AWS- cloud cert udemy questions study set

Ace your homework & exams now with Quizwiz!

Where can a customer locate information of the prohibited actions on AWS infrastructure ? A. AWS Trusted Advisor B. AWS Identity and Access Management (IAM) C. AWS Billing Console D. AWS Acceptable Use Policy

D. AWS Acceptable Use Policy

As an IT support center team member, you begin receiving calls from users about problems they're experiencing with your company's AWS-based point-of-sale system. You want to begin your investigation by checking with AWS for any service alerts they may be communicating. Which AWS tool will you give you the information you seek? A. AWS Operations Monitor B. AWS Global Status Center C. AWS Trusted Advisor D. AWS Personal Health Dashboard

D. AWS Personal Health Dashboard The AWS Personal Health Dashboard publishes alerts and remediation guidance when issues with AWS services arise. Notifications are also provided for scheduled events that may impact AWS customers. Trusted Advisor provides valuable guidance for architecting your AWS environment and workloads, but doesn't include AWS service health information. The other two options are not tools offered by AWS.

Which of the following is AWS' managed DDoS protection service? A. Security Groups B.. Access Control Lists C. AWS WAF D. AWS Shield

D. AWS Shield Shield is an AWS' managed DDoS protection service at Layer 4. AWS WAF(Wireless Access Firewall) provides protection from common exploits against your web applications at Layer 7, and does not protect against DDoS attacks. Access Control Lists- is a table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file.

A company is considering using AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes. Which service should the company use? A. Amazon Redshift B. Amazon DynamoDB C. Amazon Elastic Compute Cloud (Amazon EC2) with Amazon EC2 instance store D. Amazon EC2 with Amazon Elastic Block Store (Amazon EBS)

D. Amazon EC2 with Amazon Elastic Block Store (Amazon EBS)

Your sales operations group would like to perform monthly analyses on large amounts of sales activity. They want to be able to rank the performance of different territories, product categories, and sales channels. They will use visualization tools to generate graphical representations of the data. Which AWS service will provide the best solution for storing the sales data? A. Amazon DynamoDB B. Amazon ElastiCache C. Amazon Aurora D. Amazon Redshift

D. Amazon Redshift Amazon Redshift provides the best solution for performing queries based on a predefined set of dimensions. Redshift organizes data for high performance based on user-specified distribution scheme s. Amazon ElastiCache provides in-memory performance, but no data organization assistance. Amazon Aurora and Amazon DynamoDB are good solutions, but Redshift's columnar storage gives it the edge. With Redshift, you can query and combine exabytes of structured and semi-structured data across your data warehouse, operational database, and data lake using standard SQL. Redshift lets you easily save the results of your queries back to your S3 data lake using open formats, like Apache Parquet, so that you can do additional analytics from other analytics services like Amazon EMR, Amazon Athena, and Amazon SageMaker.

Which Elastic Load Balancer type would be best suited to help you host a website? A. Network B. Classic C. Web D. Application

D. Application Although it looks like the right answer - there is no "Web" load balancer in AWS. Instead, the Application Load Balancer fills this need. It is not recommended to use Classic Load Balancers anymore are these have been superseded, and a network Load Balancer is not right for this case.

Which of the following is AWS' managed database service that is up to 5X faster than a traditional MySQL database A. PostgreSQL B. DynamoDB C. MariaDB D. Aurora

D. Aurora Aurora is AWS' managed database service that is up to 5X faster than a traditional MySQL database. Aurora Serverless is an on-demand, auto-scaling configuration for Amazon Aurora. It automatically starts up, shuts down, and scales capacity up or down based on your application's needs

____________ is the technology that allows compute capacity to adjust as loads change. A. Automatic failover B. Load balancing C. Round robin D. Auto Scaling

D. Auto scaling

Which of the below allow you to make entire buckets (like one hosting an S3 website) public? A. Access Policies B. Access Control Lists C. Bucket Control Lists D. Bucket Policies

D. Bucket Policies Bucket Policies allow you to control access to entire buckets, whereas Access Control Lists let you control access to individual objects within an S3 bucket. In relation to S3, Bucket Control Lists and Access Policies do not exist as configuration items.

A software development team needs to create numerous testing environments each day based on multiple concurrent project activities. Provisioning of these environments needs to happen within minutes to ensure that project deadlines are met. The number of environments needed daily varies depending shifting priorities in business requirements. How can the team best achieve the agility they need for creating the testing environments? A. Use AWS Systems Manager Automation to provision and de-provision the testing environments B. Invoke AWS Lambda functions to run the test scenarios C. Leverage AWS Auto Scaling to expand and contract the testing server pool based on demand D. Have AWS CloudFormation provision the stacks and resources needed for the testing environments

D. Have AWS CloudFormation provision the stacks and resources needed for the testing environments AWS CloudFormation provides templates to specify all the AWS resources needed by the testing environments. These templates can be instantiated as stacks to provision consistent environments every time one is needed. These will not work because AWS Auto Scaling will only handle the EC2 instances, and expands and contracts instances based on policies. AWS Systems Manager is useful for system administration tasks, and AWS Lambda has run-time limitations.

