AWS Cloud Practitioner Exam Prep: Practice Quiz #2 (WHIZ)
During an organization's information systems audit, the administrator is requested to provide a dossier ofsecurity and compliance reports and online service agreements between the organization and AWS.Which service can they utilize to acquire this information? A. AWS Artifact B. AWS Resource Center C. AWS Service Catalog D. AWS Directory Service
Correct Answer: A. AWS Artifact Why: AWS Artifact is a comprehensive resource center to have access to the AWS' auditor-issued reports and security and compliance documentation from several renowned independent standard organizations. Why Not: Option B is INCORRECT. AWS Resource Center is a repository of tutorials, whitepapers, digital training, and project use cases that aid in learning the core concepts of Amazon Web Services. Option C is INCORRECT. AWS Service Catalog allows organizations to create and save their own IT service catalogs for further use. But they have to be approved by AWS. IT service catalogs can be multi-tiered application architecture . Option D is INCORRECT. AWS Directory Service is an AWS tool that provides multiple ways to use Amazon Cloud Directory and Microsoft Active Directory with other AWS services.
A group of developers for a startup company store their source code and binary files on a shared open-source repository platform which is publicly accessible over the internet. They have embarked on a new project in which their client requires high confidentiality and security on all development assets. Which AWS service can the developers use to store the source code? A. AWS CodeCommit B. AWS CodeDeploy C. AWS Lambda D. AWS CodeStar
Correct Answer: A. AWS CodeCommit Why: AWS CodeCommit is a managed source control service. It can be used as a data store to store sourcecode, binaries, scripts, HTML pages and images which are accessible over the internet. CodeCommitencrypts files in transit and at rest, which fulfills the additional client requirement (high confidentiality &security) mentioned in the question. Also, CodeCommit works well with Git tools and other existing CI/CDtools. Why Not: Option B is INCORRECT because AWS CodeDeploy is a deployment service that automates applicationdeployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or AmazonECS services. https://docs.aws.amazon.com/codedeploy/latest/userguide/welcome.html Option C is INCORRECT because AWS Lambda will allow the developers in the scenario to run code withoutprovisioning or managing servers. The company would pay only for the compute time consumed. Therewould be no charge when your code is not running. https://aws.amazon.com/lambda/ Option D is INCORRECT because AWS CodeStar provides a unified user interface, enabling you to manageyour software development activities in one place easily. With AWS CodeStar, you can set up your entirecontinuous delivery toolchain in minutes, allowing you to start releasing code faster. AWS CodeStar makesit easy for your whole team to work together securely, allowing you to manage access and add owners,contributors, and viewers to your projects easily. However, this question asks for the service to store thesource code. AWS CodeStar is improper because it is a software development management tool ratherthan a source control service.
I have moved my On-Premises workload to AWS for cost efficiency. I have received my monthly bill & I would like to be visually advised to utilize my AWS resources for making better selection decisions. Which AWS service will help me do that? A. AWS Cost Explorer B. AWS Budgets C. AWS Organizations D. CloudWatch Dashboards
Correct Answer: A. AWS Cost Explorer Why: Cost Explorer is a free service that helps me view my cost data (bill) as a graph. For instance, I would like to see my EC2 service utilization whether it is going up or down. The tool also allows me to filter the graph by values like API Operations, Cost allocation tags (e.g., Any EC2 instance stagged as Development), AZ, EC2 instance types etc...With consolidated billing, the filter can also be applied to Member Accounts. From historical data, I can also see forecasts of future costs. Using this data, I can make informed decisions of further improving my costs using this data. Why Not: Option B is incorrect. AWS Budgets is a planning tool that allows me to plan service usage, service costs, instance reservations by setting up a Budget. For example, if my budget for EC2 instance use is$800 per month, I can set up a budget for that and have the system alert me when it reaches 70% of the usage cost. AWS Budgets can be viewed as an enabler of Cost Explorer that helps to visualize incurred costs & usage. Option C is incorrect. AWS Organizations help me consolidate my billing within a large organization that uses multiple accounts. This streamlines the billing process & makes it central, avoiding the overhead of billing management over hundreds a o different accounts. Option D is incorrect. CloudWatch is a monitoring tool that tracks resource metrics using alarms &dashboards. CloudWatch dashboards can help provide trend settings from resource utilization. But itis restricted to do so using basic or custom metrics compared to a large spectrum of visual cost usage display provided by Cost Explorer.
A financial company with many resources running on AWS would like a machine learning-driven and proactive security solution that would promptly identify security vulnerabilities, particularly flagging suspicious or abnormal data patterns or activity between AWS services. Which AWS service would best meet this requirement? A. AWS Detective B. AWS Macie C. AWS Shield D. Amazon CloudWatch Anomaly Detection
Correct Answer: A. AWS Detective Why: Persistent machine learning-driven service that automatically collates log data from all AWS resources. This log data is then applied into machine learning algorithms to derive data patterns between AWS services and resources, graph theory and statistical analysis. Why Not: B: AWS Macie: Matches and discovers sensitive data such as personally identifiable information (PII) but does NOT have the capability to keep track of data behaviors between AWS services to detect anomalies. C: AWS Shield: Distributed Denial of Service (DDoS) Protection service that applies to applications running in the AWS environment. D: Amazon CloudWatch Anomaly Detection is a machine learning feature limited to Amazon CloudWatch metrics.
Developer Team is creating a new mobile app using AWS resources which will be accessed by thousands of users. Which of the following services can be used for creating a directory for managing sign-in for these users? A. Amazon Cognito User Pools B. Amazon Congnito Identity Pools C. AWS Single Sign-On D. AWS IAM
Correct Answer: A. Amazon Cognito User Pools Why: Amazon Cognito User Pools is a managed service which can be used to manage user authentication to mobile applications. Why Not: B: Cognito Identity Pools: Used to provide privelege credentials for accessing AWS services. User Pools = authenticating users; Identity Pools = authorization for accessing AWS resources C. SSO = Authenticating employees for accessing services. NOT useful for authenticating users to access mobile applications. D. AWS IAM: use to control AWS services or resources. Not suited for authenticating large numbers of users.
Which of the following services can be used by the Security team to investigate & analyze root cause of potential security threats on AWS resources ? A. Amazon Detective B. AWS Shield C. Amazon GuardDuty D. AWS Security Hub
Correct Answer: A. Amazon Detective Why: Amazon Detective can be used to identify the root cause of the potential security threat. It collects &analyses data from multiple sources like AWS CloudTrail logs, VPC Flow logs, and Amazon GuardDuty findings. Based upon unified findings created by Amazon Detective, the Security Team can quickly determine the root cause of the security threat. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. AWS Security Hub aggregates alerts from various services like Amazon GuardDuty, Amazon Inspector, Amazon Macie, and AWS Partner solutions in a single place. Why Not: Option B is incorrect as AWS Shield is a managed DDoS protection service that detects DDoS attacks& provides mitigation for the same. This service is not suitable for investigating the root cause of potential security threats on AWS resources. Option C is incorrect as Amazon GuardDuty is a threat detection service that monitors logs from AWSCloudTrail Event logs, Amazon VPC Flow Logs, and DNS Logs to detect any malicious activity. Option D is incorrect as AWS Security Hub aggregates alerts from various services like Amazon GuardDuty, Amazon Inspector, Amazon Macie, and AWS Partner solutions in a single place.
