMR

Which of the following is not a fundamental AWS charge? Compute Storage Data-in Data-out

Data-in

Your company has decided to migrate a SQL Server database to a newly created AWS account. Which service can be used to migrate the database?

Database Migration Service

Your company has decided to migrate a SQL Server database to a newly created AWS account. Which service can be used to migrate the database? Database Migration Service AWS RDS ElastiCache DynamoDB

Database Migration Service

What are Amazon's Managed Services?

EMR (Elastic MapReduce DynamoDB Lambda RDS Redshift CloudFront

Your company is migrating to the AWS Cloud. For servers, your company has existing server-bound software licenses that they would like to continue to use. Which EC2 purchasing option allows this? On-Demand Reserved Dedicated Host Spot

Dedicated Host

If you suspect that may AWS account is comprised, what should you do? Delete your AWS account root user password. Delete all your AWS resources. Delete any potentially comprised IAM users and any resources you didn't create, and change the password for all other IAM users. Respond to any notifications you received from AWS Support through the AWS Support Center.

Delete any potentially comprised IAM users and any resources you didn't create, and change the password for all other IAM users. Respond to any notifications you received from AWS Support through the AWS Support Center.

Which is a core design principle for deploying resources in AWS? Estimate your S3 storage needs up front. Deploy in Multiple Availability Zones. Plan ahead for hardware capacity. Use a tight coupling of your resources and applications.

Deploy in Multiple Availability Zones.

Which of the following is an architectural best practice? Deploy into multiple availbailty zones. Deploy into a single AZ Implement tight coupling Create monolithic architectures

Deploy into multiple availbailty zones.

Ac ompany has ana application that must be globally available at all times. Which is of the folllowing deplyment mechanisms it should use? Deployment to muiltiple AZ Deployment to multiple Regions Deployment using CodeDeploy as it manages by defauly apps availability globally. Deployment to multiple edge locations

Deployment to multiple regions

You have a critical application that must be able to be optimized for high disaster recovery. Ideally, which deployment mechanism would you choose?

Deployment to multiple regions

Which of the following support plans features access to AWS Support during business hours via email? Basic Developer Business Enterprise

Developer

Account level receives only email access to cloud support associates during business hours?

Developer accounts only have email access to Cloud Support Associates during business hours

An on-premises application requires a consistent, high-speed connection to the AWS Cloud environment that is better than an internet-based connection. Which AWS service can provide this connection?

Direct Connect

Which AWS service can you use to establish dedicated network connection between your on-premises applications and AWS resources? Snowball Storage Gateway Shield Direct Connect

Direct Connect

Which of the following best describes Availability Zones? Distinct locations from within an AWS region that are engineered to be isolated from failures. Two zones containing compute resources that are designed to automatically maintain synchronized copies of each other's data. Restricted areas designed specifically for the creation of Virtual Private Clouds. A Content Distribution Network used to deliver content to users.

Distinct locations from within an AWS region that are engineered to be isolated from failures

Edge Locations have which of the following features?

Distribute content to users Cache common content Used with CloudFront

A development team has created a large amount of CloudFormation templates in the JSON format. Which AWS database can store these documents?

DynamoDB

A development team has created a large amount of CloudFormation templates in the JSON format. Which AWS database can store these documents? Amazon Redshift DymanoDB Aurora AWS MySQL

DynamoDB

You need to store key-value pairs of users and their high scores for a gaming application. Which is the best option for this type of data? Amazon RedShift DynamoDB AWS S3 RDS MySQL

DynamoDB

You need to store key value pairs of users and their high scores for a gaming application. Which is the best option for this type of data?

DynamoDB DynamoDB is ideally suited for storing key-value pairs as it is a key-value and document database that delivers single-digit millisecond performance at any scale.

You need to store key-value pairs of users and their high scores for a gaming application. Which is the best option for this type of data?

DynamoDB EXPLANATION RedShift is for Data Warehousing and suited for storing much larger datasets than what is described in this scenario. DynamoDB is ideally suited for storing key-value pairs as it is a key-value and document database that delivers single-digit millisecond performance at any scale. https://aws.amazon.com/dynamodb/

Pick two AWS services that use server-less technology

DynamoDB S3 You don't management the underlying infrastructure for both.

In order to improve fault tolerance, you would like to begin using services that provide fault tolerance. Which AWS services provide automatic replication across Availability Zones?

DynamoDB provides this replication. S3 provides this replication.

Select all that apply to an Internet gateway: A) An internet gateway provides a communication channel between a VPC and the internet. B) An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. C) An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses. D) An internet gateway supports IPv4 and IPv6 traffic. It does not cause availability risks or bandwidth constraints on your network traffic. E) All the above

E) All the above

Which AWS service is specifically designed to assist you in processing large data sets?

EMR- Elastic MapReduce

Which AWS service gives you full administrative privilege of the underlying virtual infrastructure?

EC2 You have control over the EC2 underlying virtual infrastructure - all other services are managed by AWS as serverless components

A company wants to migrate to AWS its non interruptible application for a 3 year period. Which of the following is the EC2 Pricing model that provides the most cost effective solution? EC2 Dedicated hosts EC2 Reserved Instances EC2 Spot Instances EC2 On-Demand Instances

EC2 Reserved Instances

Which of the following are AWS compute services? Choose 2 Lambda EBS SNS EC2

EC2 and Lambda are AWS Compute Services.

Which statement is true regarding the AWS Global Infrastructure? Edge Locations contain Regions Each AWS region contains multiple availability zones. Availability Zones contain Edge Locations Each AWS Availability Zone contains multiple regions.

Each AWS region contains multiple availability zones.

In which of the following is CloudFront content cached? Availability Zone Edge Location Data Center Region

Edge Location

Which of the below does S3 Transfer Acceleration use to get your data into AWS quicker? VPCs Availability Zones Edge Locations AWS Regions

Edge Locations

What AWS service helps in quick deployments of web applications from different programming languages

Elastic Beanstalk

You are trying out AWS on a trial basis and need to deploy an application without having to configure servers. Which AWS service can you use?

