AWS Midterm Questions

Ace your homework & exams now with Quizwiz!

Which of the following should you do to secure your AWS root user? (Select TW

Enable MFA. D. Create a strong password

You can run applications and workloads from a Region closer to the end users to_______ latency.

decrease

Which of the following are direct benefits of server virtualization

Fast resource provisioning and launching,Efficient (high-density) use of resources

Which of the following are valid third-party federated identity standards?

SAML 2.0 D. Active Directory

From where does CloudFront retrieve content to store for caching?

origins

Where will you find information on the limits AWS imposes on the ways you can use your account resources?

AWS Acceptable Use Policy

What are the 4 configurable resources for each instance type?

Compute (CPU/GPU) Storage Network Memory

which of the following is a compute service

amazon ec2

You want to provide private name resolution for two VPCs using the domain name company.pri. How many private hosted zones do you need to create?

1

Resources in a VPC need to be able to resolve internal IP addresses for other resources in the VPC. No one outside of the VPC should be able to resolve these addresses. Which of the following Route 53 resources can help you achieve this?

A private hosted zone

What's the most efficient method for managing permissions for multiple IAM users

Assign users requiring similar permissions to IAM groups

Why is it that most AWS resources are tied to a single region

Because those resources are run on a physical device, and that device must live somewhere

Which is the best place to get a quick summary of this month's spend for your account?

Billing & Cost Management Dashboard

Which of these tools lets you design graphs within the browser interface to track your account spending?

Cost Explorer

Which of the following does not contribute significantly to the operational value of a large cloud provider like AWS?

Deep experience in the retail sphere

Which of the following types of Route 53 health checks works by making a test connection to a TCP port?

Endpoint

Which of the following AWS resources cannot be encrypted using KMS

Existing AWS Elastic Block Store volumes

What is the primary function of the AWS IAM service

Identity and access management

What is the difference between the three Cloud Service Models -- IaaS, PaaS, and SaaS?

Infrastructure as a Service is where the "hardware resources" are managed by the provider, and the customer must provision the resources, provide the OS image, application, etc. Platform as a Service is where the operating system and environment are also managed by the provider, to where the customer needs to only install their own applications to interact with data. Software as a Service is the most common for retail consumers, where the provider manages all backend aspects, and the customer is able to log in and interact with their data directly - no install or setup required.

Which of the following Route 53 routing policies can return set of randomly ordered values?

Multivalue Answer

Which of the following is the most accurate description of an AWS Availability Zone

One or more independently powered data centers running a wide range of hardware host types

Which of the following AWS services are not likely to benefit from Amazon edge locations? (Select TWO.)

RDS,Elastic Block Store (EBS)

Which of the following is the primary benefit of using CloudFront distributions?

Reduced latency access to your content no matter where your end users live

When you request a new virtual machine instance in EC2, your instance will automatically launch into the currently selected value of which of the following

Region

Which of the following will probably not affect the pricing for an AWS service?

Requests for raising the available service limit

Which of the following are requirements you can include in an IAM password policy? (Select THREE.)

Require at least one uppercase letter. B. Require at least one number., Require at least one nonalphanumeric character.

Which of the following design strategies is most effective for maintaining the reliability of a cloud application?

Resource redundancy

Which of the following are not globally based AWS services? (Select TWO.)

Route 53 and Cloud Front

Which of the following is one of the first places you should look when troubleshooting a failing application

Service Health Dashboard

Which of the following best describes Software as a Service products

Services that provide a service to end users through a public network

Which of the following are true about registering a domain name with Route 53? (Select TWO.)

You can register a domain name for a term of up to 10 years., Route 53 creates a public hosted zone for the domain.

Which of the following AWS documentation URLs points to the page containing an up-todate list of service limits?

https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html

what is a route table

contains a set of rules, called routes, that are used to determine where network traffic is directed. Each subnet in a VPC must be associated with a route table; the route table controls routing for the subnet.

On how many continents are CloudFront edge locations distributed?

6

Action in IAM Policy

specifies the API calls that can be made against an AWS Service (eg cloudwatch:ListMetrics)

Which of the following are valid origins for a CloudFront distribution?