When an administrator is looking to deploy shared file access Linux-based workloads which will require up to petabytes of data stores, what is the best-suited storage option to use? A. Amazon EFS B. Amazon S3 C. AWS Snowball D. Amazon EBS
Correct Answer: A. Amazon EFS (Elastic File Storage) Why: EFS is the best-suited file storage option for the scenario given it's designed for shared file access and scaling to petabyte data store. Why Not: B: Amazon S3: S3 is an object data store which is not suitable for deploying Linux-based workloads as the scenario outlines C. AWS Snowball is a data transport solution and data migration which is not suitable for deploying shared file access builds. D. Amazon Elastic Block Store: block storage service for access by an EC2 instance but without the capability of a share file access.
A business analyst would like to move away from creating complex database queries and static spreadsheets when generating regular reports for high-level management. They would like to publish insightful, graphically appealing reports with interactive dashboards. Which service can they use to accomplish this? A. Amazon QuickSight B. Business intelligence on Amazon Redshift C. Amazon CloudWatch dashboards D. Amazon Athena integrated with Amazon Glue
Correct Answer: A. Amazon QuickSight Why: Amazon QuickSight is the most appropriate service in the scenario. It is a fully-managed service that allows for insightful business intelligence reporting with creative data delivery methods, including graphical and interactive dashboards. QuickSight includes machine learning that allows users to discover in conspicuous trends and patterns on their datasets. Why Not: Option B is INCORRECT. Amazon Redshift service is a data warehouse and will not meet the requirements of interactive dashboards and dynamic means of delivering reports. Option C is INCORRECT. Amazon CloudWatch dashboards will not accomplish the requirements of the scenario. They are used to monitor AWS system resources and infrastructure services, though they are customizable and present information graphically. Option D is INCORRECT. Amazon Athena is a query service that allows for easy data analysis in Amazon S3 by using standard SQL. The service does not meet the requirements of the scenario.
Which AWS service automates infrastructure provisioning and administrative tasks for an analytical data warehouse? A. Amazon Redshift B. Amazon DynamoDB C. Amazon ElastiCache D. Amazon Aurora
Correct Answer: A. Amazon Redshift Why: Redshift is fully managed, petabyte-scale data warehouse service in the cloud. Why Not The Others: - Redshift was the ONLY Data warehousing option listed.
There is a requirement to store objects. The objects must be downloadable via a URL. Which storageoption would you choose? A. Amazon S3 B. Amazon Glacier C. Amazon Storage Gateway D. Amazon EBS
Correct Answer: A. Amazon S3 Why: Amazon S3 is the perfect storage option. It also provides the facility of assigning a URL to each objectwhich can be used to download the object.
AWS Organizations help manage multiple accounts effectively in a large enterprise. Which of the following statements related to AWS Organizations are correct? (Select TWO.) A. An Organizational Unit(OU) can have only one parent. B. An account can be a member of multiple Organizational Units (OU). C. An SCP policy only impacts a particular AWS account even if it is applied at the root account. D. Organizational level policies are known as Service Control Policies. right E. Service Control Policies (SCPs) can only allow actions instead of deny actions.
Correct Answer: A. An Organizational Unit(OU) can have only one parent. Why: AWS Organizations automate creation of AWS Accounts, OUs and their hierarchy. They use Service Control Policies (SCP) at OUs. SCPs are different from IAM in the sense that they can be applied to the Organization level. They override any IAM policies that are defined at an Account level & may also restrict the IAM policy defined. AWS Organizations do not cancel the need for IAM. It compliments what IAM can do by consolidating and centrally managing a lot of things that happen. AWS Organizations is not an authority for granting permissions, but it is an authority to approve/disapprove permissions given by IAM. Why Not: Option B is incorrect since an Account can belong to only one OU. Option C is incorrect. A Policy applied at the Root is applied throughout the Organization i.e. to all its OU's and its Accounts. A Policy applied to the OU level applies to all OU's and Accounts under those OU's. A Policy applied at the Account level is applied to only that Account. Referring to the figure above, when a Policy is applied to the OU under the Root, it will also be applied to the OU below it &Accounts B, C, D. When a policy is applied to Account C, it will apply to only that account Option E is incorrect . SCPs can be configured to allow or deny services and actions.
A financial Organization has an on-premises Data Center that holds large volumes of customers' financial transaction data on its legacy mainframe systems. While accessing transaction data, they have implemented a caching solution in the AWS cloud that will hold the customer's financial data due to performance issues. The transaction data is extremely confidential & is heavy in bandwidth while transferring to the cloud. What connectivity would you recommend for this data transfer? Select the best answer. A. Direct Connect with a VPN connection B. Virtual Private Network (VPN) C. AWS Storage Gateway D. AWS Snowball
Correct Answer: A. Direct Connect with a VPN connection Why: Option A is CORRECT since Direct Connect provides a dedicated connection to the on-premises data Center bypassing the internet providing a more secure data transfer mechanism. It also allows you to control the bandwidth to transfer massive amounts of data with the Direct Connect partner which is a prime requirement. VPN connection ensures that the connection is secure. Why Not: Option B is incorrect. Bandwidth is important for the connection. So Direct Connect is required. Option C is incorrect. AWS Storage Gateway is a means that provides a Backup & Recovery option for data to the AWS cloud that is stored within the on-premises Data Center. Primarily used with S3, the transfer still happens through the internet after encryption. Also since the data is backed up asynchronously, the cache may be Eventually Consistent resulting in stale data being retrieved from the cache . Option D is incorrect. Snowball is an offline data transfer mechanism used when there is a huge amount of data (100TB) that needs to be transferred to the cloud. Moving them over a WAN can take years & can be impractical at times. A physical appliance is shipped to the on-premise Data Center which can be hooked to a network for transferring data. Once done, it is shipped back to the CloudData Center, where it can be copied to storage devices like S3. Since our scenario requires real-time data availability between the On-Premise Data Center & AWS Cloud, it may not suffice the requirements.
Which of the following services can be used to optimize performance for global users to transfer large-sized data objects to a centralized Amazon S3 bucket in us-west-1 region? A. Enable S3 Transfer Acceleration on Amazon S3 bucket. B. Use Amazon CloudFront Put/Post commands C. Use Multipart upload D. Use Amazon ElastiCache
Correct Answer: A. Enable S3 Transfer Acceleration on Amazon S3 bucket. Why: S3 Transfer Acceleration can optimize performance for data transfer between users & objects in AmazonS3 bucket. Transfer acceleration uses CloudFront edge location to provide accelerated data transfer to users. Why Not: Option B is incorrect as Amazon CloudFront Put/Post commands can be used for small-sized objects but for large-sized data objects, S3 Transfer Acceleration provides better performance. Option C is incorrect as users should use Multipart uploads for all data objects exceeding 100megabytes. But for better performance, S3 transfer acceleration should be enabled. Option D is incorrect as for global users accessing S3 bucket, S3 Transfer Acceleration is a betterchoice..
