Improved Cloud Practitioner Practice Exam 5, first AWS Practice Exam 1, Cloud Practitioner Practice Exam 3, AWS Exam #2 Version #2, March 19th Exam #2, AWS Certified Cloud Practitioner Questions Set 1
Which statement is true regarding the AWS Shared Responsibility Model?
Responsibilities vary depending on the services used
What AWS tools can be used to call AWS Services from different programming languages?
AWS Software Development Kit (SDK)
You are working on two projects that require completely different network configurations. Which AWS service will allow you to isolate resources and network configurations?
virtual private cloud
Under the Shared Responsibility Model, which of the following controls do customers fully inherit from AWS? (Choose two)
1. physical controls 2. environmental controls
According to the AWS Shared responsibility model, which of the following are the responsibility of the customer? (Choose two)
1. protecting data while in-transit in Amazon S3 2. patching applications installed in EC2
Which of the following are important design principles you should adopt when designing systems on AWS? (Choose two)
1. remove single points of failure 2. automate wherever possible
Which of the following aspects of security are managed by AWS? (Choose two)
1. securing global physical infrastructure 2. hardware patching
Which of the following can help protect your EC2 instances from DDoS attacks? (Choose two)
1. security groups 2. network access control list
Which design principles relate to performance efficiency in AWS? (Choose TWO)
1. use serverless architecture 2. build multi-region architectures to better serve global customers
Which of the following can be used to protect data at rest on Amazon S3? (Choose two)
1. versioning 2. permissions
Which of the following services allows customers to manage their agreements with AWS? A. AWS Artifact B. AWS Systems Manager C. AWS Organizations D. AWS Certificate Manager
A
Which AWS Service provides the current status of all AWS Services in all AWS Regions?
AWS service health dashboard
Which of the below options are related to the reliability of AWS? (Choose TWO)
Ability to recover quickly from failures Automatically provisioning new resources to meet demand
Which of the following is equivalent to a user name and password and is used to authenticate your programmatic access to AWS services and APIs?
Access Keys
Your company has a data store application that requires access to a NoSQL database. Which AWS database offering would meet this requirement?
Amazon DynamoDB
Which of the following are examples of AWS-Managed Services, where AWS is responsible for the operational and maintenance burdens of running the service? (Choose TWO)
Amazon DynamoDB Amazon Elastic MapReduce
A company is planning to migrate a database with high read/write activity to AWS. What is the best storage option to use?
Amazon EBS
What is the primary storage service used by Amazon RDS DB instances?
Amazon EBS
What is the primary storage service used by Amazon RDS database instances?
Amazon EBS
Which service provides object-level storage in AWS?
Amazon EBS
A company is deploying a new two-tier web application in AWS. Where should the most frequently accessed data be stored so that the application's response time is optimal?
Amazon ElastiCache
Your company is designing a new application that will store and retrieve photos and videos. Which of the following services should you recommend as the underlying storage mechanism?
Amazon S3
Your company is designing a new application that will store and retrieve photos and videos. Which of the following services should you recommend to be used as the underlying storage mechanism?
Amazon S3
What are the benefits of using the Amazon Relational Database Service? (Choose two)
1. Resizable compute capacity 2. lower administrative burden
Which of the following helps a customer view the Amazon EC2 billing activity for the past month?
AWS Cost & Usage Reports
Under the shared responsibility model, which of the following is the responsibility of AWS?
Configuring infrastructure devices
What are AWS shared controls?
Controls that apply to both the infrastructure layer and customer layers
A developer needs to set up an SSL security certificate for a client's eCommerce website in order to use the HTTPS protocol. Which of the following AWS services can be used to deploy the required SSL server certificates? (Choose TWO)
1. AWS ACM 2. AWS identity and access management
Which of the following allows you to create new RDS instances? (Choose two)
1. AWS CloudFormation 2. AWS Management Console
App development companies move their business to AWS to reduce time-to-market and improve customer satisfaction, what are the AWS automation tools that help them deploy their applications faster? (Choose two)
1. AWS Elastic Beanstalk 2. AWS CloudFormation
Which of the following AWS services can be used as a compute resource? (Choose two)
1. AWS Lambda 2. AWS EC2
Which of the following AWS services scale automatically without your intervention? (Choose two)
1. AWS Lamda 2. Amazon S3
As part of the AWS Migration Acceleration Program (MAP), what does AWS provide to accelerate Enterprise adoption of AWS? (Choose TWO)
1. AWS Professional Services 2. AWS Partners
What are the connectivity options that can be used to build hybrid cloud architectures? (Choose two)
1. AWS VPN 2. AWS Direct Connect
Where can you store files in AWS? (Choose two)
1. Amazon EBS 2. Amazon EFS
What are the AWS services\features that can help you maintain a highly available and fault-tolerant architecture in AWS? (Choose two)
1. Amazon EC2 auto scaling 2. Elastic Load Balancer
Which of the following AWS services can help you perform security analysis and regulatory compliance auditing? (Choose two)
1. Amazon Inspector 2. AWS Config
Which of the following AWS services is designed with native Multi-AZ fault tolerance in mind? (Choose two)
1. Amazon Simple Storage Service (S3) 2. Amazon DynamoDB
What are the benefits of using DynamoDB? (Choose TWO)
1. Automatically scales to meet required throughput capacity 2. Offers extremely low (single-digit millisecond) latency
When running a workload in AWS, the customer is NOT responsible for: (Select two)
1. Data center operations 2. infrastructure security
Why would an organization decide to use AWS over an on-premises data center? (Choose two)
1. Elastic resources 2. cost savings
What are the Amazon RDS features that can be used to improve the availability of your database? (Choose two)
1. Multi AZ deployment 2. read replicas
Question 64: Correct Which of the following is used to control network traffic in AWS? (Choose two)
1. Network Access Control Lists (NACLs) 2. Security Groups
For managed services like Amazon DynamoDB, which of the below is AWS responsible for? (Choose two)
1. Operating system maintenance 2. Patching the database software
What are the benefits of implementing a tagging strategy for AWS resources? (Choose two)
1. Quickly identify resources that belong to a specific project 2. Track AWS spending across multiple resources
What is one benefit and one drawback of buying a reserved EC2 instance? (Select TWO)
1. Reserved instances require at least a one-year pricing commitment 2. Reserved instances provide a significant discount compared to on-demand instances
Why do many startup companies prefer AWS over traditional on-premises solutions? (Choose TWO)
1. Using AWS allows companies to replace large capital expenditure with low variable costs 2. Using AWS, they can reduce time-to-market by focusing on business activities rather than on building and managing data centers
Which statement is correct with regards to AWS service limits? (Choose two)
1. You can contact AWS support to increase the service limits 2. you can use AWS trusted advisor to monitor your service limits
Which of the following AWS services are free to use? (Choose two
1. cloudformation 2. auto scaling
What are two advantages of using Cloud Computing over using traditional data centers? (Choose two)
1. eliminating single points of failure (SPOFs) 2. distributed infrastructure
Based on the AWS Shared Responsibility Model, which of the following are the sole responsibility of AWS? (Choose two)
1. hardware maintenance 2. creating hypervisors
Which of the following are use cases for Amazon S3? (Choose two)
1. hosting static websites 2. a media store for CloudFront service
Which of the below are responsibilities of the customer when using Amazon EC2? (Choose TWO)
1. installing and configuring third party software 2. protecting sensitive data
Which of the following will impact the price paid for an EC2 instance? (Choose two)
1. instance type 2. storage capacity
Amazon Glacier is an Amazon S3 storage class that is suitable for storing ____________ & ______________. (Choose two)
1. long term analytical data 2. active archives
What are the benefits of using an AWS-managed service? (Choose two)
1. lowers operational complexity 2. allows customers to deliver new solutions faster
Using Amazon RDS falls under the shared responsibility model. Which of the following are customer responsibilities? (Choose two)
1. managing the database settings 2. building the relational database schema
Which of the following are factors in determining the appropriate database technology to use for a specific workload? (Choose two)
1. nature of queries 2. number of reads and writes per second
Which of the following reserved instance payment option result in you paying a discounted hourly rate throughout the duration of the term? (Choose two)
1. no upfront option 2. partial upfront option
You have noticed that several critical Amazon EC2 instances have been terminated. Which of the following AWS services would help you determine who took this action? A. AWS CloudTrail B. Amazon EC2 Usage report C. Amazon Inspector D. AWS Trusted Advisor
A Explanation AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. The other options are incorrect: "Amazon Inspector" is incorrect. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. "Amazon EC2 Usage report" is incorrect. The report provides a preconfigured view, based on fixed filter settings, that displays information about your usage and cost trends. "AWS Trusted Advisor" is incorrect. AWS Trusted Advisor is an online tool that provides real time guidance to help you provision your resources following AWS best practices.
What do you gain from setting up consolidated billing for five different AWS accounts under another master account? A. Each AWS account gets volume discounts B. Each AWS account gets six times the free-tier services capacity C. AWS services costs will be reduced to half the original D. The consolidated billing feature is just for organizational purposes
A Explanation AWS consolidated billing enables an organization to consolidate payments for multiple Amazon Web Services (AWS) accounts within a single organization by making a single paying account. For billing purposes, AWS treats all the accounts on the consolidated bill as one account. Some services, such as Amazon EC2 and Amazon S3 have volume pricing tiers across certain usage dimensions that give the user lower prices when they use the service more. For example if you use 50 TB in each account you would normally be charged $23 *50*3 (because they are 3 different accounts), But with consolidated billing you would be charged $23*50+$22*50*2 (because they are treated as one account) which means that you would save $100.
Which of the following must an IAM user provide to interact with AWS services using the AWS Command Line Interface (AWS CLI)? A. Access keys B. Secret token C. User name and password D. User ID
A Explanation Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests to AWS using the CLI or the SDK.
Which statement is true regarding the AWS shared responsibility model? A. Responsibilities vary depending on the services used. B. Security of the managed services is the responsibility of the customer C. Patching the guest OS is the responsibility of AWS for all services D. Security of the IaaS services is the responsibility of AWS
A Explanation Customers should be aware that their responsibilities may vary depending on the AWS services chosen. For example, when using Amazon EC2, you are responsible for applying operating system and application security patches regularly. However, such patches are applied automatically when using Amazon RDS. The other options are incorrect: "Security of the IaaS services is the responsibility of AWS" is incorrect. AWS products that fall into the well-understood category of Infrastructure as a Service (IaaS)—such as Amazon EC2, Amazon VPC, and Amazon S3—are completely under your control and require you to perform all of the necessary security configuration and management tasks. For example, for EC2 instances, you're responsible for management of the guest OS (including updates and security patches), any application software or utilities you install on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. These are basically the same security tasks that you're used to performing no matter where your servers are located. "Security of the managed services is the responsibility of the customer" is incorrect. AWS is responsible for the security configuration of its managed services. Examples of these types of services include Amazon DynamoDB, Amazon RDS, Amazon Redshift, Amazon Elastic MapReduce, and Amazon WorkSpaces. For most of these services, all you have to do is to configure logical access controls on the resources and protect your account credentials, but overall, the security configuration work is performed by the service. "Patching the guest OS is the responsibility of AWS for all services" is incorrect. A computer on which AWS runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine. AWS drives the concept of virtualization by allowing the physical host machine to operate multiple virtual machines as guests (for multiple customers) to help maximize the effective use of computing resources such as memory, network bandwidth and CPU cycles. Patching the guest operating system is the responsibility of AWS for the managed services only (such as Amazon RDS). The customer is responsible for patching the guest OS for other services (such as Amazon EC2). AWS is responsible for patching the underlying hosts, upgrading the firmware, and fixing flaws within the infrastructure for all services, including Amazon EC2.
Availability Zones within a Region are connected over low-latency links. Which of the following is a benefit of these links? A. Make synchronous replication of your data possible B. Automate the process of provisioning new compute resources C. Achieve global high availability D. Create private connection to your data center
A Explanation Each AWS Region contains multiple distinct locations, or Availability Zones. Each Availability Zone is engineered to be independent from failures in other Availability Zones. An Availability Zone is a data center, and in some cases, an Availability Zone consists of multiple data centers. Availability Zones within a Region provide inexpensive, low-latency network connectivity to other zones in the same Region. This allows you to replicate data across data centers in a synchronous manner so that failover can be automated and appear transparent to your users. The other options are incorrect: "Automate the process of provisioning new compute resources" is incorrect. There is no relation between low-latency links and provisioning new resources. Auto Scaling is the service that can be used to automate the process of creating new compute resources. "Achieve global high availability" is incorrect. You cannot achieve global high availability by merely using Availability Zones within the same Region. You should deploy your application in multiple regions closest to your users or use the AWS CloudFront service to achieve high global availability. "Create private connection to your data center" is incorrect. The AWS Direct Connect service is the service that can be used to establish a private connection between AWS and your datacenter.
