Neal exam questions/useful info

AWS Storage Gateway

The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud. The Gateway Virtual Tape Library can be used with popular backup software such as NetBackup, Backup Exec and Veeam. Uses a virtual media changer and tape drives.

AWS Concierge

The Concierge Support Team is available for customer who have an Enterprise level support plan. This team does not launch resources for you.

aws vpn

"Use AWS Client VPN" as this service allows end users to connect to AWS using a VPN client. References:

amazon efs

The Elastic File System (EFS) is used for storing data and is mounted by EC2 instances.

Amazon Cognito

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 and OpenID Connect.

Amazon Detective

Amazon Detective automatically processes terabytes of event data records about IP traffic, AWS management operations, and malicious or unauthorized activity.

auto scaling

Amazon EC2 Auto Scaling scales horizontally by adding launching and terminating EC2 instances based on actual demand for your application.

NAT Gateway

A NAT gateway is used for outbound internet access for instances running in a private subnet.

NACL

A Network ACL-network access control list is a firewall that is associated with a subnet within your VPC. It is used to filter the network traffic that enters and exits the subnet.

virutal private gateway

A VGW is used for IPSec VPN connections to access a VPC.

A company plans to deploy a relational database on AWS. The IT department will perform database administration. Which service should the company use?

A self-managed relational database can be installed on Amazon EC2. When using this deployment you can choose the operating system and instance type that suits your needs and then install and manage any database software you require. The table below helps you to understand when to use different types of database deployment:

Dedicated Hosts

Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2, so that you get the flexibility and cost effectiveness of using your own licenses, but with the resiliency, simplicity and elasticity of AWS. An Amazon EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate compliance requirements.

automations

AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.

AWS CloudHSM (Hardware Security Module)

AWS CloudHSM is a cloud-based hardware security module (HSM) that allows you to easily add secure key storage and high-performance crypto operations to your AWS applications. CloudHSM has no upfront costs and provides the ability to start and stop HSMs on-demand, allowing you to provision capacity when and where it is needed quickly and cost-effectively. CloudHSM is a managed service that automates time-consuming administrative tasks, such as hardware provisioning, software patching, high availability, and backups.

AWS Config

AWS Config keeps track of all changes to your resources by invoking the Describe or the List API call for each resource in your account. The service uses those same API calls to capture configuration details for all related resources. AWS Config also tracks the configuration changes that were not initiated by the API. AWS Config examines the resource configurations periodically and generates configuration items for the configurations that have changed. You can configure alerts to let team members know if resource configurations have changed. AWS Config can send notifications using Amazon SNS topics.

AWS Control Tower

AWS Control Tower provides the easiest way to set up and govern a secure, multi-account AWS environment, called a landing zone. This is a governance service and is not related to Identity and Access Management.

AWS Pipeline

AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services

AWS Fargate

AWS Fargate is a serverless, pay-as-you-go compute engine that lets you focus on building applications without managing servers. It does not reference Identity and Access management.

aws lmabda

AWS Lambda is a serverless technology that lets you run code in response to events as functions

AWS Outposts

AWS Outposts is a fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility for a truly consistent hybrid experience. With AWS Outposts you can extend your VPC into the on-premises data center as in the following diagram:

AWS Systems Manager

AWS Systems Manager gives you visibility and control of your infrastructure on AWS.

What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions?

AWS Transit Gateway is a service that enables customers to connect their Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway.With AWS Transit Gateway, you only have to create and manage a single connection from the central gateway into each Amazon VPC, on-premises data center, or remote office across your network. Transit Gateway acts as a hub that controls how traffic is routed among all the connected networks which act like spokes.

