Practice Set 6

What is an example of scaling vertically? 1. AWS Auto Scaling adding more EC2 instances 2. AWS Lambda adding concurrently executing functions 3. Increasing the instance size with Amazon RDS 4. Adding read replicas to an Amazon RDS database

1

Your company has recently migrated to AWS. How can your CTO monitor the organization's costs? 1. AWS Cost Explorer 2. AWS CloudTrail 3. AWS Consolidated Billing 4. AWS Simple Monthly calculator

1

What do you need to log into the AWS console? 1. User name and password 2. Key pair 3. Access key and secret ID 4. Certificate

1

You need to connect your company's on-premise network into AWS and would like to establish an AWS managed VPN service. Which of the following configuration items needs to be setup on the Amazon VPC side of the connection? 1. A Virtual Private Gateway 2. A Customer Gateway 3. A Network Address Translation device 4. A Firewall

1 A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection.

Which resource should you use to access AWS security and compliance reports? 1. AWS Artifact 2. AWS Business Associate Addendum (BAA) 3. AWS IAM 4. AWS Organizations

1 AWS Artifact, available in the console, is a self-service audit artifact retrieval portal that provides our customers with ondemand access to AWS' compliance documentation and AWS agreement

Which of the following statements about AWS's pay-as-you-go pricing model is correct? 1 . It results in reduced capital expenditures 2. It requires payment up front for AWS services 3. It is relevant only for Amazon EC2, Amazon S3, and Amazon DynamoDB 4. It reduces operational expenditures

1 Answer: 1 Explanation: The pay-as-you-go pricing model means you only pay for the services and consumption you actually use. You are charged for compute, storage and outbound data transfer. This model reduces capital expenditure as you pay a monthly bill (operational expenditure).

Which HTTP code indicates a successful upload of an object to Amazon S3? 1. 200 2. 300 3. 400 4. 500

1 Explanation: HTTP response status codes indicate whether a specific HTTP request has been successfully completed. - A HTTP 200 codes indicates a successful upload. - A HTTP 300 code indicates a redirection. - A HTTP 400 code indicates a client error. - A HTTP 500 code indicates a server error.

Which AWS service can serve a static website? 1. Amazon S3 2. Amazon Route 53 3. Amazon QuickSight 251 4. AWS X-Ray

1 You can use Amazon S3 to host a static website. On a static website, individual webpages include static content. They might also contain client-side scripts. To host a static website on Amazon S3, you configure an Amazon S3 bucket for website hosting and then upload your website content to the bucket. When you configure a bucket as a static website, you must enable website hosting, set permissions, and create and add an index document. Depending on your website requirements, you can also configure redirects, web traffic logging, and a custom error document.

Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Select TWO.) 1. Ensuring that application data is encrypted at rest 2. Ensuring that AWS NTP servers are set to the correct time 3. Ensuring that users have received security training in the use of AWS services 4. Ensuring that access to data centers is restricted 5. Ensuring that hardware is disposed of properly

1,3 Answer: 1, 3 Explanation: As a customer on AWS you take responsibility for encrypting data. This includes encrypting data at rest and data in transit. It's also a customer's responsibility to properly train their staff in security best practices and procedures for the AWS services they use

What advantages does the AWS cloud provide in relation to cost? (Select TWO.) 1. Fine-grained billing 2. One-off payments for on-demand resources 3. Ability to turn off resources and not pay for them 4. Enterprise licensing discounts 5. Itemized power costs

1,3 With the AWS cloud you get fine-grained billing and can turn off resources you are not using easily and not have to pay for them (pay for what you use model)

What methods are available for scaling an Amazon RDS database? (Select TWO.) 1. You can scale up by moving to a larger instance size 2. You can scale out automatically with EC2 Auto Scaling 3. You can scale up by increasing storage capacity 4. You can scale out by implementing Elastic Load Balancing 5. You can scale up automatically using AWS Auto Scaling