You want to create a backup of your data in another geographical location. Where should you create this backup? A. In another Region B. In another Edge location C. In another VPC D. In another Availability Zone
A Explanation Since you want to store your backup in another geographical location, then you should create it in another AWS Region. An AWS Region is a physical location around the world where AWS cluster data centers. AWS calls each group of logical data centers an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate Availability Zones within a geographic area. The other options are incorrect. "In another Edge location" is incorrect. Edge locations are used in conjunction with the CloudFront service to cache and deliver content to global users with low latency. They are not used to store backups. "In another Availability Zone" is incorrect. Availability Zones of a Region exist within a single geographic area. "In another VPC" is incorrect. Amazon Virtual Private Cloud (Amazon VPC) is not a geographic location. Amazon VPC is a networking service that enables you to create an isolated virtual network in the AWS Cloud. You can create up to 5 VPCs within a single AWS Region.
A company complains that they are wasting a lot of money on underutilized compute resources in AWS. Which AWS feature should they use to ensure that their applications are automatically adding/removing compute capacity to closely match the required demand? A. AWS Auto Scaling B. AWS Budgets C. AWS Elastic Load Balancer D. AWS Cost Explorer
A Explanation Auto scaling is the feature that automates the process of adding/removing the server capacity (based on demand). Autoscaling allows you to reduce your costs by automatically turning off resources that aren't in use. On the other hand, Autoscaling ensures that your application runs effectively by provisioning more server capacity if required. The other options are incorrect: "AWS Budgets" is incorrect. AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. "AWS Elastic Load Balancer" is incorrect. AWS Elastic Load Balancer (ELB) is a service that distributes the incoming application traffic to multiple targets that you define. "AWS Cost Explorer" is incorrect. AWS Cost Explorer provides an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time.
What is the AWS service that enables AWS architects to manage infrastructure as code? A. AWS CloudFormation B. Amazon EMR C. Amazon SES D. AWS Config
A Explanation AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. You don't need to individually create and configure AWS resources and figure out what's dependent on what; AWS CloudFormation handles all that for you. The other options are incorrect: "Amazon SES" is incorrect. Amazon SES refers to the Amazon Simple Email service. "AWS Config" is incorrect. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. "Amazon EMR" is incorrect. Amazon EMR is used to run and scale Apache Spark, Hadoop, Presto, and other Big Data Frameworks.
Select TWO examples of the AWS shared controls. A. Configuration Management B. VPC Management C. IAM Management D. Patch Management E. Data Center Operations
A & D Explanation Shared Controls are controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: ** Patch Management - AWS is responsible for patching the underlying hosts and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. ** Configuration Management - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. ** Awareness & Training - AWS trains AWS employees, but a customer must train their own employees. Additional information: A computer on which AWS runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine. AWS drives the concept of virtualization by allowing the physical host machine to operate multiple virtual machines as guests (for multiple customers) to help maximize the effective use of computing resources such as memory, network bandwidth and CPU cycles. The other options are incorrect: "Data Center operations" is incorrect. Data Center operations are an AWS responsibility. "VPC Management" and "IAM Management" are incorrect. VPC and IAM management are customer responsibilities.
What does the AWS Personal Health Dashboard provide? (Choose two) A. Detailed troubleshooting guidance to address AWS events impacting your resources B. Published information about the current status and availability of all AWS services C. A dashboard detailing vulnerabilities in your applications D. Personalized view of AWS service health E. Recommendations for Cost Optimization
A & D Explanation AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. The benefits of the AWS personal health dashboard include: **A personalized View of Service Health: Personal Health Dashboard gives you a personalized view of the status of the AWS services that power your applications, enabling you to quickly see when AWS is experiencing issues that may impact you. For example, in the event of a lost EBS volume associated with one of your EC2 instances, you would gain quick visibility into the status of the specific service you are using, helping save precious time troubleshooting to determine root cause. **Proactive Notifications: The dashboard also provides forward looking notifications, and you can set up alerts across multiple channels, including email and mobile notifications, so you receive timely and relevant information to help plan for scheduled changes that may affect you. In the event of AWS hardware maintenance activities that may impact one of your EC2 instances, for example, you would receive an alert with information to help you plan for, and proactively address any issues associated with the upcoming change. **Detailed Troubleshooting Guidance: When you get an alert, it includes remediation details and specific guidance to enable you to take immediate action to address AWS events impacting your resources. For example, in the event of an AWS hardware failure impacting one of your EBS volumes, your alert would include a list of your affected resources, a recommendation to restore your volume, and links to the steps to help you restore it from a snapshot. This targeted and actionable information reduces the time needed to resolve issues. The other options are incorrect: "A dashboard detailing vulnerabilities in your applications" is incorrect. You can check your applications for vulnerabilities using other services such as Amazon Inspector. "Recommendations for Cost Optimization" is incorrect. You can get help about cost optimization using other services such as the AWS Trusted Advisor. "Published information about the current status and availability of all AWS services" is incorrect. You can get information about the current status and availability of the AWS services any time using the AWS Service Health Dashboard that is available at this link: https://status.aws.amazon.com/
A company is introducing a new product to their customers, and is expecting a surge in traffic to their web application. As part of their Enterprise Support plan, which of the following provides the company with architectural and scaling guidance? A. Infrastructure Event Management B. AWS Support API C. AWS Personal Health Dashboard D. AWS Support Concierge Service
A. Explanation AWS Infrastructure Event Management is a short-term engagement with AWS Support, included in the Enterprise-level Support product offering, and available for additional purchase for Business-level Support subscribers. AWS Infrastructure Event Management partners with your technical and project resources to gain a deep understanding of your use case and provide architectural and scaling guidance for an event. Common use-case examples for AWS Event Management include advertising launches, new product launches, and infrastructure migrations to AWS. The other options are incorrect: "AWS Personal Health Dashboard" is incorrect. AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. AWS Support API is incorrect. The AWS Support API provides access to some of the features of the AWS Support Center via an API. AWS Support Concierge Service is incorrect. AWS Support Concierge Service assists customers with account and billing inquiries.
Which of the following are examples of AWS-Managed Services, where AWS is responsible for the operational and maintenance burdens of running the service? (Choose TWO) A. Amazon Elastic MapReduce B. Amazon VPC C. Amazon Elastic Compute Cloud D. AWS IAM E. Amazon DynamoDB
A & E Explanation For managed services such as Amazon Elastic MapReduce (Amazon EMR) and DynamoDB, AWS is responsible for performing all the operations needed to keep the service running. Amazon EMR launches clusters in minutes. You don't need to worry about node provisioning, infrastructure setup, Hadoop configuration, or cluster tuning. Amazon EMR takes care of these tasks so you can focus on analysis. DynamoDB is serverless with no servers to provision, patch, or manage and no software to install, maintain, or operate. DynamoDB automatically scales tables up and down to adjust for capacity and maintain performance. Availability and fault tolerance are built in, eliminating the need to architect your applications for these capabilities. Other managed services include: Amazon RDS, Amazon Redshift, Amazon WorkSpaces, Amazon CloudFront, Amazon CloudSearch and several other services. For these managed services, AWS is responsible for most of the configuration and management tasks, but customers are still responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions. NOTE: The AWS managed services we mentioned above are different than the AWS Managed Services (AMS) service. AMS is an AWS service that operates AWS on behalf of enterprise customers and partners. Enterprises want to adopt AWS at scale but often the skills that have served them well in traditional IT do not always translate to success in the cloud. AWS Managed Services (AMS) enables them to migrate to AWS at scale more quickly, reduce their operating costs, improve security and compliance and focus on their differentiating business priorities. The other options are incorrect: "Amazon VPC" is incorrect. Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment. Amazon VPC is not a managed service, you are responsible for managing almost everything when using the Amazon VPC service. "Amazon Elastic Compute Cloud" is incorrect. Amazon Elastic Compute Cloud (Amazon EC2) is a service that gives you complete control over your compute resources. Apart from patching the underlying host - which is the responsibility of AWS - you are responsible for managing almost everything in your server instances when using Amazon EC2. "AWS IAM" is incorrect. AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
What does Amazon Elastic Beanstalk provide?
A PaaS solution to automate application deployment
A company is introducing a new product to their customers, and is expecting a surge in traffic to their web application. As part of their Enterprise Support plan, which of the following provides the company with architectural and scaling guidance? A. Infrastructure Event Management B. AWS Support API C. AWS Personal Health Dashboard D.AWS Support
A. Explanation AWS Infrastructure Event Management is a short-term engagement with AWS Support, included in the Enterprise-level Support product offering, and available for additional purchase for Business-level Support subscribers. AWS Infrastructure Event Management partners with your technical and project resources to gain a deep understanding of your use case and provide architectural and scaling guidance for an event. Common use-case examples for AWS Event Management include advertising launches, new product launches, and infrastructure migrations to AWS. The other options are incorrect: "AWS Personal Health Dashboard" is incorrect. AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. AWS Support API is incorrect. The AWS Support API provides access to some of the features of the AWS Support Center via an API. AWS Support Concierge Service is incorrect. AWS Support Concierge Service assists customers with account and billing inquiries.
A company is deploying a new two-tier web application in AWS. Where should the most frequently accessed data be stored so that the application's response time is optimal? A. Amazon ElastiCache B. Amazon EBS Volume C. AWS Storage Gateway D. AWS OpsWorks
A. Explanation Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases. The primary purpose of an in-memory data store is to provide ultrafast (submillisecond latency) and inexpensive access to copies of data. Querying a database is always slower and more expensive than locating a copy of that data in a cache. Some database queries are especially expensive to perform. An example is queries that involve joins across multiple tables or queries with intensive calculations. By caching (storing) such query results, you pay the price of the query only once. Then you can quickly retrieve the data multiple times without having to re-execute the query. The other options are incorrect: "AWS Storage Gateway" is incorrect. AWS Storage Gateway is not a caching service, it is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. "Amazon EBS volume" is incorrect. An Amazon EBS volume is a durable, block-level storage device that you can attach to a single EC2 instance. You can use EBS volumes as primary storage for data that requires frequent updates, such as the system drive for an instance or storage for a database application. You can also use them for throughput-intensive applications that perform continuous disk scans. "AWS OpsWorks" is incorrect. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.
An organization has decided to reserve EC2 compute capacity for three years in order to get more discounts. Their application workloads are likely to change during this time period. What is the EC2 Reserved Instance (RI) type that will allow them to modify the reservation whenever they need to? A. Convertible RIs B.Schedule RIs C. Elastic RIs D. Standard RIs
A. Explanation Convertible RIs provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. These attributes include instance family, instance type, platform, scope, and tenancy. The other options are incorrect: "Standard RIs" is incorrect. Standard RIs provide the most significant discount (up to 75% off On-Demand) and are best suited for steady-state usage. Standard Reserved Instances are not modifiable "Scheduled RIs" is incorrect. Scheduled RIs are available to launch within the time windows you reserve. This option allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month. Scheduled Reserved Instances are not modifiable Elastic RI is not a valid RI type.
What is the advantage of the AWS-recommended practice of decoupling applications? A. Reduces inter-dependencies so that failures do not impact other components of the application. B. Allows updates of any monolithic application quickly and easily C. Allows treating an application as a single, cohesive unit D. Allows tracking of any API call made to any AWS service.
A. Explanation As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components. On the other hand if the components of an application are tightly coupled and one component fails, the entire application will also fail. Therefore when designing your application, you should always decouple its components. The other options are incorrect: "Allows treating an application as a single, cohesive unit" is incorrect. Decoupling allows you to deal with your application as multiple independent components (microservices) not as a single, cohesive unit. "Allows tracking of any API call made to any AWS service" is incorrect. There is no relation between decoupling an application and tracking API calls. API calls are tracked by AWS CloudTrail. "Allows updates of any monolithic application quickly and easily" is incorrect. Decoupling is the exact opposite of having a monolithic application. A monolithic application is designed to be self-contained; components of the program are interconnected and interdependent rather than loosely coupled as is the case with Microservices applications (or loosely-coupled applications). Decoupling allows the update of any microservices application component to occur quickly and independently of the remainder of the application. This allows developers to work independently to update multiple components at the same time. On the other hand, a monolithic application is a single unit and takes more time and effort to be updated.
Which of the following services can help protect your web applications from SQL injection and other vulnerabilities in your application code?
