AWS Cloud Practitioner Quiz - Udemy course credit to...
Which Global Infrastructure identity is composed of one or more discrete data centers with redundant power, networking, and connectivity, and are used to deploy infrastructure? a) Edge Locations b) Availability Zones c) Regions
b) Availability Zones
Where are objects stored in Amazon S3? a) Folders b) Buckets c) Files d) Bin
b) Buckets Buckets store objects in Amazon S3.
When you reserve, the larger the upfront payment, the smaller the discount. a) True b) False, the upfront payment does not matter on the discount c) False, the larger the upfront, the bigger the discount
c) False, the larger the upfront, the bigger the discount
What do Resource Groups rely on to group your resources? a) Labels b) Categories c) Tags d) Stickers
c) Tags You can assign metadata to your AWS resources in the form of tags. Tags can help you manage, identify, organize, search for, and filter resources.
Which AWS service makes it easy to convert speech-to-text? a) Connect b) Translate c) Transcribe d) Polly
c) Transcribe Amazon Transcribe is an AWS service that makes it easy for customers to convert speech-to-text.
A company needs two VPCs to communicate with each other. What can they use? a) VPC Endpoints b) AWS Direct Connect c) Internet Gateway d) VPC Peering
d) VPC Peering VPC Peering connection is a networking connection between two VPCs using AWS' network.
How long can you reserve an EC2 Reserved Instance? a) 1 or 3 years b) 2 or 4 years c) 6 months or 1 year d) Anytime between 1 and 3 years.
a) 1 or 3 years 1 year or 3 years terms are available for EC2 Reserved Instances.
How would you describe Amazon CloudWatch Logs? a) A single, highly scalable service that centralizes the logs from all of your systems, applications, and AWS services that you use b) A service that provides a real-time stream of system events that describe changes in AWS resources c) A service that enables governance, compliance, operational auditing, and risk auditing of your AWS account d) A service that lets you run code without provisioning or managing servers
a) A single, highly scalable service that centralizes the logs from all of your systems, applications, and AWS services that you use You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources.
According to the Shared Responsibility Model, who is responsible for protecting hardware? a) AWS b) The customer c) AWS and the customer
a) AWS AWS is responsible for protecting hardware. AWS is responsible for "Security OF the Cloud". AWS is also responsible for the infrastructure that runs all services in the AWS Cloud, etc.
What is a proper definition of IAM Roles? a) An IAM entity that defines a set of permissions for making AWS service requests, that will be used by AWS services b) IAM Users in multiple Groups c) A password policy d) Permissions assigned to Users to perform actions
a) An IAM entity that defines a set of permissions for making AWS service requests, that will be used by AWS services Some AWS service will need to perform actions on your behalf. To do so, you assign permissions to AWS services with IAM Roles.
Where can you find on-demand access to AWS compliance documentation and AWS agreements? a) Artifact b) Personal Health Dashboard c) Secrets Manager d) Shared Responsibility Model
a) Artifact AWS Artifact is your go-to, central resource for compliance-related information that matters to you.
A company would like to secure network communications using SSL & TLS certificates. Which AWS service can it use? a) Certificate Manager (ACM) b) Secrets Manager c) Macie d) WAF
a) Certificate Manager (ACM) AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.
A new startup would like an online integrated development environment (IDE) to write, run, and debug code. Which AWS service can help with this task? a) Cloud9 b) OpsWorks c) CodeArtifact d) CodeStar
a) Cloud9 AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser.
Which AWS service is the key to Operational Excellence? a) CloudFormation b) EC2 c) OpsWork d) CodeDeploy
a) CloudFormation CloudFormation is a key service to Operational Excellence as it prepares, operates, and evolves, but also performs operations as code.
If a resource is deleted in AWS, which service should you use to investigate first? a) CloudTrail b) CloudWatch Logs c) Personal Health Dashboard
a) CloudTrail CloudTrail can record the history of events/API calls made within you AWS account, which will help determine who or what deleted the resource. You should investigate it first.
Which AWS managed service allows to automate software deployments to a hybrid mix of EC2 Instances and On-Premises servers? a) CodeDeploy b) CloudFormation c) Elastic Beanstalk d) CodeStar
a) CodeDeploy AWS CodeDeploy is a service that automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises.
A company would like to deploy a high-performance computing (HPC) application on EC2. Which EC2 instance type should it choose? a) Compute Optimized b) Storage Optimized c) Memory Optimized d) General Purpose
a) Compute Optimized Compute Optimized EC2 instances are great for compute-intensive workloads requiring high performance processors, such as batch processing, media transcoding, high performance web servers, high performance computing, scientific modeling & machine learning, and dedicated gaming servers.
You want to record configurations and changes over time. Which service allows you to do this? a) Config b) Inspector c) GuardDuty d) Secrets Manager
a) Config AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
You would like to automatically set up and govern a secure multi-account AWS environment with best practices for your organization. Which AWS tool can you use? a) Control Tower b) Organizations c) Trusted Advisor d) Security Hub
a) Control Tower AWS Control Tower offers the easiest way to set up and govern a new, secure, multi-account AWS environment. It establishes a landing zone that is based on best-practices blueprints, and enables governance using guardrails you can choose from a pre-packaged list.
A company would like to use their on-premises Microsoft Active Directory to connect to its AWS resources. Which service can it use? a) Directory Services b) Single Sign-On c) Direct Connect d) Cognito
a) Directory Services AWS Directory Service makes it easy for you to setup and run directories in the AWS cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory.
A company would like to set up a fully managed MongoDB database. Which AWS database is best-suited for this task? a) DocumentDB b) ElastiCache c) RDS d) Neptune
a) DocumentDB Amazon DocumentDB (with MongoDB compatibility) is a fast, calable, highly available, and fully managed document database service that supports MongoDB workloads.
You would like to set up a NoSQL database that can scale with no downtime and can handle millions of requests per second. Which AWS database is best suited for this work? a) DynamoDB b) RDS c) Redshift d) Athena
a) DynamoDB DynamoDB is a fast and flexible non-relational database service for any scale. It can scale with no downtime, it can process millions of requests per second, and is fast and consistent in performance.
How can you create Hadoop clusters to analyze and process a vast amount of data? a) EMR b) Athena c) EC2 Instances d) Redshift
a) EMR Amazon EMR is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. EMR helps creating Hadoop clusters (Big Data) to analyze and process vast amount of data
Which service is referred to as a Platform as a Service (PaaS)? a) Elastic Beanstalk b) OpsWorks c) CloudFormation d) EC2
a) Elastic Beanstalk Elastic Beanstalk is a Platform as a Service (PaaS). You only manage data and applications. AWS Elastic Beanstalk makes it even easier for developers to quickly deploy and manage applications in the AWS Cloud
What should you do to increase your root account security? a) Enable Multi-Factor Authentication (MFA) b) Remove permissions from the root account c) Use AWS only through the Command Line Interface (CLI)
a) Enable Multi-Factor Authentication (MFA) You want to enable MFA in order to add a layer of security, so even if your password is stolen, lost or hacked your account is not compromised.
You should use Amazon Transcribe to turn text into lifelike speech using deep learning. a) True b) False
a) False Amazon Transcribe is an AWS service that makes it easy for customers to convert speech-to-text. Amazon Polly is a service that turns text into lifelike speech.
