Cloud Practioner
Which of the following can an AWS customer use to launch a new ElastiCache cluster? (Select TWO.)
- AWS CloudFormation -- With AWS CloudFormation you can deploy infrastructure such as Amazon ElastiCache clusters by defining your desired configuration state in code using a template file written in JSON or YAML - AWS Management Console
Which services are involved with security? (Select TWO.
- AWS CloudHSM - AWS KMS -- AWS Key Management Service (KMS) gives you centralized control over the encryption keys used to protect your data
Which AWS services offer compute capabilities? (Select TWO.)
- AWS Lambda - Amazon ECS -- compute service that allows you to run Docker containersjxzxc
Which of the following should be used to improve the security of access to the AWS Management Console? (Select TWO.)
- AWS MFA - strong password policies
A company has a global user base and needs to deploy AWS services that can decrease network latency for their users. Which services may assist? (Select TWO.)
- Amazon CloudFront -- Amazon CloudFront is a content delivery network (CDN) that caches media assets such as files, photos, and videos in Edge locations around the world. This gets your content closer to the user base which decreases latency. - AWS Global Accelerator -- is a service that can direct users to the nearest AWS Region that contains and endpoint for an application. The service utilizes Edge locations to decrease latency and then forwards all traffic on the AWS global network which also decreases latency.
What are the advantages of Availability Zones? (Select TWO.)
- Connected by low-latency network connections - Provide fault isolation
Which of the following statements best describes the concept of agility in relation to cloud computing on AWS?
- ability to experiment quickly - the speed at which AWS resources can be created
A Cloud Practitioner wants to configure the AWS CLI for programmatic access to AWS services. Which credential components are required? (Select TWO.)
- an access key ID and a secret access key
A company is designing a new a service that must align with the operational excellence pillar of the AWS Well-Architected Framework. Which design principles should the company follow? (Select TWO.)
- anticipate failure - perform operations as a code following are best practices for operational excellence pillar • Perform operations as code • Make frequent, small, reversible changes • Refine operations procedures frequently • Anticipate failure • Learn from all operational failures
What are the benefits of using the AWS Managed Services? (Select TWO.)
- baseline integration with ITSM tools - alignment with ITIL processes - AWS Managed Services provides ongoing management of your AWS infrastructure so you can focus on your applications. By implementing best practices to maintain your infrastructure, AWS Managed Services helps to reduce your operational overhead and risk. - AWS Managed Services currently supports the 20+ services most critical for Enterprises, and will continue to expand our list of integrated AWS services. - AWS Managed Services is designed to meet the needs of Enterprises that require stringent SLAs, adherence to corporate compliance, and integration with their systems and ITIL®-based processes.
Which tasks require the use of the AWS account root user?
- changing AWS support plans - changing the account name
A Cloud Practitioner anticipates an increase in application traffic at a future date and time when a sales event will take place. How can the Cloud Practitioner configure Amazon EC2 Auto Scaling to ensure the right number of Amazon EC2 instances are available ahead of the event?
- configure a scheduled scaling policy Scheduled scaling helps you to set up your own scaling schedule according to predictable load changes. For example, let's say that every week the traffic to your web application starts to increase on Wednesday, remains high on Thursday, and starts to decrease on Friday. You can configure a schedule for Amazon EC2 Auto Scaling to increase capacity on Wednesday and decrease capacity on Friday.
Some customer responsibilities in model
- configuring network ACLs to block malicious attack - patching software running on Amazon EC2 instances - updating security group rules to enable connectivity
A company must provide access to AWS resources for their employees. Which security practices should they follow? (Select TWO.)
- create IAM policies based on least privilege principles - enable MFA for users
Which tasks can a user complete using the AWS Cost Management tools? (Select TWO.)
- create budgets and receive notifications if current or forecasted usage exceeds budget - break down AWS costs by day, service, and linked AWS account
Which of the following are AWS recommended best practices in relation to IAM? (Select TWO.)
- create individual IAM users - enable MFA for all users
To ensure the security of your AWS account, what are two AWS best practices for managing access keys? (Select TWO.)
- don't generate an access key for the root account user - where possible, use IAM roles with temporary security credentials
A company plan to move the application development to AWS. Which benefits can they achieve when developing and running applications in the AWS Cloud compared to on-premises? (Select TWO.)
- easy to implement high availability - accommodate large changes in application demand
A company is deploying an application in the AWS Cloud. How can they secure the application? (Select TWO.)
- enable encryption for the application data at rest - limit access privileges according to the principle of least privilege
Which of the following security operations tasks must be performed by AWS customers? (Select TWO.)
- enabling MFA for all users - installing security updates on EC2 instances
Which of the following are valid benefits of using the AWS Cloud?
- go global quickly - fast provisioning of IT resources
Amazon S3 is typically used for which of the following use cases? (Select TWO.)
- host a static website - media hosting Amazon S3 is an object storage system. Typical use cases include: Backup and storage, application hosting, media hosting, software delivery and hosting a static website.
Which of the following tasks can a user perform to optimize Amazon EC2 costs? (Select TWO.)
- implement auto scaling groups to add and remove instances based on demand - purchase Amazon EC2 reserved instances using Amazon EC2 reserved instances for suitable workloads is a good way of optimizing costs over the longer term.
A Cloud Practitioner is re-architecting a monolithic application. Which design principles for cloud architecture do AWS recommend? (Select TWO.)
- implement loose coupling - design for scalability
Which benefits can a company immediately realize using the AWS Cloud? (Select TWO.)
- increased agility - capital expenses are replaced with variable expenses
Which of the following is an advantage for a company running workloads in the AWS Cloud vs on-premises? (Select TWO.)
- increased productivity for application development teams - less staff time is required to launch new workloads
Which of the following represents a value proposition for using the AWS Cloud?
- it is not necessary to enter long term contracts With AWS you can pay for what you use and there is no requirement to enter into long term contracts. However, there are opportunities to gain large discounts by committing to 1 or 3 years contracts for reserved instances and savings plans.
A company has multiple AWS accounts and is using AWS Organizations with consolidated billing. Which advantages will they benefit from? (Select TWO.)
- lower unit pricing for aggregated usage - receive one bill for the accounts in the organization You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts. With consolidated billing you get: - One bill for multiple accounts. - Easy tracking or charges across accounts. - Combined usage across accounts and sharing of volume pricing discounts, reserved instance discounts and savings plans. - No extra fee.
Which on-premises costs must be included in a Total Cost of Ownership (TCO) calculation when comparing against the AWS Cloud? (Select TWO.)
- network infrastructure in the data center - physical compute hardware
An application has highly dynamic usage patterns. Which characteristics of the AWS Cloud make it cost-effective for this type of workload? (Select TWO.)
- pay as you go pricing - elasticity
Which of the following is NOT a best practice for protecting the root user of an AWS account? - enable MFA - lock away the AWS root user access keys - do not share root user credentials - remove administrative permissions
- remove administrative permissions You cannot remove administrative permissions from the root user of an AWS account. Therefore, you must protect the account through creating a complex password, enabling MFA, locking away access keys (assuming they're even required), and not sharing the account details.
Which design principles are enabled by the AWS Cloud to improve the operation of workloads? (Select TWO.)
- remove single points of failure -- Removing single points of failure ensures fault tolerance and high availability. This is easily achieved in the cloud as the architecture and features of the cloud support the implementation of highly available and fault tolerant systems. - loose coupling -- Loose coupling is when you break systems down into smaller components that are loosely coupled together. This reduces interdependencies between systems components. This is achieved in the cloud using messages buses, notification and messaging services.
What are the benefits of using reserved instances? (Select TWO.)
- reserve capacity - reduced cost With reserved instances you commit to a 1- or 3-year term and get a significant discount from the on-demand rate. You can also reserve capacity in an availability zone with reserved instances.
How does the AWS cloud increase the speed and agility of execution for customers?
- scalable compute capacity - fast provisioning of resources The ability to quickly provision resources on AWS is a good example of speed and agility. On AWS the resources are readily available and can be deployed extremely quickly. Scalable compute capacity is another example as it gives you the agility to easily reconfigure your resources with more or less capacity as is required.