AWS VPC is a component of which of the following overall services categories? A. Migration Services B. Storage C. Management Tools D. Networking and Content Delivery E. Compute F. Database

D. Networking and Content Delivery In the AWS Console, VPC is found under the Networking and Content Delivery services. In the past it was also under Compute services however a VPC is fundamentally an network construction. Amazon has 26 categories of services

In which of the given increment is an Amazon EC2 instance running the Amazon Linux 2 AMI billed? A. Per hour B. Per GB C. Per CPU D. Per second

D. Per second

You need to migrate a large number of on-premises workloads to AWS. Which of the following is the fastest way to achieve your goal? A. Use the AWS Application Discovery Service. B. Use the AWS Database Migration Service. C. None of these D. Use the AWS Server Migration Service.

D. Use the AWS Server Migration Service AWS SMS incrementally replicates your server VMs as cloud-hosted Amazon Machine Images (AMIs) ready for deployment on Amazon EC2.

Compared with costs in traditional and virtualized data centers, AWS has: A. greater variable costs and greater upfront costs. B. fixed usage costs and lower upfront costs. C. lower variable costs and greater upfront costs. D. lower variable costs and lower upfront costs.

D. lower variable costs and lower upfront costs.

You are using your corporate directory to grant your users access to AWS services. What is this called? A. Multifactor Authentication Access B. User Group Access C. Role-based Access D.. Federated Access

D.. Federated Access Federated Access is when you use an external directory, such as your corporate one, to grant users in that directory access to AWS resources. Role-based and User groups are more used to define which resources a user is able to access once they have access, not the method by which they gain that access. Multifactor Authentication Access is the concept of a user requiring 2 secrets to be able to access the resources - usually their password and a 1 time code provided by a device under their control (e.g. a mobile phone)

AWS Organizations is a service that lets you centrally manage and govern your environment as you scale your AWS resources. Benefits A. Can programmatically create new AWS accounts and allocate resources. B. Group accounts to organize your workflows C. Apply policies to accounts or groups for governance. D. Simplify billing by using a single payment method for all of your accounts.

E. Apply policies that give your teams the resources they need, while staying within their boundaries. F. Organize accounts into OU (organ units) that are groups and apply policies to groups.

With AWS Relational Database Service (RDS), which of the following are you responsible for? A. Database backups B. All of these C. Scaling D. Database software installation and patching E. The optimization of your application using RDS F. Operating system installation and patching

E. The optimization of your application using RDS You are responsible only for the optimization of your application that uses RDS - AWS will take care of the rest as this is considered a Managed Service. (database backups; Scaling; Database software installation and patching; Operating system installation and patching

You need to store a collection of objects that can also be accessed from a different AWS Region. Which service should you use to do this? Elastic Container Service S3 EBS DynamoDB

S3 allows you to access objects from anywhere in the world - as long as the appropriate permissions are set!

Which of the following Load Balancers uses Listeners, Targets, and Target Groups? A. Classic Load Balancer B. Application Load Balancer C. Elastic Load Balancer

The ALB uses Listeners, Targets, and Target Groups.

AWS has FEatured Services 1. Amazon EC2---Virtual servers in the cloud 2. Amazon Simple Storage Service (S3)--Scalable, Storage in the cloud(object storage) 3. Amazon Aurora --High performance managed relational database(MySQL,PostgreSQL) 4. Amazon DynamoDB--Managed NoSQL database 5. Amazon RDS---Managed relational database service for MySQL, PostgreSQL, Oracle, SQL Server, and MariaDB

6. AWS Lambda--Run code without thinking about servers 7. Amazon VPC--Isolated cloud resources 8. Amazon Lightsail--Launch and manage virtual private servers 9. Amazon SageMaker--Build, train, and deploy machine learning models at scale

AWS compute services includes 11 services- 1. Amazon EC2-Virtual servers in the cloud 2. Amazon EC2 Auto 1 .Scaling--Scale compute capacity to meet demand 3. Amazon Lightsail- Launch and manage virtual private servers 4. AWS BatchRun -batch jobs at any scale 5. AWS Elastic Beanstalk-Run and manage web apps 6. AWS Lambda-Run code without thinking about servers

7. AWS Outposts-Run AWS infrastructure on-premises 8. AWS Serverless Application Repository--Discover, deploy, and publish serverless applications 9. AWS Snow Family--Physical devices to aggregate and process data in edge locations, then transfer to AWS 10. AWS Wavelength-Deliver ultra-low latency applications for 5G devices 11. VMware Cloud on AWS- Build a hybrid cloud without custom hardware

Which of the below terms represents a series of Edge Locations plus information about how you want content managed as part of a CDN? A Distribution B. Load Balancer C. An Edge Group D. Circulation

A Distribution

Which of the following AWS services help migrate an existing database to AWS? A. AWS Storage Gateway B. AWS Lambda C. AWS Snowball D. AWS DMS

A. AWS DMS ( Data Migration Service)

Which of the given components of AWS global infrastructure should Amazon CloudFront use, to ensure low-latency delivery? A. AWS Edge Locations B. AWS Availability Zones C. AWS Regions D. Amazon Virtual Private Cloud (Amazon VPC)

A. AWS Edge Locations

Which AWS services can host a Microsoft SQL Server database? (Choose two.) A. Amazon EC2 B. Amazon Relational Database Service (Amazon RDS) C. Amazon Aurora D. Amazon Redshift E. Amazon S3

A. Amazon EC2 B. Amazon Relational Database Service (Amazon RDS) https://aws.amazon.com/sql/ SQL Server on Amazon Elastic Compute Cloud (EC2) Secure and resizable compute capacity (virtual servers) in the cloud for self-managed SQL Server instances Amazon Relational Database Service (RDS) for SQL Server Fully managed relational database service that offers SQL Server

