AWS Academy Cloud Foundations Exam 1 Chapter 1 - 5

Ace your homework & exams now with Quizwiz!

Which component of AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery?

AWS edge locations

AWS highly recommends provisioning your compute resources across _____ Availability Zones. (Select the best answer.)

AWS highly recommends provisioning your compute resources across multiple Availability Zones.

Which programming languages does the AWS Lambda service API support?

Node.js, Java, C#, Python, Ruby, Go, and PowerShell.

In the shared responsibility model, which two of the following are examples of "security in the cloud" (Choose two.)

"Encryption of data at rest and data in transit" and "Security group configurations" are examples of security in the cloud.

What are the 3 ways that you can interact with AWS?

#1: AWS Management Console (Web Interface) #2: AWS Command Line Interface (AWS CLI) #3: Software development kits (SDKs)

What are the major characteristics of a IAM Group?

- An IAM Group is a collection of IAM users - A group is used to grant the same permissions to multiple users - A user can belong to multiple groups - There is no default group- Groups cannot be nested

What factors go into selecting the appropriate region for your content?

- Data governance and legal requirements - Proximity to customers (reduce latency) - Services available in that region (not all regions support all AWS services - Costs (vary by region)

With Amazon virtual private cloud, what is the max size IP address range you can have in a VPC?

/16 (65,536 possible addresses)

With Amazon virtual private cloud, what is the smallest sized subnet you can have in a VPC?

/28 (16 possible addresses)

Which of the following are not benefits of AWS Cloud computing?

High Latency Multiple procurement cycles

What additional authentication measure is strongly suggested to add to the root/admin account?

IAM MFA

What are the five major benefits of AWS CloudFront?

1) Fast and global 2) Security at the edge 3) Highly programmable 4) Deeply integrated in AWS 5) Cost effective

What are the five reserved IP addresses in a given VPC subnet?

10.0.0.0 - Network Address 10.0.0.1 - VPC local router, Internal communication 10.0.0.2 - DNS Resolution 10.0.0.3 - Reserved for future use 10.0.0.255 - Network broadcast address

Which of these statements about Availability Zones is not true? (Select the best answer.)

A data center cannot be used for more than one Availability Zone.

What happens when you use Amazon Virtual Private Clouse to create a new VPC?

A main route table is created by default.q

Which of the following is an optional security control that can be applied at the subnet layer of a VPC? (Select the best answer.)

A network ACL is an optional security control that can be applied at the subnet layer of a VPC.

What is an VPC Network ACL?

A network access control list (network ACL) is an optional layer of security for your Amazon VPC. It acts as a firewall for controlling traffic in and out of one or more subnets.

What is an AWS Region?

A physical geographical location with typically two or more Availability Zones.

What is true about Regions? (Choose two.)

A region is a physical location that has multiple Availability Zones. Each region is located in a separate geographic area.

Which of thee following can be used to protect Amazon Elastic Compute Cloud (Amazon EC2) instances hosted in AWS? (Select the best answer.)

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.

For certain services like Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Relational Database Service (Amazon RDS), you can invest in reserved capacity. What options are available for Reserved Instances?

AURI NURI PURI

Where can a customer go to get more details about Amazon Elastic Compute Cloud (Amazon EC2) billing activity that took the place 3 months ago?

AWS Cost Explorer

What AWS service allows different AWS accounts to be grouped together under a single unit?

AWS Organizations

Which of the following are geographic areas that host two or more Availability Zones? (Select the best answer.)

AWS Regions host two or more availability zones.

What is considered best practice about using the root account?

AWS strongly recommends that you do not use account root user credentials for day-to-day interactions with the account. Instead, AWS recommends that you use IAM to create additional users and assign permissions to these users, following the principle of least privilege.

After initial login, what does AWS recommend as best practice for the AWS account root user? (Select the best answer.)

After initial login, AWS recommends deleting the access keys of the AWS account root user as the best practice.

What are the advantages of cloud computing over computer on-premises?

All of the above (Avoid large capital purchases, User on-demand capacity, Increase speed and agility)

Which component of the AWS Global Infrastructure does Amazon Cloudfront use to ensure low-latency delivery? (Select the best answer.)

