Cloud Exam 1

Which memory management feature de-allocates unused RAM from multiple virtual machines and presents it to the hypervisor for other virtual machines that need it? Ballooning De-duplicating Paging Bursting

Ballooning

What type of deployment is characterized by minimal downtime? In-place deployment Blue/Green deployment Canary deployment

Blue/Green deployment

Which feature of AWS CloudFormation allows users to preview how proposed changes to a stack may impact running resources? Templates Change sets Pseudo parameters Drift detection

Change sets

How does S3 ensure the durability (99.999999999%) of your data? Data is storage-tiered by default. Copies of your data are stored across multiple Availability Zones within the selected region. Data is automatically replicated to an alternate region. Multiple high-speed Internet connections are made to every major directory you create.

Copies of your data are stored across multiple Availability Zones within the selected region.

You are creating ACL entries to provide access to a resource within a small network setup. What type of access control model is this? Discretionary access control Non-Discretionary Access Control Mandatory access control Public Key Infrastructure

Discretionary access control

What minimal level of support gives you access to a Technical Account Manager (TAM)? Enterprise Business Basic Developer

Enterprise

Which AWS support plans offer FULL Trusted Advisor benefits? Choose two. Basic Developer Enterprise Business

Enterprise Business

What type of network storage is accessible using standard file sharing protocols such as NFS? SAN NAS DAS none of the mentioned

NAS

What type of a load balancer will handle millions of requests per second while maintaining low latencies? Compute Load Balancer Application Load Balancer Network Load Balancer Internet Load Balancer Classic Load Balancer

Network Load Balancer

What service category does CloudFront fall under? Security, Identity, and Compliance Storage Networking and Content Delivery Compute Services

Networking and Content Delivery

Match the descriptions to their correct business terms or acronyms. cost for a company to run its business operations on a daily basis TCO Economies of scale OPEX

OPEX

A developer is using cloud services to create and test a new application. What type of cloud service is this? PaaS SaaS IaaS XaaS

PaaS

What type of service is AWS Elastic Beanstalk? SaaS PaaS DBaaS IaaS

PaaS

Can you help decide on the RAID level to use? We are a media house and we use lot of graphics/video applications . We need large throughputs for videos to get played without any jitter and since we are in publishing business we can't afford downtime. Even if there is any downtime we would like our data to be quickly restored and enable us to continue with out work in less time. Raid 5 Raid 6 Raid 10 Raid 1

Raid 10

Which of the following RAID levels guarantees double disk failure protection? Raid 1 Raid 0 Raid 5 Raid 6

Raid 6

Your business sets the maximum amount of data that can be lost in a disaster scenario as "two days" worth. What term describes this? Recovery Time Objective Archiving Site mirroring Recovery Point Objective

Recovery Point Objective

The "Waterfall" approach in SDLC uses well-defined phases. Put the following in their correct order. Design Testing Deployment Requirements Gathering Implementation Maintenance

Requirements Gathering Design Implementation Testing Deployment Maintenance

What is the advantage of a microservices-based architecture? All services are tightly integrated within the same application. Improves collaboration as the same team of developers works on the code for all services the application requires. The decoupling between the services allows updates to be made to a given service without affecting the others. Maintains a single version of code.

The decoupling between the services allows updates to be made to a given service without affecting the others.

What is an AWS root user account? An account to launch Linux EC2 instances An account that allows AWS partners to log into the AWS Management console An account to configure route tables in your VPC The email address used to set up the AWS account and always has full administrator access

The email address used to set up the AWS account and always has full administrator access

What is the contract length for Reserved instances (RI)? 1 to 2 years 7 years 1 to 3 years 3 to 5 years

1 to 3 years

Which statements correctly highlight the differences between Storage Area Network (SAN) and Network Attached Storage (NAS) solutions? 1. SAN provides higher performance than NAS but is generally more expensive. 2. SAN is an example of block-level storage whereas NAS offers file-level storage. 3. SAN can utilize an existing TCP/IP infrastructure, but NAS relies on proprietary technology for operation. 1, 2, 3 2, 3 1, 3 1, 2

1, 2

How long can an AWS Lambda function execute? 1 minute 3 minutes 5 minutes 15 minutes

15 minutes

How long does Amazon CloudWatch keep metric data? Select the best answer. 1 month 15 months 1 year 7 days

15 months

Match the different AWS support plans to their purpose or offerings. Enterprise

15-minute response time for critical business system failure

What is a safe overcommitment ratio for vCPUs? 9:1 1:1 6:1 3:1

3:1

For each subnet in a VPC, how many IP addresses are reserved by AWS? 4 5 2 1

5

Match the following descriptions to the correct AWS tools for DevOps. Not all options are used. Fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. AWS CloudFormation Amazon Elastic Container Amazon CloudWatch AWS CodeBuild

AWS CodeBuild

What are the different methods of accessing AWS services? Choose two. AWS Batch AWS Direct Connect AWS Command Line Interface AWS CodeDeploy Software Development Kits (SDKs)

AWS Command Line Interface Software Development Kits (SDKs)

Which AWS service can be used to generate historical configuration change records for your AWS resources? AWS OpsWorks AWS Config CloudWatch CloudTrail

AWS Config

Which AWS service enables developers to quickly deploy and scale web applications and services without managing capacity provisioning? Amazon EC2 AWS Lambda Auto scaling AWS Elastic Beanstalk

AWS Elastic Beanstalk

Which AWS tool can you use to estimate your monthly costs for deploying resources on AWS? AWS Account Manager AWS Pricing Calculator AWS Total Cost of Ownership (TCO) AWS Cost and Usage Report

AWS Pricing Calculator

An application requires a highly available relational database with an initial storage capacity of 8 TB. The database will grow by 8 GB every day. Which option will meet these requirements? Amazon Redshift Amazon S3 DynamoDB Amazon Aurora

Amazon Aurora

Fill in the blank with the correct service. ______________is an example of Amazon's cloud-native database that is compatible with MySQL and offers superior performance comparable to commercial databases.