Elastic Beanstalk: AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.

Your design team has recommended the need to distribute incoming traffic across multiple EC2 instances and also across multiple availability zones. Which AWS service can accomplish this?

Elastic Load Balancer

Which of the following services offers automatic scaling to make your applications fault tolerant? Direct connect EMR Elastic Load Balancing AWS Web App Firewall

Elastic Load Balancing

If you have an RDS database, which is very I/O intensive, which service is most suitable to improve performance?

Elasticache

AWS Trusted Advisor provide checks in 5 different categories. Which item is not one of those checks? Cost Optimization Fault Tolerance Security Elasticity

Elasticity

An application that experiences highly variable traffic throughout the day has been configured in AWS. The capacity configured to serve this application adjusts to demands throughout the day. Which AWS principle does this describe? Elasticity Durability Viscosity High Availability

Elasticity

Which AWS characteristics describes the ability to acquire resources as you need them and release resources when you no longer need them? High Availability Agility Elasticity Durability

Elasticity

AWS Trusted Advisor provide checks in 5 different categories. Which item is not one of those checks?

Elasticity: Although this is a valued concept in AWS, it is not one of the 5 checks provided in Trusted Advisor.

For auditing purposes, your company now wants to monitor all API activity for all regions in your AWS environment. What can you use to fulfill this new requirement?

Ensure one CloudTrail is enabled for all regions

A company is planning to host a highly critical app on the AWS cloud. Which AWS Support plan will enable the company to have a response time less than 20 minutes for critical issues? Basic Developer Business Enterprise

Enterprise

Which AWS support plan offers a response time less than 1 hour for production system downs, and less than 15 minutes for business critical system downs: Enterprise Business Developer Basic

Enterprise

Which of the following AWS Support levels offers the assistance of a Technical Account Manager? Elite Enterprise Business Developer

Enterprise

You work for a financial company that has several mission-critical workloads. Which AWS Support Plan should you use?

Enterprise

You work for a financial company that has several mission-critical workloads. Which AWS Support Plan should you use? Enterprise Business Basic Developer

Enterprise

Which of the following statements are true? Choose two. -Enterprise AWS Support plan includes Infrastructure Event Management for additional fees. -Enterprise AWS Support plan includes Infrastructure Event Management without additional fee. -Business AWS Support plan includes Infrastructure Event Management for additional fee. -Business AWS Support plan does not include Infrastructure Event Management.

Enterprise AWS Support plan includes Infrastructure Event Management without additional fee. Business AWS Support plan includes Infrastructure Event Management for additional fee.

In Identity and Access Management, which term refers to the IAM resource objects that AWS uses for authentication?

Entity

In Identity and Access Management, which term refers to the IAM resource objects that AWS uses for authentication?

Entity EXPLANATION An Identity is an IAM resource object that is used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles. The IAM resource objects that AWS uses for authentication. These include IAM users, federated users, and assumed IAM roles.

The standard version of AWS Shield offers automated application traffic monitoring A) True B) False

FALSE AWS Shield Advance does

Which of the following Route 53 policies allow you to a) route data to a second resource if the first is unhealthy, and b) route data to resources that have better performance? Failover Routing and Simple Routing Geolocation Routing and Latency-based Routing Failover Routing and Latency-based Routing Geoproximity Routing and Geolocation Routing

Failover Routing and Latency-based Routing

True or False: Both you and a friend can have an S3 bucket called 'mytestbucket'. True False

False

True or False: Identity Access Management (IAM) is a Regional service. True False

False

True or False: It's safer to use Access Keys than it is to use IAM roles. True False

False

True or False: Objects stored in S3 are stored in a single, central location within AWS. False True

False

True or False: S3 can be used to host a dynamic website, like one that runs on a LAMP stack. False True

False

True or False: Security in the cloud is the responsibility of AWS. True False

False

True or False: The Standard version of AWS Shield offers automated application (layer 7) traffic monitoring. False True

False

True or False: There are more Regions than there are Availability Zones. True False

False

True or False: With Consolidated Billing, the Paying Account can make changes to any of the resources owned by a Linked Account. True False

False

True or False: Access Control Lists are used to make entire buckets (like one hosting an S3 website) public. True False

False; Bucket Policies are used to make entire buckets (like one hosting an S3 website) public.

True or False: To restrict access to an entire bucket, you use bucket control lists; and to restrict access to an individual object, you use object policies. True False

False; To restrict access to an entire bucket, you use bucket policies; and to restrict access to an individual object, you use access control lists.

What is AWS Shield?

Focuses solely on Distributed Denial of Service (DDoS) attacks. it is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. Provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of it--Standard and Advanced.

What is Amazon Macie?

Fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS S3. Can also be used to analyze CloudTrail logs for suspicious API activity

What is Amazon Redshift?

Fully managed data warehouse service that allows you to run complex analytic queries against petabytes of structured data using standard SQL & existing BI tools

What is Amazon SNS? (Simple Notification Service)

Fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, & server less apps

What is AWS Budgets?