You work for a hospital that needs to store patients' medical records for a minimum of 10 years. Most of these records will never be accessed but must be made available upon request (within a few hours). What is the most cost-effective storage option? A. Amazon Glacier B. Amazon Elastic File System (EFS) C. Amazon Simple Storage Service (S3) D. Amazon Elastic Block Store (EBS)

A. Amazon Glacier

Which services can be used across hybrid AWS Cloud architectures? (Choose two.) A. Amazon Route 53 B. Virtual Private Gateway C. Classic Load Balancer D. Auto Scaling E. Amazon CloudWatch default metrics

A. Amazon Route 53 B. Virtual Private Gateway Hybrid cloud provides a fine balance between the scalable resources of the public cloud and the regulatory requirements of on-premises workloads.Amazon Route 53 Resolver endpoints make hybrid cloud configurations easier to manage by enabling seamless DNS query resolution across your entire hybrid cloud.

Which of the following are key components of Amazon Glacier? choose 3. A. Archive B. Vault C. Access Policy D. Table E. Bucket F. Volume

A. Archive B. Vault C. Access Policy Data is organised in S3 into Archives, and Vaults are used to group Archives together. Access policies control who can access the data in Archives & Vaults. Buckets are a part of S3, but not Glacier. Volumes are often associated with hard disks and therefore EBS, while Tables are database constructs.

Which of the following is AWS responsible for in the Shared Responsibility Model? choose 3. A. Availability Zones B. Edge Locations C. Customer Data D. Regions

A. Availability Zones B. Edge Locations D. Regions AWS manages security of the cloud. This includes the infrastructure, which consists of regions, edge locations, and Availability Zones. On the other hand, security in the cloud is the responsibility of the customer. Therefore, AWS is not responsible for safeguarding customer data; the customer is.

The use of what AWS feature or service allows companies to track and categorize spending on a detailed level? A. Cost allocation tags B. Consolidated billing C. AWS Budgets D. AWS Marketplace

A. Cost allocation tags https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report, to make it easier for you to categorize and track your AWS costs.

Which of the following are best practices when it comes to securing your AWS account? choose 5. A. Create individual IAM users B. Store your Root account keys on your application for easy access C. Delete your Root access keys. D. Apply an IAM password policy. E. Delete your Root account password F. Activate MFA on the Root Account. G. Use groups to assign permissions.

A. Create individual IAM users C. Delete your Root access keys. D. Apply an IAM password policy. F. Activate MFA on the Root Account. G. Use groups to assign permissions. Creating individual IAM users, using groups to assign them permissions and creating a strong password policy are all key components of securing your AWS account. The root user should only be used in emergencies, therefore there should be no need to have Root Access Keys which allow the root user Programmatic access - any Programmatic access should use something other than the root account. It is not possible to delete the root password, and this should be securely and safely stored and not used in any applications!

You need a "virtual hard disk" for your EC2 instance. Which of the following should you choose? A. EBS B. RDS C. DDB D. S3

A. EBS EBS volumes are "virtual hard disks" for your EC2 instance.

When talking about AWS security, what does "Authorization" refer to? A. Evaluating what permissions a user has B. A user delegating access to another user temporarily C. Logging in to the console D. Identifying who is accessing the system

A. Evaluating what permissions a user has Authentication identifies who is accessing the system and passes that information to the Authorization process, which in turn determines what permissions the user has in AWS. Although Authorization is a part of the process to log in to the console, by itself it is not enough.

A purchasing department staff member is setup as an AWS user in the company's procurement AWS account. At each month-end, the staff member needs access to an application running on EC2 in the company's accounts payable AWS account to reconcile reports. Which of the following provides the most secure and operationally efficient way to give the staff member access to the accounts payable application? A. Have the user request temporary security credentials for the application by assuming a role B. Create a user for the staff member in the accounts payable AWS account C. Invoke an AWS Lambda function to run the application in the accounts payable AWS account D. Configure Active Directory integration so that you can federate the staff member's access to the accounts payable AWS account

A. Have the user request temporary security credentials for the application by assuming a role. The staff member should be given the ability to assume a role programmatically with the permissions necessary to run the accounts payable application. Setting up another AWS user for the staff member in the accounts payable account will require the presentation of hard credentials programmatically. Both federation and Lambda will require the use of a role as well, but with the added overhead of maintaining Active Directory or the Lambda function.

You notice that five of your 10 S3 buckets are no longer available in your account, and you assume that they have been deleted. You are unsure who may have deleted them, and no one is taking responsibility. What should you do to investigate and find out who deleted the S3 buckets?Choose the Correct Answer A. Look at the CloudTrail logs. B. Look at the SNS log C. Look at the CloudWatch Logs. D. Look at the S3 logs

A. Look at the CloudTrail logs. CloudTrail is logging service that logs actions taken by AWS users in your AWS account, such as creating/deleting S3 buckets, starting/stopping EC2 stances, etc.