AWS Trusted Advisor

AWS Trusted Advisor can improve the performance of your service by checking your service limits, ensuring you take advantage of provisioned throughput, and monitoring for overutilized instances. AWS Trusted Advisor checks security groups for rules that allow unrestricted access (0.0.0.0/0) to specific ports. Unrestricted access increases opportunities for malicious activity (hacking, denial-of-service attacks, loss of data). The ports with highest risk are flagged red, and those with less risk are flagged yellow. Ports flagged green are typically used by applications that require unrestricted access, such as HTTP and SMTP. Access to the ports on an Amazon EC2 instance is controlled through security groups. AWS Trusted Advisor scans the security groups in your account to see if any security groups allow unrestricted access to any ports. This information is then presented to you in the console and you can then act on this information to secure the ports through editing the rules in the security group.

aws CloudWatch

AWS services send metrics about their utilization to CloudWatch which collects the metrics. You can then view the results in CloudWatch and configure alarms.. CloudWatch Logs captures logging information from applications and AWS services.

AWS IAM Access Analyzer/Are there any AWS services or features that will identify and search for externally shared AWS resources?

Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk.

Which of the authentication options below can be used to authenticate using AWS APIs?

Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). Server certificates are SSL/TLS certificates that you can use to authenticate with some AWS services.

An Amazon EC2 instance running the Amazon Linux 2 AMI is billed in what increment?

Amazon EC2 instances running Linux are billed in one second increments, with a minimum of 60 seconds. CORRECT: "Per second" is the correct answer. INCORRECT: "Per hour" is incorrect. You do not pay per hour. INCORRECT: "Per CPU" is incorrect. You do not pay per CPU. INCORRECT: "Per GB" is incorrect. You pay for Amazon EBS on a per GB of provisioned storage basis.

amazon emr

Amazon EMR-Elastic Mapreduce" is as Amazon EMR is a cloud big data platform that can be queried using SQL. This is not a database solution designed to be used for single millisecond latency.

amazon ecr

Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images

Which AWS service can be used to run Docker containers?

Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances.

AWS EventBridge

Amazon EventBridge is a serverless event bus that makes it easier to build event-driven applications at scale using events generated from your applications. You can set rules for actions to take place when certain events happen, like instance state changes, items are uploaded to an S3 bucket etc.

amazon fsx

Amazon FSx for Windows File Server provides fully managed Microsoft Windows file servers, backed by a fully native Windows file system. Amazon FSx supports a broad set of enterprise Windows workloads with fully managed file storage built on Microsoft Windows Server. Amazon FSx has native support for Windows file system features and for the industry-standard Server Message Block (SMB) protocol to access file storage over a network.

Amazon GuardDuty

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3.

aws light sail

Amazon LightSail provides an easy, low cost way to consume cloud services without needing the skill set for using VPC resources. The product set includes virtual private servers (instances), managed MySQL databases, block and object storage, simplified load balancers, and CDN distributions.

aws opensearch

Amazon OpenSearch Service makes it easy for you to perform interactive log analytics, real-time application monitoring, website search, and more. OpenSearch is an open source, distributed search and analytics suite derived from Elasticsearch. It has nothing to do with identifying externally shared resources.

amazon rds

Amazon RDS is a managed relational database service on which you can run several types of database software. The service is managed so this reduces the database administration tasks an administrator would normally undertake. The managed service includes hardware provisioning, database setup, patching and backups.

amazon s3

Amazon S3 is an object storage system. Typical use cases include: Backup and storage, application hosting, media hosting, software delivery and hosting a static website. You can use Amazon S3 to host a static website. On a static website, individual webpages include static content. They might also contain client-side scripts. To host a static website on Amazon S3, you configure an Amazon S3 bucket for website hosting and then upload your website content to the bucket. When you configure a bucket as a static website, you must enable website hosting, set permissions, and create and add an index document. Depending on your website requirements, you can also configure redirects, web traffic logging, and a custom error document.

AWS SWF - Simple Workflow Service

Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks.

amazon workspaces

Amazon WorkSpaces is a managed, secure Desktop-as-a-Service (DaaS) solution.

Internet Gateway

An Internet gateway is attached to a VPC and allows inbound traffic from the internet to access the VPC. It is also used as a target in route tables for outbound internet traffic.

Amazon Athena

Athena is used for querying data in Amazon S3 using SQL.

autoscaling

Auto Scaling launches and terminates instances, this does not reduce latency for global users.

