AWS Certified Cloud Practitioner

What is Secrets Manager?

(1) Similar to Parameter Store (2) Not free (3) Charge per secret stored and per 10,000 API calls (4) Advantages: (a) Automatically rotate secrets (b) Apply the new key/password in RDS for you (c) Generate random secrets

Microsoft has announced a new patch for its operating system. For a Platform as a Service solution, who would be responsible for applying the patch?

AWS Platforms as a service remove the need for organizations to manage the underlying infrastructure (usually hardware and operating systems) and allow you to focus on the deployment and management of your applications.

What cloud computing model deals with services such as EC2 instances?

IaaS Infrastructure as a Service, sometimes abbreviated as IaaS, contains the basic building blocks for cloud IT and typically provide access to networking features, computers (virtual or on dedicated hardware), and data storage space. Amazon EC2 is considered IaaS because you have total control on what could be done within the instances. You are borrowing the server infrastructure of AWS to fulfill your business needs, and you are charged at a rate for this service.

You are working with IAM and need to attach policies to users, groups, and roles. Which will you be attaching these policies to?

Identities Identities are the IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles.

A company has a large number of S3 buckets and needs to manage and automate tasks on these buckets at one time. Which AWS feature can do this?

Resource Groups You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time. This guide shows you how to create and manage resource groups in AWS Resource Groups.

What is SQS useful for?

Use Amazon SQS to transmit any volume of data, at any level of throughput, without losing messages or requiring other services to be available. SQS lets you decouple application components so that they run and fail independently, increasing the overall fault tolerance of the system. Multiple copies of every message are stored redundantly across multiple availability zones so that they are available whenever needed.

AWS Control Tower

a) The easiest way to set up and govern a new, secure, multi-account AWS environment i) Allows you to provision multiple AWS accounts in just a few minutes ii) Those accounts will conform to company policies iii) Used for large enterprises with multiple AWS accounts

What Services are Free in AWS?

i) Amazon VPC ii) Elastic Beanstalk iii) CloudFormation iv) Identity Access Management (IAM) v) Auto Scaling vi) Opsworks vii) Consolidated Billing

The Well-Architected Framework 5 Pillars

"CROPS" C - Cost Optimization R - Reliability O - Operational Excellence P - Performance Efficiency S - Security

What Determines EC2 Price?

(1) Clock Hours of Server Time (2) Instance Type (3) Pricing Model (4) Number of Instances (5) Load Balancing (6) Detailed Monitoring (7) Auto Scaling (8) Elastic IP Addresses (9) Operating Systems and Software Packages

CloudTrail vs CloudWatch

(1) CloudWatch monitors performance (2) CloudTrail monitors API calls in the AWS platform

Your company has recently migrated large amounts of data to the AWS cloud in S3 buckets. But it is necessary to discover and protect the sensitive data in these buckets. Which AWS service can do that?

Amazon Macie Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.

What service will be able to reroute traffic to your secondary EC2 instances in another region during disaster recovery?

Amazon Route 53

A software company is looking for a tool to automate their deployments from end to end. Which AWS service can provide this continuous delivery functionality?

CodePipeline AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This enables you to rapidly and reliably deliver features and updates.

You have recently started using AWS and now need to launch a large number of instances in your VPC. You learn that this number exceeds the service limits for instances in a VPC. What can you do?

Contact AWS and request a service limit increase.

After creating an EC2 instance to host an application, the traffic to the site far exceeds what was expected. You decide to move to a larger instance type. What AWS principle does this represent?

Vertical Scaling is increasing the size and computing power of a single instance or node without increasing the number of nodes or instances

What is Parameter Store?

(1) Secure serverless storage for configuration and secrets: (a) Passwords (b) Database connection strings (2) Values can be stored encrypted KMS or plain text (3) Set TTL to expire values such as passwords (4) Free, but a limit of 10,000 parameters per account

What are some key benefits of using AWS CloudFormation? (Choose TWO)

1) It allows you to model your entire infrastructure in just a text file 2)It automates the provisioning and updating of your infrastructure in a safe and controlled manner. 1- CloudFormation allows you to model your entire infrastructure in a text file. This template becomes the single source of truth for your infrastructure. This helps you to standardize infrastructure components used across your organization, enabling configuration compliance and faster troubleshooting. 2- AWS CloudFormation provisions your resources in a safe, repeatable manner, allowing you to build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts. CloudFormation takes care of determining the right operations to perform when managing your stack, and rolls back changes automatically if errors are detected. 3- Codifying your infrastructure allows you to treat your infrastructure as just code. You can author it with any code editor, check it into a version control system, and review the files with team members before deploying into production. 4- CloudFormation allows you to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. What best describes what an account alias is in IAM?