Which of the following are design principles of Performance Efficiency? a) Go global in minutes & experiment more often b) Analyze and attribute expenditure & stop spending money on data center operations c) Make frequent, small, reversible changes & anticipate failure d) Automate security best practices & keep away people from data
a) Go global in minutes & experiment more often Performance Efficiency design principles include: democratize advanced technologies, go global in minutes, use serverless architecture, experiment more often, mechanical sympathy.
Auto Scaling in EC2 and DynamoDB are examples of? a) Horizontal scaling b) Vertical scaling
a) Horizontal scaling Auto Scaling in EC2 allows you to have the right number of instances to handle the application load. Auto Scaling in DynamoDB automatically adjusts read and write throughput capacity, in response to dynamically changing request volumes, with zero downtime. These are both examples of horizontal scaling.
Which of the following is an IAM Security Tool? a) IAM Credentials Report b) IAM Root Account Manager c) IAM Services Report d) IAM Security Advisor
a) IAM Credentials Report IAM Credentials report lists all your account's users and the status of their various credentials. The other IAM Security Tool is IAM Access Advisor. It shows the service permissions granted to a user and when those services were last accessed.
Which services are free to use in AWS? a) IAM, VPC, Consolidated Billing, and Elastic Beanstalk b) Elastic Beanstalk, CloudFormation, Auto Scaling Groups, and Lambda c) SNS, SQS, IAM, VPC d) All services have a free tier included
a) IAM, VPC, Consolidated Billing, and Elastic Beanstalk These services are free to use. Be careful, the resources created in Elastic Beanstalk (as well as in CloudFormation and Auto Scaling Groups) are not free.
Which of the following services can you use to discover and protect your sensitive data in AWS? a) Macie b) Shield c) Artifact d) X-Ray
a) Macie Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS, such as personally identifiable information (PII) or intellectual property.
Which type of firewall has both ALLOW and DENY rules and operates at the subnet level? a) Network Access Control List (NACL) b) Web Application Firewall (WAF) c) Security Groups d) GuardDuty
a) Network Access Control List (NACL) A network access control list (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. They have both ALLOW and DENY rules.
A start-up would like to rapidly create customized user experiences. Which AWS service can help? a) Personalize b) Kendra c) Connect
a) Personalize Amazon Personalize is a machine learning service that makes it easy for developers to create individualized recommendations for customers using their applications.
Which AWS service is an immutable ledger database? a) QLDB b) EMR c) Managed Blockchain d) Inspector
a) QLDB Amazon QLDB is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log owned by a central trusted authority. Amazon QLDB tracks each and every application data change and maintains a complete and verifiable history of changes over time.
Which AWS serverless service can use machine learning-powered business intelligence to create interactive dashboards such as business analytics? a) QuickSight b) Aurora c) Athena d) Managed Blockchain
a) QuickSight Amazon QuickSight is a fast, cloud-powered business intelligence (BI) service that makes it easy for you to deliver insights to everyone in your organization. You can create and publish interactive dashboards.
You would like to find objects, people, text, or scenes in images and videos. What AWS service should you use? a) Rekognition b) Polly c) Kendra d) Lex
a) Rekognition Amazon Rekognition makes it easy to add image and video analysis to your applications using proven, highly scalable, deep learning technology that requires no machine learning expertise to use.
Which EC2 Purchasing Option should you use for an application you plan on running on a server continuously for 1 year? a) Reserved Instances b) Spot Instances c) On-demand Instances d) Convertible Instances
a) Reserved Instances Reserved Instances are good for long workloads. You can reserve instances for 1 or 3 years.
A developer would like to build, train, and deploy a machine learning model quickly. Which service can he use? a) SageMaker b) Polly c) Comprehend d) Personalize
a) SageMaker Amazon SageMaker is a fully managed service that provides every developer and data scientist with the ability to build, train, and deploy machine learning (ML) models quickly. SageMaker removes the heavy lifting from each step of the machine learning process to make it easier to develop high quality models.
What can you use to estimate the cost of your architecture solution? a) Simple Monthly Calculator/Pricing Calculator b) Cost and Usage Reports c) Total Cost of Ownership (TCO) d) Trusted Advisor
a) Simple Monthly Calculator/Pricing Calculator The AWS Simple Monthly Calculator is an easy-to-use online tool that enables you to estimate their architecture solution monthly cost of AWS services for your use case based on your expected usage. It is being replaced by AWS Pricing Calculator.
Which service is a fully managed pub/sub messaging service that makes it easy to set up, operate, and send notifications from the cloud, using a push-based system? Simple Notification Service (SNS) Simple Queue Service (SQS) Auto Scaling Groups (ASG) a) Simple Notification Service (SNS) b) Simple Queue Service (SQS) c) Auto Scaling Groups (ASG)
a) Simple Notification Service (SNS) Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. It uses a push-based system.
A non-profit organization needs to regularly transfer petabytes of data to the cloud and to have access to local computing capacity. Which service can help with this task? a) Snowball Edge - Storage Optimized b) Snowball Edge - Compute Optimized c) Snowcone d) Snowmobile
a) Snowball Edge - Storage Optimized Snowball Edge Storage Optimized devices are well suited for large-scale data migrations and recurring transfer workflows, as well as local computing with higher capacity needs.
A company would like to create 3D applications for its customers. Which AWS service can it use? a) Sumerian b) SageMaker c) Polly d) Elastic Transcoder
a) Sumerian Amazon Sumerian is a managed service that lets you create and run 3D, Augmented Reality (AR) and Virtual Reality (VR) applications. You can build immersive and interactive scenes that run on AR and VR, mobile devices, and your web browser.
Which of the following statements is TRUE? a) The AWS CLI can interact with AWS using commands in your command-line shell, while the AWS SDK can interact with AWS programmatically. b) The AWS SDK can interact with AWS using commands in your command-line shell, while the AWS CLI can interact with AWS programmatically.
a) The AWS CLI can interact with AWS using commands in your command-line shell, while the AWS SDK can interact with AWS programmatically.
Under the Shared Responsibility Model, who is responsible for operating-system patches and updates on EC2 Instances? a) The customer b) AWS c) Both AWS and the customer
a) The customer The customer is responsible for operating-system patches and updates on EC2 Instances, as well as data security on the instances, Security Groups rules, etc.
You can use Kinesis to perform real-time analysis from video streams. a) True b) False
a) True Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. Kinesis offers four services: Data Firehose, Data Analytics, Data Streams, Video Streams.
CloudFormation and Elastic Beanstalk are free of use. a) True b) False
a) True CloudFormation and Elastic Beanstalk are free of use, but you do pay for the resources created.
An EBS Volume is a network drive you can attach to your instances while they run, so your instances' data persist even after their termination. a) True b) False
a) True EBS Volumes allows instances' data to persist even after their termination.
EBS Volumes CANNOT be attached to multiple EC2 instances at a time. a) True b) False
a) True EBS Volumes can be attached to only one EC2 Instance at a time, but EC2 Instances can have multiple EBS Volumes attached to them.
RDS Multi-AZ deployments' main purpose is high availability, while RDS Read replicas' main purpose is scalability. a) True b) False
a) True RDS Multi-AZ deployments' main purpose is high availability, and RDS Read replicas' main purpose is scalability. Moreover, Multi-Region deployments' main purpose is disaster recovery and local performance.