Serverless Services

Because serverles does not need to manage patches Amazon DynamoDB AWS Fargate AWS Lambda aws glue Amazon EventBridge

auto scaling data storages

Both S3 and DynamoDB automatically scale as demand dictates. In the case of DynamoDB you can either configure the on-demand or provisioned capacity mode. With on-demand capacity mode DynamoDB automatically adjusts the read and write throughput for you. EBS and RDS do not scale automatically. You must intervene to adjust volume sizes and database instance types to scale these resources

A company plans to use reserved instances to get discounted pricing for Amazon EC2 instances. The company may need to change the EC2 instance type during the one year period. Which instance purchasing option is the MOST cost-effective for this use case?

By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale, which translates into lower pay as-you-go prices.

economies of scale

By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale, which translates into lower pay as-you-go prices.

A company runs a batch job on an Amazon EC2 instance and it takes 6 hours to complete. The workload is expected to double in volume each month with a proportional increase in processing time. What is the most efficient cloud architecture to address the growing workload?

CORRECT: "Run the batch workload in parallel across multiple Amazon EC2 instances" is the correct answer. INCORRECT: "Run the batch job on a larger Amazon EC2 instance type with more CPU" is incorrect. This may help initially but over time this will not scale well and the workload will take many days to complete. INCORRECT: "Change the Amazon EC2 volume type to a Provisioned IOPS SSD volume" is incorrect. This will improve the underlying performance of the EBS volume but does not assist with processing (more CPU is needed, i.e. by spreading across instances). INCORRECT: "Run the application on a bare metal Amazon EC2 instance" is incorrect. Bare metal instances are used for workloads that require access to the hardware feature set (such as Intel VT-x), for applications that need to run in non-virtualized environments for licensing or support requirements, or for customers who wish to use their own hypervisor.

AWS Cloud Trail

CloudTrail is used for auditing, not performance monitoring.

back up options

Explanation You can restore an Amazon RDS database instance to a specific point in time with a granularity of 5 minutes. Amazon RDS uses transaction logs which it uploads to Amazon S3 to do this. CORRECT: "Point-in-time recovery" is the correct answer. INCORRECT: "Snapshot backup" is incorrect. This is not a point-in-time backup with 5 minute granularity. INCORRECT: "Full backup" is incorrect. This just describes taking a fully backup of the database, typically with backup software. INCORRECT: "Incremental backup" is incorrect. This describes taking a backup of items that have changed since the last backup.

AWS Direct Connect

Direct Connect is a private network connection between an on-premises data center and AWS. An AWS Direct Connect connection is a private, dedicated link to AWS. As it does not use the internet, performance is consistent. The following diagram shows how a corporate data center is connected to AWS using a Direct Connect link via an AWS Direct Connect location

Amazon DocumentDB

DocumentDB is a NoSQL database that supports document data structures.

A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in an Amazon VPC. Which service should be used to deploy the application?

Explanation AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time. CORRECT: "AWS Elastic Beanstalk" is the correct answer. INCORRECT: "Amazon LightSail" is incorrect. LightSail is a good service to use when you don't have good knowledge of AWS. However, you cannot deploy a scalable node.js application into a VPC. INCORRECT: "AWS CloudFormation" is incorrect. CloudFormation is used for automating the deployment of infrastructure resources in AWS. INCORRECT: "Amazon EC2" is incorrect. This would require more expertise that using Elastic Beanstalk.

efs protocol

EFS is a fully-managed service that makes it easy to set up and scale file storage in the Amazon Cloud. EFS uses the NFSv4.1 protocol. Can concurrently connect 1 to 1000s of EC2 instances, from multiple AZs.

A company is migrating a monolithic application that does not scale well into the cloud and refactoring it into a microservices architecture. Which best practice of the AWS Well-Architected Framework does this plan relate to?

Explanation A microservices architecture will help ensure that each component of the application can scale independently and be updated independently. Loose coupling further assists as it places reduces the dependencies between systems and ensures that messages and data being passed between application components can be reliably and durably stored. CORRECT: "Implement loosely coupled services" is the correct answer. INCORRECT: "Stop spending money on undifferentiated heavy lifting" is incorrect. This is not the best practice being implemented by the company. INCORRECT: "Manage change in automation" is incorrect. This is not the best practice being implemented by the company. INCORRECT: "Use multiple solutions to improve performance" is incorrect. This is not the best practice being implemented by the company.