EC2 instance B. A public S3 bucket

Which of the following best describes server virtualization

Logically partitioning physical compute and storage devices into multiple smaller virtual devices

What is the main purpose of Amazon Route 53?

Managing domain name registration and traffic routing

Which of the following AWS Total Cost of Ownership Calculator parameters is likely to have the greatest impact on cost?

Number of servers

Which of the following most accurately describes a subnet within the AWS ecosystem

The block of IP addresses assigned for use within a single Availability Zone

Which of the following is not an included parameter in the AWS Total Cost of Ownership Calculator?

The tax implications of a cloud deployment

Resource in IAM Policy

defines the scope of entities covered by the policy rule (eg a specific Amazon S3 bucket or Amazon EC2 instance, or which means any resource*).

Approximately how many different CloudFront edge locations are there?

more than 150

Which CloudFront distribution type requires you to provide a media player

rtmp

Which of the following designations would refer to the AWS US West (Oregon) region?

us-west-2

What is a Nat gateway

which is used to provide internet connectivity to EC2 instances in the private subnets.

Which of the following Simple Monthly Calculator selections will likely have an impact on most other configuration choices on the page? (Select TWO.)

Free Usage Tier D. Choose Region

Which of the following is true of a VPC peering connection?

It's a private connection between two VPCs.

Is it always possible to request service limit increases from AWS?

No. Some service limits are hard

Which of the following is a limitation of the AWS Simple Monthly Calculator

Not all AWS services are included

According to the AWS Shared Responsibility Model, which of the following are responsibilities of AWS? (Select TWO.)

The security of the cloud B. Patching underlying virtualization software running in AWS data centers

What determines the order by which subnets/AZ options are displayed in EC2 configuration dialogs

They (appear) to be displayed in random order.

What is the primary goal of autoscaling

To ensure that a predefined service level is maintained regardless of external demand or instance failures

What is the purpose of cost allocation tags

To help you identify resources for the purpose of tracking your account spending

What is the main goal for creating a Usage budget type (in AWS Budgets

To track particular categories of resource consumption

True or False? AWS Key Management Service (AWS KMS) enables you to assess, audit, and evaluate the configurations of your AWS resources.

false

True or False? Cloud computing provides a simple way to access servers, storage, databases, and a broad set of application services over the internet. You own the network-connected hardware required for these services and Amazon Web Services provisions what you need.

false

What is an Instance

is a virtual server in the AWS Cloud. You launch an instance from an Amazon Machine Image (AMI). The AMI provides the operating system, application server, and applications for your instance.

AWS highly recommends provisioning your compute resources across _______ Availability Zones.

multiple

Which of the following would be a valid endpoint your developers could use to access a particular Relational Database Service instance you're running in the Northern Virginia region

rds.us-east-1.amazonaws.com

True or False? AWS Organizations enables you to consolidate multiple AWS accounts so that you centrally manage them.

true

True or False? Availability Zones within a Region are connected through low-latency links.

true

True or False? Networking, storage, compute, and databases are examples of service categories that AWS offers.

true

True or false? AWS offers a variety of services at no charge, for example, Amazon Virtual Private Cloud (Amazon VPC), AWS Identity and Access Management (IAM), Consolidated Billing, AWS Elastic Beanstalk, automatic scaling, AWS OpsWorks and AWS CloudFormation. However, you might be charged for other AWS services that you use in conjunction with these services.

true

You need to deliver content to users in the United States and Canada. Which of the following edge location options will be the most cost effective for your CloudFront distribution?

united states, canada, europe

What type of storage (described in question 1) do EBS, EFS, and S3 use?

Amazon S3 uses object storage. Amazon EFS uses file storage. Amazon EBS uses block storage.

What is a hypervisor

Software used to administrate virtualized resources run on physical infrastructure

What happens when you use Amazon Virtual Private Cloud (Amazon VPC) to create a new VPC? (

a main route is made by default

what is amazon ec2

is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

You need to allow resources in a private subnet to access the internet. Which of the following must be present to enable this access? (Select the best answer.)

nat gateway

Which of the following is an optional security control that can be applied at the subnet layer of a VPC?

network acl

What is Amazon EBS

offers persistent storage for Amazon EC2 instances. Amazon EBS volumes are network-attached and persist independently from the life of an instance. Amazon EBS volumes are highly available, highly reliable volumes that can be leveraged as an Amazon EC2 instances boot partition or attached to a running Amazon EC2 instance as a standard block device.

what is the pricing model that enables AWS customers to pay for resouces on an as needed basis

pay as you go

what is not a benefit of cloud computing over on premises computing

pay for racking, stacking and powering servers

what is a cloud deployment model

platforma s a service, infrastructure as a serice, software as a service

Effect in IAM Policy

says whether to Allow or Deny the permissions.