Gives you the ability to set custom budgets that alert you when your costs or usage reach a budgeted amount Used to budget costs BEFORE they have been incurred

Which Feature of AWS allows an international company to provide low latency applications for its customers around the world? Elasticity Fault Tolerance High Availability Global reach

Global reach

Which of the following are recommended security measures when creating access to an AWS account (2) Grant admin privilege access Grant least privilege access Enable AWS Cloudtrail Enable MFA

Grant least prilivege Enable MFA

Which of the following is not a feature of AWS Organizations? Hierarchical based control over groups of IAM users and roles, within multiple Accounts Grouping all of your AWS accounts into organizational Units (OUs) as part of a hierarchy Granular configuration of Security Groups within a VPC AWS accounts which are members of an Organization can have the benefit of Consolidated Billing

Granular configuration of Security Groups within a VPC

Which of the following Compliance guarantees attests to the fact that the AWS Platform has met the standard required for the secure storage of medical records in the US? HIPAA HITECH FERPA PCI DSS GLBA

HIPAA

You can desgin your systems in the AWS cloud to be able to withstand the failure of an individual or multiple components. This is an example of which AWS characteristic? Agility Elasticity High Availabilty Scalability

High Availabilty

A new web application is getting much more traffic than expected. You decide to add another EC2 instance to share the load. Which AWS principle does this represent? Horizontal Scaling Vertical Scaling Elasticity Durability

Horizontal Scaling

A new web application is getting much more traffic than expected. You decide to add another EC2 instance to share the load. Which AWS principle does this represent?

Horizontal Scaling Horizontal Scaling is the act of changing the number of nodes in a computing system without changing the size of any individual node. So, with horizontal scaling, we would add instances.

Which of the following is an AWS Global Service?

IAM

Which AWS services are global?

IAM Route5 CloudFront SNS SES

Which of the following is not part of IAM identities? IAM Groups IAM Users IAM roles IAM Policies

IAM Policies

What is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these when an IAM principal (user or role) makes a request. Permissions determine whether the request is allowed or denied.

IAM Policy

You are creating a few IAM policies. This is the first time you have worked with IAM policies. Which tool can you use to test IAM policies?

IAM Policy Simulator

You are creating a few IAM policies. This is the first time you have worked with IAM policies. Which tool can you use to test IAM policies? Amazon GuardDuty CloudWatch Amazon Inspector IAM Policy Simulator

IAM Policy Simulator

Using AWS Organizations allows for the creation of SCPs (service control policies) to manage service usage across multiple AWS Accounts.

IAM policies are given to groups, users, and roels allow access to services, but AWS Organization has a more effective way of managing service usage

Using Amazon EC2 falls under which of the following cloud computing models?

IaaS

You are working with IAM and need to attach policies to users, groups, and roles. Which will you be attaching these policies to? Principals Identities Entities Resources

Identities

You are working with IAM and need to attach policies to users, groups, and roles. Which will you be attaching these policies to?

Identities EXPLANATION Resources are the user, group, role, policy, and identity provider objects that are stored in IAM. As with other AWS services, you can add, edit, and remove resources from IAM. Identities are the IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles.

You are working with IAM and need to attach policies to users, groups, and roles. Which will you be attaching these policies to?

Identities Identities are the IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles.

You are working with IAM and need to attach policies to users, groups, and roles. Which will you be attaching these policies to?

Identities: Identities are the IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles.

Which of the following statements related to Spot Instances are true? (2) If your spot instance is stopped by Amazon in the first instance hour, you will be charged to the nearest second. If your spot instance is stopped by Amazon in the first instance hour, you will not be charged for that usage. For any subsquent hour. if you are runnning on windows and you terminate the instance yourself, you will be charged to the nearest second. For any subsquent hour. if you are runnning on windows and you terminate the instance yourself, you will be charged for the entire hour.

If your spot instance is stopped by Amazon in the first instance hour, you will not be charged for that usage. For any subsquent hour. if you are runnning on windows and you terminate the instance yourself, you will be charged for the entire hour.

Which of the following are important design principles for AWS Cloud Architecture? Choose Two Use open source software Implement loose coupling Be sure to remove single points of failure Implement tight coupling

Implement loose coupling Be sure to remove single points of failure

Which valuable AWS design principle can be a valuable feature when deploying applications?

Implement loosely coupled dependencies: Dependencies such as queuing systems, streaming systems, workflows, and load balancers are loosely coupled. Loose coupling helps isolate the behavior of a component from other components that depend on it, increasing resiliency and agility

Which statement below is one of the 6 advantages of cloud computing?

Increase speed and agility - In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization since the cost and time it takes to experiment and develop is significantly lower.

Which of the following scenarios is an example of vertical scaling? Adding more EC2 instances AWS via auto scaling feature. Increasing the capacity of an EC2 instance. Decreasing the capacity of an EC2 instance. Enabling parallel execution of workloads and distributing those across many different computers.

Increasing the capacity of an EC2 instance.

Security Groups act at the ___ level, not the subnet level

Instance

A developer is trying to programmatically retrieve information from an EC2 instance such as public keys, ip address, and instance id. From where can this information be retrieved?

Instance metadata

What is Amazon Athena?

Interactive query service which enables you to analyze and query data located in S3 using standard SQL Serverless

Several EC2 instances in a public subnet need internet access. Which will you configure as one step in granting internet access? NAT Gateway VPC Peering Internet Gateway API Gateway

Internet Gateway

Several EC2 instances in a public subnet need internet access. Which will you configure as one step in granting internet access?

Internet Gateway EXPLANATION The NAT Gateway resides in a public subnet, but it helps to provide internet access to instances in private subnets. An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html

What is not a feature of AWS organizations?

It provides the ability to centrally manage all AWS accounts from any account within the organization

IAM policies are written using ____. SAML SGML JSON XML

JSON

What are Tags?

Key Value Pairs attached to AWS resources Metadata Tags can sometimes be inherited

Which AWS service allows you to run code without having to worry about provisioning any underlying resources (such as virtual machines, databases etc.) EC2 Container Service DynamoDB Lambda EC2

Lambda

Mark which statements are true regarding Lambda. Choose 3 Lambda can be used for Infrastructure as Code. Lambda functions have a timeout of 5 minutes. The resources section is the only required field in Lambda templates. You can use JSON or YAML for Lambda templates.

Lambda can be used for Infrastructure as Code. The resources section is the only required field in Lambda templates. You can use JSON or YAML for Lambda templates.