Amazon Aurora

Match the following descriptions to the correct AWS tools for DevOps. Not all options are used. A service that monitors infrastructure performance in near real-time. AWS CloudFormation Amazon Elastic Container Amazon CloudWatch AWS CodeBuild

Amazon CloudWatch

____________ makes it easy for developers to store, manage, and deploy Docker container images. AWS Fargate Amazon ECR Amazon EKS Amazon ECS

Amazon ECR

Which of the following AWS service is an example of object storage? Amazon EC2 Amazon EBS Amazon S3 Amazon EFS

Amazon S3

When you invest in Reserved Capacity like Amazon EC2 or Amazon RDS, what three pricing options are available? AURI DURI NURI FURI PURI

AURI NURI PURI

The AWS Shared Responsibility model divides security responsibilities between which two parties? The AWS partner AWS The community cloud vendor The AWS customer

AWS The AWS customer

Where will you find a compliance document such as a PCI or SOC report? AWS CloudTrail AWS Artifact Amazon inspector AWS Cetificate Manager

AWS Artifact

Your finance team would like to be alerted when the cost of using a new AWS test/dev account is about to reach the approved budget for an upcoming project. Which AWS tool can you use to help you achieve this need? AWS Budgets AWS Consolidated Billing AWS Cost Explorer AWS CloudWatch

AWS Budgets

Match the following descriptions to the correct AWS tools for DevOps. Not all options are used. Enables developers and administrators to provision, configure, and manage infrastructure using templates AWS CloudFormation Amazon Elastic Container Amazon CloudWatch AWS CodeBuild

AWS CloudFormation

Which AWS service is an example of Infrastructure as Code (IaC)? AWS Lambda Amazon CloudFront AWS CloudTrail AWS CloudFormation

AWS CloudFormation

Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated? AWS X-Ray AWS CloudTrail AWS Identity and Access Management (AWS IAM) Amazon CloudWatch

AWS CloudTrail

You are building a solution to extend a customer's on-premise data center to their AWS VPC . The customer has asked for a faster and more secure alternative to using the Internet. Which AWS product or feature satisfies this requirement? AWS Site-to-Site VPN VPC Sharing AWS Direct Connect VPC Peering

AWS Direct Connect

Which pricing option offers you the opportunity to try various AWS services for free as long as you keep within specified thresholds of usage? AWS Free Trial AWS LightSail AWS Free Tier AWS Trial Room

AWS Free Tier

Which AWS service is an example of serverless computing? AWS Lambda Amazon EC2 Amazon Lightsail AWS Batch

AWS Lambda

______________ is a compute service that lets you run code without provisioning or managing servers.

AWS Lambda

What is a digital catalog with thousands of listings of third-party software that can be purchased and deployed on AWS? Community AMIs AWS Marketplace My AMIs Quick Start

AWS Marketplace

What are the recommended best practices when assigning IAM permissions to users? Choose two. When creating IAM policies, start with permissions that are lenient and tighten them later as needed. Provide IAM users with default administrative privileges Always follow the principle of least privilege When assigning the same set of permissions to multiple IAM users, put the users in a group and attach the permissions to the group instead. Use the AWS root account to grant permissions to users

Always follow the principle of least privilege When assigning the same set of permissions to multiple IAM users, put the users in a group and attach the permissions to the group instead.

Match the following descriptions to the correct AWS tools for DevOps. Not all options are used. A container management service for Docker containers that enables you to build and deploy a microservices architecture. AWS CloudFormation Amazon Elastic Container Amazon CloudWatch AWS CodeBuild

Amazon Elastic Container

What service orchestrates running Docker containers on AWS? Amazon Elastic Container Registry (Amazon ECR) Amazon Elastic Compute Cloud (EC2) Amazon Elastic Container Service (Amazon ECS) Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon Elastic Container Service (Amazon ECS)

Which EC2 Instances are now billed on a per second basis? Amazon Linux and Ubuntu Windows MAC Unix

Amazon Linux and Ubuntu

Which of the following statements are true? Choose two. Amazon RDS is an example of a managed AWS service. Features such as scaling, fault-tolerance, and availability for a managed solution are built-in. Amazon EC2 is an example of a managed AWS service. The benefit to using an unmanaged service is that scalability, fault-tolerance, and availability are automatically handled by the service itself.

Amazon RDS is an example of a managed AWS service. Features such as scaling, fault-tolerance, and availability for a managed solution are built-in.

Which AWS Cloud service is best suited for analyzing your data using the standard Structured Query Language (SQL) and existing Business Intelligence (BI) tools? Amazon Redshift Amazon DynamoDB Amazon RDS Amazon Aurora

Amazon Redshift

Which S3 storage class provides the most cost-effective option particularly for storing secondary copies of data that may be accessed less frequently? Amazon S3 Standard-IA Amazon S3 Standard Amazon S3 One Zone-IA Amazon S3 Glacier

Amazon S3 One Zone-IA

Which service would you use to send alerts based on Amazon CloudWatch alarms? Amazon Route 53 AWS CloudTrail Amazon SNS AWS Trusted Advisor

Amazon SNS

What criteria are used to calculate Amazon S3 pricing? Choose three. Amount of data stored in GB/month Use of SSDs or HDDs Data transferred out Number of disks used Number and type of requests made (GET, PUT, POST, etc.)

Amount of data stored in GB/month Data transferred out Number and type of requests made (GET, PUT, POST, etc.)