What are the difference between the different EBS volume types?

The difference between the EBS volume types are performance characteristics and price. EBS has SSD (solid state drive) and HDD (hard disk drive) volume types. SSD is faster, but often costs more. These EBS volumes also have a "provisioned / optimized" that guarantees a specific data transfer rate over total storage.

True or False? Private subnets have direct access to the internet.

false

Economies of scale result from ____

having hundreds of thousands of customers aggregated in the cloud

which of the folowing are not benefits of aws cloud compuitng

high latency, multiple procurement cycles

Which of the following Route 53 routing policies doesn't use health checks

Simple

What AWS region is the most recent to launch? Name a region that is scheduled to launch in the future.

The AWS region that is the most recent to launch is Milan in Europe with a total of 3 availability zones. A region that is scheduled to launch in the future is Montreal in Canada.

Which of the following best describes scalability?

The ability of an application to automatically add preconfigured compute resources to meet increasing demand

Which of the following best describes elasticity

The ability of an application to increase or decrease compute resources to match changing demand

What is the AWS best practice for the Account Root User?

The best AWS practice for the Account Root User is to create individual IAM users for anyone that has to use your account and when creating an account for yourself it is important to give yourself user administration permissions and all of the work. This is important because you can change the admissions for each account that is created and you can take them away.

What text format does the credential report use?

CSV

What is the main difference between the goals of Cost Explorer and of cost and usage reports?

Cost Explorer displays visualizations of high-level historical and current account costs, while cost and usage reports generate granular usage reports in CSV format.

What does KMS use to encrypt objects stored on your AWS account?

Customer master key

How does multi-factor authentication work?

Users authenticate using a password and also either a physical or virtual MFA device

You have two EC2 instances hosting a web application. You want to distribute 20 percent of traffic to one instance and 80 percent to the other. Which of the following Route 53 routing policies should you use?

Weighted

According to the AWS Shared Responsibility Model, what's the best way to define the status of the software driving an AWS managed service

Whatever the customer can control (application code and/or configuration settings) is the customer's responsibility.

Which of the following SSH commands will successfully connect to an EC2 Amazon Linux instance with an IP address of 54.7.35.103 using a key named mykey.pem

ssh -i mykey.pem [email protected]

Which of the following EC2 services can be used without charge under the Free Tier

t2.micro EC2 instance type instances for a total of 750 hours per month

true or false, aws owns and maintains the network connected hardware required for applciation services, while you provision and use what you need

true

What is an Inline policy

which is a policy assigned to just one User or Group. Inline Policies are typically used to apply permissions for one-off situations.

Which of the following usage will always be cost-free even after your account's Free Tier has expired? (Select TWO.)

10 GB of data retrievals from Amazon Glacier per month, 10 custom monitoring metrics and 10 alarms on Amazon CloudWatch

Which of the following is a valid CIDR for a VPC or subnet?

10.0.0.0/28

What are two differences between a virtual private network (VPN) connection and a Direct Connect connection? (Select TWO.)

A Direct Connect connection offers predictable latency because it doesn't traverse the internet. B. A VPN connection uses the internet for transport.

What is true about Regions?

A Region is a physical location that has multiple Availability Zones., Each Region is located in a separate geographic area.

Which of the following will encrypt your data while in transit between your office and Amazon S3?

A client-side master key

Which of these statements about Availability Zones is not true?

A data center can be used for more than one Availability Zone.

What's the difference between a security group and a network access control list (NACL)? (Select TWO.)

A security group operates at the instance level., A network access control list operates at the subnet level

Which of the following scenarios would be a good use case for AWS Organizations? (Select TWO.)