A substitute for an account ID in the web address for your account.

Who is responsible for scaling a DynamoDB database in the AWS Shared Responsibility Model?

AWS DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. DynamoDB enables customers to offload the administrative burdens of operating and scaling distributed databases to AWS so that they do not have to worry about hardware provisioning, setup and configuration, throughput capacity planning, replication, software patching, or cluster scaling.

Where can the customer view his Reserved Instance usage for the past month?

AWS Billing Console AWS provides a free reporting tool called Cost Explorer that enables you to analyze the cost and usage of your EC2 instances and the usage of your Reserved Instances. The Cost Explorer tool is found under the AWS Billing Console. Cost Explorer is a tool that enables you to view and analyze your costs and usage. You can explore your usage and costs using the main graph, the Cost Explorer cost and usage reports, or the Cost Explorer RI reports. You can view data for up to the last 13 months, forecast how much you're likely to spend for the next three months, and get recommendations for what Reserved Instances to purchase. You can use Cost Explorer to identify areas that need further inquiry and see trends that you can use to understand your costs.

Which service allows you to set coverage targets and receive alerts when your utilization drops below the threshold you define?

AWS Budgets

Which is a fully-managed source control service that allows you to host Git-based repositories and enable code collaboration for your team via pull requests, branching, and merging?

AWS CodeCommit AWS CodeCommit is a fully managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories. AWS CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use AWS CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.

In implementing continuous integration and continuous delivery (CI/CD) in your cloud architecture, which service will make it easy for you to set up your entire development and continuous delivery toolchain for coding, building, testing, and deploying your application code?

AWS CodeStar AWS CodeStar enables you to quickly develop, build, and deploy applications on AWS. AWS CodeStar provides a unified user interface, enabling you to easily manage your software development activities in one place. With AWS CodeStar, you can set up your entire continuous delivery toolchain in minutes, allowing you to start releasing code faster. AWS CodeStar makes it easy for your whole team to work together securely, allowing you to easily manage access and add owners, contributors, and viewers to your projects. Each AWS CodeStar project comes with a project management dashboard, including an integrated issue tracking capability powered by Atlassian JIRA Software. With the AWS CodeStar project dashboard, you can easily track progress across your entire software development process, from your backlog of work items to teams' recent code deployments.

What AWS service can monitor the compliance status of your AWS resources against a set of compliance guidelines?

AWS Config AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

Which service provides you access to Reserved Instance (RI) purchase recommendations based on your past usage and indicate potential opportunities for savings as compared to On-Demand usage?

AWS Cost Explorer If you enable Cost Explorer, you automatically get Amazon EC2, Amazon RDS, ElastiCache, Amazon ES, and Amazon Redshift Reserved Instance (RI) purchase recommendations that could help you reduce your costs. RIs provide a discounted hourly rate (up to 75%) compared to On-Demand pricing.

Where can you track the costs you've incurred so far in your AWS account with a graphical visualization?

AWS Cost Explorer The AWS Cost Explorer service has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. Get started quickly by creating custom reports (including charts and tabular data) that analyze cost and usage data, both at a high level and for highly-specific requests. Using AWS Cost Explorer, you can dive deeper into your cost and usage data to identify trends, pinpoint cost drivers, and detect anomalies.

Which of the following AWS services provides a security management tool to configure your AWS WAF rules across your accounts.

AWS Firewall Manager

A gaming company needs a service that uses the AWS global network to optimize users' access to their applications using an anycast static IP address. Which of the following services fits this criteria?

AWS Global Accelerator

Which service will allow you to group together users who perform a similar function and apply function-specific privileges?

AWS IAM

What services would you use to manage your encryption keys in the AWS Cloud?

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys. AWS Key Management Service is integrated with most other AWS services to help you protect the data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. CloudHSM offers you the flexibility to integrate with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries.

Which AWS service uses Puppet to automate how EC2 instances are configured?

AWS Opsworks - AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.

What tool can assist you in estimating your monthly AWS bill?