Which support plan can be chosen to get AWS Technical Account manager proactively monitor a business-critical application on AWS? A. Enterprise Plan B. Business Plan C. Developer Plan D. Enterprise On-Ramp Plan
Correct Answer: A. Enterprise Plan Why: Enterprise Plan is the recommended support plan for customers having a business-critical application hosted on AWS cloud. With this support plan, a Technical Account Manager is assigned to work with the customer, who proactively monitors business-critical applications as well as assists in optimization of application. Technical Account Manager is also responsible for coordinating access to AWS programs &getting technical assistance from AWS experts. Why Not: Option B is incorrect as Business Plan is a suggested plan for customers having a production application hosted on AWS Cloud. In this support plan ,no Technical Account Manager is assigned. Option C is incorrect as the Developer Plan is a basic plan if the customer is using AWS Cloud resources for test purposes. In this support plan ,no Technical Account Manager is assigned. Option D is incorrect as Enterprise On-Ramp Plan supports business critical applications hosted on AWS cloud, but in this plan the assigned Technical Account manager does not proactively monitor resources hosted on AWS cloud. Technical Account Manager is only responsible for coordinating access to AWS programs & getting technical assistance from AWS experts.
Which Amazon Route 53 routing policy can be implemented to route traffic to multiple resources based upon user location? A. Geolocation Routing Policy B. Geoproximity Routing Policy C. Simple Routing Policy D. Latency Routing Policy
Correct Answer: A. Geolocation Routing Policy Why: Geolocation will route traffic to the resources based upon user location. Why Not: B. Geoproximity will route traffic based upon location of resources, & not based upon location of users.
What is the value of having AWS Cloud services accessible through an Application Programming Interface (API)? A. It allows developers to work with AWS resources programmatically. B. AWS resources will always be cost-optimized C. All application testing can be managed by AWS. D. Customer-owned, on-premises infrastructure becomes programmable.
Correct Answer: A. It allows developers to work with AWS resources programmatically. Why Not: B: AWS API does not reduce cost C: API allows customer's devs to work with resources, not AWS. D: AWS API only allows the customer to manage AWS resources, not on-prem.
What can be termed as a user-defined label that has a key-value pair of variable character length? It is assigned to AWS resources as metadata for administration and management purposes. A. Resource Tag B. Resource Group C. Resource Flag D. Tag key
Correct Answer: A. Resource Tag Why: AWS Resource tags are a critical component when architecting in the cloud. They create an identifying mechanism for the user to group, classify and order all their provisioned resources appropriately. Why Not: Option B is INCORRECT. AWS Resource groups enable the ordering of AWS resources into logicalgroupings. Resources can be ordered by application, environment or software component. Option C is INCORRECT. Flags are used in AWS CloudFormation. The option is inaccurate. Option D is INCORRECT. A tag key is only part of what makes up a resource tag. Each resource tag willhave a key and value string.
Which AWS service gives the user the ability to group AWS resources across different AWS Regions by application and then collectively view their operational data for monitoring purposes? A. Systems Manager B. Management Console C. Resource Groups D. Resource Access Manager (AWS RAM)
Correct Answer: A. Systems Manager Why: AWS Systems Manager allows users to control their AWS resources by unifying services into a user interface. One in which they can be able to view, automate and monitor operational tasks. Why Not: Option B is incorrect because the Manage Console is a web-based graphical user interface thatusers interact with when administering AWS services and resources. Option C is incorrect because Resource Groups are a collection of AWS resources within a single AWSRegion. In the scenario, the AWS resources are in different AWS Regions. Option D is incorrect because Resource Access Manager (AWS RAM) allows users to share resourceswith other AWS accounts or via AWS Organizations.
Which of the following is a factor when calculating Total Cost of Ownership (TCO) for the AWS Cloud? A. The number of servers migrated to AWS B. The number of users migrated to AWS C. The number of passwords migrated to AWS D. The number of keys migrated to AWS
Correct Answer: A. The number of servers migrated to AWS Why: Running servers will incur costs. The number of running servers is one factor of Server Costs- a keycomponent of AWS's Total Cost of Ownership (TCO). To estimate the cost for your AWS architecture solution, please refer to the below URL- https://calculator.aws/#/ . Why Not: B, C, and D are incorrect. These are not factors in AWS's Total Cost of Ownership.
Which of the following services can be used as an application firewall in AWS? A. AWS Snowball B. AWS WAF C. AWS Firewall D. AWS Protection
Correct Answer: AWS WAF Why: The AWS Documentation mentions the following: AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that areforwarded to Amazon CloudFront or an Application Load Balancer. AWS WAF also lets you control accessto your content. AWS Snowball, a part of the AWS Snow Family, is an edge computing, data migration, and edge storagedevice that comes in two options. Snowball Edge Storage Optimized devices provide both block storageand Amazon S3-compatible object storage, and 40 vCPUs.
Which of the following statements best describe the AWS Personal Health Dashboard? A. A concise representation of the general status of AWS services B. A service that prompts the user with alerts and notifications on AWS scheduled activities, pending issues, and planned changes. C. A minute-by-minute update of system outages and service errors on the AWS global infrastructure. D. A rolling log of all service interruptions across the AWS network and records of incidents persistent for a year.
Correct Answer: B. A service that prompts the user with alerts and notifications on AWS scheduled activities, pendingissues, and planned changes. Why: The Personal Health Dashboard is a tool that shows the status of AWS services running the user-specificresources. It is a graphical representation that sends alerts, notifications of any personal pending issues, Why Not: Option A is INCORRECT. It describes a general overview of the Service Health Dashboard. Option C is INCORRECT. It describes the Service Health Dashboard. Option D is INCORRECT. It describes the Status History of the Service Health Dashboard.
The development team is looking to offload SSL processing from existing Web servers. Which service can be used for this purpose? A. AWS Certificate Manager B. AWS Cloud HSM C. AWS KMS D. AWS Secrets Manager
Correct Answer: B. AWS Cloud HSM Why: AWS CloudHSM is a managed hardware security model for generating and managing encryption keys on the AWS cloud. Why Not: A: AWS Certificate Manager can be used to store & provision SSL/TLS certificates C: AWS KMS: Managed service for encrypting data D: AWS Secrets Manager: Used to implement secrets keys rotation policy.
Which of the following features can be used to preview changes to be made to an AWS resource which will be deployed using the AWS CloudFormation template? A. AWS CloudFormation Drift Detection B. AWS CloudFormation Change Sets C. AWS CloudFormation Stack Sets D. AWS CloudFormation Intrinsic Functions
Correct Answer: B. AWS CloudFormation Change Sets Why: AWS CloudFormation Change Set can be used to preview changes to AWS resources when a stack is executed. Why Not: Option A is incorrect as AWS CloudFormation Drift Detection is used to detect any changes made to resources outside of CloudFormation templates. It would not be able to preview changes that will be made by CloudFormation Templates. Option C is incorrect as these are groups of stacks that are managed together. Option D is incorrect as these Intrinsic Functions are used for assigning values to properties in CloudFormation templates.