1. You can scale up by moving to a larger instance size 3. You can scale up by increasing storage capacity RDS vertical

Which AWS technology enables you to group resources that share one or more tags? 1. Tag groups 2. Organization groups 3. Resource groups 4. Consolidation groups

2

Which AWS service or feature helps restrict the AWS service, resources, and individual API actions the users and roles in each member account can access? 1. Amazon Cognito 2. AWS Organizations 3. AWS Shield 4. AWS Firewall Manager

2 AWS Organizations offers the following policy types: • Service control policies (SCPs) offer central control over the maximum available permissions for all of the accounts in your organization. • Tag policies help you standardize tags across resources in your organization's accounts

Which AWS service makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow? 1. Amazon SWF 2. AWS Step Functions 3. Amazon SNS 4. Amazon SES

2 AWS Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. AWS Step Functions lets you build visual workflows that enable fast translation of business requirements into technical requirements.

A company is using the AWS CLI and programmatic access of AWS resources from its on-premises network. What is a mandatory requirement in this scenario? 1. Using an AWS Direct Connect connection 2. Using an AWS access key and a secret key 3. Using Amazon API Gateway 4. Using an Amazon EC2 key pair

2 Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). A key pair is used to securely access EC2 resources and should not be confused with access keys.

According to the AWS Shared Responsibility Model, which of the following is a shared control? 1. Operating system patching 2. Awareness and training 3. Protection of infrastructure 4. Client-side data encryption

2 Answer: 2 Explanation: Shared Controls are controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include patch management, configuration management, and awareness and training customer responsibilities Client-side data encryption Operating system patching

Where do Amazon Identity and Access Management (IAM) accounts need to be created for a global organization? 1. In each region where the users are located 2. Just create them once, as IAM is a global service 3. Create them globally, and then replicate them regionally 4. In each geographical area where the users are located

2 IAM is a global service so you only need to create your users once and can then use those user accounts anywhere globally. The other options are all incorrect. as you do not create IAM accounts regionally, replicate them regionally, or create them within geographical areas

How can a systems administrator specify a script to be run on an EC2 instance during launch? 1. Metadata 2. User Data 3. Run Command 4. AWS Config

2 When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives. User data is data that is supplied by the user at instance launch in the form of a script. User data is limited to 16KB. User data and meta data are not encrypted

the AWS Cost Management tools give users the ability to do which of the following? (Select TWO.) 1. Terminate all AWS resources automatically if budget thresholds are exceeded 2. Break down AWS costs by day, service, and linked AWS account 3. Create budgets and receive notifications if current or forecasted usage exceeds the budgets 4. Switch automatically to Reserved Instances or Spot Instances, whichever is most cost-effective 5. Move data stored in Amazon S3 to a more cost-effective storage class

2,3 AWS has a set of solutions to help you with cost management and optimization. This includes services, tools, and resources to organize and track cost and usage data, enhance control through consolidated billing and access permission, enable better planning through budgeting and forecasts, and further lower cost with resources and pricing optimizations. However, these tools do not terminate resources, manipulate resources, or make changes to pricing models.

Your manager has asked you to explain the benefits of using IAM groups. Which of the below statements are valid benefits? (Select TWO.) 1. You can restrict access to the subnets in your VPC 2. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users 3. Provide the ability to create custom permission policies 4. Enables you to attach IAM permission policies to more than one user at a time 5. Provide the ability to nest groups to create an organizational hierarchy

2,4 Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users Enables you to attach IAM permission policies to more than one user at a time

Which of the following are examples of horizontal scaling? (Select TWO.) '\ 1. Add more CPU/RAM to existing instances as demand increases 2. Add more instances as demand increases 3. Requires a restart to scale up or down 4. Automatic scaling using services such as AWS Auto Scaling 5. Scalability is limited by maximum instance size

2,4 With horizontal scaling you add more instances to a fleet of instances to service demand as it increases. This can be achieved automatically by using AWS Auto Scaling to add instances in response to CloudWatch performance metrics. With vertical scaling you are adding CPU, RAM or storage to an existing instance. This may involve modifying the instance type which typically requires a restart. With vertical scaling on AWS scalability is limited by the maximum instance size.