A single company with multiple AWS accounts that wants a single place to administrate everything, A company that's integrated some operations with an upstream vendor

Which of the following are true regarding subnets? (Select TWO.)

A subnet must have a CIDR that's a subset of the CIDR of the VPC in which it resides. C. A subnet spans one Availability Zone.

You want to experiment with deploying a web server on an EC2 instance. Which two of the following resources can you include to make that work while remaining within the Free Tier? (Select TWO.)

A t2.micro instance type EC2 instance, A 30 GB solid-state Elastic Block Store (EBS) drive

What are the most significant architectural benefits of the way AWS designed its regions? (Select TWO.)

It can make applications available to end users with lower latency. C. It can make applications more compliant with local regulations

Which of the following is true of a new security group

It contains an outbound rule allowing access to any IP address.

You want to improve the resilience of your EC2 web server. Which of the following is the most effective and efficient approach?

Launch parallel, load-balanced instances in multiple Availability Zones within a single AWS Region.

With Amazon Virtual Private Cloud (Amazon VPC), what is the maximum size IP address range you can have in a VPC? (Select the best answer.)

/16

With Amazon Virtual Private Cloud (Amazon VPC), what is the smallest size subnet you can have in a VPC? (Select the best answer.)

/28

You are a solutions architect who works at a large retail company that is migrating its existing infrastructure to AWS. You recommend that they use a custom VPC. When you create a VPC, you assign it to an IPv4 Classless Inter-Domain Routing (CIDR) block of 10.0.1.0/24 (which has 256 total IP addresses). How many IP addresses are available? (Select the best answer.)

251

Which of the following are signs of a highly available application

A failure in one geographic region will trigger an automatic failover to resources in a different region,Spikes in user demand are met through automatically increasing resources.

What is the difference between a standard AWS region and a GovCloud region?

A standard AWS region can have resources deployed by any customer. GovCloud is a specific region located in the PNW area (Oregon-Washington) that meets specific FedRAMP or other controlled unclassified information security guidelines for government & restricted industry customers (federal contractors, research groups). It is otherwise functionally equivalent to the commercial AWS regions, all products in commercial are supported in Gov with additional security. The difference between the standard AWS region and a GovCloud region is the level of security and who is capable of accessing that particular region. As an ordinary citizen, you have the ability to choose which AWS region and which availability zone you want. AWS regions are open to the public and a multitude of people will be connected to the same region. A GovCloud region is used mostly by the U.S. government to deploy resources and share data. These regions are not available to the public. Unlike the AWS regions, customer access is restricted when considering the GovCloud region. You have to be a U.S. citizen in order to access the GovCloud regions.

What is the difference between AWS regions and Availability Zones (AZ)?

AWS Regions are a collection of data centers that are displayed as a section like us-east-1, they are physical locations. Resources have to be deployed in a region. An availability zone is a group of one or more data centers within a Region. These are logical groups of data centers (which may be located in the same complex or building), and appear to the user in AWS as us-east-1a , -1b, etc. Resources are added to a availability zone in a region when deployed, and resources that need to interact with each other should be kept in the same AZ. For fault tolerance, deploy a separate set of your resources / applications to a different zone or region.In summary - a region is made up of availability zones. Resources are deployed in an AZ inside a region.

What is a Subnet

Each subnet resides entirely within one Availability Zone and cannot span zones. If a subnet's traffic is routed to an Internet Gateway, the subnet is known as a public subnet. If a subnet does not have a route to the Internet gateway, the subnet is known as a private subnet.

As AWS grows, the cost of doing business is reduced and savings are passed back to the customer with lower pricing. What is this optimization called? (Select the best answer.)

Economies of scale

What is the purpose of the AWS Simple Monthly Calculator and the AWS TCO calculator ?

The purpose of the AWS Simple Monthly Calculator is to allow you to see the monthly cost of Amazon Web Services for you based on the applications and services that you use. You are also able to see what it will cost if you use any of the AWS resources. When using the AWS Simple Monthly Calculator, you put in the description, instances, usage and type to see how much it is going to cost you.The purpose of the AWS TCO calculator is to help you compare the on-premises costs of running your application with how much it would cost if you used AWS. By using the AWS TCO calculator you are able to see how you can save money and if it would be cheaper if you used AWS. When using the AWS TCO calculator, you plug in On-Premises and the AWS region you would use and then you put in the specific hardware configuration, type and amount of data storage you are using. Then, when you are done, you receive a report so you can see the costs for everything if you use AWS or if you use the On-Premises services.