AWS WAF
A company has deployed a new web application on multiple Amazon EC2 instances. Which of the following should they use to ensure that the incoming HTTP traffic is distributed evenly across the instances?
AWS Application load balancer
In your on-premises environment, you can create as many virtual servers as you need from a single template. What can you use to perform the same in AWS?
AMI
In your on-premises environment you can create as many virtual servers as you need from a single template. What can you use to perform the same in AWS?,
AMI (amazon Machine Image)
A company has created a solution that helps AWS customers improve their architectures on AWS. Which AWS program may support this company?
APN Consulting Partners
A company has created a solution that helps AWS customers improve their architectures on AWS. Which AWS program may support this company?
APN consulting partners
Which of the following AWS Services helps with planning application migration to the AWS Cloud?
AWS Application Discovery Service helps systems integrators quickly and reliably plan application migration projects by automatically identifying applications running in on-premises data centers, their associated dependencies, and their performance profiles
A company has deployed a new web application on multiple Amazon EC2 instances. Which of the following should they use to ensure that the incoming HTTP traffic is distributed evenly across the instances?
AWS Application Load Balanacer
Which of the following services allows customers to manage their agreements with AWS?
AWS Artifact
A company is concerned that they are spending money on underutilized compute resources in AWS. Which AWS feature will help ensure that their applications are automatically adding/removing EC2 compute capacity to closely match the required demand?
AWS Auto Scaling
What is the AWS tool that enables you to use scripts to manage all AWS services and resources?
AWS CLI
What is the framework created by AWS Professional Services that helps organizations design a road map to successful cloud adoption?
AWS Cloud Adoption Framework (AWS CAF)
What is the AWS service that enables AWS architects to manage infrastructure as code?
AWS CloudFormation
A company needs to track resource changes using the API call history. Which AWS service can help the company achieve this goal?
AWS CloudTrail
You have noticed that several critical Amazon EC2 instances have been terminated. Which of the following AWS services would help you determine who took this action?
AWS CloudTrail
What are the change management tools that helps AWS customers audit and monitor all resource changes in their AWS environment? (Choose TWO)
AWS CloudTrail & AWS Config
Which AWS Service can be used to establish a dedicated private network connection between AWS and your datacenter?,
AWS Direct Connect
Which AWS Service can be used to establish a dedicated, private network connection between AWS and your datacenter?
AWS Direct Connect
What does Amazon CloudFront use to distribute content to global users with low latency?
AWS Edge Locations
Which AWS Service is used to manage user permissions?
AWS IAM
An organization runs many systems and uses many AWS products. Which of the following services enables them to control how each developer interacts with these products?
AWS Identity & Access Management
An organization runs many systems and uses many AWS products. Which of the following services enables them to control how each developer interacts with these products?
AWS Identity and Access Management (IAM)
As part of the Enterprise support plan, who is the primary point of contact for ongoing support needs?
AWS Identity and Access Management (IAM) user
Which AWS service or feature can be used to call AWS Services from different programming languages?
AWS Lamba
What is the AWS serverless service that allows you to run your applications without any administrative burden?
AWS Lambda
Savings plans are available for which of the following AWS compute services?
AWS Lambda, Amazon EC2, Fargate
What is the AWS feature that provides an additional level of security above the default authentication mechanism of usernames and passwords?
AWS MFA
What is the AWS feature that provides an additional level of security above the default authentication mechanism of usernames and passwords? A. AWS KMS B. Encrypted Keys C. AWS MFA D. Email Verification
AWS MFA Explanation AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of using just your user name and password to authenticate. The other options are incorrect: "Encrypted keys" is incorrect. Logging into the AWS management console doesn't require encrypted keys. "Email verification" is incorrect. Email verification is the process of verifying your ownership of an account's e-mail address. "AWS KMS" is incorrect. AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.
AWS allows users to manage their resources using a web based user interface. What is the name of this interface?
AWS Management Console
A global company with a large number of AWS accounts is seeking a way in which they can centrally manage billing and security policies across all accounts. Which AWS Service will assist them in meeting these goals?
AWS Organisations
What is the AWS service that enables you to manage all of your AWS accounts from a single master account?
AWS Organizations
Hundreds of thousands of DDoS attacks are recorded every month worldwide. What service does AWS provide to help protect AWS Customers from these attacks? (Choose TWO)
AWS WAF AWS Shield
What does AWS provide to deploy popular technologies - such as IBM MQ - on AWS with the least amount of effort and time?
AWS Quick Start reference deployments
What does AWS provide to deploy popular technologies - such as IBM MQ - on AWS with the least amount of effort and time? A. Amazon CloudWatch B. AWS Quick Start reference deployments C. AWS OpsWorks D. Amazon Aurora
AWS Quick Start reference deployments Explanation AWS Quick Start Reference Deployments outline the architectures for popular enterprise solutions on AWS and provide AWS CloudFormation templates to automate their deployment. Each Quick Start launches, configures, and runs the AWS compute, network, storage, and other services required to deploy a specific workload on AWS, using AWS best practices for security and availability. Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices. These accelerators reduce hundreds of manual installation and configuration procedures into just a few steps, so you can build your production environment quickly and start using it immediately. The other options are incorrect: AWS OpsWorks" is incorrect. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. "Amazon CloudWatch" is incorrect. Amazon CloudWatch is mainly used to monitor the utilization of your AWS resources. "Amazon Aurora" is incorrect. Amazon Aurora is a database service.
A company uses AWS Organizations to manage all of its AWS accounts. Which of the following allows the company to restrict what services and actions are allowed in each individual account?
AWS Service Control Policies (SCPs)
A company has an AWS Enterprise Support plan. They want quick and efficient guidance with their billing and account inquiries. Which of the following should the company use?
AWS Support Concierge
Which of the following statements describes the AWS Cloud's agility?
AWS allows you to provision resources in minutes
A company has an Enterprise Support subscription. They want quick and efficient guidance with their billing and account inquiries. Which of the following should the company use? A. AWS Support API B. AWS Operations Support C. AWS Support Concierge D. AWS Personal Health Dashboard
AWS Support Concierge Explanation Included as part of the Enterprise Support plan, the Support Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts. The Concierge team will quickly and efficiently assist you with your billing and account inquiries, and work with you to help implement billing and account best practices so that you can focus on running your business. Support Concierge service includes: ** 24 x7 access to AWS billing and account inquires. ** Guidance and best practices for billing allocation, reporting, consolidation of accounts, and root-level account security. ** Access to Enterprise account specialists for payment inquiries, training on specific cost reporting, assistance with service limits, and facilitating bulk purchases. The other options are incorrect: "AWS Support API" is incorrect. The AWS Support API provides programmatic access to AWS Support Center features to create, manage, and close your support cases, and operationally manage your Trusted Advisor check requests and status. "AWS Operations Support" is incorrect. AWS Operations Support is an Enterprise support program that provides operations assessments and analysis to identify gaps across the operations lifecycle, as well as recommendations based on best practices. "AWS Personal Health Dashboard" is incorrect. AWS Personal Health Dashboard provides a personalized view of the health of AWS services, and alerts when your resources are impacted. Also includes the Health API for integration with your existing management systems.
TYMO Cloud Corp is looking forward to migrating their entire on-premises data center to AWS. What tool can they use to perform a cost-benefit analysis of moving to the AWS Cloud?
AWS TCO Calculator
A company has hundreds of VPCs in multiple AWS Regions worldwide. What service does AWS offer to simplify the connection management among the VPCs?
AWS Transit Gateway
Which AWS service provides cost-optimization recommendations?
AWS Trusted Advisor
Your company is developing a critical web application in AWS, and the security of the application is a top priority. Which of the following AWS services will provide infrastructure security optimization recommendations?
AWS Trusted Advisor
A company is developing a new application using a microservices framework. The new application is having performance and latency issues. Which AWS Service should be used to troubleshoot these issues?
AWS X Ray
A company is developing a new application using a microservices framework. The new application is having performance and latency issues. Which AWS Service should be used to troubleshoot these issues?
AWS X-Ray
There are performance issues with your under-development application, which of the following AWS services would help you analyze these issues?
AWS X-Ray helps developers analyze and debug distributed applications in production or under development, such as those built using microservice architecture. With X-Ray, you can understand how your application and its underlying services are performing so you can identify and troubleshoot the root cause of performance issues and errors
How can AWS customers track and avoid over-spending on underutilized reserved instances?
AWS budgets service
A company is trying to analyze the costs applied to their AWS account recently. Which of the following provides them the most granular data about their AWS costs and usage?
AWS cost and usage report
What is the AWS tool that can help a company visualize their AWS spending in the last few months?
AWS cost explorer
Data security is one of the top priorities of AWS. How does AWS deal with old storage devices that have reached the end of their useful life?
AWS destroys the old devices in accordance with industry-standard practices
Which statement best describes AWS?
AWS is a cloud services provider
An organization needs to analyze and process a large number of data sets. Which AWS service should they use?
Amazon EMR (Elastic Map Reduce)
Which of the following must an IAM user provide to interact with AWS services using the AWS Command Line Interface (AWS CLI)?
Access keys
Amazon Glacier is an Amazon S3 storage class that is suitable for storing ____________ & ______________. (Choose TWO)
Active Archives & Long Term Analytic Data
Amazon Glacier is an Amazon S3 storage class that is suitable for storing ____________ & ______________. (Choose TWO)
Active Archives & Long Term analytic data
Which of the following is an example of horizontal scaling in the AWS Cloud?
Adding more EC2 instances of the same size to handle an increase in traffic
You have set up consolidated billing for several AWS accounts. One of the accounts has purchased a number of reserved instances for 3 years. Which of the following is true regarding this scenario?
All accounts can receive the hourly cost benefit of the Reserved Instances
A developer is planning to build a two-tier web application that has a MySQL database layer. Which of the following AWS database services would provide automated backups for the application?
Amazon Aurora
What is the AWS service that provides five times the performance of a standard MySQL database?
Amazon Aurora
Which of the following AWS offerings is a MySQL-compatible relational database service that can scale capacity automatically based on demand?
Amazon Aurora
Which of the following AWS offerings is a MySQL-compatible relational database that can scale capacity automatically based on demand?
Amazon Aurora
A developer is planning to build a two-tier web application that has a MySQL database layer. Which of the following AWS database services would provide automated backups to his application? A. Amazon Aurora B. Amazon DynamoDB C. A MySQL database installed on an EC2 instance D. Amazon DocumentDB
Amazon Aurora Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud. Amazon Aurora combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases. It delivers up to five times the throughput of standard MySQL and up to three times the throughput of standard PostgreSQL. Amazon Aurora is designed to be compatible with MySQL and with PostgreSQL, so that existing applications and tools can run without requiring modification. It is available through Amazon Relational Database Service (RDS), freeing you from time-consuming administrative tasks such as provisioning, patching, backup, recovery, failure detection, and repair.
A company is planning to host an educational website on AWS. Their video courses will be streamed all around the world. Which of the following AWS services will help achieve high transfer speeds?
Amazon CloudFront
Which AWS service uses Edge Locations to cache content?
Amazon CloudFront
Which of the following can be described as a global content delivery network (CDN) service?
Amazon CloudFront
Which AWS services can be used to improve the performance of a global application and reduce latency for its users?
Amazon CloudFront, Amazon global accelerator
Which AWS Service enables customers to set up an AWS billing alarm to inform them when their spending exceeds a certain threshold?
Amazon CloudWatch
You have deployed your application on multiple Amazon EC2 instances. Your customers complain that sometimes they can't reach your application. Which AWS service allows you to monitor the performance of your EC2 instances to assist in troubleshooting these issues?
Amazon CloudWatch
What is the AWS database service that allows you to upload data structured in key-value format?
Amazon DynamoDB
What is the AWS service that provides you the highest level of control over the underlying virtual infrastructure?
Amazon EC2
Both AWS and traditional IT distributors provide a wide range of virtual servers to meet their customers' requirements. What is the name of these virtual servers in AWS?
Amazon EC2 instances
Which of the following is NOT a characteristic of Amazon Elastic Compute Cloud (Amazon EC2)?
Amazon EC2 is considered a Serverless Web Service is not a characteristic of Amazon EC2
Which of the following services allows you to run containerized applications on a cluster of EC2 instances?
Amazon ECS
An organization needs to analyze and process a large number of data sets. Which AWS service should they use?
Amazon EMR
A company has a large amount of data to be archived. What is the most cost-effective AWS storage service to use?
Amazon Glacier
What is the AWS service that performs automated network assessments of Amazon EC2 instances to check for vulnerabilities?
