CP Exam

Ace your homework & exams now with Quizwiz!

Which of the following can be used to automate the management of multiple AWS services through scripts?

AWS CLI The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

Which statement is true in relation to security?

AWS Cannot access users' data AWS has no idea about the user data and cannot read any data even if they wanted to. All data are protected by the customer access keys and secret access keys and the user's encryption methods.

Which of the following services can be used to secure network communications and establish the identity of websites over the Internet?

AWS Certificate Manager (AWS ACM) is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks. Option A is not correct. Amazon Cloud Directory is used to build cloud-native directories for organizing hierarchies of data along multiple dimensions.

AWS allows you to create a "Golden Environment", where you can capture your security policies (such as firewall rules, network access controls, internal/external subnets, and operating system hardening), reuse it among multiple projects, and have it become part of your continuous integration pipeline. Which of the following AWS services is most involved in creating such an environment?

AWS CloudFormation Traditional security frameworks, regulations, and organizational policies define security requirements related to things such as firewall rules, network access controls, internal/external subnets, and operating system hardening. You can implement these in an AWS environment as well, but you now have the opportunity to capture them all in a script that defines a "Golden Environment." This means you can create an AWS CloudFormation script that captures your security policy and reliably deploys it. Security best practices can now be reused among multiple projects and become part of your continuous integration pipeline. You can perform security testing as part of your release cycle, and automatically discover application gaps and drift from your security policy. Additionally, for greater control and security, AWS CloudFormation templates can be imported as "products" into AWS Service Catalog. This enables centralized management of resources to support consistent governance, security, and compliance requirements, while enabling users to quickly deploy only the approved IT services they need.

You want to monitor the CPU utilization of an EC2 resource in AWS. Which of the below services can help in this regard?

AWS Cloudwatch Amazon CloudWatch is a service that monitors AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate.

Which service can you use to route traffic to the endpoint that provides the best application performance for your users worldwide?

AWS Global Accelerator is a networking service that improves the availability and performance of the applications that you offer to your global users. Today, if you deliver applications to your global users over the public internet, your users might face inconsistent availability and performance as they traverse through multiple public networks to reach your application. These public networks can be congested and each hop can introduce availability and performance risk. AWS Global Accelerator uses the highly available and congestion-free AWS global network to direct internet traffic from your users to your applications on AWS, making your users' experience more consistent. To improve the availability of your application, you must monitor the health of your application endpoints and route traffic only to healthy endpoints. AWS Global Accelerator improves application availability by continuously monitoring the health of your application endpoints and routing traffic to the closest healthy endpoints. Option B is not correct. Amazon S3 Transfer Acceleration is used to enable fast transfers of files over long distances between your client and an S3 bucket. You might want to use Transfer Acceleration on a bucket for various reasons, including the following: 1- You have customers that upload to a centralized bucket from all over the world. 2- You transfer gigabytes to terabytes of data on a regular basis across continents. 3- You are unable to utilize all of your available bandwidth over the Internet when uploading to Amazon S3. Option C is not correct. Amazon DynamoDB Accelerator (DAX) is an in-memory cache for DynamoDB that delivers up to a 10x performance improvement - from milliseconds to microseconds - even at millions of requests per second.

Which of the following is NOT a benefit of using Amazon VPC?

AWS IAM is the service that allows you to control user interactions with various AWS resources. Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. Also, Subnets, IP ranges, route tables, and security groups are automatically created for you (default configurations), so you can concentrate on creating the applications to run in your VPC.

Which services does AWS offer for free? (Choose two)

AWS Identity and Access Management is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your Users. There is no additional charge for AWS Elastic Beanstalk. You pay for AWS resources (e.g. EC2 instances or S3 buckets) you create to store and run your application. You only pay for what you use, as you use it; there are no minimum fees and no upfront commitments.

A company has moved to AWS recently. They have a lot of concerns about their security. Which of the following would help them ensure that the right security settings are put in place? (Choose two)

AWS Inspector & AWS Trusted Advisor **Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of a detailed assessment report which is available via the Amazon Inspector console or API. To help get started quickly, Amazon Inspector includes a knowledge base of hundreds of rules mapped to common security best practices and vulnerability definitions. Examples of built-in rules include checking for remote root login being enabled, or vulnerable software versions installed. These rules are regularly updated by AWS security researchers. **AWS Trusted Advisor gives you proactive recommendations to optimize your AWS environment for cost, performance, security, fault tolerance, and service limits. Like your customized cloud security expert, AWS Trusted Advisor analyzes your AWS environment and provides security recommendations to protect your AWS environment. The service improves the security of your applications by closing gaps, examining permissions, and enabling various AWS security features.

Which of the following would you use to manage your encryption keys in the AWS Cloud? (Choose two)

AWS KMS & Cloud HSM AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys. AWS Key Management Service is integrated with most other AWS services to help you protect the data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. CloudHSM offers you the flexibility to integrate with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries.

Which of the following runs your application only when needed, without having to provision servers all the time?

AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time you consume - there is no charge when your code is not running.

Which of the following is NOT a benefit of using AWS Lambda?

AWS Lambda provides resizable compute capacity in the cloud. Option C is not a benefit of AWS Lambda, and thus is the correct choice. AWS Lambda automatically runs your code without requiring you to adjust capacity or manage servers. AWS Lambda automatically scales your application by running code in response to each trigger. Your code runs in parallel and processes each trigger individually, scaling precisely with the size of the workload. Other options represent benefits of AWS Lambda, and thus are not correct. AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume—there is no charge when your code is not running. With Lambda, you can run code for virtually any type of application or backend service—all with zero administration. Just upload your code, and Lambda takes care of everything required to run and scale your code with high availability. You can set up your code to automatically trigger from other AWS services, or you can call it directly from any web or mobile app.

