Cloud Exam 1
Which memory management feature de-allocates unused RAM from multiple virtual machines and presents it to the hypervisor for other virtual machines that need it? Ballooning De-duplicating Paging Bursting
Ballooning
What type of deployment is characterized by minimal downtime? In-place deployment Blue/Green deployment Canary deployment
Blue/Green deployment
Which feature of AWS CloudFormation allows users to preview how proposed changes to a stack may impact running resources? Templates Change sets Pseudo parameters Drift detection
Change sets
How does S3 ensure the durability (99.999999999%) of your data? Data is storage-tiered by default. Copies of your data are stored across multiple Availability Zones within the selected region. Data is automatically replicated to an alternate region. Multiple high-speed Internet connections are made to every major directory you create.
Copies of your data are stored across multiple Availability Zones within the selected region.
You are creating ACL entries to provide access to a resource within a small network setup. What type of access control model is this? Discretionary access control Non-Discretionary Access Control Mandatory access control Public Key Infrastructure
Discretionary access control
What minimal level of support gives you access to a Technical Account Manager (TAM)? Enterprise Business Basic Developer
Enterprise
Which AWS support plans offer FULL Trusted Advisor benefits? Choose two. Basic Developer Enterprise Business
Enterprise Business
What type of network storage is accessible using standard file sharing protocols such as NFS? SAN NAS DAS none of the mentioned
NAS
What type of a load balancer will handle millions of requests per second while maintaining low latencies? Compute Load Balancer Application Load Balancer Network Load Balancer Internet Load Balancer Classic Load Balancer
Network Load Balancer
What service category does CloudFront fall under? Security, Identity, and Compliance Storage Networking and Content Delivery Compute Services
Networking and Content Delivery
Match the descriptions to their correct business terms or acronyms. cost for a company to run its business operations on a daily basis TCO Economies of scale OPEX
OPEX
A developer is using cloud services to create and test a new application. What type of cloud service is this? PaaS SaaS IaaS XaaS
PaaS
What type of service is AWS Elastic Beanstalk? SaaS PaaS DBaaS IaaS
PaaS
Can you help decide on the RAID level to use? We are a media house and we use lot of graphics/video applications . We need large throughputs for videos to get played without any jitter and since we are in publishing business we can't afford downtime. Even if there is any downtime we would like our data to be quickly restored and enable us to continue with out work in less time. Raid 5 Raid 6 Raid 10 Raid 1
Raid 10
Which of the following RAID levels guarantees double disk failure protection? Raid 1 Raid 0 Raid 5 Raid 6
Raid 6
Your business sets the maximum amount of data that can be lost in a disaster scenario as "two days" worth. What term describes this? Recovery Time Objective Archiving Site mirroring Recovery Point Objective
Recovery Point Objective
The "Waterfall" approach in SDLC uses well-defined phases. Put the following in their correct order. Design Testing Deployment Requirements Gathering Implementation Maintenance
Requirements Gathering Design Implementation Testing Deployment Maintenance
What is the advantage of a microservices-based architecture? All services are tightly integrated within the same application. Improves collaboration as the same team of developers works on the code for all services the application requires. The decoupling between the services allows updates to be made to a given service without affecting the others. Maintains a single version of code.
The decoupling between the services allows updates to be made to a given service without affecting the others.
What is an AWS root user account? An account to launch Linux EC2 instances An account that allows AWS partners to log into the AWS Management console An account to configure route tables in your VPC The email address used to set up the AWS account and always has full administrator access
The email address used to set up the AWS account and always has full administrator access
What is the contract length for Reserved instances (RI)? 1 to 2 years 7 years 1 to 3 years 3 to 5 years
1 to 3 years
Which statements correctly highlight the differences between Storage Area Network (SAN) and Network Attached Storage (NAS) solutions? 1. SAN provides higher performance than NAS but is generally more expensive. 2. SAN is an example of block-level storage whereas NAS offers file-level storage. 3. SAN can utilize an existing TCP/IP infrastructure, but NAS relies on proprietary technology for operation. 1, 2, 3 2, 3 1, 3 1, 2
1, 2
How long can an AWS Lambda function execute? 1 minute 3 minutes 5 minutes 15 minutes
15 minutes
How long does Amazon CloudWatch keep metric data? Select the best answer. 1 month 15 months 1 year 7 days
15 months
Match the different AWS support plans to their purpose or offerings. Enterprise
15-minute response time for critical business system failure
What is a safe overcommitment ratio for vCPUs? 9:1 1:1 6:1 3:1
3:1
For each subnet in a VPC, how many IP addresses are reserved by AWS? 4 5 2 1
5
Match the following descriptions to the correct AWS tools for DevOps. Not all options are used. Fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. AWS CloudFormation Amazon Elastic Container Amazon CloudWatch AWS CodeBuild
AWS CodeBuild
What are the different methods of accessing AWS services? Choose two. AWS Batch AWS Direct Connect AWS Command Line Interface AWS CodeDeploy Software Development Kits (SDKs)
AWS Command Line Interface Software Development Kits (SDKs)
Which AWS service can be used to generate historical configuration change records for your AWS resources? AWS OpsWorks AWS Config CloudWatch CloudTrail
AWS Config
Which AWS service enables developers to quickly deploy and scale web applications and services without managing capacity provisioning? Amazon EC2 AWS Lambda Auto scaling AWS Elastic Beanstalk
AWS Elastic Beanstalk
Which AWS tool can you use to estimate your monthly costs for deploying resources on AWS? AWS Account Manager AWS Pricing Calculator AWS Total Cost of Ownership (TCO) AWS Cost and Usage Report
AWS Pricing Calculator
An application requires a highly available relational database with an initial storage capacity of 8 TB. The database will grow by 8 GB every day. Which option will meet these requirements? Amazon Redshift Amazon S3 DynamoDB Amazon Aurora
Amazon Aurora
Fill in the blank with the correct service. ______________is an example of Amazon's cloud-native database that is compatible with MySQL and offers superior performance comparable to commercial databases.
