AWS Cloud Practitioner Study Guide

Which of these statements represents a feature specific to AWS Shield Advanced and not Shield Standard? A. 24x7 DDoS response team (DRT) assistance B. Basic protection against common DoS floods and exploits C. Combined with NACLs, SGs, and WAF for layered defense D. DoS and common DDoS protection provided at no extra cost

A. 24x7 DDoS response team (DRT) assistance

20. What AWS security service monitors flow logs, CloudTrail, S3 data events, and DNS log activities for advanced threat management? A. Amazon GuardDuty B. Amazon Inspector C. Amazon Macie D. AWS Shield

A. Amazon GuardDuty

What type of elastic load balancer is used for HTTP and HTTPS traffic as well as hosting the WAF? A. Application load balancer B. Network load balancer C. Classic load balancer D. All of the above

A. Application load balancer

What is the preferred method, written in JSON, to provide access to the objects stored in an S3 bucket? A. Bucket policy B. Block public access settings C. Object ownership D. Access control list

A. Bucket policy

What is a managed service that empowers governance, compliance, operational auditing, and risk auditing of AWS accounts by examining all API calls? A. CloudTrail B. CloudWatch C. CloudFormation D. CloudFront

A. CloudTrail

What is a method for connecting infrastructure and applications between AWS Cloud-based resources and other resources that reside on-site or at a co-location site? A. Hybrid deployment B. Cloud-based deployment C. On-premises deployment D. Private cloud deployment

A. Hybrid deployment

Which CSA level deals with STAR Self-assessment? A. Level 1 B. Level 2 C. Level 3 D. Level 4

A. Level 1

Fill in the blank. Organizations deploy more _____________ on AWS. A. Mission-critical workloads B. Agile developers C. Blob storage D. Disaster recovery solutions

A. Mission-critical workloads

19. What is an automated security assessment service that enhances security and compliance of applications running on AWS by evaluating applications for vulnerabilities and nonconformity with best practices? A. Amazon GuardDuty B. Amazon Inspector C. Amazon Macie D. AWS Shield

B. Amazon Inspector

What service is most closely aligned to the elasticity value proposition at AWS?

B. Auto-scaling

Which of these is NOT a part of the AWS security triad? A. Identity and Access Management (IAM) B. Content Delivery Networking (CDN) C. Key Management Service (KMS) D. Infrastructure security

B. Content Delivery Networking (CDN)

Which two of these is a category of checks used by the Trusted Advisor? A. Infrastructure as Code B. Cost Optimization C. Flexibility D. Sustainability E. Fault Tolerance

B. Cost Optimization E. Fault Tolerance

Which two of these statements represents the agility and flexibility value proposition of AWS? A. Supports green initiatives and lower utility costs B. Leveraging for rapid deployment, testing, experimentation, and innovation C. Taking advantage of multiple availability zones D. Responding to competitors and new technologies E. Cheaper maintenance and upgrades

B. Leveraging for rapid deployment, testing, experimentation, and innovation D. Responding to competitors and new technologies

Which two of these is a pillar of the well-architected initiative? A. Scalability B. Operational Excellence C. Security D. Elasticity E. Durability

B. Operational Excellence C. Security

What is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage and storage tier management through a virtual appliance? A. Elastic File System (EFS) B. Storage Gateway C. Elastic Block Store (EBS) D. AWS Snowball

B. Storage Gateway

What AWS security service lets you control and monitor the HTTP and HTTPS requests forwarded to Amazon CloudFront (CDN), Application Elastic Load Balancer (ELB), or API Gateway? A. NACL B. WAF C. Shield D. Security Group

B. WAF

Which t2 instance type of the Amazon Linux 2 AMI (HVM), SSD Volume Type is part of the free- tier model? A. t2.nano B. t2.micro C. t2.small D. t2.medium

B. t2.micro

What term describes the on-demand delivery of compute power, database, storage, applications, and other IT resources through a online provider platform? A. Load balancing B. Microservices C. Cloud computing D. Service level agreements