The Enterprise Support Plan comes with a business-critical system down response under 15 minutes and offers access to a Technical Account Manager, as well as a Concierge Support Team. a) True b) False
a) True The Enterprise Support Plan comes with a business-critical system down response under 15 minutes and offers access to a Technical Account Manager, as well as a Concierge Support Team. It is the only plan to have these features.
EBS Snapshots are added cost in GB per month. a) True b) False
a) True The added data storage by EBS Snapshots are added cost in GB per month to EBS pricing. Other EBS pricing factors are: Volume type, Provisioned storage volume, IOPS, etc.
With which services does CloudFront integrate to protect against web attacks? a) WAF & Shield b) WAF & IAM c) IAM & Shield d) Security Groups & WAF
a) WAF & Shield You can use AWS WAF web access control lists (web ACLs) to help minimize the effects of a distributed denial of service (DDoS) attack. For additional protection against DDoS attacks, AWS also provides AWS Shield Standard and AWS Shield Advanced.
Which service is optimized to deploy ultra-low latency applications to 5G devices? a) WaveLength b) Route 53 c) CloudFront
a) WaveLength AWS Wavelength is an AWS Infrastructure offering optimized for mobile edge computing applications. Wavelength combines the high bandwidth and ultra-low latency of 5G networks with AWS compute and storage services to enable developers to innovate and build a whole new class of applications.
A hybrid company would like to provision desktops to their employees so they can access securely both the AWS Cloud and their data centers. Which AWS service can help? a) WorkSpaces b) AppStream 2.0 c) Site-to-Site VPN d) Sumerian
a) WorkSpaces Amazon WorkSpaces is a fully managed, secure cloud desktop service. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe.
A public subnet is accessible from the Internet while a private subnet is not accessible from the Internet. a) Yes b) No, all subnets are accessible from the Internet c) No, all subnets are not accessible from the Internet
a) Yes A public subnet is accessible from the Internet while a private subnet is not accessible from the Internet.
Which of the following is an IAM best practice? a) don't use the root user account b) create several users for a physical person c) share credentials so a colleague can perform a task for you d) do not enable MFA for easier access
a) don't use the root user account You only want to use the root account to create your first IAM user, and for a few account and service management tasks. For every day and administration tasks, use an IAM user with permissions.
What is an EBS Snapshot? a) The operating-system on an EC2 Instance b) A backup of your EBS Volume at a point in time c) The amount of CPU and RAM of an EC2 Instance
b) A backup of your EBS Volume at a point in time EBS Snapshots are used to backup data on your EBS Volumes at a point in time.
Which of the following is NOT an AWS Partner Network (APN) type? a) APN Technology Partners b) APN Services Partners c) APN Consulting Partners d) APN Training Partners
b) APN Services Partners This is a distractor. This type of AWS Partner Network does not exist. It is made up with words related to the AWS Partner Network.
Which S3 Storage Class is the most cost-effective for archiving data with no retrieval time requirement? a) Amazon Glacier b) Amazon Glacier Deep Archive c) Amazon S3 Intelligent Tiering d) Amazon S3 Intelligent Tiering
b) Amazon Glacier Deep Archive Amazon Glacier Deep Archive is the most cost-effective option if you want to archive data and do not have a retrieval time requirement. You can retrieve data in 12 or 48 hours.
What is the main purpose of High Availability in the Cloud? a) Increase scalability b) Application thriving even in case of a disaster c) Access on computers and smartphones d) Handle greater loads by launching EC2 instances based on the demand
b) Application thriving even in case of a disaster High Availability means applications running at least in two AZs to survive a data center loss.
What can you use to get alerts when your costs and usage are exceeding or are forecasted to exceed your budgeting amount? a) CloudWatch Billing Alarms b) Budgets c) Cost and Usage Reports d) Billing Dashboard
b) Budgets AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. Difference with CloudWatch Billing Alarms: CloudWatch Billing Alarms only send alerts when your costs and usage are exceeding your budget, not when it is forecasted to exceed your budget, while AWS Budgets does both.
A developer would like to deploy infrastructure on AWS but only knows Python. Which AWS service can assist him? a) Software Development Kit (SDK) b) Cloud Development Kit (CDK) c) CloudFormation d) CodeBuild
b) Cloud Development Kit (CDK) The AWS Cloud Development Kit (AWS CDK) is an open source software development framework to define your cloud application resources using familiar programming languages.
A developer team would like to collaborate on code with versioning support. Which AWS service can help the developers? a) CodeDeploy b) CodeCommit c) CodePipeline d) Cloud9
b) CodeCommit AWS CodeCommit is a secure, highly scalable, managed source control service that makes it easier for teams to collaborate on code. It also provides software version control.
A company just created a new mobile application and wants to add a simple and secure user sign-up, sign-in, and access control. Which AWS service can it use? a) IAM b) Cognito c) Directory Services d) Single Sign-On
b) Cognito Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.
A research team would like to group articles by topics using Natural Language Processing (NLP). Which service should they use? a) Translate b) Comprehend c) Lex d) Rekognition
b) Comprehend Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find meaning and insights in text.
Data sitting on an RDS instance would be referred to as? a) Data in transit b) Data at rest c) Encrypted data
b) Data at rest Data at rest means data stored or archived on a device.
Which of the following is NOT a pricing factor in S3? a) Storage class b) Data transfer into S3 c) Objects size d) Type of requests
b) Data transfer into S3 Inbound data transfer in the S3 region is free.
You would like to migrate databases to AWS while still being able to use the database during the migration. What service allows you to do this? a) Elastic MapReduce (EMR) b) Database Migration Service (DMS) c) AWS Storage Gateway d) Snowball
b) Database Migration Service (DMS) AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database.
Which AWS service lets you quickly find the root of potential security issues to take faster actions? a) Inspector b) Detective c) CloudWatch d) WAF
b) Detective Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.
Which service can be used to automate image management processes? a) AMI b) EC2 Image Builder c) EBS Snapshots d) IAM
b) EC2 Image Builder EC2 Image Builder is an automated pipeline for the creation, maintenance, validation, sharing, and deployment of Linux or Windows images for use on AWS and on-premises.
Which in-memory AWS database can you use to reduce the load off databases and has high performance, low latency? a) Redshift b) ElastiCache c) RDS d) DynamoDB
b) ElastiCache Amazon ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. ElastiCache caches are in-memory databases with high performance, low latency. They help reduce load off databases for read intensive workloads.
You would like to convert an S3 file so it can be played on users' devices. Which AWS service can help? a) Transcribe b) Elastic Transcoder c) AppStream 2.0 d) Sumerian
b) Elastic Transcoder Amazon Elastic Transcoder is media transcoding in the cloud. It is used to convert media files from their source format into versions that will play back on devices like smartphones, tablets, and PCs.
Which of the following is a fully managed native Microsoft Windows file system? a) EFS b) FSx c) EBS
b) FSx Amazon FSx makes it easy and cost effective to launch and run popular file systems that are fully managed by AWS. It comes in two offerings: FSx for Windows File Server (used for business applications), and FSx for Lustre (used for high-performance computing).