Amazon Aurora
Match the following descriptions to the correct AWS tools for DevOps. Not all options are used. A service that monitors infrastructure performance in near real-time. AWS CloudFormation Amazon Elastic Container Amazon CloudWatch AWS CodeBuild
Amazon CloudWatch
____________ makes it easy for developers to store, manage, and deploy Docker container images. AWS Fargate Amazon ECR Amazon EKS Amazon ECS
Amazon ECR
Which of the following AWS service is an example of object storage? Amazon EC2 Amazon EBS Amazon S3 Amazon EFS
Amazon S3
When you invest in Reserved Capacity like Amazon EC2 or Amazon RDS, what three pricing options are available? AURI DURI NURI FURI PURI
AURI NURI PURI
The AWS Shared Responsibility model divides security responsibilities between which two parties? The AWS partner AWS The community cloud vendor The AWS customer
AWS The AWS customer
Where will you find a compliance document such as a PCI or SOC report? AWS CloudTrail AWS Artifact Amazon inspector AWS Cetificate Manager
AWS Artifact
Your finance team would like to be alerted when the cost of using a new AWS test/dev account is about to reach the approved budget for an upcoming project. Which AWS tool can you use to help you achieve this need? AWS Budgets AWS Consolidated Billing AWS Cost Explorer AWS CloudWatch
AWS Budgets
Match the following descriptions to the correct AWS tools for DevOps. Not all options are used. Enables developers and administrators to provision, configure, and manage infrastructure using templates AWS CloudFormation Amazon Elastic Container Amazon CloudWatch AWS CodeBuild
AWS CloudFormation
Which AWS service is an example of Infrastructure as Code (IaC)? AWS Lambda Amazon CloudFront AWS CloudTrail AWS CloudFormation
AWS CloudFormation
Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated? AWS X-Ray AWS CloudTrail AWS Identity and Access Management (AWS IAM) Amazon CloudWatch
AWS CloudTrail
You are building a solution to extend a customer's on-premise data center to their AWS VPC . The customer has asked for a faster and more secure alternative to using the Internet. Which AWS product or feature satisfies this requirement? AWS Site-to-Site VPN VPC Sharing AWS Direct Connect VPC Peering
AWS Direct Connect
Which pricing option offers you the opportunity to try various AWS services for free as long as you keep within specified thresholds of usage? AWS Free Trial AWS LightSail AWS Free Tier AWS Trial Room
AWS Free Tier
Which AWS service is an example of serverless computing? AWS Lambda Amazon EC2 Amazon Lightsail AWS Batch
AWS Lambda
______________ is a compute service that lets you run code without provisioning or managing servers.
AWS Lambda
What is a digital catalog with thousands of listings of third-party software that can be purchased and deployed on AWS? Community AMIs AWS Marketplace My AMIs Quick Start
AWS Marketplace
What are the recommended best practices when assigning IAM permissions to users? Choose two. When creating IAM policies, start with permissions that are lenient and tighten them later as needed. Provide IAM users with default administrative privileges Always follow the principle of least privilege When assigning the same set of permissions to multiple IAM users, put the users in a group and attach the permissions to the group instead. Use the AWS root account to grant permissions to users
Always follow the principle of least privilege When assigning the same set of permissions to multiple IAM users, put the users in a group and attach the permissions to the group instead.
Match the following descriptions to the correct AWS tools for DevOps. Not all options are used. A container management service for Docker containers that enables you to build and deploy a microservices architecture. AWS CloudFormation Amazon Elastic Container Amazon CloudWatch AWS CodeBuild
Amazon Elastic Container
What service orchestrates running Docker containers on AWS? Amazon Elastic Container Registry (Amazon ECR) Amazon Elastic Compute Cloud (EC2) Amazon Elastic Container Service (Amazon ECS) Amazon Elastic Kubernetes Service (Amazon EKS)
Amazon Elastic Container Service (Amazon ECS)
Which EC2 Instances are now billed on a per second basis? Amazon Linux and Ubuntu Windows MAC Unix
Amazon Linux and Ubuntu
Which of the following statements are true? Choose two. Amazon RDS is an example of a managed AWS service. Features such as scaling, fault-tolerance, and availability for a managed solution are built-in. Amazon EC2 is an example of a managed AWS service. The benefit to using an unmanaged service is that scalability, fault-tolerance, and availability are automatically handled by the service itself.
Amazon RDS is an example of a managed AWS service. Features such as scaling, fault-tolerance, and availability for a managed solution are built-in.
Which AWS Cloud service is best suited for analyzing your data using the standard Structured Query Language (SQL) and existing Business Intelligence (BI) tools? Amazon Redshift Amazon DynamoDB Amazon RDS Amazon Aurora
Amazon Redshift
Which S3 storage class provides the most cost-effective option particularly for storing secondary copies of data that may be accessed less frequently? Amazon S3 Standard-IA Amazon S3 Standard Amazon S3 One Zone-IA Amazon S3 Glacier
Amazon S3 One Zone-IA
Which service would you use to send alerts based on Amazon CloudWatch alarms? Amazon Route 53 AWS CloudTrail Amazon SNS AWS Trusted Advisor
Amazon SNS
What criteria are used to calculate Amazon S3 pricing? Choose three. Amount of data stored in GB/month Use of SSDs or HDDs Data transferred out Number of disks used Number and type of requests made (GET, PUT, POST, etc.)
Amount of data stored in GB/month Data transferred out Number and type of requests made (GET, PUT, POST, etc.)