A Cloud Practitioner is developing a new application and wishes to integrate features of AWS services directly into the application. Which of the following is the BEST tool for this purpose?

Explanation A software development kit (SDK) is a collection of software development tools in one installable package. AWS provide SDKs for various programming languages and these can be used for integrating the features of AWS services directly into an application. CORRECT: "AWS Software Development Kit" is the correct answer. INCORRECT: "AWS Command Line Interface (CLI)" is incorrect. The AWS CLI is used for running commands but is not the best tool for integrating features of AWS services directly into an application. INCORRECT: "AWS CodeDeploy" is incorrect. CodeDeploy is used for deploying code from a code repository and actually installing the application. INCORRECT: "AWS CodePipeline" is incorrect. CodePipeline is used for automating the code release lifecycle.

support tiers

Explanation AWS Enterprise Support is a support plan which provides a less than 15 minutes response time for business-critical system failure, and AWS Enterprise On-Ramp provides a less than 30 minutes response time for business-critical system failure. CORRECT: "AWS Enterprise Support" is the correct answer (as explained above.) CORRECT: "AWS Enterprise On-Ramp Support" is also a correct answer (as explained above.) INCORRECT: "AWS Developer Support" is incorrect. AWS Developer Support is a support plan which provides a less than 12-hour response time for system impaired cases and has no guarantee on business-critical system down. INCORRECT: "AWS Basic Support" is incorrect. The only support you can get via business support is for billing queries. INCORRECT: AWS Business Support"" is incorrect. AWS Business Support is a support plan which provides a less than 1 hour response time for production system impaired cases and has no guarantee on business-critical system down.

A user needs to identify underutilized Amazon EC2 instances to reduce costs.

Explanation AWS Trusted Advisor offers a rich set of best practice checks and recommendations across five categories: cost optimization, security, fault tolerance, performance, and service limits. The Trusted Advisor "low utilization Amazon EC2 instances" check, checks the Amazon Elastic Compute Cloud (Amazon EC2) instances that were running at any time during the last 14 days and alerts you if the daily CPU utilization was 10% or less and network I/O was 5 MB or less on 4 or more days. CORRECT: "AWS Trusted Advisor" is the correct answer. INCORRECT: "AWS CodeBuild" is incorrect. CodeBuild is used for compiling and testing code ahead of deployment. INCORRECT: "AWS Cost Explorer" is incorrect. Cost Explorer can be used to view itemized costs but you cannot check resource utilization. INCORRECT: "AWS Health Dashboard" is incorrect. This dashboard will not warn you about underutilization of resources.

A company is designing a new a service that must align with the operational excellence pillar of the AWS Well-Architected Framework.

Explanation AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. There are 5 pillars and under the operational excellence pillar the following best practices are recommended: • Perform operations as code • Make frequent, small, reversible changes • Refine operations procedures frequently • Anticipate failure • Learn from all operational failures CORRECT: "Anticipate failure" is a correct answer. CORRECT: "Perform operations as code" is also a correct answer. INCORRECT: "Make large-scale changes" is incorrect. This is not an operational best practice. INCORRECT: "Perform manual operations" is incorrect. This is not an operational best practice. INCORRECT: "Create static operational procedures" is incorrect. This is not an operational best practice.

A company is deploying a MySQL database on AWS. The database must easily scale and have automatic backup enabled.

Explanation Amazon Aurora is a relational database that is compatible with MySQL and PostgreSQL database engines. Aurora is extremely fast and scales up to 128 TB. You can also deploy replicas for read scaling within and across Regions. Aurora also offers automated backups. CORRECT: "Amazon Aurora" is the correct answer. INCORRECT: "Amazon DynamoDB" is incorrect. DynamoDB is a NoSQL (non-relational) database and you cannot deploy a MySQL database as it is a relational database type. INCORRECT: "Amazon Athena" is incorrect. Athena is used for querying data in Amazon S3 using SQL. INCORRECT: "Amazon DocumentDB" is incorrect. DocumentDB is a NoSQL database that supports document data structures.