What type of load balancer is suitable for use with modern architectures that include containers? Application Classic Network Standard

Application

Which of the following phases are not a part of vulnerability scanning and unique to penetration testing? Choose all that apply. Intelligence gathering Attack planning and simulation Vulnerability validation Exploitation

Attack planning and simulation Exploitation

Identify the difference between automation and orchestration. DevOps heavily relies on the process of automation but does not use orchestration. Automation refers to running a single task without any user intervention. Orchestration refers to a workflow that automates a series of tasks. While automation relies on the use of scripts, orchestration workflows must use full-fledged programming languages such as C, C++, Java, etc. The process of automation requires decision making whereas orchestration does not.

Automation refers to running a single task without any user intervention. Orchestration refers to a workflow that automates a series of tasks.

What are some of the important considerations for choosing an AWS Region for deploying your applications? Choose two. Availability of services within the region To facilitate visits to AWS data centers To meet regional compliance and data residency requirements To deploy applications with additional discounts

Availability of services within the region To meet regional compliance and data residency requirements

You want to monitor resource utilization of your virtual machines to predict future needs and detect anomalies. What must your first have? SNMP Syslog Log forwarding Baseline

Baseline

What is true about Amazon CloudWatch? Provides detailed monitoring at one-minute interval for no charge Basic monitoring at five-minute interval is enabled by default. CloudWatch is a performance monitoring system and will automatically add or drop instances based on need. Retains metrics for 12 months, free of charge

Basic monitoring at five-minute interval is enabled by default.

How can you avail of discounted rates with RDS instances? By reserving database instances for a 1-year or 3-year term By using On-Demand database instances By purchasing spot instances By purchasing redundant database instances

By reserving database instances for a 1-year or 3-year term

Which of the following is NOT a metric that would be measured to confirm it meets the baseline? Peak memory usage Write IOPS average bytes sent/received by the virtual switch CPU frequency

CPU frequency

Identify the type of deployment where a new version of the software is tested out on a small percentage of user population and if successful, rolled out linearly in increments. Blue/Green deployment In-place deployment Canary deployment

Canary deployment

What is true about Read Replicas? Amazon RDS supports creation of Read replicas for Microsoft SQL Server, Oracle, MySQL, PostgreSQL, Amazon Aurora and MariaDB. Changes made to the source database instance are asynchronously copied to the read replica instance. Suitable for read and write-heavy workloads Can become the master database automatically without any manual intervention

Changes made to the source database instance are asynchronously copied to the read replica instance.

When you run out of computer resources in your internal data center and expand to an external cloud on demand, what is this an example of? SaaS Elasticity Cloud Bursting Multitenancy

Cloud Bursting

Which of the following statements is true? Choose two. Cloud is an example of online and offsite backup. Storing backups nearline (locally) is the best strategy. Data recovery from tapes is slow and can take hours to complete. Data backups should follow the 1-2-3 rule.

Cloud is an example of online and offsite backup. Data recovery from tapes is slow and can take hours to complete.

Match the characteristics to the correct EBS volume type. Not all options are used. Ideal for storing large volumes of infrequenty accessed data at a very low cost General purpose SSD Cold HHD Provisioned IOPS SSD

Cold HHD

Which is a separate facility that does not have any computer equipment but is a place where the knowledge workers can move after the disaster? Cold site Hot site Lukewarm site Warm site

Cold site

Match the descriptions to the correct cloud deployment models. cloud model that allows an organization to share its local cloud services with partners Private Community Public

Community

Your institution has recently migrated its student database to Amazon RDS. Of late, you have noticed increased activity and excess read traffic on your database. How can you reduce the dependency on the single database and improve performance? Use Auto Scaling to deploy multiple instances of the database Configure Read replicas Configure Global tables Deploy in multi-AZ

Configure Read replicas

The Chief Compliance Officer at your organization has mandated that a Defense-in-Depth security approach be used for all cloud systems. Which of the following would satisfy the requirement? Splitting a sensitive task between two or more people Ensuring that users are only granted minimum permissions to enable them to perform their duties Assuming both internal and external users are untrusted and enforcing access control at every stage Configuring firewalls with IDS/IPS capabilities and applying security group configurations

Configuring firewalls with IDS/IPS capabilities and applying security group configurations

Your organization has multiple AWS Accounts for different purposes. Each Account has its own set of services and incurs charges. Which AWS service can you use to take advantage of volume discounts by clubbing your Accounts together? AWS Groups AWS Budgets Consolidated Billing AWS Bills AWS Root User Account

Consolidated Billing

A Solutions Architect is designing a critical business application with a relational database that runs on an EC2 instance. It requires a single EBS volume that can support up to 40,000 IOPS. Which Amazon EBS volume type can meet the performance requirements of this application? EBS Provisioned IOPS SSD EBS Throughput Optimized HDD EBS Cold HDD EBS General Purpose SSD

EBS Provisioned IOPS SSD

Which two types of root volume are available for Amazon EC2? S3 EC2 Instance store EBS Glacier

EC2 Instance store EBS

Which of these are valid launch types for Elastic Container Service (ECS)? (Choose two.) EC2 launch type Fargate launch type Lightsail launch type Elastic Beanstalk launch type RDS launch type

EC2 launch type Fargate launch type

Which AWS Storage service enables you to grant the ability for EC2 instances to access a shared file system and share a common data source, similar to a NAS storage system? S3 EBS EFS SLS

EFS

What is true about Availability Zones? Choose two. Each availability zone is defined as a physical geographical location housing a single data center. Each availability zone is designed as an independent failure zone. AZs within a region are interconnected using high-speed private links. A data center can span across multiple Availability Zones.

Each availability zone is designed as an independent failure zone. AZs within a region are interconnected using high-speed private links.