Where to go to search for and buy third-party software solutions and services that run on AWS?

AWS Marketplace is a curated digital catalog that makes it easy for customers to find, buy, deploy, and manage third-party software and services that customers need to build solutions and run their businesses. AWS Marketplace includes thousands of software listings from popular categories such as security, networking, storage, machine learning, business intelligence, database, and DevOps. AWS Marketplace also simplifies software licensing and procurement with flexible pricing options and multiple deployment methods. Customers can quickly launch pre-configured software with just a few clicks, and choose software solutions in AMI and SaaS formats, as well as other formats. Flexible pricing options include free trial, hourly, monthly, annual, multi-year, and BYOL, and get billed from one source, AWS.

Your company is planning to host its applications in the AWS Cloud. Which of the following services can be used to help decouple distributed software systems and components? (Choose two)

AWS SNS & AWS SQS Amazon Simple Queue Service (SQS) and Amazon SNS are both messaging services within AWS, which provide different benefits for developers. Amazon SNS allows applications to send time-critical messages to multiple subscribers through a "push" mechanism, eliminating the need to periodically check or "poll" for updates. Amazon SQS is a message queue service used by distributed applications to exchange messages through a polling model. Amazon SQS provides flexibility for distributed components of applications to send and receive messages without requiring each component to be concurrently available. Using SNS, you can publish messages to Amazon SQS queues to reliably send messages to one or many system components asynchronously.

You are developing a document generator application that helps users create and modify PDFs. Which of the following allows you to publish your application?

AWS Serverless Application Repository is used to share solutions with developers or to help your customers quickly understand the value of products and services you sell and support. Anyone with an AWS account can publish a serverless application or application component to the AWS Serverless Application Repository. You can share your published applications within your team, across your organization, or with the community at large. Publicly shared applications must include a link to the application's source code so others can view what the application does and how it works. Option A is not correct. The AWS Marketplace is not an application repository. It is an online store where customers can find, buy, and deploy third-party software and services that they need to build solutions and run their businesses on AWS. AWS Marketplace includes software listings from categories such as security, networking, storage, machine learning, business intelligence, database, and DevOps. Option B is not correct. You can use Amazon AppStream to deliver desktop applications to any user whatever the OS they are using (Chromebooks, Macs, or PCs).

Which of the following is the most cost-effective AWS service that can be used for long-term data backup and archiving?

AWS Storage Gateway AWS Storage Gateway is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. You can use the service for backup and archiving, disaster recovery, cloud data processing, storage tiring, and migration. The gateway connects to AWS storage services, such as Amazon S3, Amazon S3 Glacier, Amazon S3 Glacier Deep Archive, Amazon EBS, and AWS Backup, providing storage for files, volumes, snapshots, and virtual tapes in AWS.

Which of the following services can be used to monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront?

AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront or an Application Load Balancer. AWS WAF also lets you control access to your content by defining customizable web security rules.

How does AWS notify customers about the latest security and privacy events within AWS services?

AWS publishes security bulletins about the latest security and privacy events with AWS services on the Security Bulletins page. Option C is not correct. AWS Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

The Chief Marketing Officer of the hotel chain you work for would like to implement voice recognition capabilities in rooms so customers can request services without picking up the phone. Competitors have already begun rolling out these technologies in an attempt to improve their customers' experience. Which benefit of the AWS cloud would you most emphasize to the CMO in your business case for creating an AWS-based solution?

Agility. The AWS cloud provides instant access to new technologies. Companies can move with agility to satisfy new business requirements and meet competitive demands. There is a very low barrier of entry for innovation. If a solution is not meeting expectations, services can be instantly de-provisioned. The other three options will also prove to be benefits of deploying in the AWS cloud, but the use case emphasizes the need to move quickly against competitive threats.

What are some key benefits of using AWS CloudFormation? (Choose two)

Allows you to model your entire infrastucture in a text file. Automates the provisioning and updating of your infra in a safe and controlled manner. The benefits of using AWS CloudFormation include: 1- CloudFormation allows you to model your entire infrastructure in a text file. This template becomes the single source of truth for your infrastructure. This helps you to standardize infrastructure components used across your organization, enabling configuration compliance and faster troubleshooting. 2- AWS CloudFormation provisions your resources in a safe, repeatable manner, allowing you to build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts. CloudFormation takes care of determining the right operations to perform when managing your stack, and rolls back changes automatically if errors are detected. 3- Codifying your infrastructure allows you to treat your infrastructure as just code. You can author it with any code editor, check it into a version control system, and review the files with team members before deploying into production. 4- CloudFormation allows you to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. Option C is not correct. Using IAM features for securing the AWS resources is the responsibility of the customer and are not applied automatically. Option D is not correct. AWS Elastic Beanstalk is the service that can help AWS customers deploy their applications without worrying about the underlying infrastructure. The customer can simply upload his code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. Option E is not correct. Building the application code is the responsibility of the customer not AWS.

For mobile applications, which of the following allows client devices access to AWS resources?

Amazon Cognito Amazon Cognito provides solutions to control access to backend resources from your app. You can define roles and map users to different roles so your app can access only the resources that are authorized for each user. Option A is not correct. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.