Which of the following are pillars from the five pillars of the AWS Well-Architected Framework? (Select TWO.) 1. Resilience 2. Operational excellence 3. Confidentiality 4. Economics 5. Performance efficiency

2,5

Which of the authentication options below can be used to authenticate using AWS APIs? (Select TWO.) 1. Key pairs 2. Access keys 3. Server passwords 4. Security groups 5. Server certificates

2,5 Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). Server certificates are SSL/TLS certificates that you can use to authenticate with some AWS services.

Which of the following are NOT features of AWS IAM? (Select TWO.) 1. Shared access to your AWS account 2. Logon using local user accounts 3. Identity federation 4. PCI DSS compliance 5. Charged for what you use

2,5 You cannot use IAM to create local user accounts on any system. You are also not charged for what you use, IAM is free to use The other options are all features of AWS IAM

Which type of Elastic Load Balancer operates at the TCP connection level? 1. Application Load Balancer (ALB) 2. Network Load Balancer (NLB) 3. Classic Load Balancer (CLB) 4. Amazon Route 53 Load Balance

2. Network Load Balancer (NLB) ALBs process traffic at the application level (layer 7) based on information in the HTTP/HTTPS headers. CLBs process traffic at the TCP, SSL, HTTP and HTTPS levels (layer 4 & 7).

How can a company configure automatic, asynchronous copying of objects in Amazon S3 buckets across regions? 259 1. This is done by default by AWS 2. By configuring multi-master replication 3. Using cross-region replication 4. Using lifecycle actions

3

What is the easiest way to store a backup of an EBS volume on Amazon S3? 1. Write a custom script to copy the data into a bucket 2. Use S3 lifecycle actions to backup the volume 3. Create a snapshot of the volume 4. Use Amazon Kinesis to process the data and store the results in S3

3

What type of cloud computing service type do AWS Elastic Beanstalk and Amazon RDS correspond to? 1. IaaS 2. PaaS 3. SaaS 4. Hybrid

3

Which AWS service is suitable for an event-driven workload? 1. Amazon EC2 2. AWS Elastic Beanstalk 3. AWS Lambda 4. Amazon Lumberyard

3

Which of the statements below does NOT characterize cloud computing? 1. Cloud computing is the on-demand delivery of compute power 2. With cloud computing you get to benefit from massive economies of scale 3. Cloud computing allows you to swap variable expense for capital expense 4. With cloud computing you can increase your speed and agility

3

You are evaluating AWS services that can assist with creating scalable application environments. Which of the statements below best describes the Elastic Load Balancer service? 1. Helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application 2. A highly available and scalable Domain Name System (DNS) service 3. Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses 4. A network service that provides an alternative to using the Internet to connect customers' on-premise sites to AWS

3

How can a company facilitate the sharing of data over private connections between two accounts they own within a region? 1. Create an internal ELB 2. Create a subnet peering connection 3. Create a VPC peering connection 4. Configure matching CIDR address range

3 A VPC peering connection helps you to facilitate the transfer of data. For example, if you have more than one AWS account, you can peer the VPCs across those accounts to create a file sharing network. You can also use a VPC peering connection to allow other VPCs to access resources you have in one of your VPCs.

Which of the following acts as a virtual firewall at the Amazon EC2 instance level to control traffic for one or more instances? 1. Route table 2. Virtual private gateways (VPG) 3. Security groups 4. Network Access Control Lists (ACL)

3 A security group is an instance-level firewall that can be used to control traffic the that reaches (ingress/inbound) and is sent out from (egress/outbound) your EC2 instances. Rules are created for inbound or outbound traffic. A security group can be attached to multiple EC2 instances

Your manager has asked you to explain some of the security features available in the AWS cloud. How can you describe the function of Amazon CloudHSM? 1. It provides server-side encryption for S3 objects 2. It is a Public Key Infrastructure (PKI) 3. It can be used to generate, use and manage encryption keys in the cloud 4. It is a firewall for use with web applications