Match the descriptions to their correct business terms or acronyms. a proportionate savings in cost gained by an increased level of production TCO Economies of scale OPEX

Economies of scale

Which of the following AWS services are offered at no charge? Choose three. AWS Lambda Elastic Beanstalk Amazon VPC Elastic Load Balancer Identity Access and Management (IAM)

Elastic Beanstalk Amazon VPC Identity Access and Management (IAM)

How would a system administrator add an additional layer of login security to a user's AWS Management Console? Use AWS Cloud Directory Audit AWS Identity and Access Management (IAM) roles Enable AWS CloudTrail Enable Multi-Factor Authentication (MFA)

Enable Multi-Factor Authentication (MFA)

You are invited to join an IT meeting where merits and pitfalls of cloud computing are being debated. Your manager conveys her concerns of data confidentiality for cloud storage. What can be done? Use identity federation Change default passwords Encrypt the data Digitally sign the data

Encrypt the data

Using the AWS shared security model, which of the following are customer responsibilities? Choose two. Configuring security groups Performing database patching on Amazon RDS Training the data center staff Encrypting data Provisioning low-latency connections between AZs

Encrypting data Configuring security groups

Which Amazon Glacier option allows you to retrieve data within 1-5 minutes? Expedited Bulk Standard Accelerated

Expedited

What statement regarding Scalability is true? Adding extra memory to a server is an example of horizontal scaling. If a combination of both horizontal and vertical scaling is used to improve performance or availability, it is referred to as diagonal scaling. Scaling can greatly reduce costs for organizations with steady workloads. Vertical scaling involves adding more nodes (switches, routers, servers, workstations, etc.) to a distributed system.

If a combination of both horizontal and vertical scaling is used to improve performance or availability, it is referred to as diagonal scaling.

Which of the following is NOT true about Amazon EC2 Auto Scaling? Amazon EC2 Auto Scaling can detect impaired instances and will replace them without intervention. Inability to scale based on schedule for known traffic patterns of your application Supports dynamic and predictive scaling Will automatically launch or terminate instances to handle the load for your application

Inability to scale based on schedule for known traffic patterns of your application

You are configuring cloud backup settings. Only data modified since the last backup must be captured. What type of backup should you configure? Incremental Differential Full Delta tracking

Incremental

Which of the following backup technique is most space efficient? Incremental backup All of the mentioned Differential backup Full backup

Incremental backup

What is true about the modern "Agile" approach in the software development lifecycle? Choose two. Integrates end-user feedback at every stage to create a quality end-product Relies on an iterative approach Can only work for projects where requirements do not change over time Utilizes a very structured and rigid framework

Integrates end-user feedback at every stage to create a quality end-product Relies on an iterative approach

Which characteristics related to Amazon VPC are true? Choose two. A CIDR block of /25 is the smallest size supported for a VPC. It is not possible to change the size of the VPC once it has been created. By default, subnets span at least two Availability zones for redundancy and resiliency. Each subnet in a VPC maps to a single Availability Zone.

It is not possible to change the size of the VPC once it has been created. Each subnet in a VPC maps to a single Availability Zone.

When an Elastic Load Balancer detects an unhealthy EC2 Instance, what action will it perform? Choose three. It will try to restart that instance. It will trigger an alarm. It will terminate the unhealthy instance and launch a new one. It will continue to send traffic to the remaining healthy instances. It will stop sending traffic to the unhealthy instance. It will resume routing traffic when the instance becomes healthy again.

It will continue to send traffic to the remaining healthy instances. It will stop sending traffic to the unhealthy instance. It will resume routing traffic when the instance becomes healthy again.

In what format are IAM policies written in? JSON JAVA XML C#

JSON

Which of the following elements is NOT a part of the statement in an IAM policy document? Action Resource Effect Key

Key

You have launched a Linux-based EC2 instance in the public subnet of your Test VPC. What will enable you to login to the instance via SSH? IGW Route tables Key pair NAT Gateway

Key pair

Which component of an Elastic Load Balancer do you need to configure to ensure you accept traffic on a designated port and forward that traffic to the backend EC2 Instances? Port Forwarder Internet Gateway Listener NAT router

Listener

Which type of storage would be appropriate for data archival? Hard Disk Drives Magnetic tapes Optical disks Solid State Drives

Magnetic tapes

You are the administrator of a Windows network. When creating a new user account, you specify a security clearance level of 'top secret' so that user can access classified files. What type of access control method is being used? Non-Discretionary Access Control Mandatory Access Control Role-Based Access Control Discretionary Access Control

Mandatory Access Control

What is the advantage of using automation? As the need for automation and orchestration grows, the demand for IT staff will continue to grow. Manual and repeatable tasks can be performed efficiently and consistently. Significantly increases the time that it takes to complete routine tasks. Scripts used in the automation process are often self-correcting.

Manual and repeatable tasks can be performed efficiently and consistently.

Which database engines are supported on Amazon RDS? Choose three. MariaDB Oracle Fox Pro Microsoft SQL Server DB2

MariaDB Oracle Microsoft SQL Server

The ability to allocate more virtual memory than what physically exists on a host server is called _______________. Memory bursting Memory ballooning Memory overcommit Hyperthreading

Memory overcommit

In a RAID implementation, the process of duplicating every disk is called ______________. Incrementing Reflecting Striping Mirroring

Mirroring

Which component is required to enable Amazon EC2 instances in a VPC to read and write data to and from the EFS file system? Bucket Mount target Internet gateway Listener

Mount target

Match the application migration strategy on the left to the correct description or characteristic. Rehosting

Moving an application to the cloud environment without leveraging full benefits of cloud

Which two open-source, relational databases is Amazon Aurora compatible with? MariaDB Oracle MySQL Microsoft SQL PostgreSQL

MySQL PostgreSQL

You have launched a Database server within the private subnet of your VPC. You need to allow the server to access the Internet for downloading patches. What do you need? Security Groups Route tables Access Control Lists NAT Gateway

NAT Gateway

If I am running my DB Instance as a Multi-AZ deployment, can I use the standby DB Instance for read or write operations along with primary DB instance? No Yes Only for Oracle RDS instances Only with MySQL based RDS

No

Which of the following virtualization types best describes containers? Desktop virtualization OS virtualization Hardware virtualization Application virtualization

OS virtualization

Which statement regarding object storage is true? Objects are stored and retrieved based on their unique identifiers. Object storage is suitable for storing structured data where traditional methods prove inefficient. Object storage uses a hierarchical system of files and directories for storing data. Object storage does not involve any metadata.