You have just created a new bucket and uploaded a file into it - will this be automatically viewable by anyone on the internet? A. No - by default buckets and their contents are private B. Only if you have a NAT Gateway C. Yes - by default buckets and their contents are public D. Only if you have an Internet Gateway

A. No- by default S3 buckets and their contents are private By default, all data stored in S3 is NOT viewable by the public. If you want a bucket or object to be accessible by the public, you must explicitly make it so. These do not apply because NAT(network address translators) Gateways and Internet Gateways are needed to allow communications between VPCs and the internet, but are not required when it comes to S3

Which of the below are you responsible for when running an EC2 instance on AWS? choose 2. A. Patching the applications B. Patching the network hardware C. Patching the compute hardware D. Patching the operating system

A. Patching the applications D. Patching the operating system Under the Shared Responsibility Model, EC2 patching is a Shared Control - AWS is responsible for the underlying hardware, but you as the user are responsible for patching the OS and Applications running in your instance

You need a managed, low-cost relational database for your e-commerce store. Which of the following should you use? A. RDS B. AWS ElastiCache C. DynamoDB D. MySQL on EC2

A. RDS RDS is your best option: it's a low-cost, managed database solution.

Which of the following are advantages of AWS consolidated billing? (Choose two.) A. The ability to receive one bill for multiple accounts B. Service limits increasing by default in all accounts C. A fixed discount on the monthly bill D. Potential volume discounts, as usage in all accounts is combined E. The automatic extension of the master accountג€™s AWS support plan to all accounts Reveal Solution Discussion 14

A. The ability to receive one bill for multiple accounts D. Potential volume discounts, as usage in all accounts is combined

True or False: S3 is object storage suitable for the storage of 'flat' files like Word documents, photos, etc A. True B. False

A. True S3 is object storage suitable for the storage of 'flat' files like Word documents, photos, etc

True or False: AWS is responsible for security of the cloud. A. True B. False

A. True AWS is responsible for the security of the cloud.

You've been tasked with assessing your AWS infrastructure in terms of cost optimization. Which of the following AWS services would help with this task? A. Trusted Advisor B. AWS Personal Health Dashboard C. AWS Systems Manager D. Cloud Trail

A. Trusted Advisor AWS Trusted Advisor is an online tool that provides you with real-time guidance to help you provision your resources following AWS best practices

You want to streamline access management for your AWS administrators by assigning them a pre-defined set of permissions based on their job role - which of the below is the best way to approach this? A. Use IAM Groups B. Use AWS Organizations C. Use Amazon Cognito D. Use IAM Roles

A. Use IAM Groups Using IAM Groups lets you create a list of pre-defined permissions that any user made a part of that group will be granted. Roles are primarily used to grant AWS resources permissions to other AWS resources and generally are not for end-users. Amazon Cognito is a service that help authenticate users to your apps, and not the AWS console itself.

Which of the following languages can be used to author CloudFormation templates? choose 2. A. YAML B. Python C. CAMEL D. JSON

A. YAML D. JSON CloudFormation supports both JavaScript Object Notation (JSON) and YAML Ain't Markup Language (aka YAML) for authoring CloudFormation templates

Which of the following allows you to restrict access to individual objects in an S3 bucket? A. Bucket Control Lists B. Access Policies C. Access Control Lists D. Bucket Access Lists

C. Access Control Lists Access Control Lists let you control access to individual objects within an S3 bucket, whereas Bucket Policies allow you to control access to entire buckets. In relation to S3, Bucket Control Lists and Access Policies do not exist as configuration items.

Which service stores objects, provides real-time access to those objects, and offers versioning and lifecycle capabilities? A. Amazon Glacier B. AWS Storage Gateway C. Amazon S3 D. Amazon EBS

C. Amazon S3

Amazon VPC ________ A. Offers several layers of security controls. B. Allows you to build a private, virtual network in the AWS cloud. C. Amazon VPC offers all of these features. D. Affords you complete control of network configuration.

C. Amazon VPC offers all of these features Amazon VPC - allows you to build a private, virtual network in the AWS cloud - affords you complete control of network configuration - - -offers several layers of security controls.

Your manager approaches you this morning to tell you there has been a surprise audit announced by the internal audit team for all of your company's AWS Accounts. Which service would you use to provide the necessary information to the audit team? A. Inspector B. QuickSight C. CloudTrail D. CloudWatch

C. CloudTrail AWS CloudTrail is a service that enables governance, compliance, operational and risk auditing of your AWS account.

AWS Cloud Formation Stack Sets- Speed up cloud provisioning with infrastructure as code A CloudFormation template describes your desired resources and their dependencies so you can launch and configure them together as a stack. You can use a template to create, update, and delete an entire stack as a single unit, as often as you need to, instead of managing resources individually. You can manage and provision stacks across multiple AWS accounts and AWS Regions.

An AWS account is a container for your resources. Using multiple accounts gives you built-in security boundaries. It also empowers your teams by providing them designated accounts, and you can automatically provision resources and permissions using AWS CloudFormation StackSets.

Which of the following Amazon EC2 pricing models allow customers to use existing server-bound software licenses? A. Spot Instances B. Reserved Instances C. Dedicated Hosts D. On-Demand Instances

Answer is C: Dedicated hosts Dedicated Hosts can help you reduce costs by allowing you to use your existing server-bound software licenses, including Windows Server, SQL Server, and SUSE Linux Enterprise Server (subject to your license terms), and can also help you meet compliance requirements. Source: https://aws.amazon.com/about-aws/whats-new/2015/11/now-available-amazon-ec2-dedicated-hosts-and-the-ability-to-use-existing-server-bound-licenses/

Which service enables risk auditing by continuously monitoring and logging account activity, including user actions in the AWS Management Console and AWS SDKs? A. Amazon CloudWatch B. AWS CloudTrail C. AWS Config D. AWS Health

B. AWS CloudTrail https://aws.amazon.com/cloudtrail/ AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs(Software Development Kit), command line tools, and other AWS services.