AWS Pricing Calculator To estimate a bill, use the AWS Pricing Calculator. You can enter your planned resources by service, and the Pricing Calculator provides an estimated cost per month. The AWS Pricing Calculator is an easy-to-use online tool that enables you to estimate the monthly cost of AWS services for your use case based on your expected usage. It is continuously updated with the latest pricing for all AWS services in all Regions.

You manage a blog on AWS that has different environments: development, testing, and production. What can you use to create a custom console for each environment to view and manage your resources easily?

AWS Resource Groups If you work with multiple resources in multiple environments, you might find it useful to manage all the resources in each environment as a group rather than move from one AWS service to another for each task. Resource Groups help you do just that. By default, the AWS Management Console is organized by AWS service. But with the Resource Groups tool, you can create a custom console that organizes and consolidates information based on your project and the resources that you use.

What is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using appliances with on-board storage and compute capabilities?

AWS Snowball Edge AWS Snowball Edge is a data migration and edge computing device that comes in two options. Snowball Edge Storage Optimized provides both block storage and Amazon S3-compatible object storage, and 24 vCPUs. It is well suited for local storage and large scale data transfer. Snowball Edge Compute Optimized provides 52 vCPUs, block and object storage, and an optional GPU for use cases such as advanced machine learning and full-motion video analysis in disconnected environments. Customers can use these two options for data collection, machine learning and processing, and storage in environments with intermittent connectivity (such as manufacturing, industrial, and transportation) or in extremely remote locations (such as military or maritime operations) before shipping it back to AWS. These devices may also be rack mounted and clustered together to build larger, temporary installations.

Which of the following is the most cost-effective service to use if you want to coordinate multiple AWS services into serverless workflows?

AWS Step Functions

A gaming company is using the AWS Developer Tool Suite to develop, build, and deploy their applications. Which AWS service can be used to trace user requests from end-to-end through the application?

AWS X-Ray AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application's underlying components.

What should you provide to your developers to allow them to access your AWS services through the AWS CLI?

Access Keys

A company plans to use an application streaming service to give its employees instant access to their desktop applications from any device. What service fulfills this requirement?

Amazon AppStream 2.0

You are in need of a database that is capable of self-healing and has a high throughput. Which of the following services fits these criteria?

Amazon Aurora Amazon Aurora is a relational database engine that combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. It is designed to transparently handle the loss of up to two copies of data without affecting database write availability and up to three copies without affecting read availability. Amazon Aurora storage is also self-healing. Data blocks and disks are continuously scanned for errors and repaired automatically.

What database types does RDS support?

Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server.

What are cost considerations for CloudFront?

Amazon CloudFront charges are based on the data transfer out of AWS and requests used to deliver content to your customers. There are no upfront payments or fixed platform fees, no long-term commitments, no premiums for dynamic content, and no requirements for professional services to get started. There is no charge for data transferred from AWS services such as Amazon S3 or Elastic Load Balancing. When you begin to estimate the cost of Amazon CloudFront, consider the following: - Traffic distribution: Data transfer and request pricing varies across geographic regions, and pricing is based on the edge location through which your content is served. - Requests: The number and type of requests (HTTP or HTTPS) made and the geographic region in which the requests are made. - Data transfer out: The amount of data transferred out of your Amazon CloudFront edge locations.

Which AWS service collects metrics from running EC2 instances?

Amazon CloudWatch Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.

Which of the following best describes what CloudWatch is?

Amazon CloudWatch is basically a metrics repository. An AWS service, such as Amazon EC2, puts metrics into the repository, and you retrieve statistics based on those metrics. If you put your own custom metrics into the repository, you can retrieve statistics on these metrics as well.

What service should you use in order to add user sign-up, sign-in, and access control to your mobile app with a feature that supports sign-in with social identity providers such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0?

Amazon Cognito Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.

Which service should you use if there is a need to launch a customized self-hosted database which requires a scheduled shutdown every night to save on cost?

Amazon DynamoDB

What is a fully managed database in AWS that can be used to store JSON documents?

Amazon DynamoDB Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. It's a fully managed, multiregion, multimaster, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications. This is the perfect database to use for JSON type documents.

You have a fleet of on-premises servers that require a centralized scalable and durable file storage. It should be able to support massive parallel access. What is the most appropriate service to use?