Which benefits can a company gain by deploying a relational database on Amazon RDS instead of Amazon EC2? (Select TWO.)
- software patching - automated backups
When running applications in the AWS Cloud, which common tasks can AWS manage on behalf of their customers? (Select TWO.)
- taking a backup of a database - patching database software
AWS Direct Connect
- this service provides private connections from data centers to AWS - creating low-latency private connection to an on-premise data center - not useful for distributed users as they cannot take advantage of it - cannot be used to extend VPC
According to the AWS shared responsibility model, which task is the customer's responsibility?
- updating the guest operating system on Amazon EC2 instances
Which of the following a valid best practices for using the AWS Identity and Access Management (IAM) service? (Select TWO.)
- use groups to assign permissions to IAM users - create individual IAM users
Which of the statements below is correct in relation to Consolidated Billing? (Select TWO.)
- you receive a single bill for multiple acounts - you can combine usage and share volume pricing discounts
Which HTTP code indicates a successful upload of an object to Amazon S3
200
You have been running an on-demand Amazon EC2 instance running Linux for 4hrs, 5 minutes and 6 seconds. How much time will you be billed for?
4hrs, 5 minutes and 6 seconds
AWS Config
A service used for compliance relating the configuration of AWS resources
Which AWS program can help an organization to design, build, and manage their workloads on AWS?
APN Consulting Partners APN Consulting Partners are professional services firms that help customers of all sizes design, architect, build, migrate, and manage their workloads and applications on AWS. Consulting Partners include System Integrators (SIs), Strategic Consultancies, Agencies, Managed Service Providers (MSPs), and Value-Added Resellers (VARs).
Where can a user find information about prohibited actions on the AWS infrastructure?
AWS Acceptable Use Policy
How can a security compliance officer retrieve AWS compliance documentation such as a SOC 2 report?
AWS Artifact
What is the name of the online, self-service portal that AWS provides to enable customers to view reports and, such as PCI reports, and accept agreements?
AWS Artifact Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls.
Which AWS service uses a highly secure hardware storage device to store encryption keys?
AWS CloudHSM
Which AWS service helps customers meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated hardware appliances within the AWS Cloud?
AWS CloudHSM - The AWS CloudHSM service helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud. AWS CloudHSM enables you to easily generate and use your own encryption keys on the AWS Cloud. - dedicated hardware
Which tool can be used to create alerts when the actual or forecasted cost of AWS services exceed a certain threshold?
AWS Budgets
Which service can a Cloud Practitioner use to configure custom cost and usage limits and enable alerts for when defined thresholds are exceeded?
AWS Budgets - AWS Budgets allows you to set custom budgets to track your cost and usage. With AWS Budgets, you can choose to be alerted by email or SNS notification when actual or forecasted cost and usage exceed your budget threshold, or when your actual RI and Savings Plans' utilization or coverage drops below your desired threshold.
Which AWS service can a team use to deploy infrastructure on AWS using familiar programming languages?
AWS CDK (Cloud development kit) - open source software development framework to define cloud application resources using familiar programming languages - you can stick to using languages you are familiar with and have the infrastructure deployed using AWS CloudFormation
A developer needs a way to automatically provision a collection of AWS resources. Which AWS service is primarily used for deploying infrastructure as code?
AWS CloudFormation AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. Think of CloudFormation as deploying infrastructure as code.
Which AWS service can be used to track the activity of users on AWS?
AWS CloudTrail
Which service can identify the user that made the API call when an Amazon EC2instance is terminated?
AWS CloudTrail
Which of the following can be used to identify a specific user who terminated an Amazon RDS DB instance?
AWS CloudTrail - AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. - CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. - This event history simplifies security analysis, resource change tracking, and troubleshooting. In addition, you can use CloudTrail to detect unusual activity in your AWS accounts. These capabilities help simplify operational analysis and troubleshooting.
Which AWS service is a fully-managed source control service that hosts secure Git-based repositories?
AWS CodeCommit
Which AWS service provides a managed software version control system?
AWS CodeCommit - fully-managed source control service that hosts git-based repositories - makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem - eliminates the need to operate your own source control system or worry about scaling its infrastructure - securely store anything from source code to binaries
Which AWS service or feature can assist with protecting a website that is hosted outside of AWS?
AWS Web Application Firewall (WAF) - can be used to protect on-premises if they are deployed behind a Application Load Balancer
Which team is available to support AWS customers on an Enterprise support plan with account issues?
AWS Concierge Included as part of the Enterprise Support plan, the Support Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts.
Which AWS service allows you to automate the evaluation of recorded configurations against desired configuration?
AWS Config
Which service can be used to manage configuration versions?
AWS Config
A key service in :automate best practices"
AWS Config rules
A Cloud Practitioner needs a tool that can assist with viewing and managing AWS costs and usage over time. Which tool should the Cloud Practitioner use?
AWS Cost Explorer AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. AWS Cost Explorer provides you with a set of default reports that you can use as the starting place for your analysis. From there, use the filtering and grouping capabilities to dive deeper into your cost and usage data and generate custom insights.
A company needs a consistent and dedicated connection between AWS resources and an on-premise system. Which AWS service can fulfil this requirement?
AWS Direct Connect
A company plans to connect their on-premises data center to the AWS Cloud and requires consistent bandwidth and performance. Which AWS service should the company choose?
AWS Direct Connect
Which service provides the ability to simply upload applications and have AWS handle the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring?
AWS Elastic Beanstalk
With which service can a developer upload code using a ZIP or WAR file and have the service handle the end-to-end deployment of the resources?
AWS Elastic Beanstalk AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Developers upload applications and Elastic Beanstalk handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. You can upload code directly using a ZIP or WAR file. You can also use a Git archive.
A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in an Amazon VPC. Which service should be used to deploy the application?
AWS Elastic Beanstalk - AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. - You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time.
Which of the following AWS services are compute services? (Select TWO.)
AWS Elastic Beanstalk - easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. AWS Batch - enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS
Which AWS service can be used to load data from Amazon S3, transform it, and move it to another destination?
AWS Glue - AWS Glue is an Extract, Transform, and Load (ETL) service. You can use AWS Glue with data sources on Amazon S3, RedShift and other databases. With AWS Glue you transform and move the data to various destinations. It is used to prepare and load data for analytics
Which AWS service can be used to perform data extract, transform, and load (ETL) operations so you can prepare data for analytics?
AWS Glue - AWS Glue is a serverless data integration service that makes it easy to discover, prepare, and combine data for analytics, machine learning, and application development. AWS Glue provides all of the capabilities needed for data integration so that you can start analyzing your data and putting it to use in minutes instead of months. - AWS Glue provides both visual and code-based interfaces to make data integration easier. Users can easily find and access data using the AWS Glue Data Catalog. Data engineers and ETL (extract, transform, and load) developers can visually create, run, and monitor ETL workflows with a few clicks in AWS Glue Studio.
Which service can be used to assign a policy to a group?
AWS IAM
What can be used to allow an application running on an Amazon EC2 instance to securely store data in an Amazon S3 bucket without using long-term credentials?
AWS IAM role - instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. - Also, a role does not have standard long-term credentials such as a password or access keys associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session.
Which AWS security tool uses an agent installed in EC2 instances and assesses applications for vulnerabilities and deviations from best practices?
AWS Inspector
How can an organization assess application for vulnerabilities and deviations from best practice?
AWS Inspector - Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Inspector automatically assesses applications for vulnerabilities or deviations from best practices.
Which AWS service lets connected devices easily and securely interact with cloud applications and other devices?
AWS IoT Core AWS IoT Core is a managed cloud service that lets connected devices easily and securely interact with cloud applications and other devices. AWS IoT Core can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely.
Which AWS services form the app-facing services of the AWS serverless infrastructure? (Select TWO.)