There is an external audit being carried out on your company. The auditor needs to have a log of 'who made the requests' to the AWS resources from the company's account. Which of the following services can assist in providing these details? A. Amazon CloudWatch B. AWS CloudTrail C. Amazon EC2 D. Amazon SNS
Correct Answer: B. AWS CloudTrail Why: Using CloudTrail, one can monitor all the API activity conducted on all AWS services. The AWS Documentation additionally mentions the following: "AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditingof your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions acrossyour AWS infrastructure. CloudTrail provides the event history of your AWS account activity, includingactions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWSservices. This event history simplifies security analysis, resource change tracking, and troubleshooting.
Which of the following AWS services is suitable to be used as a fully managed data warehouse? A. Amazon Athena B. Amazon RedShift C. Amazon CloudWatch D. Amazon Relational Database Service (Amazon RDS)
Correct Answer: B. Amazon RedShift Why: Amazon Redshift is a fully managed, petabyte-scale data warehouse service. Why Not: Option A is INCORRECT because Amazon Athena is used to querying data and analyze big data in S3. Option C is INCORRECT because Amazon CloudWatch is used to monitor AWS resources, collect metrics, Option D is INCORRECT because it is a collection of managed services that makes it simple to set up, operate, and scale relational databases in the cloud.
Which of the following is the responsibility of the customer to ensure the availability and backup of the EBSvolumes? A. Delete the data and create a new EBS volume. B. Create EBS snapshots. C. Attach new volumes to EC2 Instances. D. Create copies of EBS Volumes.
Correct Answer: B. Create EBS Snapshots Why: Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved. When you create an EBS volume based on a snapshot, the new volume begins as an exact replica of the original volume that was used to create the snapshot. The replicated volume loads data in the background so that you can begin using it immediately. Why Not: Option A is incorrect because there is no need for backup of the volumes if data is already deleted. Option C is incorrect because attaching more EBS volumes doesn't ensure availability, if there is nosnapshot then the volume cannot be available to a different availability zone. Option D is incorrect EBS volumes cannot be copied, they can only be replicated using snapshots.
According to the AWS what is the benefit of Elasticity? A. Minimize storage requirements by reducing logging and auditing activities B. Create systems that scale to the required capacity based on changes in demand. C. Enable AWS to automatically select the most cost-effective services. D. Accelerate the design process because recovery from failure is automated, reducing the need for testing.
Correct Answer: B. Create systems that scale to the required capacity based on changes in demand. Why: Concept of elasticity = application has the ability to scale up and scale down based on demand. Ex: Autoscaling service.
Which of the following are advantages of having infrastructure hosted on the AWS Cloud? (Select TWO) A. Having complete control over the physical infrastructure B. Having the pay as you go model C. No Upfront costs D. No need to worry about security
Correct Answer: B. Having the pay as you go model C. No Upfront costs Why: The Physical infrastructure is the responsibility of AWS instead of the customer. Hence it is not anadvantage of moving to the AWS Cloud. And AWS provides security mechanisms, but even the responsibility of security lies with the customer.
Which of the following statements are incorrect regarding NoSQL databases? A. They are not relational. B. They need to have a well defined schema. C. NoSQL databases are horizontally scalable. D. Amazon DynamoDB is a NoSQL database that supports atomicity, consistency, isolation, and durability (ACID) transactions.
Correct Answer: B. They need to have a well defined schema. Why: NoSQL databases do not support a predefined schema like a relational database does (e.g. A record of type Book will have a fixed set of attributes defining a schema like ID, Name, Description, Author). Not defining a rigid schema allows NoSQL databases the flexibility to support semi-structured & unstructured data. Why Not: Option A is incorrect since NoSQL databases are not relational. They support data that are semi-structured or unstructured as compared to the structured nature of relational databases like Oracle,and MySQL. Option C is incorrect . NoSQL databases are usually run in compute node clusters with data beingpartitioned across these nodes. Partitioning happens automatically with an increase in database sizeresulting in horizontal scaling. Option D is incorrect. With support for ACID transactions, developers can extend the scale,performance, and other benefits of DynamoDB to a broader set of applications that require complexbusiness logic.
A startup company that works on social media app development would like to grant freelance developerstemporary access to its Lambda functions setup on AWS. These developers would be signing-in viaFacebook authentication. Which service is the most appropriate to grant secure access? A. Create user credentials using Identity Access Management (IAM). B. Use Amazon Cognito for web-identity federation. C. Use Access keys to provide temporary access. D. Use a third-party Web ID, federated access provider.
Correct Answer: B. Use Amazon Cognito for web-identity federation. Why: Amazon Cognito web identity federation service acts as a broker that allows authenticated users to access AWS resources. After successful authentication on platforms such as Facebook, LinkedIn, or Google Mail, users receive a temporary authentication code from Amazon Cognito, thereby gaining temporary access. Why Not: Option A is INCORRECT. The access required is temporary and not directly onto the AWS environment. Identity Access Management (IAM) users will be granted access directly using AWS-specified credentials. Option C is INCORRECT. Access keys are long-term credentials for an IAM user or the AWS account root user. These keys are not suitable for temporary access. Option D is INCORRECT. There is no need to take a third-party Web ID from federated access providers since Amazon has the Cognito service to perform that function.
An administrator would like to automate the creation of new AWS accounts for the organization's R&D department. New workloads need to be spun-up promptly and categorized into groups. How can this be achieved efficiently? A. Use of AWS CloudFormation would be sufficient B. Use of AWS Organizations C. Using the AWS API to programmatically create each account via command line interface (CLI). D. AWS Indentify Access Management (IAM)
Correct Answer: B. Use of AWS Organizations Why: These allow the user to automate the creation of new AWS accounts when they need to launch new workloads quickly. Why Not: A: CloudFormation does not aid in automated AWS account creation. It provides a common language for admin to descrive and provision all of the infrastructure resources in the cloud environment. C: AWS API: It's feasible, but not efficient. Helps manage AWS services from a command line and automate them through scripts. D. IAM allows you to create and manage AWS users and groups. You can use permissions to allow or deny their access to AWS resources.
What best describes the "Principle of Least Privilege"? Choose the correct answer from the options given below. A. All users should have the same baseline permissions granted to them to use basic AWS services. B. Users should be granted permission to access only resources they need to do their assigned job. C. Users should submit all access requests in written form so that there is a paper trail of who needs access to different AWS resources. D. Users should always have a little more permission than they need.
Correct Answer: B. Users should be granted permission to access only resources they need to do their assigned job.
Which Amazon Route 53 routing policy will be best suited to divert traffic in proportions to multiple resources? A. Latency routing policy B. Weighted routing policy C. Failover Routing Policy D. Multivalue Answer Routing Policy
Correct Answer: B. Weighted Routing Policy Why: Suitable to route traffic to multiple resources based upon weights defined. Useful when multiple resources are associated with a single domain name and traffic needs to route based upon weighted proportions to each of the resources. Why Not: A. Latency: suitable for routing based on lowest latency C. Failover: suitable for routing to a secondary resource only in case of failure in primary resource D. Multivalue: suitable to respond to multiple (up to eight) records for any query made to Route 53.
For which of the following scenarios are the Amazon Elastic Compute Cloud (Amazon EC2) Spot instances most appropriate? A. Workloads that are only run in the morning and stopped at night B. Workloads where the availability of the Amazon EC2 instances can be flexible C. Workloads that need to run for long periods of time without interruption D. Workloads that are critical and need Amazon EC2 instances with termination protection
Correct Answer: B. Workloads where the availability Why: Spot instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. Why Not: A, C, D: Since spot instances can be terminated by Amazon depending on market prices, they cannot be guaranteed to run during a specific period of time.