Amazon Inspector
A company has moved to AWS recently. Which of the following AWS Services will help ensure that they have the proper security settings? (Choose TWO)
Amazon Inspector AWS Trusted Advisor
A company has a large amount of structured data stored in their on-premises data center. They are planning to migrate all the data to AWS what is the most appropriate AWS database option?
Amazon RDS
A company has a large amount of structured data stored in their on-premises data center. They are planning to migrate all the data to AWS, what is the most appropriate AWS database option?
Amazon RDS
There is a need to import a large amount of structured data into a database service. What is the AWS database service that best achieves this?
Amazon RDS
You work as an on-premises MySQL DBA. The work of database configuration, backups, patching, and DR can be time-consuming and repetitive. Your company has decided to migrate to the AWS Cloud. Which of the following can help save time on database maintenance so you can focus on data architecture and performance?
Amazon RDS
What is the AWS data warehouse service that supports a high level of query performance on large amounts of datasets?
Amazon RedShift
What is the AWS data warehouse service that supports a high level of query performance on large amounts of datasets?
Amazon Redshift
Which AWS Service can be used to register a new domain name?
Amazon Route 53
The identification process of an online financial services company requires that new users must complete an online interview with their security team. The completed recorded interviews are only required in the event of a legal issue or a regulatory compliance breach. What is the most cost-effective service to store the recorded videos?
Amazon S3 Glacier Deep Archive
Which S3 storage class is best for data with unpredictable access patterns?
Amazon S3 Intelligent-Tiering
Which of the following is not a benefit of Amazon S3? (Choose TWO)
Amazon S3 can run any type of application or backend system Amazon S3 can be scaled manually to store and retrieve any amount of data from anywhere
Which AWS service can be used to store and reliably deliver messages across distributed systems?
Amazon Simple Queue Service (SQS)
Which service is used to ensure that messages between software components are not lost if one or more components fail?
Amazon SQS
Which AWS service can be used to store and reliably deliver messages across distributed systems?
Amazon Simple Queue Service
What is the AWS service that provides a virtual network dedicated to your AWS account?
Amazon VPC
Which AWS Service creates a virtual network in AWS?
Amazon VPC
What is the AWS service that provides a virtual network dedicated to your AWS account? A. Amazon VPC B. AWS Dedicated Hosts C. AWS VPN D. AWS Subnets
Amazon VPC Explanation Amazon Virtual Private Cloud (Amazon VPC) allows you to carve out a portion of the AWS Cloud that is dedicated to your AWS account. Amazon VPC enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS. The other options are incorrect: "AWS Dedicated Hosts" is incorrect. An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts can save you money by enabling you to leverage your existing server-bound software license investments (e.g., Windows Server, Windows SQL Server, and SUSE Linux Enterprise Server) within EC2, subject to your license terms. Dedicated Hosts also give you more flexibility, visibility, and control over the placement of instances on dedicated hardware. This makes it easier to ensure you deploy your instances in a way that meets your compliance and regulatory requirements. "AWS VPN" is incorrect. AWS Virtual Private Network (AWS VPN) allows you to establish a secure and private tunnel from your network or device to the AWS global network. "AWS Subnets" is incorrect. A subnet is a range of IP addresses within a VPC.
Which statement best describes the concept of an AWS region?
An AWS Region is a geographical location with a collection of Availability Zones
Which of the following is NOT correct regarding Amazon EC2 On-demand instances?
You have to pay a start up fee when launching a new instance for the first time
What is AWS Lambda?
An AWS service that allows customers to run code without provisioning or managing servers
In order to implement best practices when dealing with a "Single Point of Failure," you should attempt to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help? (Choose TWO)
Auto scaling ELB
Which of the below is a best-practice when designing solutions on AWS?
Automate wherever possible to make architectural experimentation easier
A company is planning to host an educational website on AWS. Their video courses will be streamed all around the world. Which of the following AWS services will help achieve high transfer speeds? A. Amazon Kinesis Video Streams B. Amazon CloudFront C. AWS CloudFormation D. Amazon SNS
B Explanation Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. The use cases of Amazon CloudFront include: 1- Accelerate static website content delivery. CloudFront can speed up the delivery of your static content (for example, images, style sheets, JavaScript, and so on) to viewers across the globe. By using CloudFront, you can take advantage of the AWS backbone network and CloudFront edge servers to give your viewers a fast, safe, and reliable experience when they visit your website. 2- Live & on-demand video streaming.The Amazon CloudFront CDN offers multiple options for streaming your media - both pre-recorded files and live events - at sustained, high throughput required for 4K delivery to global viewers. 3- Security. CloudFront integrates seamlessly with AWS Shield for Layer 3/4 DDoS mitigation and AWS WAF for Layer 7 protection. 4- Customizable content delivery with Lambda@Edge. Lambda@Edge is a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency. The other options are incorrect: "AWS CloudFormation" is incorrect. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. "Amazon Kinesis Video Streams" is incorrect. Amazon Kinesis Video Streams enables you to securely stream video from connected devices (IoT devices) to AWS for analytics, machine learning (ML), playback, and other processing. Kinesis Video Streams automatically provisions and elastically scales all the infrastructure needed to ingest streaming video data from millions of devices. It durably stores, encrypts, and indexes video data in your streams, and allows you to access your data through easy-to-use APIs. "Amazon SNS" is incorrect. Amazon Simple Notification Service (SNS) is a fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. Using Amazon SNS topics, your publisher systems can fan out messages to a large number of subscriber endpoints for parallel processing, including AWS Lambda functions, and HTTP/S webhooks. Additionally, SNS can be used to fan out notifications to end users using mobile push, SMS, and email.
You work as an on-premises MySQL DBA. The work of database configuration, backups, patching, and DR can be time-consuming and repetitive. Your company has decided to migrate to the AWS Cloud. Which of the following can help save time on the regular database tasks so you can focus on giving users the fast performance and high availability that they need? A. Amazon CloudWatch B. Amazon RDS C. Amazon DynamoDB D. Amazon Redshift
B Explanation Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity while automating time-consuming administration tasks such as hardware provisioning, operating system maintenance, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. The other options are incorrect: Amazon Redshift is incorrect. Amazon Redshift is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools. Amazon DynamoDB is incorrect. Amazon DynamoDB is a NoSQL database service. Amazon CloudWatch is incorrect. Amazon CloudWatch is a monitoring service that gives you complete visibility of your cloud resources and applications
What does Amazon CloudFront use to distribute content to global users with low latency? A. AWS Regions B. AWS Edge Locations C. AWS Global Accelerator D. AWS Data Centers
B. Explanation To deliver content to global end users with lower latency, Amazon CloudFront uses a global network of Edge Locations and Regional Edge Caches in multiple cities around the world. Amazon CloudFront uses this network to cache copies of your content close to your end-users. Amazon CloudFront ensures that end-user requests are served by the closest edge location. As a result, end-user requests travel a short distance, improving performance for your end-users, while reducing the load on the origin servers. The other options are incorrect: AWS Global Accelerator is incorrect. AWS Global Accelerator and CloudFront are two separate services that use the AWS global network and its edge locations around the world. CloudFront improves performance for both cacheable (e.g., images and videos) and dynamic content (e.g. dynamic site delivery). Global Accelerator is a good fit for specific use cases, such as gaming, IoT or Voice over IP. "AWS Data Centers" and "AWS Regions" are incorrect. Amazon CloudFront only uses Edge Locations or Regional Edge Caches.
Under the shared responsibility model, Which of the following is the AWS' responsibility? A. Server side encryption B. Configuring infrastructure devices C. Client side encryption D. Filtering traffic with Security Groups
B Explanation Under the shared responsibility model, AWS is responsible for the hardware and software that run AWS services. This includes patching the infrastructure software and configuring infrastructure devices. As a customer, you are responsible for implementing best practices for data encryption, patching guest operating system and applications, identity and access management, and network & firewall configurations. The other options are incorrect. "Filtering traffic with Security Groups" is incorrect. The AWS Customer is responsible for all network and firewall configurations, including the configuration of Security Groups, Network Access Control Lists (NACLs), and Routing tables. "Client-side encryption" and "Server-side encryption" are incorrect. Data encryption is the responsibility of the customer. Additional information: AWS offers a lot of services and features that help AWS customers protect their data in the cloud. Customers can protect their data by encrypting it in transit and at rest. They can use Cloudtrail to log API and user activity, including who, what, and from where calls were made. They can also use the AWS Identity and Access Management (IAM) to control who can access or edit their data.
In order to implement best practices when dealing with a "Single Point of Failure," you should aim to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help? (Choose two) A. ECR B. ELB C. Auto Scaling D. Amazon EC2 E. Amazon Athena
B & C Explanation You should aim to build as much automation as possible in both detecting and reacting to failure. You can use services like ELB and Amazon Route53 to configure health checks and mask failure by only routing traffic to healthy endpoints. In addition, Auto Scaling can be configured to automatically replace unhealthy nodes. You can also replace unhealthy nodes using the Amazon EC2 auto-recovery feature or services such as AWS OpsWorks and AWS Elastic Beanstalk. It won't be possible to predict every possible failure scenario on day one. Make sure you collect enough logs and metrics to understand normal system behavior. After you understand that, you will be able to set up alarms that trigger automated response or manual intervention. The other options are incorrect: ECR is incorrect. Amazon Elastic Container Registry (ECR) is a Docker container registry that allows developers to store, manage, and deploy Docker container images. Amazon Athena is incorrect. Amazon Athena is an interactive query service that is mainly used to analyze data in Amazon S3 using standard SQL. Amazon EC2 is incorrect. Amazon EC2 is a server-based compute service. Fault tolerance is not built-in, you have to architect for fault tolerance using the services we mentioned above. Additional information: Lambda is a serverless compute service. Serverless computing provides built-in fault tolerance. You don't need to architect for this capability since the services running the application provide it by default.
Which of the following is not a benefit of Amazon S3? (Choose TWO) A.Amazon S3 stores any number of objects, but with object size limits. B. Amazon S3 can be scaled manually to store and retrieve any amount of data from anywhere. C. Amazon S3 provides unlimited storage for any type of data. D. Amazon S3 can run any type of application or backend system E. Amazon S3 provides 99.99999999999% of data durability.
B & D Explanation "Amazon S3 can run any type of application or backend system" is not a benefit of S3 and thus is a correct answer. Amazon S3 is a storage service not a compute service. "Amazon S3 can be scaled manually to store and retrieve any amount of data from anywhere" is not a benefit of S3 and thus is a correct answer. Amazon S3 scales automatically to store and retrieve any amount of data from anywhere. Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere - web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It's a simple storage service that offers highly available, and infinitely scalable data storage infrastructure at very low costs. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry. S3 provides comprehensive security and compliance capabilities that meet even the most stringent regulatory requirements. It gives customers flexibility in the way they manage data for cost optimization, access control, and compliance. S3 provides query-in-place functionality, allowing you to run powerful analytics directly on your data at rest in S3. And Amazon S3 is the most supported cloud storage service available, with integration from the largest community of third-party solutions, systems integrator partners, and other AWS services. Amazon S3 stores any number of objects, but each object does have a size limitation. Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes.
What should you do in order to keep the data on EBS volumes safe? (Choose two) A. Prevent any unauthorized access to AWS data centers B. Create EBS snapshots C. Store a backup daily in an external drive D. Ensure that EBS data is encrypted at rest E. Regularly update firmware on EBS devices
B & D Explanation Creating snapshots of EBS Volumes can help ensure that you have a backup of your EBS volumes just in case any issues arise. Amazon EBS encryption offers a straight-forward encryption solution for your EBS resources that doesn't require you to build, maintain, and secure your own key management infrastructure. Encryption operations occur on the servers that host EC2 instances, ensuring the security of both data-at-rest and data-in-transit between an instance and its attached EBS storage. The other options are incorrect: "Prevent any unauthorized access to AWS data centers" is incorrect. It is the responsibility of AWS to control and restrict access to its data centers. "Store a backup daily in an external drive" is incorrect. To make a backup of your EBS volumes you should use the Snapshot feature. Snapshots can provide a Copy-on-Write Consistency (reflect the exact image of the volume at the point-in-time of the snapshot). "Regularly update firmware on EBS devices" is incorrect. It is the responsibility of AWS to regularly update firmware on hardware devices. Additional information: EBS Snapshots are incremental backups, which means that only the blocks on the device that have changed after your last snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data.
What does the "Principle of Least Privilege" refer to? A. All IAM users should have at least the necessary permissions to access the core AWS services. B. You should grant your users only the permissions they need when they need them and nothing more. C. All trusted IAM users should have access to any AWS service in the respective AWS account. D. IAM users should not be granted any permissions; to keep your account safe.