What are the three data retrieval options for Amazon Glacier?

The three data retrieval options for amazon glacier are expedited, standard and bulk. In expedited, it takes 1 to 5 minutes and is only 3 cents per gigabyte on the east coast. Standard retrievals is the default option and is 1 cent per gigabyte on the east coast. The bulk retrieval option is the lowest cost option and is complete in 5 to 12 hours.

True or false? To receive the discounted rate associated with Reserved Instances, you must make a full, upfront payment for the term of the agreement.

false

True or false? Unlimited services are available with the AWS Free Tier to new AWS customers for 12 months following their AWS sign-up date. (Select the best answer.)

false

______ means the infrastructure has built-in component redundancy and ______ means that resources dynamically adjust to increases or decreases in capacity requirements.

fault tolerant, elastic and scalable

What is IAM

is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access. AWs Identity and Access Management

Which of the following can be used to protect Amazon Elastic Compute Cloud (Amazon EC2) instances hosted in AWS?

security group

In the shared responsibility model, AWS is responsible for providing what? (Select the best answer.)

security of the cloud

What is AMI and what purpose does it serve?

AMI stands for Amazon Machine Image. The purpose of it is to provide information that is required to launch an instance. It is necessary that you specify which Amazon Machine Image you want when you are launching an instance.

When creating an AWS Identity and Access Management (IAM) policy, what are the two types of access that can be granted to a user? (

AWS Management Console access, Programmatic access

What are the differences between File, Block, and Object Storage?

File Storage allows for files to be organized and arranged in a hierarchy structure. This allows for it to be easiest for the user to access these files. This is advantageous because the files can be shared and collaborated on, but File Storage is disadvantageous because there is a limit on the how much the data to grow. Block Storage divides data into blocks which can be stored for efficiency. This is beneficial because it is faster to access your data and can be retrieved from a variety of areas. It is not beneficial because there is a limitation to how much data can be split into blocks, and it is more expensive than others. Object Storage helps manage data and it helps allow for massive amounts of data to be stored. It is advantageous because it is highly accessible and users can instate policies to help reinforce data.

What is the difference between and what is the purpose of an IAM Group and IAM Role? and for what purpose

The purpose of a IAM Role is to define the limits of what is able to be accomplished within your AWS account. It is different from an IAM group because IAM Roles are mostly used by applications and services instead of people. The purpose of an IAM Group is to make it easier for your organization when you are adding more members to your AWS infrastructure. When using IAM groups, you are able to create someone an IAM user account and add them to a specific group and that user would automatically receive all of the permissions that are entitled to that group.

What AWS tool compares the cost of running your application in an on-premises data center to AWS? (Select the best answer.)

Total Cost of Ownership (TCO) calculator

Which AWS networking service enables a company to create a virtual network within AWS?

amaxon virtual private cloud

What is a managed policy

are pre-built policies (built either by AWS or by your administrators) that can be attached to IAM Users and Groups. When the policy is updated, the changes to the policy are immediately apply against all Users and Groups that are attached to the policy.

Where can a customer go to get more details about Amazon Elastic Compute Cloud (Amazon EC2) billing activity that took place 3 months ago? (Select the best answer.)

aws cost explorer

Which component of AWS Global Infrastructure does Amazon CloudFront use to ensure low-latency delivery?

aws edge locations

How would a system administrator add an additional layer of login security to a user's AWS Management Console? (Select the best answer.)

enable MFA

What is an EC2 Instance?

An Elastic Cloud Compute instance is a virtual machine service provided by AWS. It is an IaaS service, where AWS provides the infrastructure and the client must take advantage of other tools to configure their environment.

What is an Internet Gateway

An Internet gateway (IGW) is a VPC component that allows communication between instances in your VPC and the Internet.

After initial login, what does AWS recommend as the best practice for the AWS account root user?

Delete the access keys of the AWS account root user

What is EBS and what purpose does it serve for the EC2?