What type of load balancer is suitable for use with modern architectures that include containers? Application Classic Network Standard
Application
Which of the following phases are not a part of vulnerability scanning and unique to penetration testing? Choose all that apply. Intelligence gathering Attack planning and simulation Vulnerability validation Exploitation
Attack planning and simulation Exploitation
Identify the difference between automation and orchestration. DevOps heavily relies on the process of automation but does not use orchestration. Automation refers to running a single task without any user intervention. Orchestration refers to a workflow that automates a series of tasks. While automation relies on the use of scripts, orchestration workflows must use full-fledged programming languages such as C, C++, Java, etc. The process of automation requires decision making whereas orchestration does not.
Automation refers to running a single task without any user intervention. Orchestration refers to a workflow that automates a series of tasks.
What are some of the important considerations for choosing an AWS Region for deploying your applications? Choose two. Availability of services within the region To facilitate visits to AWS data centers To meet regional compliance and data residency requirements To deploy applications with additional discounts
Availability of services within the region To meet regional compliance and data residency requirements
You want to monitor resource utilization of your virtual machines to predict future needs and detect anomalies. What must your first have? SNMP Syslog Log forwarding Baseline
Baseline
What is true about Amazon CloudWatch? Provides detailed monitoring at one-minute interval for no charge Basic monitoring at five-minute interval is enabled by default. CloudWatch is a performance monitoring system and will automatically add or drop instances based on need. Retains metrics for 12 months, free of charge
Basic monitoring at five-minute interval is enabled by default.
How can you avail of discounted rates with RDS instances? By reserving database instances for a 1-year or 3-year term By using On-Demand database instances By purchasing spot instances By purchasing redundant database instances
By reserving database instances for a 1-year or 3-year term
Which of the following is NOT a metric that would be measured to confirm it meets the baseline? Peak memory usage Write IOPS average bytes sent/received by the virtual switch CPU frequency
CPU frequency
Identify the type of deployment where a new version of the software is tested out on a small percentage of user population and if successful, rolled out linearly in increments. Blue/Green deployment In-place deployment Canary deployment
Canary deployment
What is true about Read Replicas? Amazon RDS supports creation of Read replicas for Microsoft SQL Server, Oracle, MySQL, PostgreSQL, Amazon Aurora and MariaDB. Changes made to the source database instance are asynchronously copied to the read replica instance. Suitable for read and write-heavy workloads Can become the master database automatically without any manual intervention
Changes made to the source database instance are asynchronously copied to the read replica instance.
When you run out of computer resources in your internal data center and expand to an external cloud on demand, what is this an example of? SaaS Elasticity Cloud Bursting Multitenancy
Cloud Bursting
Which of the following statements is true? Choose two. Cloud is an example of online and offsite backup. Storing backups nearline (locally) is the best strategy. Data recovery from tapes is slow and can take hours to complete. Data backups should follow the 1-2-3 rule.
Cloud is an example of online and offsite backup. Data recovery from tapes is slow and can take hours to complete.
Match the characteristics to the correct EBS volume type. Not all options are used. Ideal for storing large volumes of infrequenty accessed data at a very low cost General purpose SSD Cold HHD Provisioned IOPS SSD
Cold HHD
Which is a separate facility that does not have any computer equipment but is a place where the knowledge workers can move after the disaster? Cold site Hot site Lukewarm site Warm site
Cold site
Match the descriptions to the correct cloud deployment models. cloud model that allows an organization to share its local cloud services with partners Private Community Public
Community
Your institution has recently migrated its student database to Amazon RDS. Of late, you have noticed increased activity and excess read traffic on your database. How can you reduce the dependency on the single database and improve performance? Use Auto Scaling to deploy multiple instances of the database Configure Read replicas Configure Global tables Deploy in multi-AZ
Configure Read replicas
The Chief Compliance Officer at your organization has mandated that a Defense-in-Depth security approach be used for all cloud systems. Which of the following would satisfy the requirement? Splitting a sensitive task between two or more people Ensuring that users are only granted minimum permissions to enable them to perform their duties Assuming both internal and external users are untrusted and enforcing access control at every stage Configuring firewalls with IDS/IPS capabilities and applying security group configurations
Configuring firewalls with IDS/IPS capabilities and applying security group configurations
Your organization has multiple AWS Accounts for different purposes. Each Account has its own set of services and incurs charges. Which AWS service can you use to take advantage of volume discounts by clubbing your Accounts together? AWS Groups AWS Budgets Consolidated Billing AWS Bills AWS Root User Account
Consolidated Billing
A Solutions Architect is designing a critical business application with a relational database that runs on an EC2 instance. It requires a single EBS volume that can support up to 40,000 IOPS. Which Amazon EBS volume type can meet the performance requirements of this application? EBS Provisioned IOPS SSD EBS Throughput Optimized HDD EBS Cold HDD EBS General Purpose SSD
EBS Provisioned IOPS SSD
Which two types of root volume are available for Amazon EC2? S3 EC2 Instance store EBS Glacier
EC2 Instance store EBS
Which of these are valid launch types for Elastic Container Service (ECS)? (Choose two.) EC2 launch type Fargate launch type Lightsail launch type Elastic Beanstalk launch type RDS launch type
EC2 launch type Fargate launch type
Which AWS Storage service enables you to grant the ability for EC2 instances to access a shared file system and share a common data source, similar to a NAS storage system? S3 EBS EFS SLS
EFS
What is true about Availability Zones? Choose two. Each availability zone is defined as a physical geographical location housing a single data center. Each availability zone is designed as an independent failure zone. AZs within a region are interconnected using high-speed private links. A data center can span across multiple Availability Zones.
Each availability zone is designed as an independent failure zone. AZs within a region are interconnected using high-speed private links.