CloudEndure Disaster Recovery is used to centrally automate backups across AWS services while AWS Backup is used to quickly and easily recover servers into AWS. a) True b) False
b) False AWS Backup is a centralized backup service that makes it easy and cost-effective for you to backup your application data across AWS services in the AWS Cloud. CloudEndure Disaster Recovery minimizes downtime and data loss by providing fast, reliable recovery into AWS of your physical, virtual, and cloud-based servers.
CodeStar can orchestrate the different steps to have code automatically pushed to production, while CodePipeline is a unified UI to easily manage software development activities in one place. a) True b) False
b) False AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodeStar is used to quickly develop, build, and deploy applications on AWS with a unified user interface.
CloudFront pricing is the same in every geographic region. a) True b) False
b) False CloudFront pricing is different across different geographic regions.
CodeStar can be used to monitor and check the health of an environment. a) True b) False
b) False CodeStar is used to quickly develop, build, and deploy applications on AWS. Elastic Beanstalk can be used to monitor and to check the health of an environment.
You can perform any kind of penetration testing on any AWS service without prior approval. a) True b) False
b) False Penetration Testing is allowed without prior approval on 8 services. DDoS, port flooding and protocol flooding are examples of prohibited activities.
Testing recovery procedures, stopping guessing capacity, and managing changes in automation are design principles of Performance Efficiency. a) True b) False
b) False Testing recovery procedures, stopping guessing capacity, and managing changes in automation are design principles of Reliability. Performance Efficiency design principles include: democratize advanced technologies, go global in minutes, use serverless architecture, experiment more often, mechanical sympathy.
AWS Trusted Advisor can provide guidance against the 5 Well-Architected pillars and architectural best practices. a) True b) False
b) False The AWS Well-Architected Tool helps you review the state of your workloads and compares them to the latest AWS architectural best practices. It is based on the 5 pillars of the Well-Architected Framework (Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization). AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices (Cost Optimization, Performance, Security, Fault Tolerance, and Service Limits).
You should use IAM Roles if you want to create temporary, limited-privilege credentials for your AWS resources. a) True b) False
b) False IAM Roles are sets of permissions making AWS service requests, which will be used by AWS services, but they do not provide temporary security credentials.. AWS Security Token Service (AWS STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).
You would like a serverless service to launch Docker containers with no infrastructure to provision. Which AWS service should you use? a) ECS b) Fargate c) ECR d) Lambda
b) Fargate Fargate allows you to launch Docker containers on AWS, and you don't need to provision and maintain the infrastructure (=no EC2 instances to manage). It is serverless.
Which principle should you apply regarding IAM Permissions? a) Grant most privilege b) Grant least privilege c) Grant permissions if your employee asks you to d) Restrict root account permissions
b) Grant least privilege Don't give more permissions than the user needs.
Which of the following services has a global scope? a) EC2 b) IAM c) Lambda d) Rekognition
b) IAM
Which statement is CORRECT regarding EC2 Instance Store? a) It is not good to use as a disk to cache content b) It has a better I/O performance, but the data is lost if the EC2 Instance is terminated c) Your data is always safe with EC2 Instance Store
b) It has a better I/O performance, but the data is lost if the EC2 Instance is terminated EC2 Instance Store has a better I/O performance, but data is lost if: the EC2 instance is stopped or terminated, or when the underlying disk drive fails.
What are IAM Policies? a) AWS services performable actions b) JSON documents to define Users, Groups, or Roles' permissions c) rules to set up a password for IAM Users
b) JSON documents to define Users, Groups, or Roles' permissions An IAM policy is an entity that, when attached to an identity or resource, defines their permissions.
Which of the following services is managed by AWS and is used to manage encryption keys? a) CloudHSM b) KMS c) AWS Secrets Manager d) IAM
b) KMS AWS KMS is a managed service that enables you to easily create and control the keys used for cryptographic operations. It is managed by AWS.
Which of the following services is a document search service powered by machine learning? a) Forecast b) Kendra c) Comprehend d) Polly
b) Kendra Amazon Kendra is a highly accurate and easy to use enterprise search service that's powered by machine learning.
Which AWS service can create complex graphs for fraud detection? a) Redshift b) Neptune c) QLDB d) Glue
b) Neptune Amazon Neptune is a fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. It can be used for knowledge graphs, fraud detection, recommendations engines, social networking, etc.
Which AWS offered Load Balancer should you use to handle hundreds of thousands of connections with low latency? a) Application Load BalancerNetwork Load Balancer b) Network Load Balancer c) Elastic Load Balancer
b) Network Load Balancer A Network Load Balancer can handle millions of requests per second with low-latency. It operates at Layer 4, and is best-suited for load-balancing TCP, UDP, and TLS traffic with ultra high-performance.
Which service can be used to run AWS infrastructure and services on-premises for a hybrid cloud architecture? a) CloudFront b) Outposts c) DMS d) Storage Gateway
b) Outposts AWS Outposts bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility.
What is the pricing model of Cloud Computing? a) Discounts over time b) Pay-as-you-go pricing c) Pay once a year d) Flat-rate pricing
b) Pay-as-you-go pricing
You need to enable fast, easy, and secure transfers of files over long distances on S3. Which service would you use? a) AWS Global Accelerator b) S3 Transfer Acceleration c) S3 Cross-Region Replication
b) S3 Transfer Acceleration Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront's globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.
Which tool allows you to centrally manage all users and roles permissions in your organization? a) Technical Account Manager (TAM) b) Service control policies c) IAM d) Config
b) Service control policies Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. An SCP spans all IAM users, groups, and roles, including the AWS account root user. This was discussed in Lecture 211: Organizations Overview
Which AWS service's ONLY role is to safeguard running applications from DDoS attacks? a) WAF b) Shield c) CloudFront d) KMS
b) Shield Shield is only used to safeguard running applications from DDoS attacks.
Which AWS service allows you to launch Docker containers on AWS, but requires you to provision and maintain the infrastructure? a) ECR b) EC2 c) ECS d) Fargate
c) ECS ECS allows you to launch Docker containers on AWS, but you must provision and maintain the infrastructure (i.e. EC2 instances).
Which service allows you to send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available, using a pull-based system? a) Simple Notification Service (SNS) b) Simple Queue Service (SQS) c) Auto Scaling Groups (ASG)
b) Simple Queue Service (SQS) Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. It uses a pull-based system.
Which of the following services is a petabyte-scale data moving service (as a fleet) in or out of AWS with computing capabilities? a) Snowcone b) Snowball Edge c) Snowmobile
b) Snowball Edge Snowball Edge is best-suited to move petabytes of data and offers computing capabilities. Be careful, it's recommended to use a fleet of Snowballs to move less than 10PBs of data. Over this quantity, it's better-suited to use Snowmobile.
What defines the distribution of responsibilities for security in the AWS Cloud? a) AWS Pricing Fundamentals b) The Shared Responsibility Model c) AWS Acceptable Use Policy d) The AWS Management Console
b) The Shared Responsibility Model
According to the Shared Responsibility Model, who is responsible for firewall and network configuration for EC2 Instances? a) AWS b) The customer c) AWS and the customer
b) The customer The customer is responsible for firewall and network configuration. Customers are responsible for "Security IN the Cloud". It also includes server-side encryption, client-side data protection, customer data protection, etc.