Amazon CloudFront uses AWS edge locations to ensure low-latency delivery.

Which of the following is a compute service? (Select the best answer)

Amazon EC2

Why is AWS more economical than traditional data centers for Applications with varying compute workloads?

Amazon EC2 instances can be launched on-demand when needed.

Which AWS networking service enables a company to create a virtual private network within AWS?

Amazon VPC

Which AWS networking service enables a company to create a virtual network within AWS? (Select the best answer.)

Amazon Virtual Private Cloud enables a company to create a virtual network within AWS.

What are the four support plans offered by AWS Support?

Basic, Developer, Business, Enterprise

What are the three perspectives that focus on Business Capabilities?

Business People Governance

What are the six perspectives of the AWS Cloud Adoption Framework (CAF)?

Business People Governance Platform Security Operations

Which of the following should be done by the AWS account root user.

Changing the AWS support plan can only be done by the AWS account root user. The other tasks are done with IAM.

What is an availability zone?

Each AWS Region has multiple, isolated locations that are known as Availability Zones. Each Availability Zone can include multiple data centers (typically three), and at full-scale, they can include hundreds of thousands of servers.

As AWS grows, the cost of doing business is reduced and savings are passed back to the customer with lower pricing. What is this optimization called?

Economics of scale

True of false? Unlimited services are available with the AWS Free Tier to new AWS customers for 12 months following their AWS sign-up date.

False

True or False? Cloud Computing provides a simple way to access servers, storage, databases, and a broad set of application services over the internet. You own the network-connected hardware required for these services and Amazon Web Services provisions what you need.

False

True or False? Private subnets have direct access to the internet.

False

True or false? To receive the discounted rate associated with Reserved Instances, you must make a full, upfront payment for the term of the agreement.

False

True or False? Edge locations are only located in the same general area as Regions.

False Edge locations do not need to be located in the same general area as Regions.

_____ means the infrastructure has built-in component redundancy and ____ means that resources dynamically adjust to increases or decreases in capacity requirements.

Fault tolerant means that the infrastructure has built-in component redundancy and elastic and scalable means that resources dynamically adjust to increases or decreases in capacity requirements.

When are free data transfers applicable across AWS?

Free inbound data transfer for Amazon Elastic Computer Cloud (Amazon EC2) instances. Free outbound data transfer between AWS services within the same Region.

You need to allow resources in a private subnet to access the internet. Which of the following must be present to enable this access? (Select the best answer.)

If you need to allow resources in a private subnet to access the internet, a NAT gateway must be present to enable this access.

In the shared responsibility model, AWS is responsible for providing what? (Select the best answer.)

In the shared responsibility model, AWS is responsible for providing security of the cloud.

There is no charge for which of the following?

Inbound data transfer (with some exceptions) Data transfer between services within the same AWS Region.

Which of the following is AWS's responsibility under the Shared responsibility model?

Maintaining physical hardware

Which of the following is the responsibility of AWS under the AWS shared responsibility model? (Select the best answer.)

Maintaining physical hardware is the responsibility of AWS under the shared responsibility model.

Which of the following are best practices to secure your account using AWS Identity and Access Management (IAM)? (Choose two.)

Managing access to AWS resources and defining fine-grained access rights are best practices when securing accounts with AWS IAM.

Which of the following in an optional security control that can be applied at the subnet layer of a VPC?

Network ACL

What is the default access for Amazon S3 Buckets?

Newly created S3 Buckets and Objects are private and protected by default

What is the pricing model that enables AWS customers to pay for resources on an as-needed basis?

Pay as you go

Which of these is not a benefit of cloud computing over on-premises computing?

Pay for racking, stacking, and powering services

What are the three perspectives that focus on Technical Capabilities?

Platform Security Operations

What is the major difference between a IAM Group and an IAM Role?

Roles are designed to give temporary access to system resources, where a group is designed to give permanent access. You can use roles to delegate access to users, applications, or services that do not normally have access to your AWS resources.