Objects are stored and retrieved based on their unique identifiers.

You have a video encoding application. Currently there is a huge backlog of videos which needs to be processed. You need to add more instances, but you need these instances only until your backlog is reduced. Which of these would be an efficient way to do it? Reserved instances On-Demand instances Dedicated instances Spot Instances

On-Demand instances

If you set up your database on Amazon RDS, what is your responsibility? Managing the underlying hardware Enable High Availability (HA) Handling all backup operations Optimizing your application Patching the operating system

Optimizing your application

Which of the following security actions are performed by customers of AWS? Choose two. Patching the OS on an Amazon EC2 instance Configuring physical network firewalls at the data center Implementing password policies Issuing access cards to AWS staff

Patching the OS on an Amazon EC2 instance Implementing password policies

Which of the following is NOT part of the AWS pricing philosophy? Pay for what you use Pay even less as AWS grows Pay more when you use less Pay less when you reserve Pay less when you use more

Pay more when you use less

Which type of test simulates a network attack? Baselining Vulnerability assessment Hardening Penetration testing

Penetration testing

What is true about high availability? In the active-passive configuration for high availability, the secondary application is online and utilized for load balancing user traffic. An organization must design each and every application for the same level of availability. High Availability is a resiliency principle that can be easily incorporated into applications that were NOT designed to be highly available when they were first created. Redundant resources and components can eliminate single points of failure and improve availability. In a cloud environment, applications can be designed for HA by replicating them across multiple availability zones.

Redundant resources and components can eliminate single points of failure and improve availability. In a cloud environment, applications can be designed for HA by replicating them across multiple availability zones.

Which of the following is NOT a feature of DynamoDB? Single-digit millisecond latency Flexibility in the database schema Uses SSDs for storage Relational database solution

Relational database solution

Match the application migration strategy on the left to the correct description or characteristic. Repurchasing

Replacing the existing application with its cloud-native application

What statement about stop-hibernation is true? Requires that the instance be backed by an encrypted EBS root volume This feature is available with all Linux and Windows AMIs. It is possible to enable hibernation on a running instance that did not have hibernation enabled at launch. Only instances that use instance store as boot volume can support hibernation.

Requires that the instance be backed by an encrypted EBS root volume

What is an example of object-based storage solution in AWS? EBS S3 EFS EC2

S3

What documentation lays out agreed upon service levels and responsibilities of the cloud provider? API TCO SLA SOP

SLA

Microsoft Office 365 is an example of _________________. SaaS PaaS IaaS DBaaS

SaaS

Which of the following characteristics are true of the SaaS model? (Choose two.) greatest concern of vendor lock-in SaaS applications are multitenanted. Underlying cloud infrastructure is user responsibility SaaS applications are characterized by location and device independence. Users are responsible for maintenance, including patches and updates.

SaaS applications are multitenanted. SaaS applications are characterized by location and device independence.

What information must be specified in a launch configuration for EC2 Auto Scaling? Choose all that apply. Maximum instances Minimum instances Security Groups AMI Instance type

Security Groups AMI Instance type

Your company has deployed six Windows EC2 instances in AWS cloud. As the administrator, you would like to remotely access the VMs from your on-premise machine using the Remote Desktop Protocol (RDP). What should you configure to allow that traffic? Security groups Zoning ACLs NAT

Security groups

What is the difference between security groups and NACLs? Choose two. Security groups can be configured to only use ALLOW rules whereas NACLs support both ALLOW and DENY rules. Security groups perform stateless filtering, but NACLs are stateful. For security groups, all rules are evaluated before the decision is made to allow traffic. For network ACLs, rules are evaluated in order of their numbers. Security groups control traffic to and from subnets whereas NACLs control traffic at the instance level.

Security groups can be configured to only use ALLOW rules whereas NACLs support both ALLOW and DENY rules. For security groups, all rules are evaluated before the decision is made to allow traffic. For network ACLs, rules are evaluated in order of their numbers.

Your company has adopted several public SaaS services. Users complain that after logging in to their on-premise desktops they are prompted for credentials for every SaaS service that they use. Which solution will address this? Single Factor Authentication Multiple sign-on MFA Single sign-on

Single sign-on

Which of the following is a method for bidding on unused EC2 capacity? Dedicated instance Spot instance Reserved instance On-Demand instance

Spot instance

What type of storage replication technology will wait for all replicas to confirm data writes before notifying the application? Asymmetric Symmetric Asynchronous Synchronous

Synchronous

Who can act as a dedicated voice for you within AWS and serve as your technical point of contact and advocate? Primary Solution Architect TAM Cloud Practitioner Concierge

TAM

Match the descriptions to their correct business terms or acronyms. a financial estimate intended to help buyers and owners determine the direct and indirect costs of a product or system TCO Economies of scale OPEX

TCO

Before updating a Linux virtual machine, you need to ensure that you can roll back quickly if the updates cause problems. What should you do? Create a system restore point Create an operating system image Take a virtual machine snapshot Take a virtual machine backup

Take a virtual machine snapshot

A company is adopting a SaaS cloud solution. Which capabilities will it most likely lose in the process? The ability to access the application from the company's internal network. The ability to perform fine-grained customizations of the software. The ability to access the application from the web. Centralized control and management of user access to the application.

The ability to perform fine-grained customizations of the software.