Amazon EFS Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on-demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. Amazon EFS offers two storage classes: the Standard storage class, and the Infrequent Access storage class (EFS IA). EFS IA provides price/performance that's cost-optimized for files not accessed every day. By simply enabling EFS Lifecycle Management on your file system, files not accessed according to the lifecycle policy you choose will be automatically and transparently moved into EFS IA.

Which AWS service is commonly used for streaming data in real-time?

Amazon Kinesis With Amazon Kinesis, you can ingest real-time data such as video, audio, application logs, website clickstreams, and IoT telemetry data for machine learning, analytics, and other applications. Amazon Kinesis enables you to process and analyze data as it arrives and respond instantly instead of having to wait until all your data is collected before the processing can begin.

If you are tasked to create a lightweight Wordpress site in AWS without having to install the package on your own, which PaaS solution in AWS will allow you to do this easily?

Amazon Lightsail Amazon Lightsail is a PaaS solution for users who need a simple virtual private server (VPS) solution. Lightsail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud. Lightsail includes everything you need to launch your project quickly - a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP - for a low, predictable monthly price. Lightsail offers a range of operating system and application templates that are automatically installed when you create a new Lightsail instance. Application templates include WordPress, Drupal, Joomla!, Magento, Redmine, LAMP, Nginx (LEMP), MEAN, Node.js, and more.

________ is AWS's digital user engagement service that enables AWS customers to effectively communicate with their end users and measure user engagement across multiple channels including email, Text Messaging (SMS) and Mobile Push Notifications.

Amazon Pinpoint Amazon Pinpoint is AWS's Digital User Engagement Service that enables AWS customers to effectively communicate with their end-users and measure user engagement across multiple channels including email, Text Messaging (SMS) and Mobile Push Notifications. Amazon Pinpoint also provides tools that enable audience management and segmentation, campaign management, scheduling, template management, A/B testing, analytics and data integration. It captures data to track deliverability as well as usage and messaging analytics covering a range of dimensions including user, channels and custom attributes.

Which type of Elastic Load Balancer supports path-based routing, host-based routing, and bi-directional communication channels using WebSockets?

Application Load Balancer

You have just set up your AWS environment and have created six IAM user accounts for the DevOps team. What is the AWS recommendation when granting permissions to these IAM accounts?

Apply the Principle of Least Privilege - he Principle of Least Privilege (PoLP, also known as the principle of minimal privilege or the principle of least authority) requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose. For example, a user account for the sole purpose of creating backups does not need to install software: hence, it has rights only to run backup and backup-related applications. Any other privileges, such as installing new software, are blocked.

Your CTO has asked you to contact AWS support using the chat feature to ask for guidance related to EBS. However, when you open the AWS support center you can't see a way to contact support via Chat. What should you do?

At a minimum, upgrade to Business Support plan. Chat is only available at the Business and Enterprise support tiers.

Your company hosts gaming applications online and would like to deliver these apps to a worldwide audience. Which AWS Service would enable delivery to users worldwide and greatly improve response times?

CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.

Your company would like to begin using auto-scaling to add servers when CPU utilization reaches a certain threshold (say 70%). Which service can you use to trigger actions when CPU utilization crosses the threshold?

CloudWatch Alarms A CloudWatch alarm can be set up to monitor CPU utilization and trigger further action. Further action could be an Auto Scaling Group adding another EC2 instance and/or using SNS to notify team members of the occurrence.

Which AWS well-architected pillar stresses the importance of selecting the most appropriate and right number of resource types for your requirements?

Cost Optimization Cost Optimization focuses on avoiding un-needed costs. Key topics include understanding and controlling where money is being spent, selecting the most appropriate and right number of resource types, analyzing spend over time, and scaling to meet business needs without overspending.

What is the best way to keep track of all activities made in your AWS account?

Create a multi-region trail in AWS CLoudTrail AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. Creating a multi-region trail will allow you to keep your activity records in an S3 bucket and prevent them from getting rewritten automatically.

Which policy will provide information on performing penetration testing on your EC2 instances?

Customer Service Policy for Penetration Testing AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for Amazon EC2 instances, NAT Gateways, Elastic Load Balancers, and other 7 services.

Which DynamoDB feature can be used to reduce the latency of requests to a database from milliseconds to microseconds?

DAX Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers performance improvements from milliseconds to microseconds - even at millions of requests per second. DAX adds in-memory acceleration to your DynamoDB tables without requiring you to manage cache invalidation, data population, or cluster management.