B. Explanation The principle of least privilege is one of the most important security practices and it means granting users the required permissions to perform the tasks entrusted to them and nothing more. The security administrator determines what tasks users need to perform and then attaches the policies that allow them to perform only those tasks. You should start with a minimum set of permissions and grant additional permissions when necessary. Doing so is more secure than starting with permissions that are too lenient and then trying to tighten them down.
Which of the following AWS security features is associated with an EC2 instance and functions to filter incoming traffic requests?
security groups
The identification process of an online financial services company requires that new users must complete an online interview with their security team. After verifying users' identities, the recorded interviews are only required in the event of a legal issue or a regulatory compliance breach. What is the most cost-effective service to store the recorded videos? A. Amazon EBS B. Amazon Glacier C. AWS Marketplace D. S3 Intelligent-Tiering
B. Explanation Amazon Glacier is an extremely low-cost storage service that provides secure, durable, and flexible storage for long-term data backup and archival. With Amazon Glacier, customers can reliably store their data for as little as $0.004 per gigabyte per month. Amazon Glacier enables customers to offload the administrative burdens of operating and scaling storage to AWS, so that they don't have to worry about capacity planning, hardware provisioning, data replication, hardware failure detection and repair, or time-consuming hardware migrations. The other options are incorrect: "S3 Intelligent-Tiering" is incorrect. S3 Intelligent-Tiering is ideal for data with unknown or changing access patterns. S3 Intelligent-Tiering is the first cloud object storage class that delivers automatic cost savings by moving data between two access tiers — frequent access and infrequent access — when access patterns change. "AWS Marketplace" is incorrect. AWS Marketplace is a curated digital catalog that makes it easy for customers to find, buy, deploy, and manage third-party software and services that customers need to build solutions and run their businesses. AWS Marketplace includes thousands of software listings from popular categories such as security, networking, storage, machine learning, business intelligence, database, and DevOps. AWS Marketplace also simplifies software licensing and procurement with flexible pricing options and multiple deployment methods. Customers can quickly launch pre-configured software with just a few clicks, and choose software solutions in AMI and SaaS formats, as well as other formats. Flexible pricing options include free trial, hourly, monthly, annual, multi-year, and BYOL, and get billed from one source, AWS. "Amazon EBS" is incorrect. Amazon EBS is a block level storage that provides storage volumes for use with Amazon EC2 and Amazon RDS. Amazon EBS is not a cost-effective choice here.
Which service is used to ensure that messages between software components are not lost if one or more components fail? A. Amazon SES B. Amazon SQS C. Amazon Connect D. AWS Direct Connect
B. Explanation Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available. SQS lets you decouple application components so that they run independently, increasing the overall fault tolerance of the system. Multiple copies of every message are stored redundantly across multiple availability zones so that they are available whenever needed. The other options are incorrect: Amazon SES is incorrect. Amazon SES (Amazon Simple Email Service) is a flexible, affordable, and highly-scalable email messaging platform for businesses and developers. Amazon Connect is incorrect. Amazon Connect is a cloud-based contact center service that makes it easy for businesses to deliver customer service at low cost. AWS Direct Connect is incorrect. AWS Direct Connect is a cloud service solution that is used to establish a dedicated network connection between your premises and AWS.
An organization has a large number of technical employees who operate their AWS Cloud infrastructure. What does AWS provide to help organize them in teams and then assign the appropriate permissions for each team? A. AWS Organizations B. IAM Groups C. IAM roles D. IAM users
B. Explanation An IAM group is a collection of IAM users that are managed as a unit. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group. If a new user joins your organization and needs administrator privileges, you can assign the appropriate permissions by adding the user to that group. Similarly, if a person changes jobs in your organization, instead of editing that user's permissions, you can remove him or her from the old groups and add him or her to the appropriate new groups. The other options are incorrect: "IAM role" is incorrect. An IAM role is an IAM identity that you can create in your account that has specific permissions. IAM roles allow you to delegate access (for a limited time) to users or services that normally don't have access to your organization's AWS resources. IAM users or AWS services can assume a role to obtain temporary security credentials that can be used to interact with specific AWS resources. You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources. For example, you might want to grant users in your AWS account access to resources they don't usually have, or grant users in one AWS account access to resources in another account. Or you might want to allow a mobile app to use AWS resources, but not want to embed AWS keys within the app. Sometimes you want to give AWS access to users who already have identities defined outside of AWS, such as in your corporate directory. Or, you might want to grant access to your account to third parties so that they can perform an audit on your resources. For these scenarios, you can delegate access to AWS resources using an IAM role. "IAM users" is incorrect. An IAM user is an entity that you create in AWS to represent the person or application that uses it to directly interact with AWS. A primary use for IAM users is to give people the ability to sign in to the AWS Management Console for interactive tasks and to make programmatic requests to AWS services using the API or CLI. A user in AWS consists of a name, a password to sign into the AWS Management Console, and up to two access keys that can be used with the API or CLI. When you create an IAM user, you grant it permissions by making it a member of a group that has appropriate permission policies attached (recommended), or by directly attaching policies to the user. Additional information: An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone (or any service, application, ...etc) who needs it. Also, a role does not have standard long-term credentials such as a password or access keys associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session. IAM roles are meant to be assumed by authorized entities, such as IAM users, applications, or an AWS service such as EC2. "AWS Organizations" is incorrect. AWS Organization helps you to centrally manage billing; control access, compliance, and security; and share resources across multiple AWS accounts.
Which of the following is an example of horizontal scaling in the AWS Cloud? A. Increasing the computing capacity of a single EC2 instance to address the growing demands of an application B. Adding more EC2 instances to handle an in crease in trafficc. C. Adding more RAM capacity to an EC2 instance. D. Replacing an existing EC2 instance with a larger, more powerful one.
B. Explanation Horizontal Scaling: Scaling horizontally takes place through an increase in the number of resources (e.g., adding more hard drives to a storage array or adding more servers to support an application). This is a great way to build Internet-scale applications that leverage the elasticity of cloud computing. Vertical Scaling: Scaling vertically takes place through an increase in the specifications of an individual resource (e.g., upgrading a server with a larger hard drive, adding more memory, or provisioning a faster CPU). On Amazon EC2, this can easily be achieved by stopping an instance and resizing it to an instance type that has more RAM, CPU, I/O,or networking capabilities. This way of scaling can eventually hit a limit and it is not always a cost efficient or highly available approach. However, it is very easy to implement and can be sufficient for many use cases especially as a short term solution. Additional information: Vertical-scaling is often limited to the capacity constraints of a single machine, scaling beyond that capacity often involves downtime and comes with an upper limit. With horizontal-scaling it is often easier to scale dynamically by adding more machines in parallel. Hence, in most cases, horizontal-scaling is recommended over vertical-scaling. The other options are incorrect: All other options are examples of Vertical Scaling.
AWS allows users to manage their resources using a web based user interface. What is the name of this interface? A. AWS CLI B. AWS Management Console C. AWS API D. AWS SDK
B. Explanation The AWS Management Console allows you to access and manage Amazon Web Services through a simple and intuitive web-based user interface. You can also use the AWS Console mobile app to quickly view resources on the go. The other options are incorrect: AWS CLI is incorrect. The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. AWS SDK is incorrect. The AWS SDK (Software Development Kit) allows you to interact with AWS services using your preferred programming language. AWS API is incorrect. AWS API refers to the AWS application programming interface.
Using Amazon RDS falls under the shared responsibility model. Which of the following are customer responsibilities? (Choose TWO)
Building the relational database schema & Managing the database settings
What does AWS Snowball provide? (Choose TWO)
Built-in-computing capabilities that allow customers to process data locally Secure transfer of large amounts of data into and out of the AWS Cloud
What is the minimum level of AWS support that provides 24x7 access to technical support engineers via phone and chat?
Business support
One of the most important AWS best-practices to follow is the cloud architecture principle of elasticity. How does this principle improve your architecture's design?
By automatically provisioning the required AWS resources based on changes in demand
A customer spent a lot of time configuring a newly deployed Amazon EC2 instance. After the workload increases, the customer decides to provision another EC2 instance with an identical configuration. How can the customer achieve this?
By creating an AMI from the old instance and launching a new instance from it
A customer spent a lot of time configuring a newly deployed Amazon EC2 instance. After the workload increases, the customer decides to provision another EC2 instance with an identical configuration. How can the customer achieve this?
By creating an AMI from the old instance and launching a new instance from it
How can you view the distribution of AWS spending in one of your AWS accounts?
By using AWS Cost Explorer
You have discovered that some AWS resources are being used in malicious activities that could compromise your data. What should you do? A. Contact the AWS Concierge team B. Contact the AWS Security team C. Contact the AWS Abuse team D. Contact the AWS Customer Service team
C Explanation The AWS Abuse team can assist you when AWS resources are being used to engage in the following types of abusive behavior: I. Spam: You are receiving unwanted emails from an AWS-owned IP address, or AWS resources are being used to spam websites or forums. II. Port scanning: Your logs show that one or more AWS-owned IP addresses are sending packets to multiple ports on your server, and you believe this is an attempt to discover unsecured ports. III. Denial of service attacks (DOS): Your logs show that one or more AWS-owned IP addresses are being used to flood ports on your resources with packets, and you believe this is an attempt to overwhelm or crash your server or software running on your server. IV. Intrusion attempts: Your logs show that one or more AWS-owned IP addresses are being used to attempt to log in to your resources. V. Hosting objectionable or copyrighted content: You have evidence that AWS resources are being used to host or distribute illegal content or distribute copyrighted content without the consent of the copyright holder. VI. Distributing malware: You have evidence that AWS resources are being used to distribute software that was knowingly created to compromise or cause harm to computers or machines on which it is installed. The other options are incorrect: "Contact the AWS Security team" is incorrect. The AWS Security team is responsible for the security of services offered by AWS. "Contact the AWS Concierge team" is incorrect. The AWS Concierge team can assist you with the issues that are related to your billing and account management. "Contact the AWS Customer Service team" is incorrect. The AWS Customer Service team is at the forefront of this transformational technology assisting a global list of customers that are taking advantage of a growing set of services and features to run their mission-critical applications. The team helps AWS customers understand what Cloud Computing is all about, and whether it can be useful for their business needs.
You have deployed your application on multiple Amazon EC2 instances. Your customers complain that sometimes they can't reach your application. Which AWS service allows you to monitor the performance of your EC2 instances to assist in troubleshooting these issues? A. AWS Config B. AWS Lambda C. Amazon CloudWatch D. AWS CloudTrail
C Explanation Amazon CloudWatch is a service that monitors AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate. You can use CloudWatch to detect anomalous behavior in your environments, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly. The other options are incorrect: AWS Config is incorrect. AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. With AWS Config you can discover existing AWS resources, export a complete inventory of your AWS resources with all configuration details, and determine how a resource was configured at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting. AWS CloudTrail is incorrect. AWS CloudTrail is an AWS service that can be used to monitor all user interactions with the AWS environment. AWS Lambda is incorrect. AWS Lambda is a serverless compute service.
What are the benefits of having infrastructure hosted in AWS? (Choose two) A. There is no need to worry about security B. Gaining complete control over the physical infrastructure C. All of the physical security and most of the data/network security are taken care of for you D. Competitive upfront costs E. Increase speed and agility
C & E Explanation All of the physical security are taken care of for you. Amazon data centers are surrounded by three physical layers of security. "Nothing can go in or out without setting off an alarm". It's important to keep bad guys out, but equally important to keep the data in which is why Amazon monitors incoming gear, tracking every disk that enters the facility. And "if it breaks we don't return the disk for warranty. The only way a disk leaves our data center is when it's confetti." Most (not all) data and network security are taken care of for you. When we talk about the data/network security, AWS has a "shared responsibility model" where AWS and the customer share the responsibility of securing them. For example the customer is responsible for creating rules to secure his network traffic using the security groups and is also responsible for protecting data with encryption. "Increase speed and agility" is also a correct answer because in a cloud computing environment, new IT resources are only a click away, which means it requires less time to make those resources available to developers - from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower. The other options are incorrect: "Gaining complete control over the physical infrastructure" is incorrect. The Physical infrastructure is a responsibility of AWS, not the customer. Competitive upfront costs" is incorrect. In AWS, most of the services are available with no upfront costs as it follows the pay-as-you-go pricing. AWS allows you to pay upfront for some services to get more discounts, but you have the choice to pay upfront or pay as you go. By contrast, traditional IT providers require you to pay upfront for all of their services. "There is no need to worry about security" is incorrect. As mentioned above, security is a shared responsibility between AWS and the customer. For example, the customer has to manage who can access and use AWS resources using the IAM service.