______________ is the AWS service that allows the use of Chef and Puppet to automate how servers are configured, deployed, and managed across the Amazon EC2 instances or on-premises compute environments. A. AWS Systems Manager B. AWS OpsWorks C. AWS Elastic Beanstalk D. AWS CloudFormation

B. AWS OpsWorks

Which of the following tools provides a view of the performance and availability of your AWS services based on your requirements? A. AWS Systems Manager B. AWS Personal Health Dashboard C. AWS Service Health Dashboard D. AWS Trusted Advisor

B. AWS Personal Health Dashboard Personal Health Dashboard provides a personalized view of AWS services. Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you and that focuses on the performance and availability of your AWS services so that you can respond accordingly. Although it's easy to jump to AWS Service Health Dashboard ( The Service Health Dashboard Notifier tool lets you know generally if there is a problem with an AWS service as quickly as possible and provides service status updates/ in an Amazon Simple Notification Service (Amazon SNS) topic, Amazon Chime webhook, or Slack webhook) as the answer, it does not it displays their general status.

Which of the following inspects AWS environments to find opportunities that can save money for users and also improve system performance? A. AWS Cost Explorer B. AWS Trusted Advisor C. Consolidated billing D. Detailed billing

B. AWS Trusted Advisor AWS Trusted Advisor helps streamline and optimize the use of AWS resources by focusing on cost-efficient operations, fault tolerance, service limits, performance and security.

Which of the following are characteristics of Amazon S3? (Choose two.) A. A global file system B. An object store C. A local file store D. A network file system E. A durable storage system

B. An object store E. A durable storage system Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. Amazon S3 is designed for 99.999999999% (11 9's) of durability, and stores data for millions of applications for companies all around the world. While Amazon S3 requires a unique global bucket name, Amazon S3 is more a web service than a file system. It is not global because while you can replicate your buckets/objects across regions, by default, S3 objects sit only in one region though they are stored on multiple devices across multiple Availability Zones.

Your application requirements for CPU and RAM change rapidly these days. Which service can be used to dynamically adjust those resources based on demand? A. Amazon Route53 B. Auto Scaling C. ELB D. Amazon Elastic Container Service

B. Auto Scaling

Which AWS tools assist with estimating costs? (Choose three.) A. Detailed billing report B. Cost allocation tags C. AWS Simple Monthly Calculator D. AWS Total Cost of Ownership (TCO) Calculator E. Cost Estimator

B. Cost allocation tags C. AWS Simple Monthly Calculator D. AWS Total Cost of Ownership (TCO) Calculator The AWS Simple Monthly Calculator helps customers and prospects estimate their monthly AWS bill more efficiently. To estimate a bill, use the AWS Pricing Calculator. Choose Create estimate, and then choose your planned resources by service. The AWS Pricing Calculator provides an estimated cost per month. For more information, see What is AWS Pricing Calculator? To forecast your costs, use the AWS Cost Explorer. Use cost allocation tags to divide your resources into groups, and then estimate the costs for each group.

True or False: It is best practice to store your Access Key and Secret Access Key in the .aws file in your application. A. True B. False

B. FALSE You should never store your access keys in your application.

True or False: You use your Access Key and Secret Access Key to log into the AWS Management Console. A. True B. False

B. False You use a username and password to log into the AWS console.

True or False: To complete the process of creating a Multi-AZ RDS instance, you must copy the primary instance to a public subnet in a second Availability Zone A. True B. False

B. False To complete the process of creating a Multi-AZ RDS instance, you must copy the primary instance to a private subnet. AWS generates a standby, and transactions are synchronously replicated.

For a subnet to be public and send non-local traffic to the Internet, we must update the Route Table of the public subnet and attach which of the following to the VPC that contains the subnet? A. Route 53 B. Internet Gateway C. NAT Gateway D. Network Access Control List

B. Internet Gateway an Internet Gateway must be attached to the VPC.

Your project manager (PM) tasked you with launching an instance for a web application to be developed for an NGO. The PM is especially interested in using an AWS service that provides predicable monthly pricing, and he expects the instance to have the ability to burst above the baseline level of CPU performance when needed. What AWS service should you use to launch this instance? A. CloudFront B. Lightsail C. EC2 D. Elasticsearch Service

B. Lightsail Although EC2 could have been the correct answer, two things are key here: Predicable monthly pricing and instance ability to burst above the baseline level of CPU performance when needed. Lightsail accomplishes that; EC2 is more suitable for consistently high CPU performance, and costs vary according to usage.

An Amazon EC2 instance running the Amazon Linux 2 AMI is billed in what increment? A. Per CPU B. Per second C. Per hour D. Per GB

B. Per second

For which of the following categories does AWS Trusted Advisor provide best practices and/or or checks of your AWS environment? choose 4. A. Availability of AWS resources B. Performance C. Security D. High-Availability E. Fault Tolerance F. Right-size G. Cost Optimization

B. Performance C. Security E. Fault Tolerance G. Cost Optimization Trusted Advisor provide best practices and/or or checks on Cost Optimization, Performance, Security, and Fault Tolerance.