EBS stands for Amazon Elastic Block Storage. The purpose of EBS is to serve as the primary data drives for EC2 instances.

In the shared responsibility model, which of the following are examples of "security in the cloud"?

Encryption of data at rest and data in transit, Security group configurations

How does the metered payment model make many benefits of cloud computing possible? (Select TWO.)

Experiments with multiple configuration options are now cost-effective,Full-stack applications are possible without the need to invest in capital expenses

When are free data transfers applicable across AWS? (Choose two.)

Free outbound data transfer between AWS services within the same Region, Free inbound data transfer for Amazon Elastic Compute Cloud (Amazon EC2) instances

Which of the following is the responsibility of AWS under the AWS shared responsibility model?

Maintaining physical hardware

What can be done using IAM

Manage IAM Users and their access: You can create Users and assign them individual security credentials (access keys, passwords, and multi-factor authentication devices). You can manage permissions to control which operations a User can perform. Manage IAM Roles and their permissions: An IAM Role is similar to a User, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a Role is intended to be assumable by anyone who needs it. Manage federated users and their permissions: You can enable identity federation to allow existing users in your enterprise to access the AWS Management Console, to call AWS APIs and to access resources, without the need to create an IAM User for each identity.

Which of the following best describes Infrastructure as a Service products

Services that give you direct control over underlying compute and storage resources

Which of the following best describes Platform as a Service products

Services that hide infrastructure complexity behind a simple interface

Which of these are ways to access AWS core services?

Software Development Kits (SDKs), AWS Command Line Interface (AWS CLI), AWS Management Console

What is the purpose of Amazon Glacier?

The purpose of Amazon Glacier is to provide a secure and long-lasting service for data archiving and long-term backup. (low cost)This is done by delivering comprehensive security and capabilities that can meet whatever you need. It is designed to protect the integrity of uploaded data and allow for anytime-anywhere recovery.

Which of the following are geographic areas that host two or more Availability Zones? (Select the best answer.)

aws regions

For certain services like Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Relational Database Service (Amazon RDS), you can invest in reserved capacity. What options are available for Reserved Instances? (Choose three.)

puri, nuri, auri,

Which of the following is an AWS Region for which customer access is restricted?

AWS GovCloud

Which of the following are true of a default VPC? (Select TWO.)

AWS creates a default VPC in each region.,By default, each default VPC is available to one AWS account

Which of the following is likely to be an accurate source of AWS pricing information?

AWS online documentation relating to a particular service

Which of the following IAM policies is the best choice for the admin user you create in order to replace the root user for day-to-day administration tasks?

AdministratorAccess

What will you need to provide for a new IAM user you're creating who will use "programmatic access" to AWS resources?

An access key ID and secret access key

Which of the following tools are available to ensure you won't accidentally run past your Free Tier limit and incur unwanted costs? (Select TWO.)

Automated email alerts when activity approaches the Free Tier limits B. The Top Free Tier Services by Usage section on the Billing & Cost Management Dashboard

Which of the following is not a setting you can configure in a Cost budget

Owner (username of resource owner

Which of the following standards governs AWS-based applications processing credit card transactions?

PCI DSS

What is an IAM role?

Permissions granted a trusted entity over specified AWS resources

What information does the IAM credential report provide?

The current state of security of your IAM users' access credentials

Which of the following characteristics most help AWS provide such scalable services? (Select TWO.)

The enormous number of servers it operates, Its highly automated infrastructure administration systems

What will IAM users with AWS Management Console access need to successfully log in?

Their username and password

What is the purpose of the Service Organization Controls (SOC) reports found on AWS Artifact?

They attest to AWS infrastructure compliance with data accountability standards like Sarbanes-Oxley.

What role can the documents provided by AWS Artifact play in your application planning? (Select TWO.)

They can help you confirm that your deployment infrastructure is compliant with regulatory standards. B. They can provide insight into various regulatory and industry standards that represent best practices.

Which of the following best describes one possible reason for AWS service limits

To prevent individual customers from accidentally launching a crippling level of resource consumption

How can federated identities be incorporated into AWS workflows? (Select TWO.)

You can provide users authenticated through a third-party identity provider access to backend resources used by your mobile app, You can provide admins authenticated through AWS Microsoft AD with access to a Microsoft SharePoint farm running on AWS.