Identify the key differences between Amazon S3 and Amazon Glacier. Choose two. Any data stored in S3 is encrypted by default. With Glacier, encryption is optional. The maximum item size in S3 is 5TB, whereas Glacier can store items up to 40 TB. Glacier costs more for each retieval request than S3. Storage cost per GB is higher for Amazon Glacier. You can store virtually unlimited amount of data in S3, but Glacier has limits.

The maximum item size in S3 is 5TB, whereas Glacier can store items up to 40 TB. Glacier costs more for each retrieval request than S3.

Identify drawback/s of the Waterfall model in SDLC. Choose all that apply. The waterfall model requires every phase to be 100% complete before transitioning to the next phase. An unexpected roadblock will prolong delivery of the end product. Typically works better for long-term projects Allows no room for unexpected changes or revisions Progression of the waterfall model is not intuitive.

The waterfall model requires every phase to be 100% complete before transitioning to the next phase. An unexpected roadblock will prolong delivery of the end product. Allows no room for unexpected changes or revisions

Which statement regarding HDDs is false? Hard disks are prone to mechanical failures since they contain moving parts. They are a great choice if I/O speed is more important than storage space. A hard disk is an example of a random access storage device. HDDs are less expensive than SSDs.

They are a great choice if I/O speed is more important than storage space.

A cloud database VM uses four separate disk volumes. Each volume needs to be fully allocated at the start. What should you configure? Thin provisioning Thick provisioning Tokenization Object storage

Thick provisioning

What process creates randomly generated placeholders for protecting sensitive information? Tokenization Authorization Encryption Authentication

Tokenization

Answer True or False. By default, none of your data in Amazon S3 is shared publicly. True False

True

True or False. Data on an instance store volume is ephemeral; if the instance stops due to malfunction, any data on instance store volume is lost. True False

True

VMware Player is an example of a ___________ hypervisor. Type B Type A Type 2 Type 1

Type 2

What are the different severity levels associated with support services? Choose all that apply. Urgent Moderate High Normal Critical Severe Emergency Low

Urgent High Normal Critical Low

You want to establish a private connection from the EC2 instance in your VPC to an S3 bucket. What will you use? VPN Connection NAT instance AWS Direct Connect VPC endpoint

VPC endpoint

What would you use if you have multiple VPCs in your AWS account and you need to communicate between them without using the public Internet? ClassicLink VPC peering Direct Connect Gateway endpoint

VPC peering

Fill in the blank. _____________ refers to a condition in which an organization finds itself relying on proprietary technology that restricts future migration to alternative solutions without significant costs.

Vendor lock in

You have been tasked with deploying hundreds of VMs quickly and efficiently with the same configuration. What process will you use? Virtual machine snapshot Virtual machine cloning Virtual machine backup Storage migration

Virtual machine cloning

Which component controls how traffic flows between VMs and the host computer and between the VMs and other network devices in the organization? Virtual NIC Virtual switch Virtual storage Virtual HBA

Virtual switch

What are two examples of AWS's responsibility in the Shared Responsibility model? encryption of data at rest and transit IAM policies Virtualization software on the host Physical security of the data center

Virtualization software on the host Physical security of the data center

Which service is used in front of a cloud application to prevent web application attacks such as SQL injection? WAF IDS or IPS DLP IAM

WAF

What two open-source formats do AWS CloudFormation templates support? Python SAML JavaScript YAML JSON

YAML JSON

Under what circumstances, should you NOT consider using Amazon RDS? Choose three. For complex transactions or queries You need to support medium to high read and write rates You are looking to customize your database solution Simple GET/PUT requests You need to perform data sharding

You are looking to customize your database solution Simple GET/PUT requests You need to perform data sharding

Which of the following statements regarding AWS Lambda is NOT true? Lambda is designed for fault tolerance. You retain full control over the elements of the infrastructure required to execute your code. Lambda is billed on the number of requests and code execution time. AWS Lambda runs your code in response to events such as changes to an S3 bucket.

You retain full control over the elements of the infrastructure required to execute your code.

What is Amazon Route 53? a fast content delivery network that delivers data, videos, and applications, to customers with low latency is a billing and account management service a highly available and scalable DNS service in AWS cloud a service that enables customers to connect their Amazon VPCs and their on-premise networks

a highly available and scalable DNS service in AWS cloud

Identify characteristics of containers. Choose three. considered more secure than VMs all containers deployed on a host share the host OS kernel can be launched within seconds are best suited for use with monolithic applications offer consistent performance in different environments

all containers deployed on a host share the host OS kernel can be launched within seconds offer consistent performance in different environments

What is true about server virtualization? prohibits the use of virtual machines by unauthorized users allows virtual machines to be load balanced allows the underlying physical hardware to be shared between the virtual machines allows virtual machines to be dependent on each other

allows the underlying physical hardware to be shared between the virtual machines

Identify a characteristic of Amazon Aurora. automatically saves six copies of your data across three AZs fully managed data warehouse service offers three times the performance of MySQL and five times than PostgreSQL is a NoSQL database

automatically saves six copies of your data across three AZs

Match the different AWS support plans to their purpose or offerings. Developer

business hour support via email

Match the application migration strategy on the left to the correct description or characteristic. Re-platforming

can be considered as a lift-tinker-and-shift approach

What is Amazon Glacier designed for? infrequently accessed data cached session data active database storage data archives

data archives

An organization recently had a disaster and was switched to an alternate facility. The original data center has now been restored and the administrator needs to migrate the organization back to the primary data center. What process is the administrator performing? failback failover RTP DRP

failback

Mary, a financial analyst is describing the benefits of cloud computing to her colleagues. Which of the following might she state? (Choose two.) faster time to market low barrier to entry for businesses all cloud solutions are one-size-fits-all facilitates companies to focus more on IT maintenance enables shift from variable operational expenses (OPEX) to fixed capital expenses (CAPEX)

faster time to market low barrier to entry for businesses

Match the different AWS support plans to their purpose or offerings. Business

for customers running production workloads on AWS

Fill in the blanks with the correct words. The _________ feature replicates your DynamoDB tables automatically across your choice of AWS Regions.!

