Exam questions

Ace your homework & exams now with Quizwiz!

Which of the following is one of the benefits of AWS Security? (a)Free for AWS premium members. (b)Starts automatically once you upload your data. (c)Scales Quickly (d)None of the above

ANSWER(C) Security scales with your AWS Cloud usage. No matter the size of your business, the AWS infrastructure is designed to keep your data safe.

You can automatically deploy AWS Shield when a DDoS attack is detected(Correct or wrong)

AWS Auto Scaling is helpful during a DDoS attack, as it can scale out resources fast. But, it cannot automatically deploy AWS Shield service onto its group of resources.

An e-commerce company would like to receive alerts when the Reserved EC2 Instances utilization drops below a certain threshold. Which AWS service can be used to address this use-case? (a)AWS Systems Manager (b)AWS Budgets (c)AWS Cost Explorer (d)AWS Trusted Advisor

AWS Budgets AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. You can define a utilization threshold and receive alerts when your RI usage falls below that threshold. This lets you see if your RIs are unused or under-utilized. Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations.

Which of the following AWS services can be used to forecast your AWS account usage and costs? (a)AWS Cost Explorer (b)AWS Simple Monthly Calculator (c)AWS Cost and Usage Reports (d)AWS Budgets

AWS Cost Explorer AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. AWS Cost Explorer includes a default report that helps you visualize the costs and usage associated with your top five cost-accruing AWS services, and gives you a detailed breakdown of all services in the table view. The reports let you adjust the time range to view historical data going back up to twelve months to gain an understanding of your cost trends. AWS Cost Explorer also supports forecasting to get a better idea of what your costs and usage may look like in the future so that you can plan.

A startup wants to set up its IT infrastructure on AWS Cloud. The CTO would like to receive detailed reports that break down the startup's AWS costs by the hour in an S3 bucket. As a Cloud Practitioner, which AWS service would you recommend for this use-case? (a)AWS Total Cost of Ownership (TCO) Calculator (b)AWS Budgets (c)AWS Cost Explorer (d)AWS Cost and Usage Reports

AWS Cost and Usage Reports The AWS Cost and Usage Reports (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use Cost and Usage Reports to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that break down your costs by the hour or month, by product or product resource, or by tags that you define yourself. AWS updates the report in your bucket once a day in comma-separated value (CSV) format.

AWS Data Pipeline

AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources. AWS Data Pipeline integrates with on-premise and cloud-based storage systems to allow developers to use their data when they need it, where they want it, and in the required format.

Which of the following AWS services is essential for implementing security of resources in AWS Cloud? (a)AWS Identity and Access Management (IAM) (b)AWS Shield (c)AWS WAF (d)Amazon CloudWatch

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM enables security best practices by allowing you to grant unique security credentials to users and groups to specify which AWS service APIs and resources they can access. These features make IAM an important service for the overall security of AWS resources in your account. IAM is secure by default; users have no access to AWS resources until permissions are explicitly granted.

Which services does AWS offer for free

AWS Identity and Access Management is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your Users. There is no additional charge for AWS Elastic Beanstalk. You pay for AWS resources (e.g. EC2 instances or S3 buckets) you create to store and run your application. You only pay for what you use, as you use it; there are no minimum fees and no upfront commitments.

Which AWS service can help you analyze your infrastructure to identify unattached or underutilized EBS volumes? (a)Amazon CloudWatch (b)Amazon Inspecto (c)AWS Trusted Advisor (d)AWS Config

AWS Trusted Advisor AWS Trusted Advisor is an online tool that provides real-time guidance to help provision your resources following AWS best practices. Whether establishing new workflows, developing applications, or as part of ongoing improvement, recommendations provided by Trusted Advisor regularly help keep your solutions provisioned optimally. AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: Cost Optimization, Performance, Security, Fault Tolerance, Service Limits. AWS Trusted Advisor can check Amazon Elastic Block Store (Amazon EBS) volume configurations and warns when volumes appear to be underused. Charges begin when a volume is created. If a volume remains unattached or has very low write activity (excluding boot volumes) for a period of time, the volume is probably not being used.