Which of the following statements is INCORRECT regarding the definition of the term "serverless"? a) Serverless allows you to deploy functions as a service b) There are no servers c) You don't need to manage servers d) Lambda is the serverless pioneer
b) There are no servers Serverless does not mean that there are no servers, you just do not manage, provision and see them, but they do exist.
A company is not sure whether or not it is cost-effective to migrate to the AWS Cloud. Which service can help the executive board make a decision? a) Simple Monthly Calculator b) Total Cost of Ownership (TCO) c) Billing Dashboard d) Cost Explorer
b) Total Cost of Ownership (TCO) The TCO calculators allow you to estimate the cost savings when using AWS and provide a detailed set of reports that can be used in executive presentations.
You would like to connect hundreds of VPCs and your on-premises data centers together. Which AWS service allows you to do link all these together efficiently? a) Site-to-Site VPN b) Transit Gateway c) Internet Gateway d) Direct Connect
b) Transit Gateway Transit Gateway connects thousands of VPC and on-premises networks together in a single gateway.
Which Route 53 Routing Policies would you use to route traffic to multiple resources in proportions that you specify? a) Simple Routing Policy b) Weighted Routing Policy c) Latency Routing Policy d) Failover Routing Policy
b) Weighted Routing Policy Weighted Routing Policy is used to route traffic to multiple resources in proportions that you specify.
Which AWS service helps developers analyze and debug production as well as distributed applications? a) CloudWatch b) X-Ray c) Service Health Dashboard d) CloudTrail
b) X-Ray AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture.
Which of the following is NOT an advantage of Cloud Computing? a) trade capital expense (CAPEX) for operational expense (OPEX) b) train your employees less c) go global in minutes d) stop spending money running and maintaining data centers
b) train your employees less
You need a logically isolated section of AWS, where you can launch AWS resources in a private network that you define. What should you use? a) Subnets b) Availability Zones c) A VPC d) NAT Instances
c) A VPC A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC.
Which AWS serverless service can be used by developers to create APIs? a) ECR b) Lambda c) API Gateway
c) API Gateway Amazon API Gateway is a fully managed serverless service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.
Where can you find a third party's AMI so you can use it to launch your EC2 Instance? a) Public AMIs b) My own AMIs c) AWS Marketplace AMIs
c) AWS Marketplace AMIs You can use AWS Marketplace AMIs to use someone else's AMI.
According to the Shared Responsibility Model, who is responsible for Patch Management? a) AWS b) The customer c) AWS and the customer
c) AWS and the customer AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. Shared Controls also includes Configuration Management, and Awareness and Training.
What are Objects NOT composed of? a) Key b) Value c) Access Keys d) Metadata
c) Access Keys Access Keys are used to sign programmatic requests to the AWS CLI or AWS API.
Which of the following is NOT an Auto Scaling Strategy? a) Manual Scaling b) Dynamic Scaling c) Active Scaling d) Predictive Scaling
c) Active Scaling This is not a scaling strategy. Auto Scaling Strategies include: Manual Scaling, Dynamic Scaling (Simple/Step Scaling, Target Tracking Scaling, Scheduled Scaling), and Predictive Scaling.
Where should you store your private Docker images so they can be run by ECS or Fargate? a) Elastic Docker Registry b) Elastic Docker File Registry c) Elastic Container Registry d) Elastic Private Container Registry
c) Elastic Container Registry Elastic Container Registry (ECR) is a service where you store your Docker image so they can be run by ECS or Fargate.
What can you use to handle quickly and automatically the changing load on your websites and applications by adding compute resources? a) An Elastic Load Balancer b) A bigger instance type c) An Auto Scaling Group d) Health Checks on your EC2 Instances
c) An Auto Scaling Group An Auto Scaling Group (ASG) can automatically and quickly scale-in and scale-out to match the changing load on your applications and websites.
You would like to access desktop applications through a browser. Which AWS service would you use? a) Outposts b) WorkSpaces c) AppStream 2.0 d) EC2 Instance Connect
c) AppStream 2.0 Amazon AppStream 2.0 is a fully managed non-persistent application and desktop streaming service that provides users instant access to their desktop applications from anywhere.
What does AWS CloudFront use to improve read performance? a) DDoS Protection b) S3 Buckets Fast-Read c) Caching Content in Edge Locations d) Caching Content in Edge Regions
c) Caching Content in Edge Locations CloudFront uses Edge Location to cache content, and therefore bring more of your content closer to your viewers to improve read performance.
Which of the following allows you to deploy any AWS Infrastructure as a Code? a) Elastic Beanstalk b) OpsWorks c) CloudFormation d) Systems Manager
c) CloudFormation AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. It allows you to deploy Infrastructure as a Code.
What is called the declaration of the AWS resources that make up a stack? a) CloudFormation Schemas b) CloudFormation Diagrams c) CloudFormation Templates d) CloudFormation Models
c) CloudFormation Templates AWS CloudFormation templates are JSON or YAML-formatted text files. They are declarations of the AWS resources that make up a stack.
Which service allows you to inspect, audit, and record events and API calls made within your AWS account? a) X-Ray b) CloudWatch c) CloudTrail
c) CloudTrail AWS CloudTrail is a web service that records activity made on your account and delivers log files to your Amazon S3 bucket. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
Which cloud monitoring feature can you use to detect unusual activity in your account such as inaccurate resource provisioning or hitting service limits? a) CloudWatch Metrics b) CloudWatch Logs c) CloudTrail Insights d) X-Ray
c) CloudTrail Insights AWS CloudTrail Insights helps AWS users identify and respond to unusual activity associated with write API calls by continuously analyzing CloudTrail management events.
You need to set up metrics monitoring for every service in AWS. Which service would you use? a) CloudTrail b) X-Ray c) CloudWatch d) Personal Health Dashboard
c) CloudWatch Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms.
Which CloudWatch feature would you use to trigger notifications when a metric reaches a threshold you specify? a) CloudWatch Events b) CloudWatch Logs c) CloudWatch Alarms d) CloudWatch Triggers
c) CloudWatch Alarms The CloudWatch Alarms feature allows you to watch CloudWatch metrics and to receive notifications when the metrics fall outside of the levels (high or low thresholds) that you configure.
Which AWS service automatically analyzes code and provides performance recommendations? a) X-Ray b) CodePipeline c) CodeGuru
c) CodeGuru Amazon CodeGuru is a developer tool that provides intelligent recommendations to improve code quality and identify an application's most expensive lines of code.
Which of the following options can provide up to 66% discount compared to On-demand for a commitment to a consistent amount of usage for 1 or 3 years and offers the possibility to change EC2 instances family type? a) Spot instances b) Reserved instances c) Compute Savings Plans d) EC2 Instance Savings Plans
c) Compute Savings Plans Compute Savings Plans provide the most flexibility and help to reduce your costs by up to 66% in exchange for a commitment to a consistent amount of usage for a 1 or 3 year term. These plans automatically apply to EC2 instance usage regardless of instance family, size, AZ, region, OS or tenancy, and also apply to Fargate or Lambda usage.
A company would like to choose the best Savings Plan and forecast its cost in the next 3 months. Which AWS service can help? a) Cost and Usage Reports b) Budgets c) Cost Explorer d) Forecast
c) Cost Explorer Cost Explorer can be used to forecast usage up to 12 months based on the previous usage. It can also be used to choose an optimal Savings Plan. Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time.