global tables

You are designing a disaster recovery plan that includes a multisite configuration. The alternate site must include all necessary hardware and current backups of the original site. What type of site do you need to design? hot site virtual site cold site warm site

hot site

Identify characteristics of the new S3 Intelligent-Tiering storage class. Choose two. ideal for data with access patterns that are unknown or unpredictable moves data automatically between three tiers, namely frequent access, infrequent access and archival additional tiering fees apply when objects are moved between access tiers users pay a small monitoring and automation fee per object

ideal for data with access patterns that are unknown or unpredictable users pay a small monitoring and automation fee per object

IAM policies can be assigned in two ways: user-based or key-based service-based or key-based role-based or resource-based identity-based or resource-based

identity-based or resource-based

Paul had a server crash on Thursday morning. He performed a backup where he used complete backup from Sunday and several other tapes from Monday, Tuesday, and Wednesday. What method was used? full restore incremental restore differential restore mirror restore

incremental restore

Which type of test measures the amount of time between requests and responses? security availability compatibility performance latency

latency

Match the different AWS support plans to their purpose or offerings. Basic

no case support

In Infrastructure as a Service (IaaS), which two components are the responsibility of the organization (cloud consumer)? servers virtualization software storage devices operating system data

operating system data

Which two keys are supported by DynamoDB as primary keys? Choose two. partition and sort key public and private key unique key hash and range key partition key

partition and sort key partition key

In VPCs with private and public subnets, database servers should be launched into: private subnet they should ideally be launched outside the VPC either public subnet

private subnet

You are creating a two-tier architecture comprising of a web tier and a database tier within your Amazon VPC. Where will you deploy the database servers? Internet public subnet Extranet private subnet

private subnet

You are encrypting an e-mail addressed to your colleague Roman. Which key will be used to encrypt? public private symmetric asymmetric

public

To address an organization's disaster recovery requirements, backup intervals should not exceed the: service level objective (SLO) recovery time objective (RTO) recovery point objective (RPO) maximum acceptable outage (MAO)

recovery point objective (RPO)

A hot site should be implemented as a recovery strategy when the: disaster tolerance is high recovery point objective (RPO) is high recovery time objective (RTO) is low recovery time objective (RTO) is high

recovery time objective (RTO) is low

Match the application migration strategy on the left to the correct description or characteristic. Rebuilding

redesigning the application architecture using a modern approach

What is the most important criteria for a hot site? disk encryption file hashing load balancing replication

replication

What is true about the Type 2 Hypervisor? efficient configuration runs on a host operating system to provide virtualization services referred to as "bare metal" since the hypervisor runs directly on top of hardware commonly implemented in production environments

runs on a host operating system to provide virtualization services

What is the minimum number of disks required for RAID1? five four two one

two

Amazon Glacier uses _______________ as logical containers to store archives. baskets clusters vaults buckets

vaults

Fill in the blank. _____________ is an Intel proprietary technology that creates two logical cores for every physical core.

Hyper-threading

Which of the following correctly characterizes the private cloud deployment model. Choose all that apply. A private cloud deployment offers higher degree of security and privacy as compared to a public cloud. Private cloud services are more economical than public cloud services. Private cloud services can only be hosted on-premise. Private cloud services are dedicated for the use of a single organization.

A private cloud deployment offers higher degree of security and privacy as compared to a public cloud. Private cloud services are dedicated for the use of a single organization

What is Continuous Integration in a CI/CD pipeline? A practice of breaking down an application into a set of services that are run over containers. A practice that automates comprehensive testing and deploys software updates into production upon success. A practice where code changes are committed to a common repository several times a day to trigger an automatic build-and-test sequence. A practice that automates the creation of multiple environments (such as development, testing, production, etc.)

A practice where code changes are committed to a common repository several times a day to trigger an automatic build-and-test sequence.

Which term describes the ability of an organization to rapidly adapt to market changes? Agility Process transformation Scalability Utility Mobility

Agility

What can be used to provide an application running on an EC2 instance, temporary credentials to access other resources within AWS? Federated identity IAM Roles IAM Groups IAM Users

IAM Roles

Which statement about AWS Pricing is incorrect? All inbound data transfers are charged. There is a charge for aggregated outbound data transfer. AWS charges you for compute and storage. Data transfers between AWS services within the same AWS Region are free.

All inbound data transfers are charged.

Which AWS support personnel can address all non-technical billing and account level inquiries? AWS Trusted Advisor Technical Account Manager AWS Billing and Accounts expert AWS Support Concierge

AWS Support Concierge

Which component of the AWS global infrastructure does Amazon CloudFront use for low-latency delivery? AWS Regions AWS edge locations AWS Availability Zones Amazon Virtual Private Network

AWS edge locations

The following concepts are fundamental building blocks of AWS. Match the terminology to their correct description. Fault Tolerance

Ability of a system to be self-healing and return to full capacity despite failures

The following concepts are fundamental building blocks of AWS. Match the terminology to their correct description. Elasticity

Ability to grow when required and reduce in size when resources are no longer needed

The following concepts are fundamental building blocks of AWS. Match the terminology to their correct description. High Availability

Ability to remain continuously operational for a desirably long length of time

Which of the following is the MOST important consideration when defining recovery point objective (RPO)? Mean time between failures Acceptable time for recovery Minimum operating requirements Acceptable data loss

Acceptable data loss

What type of credentials do you need to provide programmatic access to AWS services? AWS Account name and password Access key ID and secret access key Key pairs Email address and password

Access key ID and secret access key

What are characteristics of Business support plan? Choose three. Assigned to a Technical Account Manager (TAM) Business hour support via email 24/7 access via email, chat and phone Unlimited contacts may open a case Access to full Trusted Advisor benefits One primary contact may open a case

Access to full Trusted Advisor benefits

You are troubleshooting performance problems on a development virtual machine and you notice a high number of page faults. Which solution will improve performance? Add more CPU Add faster disks Add more RAM Add more disks

Add more RAM

Which statements are true about AWS Free Tier? Choose two. After the free usage term expires or if your application use exceeds usage limits, you simply pay standard, pay-as-you-go service rates. Sign-up for AWS Free Tier is available to new customers only. AWS Free Tier enables you to gain free, hands-on experience with all available AWS products and services. AWS Free Tier offers are valid for a period of 24 months.