Which of the following AWS services is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence tools A. DynamoDB B. Redshift C. Kinesis D. Elastic Map Reduce

B. Red Shift Redshift is AWS' fully-managed data warehouse solution.

Which of the following is a correct relationship between regions, Availability Zones, and edge locations? A. Data centers contain regions. B. Regions contain Availability Zones. C. Availability Zones contain edge locations. D. Edge locations contain regions.

B. Regions contain Availability Zones. AWS has the concept of a Region, which is a physical location around the world where we cluster data centers. We call each group of logical data centers an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate AZ's within a geographic area.Each AZ has independent power, cooling, and physical security and is connected via redundant, ultra-low-latency networks.

Broadly speaking as a customer of AWS you responsible for: A. Security both IN and OF the cloud B. Security IN the cloud C. None of security - AWS will manage all security for you D. Security OF the cloud

B. Security IN the cloud Generally speaking, as a customer of AWS you responsible for the security IN the cloud - meaning that you are responsible for the data, consumption and in-account configuration of AWS services

What is the most cost effective EC2 Instance purchasing option for users with urgent computing needs for large amounts of additional capacity? A. Reserved instances B. Spot instances C. On-demand instances D. Dedicated instances

B. Spot instances

Which of the below are TRUE when running a database in an EC2 Instance? choose 3. A. AWS is responsible for updating the database software B. The customer is responsible for updating the operating system C. The customer is responsible for updating the database software D. The customer is responsible for managing access to the database E. AWS is responsible for managing access to the database F. AWS is responsible for updating the operating system

B. The customer is responsible for updating the operating system C. The customer is responsible for updating the database software D. The customer is responsible for managing access to the database In this case - as the database is being run in an EC2 instance, all aspects of database updates and access is the responsibility of the customer. Similarly, as it is an EC2 instance, the customer is responsible for OS patching. Under the Shared Responsibility Model, AWS takes responsibility for managing all the hardware (including access, patching and other maintenance) and software required to deliver the service - which in this case is the EC2 instance - anything to do with the instance itself is the responsibility of the customer

Topic 1 A characteristic of edge locations is that they: A. host Amazon EC2 instances closer to users. B. help lower latency and improve performance for users. C. cache frequently changing data without reaching the origin server. D. refresh data changes daily.

B. help lower latency and improve performance for users. A characteristic of edge locations is that they: host Amazon EC2 instances closer to users. help lower latency and improve performance for users. cache frequently changing data without reaching the origin server. refresh data changes daily.

Which of the following services is used during the process of encrypting EBS volumes? A. Amazon ECR B. Amazon GuardDuty C. AWS KMS D. AWS WAF

C. AWS KMS Amazon EBS encryption offers a straight-forward encryption solution for your EBS resources that doesn't require you to build, maintain, and secure your own key management infrastructure. You can use the AWS Key Management Service (AWS KMS) to create and control the encryption keys used to encrypt your data. AWS Key Management Service is also integrated with other AWS services including Amazon S3, and Amazon Redshift, to make it simple to encrypt your data with encryption keys that you manage.

A customer would like to design and build a new workload on AWS Cloud but does not have the AWS-related software technical expertise in-house.Which of the following AWS programs can a customer take advantage of to achieve that outcome? A. AWS Partner Network Technology Partners B. AWS Marketplace C. AWS Partner Network Consulting Partners D. AWS Service Catalog

C. AWS Partner Network Consulting Partners https://www.apn-portal.com/knowledgebase/articles/FAQ/What-Are-the-Partner-Types-of-APN APN Technology Partners provide software solutions that are either hosted on, or integrated with, the AWS platform. Technology Partners include Independent Software Vendors (ISVs), SaaS, PaaS, Developer Tools, Management and Security Vendors. APN Consulting Partners are professional services firms that help customers of all sizes design, architect, build, migrate, and manage their workloads and applications on AWS

Which of the following AWS services gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources, alerting you and providing remediation guidance when AWS is experiencing events that my affect you? A. Trusted Advisor B. Cloud Trail C. AWS Personal Health Dashboard D. AWS Systems Manager

C. AWS Personal Health Dashboard AWS Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty practice areas? A. AWS Enterprise Support B. AWS Solutions Architects C. AWS Professional Services D. AWS Account Managers

C. AWS Professional SErvices https://aws.amazon.com/professional-services/ The AWS Professional Services organization is a global team of experts that can help realize the desired business outcomes when using the AWS Cloud. We work together with your team and your chosen member of the AWS Partner Network (APN) to execute your enterprise cloud computing initiatives. Our team provides assistance through a collection of offerings which help you achieve specific outcomes related to enterprise cloud adoption

What costs are included when comparing AWS Total Cost of Ownership (TCO) with on-premises TCO? A. Project management B. Antivirus software licensing C. Data center security D. Software development

C. Data center security

Distributing workloads across multiple Availability Zones supports which cloud architecture design principle? A. Implement automation. B. Design for agility. C. Design for failure. D. Implement elasticity.

C. Design for failure.

The Solutions Architect leading your project tells you the application your team is working on requires a managed NoSQL database. Which of the following AWS services best fits that description? A. ElastiCache B. Redshift C. DynamoDB D. RDS

C. Dynamo DB DynamoDB is AWS' managed NoSQL database. DynamoDB is a key-value and document database. t's a fully managed, multi-region, multi-active, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications. DynamoDB is serverless with no servers to provision, patch, or manage and no software to install, maintain, or operate. You can build applications with virtually unlimited throughput and storage. DynamoDB global tables replicate your data across multiple AWS Regions to give you fast, local access to data for your globally distributed applications. DynamoDB encrypts all data by default and provides fine-grained identity and access control on all your tables and recover to any point in time in the preceding 35 days with no downtime.