AWS Cost Explorer and AWS Trusted Advisor are services examples of which Well-Architected Framework pillar? a) Security b) Operational Excellence c) Cost Optimization d) Performance Efficiency
c) Cost Optimization AWS Cost Explorer and AWS Trusted Advisor are Cost Optimization services examples. It also includes AWS Budgets, Cost and Usage Reports, etc.
Which principle is mainly applied when using Amazon SQS or Amazon SNS? a) Scalability b) Automation c) Decouple your applications
c) Decouple your applications When using SQS or SNS, you apply the "decouple your applications" principle. This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components.
What is the name of the software development platform that allows you to run applications the same way, regardless of where they are run? a) Dolphin b) Shark c) Docker d) ECS
c) Docker Docker is a software development platform that allows you to run applications the same way, regardless of where they are run. It can scale containers up and down within seconds.
Which exclusive DynamoDB feature is an in-memory cache that can improve your performance up to 10x? a) ElastiCache b) Edge Locations c) DynamoDB Accelerator d) Snowball Edge
c) DynamoDB Accelerator Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for Amazon DynamoDB that delivers up to a 10 times performance improvement—from milliseconds to microseconds—even at millions of requests per second.
You would like to use a serverless service to prepare data so it can be loaded for analytics. Which service would you use? a) Athena b) RDS c) Glue d) ElastiCache
c) Glue AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics.
What is the name of a central repository to store structural and operational metadata for data assets in AWS Glue? a) Glue Data Table b) Glue Data Dictionary c) Glue Data Catalog
c) Glue Data Catalog The AWS Glue Data Catalog is a central repository to store structural and operational metadata for all your data assets. For a given data set, you can store its table definition, physical location, add business relevant attributes, as well as track how this data has changed over time.
A company would like to benefit from the advantages of the Public Cloud but would like to keep sensitive assets in its own infrastructure. Which deployment model should the company use? a) Private Cloud b) Public Cloud c) Hybrid Cloud
c) Hybrid Cloud
A company would like to automate security on EC2 instances to assess security and vulnerabilities in these instances. Which AWS service should it use? a) Config b) Trusted Advisor c) Inspector d) Systems Manager
c) Inspector Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It helps you test the network accessibility of your Amazon EC2 instances and the security state of your applications running on the instances.
What can you use to define actions to move S3 objects between different storage classes? a) Scaling Policy b) Bucket Policies c) Lifecycle Rules d) Replication
c) Lifecycle Rules Lifecycle Rules can be used to define when S3 objects should be transitioned to another storage class or when objects should be deleted after some time.
A complete cloud beginner would like to create a simple application with predictable pricing. What service should this person use? a) EC2 b) Lambda c) Lightsail d) EasyStart
c) Lightsail Amazon Lightsail is designed to be the easiest way to launch and manage a virtual private server with AWS. Lightsail plans include everything you need to jumpstart your project - a virtual machine, SSD- based storage, data transfer, DNS management, and a static IP address - for a low, predictable price. It can be used to create a simple web application, a website or a dev/test environment.
A company using Apache ActiveMQ is migrating to the cloud. Which AWS service can it use to easily set up and operate its message brokers in the cloud? a) SQS b) SNS c) MQ d) Kinesis
c) MQ Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers in the cloud.
You want to create a decentralized blockchain on AWS. Which AWS service would you use? a) DocumentDB b) QLDB c) Managed Blockchain d) QuickSight
c) Managed Blockchain Amazon Managed Blockchain is a fully managed service that makes it easy to create and manage scalable blockchain networks using the popular open source frameworks Hyperledger Fabric and Ethereum. It allows multiple parties to execute transactions without the need of a trusted, central authority.
You need to use Chef or Puppet. Which AWS service should you use? a) CloudFormation b) CodeDeploy c) OpsWorks d) CodeCommit
c) OpsWorks AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet.
Which of the following services can help you manage multiple AWS accounts? a) IAM b) Directory Services c) Organizations d) Single Sign-On
c) Organizations Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts.
How do you get charged in AWS Lambda? a) Per programming language b) Per number of functions c) Per call and per duration d) Per inactive time
c) Per call and per duration In AWS Lambda, you are charged per request and compute time, that's it.
Which AWS service provides alerts and remediation guidance when AWS is experiencing events that may impact you? a) Service Health Dashboard b) CloudWatch c) Personal Health Dashboard d) CloudTrail
c) Personal Health Dashboard AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you.
Which of the following databases is a managed service with SQL capability suited for Online Transaction Processing (OLTP)? a) DynamoDB b) Redshift c) RDS d) MySQL on EC2
c) RDS Amazon Relational Database Service (Amazon RDS) is a SQL managed service that makes it easy to set up, operate, and scale a relational database in the cloud. It is suited for OLTP workloads
Which AWS database is a data warehouse? a) DynamoDB b) ElastiCache c) Redshift d) RDS
c) Redshift Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud.
Which of the following statements is NOT a reason for a global application? a) Decreased Latency b) Disaster Recovery c) Scale elastically on demand d) Attack protection
c) Scale elastically on demand A global application is not specifically used to scale elastically on demand. You can use Auto Scaling Groups for example if you want to elastically scale based on demand.
Implementing Security Groups, NACLs, KMS, or CloudTrail reflects which Well-Architected Framework Pillar? a) Reliability b) Performance Efficiency c) Security d) Cost Optimization
c) Security The Security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
A research team deployed in a location with low-internet connection would like to move 5 TBs of data to the Cloud. Which service can it use? a) Storage Gateway b) Snowball Edge c) Snowcone d) OpsHub
c) Snowcone AWS Snowcone is a small, portable, rugged, and secure edge computing and data transfer device. It provides up to 8 TB of usable storage.
Which of the following is an exabytes-scale data moving service in or out of AWS? a) Snowcone b) Snowball Edge c) Snowmobile
c) Snowmobile Snowmobile is used to move exabytes of data in or out of AWS (1 EB=1,000 PBs=1,000,000 TBs).
A company would like to convert its documents into different languages, with natural and accurate wording. What should they use? a) Transcribe b) Polly c) Translate d) WordTranslator
c) Translate Amazon Translate is a neural machine translation service that delivers fast, high-quality, and affordable language translation.
A company would like recommendations regarding its performance, security, and fault tolerance. What can it use? a) Inspector b) Config c) Trusted Advisor d) Technical Account Manager
c) Trusted Advisor AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices, including performance, security, and fault tolerance, but also cost optimization and service limits.