Which of the following AWS services are part of the AWS Foundation services for the Reliability pillar of the Well-Architected Framework in AWS Cloud? (Select two) (a)AWS Identity and Access Management (IAM) (b)AWS CloudFormation (c)AWS Trusted Advisor (d)AWS CloudTrail (e)Amazon CloudWatch

AWS Trusted Advisor AWS Identity and Access Management (IAM) Foundations are part of the Reliability pillar of the AWS Well-Architected Framework. AWS states that before architecting any system, foundational requirements that influence reliability should be in place. The services that are part of foundations are: AWS IAM, Amazon VPC, AWS Trusted Advisor, AWS Shield. AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits, and performance improvement. Whether establishing new workflows, developing applications, or as part of ongoing improvement, recommendations provided by Trusted Advisor regularly help keep your solutions provisioned optimally. AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM enables security best practices by allowing you to grant unique security credentials to users and groups to specify which AWS service APIs and resources they can access.

An online gaming company wants to block users from certain geographies from accessing its content. Which AWS services can be used to accomplish this task? (Select two) (a)AWS Protect (b)CloudWatch (c)AWS WAF (d)AWS Shield (e)Route 53

AWS WAF Route 53 AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection, and cross-site scripting. You can use the IP address based match rule to block specific geographies. The accuracy of the IP Address to country lookup database varies by Region. Based on recent tests, AWS mentions that the overall accuracy for the IP address to country mapping is 99.8%. Route 53 is Amazon's Domain Name System (DNS) web service. You can use Route 53 geolocation routing policy to block certain geographies. When you use geolocation routing, you can localize your content and present some or all of your website in the language of your users. You can also use geolocation routing to restrict the distribution of content to only the locations in which you have distribution rights.

For managed services like Amazon DynamoDB, what are the security-related tasks that AWS is responsible for

AWS has increased responsibilities for its managed services. Examples of managed services include Amazon DynamoDB, Amazon RDS, Amazon Redshift, Amazon Elastic MapReduce, and Amazon WorkSpaces. These services provide the scalability and flexibility of cloud-based resources with less operational overhead because AWS handle basic security tasks like guest operating system (OS) and database patching, installing antivirus software, and disaster recovery. For most managed services, you only configure logical access controls and protect account credentials, while maintaining control and responsibility of any personal data.

Which AWS service can be used to set up billing alarms to monitor estimated charges on your AWS account?

Amazon CloudWatch Amazon CloudWatch can be used to create an alarm to monitor your estimated charges. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data. You can choose to receive alerts by email when charges have exceeded a certain threshold. These alerts are triggered by CloudWatch and messages are sent using Amazon Simple Notification Service (Amazon SNS). Billing metric data is stored in the US East (N. Virginia) Region and reflects worldwide charges. The alarm triggers when your account billing exceeds the threshold you specify. It triggers only when actual billing exceeds the threshold. ***It doesn't use projections based on your usage so far in the month.***

Which AWS service would you choose for a data processing project to store unstructured data? (a)Amazon DynamoDB (b)Amazon Aurora (c)Amazon Aurora (d)Amazon RDS

Amazon DynamoDB Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. It's a fully managed, multi-Region, multi-master, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications. DynamoDB offers flexible schema and can easily handle unstructured data.

Which of the following AWS storage services can be directly used with on-premises systems? (a)Amazon Simple Storage Service (Amazon S3) (b)Amazon EC2 Instance Store (c)Amazon Elastic Block Store (EBS) (d)Amazon Elastic File System (Amazon EFS)

Amazon Elastic File System (Amazon EFS) Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. To access EFS file systems from on-premises, you must have an AWS Direct Connect or AWS VPN connection between your on-premises datacenter and your Amazon VPC. You mount an EFS file system on your on-premises Linux server using the standard Linux mount command for mounting a file system

An e-commerce company wants to assess its applications for vulnerabilities and deviations from AWS best practices. Which AWS service can be used to facilitate this? (a)AWS CloudHSM (b)AWS Trusted Advisor (c)Amazon Inspector (d)AWS Secrets Manager

Amazon Inspector Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.

Which of the following AWS services comes under the Software as a Service (SaaS) Cloud Computing Type? (a)AWS Elastic Beanstalk (b)Amazon Rekognition (c)Elastic Load Balancing (d)Amazon EC2

Amazon Rekognition

what are the benefits of the AWS's Relational Database Service

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. RDS doesn't support AutoScaling like EC2 instances, but it does support manual horizontal scaling (by adding read replicas) and manual vertical scaling (by upgrading/downgrading an existing instance).