C

What is the new name of the traditional AWS TCO Calculator? A. Trusted Advisor B. AWS Shield C. AWS Pricing Calculator D. Estimate Exports

C. AWS Pricing Calculator

What is a console-based, on-demand self-service auditing object retrieval service that offers quick and easy access to AWS compliance documentation and agreements? A. VPC B. EC2 C. Artifact D. CSA

C. Artifact

Which of these statements is true regarding S3 buckets? A. Encryption is enabled by default B. Versioning is enabled by default C. Block Public access is enabled by default D. Bucket policies are enabled by default

C. Block Public access is enabled by default

Which support plan is specifically recommended if you have production workloads in AWS? A. Basic B. Developer C. Business D. Enterprise

C. Business

What is a repository of frequently used resources and processes needed to perform compliance responsibilities on AWS? A. Artifact B. AWS Inspector C. Compliance Solutions Guide D. GuardDuty

C. Compliance Solutions Guide

What service does CloudFormation offer to AWS customers? A. Platform as a service B. Content delivery networking C. Infrastructure as code D. Automatic scalability

C. Infrastructure as code

Which of these database platforms is supported by Amazon Aurora? A. MariaDB B. Oracle Database C. PostgreSQL D. SQL Server

C. PostgreSQL

What instance type allows you to bid on spare Amazon EC2 computing capacity based on the present price where instances are treated a commodity? A. Reserved instances B. On-demand instances C. Spot instances D. Instance templates

C. Spot instances

Which of these statements is true regarding Network ACLs? A. They are stateful B. They apply to elastic network interfaces C. They can contain deny rules D. They apply to inbound traffic only

C. They can contain deny rules

What type of encryption does AWS KMS use to protect an Elastic Block Store volume or S3 bucket? A. 3DES B. SSH2 C. SHA2 D. AES-256

D. AES-256

Which of these is NOT a part of the free-tier model? A. Always free B. Free trials C. 12 Months Free D. Basic support plan

D. Basic support plan

What is a fast content delivery networking (CDN) service offered by Amazon Web Services? A. CloudTrail B. CloudWatch C. CloudFormation D. CloudFront

D. CloudFront

What is the most important value proposition for most AWS customers? A. Agility B. Security C. Elasticity D. Cost

D. Cost

Which of these cannot be used to pay for your AWS account? A. Direct billing B. Debit card C. Credit card D. Cyber currency

D. Cyber currency

Which of these statements is NOT true concerning elastic block store volume security? A. Volumes that are created from encrypted snapshots are automatically encrypted B. volumes that are created from unencrypted snapshots are automatically unencrypted C. If no snapshot is selected, you can choose to encrypt the volume and specify your own key D. In the management console you can encrypt all volumes in the region by default

D. In the management console you can encrypt all volumes in the region by default

What cloud service type offers the basic components for cloud information technology by giving the consumer access to networking infrastructure, virtual or dedicated server computing, and data storage space? A. Business as a service B. Platform as a service C. Software as a service D. Infrastructure as a service

D. Infrastructure as a service

What is a human and machine-readable data interchange method commonly used with IAM managed policies, S3 bucket policies, and CloudFormation infrastructure as code? A. YAML B. JAVA C. PHP D. JSON

D. JSON

What AWS EC2 feature allows you to automate instance launches, simplify permission policies, and enforce best practices across your organization? A. Amazon Machine Images B. AWS Marketplace C. Auto-scaling D. Launch templates

D. Launch templates

What is a form of stateful firewall that is applied directly to an instance in an outbound and inbound direction? A. NACL B. WAF C. Shield D. Security Group

D. Security Group

Which two of these offerings represent core AWS services? A. Machine Learning B. Containers C. IoT D. Storage E. Compute

D. Storage E. Compute

What networking component of AWS allows customers to connect their VPCs and their on- premises networks to a single gateway in a scalable fashion across multiple accounts? A. Route 53 B. Direct Connect C. CloudFront D. Transit Gateway

D. Transit Gateway