What is the primary storage service used by Amazon RDS DB instances?

Amazon EBS DB instances for Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server use Amazon Elastic Block Store (Amazon EBS) volumes for database and log storage.

Which of the following services allows you to install and run your custom relational database software?

Amazon EC2 If you need a full control over your database, AWS provides a wide range of Amazon EC2 instances—with different hardware characteristics—on which you can install and run your custom relational database software. Please note that if you use EC2 instead of RDS to run your relational database, you will be responsible for managing everything related to this database.

You are planning to use the Microsoft SQL Server as your database engine. Which service allows you to run this commercial database on AWS? (Choose two)

Amazon EC2 and Amazon RDS Amazon Web Services offers you the flexibility to run Microsoft SQL Server for as much or as little time as you need. You can select from a number of versions and editions, as well as choose between running it on Amazon Elastic Compute Cloud (Amazon EC2) or Amazon Relational Database Service (Amazon RDS). Using SQL Server on Amazon EC2 gives you complete control over every setting, just like when it's installed on-premises. Amazon RDS is a fully managed service that takes care of all the maintenance, backups, and patching for you. You can choose AWS license-included options on Amazon EC2 instances and Amazon RDS or you may choose to bring your own license on Amazon EC2.

Select the services that are server-based: (Choose two)

Amazon EMR and Amazon RDS Server-based services include: Amazon EC2, Amazon RDS, Amazon Redshift and Amazon EMR. Serverless services include: AWS Lambda, AWS Fargate, Amazon ECS and Amazon DynamoDB.

A company needs to host a big data application on AWS. Which of the following AWS Storage services would they choose to automatically get high throughput to multiple compute nodes?

Amazon Elastic File System Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. It is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily. Amazon EFS is built to elastically scale on demand without disrupting applications, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. It is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS that scale as a file system grows, with consistent low latencies. As a regional service, Amazon EFS is designed for high availability and durability storing data redundantly across multiple Availability Zones. With these capabilities, Amazon EFS is well suited to support a broad spectrum of use cases, including web serving and content management, enterprise applications, media and entertainment processing workflows, home directories, database backups, developer tools, container storage, and big data analytics workloads.

You have a real-time IoT application that requires sub-millisecond latency. Which of the following services would you use?

Amazon Elasticache for Redis Amazon ElastiCache for Redis is a blazing fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications. Built on open-source Redis and compatible with the Redis APIs, ElastiCache for Redis works with your Redis clients and uses the open Redis data format to store your data. Your self-managed Redis applications can work seamlessly with ElastiCache for Redis without any code changes. ElastiCache for Redis combines the speed, simplicity, and versatility of open-source Redis with manageability, security, and scalability from Amazon to power the most demanding real-time applications in Gaming, Ad-Tech, E-Commerce, Healthcare, Financial Services, and IoT.

What is the easiest way to launch and manage a virtual private server in AWS?

Amazon Lightsail is designed to be the easiest way to launch and manage a virtual private server with AWS. Lightsail plans include everything you need to jumpstart your project -a virtual machine, SSD-based storage, data transfer, DNS management, and a static IPaddress-for a low, predictable price.

Your company is trying to deploy a two-tier, highly available web application to AWS. The application needs a storage layer to store artifacts such as photos and videos. Which of the following services can best be used as the underlying storage mechanism?

Amazon S3 Amazon S3 is object storage built to store and retrieve any amount of data from anywhere on the Internet. It's a simple storage service that offers an extremely durable, highly available, and infinitely scalable data storage infrastructure at very low costs.

In order to keep your data safe, you need to take a backup of your database regularly. What is the most cost-effective storage option that provides immediate retrieval of your backups?

Amazon S3 Database backup is an important operation to consider for any database system. Taking backups not only allows the possibility to restore upon database failure but also enables recovery from data corruption. Amazon S3 provides highly durable and reliable storage for database backups while reducing costs. Data stored in Amazon S3 can be retrieved immediately when needed. Option B is not correct. Amazon Glacier doesn't provide immediate retrieval. Amazon S3 Glacier provides three options to retrieve your data with retrieval times ranging from a few minutes to several hours. Option C is not correct. Amazon EBS is not a cost effective choice compared to S3 in this use case. Option D is not correct. Instance Store can only be used to store temporary data such as buffers, caches, scratch data, and other temporary content. We cannot rely on instance store for valuable, long-term data because data in the instance store is lost if the instance stops, terminates or if the underlying disk drive fails.

What are the main differences between an IAM user and an IAM role? (Choose two)

An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials (password or access keys) associated with it. Instead, if a user assumes a role, temporary security credentials are created dynamically and provided to the user.

Which of the below can be specified as an origin when creating a CloudFront distribution?

An S3 Bucket An ELB A domain name

Which of the following are key components of Amazon Glacier?

Archive, Access Policy, Vault

Your Development team uses four on-demand EC2 instances and your QA team has 5 reserved instances, only three of which are being used. Assuming all AWS accounts are under a single AWS Organization, how will the Development team's instances be billed?

Assuming all instances are in the same AWS Organization, the reserved instance pricing for the unused QA instances will be applied to two of the four Dev instances.

You need to automate EC2 resource provisioning to meet demand. Which AWS service can help you accomplish this?

Auto Scaling is automated resource provisioning.

You need to ensure that you have the correct number of EC2 instances available to handle the load for your application. Which AWS service should you use?