Match the descriptions to their correct business terms or acronyms. a proportionate savings in cost gained by an increased level of production TCO Economies of scale OPEX
Economies of scale
Which of the following AWS services are offered at no charge? Choose three. AWS Lambda Elastic Beanstalk Amazon VPC Elastic Load Balancer Identity Access and Management (IAM)
Elastic Beanstalk Amazon VPC Identity Access and Management (IAM)
How would a system administrator add an additional layer of login security to a user's AWS Management Console? Use AWS Cloud Directory Audit AWS Identity and Access Management (IAM) roles Enable AWS CloudTrail Enable Multi-Factor Authentication (MFA)
Enable Multi-Factor Authentication (MFA)
You are invited to join an IT meeting where merits and pitfalls of cloud computing are being debated. Your manager conveys her concerns of data confidentiality for cloud storage. What can be done? Use identity federation Change default passwords Encrypt the data Digitally sign the data
Encrypt the data
Using the AWS shared security model, which of the following are customer responsibilities? Choose two. Configuring security groups Performing database patching on Amazon RDS Training the data center staff Encrypting data Provisioning low-latency connections between AZs
Encrypting data Configuring security groups
Which Amazon Glacier option allows you to retrieve data within 1-5 minutes? Expedited Bulk Standard Accelerated
Expedited
What statement regarding Scalability is true? Adding extra memory to a server is an example of horizontal scaling. If a combination of both horizontal and vertical scaling is used to improve performance or availability, it is referred to as diagonal scaling. Scaling can greatly reduce costs for organizations with steady workloads. Vertical scaling involves adding more nodes (switches, routers, servers, workstations, etc.) to a distributed system.
If a combination of both horizontal and vertical scaling is used to improve performance or availability, it is referred to as diagonal scaling.
Which of the following is NOT true about Amazon EC2 Auto Scaling? Amazon EC2 Auto Scaling can detect impaired instances and will replace them without intervention. Inability to scale based on schedule for known traffic patterns of your application Supports dynamic and predictive scaling Will automatically launch or terminate instances to handle the load for your application
Inability to scale based on schedule for known traffic patterns of your application
You are configuring cloud backup settings. Only data modified since the last backup must be captured. What type of backup should you configure? Incremental Differential Full Delta tracking
Incremental
Which of the following backup technique is most space efficient? Incremental backup All of the mentioned Differential backup Full backup
Incremental backup
What is true about the modern "Agile" approach in the software development lifecycle? Choose two. Integrates end-user feedback at every stage to create a quality end-product Relies on an iterative approach Can only work for projects where requirements do not change over time Utilizes a very structured and rigid framework
Integrates end-user feedback at every stage to create a quality end-product Relies on an iterative approach
Which characteristics related to Amazon VPC are true? Choose two. A CIDR block of /25 is the smallest size supported for a VPC. It is not possible to change the size of the VPC once it has been created. By default, subnets span at least two Availability zones for redundancy and resiliency. Each subnet in a VPC maps to a single Availability Zone.
It is not possible to change the size of the VPC once it has been created. Each subnet in a VPC maps to a single Availability Zone.
When an Elastic Load Balancer detects an unhealthy EC2 Instance, what action will it perform? Choose three. It will try to restart that instance. It will trigger an alarm. It will terminate the unhealthy instance and launch a new one. It will continue to send traffic to the remaining healthy instances. It will stop sending traffic to the unhealthy instance. It will resume routing traffic when the instance becomes healthy again.
It will continue to send traffic to the remaining healthy instances. It will stop sending traffic to the unhealthy instance. It will resume routing traffic when the instance becomes healthy again.
In what format are IAM policies written in? JSON JAVA XML C#
JSON
Which of the following elements is NOT a part of the statement in an IAM policy document? Action Resource Effect Key
Key
You have launched a Linux-based EC2 instance in the public subnet of your Test VPC. What will enable you to login to the instance via SSH? IGW Route tables Key pair NAT Gateway
Key pair
Which component of an Elastic Load Balancer do you need to configure to ensure you accept traffic on a designated port and forward that traffic to the backend EC2 Instances? Port Forwarder Internet Gateway Listener NAT router
Listener
Which type of storage would be appropriate for data archival? Hard Disk Drives Magnetic tapes Optical disks Solid State Drives
Magnetic tapes
You are the administrator of a Windows network. When creating a new user account, you specify a security clearance level of 'top secret' so that user can access classified files. What type of access control method is being used? Non-Discretionary Access Control Mandatory Access Control Role-Based Access Control Discretionary Access Control
Mandatory Access Control
What is the advantage of using automation? As the need for automation and orchestration grows, the demand for IT staff will continue to grow. Manual and repeatable tasks can be performed efficiently and consistently. Significantly increases the time that it takes to complete routine tasks. Scripts used in the automation process are often self-correcting.
Manual and repeatable tasks can be performed efficiently and consistently.
Which database engines are supported on Amazon RDS? Choose three. MariaDB Oracle Fox Pro Microsoft SQL Server DB2
MariaDB Oracle Microsoft SQL Server
The ability to allocate more virtual memory than what physically exists on a host server is called _______________. Memory bursting Memory ballooning Memory overcommit Hyperthreading
Memory overcommit
In a RAID implementation, the process of duplicating every disk is called ______________. Incrementing Reflecting Striping Mirroring
Mirroring
Which component is required to enable Amazon EC2 instances in a VPC to read and write data to and from the EFS file system? Bucket Mount target Internet gateway Listener
Mount target
Match the application migration strategy on the left to the correct description or characteristic. Rehosting
Moving an application to the cloud environment without leveraging full benefits of cloud
Which two open-source, relational databases is Amazon Aurora compatible with? MariaDB Oracle MySQL Microsoft SQL PostgreSQL
MySQL PostgreSQL
You have launched a Database server within the private subnet of your VPC. You need to allow the server to access the Internet for downloading patches. What do you need? Security Groups Route tables Access Control Lists NAT Gateway
NAT Gateway
If I am running my DB Instance as a Multi-AZ deployment, can I use the standby DB Instance for read or write operations along with primary DB instance? No Yes Only for Oracle RDS instances Only with MySQL based RDS
No
Which of the following virtualization types best describes containers? Desktop virtualization OS virtualization Hardware virtualization Application virtualization
OS virtualization
Which statement regarding object storage is true? Objects are stored and retrieved based on their unique identifiers. Object storage is suitable for storing structured data where traditional methods prove inefficient. Object storage uses a hierarchical system of files and directories for storing data. Object storage does not involve any metadata.