A firm wants to maintain the same data on S3 between its production account and multiple test accounts. Which technique should you choose to copy data into multiple test accounts while retaining object metadata? (a)Amazon S3 Storage Classes (b)Amazon S3 Bucket Policy (c)Amazon S3 Replication (d)Amazon S3 Transfer Acceleration

Amazon S3 Replication Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can copy objects between different AWS Regions or within the same Region. You can use replication to make copies of your objects that retain all metadata, such as the original object creation time and version IDs. This capability is important if you need to ensure that your replica is identical to the source object.

How to protect data at rest on Amazon S3

Amazon S3 provides a number of security features for the protection of data at rest, which you can use or not depending on your threat profile: 1- Permissions: Use bucket-level or object-level permissions alongside IAM policies to protect resources from unauthorized access and to prevent information disclosure, data integrity compromise or deletion. 2- Versioning: Amazon S3 supports object versions. Versioning is disabled by default. Enable versioning to store a new version for every modified or deleted object from which you can restore compromised objects if necessary. 3- Replication: Amazon S3 replicates each object across all Availability Zones within the respective region. Replication can provide data and service availability in the case of system failure, but provides no protection against accidental deletion or data integrity compromise - it replicates changes across all Availability Zones where it stores copies. 4- Backup: You can use application-level technologies to manually back up data stored in Amazon S3 to other AWS regions or to on-premises backup systems. 5- Encryption - server side: Amazon S3 supports server-side encryption of user data. Server-side encryption is transparent to the end user. AWS generates a unique encryption key for each object, and then encrypts the object using AES-256. 6- Encryption - client side: With client-side encryption you create and manage your own encryption keys. Keys you create are not exported to AWS in clear text. Your applications encrypt data before submitting it to Amazon S3, and decrypt data after receiving it from Amazon S3. Data is stored in an encrypted form, with keys and algorithms only known to you. You can back up data stored in Amazon S3 manually NOT automatically. Amazon S3 supports data replication and versioning instead of automatic backups.

You are planning to use the Microsoft SQL Server as your database engine. Which service allows you to run this commercial database on AWS?

Amazon Web Services offers you the flexibility to run Microsoft SQL Server for as much or as little time as you need. You can select from a number of versions and editions, as well as choose between running it on Amazon Elastic Compute Cloud (Amazon EC2) or Amazon Relational Database Service (Amazon RDS). Using SQL Server on Amazon EC2 gives you complete control over every setting, just like when it's installed on-premises. Amazon RDS is a fully managed service that takes care of all the maintenance, backups, and patching for you. You can choose AWS license-included options on Amazon EC2 instances and Amazon RDS or you may choose to bring your own license on Amazon EC2.

Which of the following AWS services are part of the AWS Foundation services for the Reliability pillar of the Well-Architected Framework in AWS Cloud? (Select two) (a)AWS Identity and Access Management (IAM) (b)WS CloudFormation (c)AWS Trusted Advisor (d)AWS CloudTrail (e)Amazon CloudWatch

Answer (A,C) AWS Trusted Advisor AWS Identity and Access Management (IAM) Foundations are part of the Reliability pillar of the AWS Well-Architected Framework. AWS states that before architecting any system, foundational requirements that influence reliability should be in place. The services that are part of foundations are: AWS IAM, Amazon VPC, AWS Trusted Advisor, AWS Shield.

Amazon EBS volumes are automatically replicated within the same availability zone. What is the benefit of this? (a)Elasticity (b)Durability (c)Traceability (d)Accessibility

Answer (B) Durability refers to the ability of a system to assure data is stored and data remains consistent in the system as long as it is not changed by legitimate access. This means that data should not become corrupted or disappear due to a system malfunction. The replication of data makes EBS volumes 20 times more durable than typical commodity disk drives, which fail with an AFR (annual failure rate) of around 4%. For example, if you have 1,000 EBS volumes running for 1 year, you should expect 1 to 2 will have a failure. Option A is not correct. Elasticity refers to the ability of a system to scale its resources up or down based on demand. Option C is not correct. Traceability is related to the tracking of changes made throughout a system, and not related to replicating EBS data. Option D is not correct. Replicating the volume doesn't impact how you can access it. You can access EBS volumes using EC2 after mounting them to the operating system.