Which of the following options is NOT a point of consideration when choosing an AWS Region? a) compliance with data governance b) latency c) capacity availability d) pricing
c) capacity availability
Which are the 3 pricing fundamentals of the AWS Cloud? a) compute, storage, and data transfer in the AWS Cloud b) compute, networking, and data transfer out of the AWS Cloud c) compute, storage, and data transfer out of the AWS Cloud d) storage, functions, and data transfer in the AWS Cloud
c) compute, storage, and data transfer out of the AWS Cloud
Which of the following is NOT one of the Five Characteristics of Cloud Computing? a) rapid elasticity and scalability b) multi-tenancy and resource pooling c) dedicated support agent to help you deploy applications d) on-demand self service
c) dedicated support agent to help you deploy applications
Which of the following is the definition of Cloud Computing? a) rapid development, test and launch software applications b) automatic and quick ability to acquire resources as you need them and release resources when you no longer need them c) on-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user d) change resource types when needed
c) on-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user
What is NOT authorized to do on AWS according to the AWS Acceptable Use Policy? a) building a gaming application b) deploying a website c) run analytics on stolen content d) backup your data
c) run analytics on stolen content
AWS Regions are composed of? a) two or more Edge Locations b) one or more discrete data centers c) two or more Availability Zones
c) two or more Availability Zones
Which AWS service offers easy horizontal scaling of compute capacity? a) EBS b) AMI c) IAM d) ASG
d) ASG Auto Scaling Groups (ASG) offers the capacity to scale-out and scale-in by adding or removing instances based on demand.
A company needs to have a private, secure, and fast connection between its on-premises data centers and the AWS Cloud. Which connection should they use? a) AWS Connect b) Site-to-Site VPN c) VPC Peering d) AWS Direct Connect
d) AWS Direct Connect AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated private network connection from your premises to AWS.
Which of the following actions does NOT require the root user? a) Close your AWS account b) Change your AWS Support plan c) Register as a seller in the Reserved Instance Marketplace d) Access the billing dashboard
d) Access the billing dashboard This is an action that does not require the root user. By default, only the root user can access the billing dashboard, but you can attach a policy to an IAM user for it to access the billing dashboard
What are AMIs NOT used for? a) Add your own software license b) Add your own configuration c) Add your own operating-system d) Add your own IP addresses
d) Add your own IP addresses You cannot use AMIs to add your IP addresses. IP addresses are added to an instance as you create it.
Which S3 Storage Class is suitable for less frequently accessed data, but with rapid access when needed, while keeping a high durability and allowing an Availability Zone failure? a) Amazon S3 Standard - General Purpose b) Amazon Glacier c) Amazon S3 One Zone-Infrequent Access d) Amazon S3 Standard-Infrequent Access
d) Amazon S3 Standard-Infrequent Access Amazon S3 Standard-Infrequent Access allow you to store infrequently accessed data, with rapid access when needed, has a high durability, and is stored in several Availability Zones to avoid data loss in case of a disaster. It can be used to store data for disaster recovery, backups, etc.
What is an EBS Volume tied to? a) A region b) A data center c) An edge location d) An availability zone
d) An availability zone EBS Volumes are tied to only one availability zone.
Which Load Balancer is best suited for HTTP/HTTPS load balancing traffic? a) Network Load Balancer b) Classic Load Balancer c) Elastic Load Balancer d) Application Load Balancer
d) Application Load Balancer Application Load Balancers are used for HTTP and HTTPS load balancing. They are the best-suited for this kind of traffic.
Under the shared responsibility model, what is the customer responsible for in IAM? a) Infrastructure security b) Compliance validation c) Configuration and vulnerability analysis d) Assigning users proper IAM Policies
d) Assigning users proper IAM Policies Customers are responsible for defining and using IAM policies.
Which AWS service is always serverless and has SQL capabilities? a) RDS b) Aurora c) DynamoDB d) Athena
d) Athena Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.
Which relational database is a proprietary technology from AWS and is cloud-optimized? a) DynamoDB b) Oracle c) Athena d) Aurora
d) Aurora Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases. It is a proprietary technology from AWS.
Which of the following statements is INCORRECT regarding Auto Scaling Groups? a) Replace unhealthy instances b) Are cost-effective by running at optimal capacity c) Automatically register new instances to a load balancer d) Automatically changing the EC2 Instances Types
d) Automatically changing the EC2 Instances Types Auto Scaling Groups can add or remove instances, but from the same type. They cannot change the EC2 Instances Types on the fly.
Which of the following statements is NOT a feature of Load Balancers? a) Do regular health checks to your instances b) Spread load across multiple downstream instances c) Handle failures of downstream instances d) Back-end autoscaling
d) Back-end autoscaling Load Balancers cannot help with back-end autoscaling. You should use Auto Scaling Groups.
A company needs to run thousands of jobs but would like to NOT manage the compute resources. What service can it use? a) ECS b) EC2 Spot Instances c) EC2 Instances d) Batch
d) Batch AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS. AWS Batch dynamically provisions the optimal quantity and type of compute resources (e.g., CPU or memory-optimized instances) based on the volume and specific resource requirements of the batch jobs submitted.
Which of the following options is NOT a vertical scaling limit? a) Downtime b) Higher cost c) Capacity limitation d) Better fault tolerance
d) Better fault tolerance This is an advantage of horizontal scaling.
What is the most cost-effective option to have 24x7 phone, email, and chat support? a) Basic Support Plan b) Developer Support Plan c) Enterprise Support Plan d) Business Support Plan
d) Business Support Plan Business Support Plan is the most cost-effective option that offers 24x7 phone, email, and chat support.
Which of the following services can a developer use to store code dependencies? a) CodeBuild b) CodeCommit c) Cloud9 d) CodeArtifact
d) CodeArtifact AWS CodeArtifact is a fully managed artifact repository (also called code dependencies) service that makes it easy for organizations of any size to securely store, publish, and share software packages used in their software development process.
Which serverless service can be used to build code and run tests? a) CodeStar b) Cloud Development Kit (CDK) c) CodePipeline d) CodeBuild
d) CodeBuild AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don't need to provision, manage, and scale your own build servers, it is serverless.
Which of the following options uses machine learning to recommend optimal AWS resources and therefore reduces costs? a) Trusted Advisor b) Budgets c) Cost Explorer d) Compute Optimizer
d) Compute Optimizer AWS Compute Optimizer recommends optimal AWS resources for your workloads to reduce costs and improve performance by using machine learning to analyze historical utilization metrics.
Which of the following is NOT an EC2 Instance Purchasing Option? a) Spot Instances b) Reserved Instances c) On-demand Instances d) Connect Instances
d) Connect Instances This EC2 Instance purchasing option does not exist.
Which of the following statements is NOT a feature of AWS Lambda? a) Integration with the whole AWS suite of services b) Virtual functions c) Automated and continuous scaling d) Definition of a minimum and a maximum of EC2 Instances running
d) Definition of a minimum and a maximum of EC2 Instances running This is a feature of Auto Scaling Groups, not AWS Lambda.
Which AWS service can be used to test your application across real desktop browsers and mobile devices? a) IoT Core b) AppStream 2.0 c) WorkSpaces d) Device Farm
d) Device Farm AWS Device Farm is an application testing service that lets you improve the quality of your web and mobile apps by testing them across an extensive range of desktop browsers and real mobile devices; without having to provision and manage any testing infrastructure.
Which features are available with Route 53? a) Health Checks, Auto Scaling, Routing Policy, DNS b) Load Balancing, DNS, Domain Registration, Monitoring c) Domain Registration, DNS, Health Checks, DDoS Protection d) Domain Registration, DNS, Health Checks, Routing Policy
d) Domain Registration, DNS, Health Checks, Routing Policy Route 53 features are (non exhaustive list): Domain Registration, DNS, Health Checks, Routing Policy
Which EC2 Storage would you use to create a shared network file system for your EC2 Instances? a) EBS Volume b) EC2 Instance Store c) EBS Snapshots d) EFS
d) EFS Amazon EFS is a fully managed service that makes it easy to set up, scale, and cost-optimize file storage in the Amazon Cloud.