AWS Lambda Amazon API gatewat
A Cloud Practitioner requires a simple method to identify if unrestricted access to resources has been allowed by security groups. Which service can the Cloud Practitioner use?
AWS Trusted Advisor - checks security groups for rules that allow unrestricted access to specific ports
Which AWS offering enables usersto find, buy, and immediately start using software solutions in their AWS environment?
AWS Marketplace
Which AWS service should a Cloud Practitioner use to automate configuration management using Puppet?
AWS OpsWorks - AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. - OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments,
Which AWS services can be used as infrastructure automation tools? (Select TWO.)
AWS OpsWorks AWS CloudFormation AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.
Which service can be used to easily create multiple accounts?
AWS Organizations AWS Organizations can be used for automating AWS account creation via the Organizations API. note: IAM does not create accounts
Which AWS service or feature can be used to restrict the individual API actions that users and roles in each member account can access?
AWS Organizations AWS Organizations offers Service control policies (SCPs) which are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions (API actions) for all accounts in your organization. SCPs help you to ensure your accounts stay within your organization's access control guidelines. SCPs are available only in an organization that has all features enabled.
A Service Control Policy (SCP) is used to manage the maximum available permissions and is associated with which of the following? Service control policies (SCPs) manage permissions for which of the following?
AWS Organizations - Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization. SCPs are associated with AWS Organizations and help you to ensure your accounts stay within your organization's access control guidelines. SCPs are available only in an organization that has all features enabled.
A company is deploying an application on Amazon EC2 that requires low-latency access to application components in an on-premises data center. Which AWS service or resource can the company use to extend their existing VPC to the on-premises data center?
AWS Outposts - fully managed service that offers the same AWS infrastructure, services, APIs, and tools to virtually any data center, co-location space, or on-premises facility for a truly consistent hybrid experience - you can extend your VPC into the on-premises data centers
Which AWS dashboard displays relevant and timely information to help users manage events in progress, and provides proactive notifications to help plan for scheduled activities?
AWS Personal Health Dashboard AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.
A Cloud Practitioner needs to rapidly deploy a popular IT solution and start using it immediately. What should the Cloud Practitioner use?
AWS Quick Start reference deployments Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately. Each Quick Start includes AWS CloudFormation templates that automate the deployment and a guide that discusses the architecture and provides step-by-step deployment instructions.
Which resource should a new user on AWS use to get help with deploying popular technologies based on AWS best practices, including architecture and deployment instructions?
AWS Quick Starts Quick Starts are built by Amazon Web Services (AWS) solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately. - quick start uses CloudFormation
A Cloud Practitioner is developing a disaster recovery plan and intends to replicate data between multiple geographic areas. Which of the following meets these requirements?
AWS Regions AWS has the concept of a Region, which is a physical location around the world where we cluster data centers. We call each group of logical data centers an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate AZ's within a geographic area.
You are concerned that you may be getting close to some of the default service limits for several AWS services. What AWS tool can be used to display current usage and limits?
AWS Trusted Advisor
A Cloud Practitioner is creating the business process workflows associated with an order fulfilment system. Which AWS service can assist with coordinating tasks across distributed application components?
AWS SWF Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks.
AWS Shield
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service.
A cloud practitioner needs to migrate a 70 TB of data from an on-premises data center into the AWS Cloud. The company has a slow and unreliable internet connection. Which AWS service can the cloud practitioner leverage to transfer the data?
AWS Snowball AWS Snowball is a method of transferring the data using a physical device. A Snowball Edge device can hold up to 80 TB so a single device can be used. This transfer method completely avoids the slow and unreliable internet connection.
A Cloud Practitioner is developing a new application and wishes to integrate features of AWS services directly into the application. Which of the following is the BEST tool for this purpose?
AWS Software Development Kit - SDK is a collection of software development tools in on installable package - AWS provide SDKs for various programming languages and these can be used for integrating the features of AWS services directly into the application
Which of the following will help a user determine if they need to request an Amazon EC2 service limit increase?
AWS Trusted Advisor - advises you on best practices for provisioning resources
Which AWS service makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow?
AWS Step Functions AWS Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. AWS Step Functions lets you build visual workflows that enable fast translation of business requirements into technical requirements.
Which AWS hybrid storage service enables a user's on-premises applications to seamlessly use AWS Cloud storage?
AWS Storage Gateway - AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases.
Which service allows an organization to view operational data from multiple AWS services through a unified user interface and automate operational tasks?
AWS Systems Manager Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.
What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions?
AWS Transit Gateway AWS Transit Gateway is a service that enables customers to connect their Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway. With AWS Transit Gateway, you only have to create and manage a single connection from the central gateway in to each Amazon VPC, on-premises data center, or remote office across your network. Transit Gateway acts as a hub that controls how traffic is routed among all the connected networks which act like spokes.
A Cloud Practitioner noticed that IP addresses that are owned by AWS are being used to attempt to flood ports on some of the company's systems. To whom should the issue be reported?
AWS Trust and Safety team
Which AWS Cloud service provides recommendations on how to optimize performance for AWS services?
AWS Trusted Advisor - AWS Trusted Advisor can improve the performance of your service by checking your service limits, ensuring you take advantage of provisioned throughput, and monitoring for overutilized instances.
A user needs to identify underutilized Amazon EC2 instances to reduce costs. Which AWS service or feature will meet this requirement?
AWS Trusted Advisor - offers a rich set of best practice checks and recommendations across five categories 1. cost optimization 2. security 3. fault tolerance 4. performance 5. service limits
A user needs a quick way to determine if any Amazon EC2 instances have ports that allow unrestricted access. Which AWS service will support this requirement?
AWS Trusted Advsisor AWS Trusted Advisor scans the security groups in your account to see if any security groups allow unrestricted access to any ports. This information is then presented to you in the console and you can then act on this information to secure the ports through editing the rules in the security group.
A web application running on AWS has been received malicious requests from the same set of IP addresses. Which AWS service can help secure the application and block the malicious traffic?
AWS WAF
Which AWS service protects against common exploits that could compromise application availability, compromise security or consume excessive resources?
AWS WAF - AWS WAF is a web application firewall that protects against common exploits that could compromise application availability, compromise security or consume excessive resources.
Which tools can you use to manage identities in IAM? (Select TWO.)
AWS console AWS Command line tools You can manage AWS Identity and Access Management identities through the AWS Management Console, AWS Command Line Tools, AWS SDKs, and IAM HTTPS API.
Which authentication method is used to authenticate programmatic calls to AWS services?
Access keys
What can a Cloud Practitioner use to categorize and track AWS costs by project?
Cost allocation tags - can be used to tag and categorize your resources and then run view the billing in Cost Explorer and teh cost allocation report
How does the consolidated billing feature of AWS Organizations treat Reserved Instances that were purchased by another account in the organization?
All accounts in the organization are treated as one account so any account can receive the hourly cost benefit
Amazon Athena
Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL.
A company is deploying a MySQL database on AWS. The database must easily scale and have automatic backup enabled. Which AWS service should the company?
Amazon Aurora - Aurora is a relational database that is compitable with mySQL and PostgreSQL - very fast and scales up to 128 TB - you can deploy replicas for read scaling within and across regions - offers automated backups
What AWS tools can be used for automation?
Amazon CloudFormation AWS Elastic Beanstalk
Which AWS service does API Gateway integrate with to enable users from around the world to achieve the lowest possible latency for API requests and responses?
Amazon CloudFront Amazon CloudFront is used as the public endpoint for API Gateway. Provides reduced latency and distributed denial of service protection through the use of CloudFront.
A company is deploying a new web application in a single AWS Region that will be used by users globally. Which AWS services will assist with lowering latency and improving transfer speeds for the global users? (Select TWO.)
Amazon CloudFront - Amazon CloudFront is a content delivery network (CDN) that caches content around the world for lower latency access. AWS Global Accelerator - AWS Global Accelerator enables access to your application by leveraging the same Edge Locations as CloudFront and routing connections across the AWS global network.
A website has a global customer base and users have reported poor performance when connecting to the site. Which AWS service will improve the customer experience by reducing latency?