3 AWS CloudHSM is a cloud-based hardware security module (HSM) that allows you to easily add secure key storage and highperformance crypto operations to your AWS applications. CloudHSM has no upfront costs and provides the ability to start and stop HSMs on-demand, allowing you to provision capacity when and where it is needed quickly and cost-effectively. CloudHSM is a managed service that automates time-consuming administrative tasks, such as hardware provisioning, software patching, high availability, and backups

Which service allows you to monitor and troubleshoot systems using system and application log files generated by those systems? 1. CloudTrail Logs 2. CloudWatch Metrics 3. CloudWatch Logs 4. CloudTrail Metrics

3 Amazon CloudWatch Logs lets you monitor and troubleshoot your systems and applications using your existing system, application and custom log files. CloudWatch Logs can be used for real time application and system monitoring as well as long term log retention . CloudTrail is used for logging who does what in AWS b y recording API calls. It is used for auditing, not performance or system operational monitoring.

Which type of scaling does Amazon EC2 Auto Scaling provide? 1. Vertical 2. Linear 3. Horizontal 4. Incremental

3 Amazon EC2 Auto Scaling scales horizontally by adding launching and terminating EC2 instances based on actual demand for your application.

Which pricing model will interrupt a running Amazon EC2 instance if capacity becomes temporarily unavailable? 1. On-Demand Instances 2. Standard Reserved Instances 3. Spot Instances 4. Convertible Reserved Instances

3 Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. When AWS need to reclaim the capacity you get a 2 minute warning and then your instances are terminated. With all other pricing models your instances will not be terminated by AWS once they are running

Which AWS service provides the ability to detect risk of unauthorized access,inadvertent data leaks of personally identifiable information (PII) and user credential data? 1. Amazon GuardDuty 2. Amazon Inspector 3. Amazon Macie 4. AWS Shield

3 Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in Amazon S3. Macie applies machine learning and pattern matching techniques to the Amazon S3 buckets you select to identify and alert you to sensitive data, such as personally identifiable information (PII).

A Cloud Practitioner is creating the business process workflows associated with an order fulfilment system. Which AWS service can assist with coordinating tasks across distributed application components? 1. AWS STS 2. Amazon SQS 3. Amazon SWF 4. Amazon SNS

3 Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks.

How can you deploy your EC2 instances so that if a single data center fails you still have instances available? 1. Across regions 2. Across subnets 3. Across Availability Zones 4. Across VPCs

3 An AZ spans one or more data centers and each AZ is physically isolated from other AZs and connected by high speed networking. If you want to deploy a highly available application you should spread your instances across AZs and they will be resilient to the failure of a single DC

A startup eCommerce company needs to quickly deliver new website features in an iterative manner, minimizing the time to market. Which AWS Cloud feature allows this? 1. Elasticity 2. High availability 3. Agility 4. Reliabilit

3 In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.

Under the AWS shared responsibility model, which of the following are customer responsibilities? (Select TWO.) 1. Setting up server-side encryption on an Amazon S3 bucket 2. Amazon RDS instance patching 3. Network and firewall configurations 4. Physical security of data center facilities 5. Compute capacity availability

3,1 Answer: 1, 3 Explanation: As a customer on AWS you take responsibility for encrypting data. This includes encrypting data at rest and data in transit. Another security responsibility the customer owns is setting network and firewall configurations. For instance, you must configure Network ACLs and Security Groups, and any operating system-level firewalls on your EC2 instances.