Which service can be best suited to import third-party SSL/TLS certificates that can be used to deploy on Amazon Elastic Load Balancer? A. AWS Artifacts B. AWS Secrets Manager C. AWS Certificate Manager D. AWS Systems Manager Parameter Store
Correct Answer: C. AWS Certificate Manager Why: Can be used to store & provision SSL/TLS certificates. Integrated with AWS resources like ELB. Why Not: A: Artifacts: Used to retrieve compliance related information for AWS infrastructure B: Secrets Manager: Used to implement secrets keys rotation policy. D: AWS System Manager Parameter Store: used to store configuration data and passwords in encrypted or plain text.
Which of the following services can be used to automate software deployments on a large number ofAmazon EC2 instance and on-premise servers? A. AWS CodePipeline B. AWS CloudFormation C. AWS CodeDeploy D. AWS Config
Correct Answer: C. AWS CodeDeploy Why: AWS CodeDeploy is a managed service that automates software deployment on a large scale to EC2instances and on-premise servers. Why Not: Option A is incorrect as AWS CodePipeline is a managed service for automation of delivery pipelinefor application updates. Option B is incorrect as AWS CloudFormation is used to automate infrastructure provisioning &updates. Option D is incorrect as AWS Config is used to audit configurations of AWS resources. as AWS CodePipeline is a managed service for automation of delivery pipeline for application updates.
While making changes to AWS resources e.g. adding a new Security Group Ingress rule, I need to capture &record all these changes that will be helpful during an audit. Which of the following AWS service helps me do that? A. AWS Trusted Advisor B. AWS CloudWatch C. AWS Config D. AWS CloudFormation
Correct Answer: C. AWS Config Why: AWS Config records & captures all configuration changes done to AWS resources using the Configuration Recorder. Configuration Items crated by AWS Config can be sent to S3 to be stored as log files. These log files can be retained depending on the S3 lifecycle policies defined & can be referred to during any audit. Using an automated configuration management tool helps an Organization to track compliance of its resources elegantly. Why Not: Option A is incorrect because AWS Trusted Advisor cannot record the details of configuration changes in the AWS account. Option B is incorrect because CloudWatch is a monitoring tool that captures different metrics like CPU utilization, Memory Utilization etc. Once the data is captured, they can then be used for creatingdashboards for displaying usage patterns, creating alarms for automating resource creation, e.g.creating a new EC2 instance due to average CPU utilization of an Auto Scaling group going above 70% Option D is incorrect because AWS CloudFormation is used for automating the creation of AWSresources in Organizations that are huge and use a complex infrastructure that may be difficult tocreate manually.
Which AWS service provides infrastructure security optimization recommendations? A. AWS Application Programming Interface (API) B. Reserved Instances C. AWS Trusted Advisor D. Amazon Elastic Computer Cloud (Amazon EC2) Spotfleet
Correct Answer: C. AWS Trusted Advisor Why: AWS Trusted Advisor is an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. Trusted advisor provides real time guidance to help you provision your resources following AWS best practices.
Which of the following AWS services does not permit penetration testing? A. Amazon EC2 instances B. AWS Fargate C. Amazon Route 53 D. AWS Lambda
Correct Answer: C. Amazon Route 53 Why: AWS customers can carry out penetration tests against their AWS infrastructure without prior approval forthe services listed below. Permitted Services:- 1. Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers 2. Amazon RDS 3. Amazon CloudFront 4. Amazon Aurora 5. Amazon API Gateways 6. AWS Fargate 7. AWS Lambda and Lambda Edge functions 8. Amazon Lightsail resources 9. Amazon Elastic Beanstalk environments
What is the AWS feature that enables fast, easy and secure transfers of files over long distances betweenyour client and your Amazon S3 bucket? A. File Transfer B. HTTP Transfer C. Amazon S3 Transfer Acceleration D. S3 Acceleration
Correct Answer: C. Amazon S3 Transfer Acceleration Why: Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront's globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3over an optimized network path. Why Not: Options A, B and D are incorrect. These features deal with transferring data but not between clients andan S3 bucket.
As per AWS global infrastructure, which of the following components within an AWS Region provides a lowlatency redundant connectivity? A. Data Centers B. Edge Location C. Availability Zones D. Regional Cache
Correct Answer: C. Availability Zones Why: Regions consist of 2 or more Availability Zones within a specific geographical area. These AvailabilityZones are physically isolated & connected via a low latency redundant link. Why Not: Option A is incorrect because Logical Data Center within each region is called an Availability Zones instead of a Data Center. Option B is incorrect because Edge locations are used by CloudFront CDN to deliver content to users with low latency. Option D is incorrect because Regional Caches are used by CloudFront which sit between edge locations & origin servers providing additional caching.
A Professional Educational Institution maintains a dedicated web server and database cluster that hosts an exam results portal undertaken by its students. The resource is idle for most of the learning cycle and becomes excessively busy when exam results are released. How can this architecture with servers be improved to be cost-efficient? A. Configure AWS Elastic load-balancing between the webserver and database cluster. B. Configure RDS multi-availability zone for performance optimization. C. Configure serverless architecture leveraging AWS Lambda functions. D. Migrate the web servers onto Amazon EC2 Spot Instances.
Correct Answer: C. Configure serverless architecture leveraging AWS Lambda functions. Why: Leveraging AWS Lambda functions will remove the need to run a dedicated web server for the organization. During periods of high requests to the database cluster, AWS lambda back-end infrastructure will automatically scale out resources to meet the demand adequately. AWS Lambda provides a platform to run code without provisioning or managing any servers. The organization pays only for the compute time they consume. There is no charge when your code is not running. Lambda functions can reduce the cost significantly. Why Not: Option A INCORRECT because the premise of the scenario is about cost-efficiency more than load andserver responsiveness. The addition of Elastic load balancing will increase the cost based on the numberof instances. So this option is not cheaper Option B is INCORRECT because RDS Multi-AZ helps with disaster recovery, enhanced availability, anddurability. However, the scenario requires a solution that reduces the cost of maintaining theorganization's infrastructure. Option D is INCORRECT because migrating to Amazon EC2 Spot Instances may negatively impact theservice during periods of high traffic. Instances could be terminated mid-transaction that would haveadverse effects on the overall user experience. This would not be a cost-effective solution. Spot Instances let you to take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up toa 90% discount compared to On-Demand prices. Spot Instances can reclaim the capacity back with twominutes of notice.
In which five categories does Trusted Advisor service provide insight for an AWS account? A. Security, fault tolerance, high availability, connectivity and Service Limits B. Security, access control, high availability, performance and Service Limits C. Performance, cost optimization, security, fault tolerance and Service Limits D. Performance, cost optimization, access control, connectivity and Service Limits
Correct Answer: C. Performance, cost optimization, security, fault tolerance and Service Limits Why: 5 Components of Trusted Advisor: Cost optimization It helps to save cost, such as recommending you to delete unused resources or use reserved capacity. Performance It can improve the performance of the services by ensuring to take advantage of provisioned throughput,and monitoring for overutilized Amazon EC2 instances. Security It can improve the security of the application by recommending you to enable AWS security features, and review your permissions. Fault tolerance It can increase the availability of the AWS application by recommending to take advantage of auto-scaling, health checks, multi-AZ Regions, and backup capabilities. Service quotas Service quotas also referred to as Service limits, are the maximum number of service resources oroperations that apply to an account or a Region. Trusted Advisor can notify you if you use more than 80%of a service quota.