Which service provides DNS in the AWS cloud? A. Amazon CloudFront B. AWS Config C. Route 52 D. Amazon EMR
C. Explanation Amazon Route 53 is a global service that provides highly available and scalable Domain Name System (DNS) services, domain name registration, and health-checking web services. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like example.com into the numeric IP addresses, such as 192.0.2.1, that computers use to connect to each other. Route 53 also simplifies the hybrid cloud by providing recursive DNS for your Amazon VPC and on-premises networks over AWS Direct Connect or AWS VPN. The other options are incorrect: Amazon EMR is incorrect. EMR is used to process vast amounts of data easily and securely. Use cases include: big data,log analysis, web indexing, data transformations (ETL), machine learning, financial analysis, scientific simulation, and bioinformatics. AWS Config is incorrect. AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. Amazon CloudFront is incorrect. Amazon CloudFront gives businesses and web application developers an easy and cost effective way to distribute content globally with low latency and high data transfer speeds.
Adjusting compute capacity dynamically to reduce cost is an implementation of which AWS cloud best practice? A. Parallelize tasks B. Build security in every layer C. Implement elasticity D. Adopt monolithic architecture
C. Explanation In the traditional data center-based model of IT, once infrastructure is deployed, it typically runs whether it is needed or not, and all the capacity is paid for, regardless of how much it gets used. In the cloud, resources are elastic, meaning they can instantly grow ( to maintain performance) or shrink ( to reduce costs). The other options are incorrect. "Adopt monolithic architecture" is incorrect. AWS recommends adopting microservices architecture, not monolithic architecture. With monolithic architectures, application components are tightly coupled and run as a single service. With a microservices architecture, an application is built as loosely coupled components. Benefits of microservices architecture include: 1- Microservices allow each service to be independently scaled to meet demand for the application feature it supports. 2- Teams are empowered to work more independently and more quickly. 3- Microservices enable continuous integration and continuous delivery, making it easy to try out new ideas and to roll back if something doesn't work. 4- Service independence increases an application's resistance to failure. In a monolithic architecture, if a single component fails, it can cause the entire application to fail. With microservices, applications handle total service failure by degrading functionality and not crashing the entire application. "Parallelize tasks" is incorrect. An example of parallelization is when you use a load balancer to distribute the incoming requests across multiple asynchronous instances or when you use the AWS multipart upload to upload large objects in parts. Adjusting capacity up or down based on demand defines the AWS Cloud elasticity not the parallelization. "Build Security in every layer" is incorrect. This option is related to security.
Which of the below is a best-practice when designing solutions on AWS? A. Invest heavily in architecting your environment, as it is not easy to change your design later. B. Provision a large compute capacity to handle any spikes in load. C. Automate wherever possible to make architectural experimentation easier. D. Use AWS reservations to reduce costs when testing your production environment.
C. Explanation The Well-Architected Framework identifies a set of general design principles to facilitate good design in the cloud: 1- Stop guessing your capacity needs: Eliminate guessing about your infrastructure capacity needs. When you make a capacity decision before you deploy a system, you might end up sitting on expensive idle resources or dealing with the performance implications of limited capacity. With cloud computing, these problems can go away. You can use as much or as little capacity as you need, and scale up and down automatically. 2- Test systems at production scale: In the cloud, you can create a production-scale test environment on demand, complete your testing, and then decommission the resources. Because you only pay for the test environment when it's running, you can simulate your live environment for a fraction of the cost of testing on premises. 3- Automate to make architectural experimentation easier: Automation allows you to create and replicate your systems at low cost and avoid the expense of manual effort. You can track changes to your automation, audit the impact, and revert to previous parameters when necessary. 4- Allow for evolutionary architectures: Allow for evolutionary architectures. In a traditional environment, architectural decisions are often implemented as static, one-time events, with a few major versions of a system during its lifetime. As a business and its context continue to change, these initial decisions might hinder the system's ability to deliver changing business requirements. In the cloud, the capability to automate and test on demand lowers the risk of impact from design changes. This allows systems to evolve over time so that businesses can take advantage of innovations as a standard practice. 5- Drive architectures using data: In the cloud you can collect data on how your architectural choices affect the behavior of your workload. This lets you make fact-based decisions on how to improve your workload. Your cloud infrastructure is code, so you can use that data to inform your architecture choices and improvements over time. 6- Improve through game days: Test how your architecture and processes perform by regularly scheduling game days to simulate events in production. This will help you understand where improvements can be made and can help develop organizational experience in dealing with events. The other options are incorrect: "Provision a large compute capacity to handle any spikes in load" is incorrect. Instead of provisioning a large compute capacity to handle the spikes in load, it is recommended to use the AWS Auto Scaling service to add or remove instances based on demand. The AWS Auto Scaling service allows you to automatically provision new resources to meet demand and maintain performance. When demand drops, AWS Auto Scaling will automatically remove any excess resource capacity, so you avoid overspending. "Use AWS reservations to reduce costs when testing your production environment" is incorrect. Reservations in AWS are not an appropriate choice when you need to test your production environment, AWS reservations have a minimum term of one year. "Invest heavily in architecting your environment, as it is not easy to change your design later" is incorrect. In AWS, you can test and provision your resources on-demand and pay only for what you use with no long-term contracts. This enables you to make any changes you want in your architecture design at any time without any risks.
An organization has decided to purchase an Amazon EC2 Reserved Instance (RI) for three years in order to reduce costs. It is possible that the application workloads could change during the reservation period. What is the EC2 Reserved Instance (RI) type that will allow the company to exchange the purchased reserved instance for another reserved instance with higher computing power if they need to?
Convertible RI
Ensuring compliance is a key priority for most businesses. Which of the following AWS services will help them achieve this?
CloudTrail
Which of the following services will help businesses ensure compliance in AWS?
CloudTrail
A company has discovered that multiple S3 buckets were deleted, but it is unclear who deleted the buckets. Which of the following can the company use to determine the identity that deleted the buckets?
Cloudtrail logs
Which of the following enables you to monitor and collect log files from your Amazon EC2 instances?
Cloudwatch Logs
Select TWO examples of the AWS shared controls.
Configuration Management Patch management
A startup company is operating on limited funds and is extremely concerned about cost overruns. Which of the below options can be used to notify the company when their monthly AWS bill exceeds $2000? (Choose TWO) Configure AWS CloudTrail to automatically delete all AWS resources when the threshold is exceeded
Configure the AWS Budgets Service to alert the company when the threshold is exceeded Setup a CloudWatch billing alarm that triggers an SNS notification when the threshold is exceeded
You have AWS Basic support, and you have discovered that some AWS resources are being used maliciously, and those resources could potentially compromise your data. What should you do?
Contact the AWS abuse team
Sarah has deployed an application in the Northern California (us-west-1) region. After examining the application's traffic she notices that about 30% of the traffic is coming from Asia. What can she do to reduce latency for the users in Asia?
Create a CDN using CloudFront, so that content is cached at Edge locations close to and in Asia
Based on the AWS Shared Responsibility Model which of the following are the sole responsibility of AWS? (Choose TWO)
Creating hypervisors & Hardware maintenance
Your company is developing a critical web application in AWS and the security of the application is one of the top priorities. Which of the following AWS services will provide infrastructure security optimization recommendations? A. AWS Shield B. AWS Management Console C. Amazon Aurora D. AWS Trusted Advisor
D Explanation AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. AWS Trusted Advisor offers a rich set of best practice checks and recommendations across five categories: cost optimization; security; fault tolerance; performance; and service limits. AWS Trusted Advisor improves the security of your application by closing gaps, enabling various AWS security features, and examining your permissions. The core security checks include: (Important) 1- Security Groups - Specific Ports Unrestricted. Checks security groups for rules that allow unrestricted access to specific ports. Unrestricted access increases opportunities for malicious activity (hacking, denial-of-service attacks, loss of data). 2- Amazon S3 Bucket Permissions. Checks buckets in Amazon Simple Storage Service (Amazon S3) that have open access permissions. Bucket permissions that grant List access to everyone can result in higher than expected charges if objects in the bucket are listed by unintended users at a high frequency. Bucket permissions that grant Upload/Delete access to everyone create potential security vulnerabilities by allowing anyone to add, modify, or remove items in a bucket. This check examines explicit bucket permissions and associated bucket policies that might override the bucket permissions. 3- MFA on Root Account. Checks the root account and warns if multi-factor authentication (MFA) is not enabled. For increased security, AWS recommends that you protect your account by using MFA, which requires a user to enter a unique authentication code from their MFA hardware or virtual device when interacting with the AWS console and associated websites. The other options are incorrect: "AWS Shield" is incorrect. AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. "AWS Management Console" is incorrect. The AWS Management Console is used to access and manage Amazon Web Services through a simple and intuitive web-based user interface. The console itself doesn't provide any recommendations. "Amazon Aurora" is incorrect. Amazon Aurora is a database service.
What does AWS Snowball provide? A. A catalog of third party software solutions that customers need to build solutions and run their businesses B. An Exabyte-scale data transfer service that allows you to move extremely large amounts of data to AWS C. A hybrid cloud storage between on-premises environments and the AWS Cloud D. Secure transfer of large amounts of data into and out of AWS Cloud
D Explanation Snowball is a petabyte-scale data transport solution that uses devices designed to be secure to transfer large amounts of data into and out of the AWS Cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. Customers today use Snowball to migrate analytics data, genomics data, video libraries, image repositories, backups, and to archive part of data center shutdowns, tape replacement or application migration projects. Transferring data with Snowball is simple, fast, more secure, and can be as little as one-fifth the cost of transferring data via high-speed Internet. The other options are incorrect: "A catalog of third-party software solutions that customers need to build solutions and run their businesses" is incorrect. AWS Marketplace is the service that provides this catalog. AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS. AWS Marketplace includes software listings from categories such as security, networking, storage, machine learning, business intelligence, database, and DevOps. "A hybrid cloud storage between on-premises environments and the AWS Cloud" is incorrect. AWS Storage Gateway is the service that enables your on-premises applications to seamlessly use AWS cloud storage. "An Exabyte-scale data transfer service that allows you to move extremely large amounts of data to AWS" is incorrect. AWS Snowmobile is the exabyte-scale data migration service that allows you to move very large datasets from on-premises to AWS.
You are working on a project that involves creating thumbnails of millions of images; however, consistent uptime is not really an issue, and continuous processing is not required. Which type of EC2 buying option would be the most cost-effective? A. Dedicated Instances B. On-demand Instances C. Reserved Instances D. Spot Instances
D Explanation Spot instances provide a discount (up to 90%) off the On-Demand price. The Spot price is determined by long-term trends in supply and demand for EC2 spare capacity. If the Spot price exceeds the maximum price you specify for a given instance or if capacity is no longer available, your instance will automatically be interrupted. Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if you don't mind if your applications get interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks. The other options are incorrect: "Reserved instances" is incorrect. Reserved instances are recommended for Customers that can commit to using EC2 over a 1 or 3-year term to reduce their total computing costs. Even if the project will last for more than a year, the cost-benefit for acquiring Reserved Instances is not as great as the cost-benefit from using Spot Instances. The Spot option provides the largest discount (up to 90%). "On-demand instances" is incorrect. On-demand instances are significantly less cost-effective than spot instances. "Dedicated instances" is incorrect. Dedicated instances are used when you need your instances to be physically isolated at the host hardware level from instances that belong to other AWS accounts. Dedicated instances are significantly more expensive than Spot Instances
You want to run a questionnaire application for only one day (without interruption), which Amazon EC2 purchase option should you use? A. Reserved instances B. Spot instances C. Dedicated instances D.On demand instances
D Explanation With On-Demand instances, you pay for compute capacity by the hour with no long-term commitments. You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified hourly rate for the instances you use. The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. On-Demand instances also remove the need to buy "safety net" capacity to handle periodic traffic spikes. The other options are incorrect: "Reserved instances" is incorrect. Reserved instances are not appropriate in this case because the shortest reservation length is one year. "Spot instances" is incorrect. Spot instances is not the right choice because the application must run without interruption. "Dedicated instances" is incorrect. Dedicated instances can be used if you require your instance be physically isolated at the host hardware level from instances that belong to other AWS accounts.
