AWS Cloud Practitioner
TCO Calculator
A free tool provided by AWS that allows you to estimate the cost savings of using the AWS cloud vs. using on premise data center
AWS Cloudwatch
AWS CloudWatch is a monitoring service that collects data and actionable insights to monitor applications, respond to system-wide performance changes, and optimize resource utilization to get a view of your overall operational health. It does not debug or log errors.
Which AWS service is primarily used for software version control?
AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. CORRECT: "AWS CodeCommit" is the correct answer.
AWS CodeDeploy
AWS CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, or serverless Lambda functions.
AWS CodeStar
AWS CodeStar enables you to quickly develop, build, and deploy applications on AWS. AWS CodeStar provides a unified user interface, enabling you to easily manage your software development activities in one place.
AWS Config
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resource.
Which AWS service would you use to migrate an existing database to AWS?
AWS DMS - AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases. AWS DMS (Database Migration Service) supports homogeneous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle or Microsoft SQL Server to Amazon Aurora. With AWS Database Migration Service, you can continuously replicate your data with high availability and consolidate databases into a petabyte-scale data warehouse by streaming data to Amazon Redshift and Amazon S3.
AWS Secrets Manager
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
AWS Service Catalog
AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS.
As part of all support plans, BLANK is included
AWS Trusted Advisor - an AWS best practices and advisory service.
AWS Trusted Advisor
AWS Trusted Advisor provides real-time guidance to help you provision your resources and environments following AWS best practices and staying within limits.
What AWS service would you use to help troubleshoot consistent runtime errors of your underlying microservices in your environment?
AWS X-Ray
Amazon EBS
Amazon Elastic Block Storage provides block-level volumes to individual EC2 instances (cannot connect multiple instances to a single EBS volume)
Which storage service allows you to connect multiple EC2 instances concurrently using file-level protocols?
Amazon Elastic File System (EFS) allows you to connect hundreds or thousands of EC2 instances concurrently and is accessed using the file-level NFS protocol. Network File System (NFS) is a distributed file system protocol that lets users access files over a network similar to the way they access local storage.
Amazon EFS
Amazon Elastic File System (EFS) provides an NFS filesystem for usage by EC2 instances. Network File System (NFS) is a distributed file system protocol that lets users access files over a network similar to the way they access local storage.
Which AWS service can be used to process a large amount of data using the Hadoop framework?
Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances. CORRECT: "Amazon EMR" is the correct answer.
Which AWS service can be used to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PC?
Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or "transcode") video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs. CORRECT: "Elastic Transcoder" is the correct answer.
AWS Guard Duty
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts.
Which service can you use to provision a preconfigured server with little to no AWS experience?
Amazon LightSail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites, web applications, and databases in the cloud. LightSail provides preconfigured virtual private servers (instances) that include everything required to deploy and application or create a database. Deploying a server on LightSail is extremely easy and does not require knowledge of how to configure VPCs, security groups, network ACLs etc. CORRECT: "Amazon LightSail" is the correct answer.
Amazon Macie
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS
What service would be most useful in a disaster recovery situation?
Route 53 - When you have more than one resource performing the same function—for example, more than one HTTP server or mail server—you can configure Amazon Route 53 to check the health of your resources and respond to DNS queries using only the healthy resources. For example, suppose your website, example.com, is hosted on six servers, two each in three data centers around the world. You can configure Route 53 to check the health of those servers and to respond to DNS queries for example.com using only the servers that are currently healthy. You can also use Route 53 to switch DNS addresses.
Are Network ACLs stateful or stateless?
Stateless
Which items can be configured from within the VPC management console? (Select TWO.)
Subnets and Security groups can be configured from within the VPC console. CORRECT: "Subnets" is the correct answer. CORRECT: "Security Groups" is the correct answer.
Which AWS service gives you full administrative privilege of the underlying virtual infrastructure?
You have control over the EC2 underlying virtual infrastructure — all other services are managed by AWS as serverless components.