Under the AWS architected Framework Pillars, which of the following is a design principle for Operaltional excellence? Apply security at all layers Stop guessing capacity Go global in minutes Learn from all operationsl failures

Learn from all operational failures

You are concerned about access to your top-secret application by stolen passwords. What additional layer of security can you add for logging in to AWS Management Console, in addition to user passwords?

MFA

A colleague tells you about a service that uses machine learning to discover and protect sensitive data stored in S3 Buckets. Which AWS service does this? Cognito Rekognition Inspector Macie

Macie

What can be used to analyze CloudTrail logs for Suspicious API activity?

Macie

What uses AI to analyze data in S3 and helps identify PII

Macie

A colleague tells you of a service which uses machine learning to discover and protect sensitive data stored in S3 Buckets. Which AWS service does this?

Macie Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. As organizations manage growing volumes of data, identifying and protecting their sensitive data at scale can become increasingly complex, expensive, and time-consuming. Amazon Macie automates the discovery of sensitive data at scale and lowers the cost of protecting your data. Macie automatically provides an inventory of Amazon S3 buckets including a list of unencrypted buckets, publicly accessible buckets, and buckets shared with AWS accounts outside those you have defined in AWS Organizations

What is Rekognition?

Makes it easy to add images and video analysis to your applications using proven, highly scalable, deep learning technology that requires no ML expertise Automates your image and video analysis with Machine Learning You can identify obkects, people, text, scenes, and activities in images and videos as well as detect any inappropriate content

Where can you find software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS? Cloudsearch Lightsail Athena Marketplace

Marketplace

You are concerned about access to your top-secret application by stolen passwords. What additional layer of security can you add for logging in to AWS Management Console, in addition to user passwords? Secret Access Keys AWS Transcribe AWS Voice Recognition Multi-Factor Authentication

Multi-Factor Authentication

You have a mission-critical application which must be globally available at all times. Which deployment strategy should you follow? Multi-Region Deploy to all Availability Zones in your home region. Multi-Availability Zone Multi-VPC in two AWS Regions

Multi-Region

How do you encrypt CloudTrial logs?

No action is needed since they are automatically encrypted

After configuring your VPC and all of the resources within it, you want to add an extra layer of security at the subnet level. Which will you use to add this security? Private IP Address Network ACL Security Group IAM

Network ACL

After configuring your VPC and all of the resources within it, you want to add an extra layer of security at the subnet level. Which will you use to add this security?

Network ACL A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups to add an additional layer of security to your VPC. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

Which of the following statements are true? Choose two. Security groups are stateless: This means any changes applied to an incoming rule will not be applied to the outgoing rule. Network ACL are stateless: This means any changes applied to an incoming rule will not be applied to the outgoing rule. Security groups support allow and deny rules. Network ACLs support allow and deny rules

Network ACL are stateless: This means any changes applied to an incoming rule will not be applied to the outgoing rule. Network ACLs support allow and deny rules

A company needs to use a Load Balancer which can serve traffic at the TCP, and UDP layers. Additionally, it needs to handle millions of requests per second at very low latencies. Which Load Balancer should they use?

Network Load Balancer

AWS TCO calculator helps customers to do a TCO comparison between on-premise infrastructure and AWS. Which of the following are contributors of the overall costs? Choose two. Facilities costs Network costs Data transfer costs IT labor costs

Network costs IT labor costs

AWS uses the shared responsibility model. For security, which of the following are the responsibilities of AWS?

Network patching Disk disposal Physically securing compute resources EXPLANATION All passwords are the responsibility of the customer, as they are in charge of their information. Network patching is one of AWS's responsibilities, as it is connected to the infrastructure that AWS handles. Disk disposal is one of AWS's responsibilities, as it is connected to the infrastructure, which AWS handles. AWS is in charge of physically securing compute resources, as it is part of the infrastructure that runs all of the services offered in the AWS Cloud

What are the three types of AWS Load Balancers?

Network, Classic, Application

Which of the following langugages does AWS Lambda currently support?

Node.js Ruby Java

Which of the following is correct? Number of Edge Locations is greater than the Number of Availability Zones. The number of Availability Zones are greater than the Number of Regions Number of Regions is greater than the Number of Availability Zones. The Number of Availability Zones is greater than Number of Edge Locations Number of Availability Zones is greater than the Number of Edge Locations. The Number of Edge locations is greater than the Number of Regions Number of Availability Zones is greater than the Number of Regions. The Number of Regions is greater than the Number of Edge Locations

Number of Edge Locations is greater than the Number of Availability Zones. The number of Availability Zones are greater than the Number of Regions

Which of the following are principles of sound cloud design?

Number of Requests Additional Storage Clock hours of server time

Which of the following is NOT an attribute of the costing of using the AWS simple storage service AWS S3? Number of S3 Buckets Storage class Requests and data retrievals Data Transfer OUT from AMazon s3 to Internet

Number of S3 Buckets

After installing SSL/TLS for security, you were alerted that there is a consistent spike in one of your company's web servers hosting a large application. This increased activity slowed down your application. Which of the following is the best and most cost-effective option for resolving the slow speed and getting your application to respond quickly again?

Offload the SSL/TLS from running locally on your application to AWS CloudHSM. AWS CloudHSM can take the SSL/TLS processing for the web servers. This will reduce the burden on the web server and add extra security by storing the web server's private key in CloudHSM.

A fantasy sports company needs to run an application for the length of a football season (5 months). They will run the application on an EC2 instance and there can be no interruption. Which purchasing option best suits this use case?

On-Demand This is not a long enough term to make reserved instances the better option. And the application can't be interrupted, which rules out spot instances. On-Demand Instances let you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments. This frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs.

You have a short term computing task to complete. It is essential that this task run uninterrupted from start to finish. Which is the best EC2 option for this task? Spot Instance Reserved Instance On-Demand Instance Dedicated Host

On-Demand Instance

You have upgraded your AWS support plan to the Business support level. What is true of the Business Support Plan? Twenty-four hour support on production system failure. Selected One hour support on production system failure. Fifteen minute support on production system failure. 15-minute response time support if your business-critical system goes down.