According to the Shared Responsibility Model, What is the responsibility of AWS and what is the responsibility of the Customer?

According to the Shared Responsibility Model, the responsibility of AWS has to do with security of the cloud. This includes the software, hardware and AWS Global Infrastructure. AWS is in charge of the regions, availability zones, edge locations and the networking. AWS protects the infrastructure that runs all of the services offered in the AWS Cloud. According to the Shared Responsibility Model, the responsibility of the customer has to do with the security in the cloud. Based on what AWS Cloud service the customer selects, they may have to do more configuration work. If the customer uses an Amazon EC2 instance then they will be responsible for the management of the system, security groups, and any application software or utilities that are going to be installed.

What are the four support plans offered by AWS Support? (Select the best answer.)

Basic, Developer, Business, Enterprise

What is the difference between an Identity-based Policy and a Resource-based Policy

An Identity-Based Policy is a JSON permission policy document that can be attached to a user, role or group of users. These types of policies control what actions an user or a role can do, which resources that have access to and under what conditions they can do them. A Resource-Based policy while it may be a JSON policy document like an Identity-Based Policy, it is different because you attach them to a resource which allows a specific permission to do their desired action. Unlike Identity-Based Policies, Resource-Based Policies are only Inline policies and not managed resources-based policies. This means that they are policies created and managed by you to be placed into a single user, group or role.

What are the advantages of cloud computing over computing on premises

Avoid large capital purchases, use on demand capacity, go global in minutes, increase speed and agility

There is no charge for which of the following? (Choose two answers.)

Data transfer between services within the same AWS Region, Inbound data transfer (with some exceptions)

Which of the following are best practices to secure your account using AWS Identity and Access Management (IAM)?

Define fine-grained access rights., Manage access to AWS resources.

What is the difference between the AWS Simple Monthly Calculator and the Total Cost Calculator

The difference between the two is that the AWS Total Cost Calculator allows you to compare the prices between using AWS and using the on-premises servers and databases. The AWS Simple Monthly Calculator only tells you how much it would cost for using applications and services on AWS.

What are the differences between EBS, EFS, and S3?

EBS is only accessible from one EC2 instance in an AWS region, but EFS is better because a file can be accessed from a variety of regions and instances. S3 is better because it can store and retrieve unlimited amounts of data. It is beneficial because of how many files it can store.Amazon Elastic Block Store (Amazon EBS)A persistent & mountable storage system that can be added to an EC2 instance. One EBS volume can be attached to one instance in the same availability zone. Amazon Simple Storage Service (Amazon S3)S3 is a persistent storage solution that makes every file an object and is given an accessible URL Amazon Elastic File System (Amazon EFS)EFS is a shared file system that many EC2 instances can mount and use at the same time.

hat are the differences between the 5 EC2 Instance types (General Purpose, Compute Optimized, Memory Optimized, Accelerated Optimized, & Storage Optimized)?

General Purpose instances provide a balance of compute, memory and networking resources and can be used for a variety of diverse workloads. These are preferred when applications use these resources, such as in a web server or a code repository. Compute Optimized instances are ideal for compute bound applications that benefit from high performance processors. These instances are best for batch processing workloads, media transcoding, high performance web servers and other applications that require intense and rigorous computation. Memory Optimized instances are designed to deliver fast performance for workloads that process large data sets in memory. Accelerated Optimized Computing instances use hardware accelerators to perform functions, which includes graphics processing or data pattern matching. This is more efficient than software running on CPUs. Storage Optimized instances are designed for workloads that require access to large data sets on local storage. This is beneficial because they can deliver numerous low-latency, random I/O operations per second to applications.

What is the difference between the On-Demand, Reserve, Spot, and Dedicated instance purchase types? What are the default term options for a Reserve Instance?