After the free usage term expires or if your application use exceeds usage limits, you simply pay standard, pay-as-you-go service rates. Sign-up for AWS Free Tier is available to new customers only.

Which device would be used to identify potentially malicious activity on a network? DLP WAF IAM IDS or IPS

IDS or IPS

What component can you use to connect your VPC to the public Internet? ELB IDS IPS IGW

IGW

Amazon's Elastic Cloud Computing (EC2) is a service for providing virtual servers. What is this an example of? PaaS SaaS IaaS QoS

IaaS

Which tool will enable you to view your AWS costs associated with the EC2 service from four months ago? CloudWatch IAM Trusted Advisor Cost Explorer

Cost Explorer

Which statement regarding EBS volumes is NOT true? Amazon EBS supports data encryption at no additional cost. An EBS volume can persist independently from the life of the instance. Data stored on an EBS volume is automatically replicated across multiple Availability Zones within the Region. You can resize EBS volumes dynamically without the need to stop the instances.

Data stored on an EBS volume is automatically replicated across multiple Availability Zones within the Region.

You wish to deploy EC2 Instances in the Amazon AWS Cloud and utilize your existing Microsoft Volume Licenses to reduce costs. Which EC2 pricing option allows you to use your existing server licenses? Reserved On-Demand Dedicated Hosts Spot

Dedicated Hosts

You work in a highly regulated environment and you must keep the security and the privacy of your Amazon EC2 instances in mind. Your supervisor has shared that they don't want to share a physical hypervisor with any other customers. Which type of instance would meet this requirement? On-demand Reserved Dedicated instance Spot

Dedicated instance

What are the recommended best practices for AWS root user account? Choose two. Delete the root user access keys after login The root user account should always be secured with MFA. Revoke all permissions on the root user account Restrict permissions on the root user account Delete the root user account

Delete the root user access keys after login The root user account should always be secured with MFA.

Which statement regarding the RPO is correct? The RPO is the maximum tolerable downtime of a business process. The RPO is the minimum tolerable downtime of a business process. Different types of data could require different RPOs. A single RPO applies to all types of data.

Different types of data could require different RPOs.

Amazon S3 can be used to host a dynamic website. True or False True False

False

True or False. Resources in one AWS region are automatically replicated to other regions. True False

False

Match the characteristics to the correct EBS volume type. Not all options are used. Used commonly as a boot volume General purpose SSD Cold HHD Provisioned IOPS SSD

General purpose SSD

Which protocol is used if you want to encrypt files as they are transmitted over the Internet to an Amazon S3 bucket? FTP HTTP SMTP HTTPS

HTTPS

Which of the following are requirements for adequate application performance when using synchronous replication? Choose two. Object storage High-speed links Multipathing Low latency

High-speed links Low latency

Which service model is characterized by greatest concern of vendor lock-in? Software as a Service Platform as a Service Everything as a Service Infrastructure as a Service

Platform as a Service

Which of the following is a scripting language? C++ PowerShell C Java

PowerShell

Match the descriptions to the correct cloud deployment models. cloud model used when external mandates require a high degree of data governance Private Community Public

Private

Match the characteristics to the correct EBS volume type. Not all options are used. Used with databases that require high performance General purpose SSD Cold HHD Provisioned IOPS SSD

Provisioned IOPS SSD

Match the descriptions to the correct cloud deployment models. cloud model that best mirrors the electrical utility grid Private Community Public

Public

Which key is used to validate a digital signature? Public key Private key Signing key Shared key

Public key

A Solutions Architect is designing a two-tier application architecture in an Amazon VPC. The web servers are deployed on EC2 instances and the web tier must read and write data to a database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements? Public subnets for the web tier and NAT Gateway, and private subnets for the database cluster Public subnets for both the web tier and the database cluster Public subnets for the web tier, and private subnets for the database cluster and NAT Gateway Public subnets for the web tier, and private subnets for the database cluster

Public subnets for the web tier and NAT Gateway, and private subnets for the database cluster

What are the two ways of retrieving data from a DynamoDB table? FETCH GET QUERY SCAN

QUERY SCAN

Which statement about RAID is NOT true? RAID Level 5 uses single parity while Level 6 uses double parity. RAID Level 1 uses disk mirroring. RAID Level 0 provides excellent redundancy. RAID 10 is a configuration that combines disk mirroring and disk striping to protect data.

RAID Level 0 provides excellent redundancy.

Sean configures a web application to allow the team of content managers to upload files to the website. What type of access control model is Sean using? DAC RBAC MAC

RBAC

What two protocols are commonly permitted in security groups in order to permit remote administration of instances? Choose two. SFTP ICMP RDP SSH

RDP SSH

What are the typical RTO and RPO values for "important" applications and services within an organization? RT0 = 4 hours; RPO = 2 hours answer not here RT0 = 15 min; RPO nearly zero RT0 = 8-24 hours; RPO = 4 hours

RT0 = 4 hours; RPO = 2 hours

Identify the term that applies to the statement below: Maximum duration of time within which the restoration process must be completed in order to avoid unacceptable consequences. RPO MTTR RTO MTBF

RTO

Your organization needs systems to be back up in 12 hours or less after an outage occurs. To which term does this scenario best apply? DRP RPO BIA RTO

RTO