Which of the following can be used to protect Amazon Elastic Compute Cloud instances hosted in AWS?

Security Groups - Act as a virtual firewall for your instance to control inbound and outbound traffic.

What is the name of the policies that can be assigned to AWS Organization units?

Service Control Policies (SCPs)

Which of these is not a cloud deployment?

System administration as a service

With Amazon Virtual Private Cloud (Amazon VPC), what is the maximum size IP address range you can have in a VPC? (Select the best answer.)

The maximum size IP address range you can have in a VPC is /16.

With Amazon Virtual Private Cloud (Amazon VPC), what is the smallest size subnet you can have in a VPC? (Select the best answer.)

The smallest size you can have in a VPC is /28

You are a solutions architect who works at a large retail company that is migrating it's existing infrastructure to AWS. You recommend that they use a custom VPC. When you create a VPC, you assign it to an IPv4 Classless Inter-Domain Routing (CIDR) block of 10.0.1.0/24 which has 256 total IP addresses. How many IP addresses are available? (Select the best answer.)

The subnet has 256 IP addresses but 5 are reserved.

True or False? Networking, storage, compute, and databases are examples of service categories that AWS offers.

These are examples of services that AWS offers.

How would the system administrator add an additional layer of login security to a user's AWS management console? (Select the best answer.)

To add an additional layer of login security to a user's AWS Management Console, enable multi-factor authentication.

Which component of AWS Global Infrastructure does Amazon CloudFront use to ensure low-latency delivery? (Select the best answer.)

To ensure low-latency delivery, Amazon CloudFront uses AWS edge locations.

What AWS tool compares the cost of running your application in an on-premises data center to AWS?

Total Cost of Ownership (TCO) calculator

What is Total Cost of Ownership?

Total cost of ownership (TCO) is the financial estimate to help identify direct and indirect costs of a system. TCO includes the cost of a service, plus all the costs that are associated with owning the service.

True or False? AWS owns and maintains the network-connected hardware required for application services, while you provision and use what you need.

True

True or False? Availability Zones within a Region are connected through low-latency links.

True

True or Talse: Volume-based discounts exist for AWS storage solutions.

True

True or false? AWS offers a variety of services at no charge, for example, Amazon Virtual Private Cloud (Amazon VPC), AWS Identity and Access Management (IAM), Consolidated Billing, AWS Elastic Beanstalk, automatic scaling, AWS Ops Works and AWS Cloud Formation. However, you might be charged for other AWS services that you use in conjunction with these services.

True

True or False? AWS Key Management Service (AWS KMS) enables you to assess, audit, and evaluate the configurations of your AWS resources.

True AWS Key Management Service (AWS KMS) is a service that allows you to create and manage encryption keys and control the use of encryption access across a wide range of AWS services and in your applications.

True or False? AWS Organizations enables you to consolidate multiple AWS accounts so that you centrally manage them.

True When creating an IAM policy, a user can be granted AWS Management Console access and programmatic access.

What guides and references exist for the Amazon EC2 service?

User Guides API Reference AWS CLI Reference EC2 Instance Connect Reference User Guide for Auto scaling VM Import/Export User Guide

When creating an AWS Identity and Access Management (IAM) policy, what are the two types of access that can be granted to a user? (Choose two.)

When creating an IAM policy, a user can be granted AWS management console access and programmatic access.

What happens when you use Amazon Virtual Private Cloud (Amazon VPC) to create a new VPC? (Select the best answer.)

When you create a VPC, a route table is created by default. You must manually create subnets and an internet gateway.

You can run applications and workloads from a Region closer to the end users to _______ latency.

You can run applications and workloads from a region closer to the end users to decrease latency.

Economics of Scale result from_______

having hundreds of thousands of customers aggregated in the cloud.


Related study sets

MSM6610: Theories of Organizational Behavior - Quiz 2

View Set

Ethical Subjectivism: Morality is just a Matter of Personal Feelings

View Set

Differential Analysis: Chapter 12

View Set

Building on Theory (Child Development)

View Set

Tissue Integrity- Giddens & HESI

View Set

personal consumer and finance chapter 3 and 4

View Set