When designing a highly available architecture, what is the difference between vertical scaling (scaling-up) and horizontal scaling (scaling-out)? A. Scaling up provides for high availability whilst scaling out brings fault-tolerance. B. Scaling out is not cost-effective compared to scaling up. C. Scaling up adds more resources to an instance, scaling out adds more instances. D. Autoscaling groups require scaling up whilst launch configurations use scaling out.
Correct Answer: C. Scaling up adds more resources to an instance, scaling out adds more instances. Why: In high availability architectures, Autoscaling is used to give elasticity to the design. Horizontal scaling(scaling-out) uses Autoscaling groups to increase processing capacity in response to changes in preset threshold parameters. It could involve adding more EC2 instances of a web server. Vertical scaling(scaling-up), which can create a single point of failure, involves adding more resources to a particular instance to meet demand. Why Not: Option A is INCORRECT. Scaling-up does not provide high availability. Adding more resources to one instance is often not a best-practice in architecture design. Option B is INCORRECT. Scaling-out is cost-effective since it involves adding more resources inresponse to demand and reducing resources (scaling down) when demand is low. Option D is INCORRECT. All Autoscaling groups require a launch configuration based on what resources would be provisioned or deprovisioned to meet predefined parameters.
Which is the correct statement for spot price with respect to spot instance? A. Spot price is static & changes every 6 hours B. Spot price is static & changes every 24 hours C. Spot price varies based upon demand D. Spot price is always less than Spot Instance request.
Correct Answer: C. Spot price varies based upon demand Why Not: A: Depends on demand. B: Does not change very 24 hours D: When spot price exceeds spot request, instance gets terminated.
A new department has recently joined the organization and the administrator needs to compose access permissions for the group of users. Given that they have various roles and access needs, what is the best-practice approach when granting access? A. After gathering information on their access needs, the administrator should allow every user toaccess the most common resources and privileges on the system. B. The administrator should grant all users the same permissions and then grant more upon request. C. The administrator should grant all users the least privilege and add more privileges to only to thosewho need it. D. Users should have no access and be granted temporary access on the occasions that they needto execute a task.
Correct Answer: C. The administrator should grant all users the least privilege and add more privileges to only to those who need it. Why: The best-practice for AWS Identity Access Management (IAM) is to grant the least amount of permissions on the system only to execute the required tasks of the user's role. Additional permissions can be granted per user according to the tasks they wish to perform on the system. Why Not: Option A is incorrect because granting users access to the most common resources presents security vulnerabilities, especially from those who have access to resources they do not need. Option B is incorrect because granting users the same privileges on the system means other users might get access to resources they do not need to carry out their job functions. This presents a security risk. Option D is incorrect because the users are part of the organization; it will be cumbersome for the administrator to create temporal access passes for internal staff constantly.
A radio station compiles a list of the most popular songs each year. The songs are frequently fetched within 180 days. After that, the users will have a default retrieval time of 12 hours for downloading the files. The files should be stored for over 10 years. Which is the most cost-effective object storage after 180 days? A. Amazon S3 Glacier B. Amazon S3 One Zone - Infrequently Accessed C. Amazon S3 Glacier Deep Archive D. Amazon S3 Standard - Infrequently Accessed
Correct Answer: C: Amazon S3 Glacier Deep Archive Why: It is the most cost-effective object storage to implement because the information will be rarely accessed and when it is accessed, it's retrieval period will not be instant. Why Not: A: Amazon S3 Glacier is NOT the answer because the info might not be referred to again after it was created. S3 Glacier is appropriate to a certain degree, but not the most cost efficient option. B: Amazon S3 One Zone: Infrequently accessed is suitable for info that warrants a short retrieval time. D: Amazon S3 standard - Infrequently accessed is not a cost-effective option since the list of songs will only be relevant once and then rarely accessed again.
Which service can be used to download AWS's security & compliance documents? A. AWS Well-Architected Tool B. AWS Audit Manager C. AWS Trusted Advisor D. AWS Artifact
Correct Answer: D. AWS Artifact Why: Users can use AWS Artifact to download AWS security & compliance documents. Consists of reports such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organizational Control (SOC). Why Not: - A: AWS Well-Architected Tool can be used for architectural best practices and guidance. It canNOT be used to download AWS security & compliance documents. - B: AWS Audit Manager is used for auditing AWS usage and building audit reports for risk and compliance. - C: AWS Trusted Advisor provides recommendations to follow AWS best practices which will enhance performance & security, provide fault tolerance, reduce cost & monitor service limits.
A web administrator maintains several public and private web-based resources for an organization. Which service can they use to keep track of the expiry dates of SSL/TLS certificates as well as updating and renewal? A. AWS Data Lifecycle Manager B. AWS License Manager C. AWS Firewall Manager D. AWS Certificate Manager
Correct Answer: D. AWS Certificate Manager Why: The AWS Certificate Manager allows the web administrator to maintain one or several SSL/TLS certificates, both private and public certificates including their update and renewal so that the administrator does not worry about the imminent expiry of certificates. Why Not: Option A is INCORRECT . The AWS Lifecycle Manager creates life cycle policies for specified resourcesto automate operations. Option B is INCORRECT. AWS License Manager serves the purpose of differentiating, maintaining third-party software provisioning vendor licenses. It also decreases the risk of license expirations and the penalties. Option C is INCORRECT. AWS Firewall Manager aids in the administration of Web Application Firewall(WAF), by presenting a centralized point of setting firewall rules across different web resources.
A company needs to know which user was responsible for terminating serveral critical Amazon Elastic Compute Cloud (EC2) instances. Where can the customer find this information? A. AWS Trusted Advisor B. Amazon EC2 Instance Usage Report C. Amazon CloudWatch D. AWS CloudTrail Logs
Correct Answer: D. AWS CloudTrail Logs Why: Using CloudTrail, one can monitor all of the API activity conducted on all AWS services. Can log, continously monitor, and retain acocunt activity related to actions across your AWS Infrastructure.
Which tool can you use to forecast your AWS spending? A. AWS Organizations B. Amazon Dev Pay C. AWS Trusted Advisor D. AWS Cost Explorer
Correct Answer: D. AWS Cost Explorer Why: Cost explorer is a free tool that you can use to view your costs. You can view data up to the last 12 months. You can forecast how much you are likely to spend for the next 12 months. You can use it to see patterns as well. Why Not: A, B, and C do not relate to billing and costs.