Which of the following is INCORRECT regarding AWS Organizations? a) Manage multiple AWS accounts b) Consolidated billing across all accounts c) Volume discounts from aggregated usage d) Faster access to the AWS Support
d) Faster access to the AWS Support AWS Organizations does not offer faster access to the AWS Support.
Which fully managed service can deliver highly accurate forecasts? a) Personalize b) SageMaker c) Lex d) Forecast
d) Forecast Amazon Forecast is a fully managed service that uses machine learning to deliver highly accurate forecasts.
Which service is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads? a) KMS b) WAF c) Inspector d) GuardDuty
d) GuardDuty Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.
How would you best describe "event-driven" in AWS Lambda? a) Happens on a certain day b) Happens at a certain time c) Happens on a regular basis d) Happens when needed
d) Happens when needed "Event-driven" in Lambda means that functions are invoked when needed. They are triggered.
Which answer is INCORRECT regarding IAM Users? a) IAM Users can belong to multiple groups b) IAM Users don't have to belong to a group c) IAM Users can have policies assigned to them d) IAM Users access AWS with the root account credentials
d) IAM Users access AWS with the root account credentials IAM Users access AWS using a username and a password.
Your VPC needs to connect with the Internet. Which VPC component can help? a) NAT Gateways b) NAT Instances c) Network ACL d) Internet Gateway
d) Internet Gateway An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.
Which AWS service is serverless and lets you connect billions of devices to the AWS Cloud? a) Transit Gateway b) Connect c) Elastic Transcoder d) IoT Core
d) IoT Core AWS IoT Core lets you securely connect IoT devices to the AWS Cloud and other devices without the need to provision or manage servers.
A company would like to implement a chatbot that will convert speech-to-text and recognize the customers' intentions. What service should it use? a) Transcribe b) Rekognition c) Connect d) Lex
d) Lex Amazon Lex is a service for building conversational interfaces into any application using voice and text. Lex provides the advanced deep learning functionalities of automatic speech recognition (ASR) for converting speech to text, and natural language understanding (NLU) to recognize the intent of the text, to enable you to build applications with highly engaging user experiences and lifelike conversational interactions.
Which of the following options is NOT a situation where you should contact the AWS Abuse team? a) DDoS attack from AWS-owned IP addresses b) Spam from AWS-owned IP addresses or AWS resources c) Hosting objectionable or copyrighted content on AWS d) Losing your MFA device
d) Losing your MFA device This is not a situation where you should contact the AWS Abuse team. The situations where you should contact the AWS Abuse team are: Spam, Port scanning, DoS or DDoS attacks, Intrusion attempts, Hosting objectionable or copyrighted content, Distributing malware.
Your private subnets need to connect to the Internet while still remaining private. Which AWS-managed VPC component allows you to do this? a) NAT Instances b) Internet Gateway c) Security Groups d) NAT Gateways
d) NAT Gateways NAT Gateways allow your instances in your private subnets to access the Internet while remaining private, and are managed by AWS.
You are running an on-demand Linux EC2 instance, what timing is applied regarding billing? a) Pay per minute b) Pay per hour c) Pay per day d) Pay per second
d) Pay per second With Linux EC2 instances, you pay per second of compute capacity. There is also a minimum of 60s of use.
You ONLY want to manage Applications and Data. Which type of Cloud Computing model should you use? a) On-premises b) Infrastructure as a Service (Iaas) c) Software as a Service (SaaS) d) Platform as a Service (Paas)
d) Platform as a Service (Paas)
Which RDS pricing option is the most cost-effective if you need capacity for 3 years? a) On-demand b) Spot Instances c) Dedicated Instances d) Reserved Instances
d) Reserved Instances Reserved Instances are good and more cost-effective (up to 69% discount compared to On-demand pricing, depending on the upfront) for long workloads. You can reserve instances for 1 or 3 years in RDS.
Which S3 feature should you use if you want to make sure that a policy will no longer be changed? a) S3 Lifecycle Rules b) S3 Object Lock c) S3 Standard - Infrequent Access (IA) d) S3 Glacier Vault Lock
d) S3 Glacier Vault Lock S3 Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy. You can specify controls such as "write once read many" (WORM) in a vault lock policy and lock the policy from future edits. Once locked, the policy can no longer be changed.
Which pricing model allows you to minimize risks, predictably manage budgets, and comply with long-term requirements, and is available for EC2, DynamoDB, ElastiCache, RDS, and Redshift? a) Pay as you go b) Pay less as AWS grows c) Pay less by using more d) Save when you reserve
d) Save when you reserve Reservations are available for EC2 Reserved Instances, DynamoDB Reserved Capacity, ElastiCache Reserved Nodes, RDS Reserved Instance, Redshift Reserved Nodes. Reservations allow you to minimize risks, predictably manage budgets and comply with long-term requirements.
Which network security tool can you use to control traffic in and out of EC2 Instances? a) Network Access Control List (NACL) b) Identity and Management Access (IAM) c) GuardDuty d) Security Groups
d) Security Groups Security Groups operate at instance level and can control traffic.
You want to centrally automate security checks across several AWS accounts. Which AWS service can you use? a) Macie b) Detective c) CloudTrail d) Security Hub
d) Security Hub AWS Security Hub provides you with a comprehensive view of your security state within AWS and your compliance with security standards and best practices.
A company would like to centrally manage access to multiple AWS accounts and business applications. Which service can it use? a) Organizations b) Cognito c) Directory Service d) Single Sign-On
d) Single Sign-On AWS SSO is an AWS service that enables you to makes it easy to centrally manage access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place.
Which EC2 Purchasing Option can provide the biggest discount, but is not suitable for critical jobs or databases? a) Scheduled Instances b) Convertible Instances c) Dedicated Hosts d) Spot Instances
d) Spot Instances Spot Instances are good for short workloads, but are less reliable.
What hybrid AWS service is used to allow on-premises servers to seamlessly use the AWS Cloud at the storage layer? a) Elastic Block Store b) Snowball c) S3 d) Storage Gateway
d) Storage Gateway AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.
You need a unified user interface that gives you visibility, control, and patching capabilities for your EC2 Instances on AWS, as well as for servers running in your on-premises data centers. Which service should you use? a) Storage Gateway b) OpsWorks c) Elastic Container Service d) Systems Manager
d) Systems Manager AWS Systems Manager gives you visibility and control of your infrastructure on AWS. It is used for patching systems at scale.
Changing an EC2 Instance Type from a t3a.medium to a t3a.2xlarge is an example of? a) Horizontal scaling b) High Availability c) Agility d) Vertical scaling
d) Vertical scaling Vertical scaling means increasing the size of the instance. Changing from a t3a.medium to a t3a.2xlarge is an example of size increase.
A company would like to protect its web applications from common web exploits that may affect availability, compromise security, or consume excessive resources. Which AWS service should they use? a) Auto Scaling Groups (ASG) b) Shield c) CloudHSM d) Web Application Firewall (WAF)
d) Web Application Firewall (WAF) AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.