One hour support on production system failure.

Upon venturing into using the AWS Cloud, your company decides to follow the 5 pillars of the AWS Well Architected Framework. Which items are pillars of the Well Architected Framework?

Operational Excellence Reliability Scalability is certainly a concept that can be achieved with AWS resources, but it is not one of the 5 pillars of a well architected framework: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization. The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to improve supporting processes and procedures continually. https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/ The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

5 Pillars of Well Architected Framework

Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization.

Philosophy on Pricing

Pay as you go, pay for what you use, pay less when you use more, and pay even less when you reserve capacity

Which of the following are characteristics of cloud computing? Choose 3 Pay-as-you-go pricing Cloud charges are capital expenditures. Services are delivered via the Internet. On-demand delivery

Pay-as-you-go pricing Services are delivered via the Internet. On-demand delivery

Amazon Lightsail is an example of which of the following? Platform as a Service Functions as a Service Software as a Service Infrastructure as a Service

Platform as a Service

In Identity and Access Management, which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS? Entity Identity Principal Resource

Principal

In Identity and Access Management, which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS?

Principal A Principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.

Configuring user permissions so that users can access only the resources they need to do their job follows what principle? Principle of minimum permissions Principle of Least Privilege Principle of Organizations IAM Principle

Principle of Least Privilege

Configuring user permissions so that users can access only the resources they need to do their job follows what principle?

Principle of Least Privilege When you create IAM policies, follow the standard security advice of granting the least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do, and then craft policies that allow them to perform only those tasks.

What is S3?

Provides developers and IT teams with secure, durable, highly scalable object storage. Easy to use, with a simple web services interface to store and retrieve any amount of data from anywhere on the web. Object Based Storage. Files can be from 0 Bytes to 5TB

Which of the following services are an AWS database service? Choose two Amazon RDS Amazon Route 53 Amazon S3 Amazon Redshift

RDS and Redshift

Which of the following is AWS' Data Warehousing service? Snowball S3 Big Data Redshift Elastic Map Reduce

Redshift

You need to set up a data warehouse on AWS for financial/actuary data. Which AWS service will you use? DynamoDB RDS Elasticache Redshift

Redshift

You need to set up a data warehouse on AWS for financial/actuary data. Which AWS service will you use?

Redshift Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers.

Which of the following are financial benefits of moving to the AWS Cloud (choose two.) Increased CAPEX Reduced TCO Increase OPEX Reduced OPEX

Reduced TCO Reduced OPEX

Which of the following EC2 instance types will realize a savings over time in exchange for a contracted term-of-service? Spot instances Discount instances On-demand instances Reserved instances

Reserved instances

Which of the following EC2 options is best for long-term workloads with predictable usage patterns? On-Demand instances Reserved instances Dedicated Host Spot instances

Reserved instances

A company has a large number of S3 buckets and needs to manage and automate tasks on these buckets at one time. Which AWS feature can do this? IAM Groups IAM Tagging Resource Groups

Resource Groups

A company needs to manage and automate tasks on large numbers of resources at one time. Which AWS feature can do this?

Resource Groups: You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time.

What are types of IAM identities?

Roles, users, groups

Your company utilizes DNS and wants to migrate DNS and management of DNS to the cloud. Which AWS service would you use? CloudFormation Route 53 CloudFront Application Load Balancers

Route 53

During Disaster Recovery exercises, you need to re-route traffic from EC2 instances to instances in another region. With which service can you do this?

Route 53 EXPLANATION AWS Auto Scaling monitors your applications and automatically adjusts the capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it's easy to set up application scaling for multiple resources across multiple services in minutes. Route 53 can be used for Disaster Recovery by simply shifting traffic to the new region. Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well.

During Disaster Recovery exercises, you need to re-route traffic from EC2 instances to instances in another region. With which service can you do this?

Route 53 Route 53 can be used for Disaster Recovery by simply shifting traffic to the new region. Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well.

Which of the following services have Distributed Denial of Services DDoS attack mitigation features? KMS Route 53 Cloudtrail WAF

Route 53 WAF

What service would be the most useful in a disaster recovery situation?

Route53

You need to host a file in a location that's publicly accessible from anywhere in the world. Which AWS service would best meet that need? S3 RDS EC2 EBS

S3

In order to improve fault tolerance, you would like to begin using services that provide fault tolerance. Which AWS services provide automatic replication across Availability Zones? VPC EC2 S3 DynamoDb

S3 DynamoDb

You have infrequently accessed data in S3 buckets that you want to transfer to Glacier. What can you use in AWS to do this?

S3 Lifecycle Policy

What are the S3 storage options?

S3 Standard S3- Infrequently Accessed S3 One Zone- IA S3 Intelligent Tiering S3 Glacier S3 Glacier Deep Archive

What allows AWS to enable fast, easy and secure file transfers over long distances between you and S3?

S3 Transfer Acceleration

What is the AWS service\feature that takes advantage of Amazon CloudFront's globally distributed edge locations to transfer files to S3 with higher upload speeds?

S3 Transfer Acceleration enables fast, easy and secure transfers of files over long distances between your client and S3 bucket

Example of bulk storage?

S3, Google Drive, DropBox

If you want to use decoupled resources, which of the following AWS services can assist you?

SQS Amazon Simple Queue Service is a fully managed message queuing service that enables you to decouple and scale micro-services, distributed systems, and server-less applications.

You have two Software systems that need to communicate, and you also need to ensure that messages are not lost between them. Which AWS service can help meet these requirements?

SQS EXPLANATION Amazon SES (Amazon Simple Email Service) is a flexible, affordable, and highly-scalable email messaging platform for businesses and developers. Amazon Simple Queue Service (Amazon SQS) offers a secure, durable, and available hosted queue that lets you integrate and decouple distributed software systems and components.

Which option below is the best position that can be used to store messages between application and/or micro-services effectively?