Under the AWS Shared Responsibility Model, who is responsible for what? (Select TWO.) 1. Customers are responsible for compute infrastructure 2. AWS are responsible for network and firewall configuration 3. Customers are responsible for networking traffic protection 256 4. AWS are responsible for networking infrastructure 5. Customers are responsible for edge locations

3,4 AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. Customers are responsible for security in the cloud and responsibilities vary by service. Customers are responsible for networking traffic protection. This includes applying encryption and using security groups and Network ACLs. AWS are responsible for networking infrastructure. The underlying networking equipment is maintained by AWS

Which of the following is NOT a best practice for protecting the root user of an AWS account? 1. Don't share the root user credentials 2. Enable MFA 3. Remove administrative permissions 4. Lock away the AWS root user access keys

4

Which AWS Cloud design principles can help increase reliability? (Select TWO.) 1. Using monolithic architecture 2. Measuring overall efficiency 3. Testing recovery procedures 4. Adopting a consumption model 5. Automatically recovering from failure

3,5 Recovery procedures should always be tested ahead of any outage of disaster recovery situation. This is the only way to be sure your recovery procedures are effective. When designing systems it is also a good practice to implement automatic recovery when possible. This reduces or eliminates the operational burden and potential downtime associated with a failure of a system or application component.

Based on the shared responsibility model, which of the following security and compliance tasks is AWS responsible for? 1. Granting access to individuals and services 2. Encrypting data in transit 3. Updating Amazon EC2 host firmware 4. Updating operating systems

3.Updating Amazon EC2 host firmware Customers are responsible for patching operating systems on Amazon EC2. AWS are only responsible for the host servers

Which AWS technology can be referred to as a "virtual hard disk in the cloud"? 1. Amazon EFS Filesystem 2. Amazon S3 Bucket 3. Amazon EBS volume 4. Amazon ENI

3An Amazon Elastic Block Store (EBS) volume is often described as a "virtual hard disk in the cloud". EBS volumes are block-level storage volumes that are attached to EC2 instances much as you would attach a virtual hard disk to a virtual machine in a virtual infrastructure. An Amazon EFS filesystem is a file-level storage system that is accessed using the NFS protocol

Which AWS security tool uses an agent installed in EC2 instances and assesses applications for vulnerabilities and deviations from best practices? 1. AWS Trusted Advisor 2. AWS Personal Health Dashboard 3. AWS TCO Calculator 4. AWS Inspector

4

Your organization has offices around the world and some employees travel between offices. How should their accounts be setup? . IAM is a global service, just create the users in one place 2. Create a separate account in IAM within each region in which they will travel 3. Set the user account as a "global" account when created 4. Enable MFA for the accounts

4

Which AWS database service is schema-less and can be scaled dynamically without incurring downtime? 1. Amazon RDS 2. Amazon Aurora 3. Amazon RedShift 4. Amazon DynamoDB

4 Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Push button scaling means that you can scale the DB at any time without incurring downtime. DynamoDB is schemaless.

Which AWS service is designed to be used for operational analytics? 1. Amazon EMR 2. Amazon Athena 3. Amazon QuickSight 4. Amazon Elasticsearch Service

4 Amazon Elasticsearch Service is involved with operational analytics such as application monitoring, log analytics and clickstream analytics. Amazon Elasticsearch Service allows you to search, explore, filter, aggregate, and visualize your data in near real-time

How can a database administrator reduce operational overhead for a MySQL database? 1. Migrate the database onto an EC2 instance 2. Migrate the database onto AWS Lambda 3. Use AWS CloudFormation to manage operations 4. Migrate the database onto an Amazon RDS instance

4 Amazon RDS is a managed database service that supports MySQL. The DBA can reduce operational overhead by moving to RDS and having less work to do to manage the database

What is the name for the top-level container used to hold objects within Amazon S3? 1. Folder 2. Directory 3. Instance Store 4. Bucket

4 Amazon S3 is an object-based storage system. You upload your objects into buckets

Which AWS Glacier data access option retrieves data from an archive in 1-5 minutes? 1. Standard 2. Express 3. Accelerated 4. Expedited

4 Answer: 4 Explanation: Expedited retrievals allow you to quickly access your data when occasional urgent requests for a subset of archives are required. For all but the largest archives (250 MB+), data accessed using Expedited retrievals are typically made available within 1-5 minutes

Where are Amazon EBS snapshots stored? 1. On an Amazon EBS instance store 2. On an Amazon EFS filesystem 3. Within the EBS block store 4. On Amazon S3

4 You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved.

A web application running on AWS has been received malicious requests from the same set of IP addresses. Which AWS service can help secure the application and block the malicious traffic? 1. AWS IAM 2. Amazon GuardDuty 3. Amazon SNS 4. AWS WAF

4The AWS Web Application Firewall (WAF) is used to protect web applications or APIs against common web exploits. Rules can be created that block traffic based on source IP address.