Elastic Beanstalk
can be used to quickly deploy and manage applications in the AWS Cloud.
T/F: Network ACLs operate at the availability zone level?
false
An Edge Location is a specialized AWS data center that works with which AWS services?
lambda, cloudfront, route 53
AWS SWF
(Simple Workflow Service) - is a tool that helps developers coordinate, track, and audit multi-step, multi-machine application jobs. Amazon SWF provides a control engine that a developer uses to coordinate work across components of distributed applications.
Network ACLs
* Operates at the subnet level * supports allow and deny rules * stateless * processes rules in order * automatically applies to all instances in the subnets its associated with
Cost Explorer
1. a free tool that allows you to view charts of your costs 2. view cost data for the past 13 months 3. forecast how much you are likely to spend for the next 3 months 4. use the explorer to discover patterns in how much you spend on AWS resources over time and identify problem areas in cost 5. identify which services you use the most as well as metrics like which AZs have the most traffic or which linked AWS accounts is used the most
Trusted Advisor
1. a service that advises and helps you optimize aspects of your AWS account 2. an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. Trusted advisor provides real time guidance to help you provision your resources following AWS best practices.
Trusted Advisor Categories
1. cost optimization 2. performance 3. security 4. fault tolerance
Edge locations have which of the following features?
1. distribute content to users 2. cache common content 3. used with CloudFront
7 checks available to all AWS support plans
1. security groups (port checks) 2. IAM use 3. is multifactor authentication (MFA) enabled on the root IAM user account 4. EBS Public Snapshots 5. RDS public snapshots 6. service limits 7. S3 bucket permissions ----- available only to business and enterprise----- 1. access to full list of trusted advisor checks 2. notifications to stay up to date with weekly resource deployments 3. programmatic access to retrieve/refresh trusted advisor results via API
Security Groups
A security group acts as a virtual firewall for your instance to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance Security groups are stateful meaning that if traffic is allowed in one direction, the return traffic is automatically allowed regardless of whether there is a matching rule for the traffic. * Operates at the instance level * Supports allow rules only * stateful * Evaluates all rules * applies to an instance only if associated with a group
AWS Certificate Manager
AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.
AWS Cloud9
AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser.
Your company has asked for standard templates for deploying their infrastructure. Which AWS service can you use?
AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. This file serves as the single source of truth for your cloud environment.
There was an incident in your company's AWS environment. You have been asked to review the API activity to determine the cause. What service captures AWS API calls and activity?
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
Elastic Beanstalk
AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time.
Which of the following tools can best assist with identifying common security vulnerabilities within your EC2 Instances?
AWS Inspector
Which AWS service can an organization use to automate operational tasks on EC2 instances using existing Chef cookbooks?
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. With Chef, you use code templates, or cookbooks, to describe the desired configuration of instances or on-premises server. CORRECT: "AWS OpsWorks" is the correct answer.
Which of the following statements is correct in relation to consolidated billing? (Select TWO.)
AWS organizations allow you to consolidate multiple AWS accounts into an organization that you create and centrally manage. Each paying account is an independent entity and is not able to access resources of other accounts in the Organization. The billing is performed centrally on the root account in the AWS Organization. CORRECT: "Paying accounts are independent and cannot access resources of other accounts" is a correct answer. CORRECT: "One bill is provided per AWS organization" is also a correct answer.
How does AWS assist organizations' with their capacity requirements?
All of these statements are true. However, the question is specifically asking how AWS can assist with capacity requirements. i.e. how does AWS enable organizations to ensure they don't over or under-provision their resources? The ability to scale on demand is the key advantage that can help them here as they can deploy what they know they need today and scale it as they need to tomorrow. CORRECT: "You don't need to guess your capacity needs" is the correct answer.
Amazon Athena
Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL.
Which of the following are features of Amazon CloudWatch? (Select TWO.)
Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring whereas CloudTrail is for auditing. CloudWatch is used to collect and track metrics, collect and monitor log files, and set alarms. CORRECT: "It is used to gain system-wide visibility into resource utilization" is a correct answer. CORRECT: "It can be accessed via API, command-line interface, AWS SDKs, and the AWS Management Console" is also a correct answer.
What two encryption key options are available in the AWS web console when you are uploading a new object with the S3 upload wizard?
Amazon S3 master-key, AWS KMS master-key
If you want to use decoupled resources, which of the following AWS service can assist you?
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
For which services does Amazon not charge customers? (Select TWO.)
Amazon VPC and CloudFormation are free of charge, however in the case of CloudFormation you pay for the resources it creates. All other answers are chargeable services. CORRECT: "Amazon VPC" is a correct answer. CORRECT: "Amazon VPC" is also a correct answer.
EBS Volumes
An Amazon EBS volume is a durable, block-level storage device you can attach to a single EC2 instance. You can use EBS volumes as primary storage for data that requires frequent updates, such as the system drive for an instance or storage for a database application.
Which AWS storage technology can be considered a "virtual hard disk in the cloud"?
An EBS volume is a block storage device that is most similar to a virtual hard disk in the cloud as when attached to an instance it appears as a local disk that can have an operating system installed on or be formatted and used for any other local storage purpose. CORRECT: "Amazon Elastic Block Storage (EBS) volume" is the correct answer.
Which services can be used for asynchronous integration between application components? (Select TWO.)
Asynchronous integration is a form of loose coupling between services. This model is suitable for any interaction that does not need an immediate response and where an acknowledgement that a request has been registered will suffice. Amazon Simple Queue Service (SQS) and AWS Step Functions both provide asynchronous integration. SQS provides a durable message bus and Step Functions is an orchestrated workflow service. CORRECT: "Amazon SQS" is a correct answer. CORRECT: "Amazon Step Functions" is also a correct answer.
Athena
Athena is a query database used with S3.
Bootstrapping
Bootstrapping is the execution of automated actions to services such as EC2 and RDS. This is typically in the form of scripts that run when the instances are launched.
Which AWS service can be used to generate encryption keys that can be used to encrypt data? (Select TWO.)
Both AWS KMS and AWS CloudHSM can be used to generate data encryption keys. You use what are called customer master keys (CMKs) to create data encryption keys. The data encryption keys can then be used to actually encrypt the data. CORRECT: "AWS Key Management Service (AWS KMS)" is a correct answer. CORRECT: "AWS CIoudHSM" is also a correct answer.
What AWS service provides you infrastructure as code?
CloudFormation - AWS CloudFormation is infrastructure as code and provides a common language for you to describe and provision all the infrastructure resources in your cloud environment.
What benefits are provided by Amazon CloudFront? (Select TWO.)
CloudFront is a content delivery network (CDN) that allows you to store (cache) your content at "edge locations" located around the world. This allows customers to access content more quickly and provides security against DDoS attacks. CloudFront can be used for data, videos, applications, and APIs. Benefits include: - Cache content at Edge Location for fast distribution to customers. - Built-in Distributed Denial of Service (DDoS) attack protection. - Integrates with many AWS services (S3, EC2, ELB, Route 53, Lambda). CORRECT: "Built-in Distributed Denial of Service (DDoS) attack protection" is a correct answer. CORRECT: "Content is cached at Edge Locations for fast distribution to customers" is a correct answer.
What advantages does deploying Amazon CloudFront provide? (Select TWO.)
CloudFront is a content delivery network (CDN) that allows you to store (cache) your content at "edge locations" located around the world. This allows customers to access content more quickly and provides security against DDoS attacks. CloudFront can be used for data, videos, applications, and APIs. CORRECT: "Reduced latency" is a correct answer. CORRECT: "Improved performance for end users" is also a correct answer.
What would you do to take a backup of your EBS volume?
Create an EBS snapshot. - You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means only the blocks on the device that have changed after your most recent snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data. When you delete a snapshot, only the data unique to that snapshot is removed. Each snapshot contains all of the information that is needed to restore your data (from the moment when the snapshot was taken) to a new EBS volume.