SQS Simple Queue Service offers a reliable, highly stable hosted queue for storing messages between applications and/or microservices. SQS moves the data between distributed applications components and also helps to decouple the components.

What tools can help you build loosely coupled applications?

SQS SNS Can be integrated together to decouple application components so that they run independently, increasing the overall fault tolderance of the application.

You have two Software systems that need to communicate, and you also need to ensure that messages are not lost between them. Which AWS service can help meet these requirements?

SQS: Amazon Simple Queue Service (Amazon SQS) offers a secure, durable, and available hosted queue that lets you integrate and decouple distributed software systems and components.

Which IAM feature allows users to interact with AWS services through the AWS Command Line Interface (AWS CLI)? Username/Password API Key SSH Key AWS KMS Key

SSH Key

Which of the following statement is most accurate regarding scalability?

Scalable systems divert to the instances with the least load. When on of the instances has a smaller load, it will divert traffic instances a chance to lessen their load.

What acts as a virtual firewall for your instance to control inbound and outbound traffic

Security Group

You received an alert about an issue between an application and the database servers. What should you check to ensure communication is working?

Security group rules

What is CloudTrail?

Service that enables governance, compliance, operational autidting, and risk auditing of your AWS account. Provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDK, Command Line toold, and other AWS Services. Monitors API calls in the AWS platform Auditing tool Can consolidate log data using an S3 bucket

Which AWS calculator allows you to estimate the monthly cost of AWS services based on your expected usage? Cost Explorer Simple Monthly Calculator AWS TCO AWS Budgets

Simple Monthly Calculator

What AWS Services can be used on premise?

Snowball Snowball Edge Storage Gateway CodeDeploy OpsWorks IoT Greengrass

Which of the following is an AWS transfer service used to improve exabyte data sets into and out of AWS? AWS Snowball Direct Connect Storage Gateway Snowmobile

Snowmobile

What are the three cloud computing models? Hardware as a Service (HaaS) Software as a Service (SaaS) Selected PlatForm as a Service (PaaS) Infrastructure as a Service (IaaS

Software as a Service (SaaS) Selected PlatForm as a Service (PaaS) Infrastructure as a Service (IaaS

Which of the following describes Hybrid Cloud architecture on AWS? All resources run on AWS All resources run on premises infrastructure. Some resources run in AWS and some on premises. Some resources run in AWS and some run in another Public Cloud Provider.

Some resources run in AWS and some on premises.

You have a web application that needs to run for a short period of time (a couple days). It is alright if there are interruptions in the application. Which EC2 instance type would be best for this use case?

Spot

You have used on-demand instances for a month, but have met unexpected costs with this choice. Which EC2 option provides up to 90% discount on on-demand instances while taking advantage of AWS unused EC2 capacity? Dedicated Host Spot Instances Reserved Instances Virtual Instances

Spot Instances

You have a project that will require 90 hours of computing time. There is no deadline, and the work can be stopped and restarted without adverse effect. Which of the following computing options offers the most cost-effective solution? ECS instances Spot instances On-demand instances Reserved instances

Spot instances

Which of he following statements are true? Choose 2 Spot instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. The hourly price for Spot Instances varies based on demand. Spot Instance are available for more than the On-Demand Instance price. Spot Instances are recommended for applications whose Service Level Agreement (SLA) requires 99% uptime.

Spot instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. The hourly price for Spot Instances varies based on demand.

A company has signed a 3-year contract with a School District to develop a Teacher Absence Management application. Which type of EC2 instance would be best for application development on this project?

Standard Reserve Instances

You want to group together EC2 instances and manage them as a group. One thing you want to do is issue commands remotely to these instances. Which AWS service will you use?

System Manager AWS Systems Manager Run Command lets you remotely and securely manage the configuration of your managed instances. A managed instance is any EC2 instance or on-premises machine in your hybrid environment that has been configured for Systems Manager. Run Command enables you to automate common administrative tasks and perform ad hoc configuration changes at scale. You can use Run Command from the AWS console, the AWS Command Line Interface, AWS Tools for Windows PowerShell, or the AWS SDKs. Run Command is offered at no additional cost.

You want to group together EC2 instances and manage them as a group. One thing you want to do is issue commands remotely to these instances. Which AWS service will you use?

Systems Manager

Your Development team uses four on-demand EC2 instances and your QA team has 5 reserved instances, only three of which are being used. Assuming all AWS accounts are under a single AWS Organization, how will the Development team's instances be billed? All the Dev team's instances will be billed at the on-demand rate. The pricing for the reserved instances will shift from QA to Dev. The Dev team will be billed for two instances at on-demand prices and two instances at the reserved instance price. All the Dev instances will be billed at the reserved instance rate.

The Dev team will be billed for two instances at on-demand prices and two instances at the reserved instance price.

In Identity and Access Management, which term refers to the IAM resource objects that AWS uses for authentication?

The IAM resource objects that AWS uses for authentication. These include IAM users, federated users, and assumed IAM roles.

Which of the following are advantages of cloud computing? Choose 4 The ability to 'go global' in minutes Increased speed and agility Requires large amounts of capital Variable expense Elasticity - you need not worry about capacity.

The ability to 'go global' in minutes Increased speed and agility Variable expense Elasticity - you need not worry about capacity

A company is contemplating a move to the AWS Cloud. What benefits can be gained from such a move?

The company can focus on its business rather than setting up a data center.

Whichof the following is how AWS Lambda pricing works? The customer pays an upfront price for a 1 year contract The customer is charged based on the number of requests for Lambda functions and the duration is takes for the code to execute. The customer is charges based only on the number of requests for Lambda functions. The customer is charged based only on the duration it takes for the code lamdba function to execute.

The customer is charged based on the number of requests for Lambda functions and the duration is takes for the code to execute.