An organization has an on-premises application that serves users from all around the world. If instead the application was deployed in AWS, what is the AWS characteristic that could help reduce latency to their users? (a)High Availability (b)Elasticity (c)Global reach (d)Fault tolerance

Answer (C) If you deliver applications to your global users from an on-premises datacenters, your users might face inconsistent availability and performance. AWS solved this problem by providing the ability to deploy your application in multiple regions around the world. The user will be redirected to the region that provides the lowest possible latency and the highest performance. You can also use the CloudFront service that uses edge locations (which are located in most of the major cities across the world) to deliver content with low latency and high performance to your global users. ***Option A is not correct. High Availability can be achieved by deploying your application in multiple availability zones within a single region. This may not reduce latency to your international users.*** ***Option B is not correct. AWS Elasticity allows you to reduce costs by scaling your resources down when demand decreases and maintain performance by scaling your resources up when demand increases.*** ***Option D is not correct. Fault tolerance has a different purpose. You should build your architecture to be fault tolerant to protect from infrastructure or system disruptions.***

Your company is trying to deploy a two-tier, highly available web application to AWS. The application needs a storage layer to store artifacts such as photos and videos. Which of the following services can best be used as the underlying storage mechanism? (a)Amazon EBS volume (b)Amazon EC2 instance store (c)Amazon S3 (d)Amazon RDS instance

Answer (C) Amazon S3 is object storage built to store and retrieve any amount of data from anywhere on the Internet. It's a simple storage service that offers an extremely durable, highly available, and infinitely scalable data storage infrastructure at very low costs. Option A is not correct. Amazon EBS is a block level storage that can only be used as a drive for Amazon EC2 or Amazon RDS. Amazon EBS is not for storing images or videos. Amazon EBS is designed for application workloads that benefit from fine tuning for performance and capacity. Typical use cases include Big Data analytics engines (like the Hadoop/HDFS ecosystem and Amazon EMR clusters), relational and NoSQL databases (like Microsoft SQL Server and MySQL or Cassandra and MongoDB), stream and log processing applications (like Kafka and Splunk), and data warehousing applications (like Vertica and Teradata). Option B is not correct. Amazon EC2 Instance Store provides temporary block-level storage for your instance. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers. Option D is not correct. Amazon RDS Instances are used to run relational databases in the cloud not for storing files. References:

What service helps you to aggregate logs from your EC2 instance? Choose two answers from the options below? (a)SQS (b)S3 (c)Cloudtrail (d)Cloudwatch Logs

Answer (C, D) You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, and other sources. You can then retrieve the associated log data from CloudWatch Log

Which AWS services can be used together to send alerts whenever the AWS account root user signs in? (Select two) (a)Step Function (b)SQS (c)Lambda (d)CloudWatch (e)SNS

Answer (D , E) CloudWatch Amazon CloudWatch Events delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources. Using simple rules that you can quickly set up, you can match events and route them to one or more target functions or streams. CloudWatch Events becomes aware of operational changes as they occur. CloudWatch Events responds to these operational changes and takes corrective action as necessary, by sending messages to respond to the environment, activating functions, making changes, and capturing state information. Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. Additionally, SNS can be used to fan out notifications to end users using mobile push, SMS, and email. To send alerts whenever the AWS account root user signs in, you can create an Amazon Simple Notification Service (Amazon SNS) topic. Then, create an Amazon CloudWatch event rule to monitor userIdentity root logins from the AWS Management Console and send an email via SNS when the event triggers.

Which of the following AWS Support plans provide programmatic access to AWS Support Center features to create, manage and close your support cases? (Select two) (a)Developer (b)Basic (c)Corporate (d)Business (e)Enterprise

Answer (D, E) Enterprise - AWS Enterprise Support provides customers with concierge-like service where the main focus is helping the customer achieve their outcomes and find success in the cloud. With Enterprise Support, you get 24×7 technical support from high-quality engineers, tools and technology to automatically manage the health of your environment, consultative architectural guidance delivered in the context of your applications and use-cases, and a designated Technical Account Manager (TAM) to coordinate access to proactive/preventative programs and AWS subject matter experts. You get programmatic access (API Access) to AWS Support Center features to create, manage, and close your support cases, and operationally manage your Trusted Advisor check requests and status. Business - AWS recommends Business Support if you have production workloads on AWS and want 24×7 phone, email and chat access to technical support and architectural guidance in the context of your specific use-cases. You get full access to AWS Trusted Advisor Best Practice Checks. You get programmatic access (API Access) to AWS Support Center features to create, manage, and close your support cases, and operationally manage your Trusted Advisor check requests and status.