Auto Scaling will ensure you have the optimal number of EC2 instances to handle your application's load.

A company has decided to migrate to AWS. What design principles should they consider to facilitate good design in the cloud?

Automate to make architectural experimentation easier.

The concept of elasticity is most closely associated with which of the following?

Autoscaling Another way you can save money with AWS is by taking advantage of the platform's elasticity. Elasticity means the ability to scale up or down when needed. This concept is most closely associated with the AWS Auto Scaling which monitors your applications and automatically adjusts capacity (up or down) to maintain steady, predictable performance at the lowest possible cost.

Which of the following AWS support plans provides access to only the 7 core Trusted Advisor checks? (Choose two)

Basic and Developer Support Plans provide access to only 7 core Trusted Advisor checks and guidance to provision your resources following best practices to increase performance and improve security. Business and Enterprise level Support Plans provide access to a full set of Trusted Advisor checks.

What are the benefits of using AWS X-Ray? (Choose two)

Benefits of AWS X-Ray include: 1- Review request behavior: AWS X-Ray traces user requests as they travel through your entire application. It aggregates the data generated by the individual services and resources that make up your application, providing you an end-to-end view of how your application is performing. 2- Discover application issues: With AWS X-Ray, you can glean insights into how your application is performing and discover root causes. With X-Ray's tracing features, you can follow request paths to pinpoint where in your application and what is causing performance issues.

You are planning to host a large eCommerce application on the AWS Cloud. One of your major concerns is Internet attacks, such as DDoS attacks. Which of the following services can help mitigate this concern? (Choose 2 answers)

CloudFront & AWS Shield AWS provides flexible infrastructure and services that help customers implement strong DDoS mitigations and create highly available application architectures that follow AWS Best Practices for DDoS Resiliency. These include services such as Amazon Route 53, Amazon CloudFront, Elastic Load Balancing, and AWS WAF to control and absorb traffic, and deflect unwanted requests. These services integrate with AWS Shield, a managed DDoS protection service that provides always-on detection and automatic inline mitigations to safeguard web applications running on AWS.

Your company's upper management is getting very nervous about managing governance, compliance, and risk auditing in AWS. What service should you enable and inform upper management about?

CloudTrail AWS CloudTrail is designed to log all actions taken in your AWS account. This provides a great resource for governance, compliance, and risk auditing.

What service helps you to aggregate log files from your EC2 instances?

Cloudwatch logs You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources. You can then retrieve the associated log data from CloudWatch Logs.

What are the benefits of AWS Organizations? (Choose two)

Control access to AWS Services & Consolidate billing across multiple AWS accounts AWS Organizations has four main benefits: 1) Centrally manage access polices across multiple AWS accounts. 2) Automate AWS account creation and management. 3) Control access to AWS services 4) Consolidate billing across multiple AWS accounts. ** Control access to AWS services: AWS Organizations allows you to restrict what services and actions are allowed in your accounts. You can use Service Control Policies (SCPs) to apply permission guardrails on AWS Identity and Access Management (IAM) users and roles. For example, you can apply an SCP that restricts users in accounts in your organization from launching any resources in regions that you do not explicitly allow. ** Consolidate billing across multiple AWS accounts: You can use AWS Organizations to set up a single payment method for all the AWS accounts in your organization through consolidated billing. With consolidated billing, you can see a combined view of charges incurred by all your accounts, as well as take advantage of pricing benefits from aggregated usage, such as volume discounts for Amazon EC2 and Amazon S3.

An organization has 500 employees. The organization wants to set up AWS access for each department. Which of the below-mentioned options is a possible solution?

Create an IAM group for each department and assign IAM users to the groups. An IAM group is a collection of IAM users that are managed as a unit. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group. If a new user joins your organization and needs administrator privileges, you can assign the appropriate permissions by adding the user to that group. Similarly, if a person changes jobs in your organization, instead of editing that user's permissions, you can remove him or her from the old groups and add him or her to the appropriate new groups.

What are your options for protecting the confidentiality of data in transit in Amazon S3? (Choose two)

Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption.

You need to run a number of Amazon EC2 Instances that are physically isolated at the host hardware level from instances that belong to any other AWS account. How can you meet this requirement in a cost effective way?

Dedicated Instances are Amazon EC2 instances that run in a VPC on hardware that's dedicated to a single customer. Your Dedicated instances are physically isolated at the host hardware level from instances that belong to other AWS accounts. Dedicated hosts are not cost effective compared to the Amazon EC2 Dedicated Instances.

Which of the following strategies helps protect your AWS root account?

Don't create an access key unless you need to. Anyone who has root user access keys for your AWS account has unrestricted access to all the resources in your account, including billing information. If you don't already have an access key for your AWS account root user, don't create one unless you absolutely need to. If you do have an access key for your AWS account root user, delete it. If you must keep it, rotate (change) the access key regularly. Option A is not correct. You can access with your root account from any supported device. But make sure that no one else can access these devices or monitor them. Option C is not correct. You do not have to share your AWS account password or access keys to anyone. Instead, create individual users for anyone who needs access to your AWS account. By creating individual IAM users for people accessing your account, you can give each IAM user a unique set of security credentials. You can also grant different permissions to each IAM user. If necessary, you can change or revoke an IAM user's permissions any time. (If you give out your root user credentials, it can be difficult to revoke them, and it is impossible to restrict their permissions.). Also Instead of defining permissions for individual IAM users, it's usually more convenient to create groups that relate to job functions (administrators, developers, accounting, etc.). Next, define the relevant permissions for each group. Finally, assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group. That way, you can make changes for everyone in a group in just one place. As people move around in your company, you can simply change what IAM group their IAM user belongs to. Option D is not correct. AWS strongly recommend that you do not use the AWS account root user for your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using the root user only to create your first IAM user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks. And give the IAM user that you created administrative privileges, and use this Admin user for all your work.