An organization has a persistently high amount of throughput. It requires connectivity with no jitter and very low latency between its on-premise infrastructure and its AWS cloud build to support live streaming and real-time services. What is the MOST appropriate solution to meet this requirement? A. AWS Data Streams B. AWS Kinesis C. Kinesis Data Firehose D. AWS Direct Connect
Correct Answer: D. AWS Direct Connect Why: AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from the organization's premises to AWS. The service provides a dedicated network connection with one of the AWS Direct Connect locations. It makes it possible to guaranteed high bandwidth and very low latency connectivity. Why Not: Option A is INCORRECT because the scenarios require a connectivity option. But Amazon Kinesis DataStreams (KDS) is a massively scalable and durable real-time data streaming service. It does not guarantee the quality of connectivity between the organizations on-premise infrastructure and the AWS cloud build. The data KDS collects is available in milliseconds to enable real-time analytics use cases such as real-time dashboards, real-time anomaly detection, dynamic pricing, and more. Option B is INCORRECT because the organization requires a connectivity solution and not an application service. Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data to get timely insights and react quickly to new information. Option C is INCORRECT because Amazon Kinesis Data Firehose is used to load streaming data into various destinations like data lakes, data stores and analytics tools. However, the service does not guarantee link quality between the organization's on-premise infrastructure and the AWS cloud.
Development Team has purchased a new application with limited licenses. Administrator wants to be alerted when usage of license is exceeded on Amazon EC2 instance. Which service can be used to meet this requirement? A. AWS Control Tower B. AWS Config C. AWS Service Catalog D. AWS License Manager
Correct Answer: D. AWS License Manager Why: It provisions & tracks license usage across multiple AWS accounts & also on-premises environments. It helps send an alert to an Admin when license usage exceeds the limit. Why Not: A: AWS Control Tower: helps set-up & manage a multi-account AWS environment. It does NOT track license usage. B: AWS Config: Used for evaluating configuration on the resources deployed in AWS cloud. C: AWS Service Catalog: Used to create & deploy portfolio of products within AWS infrastructure.
I have a client who is moving their on-premise workloads to AWS. Since they are very cost conscious, they would like to get first hand information on their expenses they will incur while using AWS services. Which of the following will help them do that? A. AWS Cost Explorer B. AWS Organizations C. AWS Budgets D. AWS Pricing Calculator
Correct Answer: D. AWS Pricing Calculator Why: Through AWS pricing calculator, client can estimate costs that they will incur for various AWS services. Why Not: A. Cost Explorer: Helps users to view graph displays of cost of your billing data and analyze them & get forecast for likely spend in the next 12 months. B: AWS Organizations: allows clients to consolidate multiple AWS accounts that they may own into an Organization that they can centraly control many parameters like Account Billing, etc. C: AWS budgets helps clients to plan their service usage, service costs and get informed alerts when the costs reach a certain threshold.
A file-sharing service uses Amazon S3 to store files uploaded by users. Files are accessed with random frequency. Popular ones are downloaded every day whilst others not so often and some rarely. What is the most cost-effective Amazon S3 object storage class to implement? A. Amazon S3 Standard B. Amazon S3 Glacier C. Amazon S3 One-Zone Infrequently Accessed D. Amazon S3 Intelligent-Tiering
Correct Answer: D. Amazon S3 Intelligent Tiering Why: S3 intelligent tiering is a new Amazon S3 storage class designed for customers who want to optimize storage costs automatically when data access patterns change, without performance impact or operational overhead. Moves data between two access tiers: Frequent access and infrequent access. Why Not: A: S3 would be ineffcient class for storing objects that will be accessed rarely. B: Glacier storage would present operational bottlenecks since these objects would not be available instantly. C: Storing objects that are rarely accessed and those that would be accssed frequently in S3 would be inefficient.
Which option best suits the implementation of an Amazon RDS database instance instead of aNoSQL/non-relational database? A. Where datasets are constantly evolving and cannot be confined to a static data schema. B. Where vertical scaling of the database's resources is not permissible and is seldom necessary. C. In an organization whose datasets are dynamic and document-based. D. In an organization where only a finite number of processes query the database in predictable and well-structured Schemas.
Correct Answer: D. In an organization where only a finite number of processes query the database in predictable andwell-structured Schemas. Why: Amazon Relational databases service (RDS) is best suited in scenarios where the dataset and forms are consistent such that their data schema is persistently valid. It is best to deploy in an environment where the load can be anticipated and is somewhat finite. Amazon RDS engines include Amazon Aurora, MariaDB, PostgreSQL- Why Not: Option A is INCORRECT because Amazon RDS engines are inappropriate in a scenario where datasets are constantly evolving and the data schema is flexible. NoSQL/non-relational databases fit this use case. Option B is INCORRECT because Amazon Relational Database service engines will scale up with the increase in load. It is often necessary as the traffic patterns to the database increases. Option C is INCORRECT because in a scenario where the datasets are dynamic and document-based, the use of JSON and not SQL is appropriate. Therefore non-relational/NoSQL database engines such as Amazon DynamoDB are suitable.
A weather tracking system is designed to track weather conditions of any particular flight route. Flight travelers all over the world make use of this information prior to booking their flights. Travelers expect quick turnaround time in which the weather display & flight booking will happen which is critical to their business. You have designed this website and are using AWS Route 53 DNS. The routing policy that you will apply to this website is: A. GeoLocation routing policy B. Failover routing policy C. Multivalue answer routing policy D. Latency based routing policy
Correct Answer: D. Latency based routing policy Why: On reading the scenario carefully, we can see here that the website's performance is of prime importanceto its users. It gives them a lot of business value, enabling them to choose their flight paths and make flightbookings on time. So, "Latency based routing" is the best answer to this scenario. Why Not: Option A is incorrect because GeoLocation routing is often used to localize content and present thewebsite in the language of its users. Geolocation routing lets you choose the resources that serveyour traffic based on your users' geographic location, meaning the location that DNS queriesoriginate from. For example, you might want all queries from Europe to be routed to an ELB loadbalancer in the Frankfurt region irrespective of latency in that region. Option B is incorrect because Failover routing is usually used in Disaster Recovery scenarios where anActive-Passive Disaster recovery configuration is present & the Passive resource that was originallythe Backup resource has now become the Active resource due to the original Active resource beingunhealthy. Option C is incorrect since Multivalve answer routing provides the ability to return multiple health-checkable IP addresses which is a way to use DNS to improve availability and load balancing.
Which of the following is an optional Security layer attached to a subnet within a VPC for controlling traffic in & out of the VPC? A. VPC Flow Logs B. Web Application Firewall C. Security Group D. Network ACL
Correct Answer: D. Network ACL Why: Network ACL can be additionally configured on subnet level to control traffic in & out of the VPC. Why Not: A: VPC Flow Logs waill capture info about IP traffic in & out of a VPC. B: Web Application Firewall (WAF) can be configured to protect web applications from common security threats. It can be deployed on devices such as Amazon CloudFront, Application Load Balancer, and Amazon API Gateway. C: Security Groups are attached at instance level & not at the subnet level.
Which of the following is a situation that would require using both Spot and Reserved EC2 Instances? A. A build that has sudden unpredictable workload spikes but for a short time horizon. B. One in which there is a predictable resource demand over a long time horizon. C. One that has unpredictable spikes for a long time. D. One that has a constantly predictable workload with brief unpredictable spikes.