Which of the following features of RDS allows for data redundancy across regions and improves disaster recovery? (a)Multi-region replication (b)Multi-AZ (c)Creating Write Replicas (d)Creating Read Replicas

Answer is (D) Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This feature makes it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. In addition to that creating Read Replicas across regions improves your disaster recovery capabilities and allows you to scale out globally. ***Option A is not correct. The Multi-region replication is not an Amazon RDS feature.*** ***Option B is not correct. The Multi-AZ feature always spans two Availability Zones within a single Region.*** ***There are not write Replicas in RDS feature***

A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task? (a)AWS Systems Manager (b)Amazon Inspector (c)AWS Personal Health Dashboard (d)AWS Trusted Advisor

Answer( A) AWS Systems Manager allows you to centralize operational data from multiple AWS services and automate tasks across your AWS resources. You can create logical groups of resources such as applications, different layers of an application stack, or production versus development environments. Incorrect option is selected is AWS Personal Health Dashboard AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that might affect you. It is not used to get operational insights of AWS resources.

Select TWO examples of the AWS shared controls. (a)Datacenter operations. (b)Patch Management. (c)Configuration Management. (d)VPC Management. (e)IAM Management.

Answer( B , C) Shared Controls are controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: ** Patch Management - AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. ** Configuration Management - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. ** Awareness & Training - AWS trains AWS employees, but a customer must train their own employees.

Which of the following should you consider when creating a tagging strategy for your AWS resources? (Choose two) (a)Configure your VPC to add tags automatically to your resources. (b)Use as many tags as possible to help filter your resources easily. (c)Use unique keys and values to help manage resources more efficiently. (d)Always use a case-sensitive format for tags. (e)Always use lower case letters for tags.

Answer( B , D) When creating a tagging strategy for AWS resources, make sure that it accurately represents organizationally relevant dimensions and adheres to the following tagging best practices: 1- Always use a standardized, case-sensitive format for tags, and implement it consistently across all resource types. 2- Consider tag dimensions that support the ability to manage resource access control, cost tracking, automation, and organization. 3- Implement automated tools to help manage resource tags. 4- Err on the side of using too many tags rather than too few tags. 5- Remember that it is easy to modify tags to accommodate changing business requirements, however consider the ramifications of future changes, especially in relation to tag-based access control, automation, or upstream billing reports. Option A is not correct. Tags are not automatically assigned to your resources. You have to add tags to your resources manually. Adding tags to your resources enables you to organize, filter, and manage them easily. Option C is not correct. If all the resources have different keys and values, then you will not benefit from using them. For example, if you have a development and a production environment and you want to distinguish between the resources used in each of them, you have to add a tag [e.g. KEY = "Purpose" and VALUE = either "Development" or "Production"] for all resources. When you want to select all production resources, first select the key which is "Purpose" then select the value "Production". Option E is not correct. Tag keys and values are case-sensitive.

A company wants to improve the resiliency of its flagship application so it wants to move from its traditional database system to a managed AWS database service to support active-active configuration in both the East and West US AWS regions. The active-active configuration with cross-region support is the prime criteria for any database solution that the company considers. Which AWS database service is the right fit for this requirement? (a)Amazon DynamoDB with DynamoDB Accelerator (b)Amazon Relational Database Service (Amazon RDS) for MYSQL (c)Amazon DynamoDB with global tables (d)Amazon Aurora with multi-master clusters

Answer( C) Amazon DynamoDB is a fully managed, serverless, key-value NoSQL database designed to run high-performance applications at any scale. DynamoDB offers built-in security, continuous backups, automated multi-region replication, in-memory caching, and data export tools. DynamoDB global tables replicate data automatically across your choice of AWS Regions and automatically scale capacity to accommodate your workloads. With global tables, your globally distributed applications can access data locally in the selected regions to get single-digit millisecond read and write performance. DynamoDB offers active-active cross-region support that is needed for the company. Incorrect answers Amazon DynamoDB with DynamoDB Accelerator - DynamoDB Accelerator (DAX) is an in-memory cache that delivers fast read performance for your tables at scale by enabling you to use a fully managed in-memory cache. Using DAX, you can improve the read performance of your DynamoDB tables by up to 10 times—taking the time required for reads from milliseconds to microseconds, even at millions of requests per second. DAX does not offer active-active cross-Region configuration. Amazon Aurora with multi-master cluster - Amazon Aurora (Aurora) is a fully managed relational database engine that's compatible with MySQL and PostgreSQL. With some workloads, Aurora can deliver up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications. In a multi-master cluster, all DB instances have read/write capability. Currently, all DB instances in a multi-master cluster must be in the same AWS Region. You can't enable cross-Region replicas from multi-master clusters. Amazon Relational Database Service (Amazon RDS) for MYSQL - Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. RDS does not support active-active configuration with cross-region support.