Which AWS service does AWS Snowball Edge natively support?

Explanation You can run Amazon EC2 compute instances hosted on a Snowball Edge with the sbe1, sbe-c, and sbe-g instance types. The sbe1 instance type works on devices with the Snowball Edge Storage Optimized option. The sbe-c instance type works on devices with the Snowball Edge Compute Optimized option. Both the sbe-c and sbe-g instance types work on devices with the Snowball Edge Compute Optimized with GPU option. CORRECT: "Amazon EC2" is the correct answer. INCORRECT: "AWS Server Migration Service (AWS SMS)" is incorrect. AWS SMS does not integrate natively with Snowball Edge. INCORRECT: "AWS Database Migration Service (AWS DMS)" is incorrect. AWS DMS does not integrate natively with Snowball Edge. INCORRECT: "AWS Trusted Advisor" is incorrect. Trusted Advisor does not integrate natively with Snowball Edge.

Which of the following is an advantage for a company running workloads in the AWS Cloud vs on-premises? (Select TWO.)

Explanation Using AWS cloud services can help development teams to be more productive as they spend less time working on the infrastructure layer as it is provided for them. This additionally means launching new workloads requires less time as you can automate the implementation of the application and there is no underlying hardware layer to configure. CORRECT: "Less staff time is required to launch new workloads" is a correct answer. CORRECT: "Increased productivity for application development teams" is also a correct answer. INCORRECT: "Increased time to market for new application features" is incorrect. AWS services should decrease time to market, not increase time. INCORRECT: "Higher acquisition costs to support elastic workloads" is incorrect. The acquisition costs should be lower, not higher. INCORRECT: "Lower overall utilization of server and storage systems" is incorrect. This is not a benefit of moving to the cloud.

A company is planning to deploy an application with a relational database on AWS. The application layer requires access to the database instance's operating system in order to run scripts. The company prefer to keep management overhead to a minimum. Which deployment should be used for the database?

Explanation The company would like to keep management overhead to a minimum so RDS would be good to meet that requirement. However, with RDS you cannot access the operating system so the requirement for running scripts on the OS rules RDS out. Therefore, the next best solution is to deploy on an Amazon EC2 instances as the other options presented are unsuitable for a relational database. CORRECT: "Amazon EC2" is the correct answer. INCORRECT: "Amazon RDS" is incorrect as the application would not be able to access the OS of the RDS instance to run scripts. INCORRECT: "Amazon DynamoDB" is incorrect. This is a non-relational database. INCORRECT: "Amazon S3" is incorrect. This is an object-storage system and is not suitable for running a relational database.

Which of the following can an AWS customer use to launch a new ElastiCache cluster? (Select TWO.)

Explanation There are several ways to launch resources in AWS. You can use the AWS Management Console or Command Line Interface (CLI) or you can automate the process by using tools such as AWS CloudFormation. With AWS CloudFormation you can deploy infrastructure such as Amazon ElastiCache clusters by defining your desired configuration state in code using a template file written in JSON or YAML. CloudFormation will then deploy the resources by creating a Stack according to the template file. CORRECT: "AWS CloudFormation" is a correct answer. CORRECT: "AWS Management Console" is also a correct answer. INCORRECT: "AWS Concierge" is incorrect. The Concierge Support Team is available for customer who have an Enterprise level support plan. This team does not launch resources for you. INCORRECT: "AWS Systems Manager" is incorrect. Systems Manager will not launch an ElastiCache cluster for you. INCORRECT: "AWS Data Pipeline" is incorrect. AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services

Which benefits can a company gain by deploying a relational database on Amazon RDS instead of Amazon EC2? (Select TWO.)