Amazon CloudFront - securely delivers data, videos, applications, and APIs to customers globally from low latency, high transfer speeds
Which AWS Services are associated with edge locations?
Amazon CloudFront AWS Shield shield protexts against DDoD attacks available globally on amazon CloudFront Edge Locations
A company needs to optimize costs and resource usage through monitoring of operational health for all resources running on AWS. Which AWS service will meet these requirements?
Amazon CloudWatch
A Cloud Practitioner needs to monitor a new Amazon EC2 instances CPU and network utilization. Which AWS service should be used?
Amazon CloudWatch - Amazon CloudWatch is a performance monitoring service. AWS services send metrics about their utilization to CloudWatch which collects the metrics. You can then view the results in CloudWatch and configure alarms.
Which AWS services can a company use to gather information about activity in their AWS account? (Select TWO.)
Amazon Cloudwatch - performance monitoring service - AWS services send metrics about their utilization to CloudWatch which collects the metrics - collects metrics about account activity such as billing information which can also be viewed AWS CloudTrail - auditing service that monitors API activity in your account - whenever you perform any operation in the account this results in an API action and this information is recorded to create an audit trail
Which AWS service lets you add user sign up, sign-in and access control to web and mobile apps?
Amazon Cognito Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.
Amazon Detective
Amazon Detective automatically processes terabytes of event data records about IP traffic, AWS management operations, and malicious or unauthorized activity.
Which database allows you to scale at the push of a button without incurring any downtime?
Amazon DynamoDB Amazon Dynamo DB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Push button scaling means that you can scale the DB at any time without incurring downtime. All other databases are based on EC2 instances and therefore you must increase the instance size to scale which will incur downtime.
To gain greater discounts, which services can be reserved? (Select TWO.)
Amazon DynamoDB Redshift other examples include: ec2, elastiCachie, RDS
A user needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances and vulnerabilities on those instances. Which AWS service will provide this assessment report?
Amazon Inspector - Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. - After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.
Which DynamoDB feature provides in-memory acceleration to tables that result in significant performance improvements?
Amazon DynamoDB Accelerator (DAX) Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement - from milliseconds to microseconds - even at millions of requests per second. DAX does all the heavy lifting required to add in-memory acceleration to your DynamoDB tables, without requiring developers to manage cache invalidation, data population, or cluster management.
Which service is used for caching data?
Amazon DynamoDB DAX Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement - from milliseconds to microseconds - even at millions of requests per second.
Which services allow you to store files on AWS? (Select TWO.)
Amazon EBS Amazon EFS
Customers using AWS services must patch operating systems on which of the following services?
Amazon EC2 Amazon EC2 is an infrastructure as a service (IaaS) solution. This means the underlying hardware and software layer for running a virtual server are managed for you. As a customer you must then manage the operating system and any software you install. This includes installing patches on the operating system as part of regular maintenance activities. dynamoDB, fargate, and lambda are all severless services in which you do not need to manage patches
A company plans to deploy a relational database on AWS. The IT department will perform database administration. Which service should the company use?
Amazon EC2 - When using this deployment you can choose the operating system and instance type that suits your needs and then install and manage any database software you require.
Which AWS service does AWS Snowball Edge natively support?
Amazon EC2 - You can run Amazon EC2 compute instances hosted on a Snowball Edge with the sbe1, sbe-c, and sbe-g instance types. The sbe1 instance type works on devices with the Snowball Edge Storage Optimized option. The sbe-c instance type works on devices with the Snowball Edge Compute Optimized option. Both the sbe-c and sbe-g instance types work on devices with the Snowball Edge Compute Optimized with GPU option.
A company is planning to deploy an application with a relational database on AWS. The application layer requires access to the database instance's operating system in order to run scripts. The company prefer to keep management overhead to a minimum. Which deployment should be used for the database?
Amazon EC2 - with RDS, you cannot access the instance's operating system
Which storage type can be mounted using the NFS protocol to many EC2 instances simultaneously?
Amazon EFS EFS is a fully-managed service that makes it easy to set up and scale file storage in the Amazon Cloud. EFS uses the NFSv4.1 protocol. Can concurrently connect 1 to 1000s of EC2 instances, from multiple AZs.
Which AWS-managed service can be used to process vast amounts of data using a hosted Hadoop framework?
Amazon EMR - Amazon Elastic Map Reduce (EMR) is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. EMR utilizes a hosted Hadoop framework running on Amazon EC2 and Amazon S3.
Amazon EMR
Amazon EMR is a managed Hadoop framework running on EC2 and S3. It is used for analyzing data, not for ETL.
Which service can be added to a database to provide improved performance for some requests?
Amazon ElastiCache Amazon ElastiCache provides in-memory caching which improves performance for read requests when the data is cached in ElastiCache. ElastiCache can be placed in front of your database.
Which of the following AWS features or services can be used to provide root storage volumes for Amazon EC2 instances?
Amazon Elastic Block Storage - Root volumes are where the operating system is installed and can be either EBS volumes or instance store volumes. - The Amazon Elastic Block Store (EBS) provides block-based storage volumes for Amazon EC2 instances.
Which AWS service can be used to run Docker containers?
Amazon Elastic Container Service (ECS) - is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances.
Which service is used introduce fault tolerance into an application architecture?
Amazon Elastic Load Balancing Amazon Elastic Load Balancing is used to spread load and introduce fault tolerance by distributing connections across multiple identically configured back-end EC2 instances.
Which service provides a way to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs?
Amazon Elastic Transcoder Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or "transcode") video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs.
Which AWS service is designed to be used for operational analytics?
Amazon Elasticsearch service Amazon Elasticsearch Service is involved with operational analytics such as application monitoring, log analytics and clickstream analytics. Amazon Elasticsearch Service allows you to search, explore, filter, aggregate, and visualize your data in near real-time.
A security operations engineer needs to implement threat detection and monitoring for malicious or unauthorized behavior. Which service should be used?
Amazon GuardDuty Amazon GuardDuty offers threat detection and continuous security monitoring for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.
Amazon GuardDuty
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3.
Amazon instance store
Amazon Instance Store is a type of ephemeral block-based volume that can be attached to a single EC2 instance at a time.
Amazon Kinesis
Amazon Kinesis is used for collecting, processing and analyzing real-time streaming data.
Which AWS feature can be used to launch a pre-configured Amazon Elastic Compute Cloud (EC2) instance?
Amazon Machine Image
Which AWS service provides the ability to detect inadvertent data leaks of personally identifiable information (PII) and user credential data?
Amazon Macie
Which AWS service can a company use to discover and protect sensitive data that is stored in Amazon S3 buckets
Amazon Macie - fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS - automated the discovery of sensitive data at scale and lowers the cost of protecting data - Automatically provides an inventory of S3 buckets including a list of unencrypted buckets, publicly accessible buckets, and buckets shared with AWS accounts outside of AWS Organizations - Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as personally identifiable information (PII)
Which service can be used to create sophisticated, interactive graph applications?
Amazon Neptune Amazon Neptune is a fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. With Amazon Neptune, you can create sophisticated, interactive graph applications that can query billions of relationships in milliseconds.
A company requires a dashboard for reporting when using a business intelligence solution. Which AWS service can a Cloud Practitioner use? Which AWS service can be used?
Amazon QuickSight - Amazon QuickSight is a scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloud. - QuickSight lets you easily create and publish interactive BI dashboards that include Machine Learning-powered insights. - QuickSight dashboards can be accessed from any device, and seamlessly embedded into your applications, portals, and websites.
What service does automated backups as default
Amazon RDS
Which of the following deployments involves the reliability pillar of the AWS Well-Architected Framework?
Amazon RDS Multi-AZ deployment An Amazon Relational Database Service (RDS) deployment across multiple availability zones is a good example of using the reliability pillar of the AWS Well-Architected Framework. The specific design principle being followed here is "Automatically recover from failure".
Which type of AWS database is ideally suited to analytics using SQL queries?