Objects are stored and retrieved based on their unique identifiers.
You have a video encoding application. Currently there is a huge backlog of videos which needs to be processed. You need to add more instances, but you need these instances only until your backlog is reduced. Which of these would be an efficient way to do it? Reserved instances On-Demand instances Dedicated instances Spot Instances
On-Demand instances
If you set up your database on Amazon RDS, what is your responsibility? Managing the underlying hardware Enable High Availability (HA) Handling all backup operations Optimizing your application Patching the operating system
Optimizing your application
Which of the following security actions are performed by customers of AWS? Choose two. Patching the OS on an Amazon EC2 instance Configuring physical network firewalls at the data center Implementing password policies Issuing access cards to AWS staff
Patching the OS on an Amazon EC2 instance Implementing password policies
Which of the following is NOT part of the AWS pricing philosophy? Pay for what you use Pay even less as AWS grows Pay more when you use less Pay less when you reserve Pay less when you use more
Pay more when you use less
Which type of test simulates a network attack? Baselining Vulnerability assessment Hardening Penetration testing
Penetration testing
What is true about high availability? In the active-passive configuration for high availability, the secondary application is online and utilized for load balancing user traffic. An organization must design each and every application for the same level of availability. High Availability is a resiliency principle that can be easily incorporated into applications that were NOT designed to be highly available when they were first created. Redundant resources and components can eliminate single points of failure and improve availability. In a cloud environment, applications can be designed for HA by replicating them across multiple availability zones.
Redundant resources and components can eliminate single points of failure and improve availability. In a cloud environment, applications can be designed for HA by replicating them across multiple availability zones.
Which of the following is NOT a feature of DynamoDB? Single-digit millisecond latency Flexibility in the database schema Uses SSDs for storage Relational database solution
Relational database solution
Match the application migration strategy on the left to the correct description or characteristic. Repurchasing
Replacing the existing application with its cloud-native application
What statement about stop-hibernation is true? Requires that the instance be backed by an encrypted EBS root volume This feature is available with all Linux and Windows AMIs. It is possible to enable hibernation on a running instance that did not have hibernation enabled at launch. Only instances that use instance store as boot volume can support hibernation.
Requires that the instance be backed by an encrypted EBS root volume
What is an example of object-based storage solution in AWS? EBS S3 EFS EC2
S3
What documentation lays out agreed upon service levels and responsibilities of the cloud provider? API TCO SLA SOP
SLA
Microsoft Office 365 is an example of _________________. SaaS PaaS IaaS DBaaS
SaaS
Which of the following characteristics are true of the SaaS model? (Choose two.) greatest concern of vendor lock-in SaaS applications are multitenanted. Underlying cloud infrastructure is user responsibility SaaS applications are characterized by location and device independence. Users are responsible for maintenance, including patches and updates.
SaaS applications are multitenanted. SaaS applications are characterized by location and device independence.
What information must be specified in a launch configuration for EC2 Auto Scaling? Choose all that apply. Maximum instances Minimum instances Security Groups AMI Instance type
Security Groups AMI Instance type
Your company has deployed six Windows EC2 instances in AWS cloud. As the administrator, you would like to remotely access the VMs from your on-premise machine using the Remote Desktop Protocol (RDP). What should you configure to allow that traffic? Security groups Zoning ACLs NAT
Security groups
What is the difference between security groups and NACLs? Choose two. Security groups can be configured to only use ALLOW rules whereas NACLs support both ALLOW and DENY rules. Security groups perform stateless filtering, but NACLs are stateful. For security groups, all rules are evaluated before the decision is made to allow traffic. For network ACLs, rules are evaluated in order of their numbers. Security groups control traffic to and from subnets whereas NACLs control traffic at the instance level.
Security groups can be configured to only use ALLOW rules whereas NACLs support both ALLOW and DENY rules. For security groups, all rules are evaluated before the decision is made to allow traffic. For network ACLs, rules are evaluated in order of their numbers.
Your company has adopted several public SaaS services. Users complain that after logging in to their on-premise desktops they are prompted for credentials for every SaaS service that they use. Which solution will address this? Single Factor Authentication Multiple sign-on MFA Single sign-on
Single sign-on
Which of the following is a method for bidding on unused EC2 capacity? Dedicated instance Spot instance Reserved instance On-Demand instance
Spot instance
What type of storage replication technology will wait for all replicas to confirm data writes before notifying the application? Asymmetric Symmetric Asynchronous Synchronous
Synchronous
Who can act as a dedicated voice for you within AWS and serve as your technical point of contact and advocate? Primary Solution Architect TAM Cloud Practitioner Concierge
TAM
Match the descriptions to their correct business terms or acronyms. a financial estimate intended to help buyers and owners determine the direct and indirect costs of a product or system TCO Economies of scale OPEX
TCO
Before updating a Linux virtual machine, you need to ensure that you can roll back quickly if the updates cause problems. What should you do? Create a system restore point Create an operating system image Take a virtual machine snapshot Take a virtual machine backup
Take a virtual machine snapshot
A company is adopting a SaaS cloud solution. Which capabilities will it most likely lose in the process? The ability to access the application from the company's internal network. The ability to perform fine-grained customizations of the software. The ability to access the application from the web. Centralized control and management of user access to the application.
The ability to perform fine-grained customizations of the software.