Explanation Two of the benefits of using a managed Amazon RDS service instead of a self-managed database on EC2 are that you get automated backups and automatic software patching. CORRECT: "Automated backups" is a correct answer. CORRECT: "Software patching" is also a correct answer. INCORRECT: "Schema management" is incorrect. This is not a feature of the managed service. INCORRECT: "Indexing of tables" is incorrect. This is not a feature of the managed service. INCORRECT: "Root access to OS" is incorrect. You do not get root access to an RDS instance's operating system.

http codes

Explanation HTTP response status codes indicate whether a specific HTTP request has been successfully completed. - A HTTP 200 codes indicates a successful upload. - A HTTP 300 code indicates a redirection. - A HTTP 400 code indicates a client error. - A HTTP 500 code indicates a server error.

What is the best practice for managing AWS IAM access keys?

Explanation It is a security best practice to rotate access keys regularly. This practice ensures that if access keys are compromised the security exposure is mitigated. CORRECT: "Customers should rotate access keys regularly" is the correct answer. INCORRECT: "There is no need to manage access keys" is incorrect. This is not true; you must rotate access keys. INCORRECT: "AWS rotate access keys on a schedule" is incorrect. AWS do not rotate your access keys. INCORRECT: "Never use access keys, always use IAM roles" is incorrect. It is often better and more secure to use IAM roles for some uses but it is certainly not the case that you should never use access keys.

What is one method of protecting against distributed denial of service (DDoS) attacks in the AWS Cloud?

Explanation Some forms of DDoS mitigation are included automatically with AWS services. You can further improve your DDoS resilience by using an AWS architecture with specific services and by implementing additional best practices. Using a firewall with AWS resources is recommended to reduce the attack surface of your services which can mitigate some DDoS attacks. CORRECT: "Configure a firewall in front of resources" is the correct answer. INCORRECT: "Use Amazon CloudWatch monitoring" is incorrect. Performance monitoring will not protect against DDoS. INCORRECT: "Enable AWS CloudTrail logging" is incorrect. Logging API calls will not protect against DDoS. INCORRECT: "Monitor the AWS Health Dashboard" is incorrect. The AWS Health dashboard is not useful for monitoring and will not protect against DDoS.

Which tasks require the use of the AWS account root user? (Select TWO.)

Explanation Some tasks can only be performed by the root user of an AWS account. This includes changing the account name and changing AWS support plans. For more information view the AWS article referenced below. CORRECT: "Changing the account name" is a correct answer. CORRECT: "Changing AWS Support plans" is also a correct answer. INCORRECT: "Enabling encryption for S3" is incorrect. This does not require root. INCORRECT: "Viewing AWS CloudTrail logs" is incorrect. This does not require root. INCORRECT: "Changing payment currency" is incorrect. This does not require root. https://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html

An individual IAM user must be granted access to an Amazon S3 bucket using a bucket policy. Which element in the S3 bucket policy should be updated to define the user account for which access will be granted?

Explanation The Principal element specifies the user, account, service, or other entity that is allowed or denied access to a resource. The bucket policy below has a Principal element set to * which is a wildcard meaning any user. To grant access to a specific IAM user the following format can be used: "Principal":{"AWS":"arn:aws:iam::AWSACCOUNTNUMBER:user/username"} CORRECT: "Principal" is the correct answer. INCORRECT: "Action" is incorrect. Actions are the permissions that you can specify in a policy. INCORRECT: "Resource" is incorrect. Resources are the ARNs of resources you wish to specify permissions for. INCORRECT: "Condition" is incorrect. Conditions define certain conditions to apply when granting permissions such as the source IP address of the caller.

support concienrge

Included as part of the Enterprise Support plan, the Support Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts.

supports for diff plans

Only the Enterprise Support plan gets a Technical Account Manager (TAM). You do not get an AWS Solutions Architect with any plan. Cloud Support Associates are provided in the Developer plan. There's no such thing as a Technical Support Manager in the AWS support plans.

aws redshift

RedShift is managed data warehouse solution and is better suited to use cases where analytics of data is required.Amazon Redshift uses SQL to analyze structured and semi-structured data across data warehouses, operational databases, and data lakes, using AWS-designed hardware and machine learning to deliver the best price performance at any scale. Data warehouses are built on databases designed for online analytics processing (OLAP) use cases.

things you can reserve in aws

Reservations provide you with greater discounts, up to 75%, by paying for capacity ahead of time. Some of the services you can reserve include: EC2, DynamoDB, ElastiCache, RDS, and RedShift.