Amazon RedShift
Which AWS database service provides a fully managed data warehouse that can be analyzed using SQL tools and business intelligence tools?
Amazon RedShift Amazon RedShift is a fully managed data warehouse service designed to handle petabytes of data for analysis. Data can be analyzed with standard SQL tools and business intelligence tools. RedShift allows you to run complex analytic queries against petabytes of structured data.
To reduce cost, which of the following services support reservations? (Select TWO.)
Amazon RedShift Amazon ElastiCache Amazon ElastiCache and Amazon Redshift both support reserved nodes. Reservations can be used to gain a large discount from the on-demand rate in exchange for the commitment to a contract for 1 or 3 years.
Amazon Redshift
Amazon RedShift is a data warehouse. With a data warehouse you load data from other databases such as transactional SQL databases and run analysis. You can analyze data using SQL and Business Intelligence tools.
Which AWS service can be used to host a static website?
Amazon S3
Which type of storage stores objects comprised of key, value pairs?
Amazon S3 Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 is an object-based storage system that stores objects that are comprised of key, value pairs.
A cloud practitioner needs to decrease application latency and increase performance for globally distributed users. Which services can assist? (Select TWO.)
Amazon S3 Amazon CloudFront Amazon S3 is an object-based storage system. It can be used to store data such as files and images that need to be served. Optionally, an S3 bucket can be configured as a static website. Amazon CloudFront is a content delivery network (CDN) that caches content at Edge Locations around the world. These two services can work together with an S3 bucket configured as an origin for the CloudFront distribution. Users around the world will then be able to pull the content from the local Edge Location with lower latency and better performance.
An application stores images which will be retrieved infrequently, but must be available for retrieval immediately. Which is the most cost-effective storage option that meets these requirements?
Amazon S3 Standard-Infrequent Access
Which service would be used to send alerts based on Amazon CloudWatch alarms?
Amazon SNS
A company needs to publish messages to a thousands of subscribers simultaneously using a push mechanism. Which AWS service should the company use?
Amazon SNS - Amazon SNS is a publisher/subscriber notification service that uses a push mechanism to publish messages to multiple subscribers. Amazon SNS enables you to send messages or notifications directly to users with SMS text messages to over 200 countries, mobile push on Apple, Android, and other platforms or email (SMTP).
Which services can be used for asynchronous integration between application components? (Select TWO.)
Amazon SQS Amazon Step Functions SQS provides a durable message bus and Step Functions is an orchestrated workflow service.
Which AWS service enables developers and data scientists to build, train, and deploy machine learning models?
Amazon SageMaker Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. Amazon SageMaker removes all the barriers that typically slow down developers who want to use machine learning.
Which AWS networking service enables a company to create a virtual network within AWS?
Amazon VPC
What technology enables compute capacity to adjust as loads change?
Auto Scaling
Which technology can automatically adjust compute capacity as demand for an application increases or decreases?
Auto Scaling
Which of the following is a sole responsibility of AWS?
Availability zone management - AWS is responsible to the management of all AWS global infrastructure components including Regions, Availability Zones, Edge locations, Regional Edge Caches, and Local Zones.
Which AWS service would simplify the migration of a database to AWS? A)AWS Storage Gateway B)AWS Database Migration Service (AWS DMS) C)Amazon EC2 D)Amazon AppStream 2
B - AWS Database Migration Service
Which type of EBS volumes can be encrypted?
Both non-root and root volumes
Which AWS support plans provide support via email, chat and phone? (Select TWO.)
Business Enterprise
A new user is unable to access any AWS services, what is the most likely explanation?
By default new users are created without access to any AWS services
Why is AWS more economical than traditional data centers for applications with varying compute workloads? A) Amazon EC2 costs are billed on a monthly basis. B)Users retain full administrative access to their Amazon EC2 instances. C)Amazon EC2 instances can be launched on demand when needed. D)Users can permanently run enough instances to handle peak workloads
C - on demand when needed
Which service can an organization use to track API activity within their account?
CloudTrail CloudTrail is about logging and saves a history of API calls for your AWS account. Provides visibility into user activity by recording actions taken on your account. API history enables security analysis, resource change tracking, and compliance auditing
How can an organization track resource inventory and configuration history for the purpose of security and regulatory compliance?
Configure AWS Config with the resource types
What is one method of protecting against distributed denial of service (DDoS) attacks in the AWS Cloud?
Configure a firewall in front of resources Some forms of DDoS mitigation are included automatically with AWS services. You can further improve your DDoS resilience by using an AWS architecture with specific services and by implementing additional best practices. Using a firewall with AWS resources is recommended to reduce the attack surface of your services which can mitigate some DDoS attacks.
The AWS acceptable use policy for penetration testing allows?
Customers to carry out security assessments or penetration tests against their AWS Infrastructure without prior approval for selected services
A customer needs to determine Total Cost of Ownership (TCO) for a workload that requires physical isolation. Which hosting model should be accounted for?
Dedicated hosts - a physical server with EC2 instance capacity fully dedicated to your use - allows you to use your existing pre-socket, per-core, or per-VM software licenses - can be considered hosting model as it determines that actual underlying infrastructure that is used for running workload
Which cloud architecture design principle is supported by deploying workloads across multiple Availability Zones?
Design for failure - example of high availability and fault tolerance - Amazon EC2 instances can be deployed in an Amazon VPC across multiple Availability Zones. You would then typically use an Elastic Load Balancer (ELB) to distribute load between the available instances. This architecture enables high availability as if a single instance fails or if something fails that causes an outage in an entire Availability Zone, the application still has available instances to continue to service demand.
AWS are able to continually reduce their pricing due to:
Economics of scale - achieve a lower variable cost than you can on your own
what AWS components aid in the construction of fault-tolerant applications?
Elastic IP addresses AMIs
What are the primary benefits of using AWS Elastic Load Balancing? (Select TWO.)
Elasticity High Availability High availability - ELB automatically distributes traffic across multiple EC2 instances in different AZs within a region. Elasticity - ELB is capable of handling rapid changes in network traffic patterns.
A company has many underutilized compute resources on-premises. Which AWS Cloud feature will help resolve this issue?
Elasticity - can easily and automatically adjust the resource allocations for your compute resources based on actual utilization - this ensures you have the right amount of resources and only pay for what you need
How would a system administrator add an additional layer of login security to a user's AWS Management Console?
Enable Multi-Factor authentication
Which AWS Glacier data access option retrieves data from an archive in 1-5 minutes?
Expedited
What are the names of two types of AWS Storage Gateway? (Select TWO.)
File Gateway - File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3 - The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes Gatewat Virtual Tape Library - used for backup with popular backup software
Which of the following compliance programs allows the AWS environment to process, maintain, and store protected health information?
HIPAA - AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure AWS environment to process, maintain, and store protected health information.
Which IAM entity can be used for assigning permissions to multiple users?
IAM Group
Which IAM entity can be used for assigning permissions to AWS services?
IAM Role create a role and then assign policies With IAM Roles you can delegate permissions to resources for users and services without using permanent credentials (e.g. username and password). To do so you can create a role and assign an IAM policy to the role that has the permissions required.
A company is migrating a monolithic application that does not scale well into the cloud and refactoring it into a microservices architecture. Which best practice of the AWS Well-Architected Framework does this plan relate to?
Implement loosely coupled services A microservices architecture will help ensure that each component of the application can scale independently and be updated independently. Loose coupling further assists as it places reduces the dependencies between systems and ensures that messages and data being passed between application components can be reliably and durably stored.
Which of the following statements are correct about the benefits of AWS Direct Connect? (Select TWO.)
Increased bandwhich increased reliability AWS Direct Connect is a network service that provides an alternative to using the Internet to connect customers' on premise sites to AWS. Data is transmitted through a private network connection between AWS and a customer's data center or corporate network. Benefits of AWS Direct Connect: - Reduce cost when using large volumes of traffic. - Increase reliability (predictable performance). - Increase bandwidth (predictable bandwidth). - Decrease latency.
Which AWS service or component allows inbound traffic from the internet to access a VPC?