What is the DynamoDB replication technology that provides fast read/write performance for globally-deployed applications?

DynamoDB global tables are ideal for massively scaled applications with globally dispersed users. In such an environment, users expect very fast application performance. Global tables provide automatic multi-master replication to AWS Regions world-wide. They enable you to deliver low-latency data access to your users no matter where they are located. Multi-master replication ensures that updates performed in any region are propagated to other regions, and that data in all regions are eventually consistent. This means tables accessed locally by your globally distributed application are always up to date. Option A is not correct. DynamoDB DAX is an in-memory cache for DynamoDB that reduces response times from milliseconds to microseconds. Option C & D are not correct. PITR refers to Point-in-time recovery. PITR is used to back up your data with per-second granularity and restore to any single second from the time PITR was enabled up to the prior 35 days. PITR works as additional insurance against accidental loss of data. Also, PITR is not global, you can only enable it within a single region.

There is a need to analyze and process a large number of data sets. Which of the following services can help fulfill this requirement?

EMR Amazon EMR helps you analyze and process vast amounts of data by distributing the computational work across a cluster of virtual servers running in the AWS Cloud. The cluster is managed using an open-source framework called Hadoop. Amazon EMR lets you focus on crunching or analyzing your data without having to worry about time-consuming setup, management, and tuning of Hadoop clusters or the compute capacity they rely on.

AWS provides excellent cloud-based disaster recovery services utilizing their multiple _____________ .

Edge locations Businesses are using the AWS cloud to enable faster disaster recovery of their critical IT systems without incurring the infrastructure expense of a second physical site. The AWS cloud supports many popular disaster recovery (DR) architectures from "pilot light" environments that may be suitable for small customer workload data center failures to "hot standby" environments that enable rapid failover at scale. With data centers in Regions all around the world, AWS provides a set of cloud-based disaster recovery services that enable rapid recovery of your IT infrastructure and data.

Which service automatically restarts resources after terminating them? (Choose two)

Elastic Beanstalk is designed to ensure that all the resources that you need are running, which means that it automatically relaunches any service that you stop. If you need to permanently delete those resources you must terminate your Elastic Beanstalk environment before you terminate resources that Elastic Beanstalk has created. If you use the AWS OpsWorks environment to create AWS resources, you must use AWS OpsWorks to terminate those resources or AWS OpsWorks will restart them. For example, if you use AWS OpsWorks to create an Amazon EC2 instance, but then stop it by using the Amazon EC2 console, the AWS OpsWorks auto-healing feature categorizes the instance as failed and restarts it. Note: To avoid unexpected charges, you have to be aware of such services as they automatically restart resources without notifying you.

Which of the following best describes the ability to scale computing resources up or down easily, while only paying for the resources used?

Elasticity describes the ability to scale computing resources up or down easily, while only paying for the resources used.

True or False: Private subnets have direct, private access to the Internet.

False - By default, private subnets do NOT have access to the internet. You must use a NAT Gateway for resources in a private subnet to access the internet.

Which feature enables users to sign in to their AWS accounts with their existing corporate credentials?

Federation With Federation, you can use single sign-on (SSO) to access your AWS accounts using credentials from your corporate directory. Federation uses open standards, such as Security Assertion Markup Language 2.0 (SAML), to exchange identity and security information between an identity provider (IdP) and an application.

An organization has an on-premises application that serves users from all around the world. If instead the application was deployed in AWS, what is the AWS characteristic that could help reduce latency to their users?

Global reach If you deliver applications to your global users from an on-premises datacenters, your users might face inconsistent availability and performance. AWS solved this problem by providing the ability to deploy your application in multiple regions around the world. The user will be redirected to the region that provides the lowest possible latency and the highest performance. You can also use the CloudFront service that uses edge locations (which are located in most of the major cities across the world) to deliver content with low latency and high performance to your global users.

Which of the following requires an access key and a security access key to get programmatic access to AWS resources? (Choose two)

IAM user & AWS account root user An AWS IAM user might need to make API calls or use the AWS CLI. In that case, you need to create an access key (access key ID and a secret access key) for that user. You can create IAM user access keys with the IAM console, AWS CLI,or AWS API.

What should you do if you see resources, which you don't remember creating, in the AWS Management Console? (Choose two)

If you suspect that your account has been compromised, or if you have received a notification from AWS that the account has been compromised, perform the following tasks: **Change your AWS root account password and the passwords of any IAM users. **Delete or rotate all root and AWS Identity and Access Management (IAM) access keys. **Delete any resources on your account you didn't create, such as EC2 instances and AMIs, EBS volumes and snapshots, and IAM users. **Respond to any notifications you received from AWS Support through the AWS Support Center.

Which of the following will impact the price paid for an EC2 instance? (Choose two)

Instance Type & Storage Capacity EC2 instance pricing varies depending on many variables: - The buying option (On-demand, Reserved, Spot, Dedicated) - Selected AMI - Selected instance type - Region - Data Transfer in/out - Storage capacity.