Which of the following are AWS compute services? choose 2. A. RDS B. SNS C. EC2 D. Lambda

C. EC2 D. Lambda EC2 and Lambda are AWS Compute Services. Other compute services include: LightSail, Elastic BeanStalk, Image Builder, OutPosts, SErverless Application Repository, Wavelength

Which of the given options is an example of the architectural benefit of moving to the cloud? A. Monolithic services B. Proprietary hardware C. Elasticity D. Vertical scalability

C. Elasticity

You have a variable and intermittent workload, so you want to use a compute service that allows you to pay only for the compute resources you use, without paying for compute time when your code isn't running. Which of the following services should you use? A. EC2 B. Lightsail C. Lambda D. ECS

C. Lambda Lambda allows you to run a variable and intermittent code without paying for compute time when your code isn't running.

Amazon Lightsail is an example of which of the following? A. Software as a Service B. Infrastructure as a Service C. Platform as a Service D. Functions as a Service

C. Lightsaid is a PaaS (Platform as a SErvice) Lightsail is AWS' Platform-as-a-Service offering. Lightsail is an easy-to-use virtual private server (VPS) that offers you everything needed to build an application or website, plus a cost-effective, monthly plan. Lightsail is ideal for simpler workloads, quick deployments, and getting started on AWS Easily deploy a web application with pre-configured development stacks like LAMP, Nginx, MEAN, and Node.js. Quickly create a website with Lightsail's pre-configured applications like WordPress, Magento, Plesk, and Joomla. Quickly launch your line-of-business software, like file storage/sharing and backups. Create dev sandboxes and testing environments outside of your prod environment.

You need to allow resources in a private subnet to access the internet. Which of the following must be present to enable this access? A. Security Groups B. Network Access Control Lists C. NAT Gateway D. Route Tables

C. NAT Gateway A NAT Gateway is required to allow resources in a private subnet to access the internet. Route tables tell traffic where it should go next to reach its destination, but don't actually process or transmit traffic. Security Groups and Network Access Control Lists are used to protect resources from traffic, and by themselves do not enable access to the internet - although they need to be properly configured to let traffic bound for the internet out.

Which of the following is the document used to grant permissions to users, groups, and roles? A. Protocol B. Passbook C. Policy D. Paradigm

C. Policy A Policy is the document used to grant permissions to users, groups, and roles.

An EC2 instance in your VPC needs which of the following for the Internet Gateway to route its traffic to the Internet? A. C-Name B. A-Name C. Public IP address D. Private IP address

C. Public IP address An EC2 instance in your Virtual Private Cloud needs a Public IP address for the Internet Gateway to route its traffic to the Internet

You need to re-create an EBS volume that you have used previously. How might you go about doing that? A. Use a CloudFormation template to recreate the volume. B. Use the copy that lives in the Auto Scaling group. C. Re-create the volume from a snapshot. D. Copy the AMI the volume was based on and spin it up.

C. Re- create the volume from a snapshot Amazon EBS snapshots are stored incrementally. When you take a new snapshot, only the blocks that you changed after your last snapshot are saved. EBS snapshots can be copied across AWS regions ( using EBS snapshot Copy), thus making it easier for you to leverage multiple AWS regions and accelerate your geographical expansion, data center migration and disaster recovery. EBS snapshot Copy can be accessed via EC2 Command Line Interface or EC2 (API- application programming interface-software intermediary that allows two applications to talk to each other. Each time you use an app like Facebook, send an instant message, or check the weather on your phone, you're using an API.)

Which of the following is AWS' Data Warehousing service? A. Elastic Map Reduce B. Snowball C. Redshift D. S3 Big Data

C. Redshift Redshift is AWS' data warehousing service. Elastic Map Reduce is a large scale data processing service (BigData, Hydoop). Snowball is a physical appliance used to transfer data into, or out of AWS. S3 Big Data does not exist.

Your application needs fully-managed storage for objects. Which of the following options should you choose? A. EBS B. RDS C. S3 D. EC2

C. S3 S3 is fully-managed storage for objects. EBS provides virtual hard disks in the cloud and is block-based not object-based. EC2 is a compute service, and RDS is a database service.

____________ is the Amazon EC2 Reserved Instance type that allows you to match your capacity reservation to predictable recurring dates and times. A. Standard RI B. Customized RI C. Scheduled RI D. Convertible RI

C. Scheduled RI

You have been asked to archive some data into Glacier that needs to be encrypted. What is the easiest way to achieve this? A. Glacier is not compatible with encrypted data, so it is the wrong choice for this - use S3 instead B. Once the data is in Glacier use the AWS Console to encrypt it. C. Send the data to Glacier and do nothing more - all data in Glacier is encrypted by default D. Encrypt the data locally on your server before sending it to Glacier

C. Send the data to Glacier and do nothing more- all data in Glacier is encrypted by default Data stored in Glacier is encrypted by default so nothing else needs to be done. Although you can encrypt your data before sending it to Glacier, unless you need the extra security this brings over using the inbuilt encryption this is not needed. Encrypting the data in-place once it is in Glacier is not possible so is not a valid option.