You have set up consolidated billing for several AWS accounts. One of the accounts has purchased a number of reserved instances for 3 years. Which of the following is true regarding this scenario? A. The purchased instances will have better performance than On demand instances B. There are no cost benefits from using Consolidated billing; It is for informational purposes only. C. The Reserved Instance discounts can only be shared with the master account D. All accounts can receive the hourly cost benefit of the Reserve Instances
D For billing purposes, the consolidated billing feature of AWS Organizations treats all the accounts in the organization as one account. This means that all accounts in the organization can receive the hourly cost benefit of Reserved Instances that are purchased by any other account. For example, Suppose that Fiona and John each have an account in an organization. Fiona has five Reserved Instances of the same type, and John has none. During one particular hour, Fiona uses three instances and John uses six, for a total of nine instances on the organization's consolidated bill. AWS bills five instances as Reserved Instances, and the remaining four instances as On-demand instances. The other options are incorrect: "The purchased instances will have better performance than On-demand instances" is incorrect. There is no difference in performance between On-demand and Reserved instances of the same type. "The Reserved Instance discounts can only be shared with the master account" is incorrect. The Reserved Instance discounts can be shared with all accounts in the organization. "There are no cost benefits from using Consolidated billing; It is for informational purposes only" is incorrect. With Consolidated Billing, you can combine the usage across all accounts in the organization to share the Reserved Instance discounts, volume pricing discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts.
One of the most important AWS best-practices to follow is the cloud architecture principle of elasticity. How does following this principle improve your architecture's design? A. By automatically scaling your on-premises resources based on changes in demand B. By automatically scaling your AWS resources using Elastic Load Balancer C. By reducing inter-dependencies between application components wherever possible D. By automatically provisioning the required AWS resources based on changes in demand
D Explanation Before cloud computing, you had to overprovision infrastructure to ensure you had enough capacity to handle your business operations at the peak level of activity. Now, you can provision the amount of resources that you actually need, knowing you can instantly scale up or down with the needs of your business. This reduces costs and improves your ability to meet your users' demands. The concept of Elasticity involves the ability of a service to automatically scale its resources up or down based on changes in demand. For example, Amazon EC2 Autoscaling can help automate the process of adding or removing Amazon EC2 instances as demand increases or decreases. The other options are incorrect: "By reducing interdependencies between application components wherever possible" is incorrect. Reducing interdependencies between application components is much more related to the concept of "Loose Coupling". Loose coupling is an approach that involves interconnecting the components in a system or network so that those components depend on each other to the least extent practical. Engineers should architect their system or application such that failure in one component does not negatively affect other components. Loosely coupled components make the system resilient and allow it to recover gracefully from failure. "By automatically scaling your on-premises resources based on changes in demand" is incorrect. It is not possible to scale on-premises resources automatically. When deploying on-premises, you have to guess on your infrastructure capacity needs. "By automatically scaling your AWS resources using the Elastic Load Balancer" is incorrect. Elastic Load Balancers do not scale resources. Elastic Load Balancers distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions.
Which of the following helps a customer delve deep into the Amazon EC2 billing activity for the past month? A. AWS Budgets B. AWS Systems Manager C. AWS TCO D. AWS Cost & Usage Reports
D Explanation The AWS Cost & Usage Report is your one-stop shop for accessing the most detailed information available about your AWS costs and usage.The AWS Cost & Usage Report lists AWS usage for each service category used by an account and its IAM users in hourly or daily line items, as well as any tags that you have activated for cost allocation purposes. The other options are incorrect: "AWS TCO" is incorrect. The TCO (Total Cost of Ownership) Calculator allows customers to evaluate the savings from using AWS and compare an AWS Cloud environment to on-premises and co-location environments. The TCO calculator matches your current infrastructure to the most cost-effective AWS offering. This tool considers all the costs to run a solution, including physical facilities, power, and cooling, to provide a realistic, end-to-end comparison of your costs. "AWS Systems Manager" is incorrect. AWS Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. "AWS Budgets" is incorrect. AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.
A company has moved to AWS recently. Which of the following would help them ensure that the right security settings are put in place? (Choose two) A. Amazon CloudWatch B. Concierge Support Team C. Amazon SNS D. AWS Trusted Advisor E. Amazon Inspector
D & E Explanation Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of a detailed assessment report which is available via the Amazon Inspector console or API. To help get started quickly, Amazon Inspector includes a knowledge base of hundreds of rules mapped to common security best practices and vulnerability definitions. Examples of built-in rules include checking for remote root login being enabled, or vulnerable software versions installed. These rules are regularly updated by AWS security researchers. AWS Trusted Advisor offers a rich set of best practice checks and recommendations across five categories: cost optimization; security; fault tolerance; performance; and service limits. Like your customized cloud security expert, AWS Trusted Advisor analyzes your AWS environment and provides security recommendations to protect your AWS environment. The service improves the security of your applications by closing gaps, examining permissions, and enabling various AWS security features. The other options are incorrect: "Amazon SNS" is incorrect. Amazon SNS is a pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. "Concierge Support Team" is incorrect. The AWS Concierge Support Team is a specialized offering available only to customers having an Enterprise Support subscription. The Concierge Team assists customers with their billing and account inquiries. "Amazon CloudWatch" is incorrect. Amazon CloudWatch is used to monitor the utilization of AWS resources and services. You can use CloudWatch to visualize system metrics, take automated actions, troubleshoot performance issues, discover insights to optimize your applications, and ensure they are running smoothly.
Which of the below options are related to the reliability of AWS? (Choose two) A. All AWS services are considered Global Services, and this design helps customers serve their international users B. Providing compensation to customers if issues occur C. Applying the principle of least privilege to all of its resources D. Automatically provisioning new resources to meet demand E. Ability to recover quickly from failures
D & E Explanation The reliability term encompasses the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. The automatic provisioning of resources and the ability to recover from failures meet these criteria. The other options are incorrect: "Applying the principle of least privilege to all of its resources" is incorrect. Principle of least privilege is a security concept related to access management. "Providing compensation to customers if issues occur" is incorrect. AWS generally does not provide compensation to customers if issues occur and doing so has nothing to do with reliability. "All AWS services are considered Global Services, and this design helps customers serve their international users" is incorrect. AWS services are either Global, Regional or specific to an Availability Zone. Among all the services that AWS offers, only a few of them are considered global services. Examples of AWS global services include: Amazon CloudFront, AWS Identity and Access Management and Amazon Route 53. This answer is incorrect because NOT ALL AWS Services are Global.
A company complains that they are wasting a lot of money on underutilized compute resources in AWS. Which AWS feature should they use to ensure that their applications are automatically adding/removing compute capacity to closely match the required demand? A. AWS Elastic Load Balancer B. AWS Cost Explorer C. AWS Budgets D. AWS Auto Scaling
D. Explanation Auto scaling is the feature that automates the process of adding/removing the server capacity (based on demand). Autoscaling allows you to reduce your costs by automatically turning off resources that aren't in use. On the other hand, Autoscaling ensures that your application runs effectively by provisioning more server capacity if required. The other options are incorrect: "AWS Budgets" is incorrect. AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. "AWS Elastic Load Balancer" is incorrect. AWS Elastic Load Balancer (ELB) is a service that distributes the incoming application traffic to multiple targets that you define. "AWS Cost Explorer" is incorrect. AWS Cost Explorer provides an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time.
As part of the Enterprise support plan, who is the primary point of contact for ongoing support needs? A. IEM B. IAM C. EFS D. TAM
D. Explanation For Enterprise-level customers, a TAM (Technical Account Manager) provides technical expertise for the full range of AWS services and obtains a detailed understanding of your use case and technology architecture. TAMs work with AWS Solution Architects to help you launch new projects and give best practices recommendations throughout the implementation life cycle. Your TAM is the primary point of contact for ongoing support needs, and you have a direct telephone line to your TAM. The other options are incorrect: IEM is incorrect. AWS Infrastructure Event Management (IEM) is a structured program available to Enterprise Support customers (and Business Support customers for an additional fee) that helps you plan for large-scale events such as product or application launches, infrastructure migrations, and marketing events. With Infrastructure Event Management, you get strategic planning assistance before your event, as well as real-time support during these moments that matter most for your business. IAM is incorrect. IAM refers to the AWS Identity and Access Management service. EFS is incorrect. EFS refers to the Amazon Elastic File System service.
Which service provides object-level storage in AWS? A. Amazon EFS B. Amazon Instance Store C. Amazon EBS D. Amazon S3
D. Explanation Amazon S3 is an object level storage built to store and retrieve any amount of data from anywhere - web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry. The other options are incorrect: "Amazon EFS" is incorrect. Amazon EFS is a file-level storage technology that provides massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistently low latencies. "Amazon EBS" is incorrect. Amazon EBS is a block-level storage that provides storage volumes for use with Amazon EC2 and Amazon RDS instances. "Amazon Instance Store" is incorrect. An instance store provides temporary block-level storage for your EC2 instances. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content.
Which of the following S3 storage classes is ideal for data with unpredictable access patterns? A. Amazon S3 Glacier B. Amazon S3 Standard C. Amazon S3 Standard-Infrequent Access D. Amazon S3 Intelligent - Tiering
D. Explanation The S3 Intelligent-Tiering storage class is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. It works by storing objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. For a small monthly monitoring and automation fee per object, Amazon S3 monitors access patterns of the objects in S3 Intelligent-Tiering, and moves the ones that have not been accessed for 30 consecutive days to the infrequent access tier. If an object in the infrequent access tier is accessed, it is automatically moved back to the frequent access tier. There are no retrieval fees when using the S3 Intelligent-Tiering storage class, and no additional tiering fees when objects are moved between access tiers. It is the ideal storage class for long-lived data with access patterns that are unknown or unpredictable. The other options are incorrect: "Amazon S3 Standard" is incorrect. S3 Standard offers high durability, availability, and performance object storage for frequently accessed data. "Amazon S3 Standard-Infrequent Access" is incorrect. Amazon S3 Standard-Infrequent Access (S3 Standard-IA) is for data that is accessed less frequently, but requires rapid access when needed. "Amazon S3 Glacier" is incorrect. S3 Glacier is a low-cost storage class for data archiving.
A company has decided to migrate its Oracle database to AWS. Which AWS service can help achieve this without negatively impacting the functionality of the source database? A. AWS OpsWorks B. AWS Application Discovery Service C. AWS Server Migration Service D. AWS Database Migration Service
D. Explanation AWS Database Migration Service (DMS) helps you migrate databases to AWS easily and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases. The service supports homogeneous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle to Amazon Aurora or Microsoft SQL Server to MySQL. It also allows you to stream data to Amazon Redshift from any of the supported sources including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, SAP ASE, and SQL Server, enabling consolidation and easy analysis of data in the petabyte-scale data warehouse. AWS Database Migration Service can also be used for continuous data replication with high availability. The other options are incorrect: "AWS OpsWorks" is incorrect. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. "AWS Server Migration Service" is incorrect. AWS Server Migration Service (SMS) is used to migrate your on-premises workloads to AWS. "AWS Application Discovery Service" is incorrect. AWS Application Discovery Service helps enterprise customers plan migration projects by gathering information about their on-premises data centers.
Your application has recently experienced significant global growth, and international users are complaining of high latency. What is the AWS characteristic that can help improve your international users' experience?
Global Reach
What should you do in order to keep the data on EBS volumes safe? (Choose TWO)
Date encrypted Create snapshots
Which of the below is a best-practice when building applications on AWS?
Decouple the components of the application so that they run independently
Which of the following EC2 instance purchasing options supports the Bring Your Own License (BYOL) model for almost every BYOL scenario?
Dedicated Hosts
Which of the following EC2 instance purchasing options supports the Bring Your Own License (BYOL) model for almost every BYOL scenario?
Dedicated hosts
A company needs to migrate their website from on-premises to AWS. Security is a major concern for them, so they need to host their website on hardware that is NOT shared with other AWS customers. Which of the following EC2 instance options meets this requirement?
Dedicated instances
A company has business critical workloads hosted on AWS and they are unwilling to accept any downtime. Which of the following is a recommended best practice to protect their workloads in the event of an unexpected natural disaster?
Deploy AWS Resources to another AWS Region and implement an Active-Active disaster recovery strategy
A company has business critical workloads hosted on AWS and they are unwilling to accept any downtime. Which of the following is a recommended best practice to protect their workloads in the event of an unexpected natural disaster?
Deploy AWS resources to another AWS Region to implement an Active-Active disaster recovery strategy
A company has developed an eCommerce web application in AWS. What should they do to ensure that the application has the highest level of availability?
Deploy the application acrosss multiple Regions and Availability Zones
What does the AWS Personal Health Dashboard provide? (Choose TWO)
Detailed troubleshooting guidance to address the AWS events impacting your resources Personalised view of AWS service health
How are AWS customers billed for Linux-based Amazon EC2 usage?