A mobile shopping list app needs to be able to add, delete, and update items on specific lists anytime a user desires. The backend for the app will run on Amazon EC2 instances with Auto Scaling to manage fluctuations in user demand. Many times, a user will perform maintenance on many list items in a single session. What design characteristic must be incorporated into the app for these requirements to be met?

Make sure the app doesn't need knowledge of previous transactions

Using Amazon RDS falls under the shared responsibility model. Which of the following are customer responsibilities? (Choose two)

Managing the database settings & Building the relational database schema Amazon RDS manages the work involved in setting up a relational database, from provisioning the infrastructure capacity you request to installing the database software. Once your database is up and running, Amazon RDS automates common administrative tasks such as performing backups and patching the software that powers your database. With optional Multi-AZ deployments, Amazon RDS also manages synchronous data replication across Availability Zones with automatic failover. Since Amazon RDS provides native database access, you interact with the relational database software as you normally would. This means you're still responsible for managing the database settings that are specific to your application. You'll need to build the relational schema that best fits your use case and are responsible for any performance tuning to optimize your database for your application's workflow.

Which statement is correct with regards to service limits? (Choose two)

Option A. Understanding your service limits (and how close you are to them) is an important part of managing your AWS deployments - continuous monitoring allows you to request limit increases or shut down resources before the limit is reached. One of the easiest ways to do this is via AWS Trusted Advisor's Service Limit Dashboard, which currently covers 39 limits across 10 services. Option C. AWS maintains service limits for each account to help guarantee the availability of AWS resources, as well as to minimize billing risks for new customers. Some service limits are raised automatically over time as you use AWS, though most AWS services require that you request limit increases manually. Most service limit increases can be requested through the AWS Support Center by choosing Create Case and then choosing Service Limit Increase.

Which Cloud Computing model removes the need for your organization to manage operating systems?

PaaS Platform as a Service (PaaS) removes the need for your organization to manage the underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications. This helps you be more efficient as you don't need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application.

What best describes penetration testing?

Penetration testing is the practice of testing a network or web application to find security vulnerabilities that an attacker could exploit.

There are a lot of advantages in changing your traditional hosting provider to AWS. One of these advantages is the ability to save costs. What does Amazon EC2 provide to save you costs?

Per-second billing EC2 usage is calculated by either the hour or the second, depending on which AMI you're running. With per-second billing in EC2 you pay for only what you use. It takes cost of unused minutes and seconds in an hour off of the bill, so you can focus on improving your applications instead of maximizing usage to the hour. If you manage instances running for irregular periods of time, such as dev/testing, data processing, analytics, batch processing and gaming applications, you should certainly realize savings in cost.

What is the Amazon RDS feature that allows for data redundancy across regions and improves disaster recovery?

Read Replicas Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This feature makes it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. In addition to that creating Read Replicas across regions improves your disaster recovery capabilities and allows you to scale out globally.

Which of the following AWS services allows you to run complex analytic queries against petabytes of structured data, using sophisticated query optimization, columnar storage on high-performance local disks, and massively parallel query execution.

Redshift Redshift allows you to run complex analytic queries against petabytes of structured data, using sophisticated query optimization, columnar storage on high-performance local disks, and massively parallel query execution.

A user is planning to host a scalable, dynamic web application on AWS. Which service may not be required by the user to achieve automated scalability?

S3 The question asks for the service that may NOT be required by the user when architecting for an automatically scalable application. S3 is not required, and thus is the correct answer. The user can achieve automated scalability by configuring the AutoScaling service to run the required number of EC2 instances based on the conditions that he define. Cloudwatch is used to monitor the utilization of the running instances and allow AutoScaling to automatically scale up (by launching more instances) or down (by terminating instances) based on changes on demand. Based on the application requirements, a developer may decide not to use S3. The storage resource in this case will be the EBS volumes that are attached to the Amazon EC2 instances.

Which of the following is not an AWS reservation model?

S3 Reserved Capacity There are no reservations in S3. You pay for what you use. While the cloud is well-suited for running variable workloads and rapid deployments, many cloud-based workloads display a more predictable pattern. For these stable applications, organizations can achieve significant cost savings by taking advantage of the available reservation models such as EC2 reserved instances, RDS reserved instances, ElastiCache Reserved Nodes, DynamoDB Reserved Capacity and Redshift Reserved Nodes.

Which of the following acts like built-in firewalls for your virtual servers?

Security Groups act like built-in firewalls for your virtual servers.

You want to transfer 200 Terabytes of data from on-premises locations to the AWS Cloud, which of the following can do the job in a cost effective wa

Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. Transferring data with Snowball is simple, fast, secure, and can cost as little as one-fifth the cost of using high-speed Internet. In the US regions, Snowball appliances come in two sizes: 50 TB and 80 TB. All other regions have 80 TB Snowballs only. In either case, it is better (cost-effective) to use 3 or 4 snowball devices to transfer 200 TB. 3 snowballs * 80TB = 240 TB 4 snowballs * 50 TB = 200 TB There are many options for transferring your data into AWS. Snowball is intended for transferring large amounts of data. If you want to transfer less than 10 terabytes of data between your on-premises data centers and Amazon S3, Snowball might not be your most economical choice.

You need to select an EC2 Instance type to service your workloads. If you have flexibility about the availability of the Amazon EC2 Instances, which of the following EC2 Instances would be most cost-effective?

Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks, but are not suitable for always-on e-commerce front-end platforms.