Identify the key differences between Amazon S3 and Amazon Glacier. Choose two. Any data stored in S3 is encrypted by default. With Glacier, encryption is optional. The maximum item size in S3 is 5TB, whereas Glacier can store items up to 40 TB. Glacier costs more for each retieval request than S3. Storage cost per GB is higher for Amazon Glacier. You can store virtually unlimited amount of data in S3, but Glacier has limits.
The maximum item size in S3 is 5TB, whereas Glacier can store items up to 40 TB. Glacier costs more for each retrieval request than S3.
Identify drawback/s of the Waterfall model in SDLC. Choose all that apply. The waterfall model requires every phase to be 100% complete before transitioning to the next phase. An unexpected roadblock will prolong delivery of the end product. Typically works better for long-term projects Allows no room for unexpected changes or revisions Progression of the waterfall model is not intuitive.
The waterfall model requires every phase to be 100% complete before transitioning to the next phase. An unexpected roadblock will prolong delivery of the end product. Allows no room for unexpected changes or revisions
Which statement regarding HDDs is false? Hard disks are prone to mechanical failures since they contain moving parts. They are a great choice if I/O speed is more important than storage space. A hard disk is an example of a random access storage device. HDDs are less expensive than SSDs.
They are a great choice if I/O speed is more important than storage space.
A cloud database VM uses four separate disk volumes. Each volume needs to be fully allocated at the start. What should you configure? Thin provisioning Thick provisioning Tokenization Object storage
Thick provisioning
What process creates randomly generated placeholders for protecting sensitive information? Tokenization Authorization Encryption Authentication
Tokenization
Answer True or False. By default, none of your data in Amazon S3 is shared publicly. True False
True
True or False. Data on an instance store volume is ephemeral; if the instance stops due to malfunction, any data on instance store volume is lost. True False
True
VMware Player is an example of a ___________ hypervisor. Type B Type A Type 2 Type 1
Type 2
What are the different severity levels associated with support services? Choose all that apply. Urgent Moderate High Normal Critical Severe Emergency Low
Urgent High Normal Critical Low
You want to establish a private connection from the EC2 instance in your VPC to an S3 bucket. What will you use? VPN Connection NAT instance AWS Direct Connect VPC endpoint
VPC endpoint
What would you use if you have multiple VPCs in your AWS account and you need to communicate between them without using the public Internet? ClassicLink VPC peering Direct Connect Gateway endpoint
VPC peering
Fill in the blank. _____________ refers to a condition in which an organization finds itself relying on proprietary technology that restricts future migration to alternative solutions without significant costs.
Vendor lock in
You have been tasked with deploying hundreds of VMs quickly and efficiently with the same configuration. What process will you use? Virtual machine snapshot Virtual machine cloning Virtual machine backup Storage migration
Virtual machine cloning
Which component controls how traffic flows between VMs and the host computer and between the VMs and other network devices in the organization? Virtual NIC Virtual switch Virtual storage Virtual HBA
Virtual switch
What are two examples of AWS's responsibility in the Shared Responsibility model? encryption of data at rest and transit IAM policies Virtualization software on the host Physical security of the data center
Virtualization software on the host Physical security of the data center
Which service is used in front of a cloud application to prevent web application attacks such as SQL injection? WAF IDS or IPS DLP IAM
WAF
What two open-source formats do AWS CloudFormation templates support? Python SAML JavaScript YAML JSON
YAML JSON
Under what circumstances, should you NOT consider using Amazon RDS? Choose three. For complex transactions or queries You need to support medium to high read and write rates You are looking to customize your database solution Simple GET/PUT requests You need to perform data sharding
You are looking to customize your database solution Simple GET/PUT requests You need to perform data sharding
Which of the following statements regarding AWS Lambda is NOT true? Lambda is designed for fault tolerance. You retain full control over the elements of the infrastructure required to execute your code. Lambda is billed on the number of requests and code execution time. AWS Lambda runs your code in response to events such as changes to an S3 bucket.
You retain full control over the elements of the infrastructure required to execute your code.
What is Amazon Route 53? a fast content delivery network that delivers data, videos, and applications, to customers with low latency is a billing and account management service a highly available and scalable DNS service in AWS cloud a service that enables customers to connect their Amazon VPCs and their on-premise networks
a highly available and scalable DNS service in AWS cloud
Identify characteristics of containers. Choose three. considered more secure than VMs all containers deployed on a host share the host OS kernel can be launched within seconds are best suited for use with monolithic applications offer consistent performance in different environments
all containers deployed on a host share the host OS kernel can be launched within seconds offer consistent performance in different environments
What is true about server virtualization? prohibits the use of virtual machines by unauthorized users allows virtual machines to be load balanced allows the underlying physical hardware to be shared between the virtual machines allows virtual machines to be dependent on each other
allows the underlying physical hardware to be shared between the virtual machines
Identify a characteristic of Amazon Aurora. automatically saves six copies of your data across three AZs fully managed data warehouse service offers three times the performance of MySQL and five times than PostgreSQL is a NoSQL database
automatically saves six copies of your data across three AZs
Match the different AWS support plans to their purpose or offerings. Developer
business hour support via email
Match the application migration strategy on the left to the correct description or characteristic. Re-platforming
can be considered as a lift-tinker-and-shift approach
What is Amazon Glacier designed for? infrequently accessed data cached session data active database storage data archives
data archives
An organization recently had a disaster and was switched to an alternate facility. The original data center has now been restored and the administrator needs to migrate the organization back to the primary data center. What process is the administrator performing? failback failover RTP DRP
failback
Mary, a financial analyst is describing the benefits of cloud computing to her colleagues. Which of the following might she state? (Choose two.) faster time to market low barrier to entry for businesses all cloud solutions are one-size-fits-all facilitates companies to focus more on IT maintenance enables shift from variable operational expenses (OPEX) to fixed capital expenses (CAPEX)
faster time to market low barrier to entry for businesses
Match the different AWS support plans to their purpose or offerings. Business
for customers running production workloads on AWS
Fill in the blanks with the correct words. The _________ feature replicates your DynamoDB tables automatically across your choice of AWS Regions.!