EC2 instances will be billed on one second increments, with a minimum of one minute
What do you gain from setting up consolidated billing for five different AWS accounts under another master account?
Each AWS account gets volume discounts
AWS has created a large number of Edge Locations as part of its Global Infrastructure. Which of the following is NOT a benefit of using Edge Locations?
Edge Locations are used by CloudFront to distribute across multiple instances to reduce latency.
AWS has created a large number of Edge Locations as part of its Global Infrastructure. Which of the following is NOT a benefit of using Edge Locations?
Edge locations are used by CloudFront to distribute traffic across multiple instances to reduce latency
The principle "design for failure and nothing will fail" is very important when designing your AWS Cloud architecture. Which of the following would help adhere to this principle? (Choose TWO)
Elastic Load Balancing Availability Zones
What are two advantages of using Cloud Computing over using traditional data centers? (Choose TWO)
Eliminate Single Points of Failures (SPOFs) & Distributed Infrastructure
Which of the following activities may help reduce your AWS monthly costs?
Enabling Amazon EC2 Autoscaling for all of your workloads.
Which of the following activities may help reduce your AWS monthly costs?
Enabling Amazon EC2 auto scaling for all your workloads
Which of the following is a benefit of running an application in multiple Availability Zones?
Increases the availability of your application
Which support plan includes AWS Support Concierge Service?
Enterprise Support
Which of the following can be described as a global content delivery network (CDN) service? A. AWS VPN B. Amazon CloudFront C. AWS Direct Connect D. AWS Regions
Explanation Amazon CloudFront is a global content delivery network (CDN) service that gives businesses and web application developers an easy and cost effective way to distribute content (such as videos, data, applications, and APIs) with low latency and high data transfer speeds. Like other AWS services, Amazon CloudFront is a self-service, pay-per-use offering, requiring no long term commitments or minimum fees. With CloudFront, your files are delivered to end-users using a global network of edge locations. CloudFront is integrated with other AWS services such as AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing or Amazon EC2 as origins for your applications, and Lambda@Edge to run custom code close to your viewers. The other options are incorrect: "AWS Direct Connect" is incorrect. AWS Direct Connect allows you to establish a dedicated network connection from your premises to AWS. "AWS Regions" is incorrect. An AWS Region is a physical location in the world where AWS have multiple Availability Zones. Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities. "AWS VPN" is incorrect. AWS Virtual Private Network (AWS VPN) allows you to establish a secure and private tunnel from your network or device to the AWS global network.
Your application has recently experienced significant global growth and international users are complaining of high latency. What is the AWS characteristic that can help improve your international users' experience?
Global Reach
Based on the AWS Shared Responsibility Model which of the following are the sole responsibility of AWS? (Choose TWO)
Hardware Maintenance + Creating Hypervisors
An organization has a large number of technical employees who operate their AWS Cloud infrastructure. What does AWS provide to help organize them into teams and then assign the appropriate permissions for each team?
IAM Groups
Using Amazon EC2 falls under which of the following cloud computing models?
IaaS
Adjusting compute capacity dynamically to reduce cost is an implementation of which AWS cloud best practice?
Implement elasticity
A company is introducing a new product to their customers, and is expecting a surge in traffic to their web application. As part of their Enterprise Support plan, which of the following provides the company with architectural and scaling guidance?
Infrastructure Event Management
What does Amazon ElastiCache provide?
In-memory caching for read-heavy applications
Which of the following will impact the price paid for an EC2 instance? (Choose TWO)
Instance Type + Load Balancing
Which of the following will impact the price paid for an EC2 instance? (Choose TWO)
Instance type+ Load Balancing
One of the advantages to moving infrastructure from an on-premises data center to the AWS Cloud is:
It allows the business to focus on business activities.
What is the AWS Compute service that executes code only when triggered by events?
Lambda
What is the AWS IAM feature that provides an additional layer of security on top of user-name and password authentication?
MFA
Using Amazon RDS falls under the shared responsibility model. Which of the following are customer responsibilities? (Choose TWO)
Managing the database settings and building the relational database schema
What are the Amazon RDS features that can be used to improve the availability of your database? (Choose TWO)
Multi AZ Deployment+Read Replicas
What are the Amazon RDS features that can be used to improve the availability of your database? (Choose TWO)
Multi-AZ Deployment & Read Replicas
Why does every AWS Region contain multiple Availability Zones?
Multiple Availability Zones allows you to build resilient and highly available architectures
Which of the following does NOT belong to the AWS Cloud Computing models?
Networking as a Service (NaaS) (Correct)
A Japanese company hosts their applications on Amazon EC2 instances in the Tokyo Region. The company has opened new branches in the United States, and the US users are complaining of high latency. What can the company do to reduce latency for the users in the US while reducing costs?
New EC2 instance in US region
What is the most cost-effective purchasing option for running a set of EC2 instances that must always be available for a period of two months?
On-demand instances
You want to run a questionnaire application for only one day (without interruption), which Amazon EC2 purchase option should you use?
On-demand instances
Which service provides DNS in the AWS cloud?
Route 53
According to the AWS Acceptable Use Policy, which of the following statements is true regarding penetration testing of EC2 instances?
Penetration testing can be performed by the customer on their own instances without prior authorisation from AWS
According to the AWS Acceptable Use Policy, which of the following statements is true regarding penetration testing of EC2 instances? A. Penetration testing can be performed by the customer on their own instances without prior authorization from AWS B. The AWS customers are only allowed to perform penetration testing on services managed by AWS C. Penetration testing is not allowed in AWS D. Penetration testing is performed automatically by AWS to determine vulnerabilities in your AWS infrastructure
Penetration testing can be performed by the customer on their own instances without prior authorization from AWS Explanation AWS customers are welcome to carry out security assessments and penetration tests against their AWS infrastructure without prior approval for 8 services: 1- Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers. 2- Amazon RDS. 3- Amazon CloudFront. 4- Amazon Aurora. 5- Amazon API Gateways. 6- AWS Lambda and Lambda Edge functions. 7- Amazon Lightsail resources. 8- Amazon Elastic Beanstalk environments. The other options are incorrect. "Penetration testing is performed automatically by AWS to determine vulnerabilities in your AWS infrastructure" is incorrect. The AWS customers are responsible for performing penetration tests against their AWS infrastructure. "Penetration testing is not allowed in AWS" is incorrect. AWS customers are allowed to perform penetration tests against their AWS infrastructure, but they must ensure that their activities are aligned with AWS policies. "The AWS customers are only allowed to perform penetration testing on services managed by AWS" is incorrect. AWS customers are allowed to perform penetration testing on services managed by AWS such as Amazon RDS and on services managed by the AWS customer such as Amazon EC2.
Under the Shared Responsibility Model which of the following controls do customers fully inherit from AWS? (Choose TWO)
Physical + Emotional Controls
Under the Shared Responsibility Model which of the following controls do customers fully inherit from AWS? (Choose TWO)
Physical Controls & Environmental Controls
Which of the following should be considered when performing a TCO analysis to compare the costs of running an application on AWS instead of on-premises?
Physical hardware
What are the benefits of having infrastructure hosted in AWS? (Choose TWO)
Physical security and most data/network security are taken care of for you Increasing speed and agility
According to the AWS Shared responsibility model which of the following are the responsibility of the customer? (Choose TWO)
Protecting the confidentiality of data in transit in Amazon S3 +Patching applications installed in Amazon EC2
What is the advantage of the AWS-recommended practice of "decoupling" applications?
Reduces inter-dependencies so that failures do not impact other components of the application
What is the AWS' recommendation regarding access keys?
Rotate them regularly
What is the AWS service\feature that takes advantage of Amazon CloudFront's globally distributed edge locations to transfer files to S3 with higher upload speeds?
S3 Transfer Acceleration
Which of the following describes the payment model that AWS makes available for customers that can commit to using Amazon EC2 over a one or 3-year term to reduce their total computing costs? A Save when you reserve B Pay less by using more C Pay as you go D Pay less as AWS grows
Save when you reserve
Which of the following is one of the benefits of AWS security?
Scales quickly with your AWS usage
You are working on a project that involves creating thumbnails of millions of images. Consistent uptime is not an issue, and continuous processing is not required. Which EC2 buying option would be the most cost-effective?
Spot Instances
Which of the following can help protect your EC2 instances from DDoS attacks? (Choose TWO)
Security Group and Network Access Control Lists (Network ACLs)
Which of the following AWS security features is associated with an EC2 instance and functions to filter incoming traffic requests?
Security Groups
Which of the following can help protect your EC2 instances from DDoS attacks? (Choose TWO)
Security Groups & Network Access Control Lists (Network ACLs)
In the AWS Shared responsibility Model, which of the following are the responsibility of the customer? (Choose TWO)
Setting password complexity rules Configuring network access rules
A customer is planning to move billions of images and videos to be stored on Amazon S3. The customer has approximately 60 Petabytes of data to move. Which of the following AWS Services is the best choice to transfer the data to AWS?
Snowmobile
Which statement best describes the operational excellence pillar of the AWS Well-Architected Framework?
The ability to monitor systems and improve supporting processes and procedures
Which statement is correct with regards to AWS service limits? (Choose TWO)
You can use the Trusted Advisor to monitor your service limits + You can contact AWS Support to increase the service limits
You are working on two projects that require completely different network configurations. Which AWS service or feature will allow you to isolate resources and network configurations?
Virtual Private Cloud
Which statement is correct with regards to AWS service limits? (Choose TWO)
You can use the AWS Trusted Advisor to monitor your service limits & You can contact AWS Support to increase the service limits
Which of the following is NOT correct regarding Amazon EC2 On-demand instances? A. When using on-demand instances, you are charged per second based on an hourly rate. B. The on demand instances follow the AWS pay as you go pricing model C. With on demand instances, no long term commitments or upfront payments are needed. D. You have to pay a start up fee when launching a new instance for the first time.
You have to pay a start up fee when launching a new instance for the first time. Explanation There are no startup or termination fees associated with Amazon EC2.
What does the "Principle of Least Privilege" refer to?
You should grant your users only the permissions they need when they need them and nothing more
Which of the following is equivalent to a user name and password and is used to authenticate your programmatic access to AWS services and APIs?
access keys
What is the main purpose of using Amazon SWF?
coordinate tasks across distributed application components
Sarah has deployed an application in the Northern California (us-west-1) region. After examining the application's traffic, she notices that about 30% of the traffic is coming from Asia. What can she do to reduce latency for the users in Asia?
create CDN using CloudFront, so that content is cached at Edge Locations close to and in Asia
What does AWS offer to secure your network?
customer controlled encryption in transit
AWS recommends some practices to help organizations avoid unexpected charges on their bill. Which of the following is NOT one of these practices?
deleting unused autoscaling launch configuration
How do ELBs improve the reliability of your application?
ensuring only healthy targets receive traffic
What is the benefit of using an API to access AWS Services?
it allows programmatic management of AWS resources
What does AWS Service Catalog provide?
it simplifies organizing and governing commonly deployed IT services
A company needs to host a database in Amazon RDS for at least three years. Which of the following options would be the most cost-effective solution?
reserved instances - partial upfront
A company is migrating its on-premises database to Amazon RDS. What should the company do to ensure Amazon RDS costs are kept to a minimum?
right size before and after migration
A company is planning to use a number of Amazon EC2 instances for at least one year. Which payment model does AWS make available to reduce their overall EC2 costs?
save when you reserve
Jessica is managing an e-commerce web application in AWS. The application is hosted on six EC2 instances. One day, three of the instances crashed; but none of her customers were affected. What has Jessica done correctly in this scenario?
she has properly built a fault tolerant system
A customer is planning to move billions of images and videos to be stored on Amazon S3. The customer has approximately one Exabyte of data to move. Which of the following AWS Services is the best choice to transfer the data to AWS?
snowmobile
A company has developed a media transcoding application in AWS. The application is designed to recover quickly from hardware failures. Which one of the following types of instance would be the most cost-effective choice to use?
spot instances
How much data can you store in S3?
storage capacity is virtually unlimited
Which statement best describes the operational excellence pillar of the AWS Well-Architected Framework?
the ability to monitor and improve system processes and procedures
When using the AWS TCO tool, what information is required to calculate the potential savings of using AWS vs. on-premises?
the number of on premise virtual machines
Which of the following procedures will help reduce your Amazon S3 costs?
use the right combination of storage classes based on different use cases
What are the default security credentials that are required to access the AWS management console for an IAM user account?
user name and password
A company has decided to migrate its Oracle database to AWS. Which AWS service can help achieve this without negatively impacting the functionality of the source database?
AWS Database Migration Service