Which of the cloud best practices reinforces the use of the Service-Oriented Architecture (SOA) design principle?

Decouple your components In Decouple your components, the key is to build components that do not have tight dependencies on each other, so that if one component were to die (fail), sleep (not respond) or remain busy (slow to respond) for some reason, the other components in the system are built so as to continue to work as if no failure is happening. The cloud reinforces the Service-Oriented Architecture (SOA) design principle that the more loosely coupled the components of the system, the bigger and better it scales. You can build a loosely coupled system using messaging queues such as SQS. If a queue/buffer is used to connect any two components together, it can support concurrency, high availability and load spikes. As a result, the overall system continues to perform even if parts of the components are momentarily unavailable. If one component dies or becomes temporarily unavailable, the system will buffer the messages and get them processed when the component comes back up.

You need to store key-value pairs of users and their high scores for a gaming application. Which is the best option for this type of data?

DynamoDB DynamoDB is ideally suited for storing key-value pairs as it is a key-value and document database that delivers single-digit millisecond performance at any scale.

In order to improve fault tolerance, you would like to begin using services that provide fault tolerance. Which AWS services provide automatic replication across Availability Zones?

DynamoDb S3

Which service allows you to install and run custom relational database software?

EC2 - If an AWS customer needs full control over a database, AWS provides a wide range of Amazon EC2 instances - with different hardware characteristics - on which they can install and run their custom relational database software. If EC2 is used instead of RDS to run a relational database, the customer is responsible for managing everything related to this database

Your design team has recommended the need to distribute incoming traffic across multiple EC2 instances and also across multiple availability zones. Which AWS service can accomplish this?

Elastic Load Balancer Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault-tolerant.

Agility is one of the benefits of using cloud computing that provides customer with what advantage?

Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.

There is an incident with your team where an S3 object was deleted using an account without the owner's knowledge. What can be done to prevent unauthorized deletion of your S3 objects?

Have each account enable multi-factor authentication

A customer is using your S3-based service to store sprites of game characters. When players retrieve these sprites, they are temporarily stored on the player's computer. If the S3 bucket is using a standard storage class, how can you further optimize cost?

Have the customer directly upload the sprites to S3 Standard - Infrequent Access Amazon S3 offers a range of storage classes designed for different use cases. These include S3 Standard for general-purpose storage of frequently accessed data; S3 Intelligent-Tiering for data with unknown or changing access patterns; S3 Standard-Infrequent Access (S3 Standard-IA) and S3 One Zone-Infrequent Access (S3 One Zone-IA) for long-lived, but less frequently accessed data; and Amazon S3 Glacier (S3 Glacier) and Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive) for long-term archive and digital preservation. Amazon S3 also offers capabilities to manage your data throughout its lifecycle. Once an S3 Lifecycle policy is set, your data will automatically transfer to a different storage class without any changes to your application.

What does AWS Cost Explorer provide to help manage your AWS spend?

Highly accurate cost forecasts for up to 12 months ahead. AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. Cost Explorer's cost forecast capabilities use machine learning to learn each customer's historical spend patterns and use that information to forecast expected costs. Cost Explorer's forecasting enables you to get a better idea of what your costs and usage may look like in the future, so that you can plan ahead. Forecasting capabilities have been enhanced to support twelve month forecasts (previously forecasts were limited to three months) for multiple cost metrics, including unblended and amortized costs.

What can you use to assign permissions directly to an IAM user?

IAM Policy - A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. Each policy consists of: 1- Principal: Who needs access. 2- Action: What action to allow or deny. 3- Resource: Which resource to allow or deny the action on. 4- Effect: What will be the effect when the user requests access - either allow or deny. 5- Condition: Which conditions must be present for the policy to take effect. For example, you might allow access only to the specific S3 buckets if the user is connecting from a specific IP range or has used multi-factor authentication at login.

Which AWS storage service offers faster disk read and write performance and provides temporary block-level storage for your instance?

Instance Store An instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers. An instance store consists of one or more instance store volumes exposed as block devices. The size of an instance store, as well as the number of devices available, varies by instance type.

Several EC2 instances in a public subnet need internet access. Which will you configure as one step in granting internet access?

Internet Gateway An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.

A video production company uploads large video files to S3 buckets using multipart upload. To which AWS Cloud best practice does this adhere?