Correct Answer: D. One that has a constantly predictable workload with brief unpredictable spikes. Why: In cases that are characterised by a constantly predictable workload with brief unpredictable spikes,Amazon EC2 Reserved Instances would be the most cost-effective to meet the constantly predictableworkload. Whilst Spot Instances in an auto-scaling group would suffice to meet the demands of the build. Why Not: Option A is INCORRECT because this use case would be cost-effectively serviced by Amazon EC2Reserved Instances with on-demand instances in an Auto Scaling group to meet the resourcedemands of the spike. Option B is INCORRECT because this use case would be cost-effectively serviced by Amazon EC2Reserved Instances alone. Option C is INCORRECT because this use case would be cost-effectively serviced by Amazon EC2 On-demand Instances in an Auto Scaling group to meet the resource demands of the spike.
There is a requirement to host a database server for a minimum period of one year. Which of the followingwould result in the least cost? A. Spot Instances B. On-Demand C. No Upfront costs Reserved D. Partial Upfront costs Reserved
Correct Answer: D. Partial Upfront costs Reserved Why: If the database is going to be used for a minimum of one year at least, it is better to get Reserved Instances. You can save on costs if you use partial upfront options. Why Not: A is incorrect . Spot instances can be terminated with fluctuations in market prices. Unless the question specifies a use case where high availability is not a requirement, this cannot be assumed. B is incorrect . On-Demand is not the most cost-efficient solution. C is incorrect . No upfront payment is required. However, it's a costlier option than Partial/All upfrontpayment.
Which of the following routing policies can be used to provide the best performance to global users accessing a static website? A. Use Route 53 weighted routing policy. B. Use Route 53 latency routing policy. C. Use Route 53 Geoproximity routing policy. D. Use Route 53 Geolocation routing policy.
Correct Answer: D. Use Route 53 Geolocation routing policy. Why: Route 53 Geolocation routing policy can be used to route traffic based upon user location. Why Not: Option A is incorrect as Route 53 weighted routing policy is used to distribute requests betweenmultiple resources based upon the weight of each record. Option B is incorrect as Route 53 latency routing policy can be used to provide the least latency whenresources are deployed in multiple regions. Option C is incorrect as Route 53 Geoproximity routing policy can be used to route traffic based uponthe location of the resource.
Which of the following statements regarding billing, cost optimization and cost management in AWS is accurate? A. When considering migrating to the cloud, the AWS Total Cost of Ownership (TCO) calculator is guaranteed to save up to 80% of the cost of running on-premise infrastructure. B. In AWS Budgets, utilizing Cost and Usage budgets will optimize and reduce the overall spend by 79%. C. The AWS Pricing Calculator will workout a revised bill that can reduce the overall spend by 60% ifyou commit to a long-term usage plan. D. When using Savings Plans, 72% savings can be made on Amazon EC2, AWS Fargate, and AWS Lambda usage.
Correct Answer: D. When using Savings Plans, 72% savings can be made on Amazon EC2, AWS Fargate, and AWS Lambda usage. Why: Savings Plans are flexible discount pricing models that offer reduced rates if the customer commits to one year or three-year consistent usage. These are confined to Amazon EC2, AWS Fargate, and AWS Lambda usage. Why Not: Option A is INCORRECT because the AWS Total Cost of Ownership (TCO) calculator is an estimation tool. It does not guarantee saving up 80% of the cost of running on-premise infrastructure. However, the tool allows the customer to estimate and anticipate their total AWS spend according the their use case. Option B is INCORRECT because in AWS Budgets, utilizing Cost and Usage budgets will give the customer foresight into how much they would like to use and spend on their AWS services. Utilizing this service will not reduce the overall spend by an exact percentage. Therefore this statement is inaccurate. Option C is INCORRECT because the AWS Pricing Calculator does not revise the customer bill. It allows the customer to derive an estimation of the cost of their AWS resources before the costs are incurred. Therefore this statement is inaccurate.
Which of the following is a customer responsibility under AWS Shared Responsibility Model? A. Patching a host OS deployed on Amazon S3 B. Logical access controls for underlying infrastructure C. Physical Security of the facilities. D. Patching of guest OS deployed on Amazon EC2 instance
Correct Answer: D: Patching of guest OS deployed on Amazon EC2 Instance. Why: Under the AWS shared responsibility model, AWS takes care of infrastructure configuration &management while customers must take care of the resources they launched within AWS. Why Not: Option A is incorrect. Amazon S3 is part of the infrastructure layer & Patching of hostOS/Configuration for Amazon S3 is responsibility of AWS. Option B is incorrect. AWS has the responsibility for the Logical Access controls for the underlying infrastructure. Option C is incorrect. Physical Security of the facilities is AWS responsibility.
Which AWS services can be used to store files? Choose 2 answers from the options below: A. Amazon Cloud Watch B. Amazon Simple Storage Service (Amazon S3) C. Amazon Elastic Block Store (Amazon EBS) D. AWS Config E. Amazon Athena
Correct Answers: B. Amazon Simple Storage Service (Amazon S3) C. Amazon Elastic Block Store (Amazon EBS) Why? B: S3 is object storage built to retrieve any amount of data from anywhere. C: EBS provides persistent block storage volumes for use with EC2 instances. Why Not? A: CloudWatch = performance monitoring D: AWS Config = Used to audit and monitor configuration changes E: Athena = serverless query service used to analyze BigData stored in S3
What is a valid difference between AWS Global Accelerator and Amazon CloudFront? Choose TWO responses. A. AWS Global Accelerator uses the Anycast techniques to accelerate latency-sensitive applicationsAmazon CloudFront uses Unicast. B. Amazon CloudFront makes use of Edge Locations and edge infrastructure, whilst AWS GlobalAccelerator does not. wrong C. AWS Global Accelerator does not include the content caching capability that Amazon CloudFrontdoes. right D. AWS Global Accelerator is suitable for applications that are non-HTTP/S such as VoIP, MTTQ andgaming whereas Amazon CloudFront enhances the performance of HTTP-based content such asdynamic web applications, images and videos. right E. For the resource endpoint, Amazon CloudFront offers static public IP addresses whilst AWS GlobalAccelerator does not. wrong
Correct Answers: C. AWS Global Accelerator does not include the content caching capability that Amazon CloudFrontdoes. right D. AWS Global Accelerator is suitable for applications that are non-HTTP/S such as VoIP, MTTQ andgaming whereas Amazon CloudFront enhances the performance of HTTP-based content such asdynamic web applications, images and videos. Why: AWS Global Accelerator uses the highly available, high-speed AWS global network and anycast routingtechniques to greatly improve the availability and network performance of the customer application. Byleveraging Edge Locations and edge infrastructure traffic to and from customer application endpointsingresses and egresses the AWS global network at geographically closer locations to clients. AmazonCloudFront is a content delivery network (CDN) that improves the performance of cacheable web content, like videos, images, using content caches at Edge Locations. Why Not: Option A is INCORRECT because Amazon CloudFront does not use Unicast techniques. Instead, it usesa content caching mechanism in delivering enhanced web application performance. Option B is INCORRECT because both AWS Global Accelerator and Amazon CloudFront service makeuse of Edge Locations and edge infrastructure on the AWS Global network. Option E is INCORRECT because Global Accelerator provides static public IP addresses for thecustomer resource endpoints, whilst the fully-qualified domain name of the Amazon CloudFrontdistribution can resolve to dynamic public IP addresses.