global tables
You are designing a disaster recovery plan that includes a multisite configuration. The alternate site must include all necessary hardware and current backups of the original site. What type of site do you need to design? hot site virtual site cold site warm site
hot site
Identify characteristics of the new S3 Intelligent-Tiering storage class. Choose two. ideal for data with access patterns that are unknown or unpredictable moves data automatically between three tiers, namely frequent access, infrequent access and archival additional tiering fees apply when objects are moved between access tiers users pay a small monitoring and automation fee per object
ideal for data with access patterns that are unknown or unpredictable users pay a small monitoring and automation fee per object
IAM policies can be assigned in two ways: user-based or key-based service-based or key-based role-based or resource-based identity-based or resource-based
identity-based or resource-based
Paul had a server crash on Thursday morning. He performed a backup where he used complete backup from Sunday and several other tapes from Monday, Tuesday, and Wednesday. What method was used? full restore incremental restore differential restore mirror restore
incremental restore
Which type of test measures the amount of time between requests and responses? security availability compatibility performance latency
latency
Match the different AWS support plans to their purpose or offerings. Basic
no case support
In Infrastructure as a Service (IaaS), which two components are the responsibility of the organization (cloud consumer)? servers virtualization software storage devices operating system data
operating system data
Which two keys are supported by DynamoDB as primary keys? Choose two. partition and sort key public and private key unique key hash and range key partition key
partition and sort key partition key
In VPCs with private and public subnets, database servers should be launched into: private subnet they should ideally be launched outside the VPC either public subnet
private subnet
You are creating a two-tier architecture comprising of a web tier and a database tier within your Amazon VPC. Where will you deploy the database servers? Internet public subnet Extranet private subnet
private subnet
You are encrypting an e-mail addressed to your colleague Roman. Which key will be used to encrypt? public private symmetric asymmetric
public
To address an organization's disaster recovery requirements, backup intervals should not exceed the: service level objective (SLO) recovery time objective (RTO) recovery point objective (RPO) maximum acceptable outage (MAO)
recovery point objective (RPO)
A hot site should be implemented as a recovery strategy when the: disaster tolerance is high recovery point objective (RPO) is high recovery time objective (RTO) is low recovery time objective (RTO) is high
recovery time objective (RTO) is low
Match the application migration strategy on the left to the correct description or characteristic. Rebuilding
redesigning the application architecture using a modern approach
What is the most important criteria for a hot site? disk encryption file hashing load balancing replication
replication
What is true about the Type 2 Hypervisor? efficient configuration runs on a host operating system to provide virtualization services referred to as "bare metal" since the hypervisor runs directly on top of hardware commonly implemented in production environments
runs on a host operating system to provide virtualization services
What is the minimum number of disks required for RAID1? five four two one
two
Amazon Glacier uses _______________ as logical containers to store archives. baskets clusters vaults buckets
vaults
Fill in the blank. _____________ is an Intel proprietary technology that creates two logical cores for every physical core.
Hyper-threading
Which of the following correctly characterizes the private cloud deployment model. Choose all that apply. A private cloud deployment offers higher degree of security and privacy as compared to a public cloud. Private cloud services are more economical than public cloud services. Private cloud services can only be hosted on-premise. Private cloud services are dedicated for the use of a single organization.
A private cloud deployment offers higher degree of security and privacy as compared to a public cloud. Private cloud services are dedicated for the use of a single organization
What is Continuous Integration in a CI/CD pipeline? A practice of breaking down an application into a set of services that are run over containers. A practice that automates comprehensive testing and deploys software updates into production upon success. A practice where code changes are committed to a common repository several times a day to trigger an automatic build-and-test sequence. A practice that automates the creation of multiple environments (such as development, testing, production, etc.)
A practice where code changes are committed to a common repository several times a day to trigger an automatic build-and-test sequence.
Which term describes the ability of an organization to rapidly adapt to market changes? Agility Process transformation Scalability Utility Mobility
Agility
What can be used to provide an application running on an EC2 instance, temporary credentials to access other resources within AWS? Federated identity IAM Roles IAM Groups IAM Users
IAM Roles
Which statement about AWS Pricing is incorrect? All inbound data transfers are charged. There is a charge for aggregated outbound data transfer. AWS charges you for compute and storage. Data transfers between AWS services within the same AWS Region are free.
All inbound data transfers are charged.
Which AWS support personnel can address all non-technical billing and account level inquiries? AWS Trusted Advisor Technical Account Manager AWS Billing and Accounts expert AWS Support Concierge
AWS Support Concierge
Which component of the AWS global infrastructure does Amazon CloudFront use for low-latency delivery? AWS Regions AWS edge locations AWS Availability Zones Amazon Virtual Private Network
AWS edge locations
The following concepts are fundamental building blocks of AWS. Match the terminology to their correct description. Fault Tolerance
Ability of a system to be self-healing and return to full capacity despite failures
The following concepts are fundamental building blocks of AWS. Match the terminology to their correct description. Elasticity
Ability to grow when required and reduce in size when resources are no longer needed
The following concepts are fundamental building blocks of AWS. Match the terminology to their correct description. High Availability
Ability to remain continuously operational for a desirably long length of time
Which of the following is the MOST important consideration when defining recovery point objective (RPO)? Mean time between failures Acceptable time for recovery Minimum operating requirements Acceptable data loss
Acceptable data loss
What type of credentials do you need to provide programmatic access to AWS services? AWS Account name and password Access key ID and secret access key Key pairs Email address and password
Access key ID and secret access key
What are characteristics of Business support plan? Choose three. Assigned to a Technical Account Manager (TAM) Business hour support via email 24/7 access via email, chat and phone Unlimited contacts may open a case Access to full Trusted Advisor benefits One primary contact may open a case
Access to full Trusted Advisor benefits
You are troubleshooting performance problems on a development virtual machine and you notice a high number of page faults. Which solution will improve performance? Add more CPU Add faster disks Add more RAM Add more disks
Add more RAM
Which statements are true about AWS Free Tier? Choose two. After the free usage term expires or if your application use exceeds usage limits, you simply pay standard, pay-as-you-go service rates. Sign-up for AWS Free Tier is available to new customers only. AWS Free Tier enables you to gain free, hands-on experience with all available AWS products and services. AWS Free Tier offers are valid for a period of 24 months.