Which of the following are types of cloud computing deployments? Choose 3 Public cloud Private cloud Hybrid cloud Mixed cloud

The three types of cloud deployments are Public, Hybrid, and Private (also called 'on-prem').

A video production company uploads large video files to S3 buckets using multipart upload. To which AWS Cloud best practice does this adhere? Implement Elasticity Decouple your components Design for Failure Think Parallel

Think Parallel

A video production company uploads large video files to S3 buckets using multipart upload. To which AWS Cloud best practice does this adhere?

Think parallel

You want to use your customer keys generated by KMS in the US-East region for each of the regions in your AWS environment. How can you do this?

This is NOT possible because KMS keys are region-specific KMS keys are region-specific and can only be used in the region they are created.

Which of the following are advantages of moving to AWS Cloud? Choose two Time to Market reduced. No need to guess capacity requirements. Upfront capital expenditure increased. Fixed rate cost.

Time to Market reduced. No need to guess capacity requirements.

You are gathering information to present to management on a potential move to the AWS cloud. Which items are part of the 6 advantages of cloud computing?

Trade capital expense for variable expense Increase speed and agility

Which of the following are advantage of Cloud Computing? Choose two. Stop worrying about Security. Trade capital expense for variable expense. Compliance with all local regulations. Benefit from massive economies of scale.

Trade capital expense for variable expense. Benefit from massive economies of scale.

Policies assign permissions, not IAM roles. You can use IAM roles to delegate access to your AWS resources, but underneath an IAM role is a policy. The IAM role is not appropriate in this case, just a policy. A) True B) False

True

WorkSpaces does not provide an Infrastructure as a Service (IaaS) solution. An example of IaaS in AWS is EC2. EC2 users do not own the physical servers; AWS provides virtual servers. Users only pay for the usage of the servers, saving them the cost (and associated ongoing maintenance) of investing in physical hardware. A) True B) False

True

An AWSDenyAll Policy...

Trumps any other group it may be attached too

You need to implement an automated service that will scan your AWS environment with the goal of both improving security and reducing costs. Which service should you use? CloudTrail Config Rules Service Catalog Trusted Advisor

Trusted Advisor

A video archiving company is storing files between 5 and 10 MB. But they need to minimize the upload time. What can they do?

Use Multipart Upload Multipart Upload allows you to upload a single object as a set of parts. After all parts of your object are uploaded, Amazon S3 then presents the data as a single object. You can use a multipart upload for objects from 5 MB to 5 TB in size. Amazon S3 customers are encouraged to use multipart uploads for objects greater than 100 MB.

A retail company has EC2 On-Demand instances running to serve customer transactions. There is a set pattern of traffic where demand is high at two points in the day, but the instances sit idle for much of the day. What is a good way to optimize these resources?

Use an Auto Scaling Group to scale out and in based on demand.

A retail company has EC2 On-Demand instances running to serve customer transactions. There is a set pattern of traffic where demand is high at two points in the day, but the instances sit idle for much of the day. What is a good way to optimize these resources? Write a script to stop instances when demand is low. Use an Auto Scaling Group to scale out and in based on demand. Use reserved instances instead of on-demand instances. Use an Elastic Load Balancer to scale out and in based on demand.

Use an Auto Scaling Group to scale out and in based on demand.

A new application needs temporary access to resources in AWS. How can this best be achieved?

Use an IAM role to manage temporary credentials for applications that run on an EC2 instance. When you use a role, you don't have to distribute long-term credentials (such as a user name and password or access keys) to an EC2 instance. Instead, the role supplies temporary permissions that applications can use when they make calls to other AWS resources. When you launch an EC2 instance, you specify an IAM role to associate with the instance. Applications that run on the instance can then use the role-supplied temporary credentials to sign API

What can we do in AWS to receive the benefits of volume pricing for your multiple AWS accounts?

Use consolidated billing in AWS Organizations.

What can we do in AWS to receive the benefits of volume pricing for your multiple AWS accounts? Purchase services in bulk from AWS Marketplace. Use consolidated billing in AWS Organizations. Use AWS Trusted Advisor You will receive volume pricing by default.

Use consolidated billing in AWS Organizations.

A company is lookign to help to build a secure and high performing app infrastructure using the latest AWS architectural best practices. Which of the following can provide guidance for free? Contact an AWS consulting partner Open a ticket with AWS Managed Services Use the AWS Well-Architected tool Open a case with AWS Support

Use the AWS Well-Architected tool

What is AWS Inspector?

Used for Inspecting EC2 instances for vulnerabilities

What is Cost Explorer?

Used to explore costs AFTER they are incurred lets you visualize, understand, and manage your AWS costs and usage over time. You can analyze your cost and usage data at a high level (e.g., total costs and usage across all accounts in your organization) or for highly specific requests.

AWS Artifact

Used to retrieve compliance reports Compliance Reports from all around the world

You want to define a virtual network in your AWS cloud to be able to launch resources in that virtual network. What do you need to configure? AWS Organizations VPC Internet Gateway Virtual Private Gateway

VPC

After creating an EC2 instance to host an application, the traffic to the site far exceeds what was expected. You decide to move to a larger instance type. What AWS principal does this represent?

Vertical Scaling

You are working on two projects that require completely different network configurations. Which AWS service will allow you to isolate resources and network configurations?

Virtual Private Cloud Lets you provision a logically isolated section of the AWS Cloud where you can launch AWS Resources in a virtual network that you define

Which AWS service can you use to connect your AWS cloud with an on-premises data center? Internet Gateway Virtual Private Gateway IAM VPC Peering

Virtual Private Gateway

You are leading a pilot program to try the AWS Cloud for one of your applications. You have been instructed to provide an estimate of your AWS bill. Which service will allow you to do this by manually entering your planned resources by service?

With the AWS Pricing Calculator, you can input the services you will use, and the configuration of those services, and get an estimate of the costs these services will accrue. AWS Pricing Calculator lets you explore AWS services, and create an estimate for the cost of your use cases on AWS.