Internet gateway An Internet gateway is attached to a VPC and allows inbound traffic from the internet to access the VPC. It is also used as a target in route tables for outbound internet traffic. NAT is for outbound internet access
Which AWS service is known as a "serverless" service and runs code as functions triggered by events?
Lambda
How should an organization deploy an application running on multiple EC2 instances to ensure that a power failure does not cause an application outage?
Launch the EC2 instances into different Availability Zones
Which of the following is an AWS responsibility under the AWS shared responsibility model?
Maintaining physical hardware
According to the shared responsibility model, which security-related task is the responsibility of the customer?
Maintaining server-side encryption
What are AWS Identity and Access Management (IAM) access keys used for?
Making programmatic calls to AWS from AWS APIs Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).
Where can resources be launched when configuring Amazon EC2 Auto Scaling?
Multiple AZs within a region
Which Amazon RDS deployment type is best used to enable fault tolerance in the event of the failure of an availability zone?
Multiple Availability zones
Which AWS security service provides a firewall at the subnet level within a VPC?
Netowrk access control list A Network ACL is a firewall that is associated with a subnet within your VPC. It is used to filter the network traffic that enters and exits the subnet.
Which type of security control can be used to deny network access from a specific IP address?
Network ACL A Network ACL supports allow and deny rules. You can create a deny rule specifying a specific IP address that you would like to block.
Which type of Elastic Load Balancer operates at the TCP connection level?
Network Load Balancer (NLB) A Network Load Balancer functions at the fourth layer of the Open Systems Interconnection (OSI) model. NLBs direct connections based on information at the TCP connection level.
What is a benefit of moving an on-premises database to Amazon Relational Database Service (RDS)?
No need to manage operating systems With Amazon RDS, which is a managed service, you do not need to manage operating systems. This reduces operational costs.
What type of cloud computing service type do AWS Elastic Beanstalk and Amazon RDS correspond to?
PaaS
An individual IAM user must be granted access to an Amazon S3 bucket using a bucket policy. Which element in the S3 bucket policy should be updated to define the user account for which access will be granted?
Principle The Principal element specifies the user, account, service, or other entity that is allowed or denied access to a resource. The bucket policy below has a Principal element set to * which is a wildcard meaning any user. To grant access to a specific IAM user the following format can be used:
What advantages does a database administrator obtain by using the Amazon Relational Database Service (RDS)?
RDS simplifies relationship database administrative tasks Amazon RDS is a managed relational database service on which you can run several types of database software. The service is managed so this reduces the database administration tasks an administrator would normally undertake. The managed service includes hardware provisioning, database setup, patching and backups.
Which feature enables fast, easy, and secure transfers of files over long distances between a client and an Amazon S3 bucket?
S3 Transfer Acceleration Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket. S3 Transfer Acceleration leverages Amazon CloudFront's globally distributed AWS Edge Locations.
Which of the following statements is correct about Amazon S3 cross-region replication?
S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts
What is the function of Amazon EC2 Auto Scaling?
Scales the number of EC2 instances in or our automatically, based on demand
AWS Policy Generator
The AWS Policy Generator is a tool that enables you to create policies that control access to Amazon Web Services (AWS) products and resources.
AWS Storage Gateway
The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud. It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. AWS Storage Gateway supports three storage interfaces: file, volume, and tape
A Cloud Practitioner requires point-in-time recovery (PITR) for an Amazon DynamoDB table. Who is responsible for configuring and performing backups?
The customer is responsible for configuring and AWS is responsible for performing backups - dynamoDB maintains incremental backups of your table for the last 35 days until you explicitly turn it off
What should a Cloud Practitioner ensure when designing a highly available architecture on AWS?
The failure of a single component should not affect the application - a highly available system the failure of a single component should not affect the application. This means that if a single component such as an application server fails, there should be other applications servers available that can seamlessly take over operations and ensure the application continues to operate.
According to the AWS shared responsibility model, which of the following is a responsibility of AWS?
updating the firmware on the physical Amazon EC2 host - customers are then responsible for any patching of the EC2 operating system and any installed software
According to the shared responsibility mode, which security and compliance task is AWS responsible for?
Updating Amazon EC2 host firmware - security "of" the cloud
What are Edge locations used for?
Used by CloudFront for caching content
Which AWS service or feature can be used to capture information about inbound and outbound IP traffic on network interfaces in a VPC?
VPC Flow Logs Flow logs can help you with a number of tasks, such as: • Diagnosing overly restrictive security group rules • Monitoring the traffic that is reaching your instance • Determining the direction of the traffic to and from the network interfaces Flow log data is collected outside of the path of your network traffic, and therefore does not affect network throughput or latency. You can create or delete flow logs without any risk of impact to network performance.
Which AWS service should a Cloud Practitioner use to establish a secure network connection between an on-premises network and AWS?
Virtual Private Network (VPN)
SWhich service can be used to cost-effectively move exabytes of data into AWS?
With AWS Snowmobile you can move 100PB per snowmobile. AWS call this an "Exabyte-scale data transfer service".
Which AWS support plans provide 24x7 access to customer service?
all plans All support plans provide 24×7 access to customer service, documentation, whitepapers, and support forums.
What best describes Amazon Route 53?
a highly scalable and available Domain Name System (DNS) service It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well.
Which of the following can be assigned to an IAM user? (Select TWO.)
a password for access to management console access key ID and secret access key
HTTP code 300
a redirection
You need to connect your company's on-premise network into AWS and would like to establish an AWS managed VPN service. Which of the following configuration items needs to be setup on the Amazon VPC side of the connection?
a virtual private gateway A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection.
What advantages does the AWS cloud provide in relation to cost? (Select TWO.)
ability to turn off resources and not pay for them fine-grained billing
Which feature of AWS IAM enables you to identify unnecessary permissions that have been assigned to users?
access advisor The IAM console provides information about when IAM users and roles last attempted to access AWS services. This information is called service last accessed data. This data can help you identify unnecessary permissions so that you can refine your IAM policies to better adhere to the principle of "least privilege." That means granting the minimum permissions required to perform a specific task. You can find the data on the Access Advisor tab in the IAM console by examining the detail view for any IAM user, group, role, or managed policy.
Which type of credential should a Cloud Practitioner use for programmatic access to AWS resources from the AWS CLI/API?
access keys - Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). - Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).
Which of the authentication options below can be used to authenticate using AWS APIs? (Select TWO.)
access keys server certificates
When using Amazon IAM, what authentication methods are available to use? (Select TWO.)
access keys server certificates Supported authentication methods include console passwords, access keys and server certificates. Access keys are a combination of an access key ID and a secret access key and can be used to make programmatic calls to AWS. Server certificates are SSL/TLS certificates that you can use to authenticate with some AWS services.
S3 Bucket Policy
action - permissions that you can specify in a policy resource - ARNs of resources you wish to specify permissions for condition - define certain conditions to apply when granting permissions such as the source IP address of the caller principle - specifies the user, account, or service that is allowed or denied access to a resource
Which of the following are examples of horizontal scaling? (Select TWO.)
add more instances as demand increases automatic scaling using services such as AWS Auto Scaling
An eCommerce company plans to use the AWS Cloud to quickly deliver new functionality in an iterative manner, minimizing the time to market. Which feature of the AWS Cloud provides this functionality?
agility - In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. - This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.
Which AWS technology can be referred to as a "virtual hard disk in the cloud"?
amazon EBS volume
Which AWS service is used to send both text and email messages from distributed applications?
amazon SNS
Which of the options below are recommendations in the cost optimization pillar of the well-architected framework? (Select TWO.)
analyze and attribute expenditure adopt a consumption model There are five design principles for cost optimization in the cloud: - Adopt a consumption model. - Measure overall efficiency. - Stop spending money on data center operations. - Analyze and attribute expenditure. - Use managed services to reduce cost of ownership.