Multipart uploads use multi-threading to upload large files to S3 buckets in parallel (the parts of the file are uploaded in parallel). Reference: Architecting in the Cloud.

Which of the following RDS engines allows you to bring your own license (BYOL)?

Oracle You can run Amazon RDS for Oracle under two different licensing models - "License Included" and "Bring-Your-Own-License (BYOL)". The "BYOL" model is designed for customers who prefer to use existing Oracle database licenses or purchase new licenses directly from Oracle. Other database engines do not currently support the BYOL model.

In Identity and Access Management, which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS?

Principal A Principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.

An organization needs to build a financial application that requires support for ACID transactions. Which AWS database service is most appropriate in this case?

RDS In computer science, ACID (Atomicity, Consistency, Isolation, and Durability) is a set of properties of database transactions intended to guarantee validity even in the event of errors, power failures, etc. Amazon RDS is a fully-managed relational database service. It is a highly available and highly consistent database that supports ACID transactions. Basically, a transaction is one or more add, update, delete, or modify change to the database that must all be completed successfully or none of the steps should be executed. Transactional databases are useful when data integrity is important. If one of the steps in the transaction fail, then the steps must be rolled back to the state before any change was made to the database. An example of when you would need a transaction is when you make a banking transaction to move money from one account to another. If you successfully remove money from account A, but fail to add money to account B, then the transaction fails and the transaction must be rolled back so that the money is not taken from account A.

What is the feature of Amazon RDS that performs automatic failover when the primary database fails to respond?

RDS Multi-AZ : When you enable Multi-AZ, Amazon Relational Database Service (Amazon RDS) maintains a redundant and consistent standby copy of your data. If you encounter problems with the primary copy, Amazon RDS automatically switches to the standby copy (or to a read replica in the case of Amazon Aurora) to provide continued availability to the data. The two copies are maintained in different Availability Zones (AZs), hence the name "Multi-AZ." Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. Having separate Availability Zones greatly reduces the likelihood that both copies will concurrently be affected by most types of disturbances.

You have infrequently accessed data in S3 buckets that you want to transfer to Glacier. What can you use in AWS to do this?

S3 Lifecycle Policy You can add rules in an S3 Lifecycle configuration to tell Amazon S3 to transition objects to another Amazon S3 storage class. For example: When you know that objects are infrequently accessed, you might transition them to the S3 Standard-IA storage class. You might want to archive objects that you don't need to access in real time to the S3 Glacier storage class.

What items affect how much you are charged for storing objects in S3?

S3 pricing is based on four factors: 1) Total amount of data (in GB) stored on S3 2) Storage class (S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access, S3 One Zone-IA, S3 Glacier, or S3 Glacier Deep Archive) 3) Amount of data transferred out of AWS from S3 4) Number of requests to S3

A customer wants to send push notifications to her mobile users whenever a new patch comes out. What service is the most appropriate for this task?

SNS Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. Amazon SNS provides topics for high-throughput, push-based, many-to-many messaging. Using Amazon SNS topics, your publisher systems can fan out messages to a large number of subscriber endpoints for parallel processing, including Amazon SQS queues, AWS Lambda functions, and HTTP/S webhooks. Additionally, SNS can be used to fan out notifications to end users using mobile push, SMS, and email.

A MariaDB RDS database is known to have high memory consumption during peak hours which deteriorates the overall performance of your application. What cost-effective change can you introduce to resolve this issue if the database is handling write-intensive operations?

Scale the instance vertically to a higher memory capacity.

Server-based services vs. Serverless services

Server-based services include: Amazon EC2, Amazon RDS, Amazon Redshift and Amazon EMR. Serverless services include: AWS Lambda, AWS Fargate, Amazon SNS, Amazon SQS and Amazon DynamoDB.

What is the main benefit you receive when moving to serverless from non-serverless compute services?

Serverless removes management overhead so you can focus on your applications instead.

In Amazon EC2, which pricing construct adjusts its price based on supply and demand of EC2 instances?

Spot Instance

AWS Cost and Usage Report

The Cost and Usage Report is your one-stop-shop for accessing the most granular data about your AWS costs and usage. You can also load your cost and usage information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice.

A number of servers in your on-premises data center have been collecting dust over the past few years. What is the benefit of moving to the Cloud in this case?

The ability to provision resources only when you need them.

What items have the greatest impact on cost?