AWS Systems Manager

Systems Manager is used for managing EC2 instances such as installing patches and software.

AWS Health

The AWS Health API is available to all Business, Enterprise On-Ramp, or Enterprise Support customers. You can use the API operations to get information about events that might affect your AWS services and resources.

Which AWS dashboard displays relevant and timely information to help users manage events in progress, and provides proactive notifications to help plan for scheduled activities?

The dashboard displays relevant and timely information to help you manage events in progress, and provides proactive notification to help you plan for scheduled activities. With Personal Health Dashboard, alerts are triggered by changes in the health of AWS resources, giving you event visibility, and guidance to help quickly diagnose and resolve issues. CORRECT: "AWS Personal Health Dashboard" is the correct answer. INCORRECT: "AWS Service Health Dashboard" is incorrect. This shows the current status of services across regions. However, it does not provide proactive notifications of scheduled activities or guidance of any kind. INCORRECT: "AWS Trusted Advisor dashboard" is incorrect. AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. INCORRECT: "Amazon CloudWatch dashboard" is incorrect as this service is used for monitoring performance related information for your infrastructure and resources, not the underlying AWS resources.

VPC Route Table

The route table is used within a VPC for directing traffic.

amazon connect

This is a contact center service. Amazon Connect provides a seamless omnichannel experience through a single unified contact center for voice, chat, and task management.

S3 Lifecycle Management

To manage your objects so that they are stored cost effectively throughout their lifecycle, configure their Amazon S3 Lifecycle. An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. There are two types of actions:

VPC Flow Logs

VPC Flow Logs capture information about the IP traffic going to and from network interfaces in your VPC.

money saving solutions

Where possible, you should replace EC2 workloads with AWS managed services that don't require you to take any capacity decisions. AWS Lambda is a serverless services and you only pay for actual processing time. Other examples of services that you don't need to make capacity decisions with include: ELB, CloudFront, SQS, Kinesis Firehose, SES, and CloudSearch.

horizontal scaling

With horizontal scaling you add more instances to a fleet of instances to service demand as it increases. This can be achieved automatically by using AWS Auto Scaling to add instances in response to CloudWatch performance metrics. With vertical scaling you are adding CPU, RAM or storage to an existing instance. This may involve modifying the instance type which typically requires a restart. With vertical scaling on AWS scalability is limited by the maximum instance size.

AWS Direct Connect

You can use an AWS Direct Connect gateway to connect your AWS Direct Connect connection over a private virtual interface to one or more VPCs in your account that are located in the same or different Regions

aws organiziatons

You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts. With consolidated billing you get: - One bill for multiple accounts. - Easy tracking or charges across accounts. - Combined usage across accounts and sharing of volume pricing discounts, reserved instance discounts and savings plans. - No extra fee. AWS Organizations can be used for automating AWS account creation via the Organizations API. AWS Organizations offers Service control policies (SCPs) which are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions (API actions) for all accounts in your organization. SCPs help you to ensure your accounts stay within your organization's access control guidelines. SCPs are available only in an organization that has all features enabled.

aws cloud front

a content delivery network (CDN) that caches content around the world for lower latency access. AWS Global Accelerator enables access to your application by leveraging the same Edge Locations as CloudFront and routing connections across the AWS global network.

AWS Application Discovery Service

collecting usage and configuration data about your on-premises servers.

AWS Batch

enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS.

AWS Well-Architected

https://aws.amazon.com/architecture/well-architected/?wa-lens-whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-whitepapers.sort-order=desc&wa-guidance-whitepapers.sort-by=item.additionalFields.sortDate&wa-guidance-whitepapers.sort-order=desc

shared responsiblity

https://aws.amazon.com/compliance/shared-responsibility-model/

EC2 service type

iaas

Amazon Inspector

is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

AWS Elastic Beanstalk

is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.

AWS Personal Health Dashboard

provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

EBS snapshots storage

s3