After the free usage term expires or if your application use exceeds usage limits, you simply pay standard, pay-as-you-go service rates. Sign-up for AWS Free Tier is available to new customers only.
Which device would be used to identify potentially malicious activity on a network? DLP WAF IAM IDS or IPS
IDS or IPS
What component can you use to connect your VPC to the public Internet? ELB IDS IPS IGW
IGW
Amazon's Elastic Cloud Computing (EC2) is a service for providing virtual servers. What is this an example of? PaaS SaaS IaaS QoS
IaaS
Which tool will enable you to view your AWS costs associated with the EC2 service from four months ago? CloudWatch IAM Trusted Advisor Cost Explorer
Cost Explorer
Which statement regarding EBS volumes is NOT true? Amazon EBS supports data encryption at no additional cost. An EBS volume can persist independently from the life of the instance. Data stored on an EBS volume is automatically replicated across multiple Availability Zones within the Region. You can resize EBS volumes dynamically without the need to stop the instances.
Data stored on an EBS volume is automatically replicated across multiple Availability Zones within the Region.
You wish to deploy EC2 Instances in the Amazon AWS Cloud and utilize your existing Microsoft Volume Licenses to reduce costs. Which EC2 pricing option allows you to use your existing server licenses? Reserved On-Demand Dedicated Hosts Spot
Dedicated Hosts
You work in a highly regulated environment and you must keep the security and the privacy of your Amazon EC2 instances in mind. Your supervisor has shared that they don't want to share a physical hypervisor with any other customers. Which type of instance would meet this requirement? On-demand Reserved Dedicated instance Spot
Dedicated instance
What are the recommended best practices for AWS root user account? Choose two. Delete the root user access keys after login The root user account should always be secured with MFA. Revoke all permissions on the root user account Restrict permissions on the root user account Delete the root user account
Delete the root user access keys after login The root user account should always be secured with MFA.
Which statement regarding the RPO is correct? The RPO is the maximum tolerable downtime of a business process. The RPO is the minimum tolerable downtime of a business process. Different types of data could require different RPOs. A single RPO applies to all types of data.
Different types of data could require different RPOs.
Amazon S3 can be used to host a dynamic website. True or False True False
False
True or False. Resources in one AWS region are automatically replicated to other regions. True False
False
Match the characteristics to the correct EBS volume type. Not all options are used. Used commonly as a boot volume General purpose SSD Cold HHD Provisioned IOPS SSD
General purpose SSD
Which protocol is used if you want to encrypt files as they are transmitted over the Internet to an Amazon S3 bucket? FTP HTTP SMTP HTTPS
HTTPS
Which of the following are requirements for adequate application performance when using synchronous replication? Choose two. Object storage High-speed links Multipathing Low latency
High-speed links Low latency
Which service model is characterized by greatest concern of vendor lock-in? Software as a Service Platform as a Service Everything as a Service Infrastructure as a Service
Platform as a Service
Which of the following is a scripting language? C++ PowerShell C Java
PowerShell
Match the descriptions to the correct cloud deployment models. cloud model used when external mandates require a high degree of data governance Private Community Public
Private
Match the characteristics to the correct EBS volume type. Not all options are used. Used with databases that require high performance General purpose SSD Cold HHD Provisioned IOPS SSD
Provisioned IOPS SSD
Match the descriptions to the correct cloud deployment models. cloud model that best mirrors the electrical utility grid Private Community Public
Public
Which key is used to validate a digital signature? Public key Private key Signing key Shared key
Public key
A Solutions Architect is designing a two-tier application architecture in an Amazon VPC. The web servers are deployed on EC2 instances and the web tier must read and write data to a database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements? Public subnets for the web tier and NAT Gateway, and private subnets for the database cluster Public subnets for both the web tier and the database cluster Public subnets for the web tier, and private subnets for the database cluster and NAT Gateway Public subnets for the web tier, and private subnets for the database cluster
Public subnets for the web tier and NAT Gateway, and private subnets for the database cluster
What are the two ways of retrieving data from a DynamoDB table? FETCH GET QUERY SCAN
QUERY SCAN
Which statement about RAID is NOT true? RAID Level 5 uses single parity while Level 6 uses double parity. RAID Level 1 uses disk mirroring. RAID Level 0 provides excellent redundancy. RAID 10 is a configuration that combines disk mirroring and disk striping to protect data.
RAID Level 0 provides excellent redundancy.
Sean configures a web application to allow the team of content managers to upload files to the website. What type of access control model is Sean using? DAC RBAC MAC
RBAC
What two protocols are commonly permitted in security groups in order to permit remote administration of instances? Choose two. SFTP ICMP RDP SSH
RDP SSH
What are the typical RTO and RPO values for "important" applications and services within an organization? RT0 = 4 hours; RPO = 2 hours answer not here RT0 = 15 min; RPO nearly zero RT0 = 8-24 hours; RPO = 4 hours
RT0 = 4 hours; RPO = 2 hours
Identify the term that applies to the statement below: Maximum duration of time within which the restoration process must be completed in order to avoid unacceptable consequences. RPO MTTR RTO MTBF
RTO
Your organization needs systems to be back up in 12 hours or less after an outage occurs. To which term does this scenario best apply? DRP RPO BIA RTO
RTO