The factors that have the greatest impact on cost include: Compute, Storage and Data Transfer Out. Their pricing differs according to the service you use.

A customer currently has a Basic support plan and they are planning to use the Infrastructure Event Management, Well-Architected Reviews and Operations Reviews features in AWS. What should they do in order to access these features in the most cost-effective manner?

Upgrade to Enterprise support plan. AWS Enterprise Support provides you with concierge-like service where the main focus is helping you achieve your outcomes and find success in the cloud. With Enterprise Support, you get 24x7 technical support from high-quality engineers, tools and technology to automatically manage health of your environment, consultative architectural guidance delivered in the context of your applications and use-cases, and a designated Technical Account Manager (TAM) to coordinate access to proactive / preventative programs and AWS subject matter experts

You have migrated your application to AWS recently. How can you view the AWS costs applied to your account?

Using the AWS Cost & Usage Report The AWS Cost & Usage Report is your one-stop shop for accessing the most detailed information available about your AWS costs and usage. The AWS Cost & Usage Report lists AWS usage for each service category used by an account and its IAM users in hourly or daily line items, as well as any tags that you have activated for cost allocation purposes.

You have an Amazon Linux EC2 instance running for an hour and thirty minutes. How will AWS bill you in terms of usage?

You will be billed for an hour and thirty minutes according to the per-second billing rule. Amazon Linux instances are now billed in a per-second duration. With per-second billing, you pay for only what you use. It takes cost of unused minutes and seconds in an hour off of the bill, so you can focus on improving your applications instead of maximizing usage to the hour. Especially, if you manage instances running for irregular periods of time, such as dev/testing, data processing, analytics, batch processing and gaming applications, can benefit.

AWS Security Hub

a) Gives you a comprehensive views of your security alerts across multiple AWS accounts b) Security Hub provides a single place that aggregates, organizes, and prioritizes your security alerts or finding from multiple AWS services, such as Amazon Guard Duty, Amazon Inspector, Amazon Macie, AWS Identity and Access Management (IAM), Access Analyzer, and AWS Firewall Manager- across multiple AWS accounts.

RDS Pricing

i) Clock hours of server time ii) Database characteristics iii) Database purchase type iv) Number of database instances v) Provisioned storage vi) Requests vii) Deployment type viii)Data transfers

What is Athena?

i) Interactive query service which enables you to analyze and query data located in S3 using standard SQL (1) Serverless, nothing to provision, pay per query/per TB scanned (2) No need to set up complex extract/Transform/Load (ETL) processes (3) Works directly with data stored in S3 ii) What can Athena be used for? (1) Can be used to query log files stored in S3, e.g. ELB logs, S3 access logs, etc. (2) Generate business reports on data stored in S3 (3) Analyze AWS cost and usage reports (4) Run queries on click-stream data

What determines price for Lambda?

i) Request Pricing (1) Free Tier: 1 million requests per month (2) $0.20 per 1 million requests thereafter ii) Duration Pricing (1) 400,000 GB-seconds per month free, up to 3.2 million seconds of compute time (2) $0.00001667 for every GB-second used thereafter iii) Additional charges (1) You may incur additional charges if your Lambda function uses other AWS services or transfers data. For example, if your lambda function reads and writes data to or from Amazon S3, you will be billed for the read/write requests and the data stored in S3

What is Macie?

i) Security service which uses Machine Learning and NLP to discover, classify and protect sensitive data stored in S3 (1) Uses AI to recognize if your S3 objects contain sensitive data such as PII (2) Dashboards, reporting and alerts (3) Works directly with data stored in S3 (4) Can also analyze CloudTrail logs (5) Great for PCI-DSS and preventing ID theft

Snowball Pricing

i) Service fee per job: (1) 50 TB: $200 (2) 80 TB: $250 ii) Daily Charge (1) First 10 days are free, after that it's $15/day iii) Data Transfer (1) Data Transfer in to S3 is free. Data transfer out is not

Glacier Pricing

i) Storage ii) Data Retrieval Times

What Determines Price for S3?

i) Storage Class (Standard or IA or 1 AZ IA, etc.) ii) Storage iii) Requests (GET, PUT, COPY) iv) Data Transfers

Cloud Front Pricing

i) Traffic Distribution ii) Request iii) Data Transfers Out

What Determines Price for EBS?

i) Volumes (Per GB) ii) Snapshots (Per GB) iii) Data Transfer