A telecommunications company has his hired you as a consultant to develop a business case for moving its IT applications and infrastructure to AWS. The company's leadership understands the agility value of the cloud, but the finance group is not interested in shifting capital expense to operating expense due to the company's tax structure. What will you include in the business case to attempt to satisfy everyone at the company?

Suggest that the company make reserved instance purchases and capitalize them Many companies capitalize reserved instance purchases, especially those with 3-year terms. Waiting for current infrastructure to fully depreciate will cause the company to miss the other cloud benefits that are available. Moving the company to an operating expense model will prove too large a task, and will most likely result in a rejected business case. Elastic infrastructure is definitely a benefit, but doesn't address the capitalization issue.

You need to find an item in a DynamoDB table using an attribute other than the item's primary key. Which of the following operations should you use?

Table scan

Which of the following security resources are available for free? (Choose three)

The AWS free security resources include AWS Security Blog, Provable Security, Whitepapers, Advanced Innovation, Developer Documents, Articles and Tutorials, Training, Security Bulletins, Compliance Resources and Testimonials.

When dealing with Container Services AWS is responsible for: (Choose two)

The AWS shared responsibility model also applies to container services, such as Amazon RDS and Amazon EMR. For these services, AWS manages the underlying infrastructure and foundation services, the operating system and the application platform. For example, Amazon RDS for Oracle is a managed database service in which AWS manages all the layers of the container, up to and including the Oracle database platform. For services such as Amazon RDS, the AWS platform provides data backup and recovery tools; but it is your responsibility to configure and use tools in relation to your business continuity and disaster recovery (BC/DR) policy. For AWS Container services, you are responsible for the data and for firewall rules for access to the container service. For example, Amazon RDS provides RDS security groups, and Amazon EMR allows you to manage firewall rules through Amazon EC2 security groups for Amazon EMR instances. Option B is not correct. The customer is responsible for managing access to all AWS services and resources. Option C is not correct. The customer is responsible for managing the firewall rules using the associated security groups. Option E is not correct. The customer is responsible for protecting network traffic using the built-in firewall or using other protection services such as AWS WAF and AWS Shield.

Which AWS Load Balancer types uses a Round-Robin load distribution strategy?

The Classic will use Round-Robin only for TCP. The ALB will use it for final web server selection after parsing the routing rules.

Which statement best describes the operational excellence pillar of the AWS Well-Architected Framework?

The ability to monitor and improve system processes and procedures

AWS changes the way you pay for servers compared to other traditional hosting providers. What purchasing option does Amazon EC2 make available so you pay lower prices for compute instances?

The ability to pay upfront to get lower hourly costs. With Reserved Instances, you can save up to 75% over equivalent on-demand capacity. When you buy Reserved Instances, the larger the upfront payment, the greater the discount. Option A is not correct. The way the Spot instance pricing model works is that you bid a price for your instance, the spot market will accept bids when the bid price is higher than the market price. You get the instance as long as the market price is lower than your bidding price. You pay the lower market price, NOT the bidding price. An example to illustrate: If the market price is $0.08 and you make a bid of $0.17, you'll pay $0.08 and you will lose the instances if the market price rises above $0.17. Option C is not correct. Amazon EC2 allows you to pay only for the instances you allocate. Once you provision an EC2 instance, you will pay for every hour the instance is in the running state. This is regardless of whether you are using the instance or not. Note: The service that allows you to pay only for the compute time you consume is Lambda. Option D is not correct. Tiered pricing or Volume pricing is not applied to compute services. Tiered pricing is available only for storage and data transfer. The more storage and data transfer you use, the less you pay per gigabyte.

What information is required to calculate the Total Cost of Ownership for the AWS Cloud?

The number of on-premise virtual machines. The AWS TCO (Total Cost of Ownership) Calculator provides directional guidance on possible realized savings when deploying AWS. This tool is built on an underlying calculation model, that generates a fair assessment of value that a customer may achieve given the data provided by the user which includes the number of servers migrated to AWS, the server type, the number of processors and so on.

Under what circumstances would someone want to use ElastiCache? (Choose two)

They need an in-memory data store service & They need to improve the performance of their web application. Amazon ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. Amazon ElastiCache improves the performance of web applications by allowing you to retrieve information from a fast, managed, in-memory system, instead of relying entirely on slower disk-based databases. Amazon ElastiCache works as an in-memory data store and cache to support the most demanding applications requiring sub-millisecond response times.

The AWS account administrator of your company has been fired. The administrator had access to the root user and a personal IAM administrator account. With these accounts, he has generated other IAM accounts and keys. Which of the following should you do today to protect your AWS infrastructure? (Choose two)

To protect your AWS infrastructure in this situation you should lock down your root user and all accounts that the administrator had access to. Here are some ways to do that: 1- Change the user name and the password of the root user account and all of the IAM accounts that the administrator has access to. 2- Rotate (change) all access keys for those accounts. 3- Enable MFA on those accounts. 4- Put IP restriction on all Users' accounts.

What is the main characteristic that makes Amazon cloud directory a better option than traditional directory systems?

Unlike existing traditional directory systems, Cloud Directory does not limit organizing directory objects in a single fixed hierarchy. In Cloud Directory, you can organize directory objects into multiple hierarchies to support multiple organizational pivots and relationships across directory information. For example, a directory of users may provide a hierarchical view based on reporting structure, location, and project affiliation. Similarly, a directory of devices may have multiple hierarchical views based on its manufacturer, current owner, and physical location. With Cloud Directory, you can create directories for a variety of use cases, such as organizational charts, course catalogs, and device registries. Option C is not correct. There is no relation between the Cloud Directory schema and application security. Schemas define what types of objects can be created within a directory (users, devices, and organizations), enforce validation of data for each object class, and handle changes to the schema over time. The flexibility of the schema allows you to extend your schema with new attributes at any time.