Which AWS Load Balancer types uses a Round-Robin load distribution strategy? choose 2. A..The ALB uses a Round-Robin strategy 1st to select an ELB node, then selects a target based on the routing rules. B. The Classic uses a Round-Robin strategy for HTTP / HTTPS only. C. The Classic uses a Round-Robin strategy for TCP listeners only. D. The ALB 1st selects a target based on the routing rule, then uses a Round-Robin strategy to select a node.

C. The Classic uses a Round-Robin strategy for TCP listeners only. D. The ALB 1st selects a target based on the routing rule, then uses a Round-Robin strategy to select a node. The Classic will use Round-Robin only for TCP. The ALB will use it for final web server selection after parsing the routing rules.

Which of the following Reserved Instance (RI) pricing models provides the highest average savings compared to On-Demand pricing? A. One-year, No Upfront, Standard RI pricing B. One-year, All Upfront, Convertible RI pricing C. Three-year, All Upfront, Standard RI pricing D. Three-year, No Upfront, Convertible RI pricing

C. Three-year, All Upfront, Standard RI pricing Reserved Instances provide you with a significant discount (up to 72%) compared to On-Demand Instance pricing. In addition, when Reserved Instances are assigned to a specific Availability Zone, they provide a capacity reservation, giving you additional confidence in your ability to launch instances when you need them.With the All Upfront option, you pay for the entire Reserved Instance term with one upfront payment. This option provides you with the largest discount compared to On-Demand Instance pricing.

You need to implement an automated service that will scan your AWS environment with the goal of both improving security and reducing costs. Which service should you use? A. Service Catalog B. CloudTrail C. Trusted Advisor D. Config Rules

C. Trusted Advisor An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment, Trusted Advisor provides real time guidance to help you provision your resources following AWS best practices.

Which of the following are valid access types for an IAM user? choose 3. A. Emergency access via Identity Access Management (IAM) B. Security Group access via the AWS command line C. Using the AWS Software Developers Kit D. Programmatic access via the command line E. AWS Management Console access

C. Using the AWS Software Developers Kit D. Programmatic access via the command line E. AWS Management Console access The types of access are AWS Management Console access and Programmatic Access via the AWS API (application programming interface, the CLI( command line interface) , and the SDK( software development kits.)

Generally, there are at least _______ Availability Zones per AWS Region A. 3 B. 1 C..2 D. 4

C..2 Generally, there are at least 2 Availability Zones per AWS Region. The only exception to this rule is the Osaka Local Region, which has only one.

You visit a clients site and get called into a corridor discussion. You are asked to describe the new (2019) URL structure for objects in S3. Which of these do you use as a description? A. https, then the object name, then slash, then the AWS S3 regional endpoint, then slash, then bucket the name B. https, then the bucket name, then dot, then the AWS S3 regional endpoint, then dot, then the object name C. http, then the bucket name, then dot, then the AWS S3 regional endpoint, then slash, then the object name D. https, then the bucket name, then slash, then the AWS S3 regional endpoint, then slash, then the object name E. http, then the object name, then dot, then the AWS S3 regional endpoint, then dot, then bucket the name F. https, then the AWS S3 regional endpoint, then slash, then the bucket name, then slash, then the object name G. https, then the AWS S3 regional endpoint, then dot, then the bucket name, then slash, then the object name

B. https, then the bucket name, then dot, then the AWS S3 regional endpoint, then dot, then the object name https://bucket-name.s3.Region.amazonaws.com https://my-bucket.s3.us-west-2.amazonaws.com. AWS has updated the URL format for objects in S3 in order to partition the name space. This will introduce more consistency, but be aware that there are still multiple variation depending on feature and location.variations

Which AWS characteristics make AWS cost effective for a workload with dynamic user demand? (Choose two.) A. High availability B. Shared security model C. Elasticity D. Pay-as-you-go pricing E. Reliability

C & D - As elasticity make feasible to add/remove required resources as needed. Pay-as-you-go - makes to pay based on usage only.

What happens when an RDS Master database in a Multi-AZ deployment goes down? A. You must use the AWS console to promote the standby to Master. B. You must copy the attached EBS volume to the standby. C. RDS automatically fails over to the standby, which is promoted to Master. D. The asynchronous replication of RDS Multi-AZ deployments means you will suffer some data loss.

C. RDS automatically fails over to the standby, which is promoted to Master. Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete.

Which of the following services can be used to identify the user that made the API call, when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated? A. AWS X-Ray B. AWS Identity and Access Management (AWS IAM) C. AWS CloudTrail D. Amazon CloudWatch

C. AWS Cloud Trail

In AWS' Global Infrastructure, what are Edge Locations responsible for? A. Providing independent power grids to Availability Zones B. Providing disaster recovery services C. Hosting a Content Delivery Network called CloudFront D. Providing redundant backup to your AWS services

Hosting a Content Delivery Network called CloudFront Edge Locations host a Content Delivery Network called CloudFront.


Related study sets

Chapt. 29: Management of pt with complication from heart disease

View Set

WorkKeys Level 6: Calculating Rates

View Set

Domain 5 Information Asset Security and Control Set 5

View Set

Consumer Health for Educators - Exam 2

View Set

SHRM CP and SCP - People - Compensation systems

View Set

Contraindications for Postural Drainage

View Set