How can you make sure your organization does not exceed its monthly budget?
Create an email alert in AWS Budgets - AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations. Budgets can be tracked at the monthly, quarterly, or yearly level, and you can customize the start and end dates. You can further refine your budget to track costs associated with multiple dimensions, such as AWS service, linked account, tag, and others. Budget alerts can be sent via email and/or Amazon Simple Notification Service (SNS) topic. Budgets can be created and tracked from the AWS Budgets dashboard or via the Budgets API.
Cross-region replication
Cross-region replication (CRR) enables automatic, asynchronous copying of objects across buckets in different AWS regions. Buckets configured for cross-region replication can be owned by the same AWS account or by different accounts.
What AWS service helps process a large number of data sets?
EMR (Elastic Map Reduce) helps you analyze and process vast amounts of data by distributing the compute work across a cluster of servers. The cluster is managed using the open-source framework Hadoop. EMR lets you focus on crunching and analyzing data.
You are hosting a web application on several EC2 instances. Which of the following can mitigate the threat of DDoS attacks on your web application?
Elastic Load Balancer - ELBs distribute traffic to your instances, so they can spread the load of the attack. ELBs are also protected by AWS Shield with helps mitigate DDoS attacks. Security groups and NACLs - Security groups act as a virtual firewall for your instance network interface, and NACLs are an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of your subnet
What benefits does Amazon EC2 provide over using non-cloud servers? (Select TWO.)
Elastic Web-Scale computing- you can increase or decrease capacity within minutes not hours and commission one to thousands of instances simultaneously. Inexpensive - Amazon passes on the financial benefits of scale by charging very low rates and on a capacity consumed basis. CORRECT: "Elastic web-scale computing" is a correct answer. CORRECT: "Inexpensive" is also a correct answer.
Which feature of AWS allows you to deploy a new application for which the requirements may change over time?
Elasticity allows you to deploy your application without worrying about whether it will need more or less resources in the future. With elasticity, the infrastructure can scale on-demand and you only pay for what you use. CORRECT: "Elasticity" is the correct answer.
How do you encrypt CloudTrail logs?
No action is needed since they are automatically encrypted.
What are three features of AWS pricing that help companies lower costs ?
No upfront costs, Discount and price reduction for upfront or partial payments, The ability to pay as you go
Which AWS service can you use to install a third-party database?
On AWS you can either use a managed service such as Amazon RDS or install a database on Amazon EC2. There are limits to what database engines are supported on Amazon RDS so to install a third-party database you can use Amazon EC2 instead. You will then be responsible for managing the operating system and database. CORRECT: "Amazon EC2" is the correct answer.
Name three disaster recover deployment technique.
Pilot light, multi-site, warm standby
T/F: Security Groups are stateless?
False, they are stateful.
A company stores copies of backups on Amazon S3 and requires rapid access but low resiliency. Which storage class is optimized for these requirements?
S3 One Zone-IA is for data that is accessed less frequently, but requires rapid access when needed. Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ and costs 20% less than S3 Standard-IA. S3 One Zone-IA is ideal for customers who want a lower-cost option for infrequently accessed data but do not require the availability and resilience of S3 Standard or S3 Standard-IA. It's a good choice for storing secondary backup copies of on-premises data or easily re-creatable data. You can also use it as cost-effective storage for data that is replicated from another AWS Region using S3 Cross-Region Replication. CORRECT: "Amazon S3 One Zone-Infrequent Access" is the correct answer.
Under the shared responsibility model, what are examples of shared controls? (Select TWO.)
Shared Controls- Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives Patch Management- AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications Configuration Management- AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.
What tool listed below can you use to get an estimated monthly cost for your environment before you deploy resources?
Simple Monthly Calculator
Simple Calculator
Used to estimate the anticipated AWS bill based on scenarios. It estimates your monthly bill and can provide a per-service breakdown of cost . NOTE: It is being replaced by AWS Pricing Calculator