What types of monitoring can Amazon CloudWatch be used for? (Select TWO.)
application performance operational health
Zonal Reserved Instance
apply to instance usage within a specific AZ within an AWS region
regional reserved instances
apply to instance usage within any AZ in a specified region
An Amazon Virtual Private Cloud (VPC) can include multiple:
availability zones
An Elastic IP Address can be remapped between EC2 instances across which boundaries?
availability zones Elastic IP addresses are for use in a specific region only and can therefore only be remapped between instances within that region. You can use Elastic IP addresses to mask the failure of an instance in one Availability Zone by rapidly remapping the address to an instance in another Availability Zone.
According to the AWS Shared Responsibility Model, which of the following is a shared control?
awareness and training
How does Amazon EC2 Auto Scaling help with resiliency?
by launching and terminating instances when needed
standard reserved instances
cannot change instance type but can change the instance size
HTTP code 400
client error
You would like to collect custom metrics from a production application every 1 minute. What type of monitoring should you use?
cloudwatch with detailed monitoring
Which AWS service or feature allows a company to receive a single monthly AWS bill when using multiple AWS accounts?
consolidated billing
What are two benefits of using AWS Lambda? (Select TWO.)
continuous scaling (scale out) - Lambda functions scale out rather than up running multiple invocations of the function in parallel. no servers to manage
A company plans to use reserved instances to get discounted pricing for Amazon EC2 instances. The company may need to change the EC2 instance type during the one year period. Which instance purchasing option is the MOST cost-effective for this use case?
convertible reserved instances - A convertible reserved instance enables you to exchange one or more Convertible Reserved Instances for another Convertible Reserved Instance with a different configuration, including instance family, operating system, and tenancy.
How can a company facilitate the sharing of data over private connections between two accounts they own within a region?
create a VPC peering connection A VPC peering connection helps you to facilitate the transfer of data. For example, if you have more than one AWS account, you can peer the VPCs across those accounts to create a file sharing network. You can also use a VPC peering connection to allow other VPCs to access resources you have in one of your VPCs.
A company has been using an AWS managed IAM policy for granting permissions to users but needs to add some permissions. How can this be achieved?
create a custom IAM policy
A company is launching a new website which is expected to have highly variable levels of traffic. The website will run on Amazon EC2 and must be highly available. What is the MOST cost-effective approach?
create an EC2 Auto Scaling group and configure an Elastic Load Balancer - This will ensure that the appropriate number of instances is always available to service the demand. An Elastic Load Balancer can be placed in front of the instances to distribute incoming connections.
AWS Artifact
provides on-demand access to AWS security and compliance reports
A company uses Amazon EC2 instances to run applications that are dedicated to different departments. The company needs to break out the costs of these applications and allocate them to the relevant department. The EC2 instances run in a single VPC. How can the company achieve these requirements?
create tags by department on the instances and then run a cost allocation report - The company should create cost allocation tags that specify the department and assign them to resources. These tags must be activated so they are visible in the cost allocation report. Once this is done and a monthly cost allocation report has been configured it will be easy to monitor the costs for each department.
shared responsibility model example
customers are response for netwokring traffic protection aws are responsibile for networking infrastracture
What charges are applicable to Amazon S3 Standard storage class? (Select TWO.)
data egress per GB/month storage fee With the standard storage class you pay a per GB/month storage fee, and data transfer out of S3. Standard-IA and One Zone-IA have a minimum capacity charge per object. Standard-IA, One Zone-IA, and Glacier also have a retrieval fee. You don't pay for data into S3 under any storage class.
Which statement is true in relation to data stored within an AWS Region?
data is not replicated outside of a region unless you configure it
What are the charges for using Amazon Glacier? (Select TWO.)
data storage retrieval requests With Amazon Glacier you pay for storage on a per GB / month basis, retrieval requests and quantity (based on expedited, standard, or bulk), and data transfer out of Glacier.
What are the fundamental charges for an Amazon EC2 instance? (Select TWO.)
data storage and server uptime
Which Amazon EC2 pricing model should be used to comply with per-core software license requirements?
dedicated hosts Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2, so that you get the flexibility and cost effectiveness of using your own licenses, but with the resiliency, simplicity and elasticity of AWS. An Amazon EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate compliance requirements.
A company is deploying a new workload and software licensing requirements dictate that the workload must be run on a specific, physical server. Which Amazon EC2 instance deployment option should be used?
dedicated hosts An Amazon EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate compliance requirements. Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2, so that you get the flexibility and cost effectiveness of using your own licenses, but with the resiliency, simplicity and elasticity of AWS
Which AWS support plan provides email only support by Cloud Support Associates?
developer
Which support plan is the lowest cost option that allows unlimited cases to be open?
developer
Assuming you have configured them correctly, which AWS services can scale automatically without intervention? (Select TWO.)
dynamoDB S3
Which of the following descriptions is incorrect in relation to the design of Availability Zones?
each subnet in a VPC is mapped to all AZs in the region each subnet is created in a single AZ and do not get mapped to multiple AZs correct: - each AZ is designed as a indepedent failure zone - direct, low-latency, high throughput and redundant network connections between each other - physically separated within a metropolian region and in lower risk flood plains
What are the benefits of using IAM roles for applications that run on EC2 instances? (Select TWO.)
easier to manage than IAM roles more secure than storing access keys within applications
AWS are able to continue to reduce their pricing due to:
economics of sclae
Which component of the AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery?
edge locations
What is the name of the AWS managed Docker registry service used by the Amazon Elastic Container Service (ECS)?
elastic container registry Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS). Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure.
Which of the below is an example of an architectural benefit of moving to the cloud?
elasticitiy
A company has deployed several relational databases on Amazon RDS. Every month, the database software vendor releases new security patches that need to be applied to the database. What is the MOST efficient way to apply the security patches?
enable automatic patching for the instances during RDS console
When designing a VPC, what is the purpose of an Internet Gateway?
enables internet communications for instances in public subnets An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.
Which of the below are components that can be configured in the VPC section of the AWS management console? (Select TWO.)
endpoints subnet
What can a Cloud Practitioner use the AWS Total Cost of Ownership (TCO) Calculator for?
estimate savings when comparing the AWS Cloud to an on-premises environment - The TCO calculators allow you to estimate the cost savings when using AWS, compared to on-premises, and provide a detailed set of reports that can be used in executive presentations. The calculators also give you the option to modify assumptions that best meet your business needs.
When performing a total cost of ownership (TCO) analysis between on-premises and the AWS Cloud, which factors are only relevant to on-premises deployments? (Select TWO.)
facility operations costs hardware procurement teams
Which AWS service can be used to run Docker containers?
fargate AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). Fargate makes it easy for you to focus on building your applications. Fargate removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design.
For what purpose would a Cloud Practitioner access AWS Artifact?
gain access to AWS security and compliance documents - AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements. - Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls.
Which type of AWS Storage Gateway can be used to backup data with popular backup software?
gateway virtual tape library The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud. The Gateway Virtual Tape Library can be used with popular backup software such as NetBackup, Backup Exec and Veeam. Uses a virtual media changer and tape drives.
Which of the following security related activities are AWS customers responsible for? (Select TWO.)
implementing IAM password policies installnig patches on Windows operating systems
What is an example of scaling vertically?
increasing instance size with amazon RDS
What is the difference between an EBS volume and an Instance store?
instance store volumes are ephemeral wherease EBS volumes are persistent storage
What does an organization need to do to move to another AWS region?
just start deploying resources in the additional region
A user is planning to launch three EC2 instances behind a single Elastic Load Balancer. The deployment should be highly available.
launch the instances across multiple Availability Zone in a single AWS Region - elastic load balancers can only server targets in a single region
According to the AWS Well-Architected Framework, what change management steps should be taken to achieve reliability in the AWS Cloud? (Select TWO.)
use AWS CloudTrail to record AWS API calls into an auditable log file use AWS config to generate an inventory of AWS resources
Which feature of Amazon S3 enables you to create rules to control the transfer of objects between different storage classes?
lifecycle management To manage your objects so that they are stored cost effectively throughout their lifecycle, configure their Amazon S3 Lifecycle. An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. There are two types of actions: • Transition actions—Define when objects transition to another storage class. For example, you might choose to transition objects to the S3 Standard-IA storage class 30 days after you created them, or archive objects to the S3 Glacier storage class one year after creating them. • Expiration actions—Define when objects expire. Amazon S3 deletes expired objects on your behalf. The lifecycle expiration costs depend on when you choose to expire objects.