On-Demand instance purchase types are the most expensive pricing tier. You pay for every hour that the instance is running regardless of if you are actually using it. This is beneficial for workloads that need to run for a limited time without interruption. Reserve instance purchase types are beneficial if your application has to run uninterrupted for more than a month at a time. Once you have this purchase type, it will be applied to any instance you launch in the specific AWS region. Spot instance purchase types are for workloads that do not need to run constantly and can live through shutdowns. This Is the cheapest option.Dedicated instance purchase types are kept single at the host level from instances that belong to other accounts. It is meant for a single customer and only them. The default term options for a reserved instance are one or three year terms. This can be paid upfront, partial upfront or not upfront at all. The more you pay at the beginning, the less it will cost overall.

What is the difference between an Account Root user and IAM User

The difference between an Account Root User and IAM User is that with the Account Root User you have full access to all of the resources that are in that account and that you are only allowed to use those resources that are allowed under the account that you have. But, with the IAM User, you have the ability to safely have access to AWS services and resources for any user within that AWS Account. Under IAM you can manage access to AWS services and user permissions to allow or deny an account's access to the AWS resources.

What is the difference between an IAM Policy and an IAM Permission?

The difference between an IAM Policy and an IAM permission is that an IAM Policy is something in AWS that when associated with an account or resource, it defines what permissions are available to it. These policies define what type of permissions are required for an account. An IAM permission is something that determines if an action is allowed or denied.These permissions grant access to a specific resource in AWS.

What is the purpose of a VPC and a NACL?

The purpose of a VPC is to allow you to launch Amazon Web Services into a virtual network that you have created. This virtual private cloud is only for your account. This resembles a network that would be used in your own data center. The VPC is isolated from other virtual networks in the AWS Cloud.The purpose of a NACL is to act as a firewall for directing incoming and outgoing traffic in one or more subnets. It is an optional layer of security to your VPC.

What does it mean to authenticate? what are the three type of authentication methods a user can use to connect to their AWS Cloud environment? and What does it mean to use MFA to authenticate?

To authenticate means to validate or to verify that it is you who are using the account or device. The three types of authentication methods a user can use to connect to their AWS Cloud environment are a Universal 2nd Factor, MFA-compliant Device, such as YubiKey, or a smartphone with the Authenticator app installed. When you use MFA to authenticate, it adds extra security because you have to use a second device that provides a code or credentials for you to use when you have to authenticate that it is you using the device. It requires more than one form of authentication to verify your login credentials.

What is the difference between an AZ and a VPC?

a VPC is deployed in a region and can be available across multiple availability zones in that region. An AZ is a logical zone in a region that has some physical isolation from another AZ in the region. A VPC is logical, AZ is physical. The difference between an AZ and a VPC is that the Virtual Private Cloud contains all of the availability zones in a specific AWS region. A Virtual Private Cloud is beneficial because you are able to add one or two subnets in each availability zone. It is also beneficial because by using a VPC, you are able to add subnets to a local zone that may be closer to your end users. A local zone allows your end zones to start applications that need single digit latencies in milliseconds. By using the Virtual Private Cloud, you can use local zones which will give you faster latency speeds. Availability zones are unique locations that are made to be kept away from failures in other availability zones. They may not be as close to you as a local zone is, so choosing to use the availability zone instead of the local zone through the Virtual Private Cloud will give you slower latency speeds.

Which component of the AWS Global Infrastructure does Amazon CloudFront use to ensure low-latency delivery? (Select the best answer.)

aws edge locations

Which of the following should be done by the AWS account root user? (Select the best answer.)

change the aws support plan

What is a VPC

enables you to launch Amazon Web Services (AWS) resources into a virtual network that you defined. This virtual network closely resembles a traditional network that you would operate in your own data center, with the benefits of using the scalable infrastructure of AWS. You can create a VPC that spans multiple Availability Zones.`Virtual Private Cloud

True or False? Edge locations are only located in the same general area as Regions.

false


Related study sets

American Government 310L: Exam One!

View Set

11.1.3 practice questions CIS 53

View Set

Introduction to histology w/ medical terminology

View Set

Chapter 13 Comparative Cognition

View Set

Entrepreneurship Exam 1 (Ch 1-8)

View Set

Chapter 55: Drugs Acting on the Lower Respiratory Tract

View Set

Docker Certified Associate (DCA) Certification

View Set

Eco Exam #4 (Chap. 10, 11, 12, 13, and 14)

View Set

Live Virtual Machine Lab 12.2: Module 12 Authentication and Authorization Solutions

View Set