What are the advantages of running a database service such as Amazon RDS in the cloud versus deploying on-premise? (Select TWO.) 1. You have full control of the operating system and can install your own operational tools 2. Scalability is improved as it is quicker to implement and there is an abundance of capacity 3. You can use any database software you like, allowing greater flexibility 4. High availability is easier to implement due to built-in functionality for deploying read replicas and multi-AZ 5. There are no costs for replicating data between DBs in different data centers or regions

5,2

To reduce cost, which of the following services support reservations? (Select TWO.) 1. Amazon ElastiCache 2. Amazon CloudFormation 3. Amazon RedShift 4. AWS Elastic Beanstalk 5. Amazon S3

5,3

Which AWS service can be used to run Docker containers? 5. AWS Lambda 6. Amazon ECR 7. AWS Fargate 8. Amazon AMI

AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container image

Which AWS support plans provide 24×7 access to customer service? 1. Basic 2. Business 3. Developer 4. All plans

All support plans provide 24×7 access to customer service, documentation, whitepapers, and support forums

According to the AWS Well-Architected Framework, what change management steps should be taken to achieve reliability in the AWS Cloud? (Select TWO.) 1. Use AWS Config to generate an inventory of AWS resources 2. Use service limits to prevent users from creating or making changes to AWS resources 3. Use AWS CloudTrail to record AWS API calls into an auditable log file 4. Use AWS Certificate Manager to create a catalog of approved services 5. Use Amazon GuardDuty to record API activity to an S3 bucket

Answer: 1, 3 Explanation: AWS Config can be used to track the configuration state of your resources and how the state has changed over time. With CloudTrail you can audit who made what API calls on what resources at what time. This can help with identifying changes that cause reliability issues.

Which type of AWS database is ideally suited to analytics using SQL queries? 1. Amazon DynamoDB 2. Amazon RedShift 3. Amazon RDS 4. Amazon S3

Answer: 2 Explanation: Amazon Redshift is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and existing Business Intelligence (BI) tools. RedShift is a SQL based data warehouse used for analytics applications.

In which ways does AWS' pricing model benefit organizations? 1. Eliminates licensing costs 2. Focus spend on capital expenditure, rather than operational expenditure 3. Reduce the cost of maintaining idle resources 4. Reduces the people cost of application developmen

Answer: 3 Explanation: Using AWS you can provision only what you need and adjust resources automatically and elastically. This reduces the amount of resources that are sitting idle which reduces cost.

What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions? 1. Use AWS Direct Connect 2. Use AWS VPN 3. Use AWS Client VPN 4. Use an AWS Transit Gateway

Answer: 4 Explanation: AWS Transit Gateway is a service that enables customers to connect their Amazon Virtual Private Clouds (VPCs) and their onpremises networks to a single gateway. Use AWS Direct Connect" is incorrect as this only connects you to a single Amazon VPC, not multiple VPCs in different Regions.

Which feature of Amazon S3 enables you to create rules to control the transfer of objects between different storage classes? 1. Object sharing 2. Versioning 3. Lifecycle management 4. Bucket policies

To manage your objects so that they are stored cost effectively throughout their lifecycle, configure their Amazon S3 Lifecycle. An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. There are two types of actions: • Transition actions—Define when objects transition to another storage class. For example, you might choose to transition objects to the S3 Standard-IA storage class 30 days after you created them, or archive objects to the S3 Glacier storage class one year after creating them. • Expiration actions—Define when objects expire. Amazon S3 deletes expired objects on your behalf. The lifecycle expiration costs depend on when you choose to expire objects