Which of the following are NOT features of AWS IAM? (Select TWO.)
logon using local user accounts charged for what you use You cannot use IAM to create local user accounts on any system. You are also not charged for what you use, IAM is free to use
What offerings are included in the Amazon LightSail product set? (Select TWO.)
managed MySQL database virtual private server Amazon LightSail provides an easy, low cost way to consume cloud services without needing the skill set for using VPC resources. The product set includes virtual private servers (instances), managed MySQL databases, HA storage, and load balancing
An application uses a PostgreSQL database running on a single Amazon EC2 instance. A Cloud Practitioner has been asked to increase the availability of the database so there is automatic recovery in the case of a failure. Which tasks can the Cloud Practitioner take to meet this requirement?
mitigate the database to Amazon RDS and enable the Multi-AZ feature - This feature creates a standby instance in another Availability Zone and synchronously replicates to it. In the event of a failure that affects the primary database an automatic failover can occur and the database will become functional on the standby instance.
What does an organization need to do in Amazon IAM to enable user access to services being launched in new region?
nothing, IAM is global
What information must be entered into the AWS TCO Calculator?
number of servers in your company The TCO calculator asks for the number of servers (Physical or VMs) you are running on-premises. You also need to supply the resource information (CPU, RAM) and specify whether the server is a DB or non-DB. Use this new calculator to compare the cost of your applications in an on-premises or traditional hosting environment to AWS. Describe your on-premises or hosting environment configuration to produce a detailed cost comparison with AWS.
What feature of Amazon S3 enables you to set rules to automatically transfer objects between different storage classes at defined time intervals?
object lifecycle management Object lifecycle management can be used with objects so that they are stored cost effectively throughout their lifecycle. Objects can be transitioned to another storage class or expired. All other options are incorrect as they are not services that can automatically transfer objects between S3 storage classes.
Which of the below are good use cases for a specific Amazon EC2 pricing model? (Select TWO.)
on-demand for ad-hoc requirements that cannot be interrupted reserved instances for steady satte predictable usage
Which of the following best describes an Availability Zone in the AWS Cloud?
one or more physical data centers - An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. AZ's give customers the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center.
A user has an AWS account with a Business-level AWS Support plan and needs assistance with handling a production service disruption. Which action should the user take?
open a production system down support case The Business support plan provides a service level agreement (SLA) of < 1 hour for production system down support cases.
When using Amazon RDS databases, which items are you charged for? (Select TWO.)
outbound data transfer Multi AZ
A large company is interested in avoiding long-term contracts and moving from fixed costs to variable costs. What is the value proposition of AWS for this company?
pay as you go pricing
Which benefit of AWS enables companies to replace upfront fixed expenses with variable expenses when using on-demand technology services?
pay-as-you-go pricing
An Amazon EC2 instance running the Amazon Linux 2 AMI is billed in what increment?
per second with minimum of 60 seconds
Which type of Amazon RDS automated backup allows you to restore the database with a granularity of as little as 5 minutes?
point-in-time recovery You can restore an Amazon RDS database instance to a specific point in time with a granularity of 5 minutes. Amazon RDS uses transaction logs which it uploads to Amazon S3 to do this.
A company wants to utilize a pay as you go cloud model for all of their applications without CAPEX costs and which is highly elastic. Which cloud delivery model will suit them best?
public The public cloud is offered under a purely pay as you go model (unless you choose to reserve), and allows companies to completely avoid CAPEX costs. The public cloud is also highly elastic so companies can grow and shrink the applications as demand changes. Private and on-premise clouds are essentially the same, though both could be managed by a third party and even could be delivered under an OPEX model by some vendors. However, they are typically more CAPEX heavy and the elasticity is limited. A hybrid model combines public and private and this company wants to go all in on a single model.
What is the benefit of using fully managed services compared to deploying 3rd party software on EC2?
reduced operational overhead
A company is planning to move a number of legacy applications to the AWS Cloud. The solution must be cost-effective. Which approach should the company take?
rehost the applications on Amazon EC2 instances that are right-sized - The most cost-effective solution that works is to use Amazon EC2 instances that are right-sized with the most optimum instance types. - Right-sizing is the process of ensuring that the instance type selected for each application provides the right amount of resources for the application.
Which of the below is an example of optimizing for cost?
replace an EC2 compute instance with AWS Lambda
What is the best practice for managing AWS IAM access keys?
rotate access keys regularly
A company runs a batch job on an Amazon EC2 instance and it takes 6 hours to complete. The workload is expected to double in volume each month with a proportional increase in processing time. What is the most efficient cloud architecture to address the growing workload?
run the batch workload in parallel across multiple Amazon EC2 instances - example of horizontally scaling and will allow workload to keep growing in size without any issue and without increasing the overall processing timeframe
HTTP code 500
server error
Under the AWS shared responsibility model, which of the following are customer responsibilities? (Select TWO.)
setting up a server-side encryption on an S3 bucket network and firewall configurations
Which Amazon EC2 pricing model should be avoided if a workload cannot accept interruption if capacity becomes temporarily unavailable?
spot instances - Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. - The downside is that if capacity becomes temporarily unavailable, your instances may be terminated.
Which Amazon EC2 pricing model is the most cost-effective for an always-up, right-sized database server running a project that will last 1 year?
standard reserved instances Reserved Instances (RIs) provide you with a significant discount (up to 72%) compared to On-Demand instance pricing. Standard reserved instances offer the most cost savings. RIs are based on a 1 or 3 year contract so they are suitable for workloads that will run for the duration of the contract period.
Which of the options below are recommendations in the reliability pillar of the well-architected framework? (Select TWO.)
stop guessing about capacity test recovery procedures The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues There are five design principles for reliability in the cloud: - Test recovery procedures. - Automatically recover from failure. - Scale horizontally to increase aggregate system availability. - Stop guessing capacity. - Manage change in automation.
What are the fundamental charges for Elastic Block Store (EBS) volumes? (Select TWO.)
the amount of data storage provisioned provisioned IOPS With EBS volumes you are charged for the amount of data provisioned (not consumed) per month. This means you can have empty space within a volume and you still pay for it. With provisioned IOPS volumes you are also charged for the amount you provision in IOPS
When using AWS Organizations with consolidated billing what are two valid best practices? (Select TWO.)
the paying account should be used for billing purposes only always enable MFA on root account
In addition to DNS services, what other services does Amazon Route 53 provide? (Select TWO.)
traffic flow domain registration Amazon Route 53 features include domain registration, DNS, traffic flow, health checking, and failover. .Route 53 does not support DHCP, IP routing or caching.
How can a company protect their Amazon S3 data from a regional disaster?
use cross-region replication to copy to another region Cross-Region replication (CRR) is used to copy objects across Amazon S3 buckets in different AWS Regions. The only option here that will help is to use CRR to copy the data to another region. This will provide disaster recovery.
AWS Snowcone
used as an edge device for transferring data
AWS Transfer Gateway
used for optimizing the network topology of interconnected VPcs and on-premise networks
How can a systems administrator specify a script to be run on an EC2 instance during launch?
user data When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives. User data is data that is supplied by the user at instance launch in the form of a script. User data is limited to 16KB. User data and meta data are not encrypted.
How can you configure Amazon Route 53 to monitor the health and performance of your application?
using route 53 health checks Amazon Route 53 health checks monitor the health and performance of your web applications, web servers, and other resources.
How much data can a company store in the Amazon S3 service?
virtually unlimited - The total volume of data and number of objects you can store are unlimited. Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes. The largest object that can be uploaded in a single PUT is 5 gigabytes.
What methods are available for scaling an Amazon RDS database? (Select TWO.)
you can scale up by increasing storage capacity you can scale up by moving to a larger instance size