You are creating a few IAM policies. This is the first time you have worked with IAM policies. Which tool can you use to test IAM policies? A) Amazon GuardDuty B) IAM Policy Simulator C) Amazon Inspector D) CloudWatch

With the IAM policy simulator, you can test and troubleshoot identity-based policies, IAM permissions boundaries, Organizations service control policies, and resource-based policies

Can You Do This?

Yes, I can.

Can you encrypt metadata in S3?

Yes, if you put the metadata in a DynamoDB table and enable encryption during creation

A company needs to manage and automate tasks on large numbers of resources at one time. Which AWS feature can do this?

You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time. This guide shows you how to create and manage resource groups in AWS Resource Groups.

What is AWS CodeStar?

a cloud based service for creating, managing and working with software development projects on AWS. You can quickly develop, build, and deploy applications on AWS.

What is AWS Snowball?

a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using storage devices designed to be secure for physical transport. Customers can transfer up to 80 Terabytes per

What is AWS CodePipeline?

a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. Automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. You can easily integrate with third-party services such as GitHub or with your own custom plugin

AWS CLI- command line interface

a unified tool to manage your AWS services With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

What does Amazon ElastiCache provide?

a web service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud. It provides a high-performance, scalable, and cost-effective caching solution, while removing the complexity associated with deploying and managing a distributed cache environment. can be used to significantly improve latency and throughput for many read-heavy applications (such as social networking, gaming, media sharing and Q&A portals) or compute-intensive workloads (such as a recommendation engine).

Security Groups

act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.

What are Amazon EC2 Dedicated Hosts?

allow you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2, so that you get the flexibility and cost-effectiveness of using your own licenses, but with the resiliency, simplicity, and elasticity of AWS. An Amazon EC2 a physical server fully dedicated for your use, so you can help address corporate compliance requirements

Multipart upload

allows you to upload a single object as a set of parts. After all parts of your object are uploaded, Amazon S3 then presents the data as a single object. You can use a multipart upload for objects from 5 MB to 5 TB in size. Amazon S3 customers are encouraged to use multipart uploads for objects greater than 100 MB.

What is AWS Snowmobile?

an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can transfer up to 100 Petabytes (PB) per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration.

Elastic Beanstalk

an application container on top of Amazon Web Services. makes it easy for developers to quickly deploy and manage applications in the AWS Cloud. Developers simply upload their application code, and it automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. PaaS solution to automate application deployment

What is CloudFormation?

an automated provisioning engine designed to deploy entire cloud environments via a JSON script allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. This gives you a single source of truth for your AWS and third party resources.

NACL- network access control list

an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. Note: act at the subnet level, but security groups act at the instance level.

What is Network Load Balancer best suited for?

best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and transport Layer Security (TLS) traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies.

CloudWatch alarm

can be set up to monitor CPU utilization and trigger further action. Further action could be an Auto Scaling Group adding another EC2 instance and/or using SNS to notify team members of the occurrence.

Amazon Kinesis

enables you to securely stream video from connected devices (IoT devices) to AWS for analytics, ML, playback and other processing

What is AWS X-Ray?

helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. provides an end-to-end view of requests as they travel through your application, and shows a map of your application's underlying components.

What is AWS WAF?

helps protect your web applications from common web exploits that could affect application availability, compromise security or consume excessive resources a firewall that will inspect your web traffic and detect if there's any malicious things (Designed to STOP HACKERS) Layer 7 firewall

AwS Trusted Advisor

inspects your AWS account as a WHOLE Does more than just security checks. It does Cost Optimization, Performance, and Fault Tolerance

AWS Data Pipeline

is a web service that helps you reliably process and move data between different AWS compute and storage services, and also on-premises data sources, at specified intervals. you can regularly access your data where it's stored, transform and process it at scale, and efficiently transfer the results to AWS services such as Amazon S3, Amazon Relational Database Service (Amazon RDS), Amazon DynamoDB, and Amazon EMR.

What is Auto Scaling?

it monitors your applications and automatically adjusts your capacity to maintain steady, predictable, performance at the lowest possible cost.

CloudWatch Logs

monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources.

When thinking about the AWS global infrastructure and the numbers of regions, availability zones, and edge locations, which of the following is correct? of Regions > # of Availability Zones > # of Edge Locations of Availability Zones > # of Regions > # of Edge Locations of Availability Zones > # of Edge Locations > # of Regions of Edge Locations > # of Availability Zones > # of Regions

of Edge Locations > # of Availability Zones > # of Regions

What is SQS? (Simple Queue Service)

offers a secure, durable, and available hosted queue that lets you integrate and decouple distributed software systems and components.

What is Virtual Private Cloud?

the service that allows a customer to create a virtual network for their resources in an isolated section of the AWS cloud.

Horizontal Scaling

the act of changing the number of nodes in a computing system without changing the size of any individual node. So, with horizontal scaling, we would add instances.

True or False: A Distribution is what we call a series of Edge Locations that make up CDN. True False

true

AwS Budgets

used to budget costs BEFORE they are incurred

Cost Explorer

used to explore costs AFTER they have been incurred

What are the default security credentials that are required to access the AWS management console for an IAM user account?

username and password

What is AWS Pricing Calculator?

you can input the services you will use, and the configuration of those services, and get an estimate of the costs these services will accrue. lets you explore AWS services, and create an estimate for the cost of your use cases on AWS.


Set pelajaran terkait

243 PrepU Ch. 24 Schizophrenia Spectrum & Other Psychotic Disorders: Management of Thought Disorders

View Set

Environmental Geology - Chapter 6: Streams and Flooding

View Set

BJU Cultural Geography Chapter 22

View Set

Industrial Mechanics 4th Edition Chapter 7: Lifting

View Set

FMF 102 USMC Mission and Organization Fundamentals

View Set

VARIABLE AND ABSORPTION COSTING PART 1

View Set