Your CTO has asked you to contact the AWS support using the chat feature to ask for guidance related to EBS. However, when you open the AWS support center you can't see a way to contact support via Chat. What should you do?

Upgrade to business support plan. Chat access to AWS Support Engineers is available at the Business and Enterprise level plans only.

Due to the nature of the traditional infrastructure environments and their upfront cost model, they involve using fixed, long-running servers that can become problematic as heterogeneous system configurations emerge from continual changes and software patches being applied overtime. Which of the following approaches solves these problems in the AWS environment?

Use disposable resources instead of fixed servers.

You need to migrate a large number of on-premises workloads to AWS. Which of the following is the fastest way to achieve your goal?

Use the AWS Server Migration Service AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS. AWS SMS allows you to automate, schedule, and track incremental replications of live server volumes, making it easier for you to coordinate large-scale server migrations. Option A is not correct. AWS Database Migration Service is used to migrate your data to and from most of the widely used commercial and open source databases. Option C is not correct. AWS Application Discovery Service is used to discover on-premises server inventory and behavior. This service is very useful when creating a migration plan to AWS.

Which pillar of the AWS Well-Architected Framework focuses on using infrastructure as code?

Using infrastructure as code is one of the most important design principles for operational excellence in the cloud. In the cloud, you can apply the same engineering discipline that you use for application code to your entire environment. You can define your entire workload (applications, infrastructure, etc.) as code and update it with code. You can script your operational procedures and automate their execution by triggering them in response to events. By performing operations as code, you limit human error and enable consistent responses to events.

Which of the following is NOT a factor when estimating the cost of Amazon EC2? (Choose two)

When you begin to estimate the cost of using Amazon EC2, consider the following: **Clock hours of server time: Resources incur charges when they are running—for example, from the time Amazon EC2 instances are launched until they are terminated, or from the time Elastic IPs are allocated until the time they are de-allocated. **Instance type: Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity. **Pricing model: On-Demand, Reserved, Spot and Dedicated **Number of instances: You can provision multiple instances of your Amazon EC2 and Amazon EBS resources to handle peak loads. **Load balancing: The number of hours the Elastic Load Balancer runs and the amount of data it processes contribute to the monthly cost. **Detailed monitoring: You can use Amazon CloudWatch to monitor your EC2 instances. By default, basic monitoring is enabled. For a fixed monthly rate, you can opt for detailed monitoring, which includes seven preselected metrics recorded once a minute. **Elastic IP addresses: You can have one Elastic IP (EIP) address associated with a running instance at no charge. Additional Elastic IPs are not free. **Operating systems and software packages: Operating system prices are included in instance prices, unless you choose to bring your own licenses.

Which statement is true in relation to AWS pricing? (Choose two)

With AWS, you don't have to pay any money upfront & You only pay for the individual services that you need with no long term contracts.

Why are Serverless Architectures more economical than Server-based Architectures?

With Server-based architectures, servers continue to run all the time but with the serverless architectures the code runs only when needed. Serverless architectures can reduce costs because you don't have to manage or pay for underutilized servers, or provision redundant infrastructure to implement high availability. For example, you can upload your code to the AWS Lambda compute service, and the service can run the code on your behalf using AWS infrastructure. With AWS Lambda, you are charged for every 100ms your code executes and the number of times your code is triggered. Option A is not correct. AWS uses the same devices for both server-based and serverless architectures. Option B is not correct. With Serverless Architectures, you don't have to worry about scaling the compute capacity. AWS handles that for you. Option D is not correct. There are no reservations when using the Serverless Architectures.

There are performance issues with your under-development application, being built using microservices architecture. Which of the following AWS services would help you analyze these issues?

X-Ray AWS X-Ray helps developers analyze and debug distributed applications in production or under development, such as those built using microservice architecture. With X-Ray, you can understand how your application and its underlying services are performing so you can identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application's underlying components. You can use X-Ray to analyze both applications in development and in production, from simple three-tier applications to complex microservices applications consisting of thousands of services.

Which of the following could you use to find a paid AMI? (Choose three)

You can find a paid AMI using the Amazon EC2 console, AWS Marketplace and AWS CLI. Option D is not correct. Amazon DevPay is a simple-to-use online billing and account management service that makes it easy for businesses to sell applications that are built in, or run on top of, Amazon Web Services. Option E is not correct. AWS Organizations helps you centrally govern your environment across multiple AWS accounts.

You have bought 4 Amazon EC2 reserved instances for a 1 year term. After 7 months you decide to sell 2 of your instances on the Amazon EC2 Reserved Instance Marketplace. Which of the following is true regarding this scenario?

You can set only the upfront price for your RI. When selling a reserved instance on the Amazon EC2 Reserved Instance Marketplace, you only have the option to set an upfront price for the instance.


Related study sets

COP3014 - Chapter 7 Multiple Choice

View Set

Probability: Simple and Compound Events

View Set

Chapter 8 Lifting and Moving Patients

View Set

RAMEXAM22 - Ram Expert Exam Truck Foundations PT 2

View Set

Gerontology Sleep/Physical Activity/Fall Risk

View Set

Platelets disorder FA USMLERx flash crds p.397 Mar 30 16

View Set