Which of the following are attributes to the costing for using the Simple Storage Service. Choose 2 answers from the options given below? (a)The storage class used for the objects stored. (b)Number of S3 buckets (c)The total size in gigabytes of all objects stored. (d)Using encryption in S3

Answer(A , C)

What are the benefits provided by the AWS Personal Health Dashboard? (Choose two) (a)Personalized View of Service Health (b)Detailed Troubleshooting Guidance (c)Check your applications for vulnerabilities (d)Cost Optimization (e)Published information about the current status and availability of AWS services

Answer(A , C) AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. The benefits of the AWS personal health dashboard include: **A personalized View of Service Health: Personal Health Dashboard gives you a personalized view of the status of the AWS services that power your applications, enabling you to quickly see when AWS is experiencing issues that may impact you. For example, in the event of a lost EBS volume associated with one of your EC2 instances, you would gain quick visibility into the status of the specific service you are using, helping save precious time troubleshooting to determine root cause. **Proactive Notifications: The dashboard also provides forward looking notifications, and you can set up alerts across multiple channels, including email and mobile notifications, so you receive timely and relevant information to help plan for scheduled changes that may affect you. In the event of AWS hardware maintenance activities that may impact one of your EC2 instances, for example, you would receive an alert with information to help you plan for, and proactively address any issues associated with the upcoming change. **Detailed Troubleshooting Guidance: When you get an alert, it includes remediation details and specific guidance to enable you to take immediate action to address AWS events impacting your resources. For example, in the event of an AWS hardware failure impacting one of your EBS volumes, your alert would include a list of your affected resources, a recommendation to restore your volume, and links to the steps to help you restore it from a snapshot. This targeted and actionable information reduces the time needed to resolve issues.

one of the benefits of the AWS Cloud is that there are many services available to use of which you don't need to manage their underlying infrastructure. Which of the following are examples of these services?(Choose TWO) (a)DynamoDB (b)EC2 (c)Amazon Elastic MapReduce. (d)Amazon VPC.

Answer(A , C) The Amazon Elastic MapReduce and DynamoDB are managed services that you don't need to manage their underlying infrastructure. Other managed services include: Amazon S3, Amazon RDS, Amazon Redshift, Amazon WorkSpaces, Amazon CloudFront, Amazon CloudSearch and several other services.

What services/features are required to maintain a highly available and fault-tolerant architecture in AWS? (Choose two) (a)Elastic Load Balancer (b)CloudFormation (c)AWS NACL (d)Amazon EC2 Auto Scaling

Answer(A , D) ** Amazon EC2 Auto Scaling continually monitors the utilization of the instances underlying your application to make sure that your application always has the right amount of compute. In other words Amazon EC2 Auto Scaling automatically scales the instances up during demand spikes (to increase the availability of the application) or scales them down when demand lulls (to minimize costs). In addition to that, Amazon EC2 Auto Scaling can detect when an instance is unhealthy, terminate it, and replace it with a new one which increases the "Fault Tolerance" of your application. ** Elastic Load Balancing provides an effective way to increase the availability and fault tolerance of a system. First ELB tries to discover the availability of your EC2 instances, it periodically sends pings, attempts connections, or sends requests to test the EC2 instances. These tests are called health checks. The status of the instances that are healthy at the time of the health check is InService. The status of any instances that are unhealthy at the time of the health check is OutOfService. The load balancer routes user requests only to the healthy instances. When the load balancer determines that an instance is unhealthy, it stops routing requests to that instance. The load balancer resumes routing requests to the instance when it has been restored to a healthy state.

Under the Shared Responsibility Model, which of the following are controls which a customer fully inherits from AWS? (Choose two) (a)Environmental controls. (b)Patch management controls. (c)Database controls. (d)Physical controls. (e)Awareness & Training

Answer(A , D) Inherited Controls are controls which a customer fully inherits from AWS such as physical controls and environmental controls. Option B is not correct. Patch Management belongs to the shared controls. AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. Option C is not correct. Database controls belongs to the shared controls. AWS maintains the configuration of its infrastructure devices that run the database, but a customer is responsible for configuring their own databases, and applications. Option E is not correct. Awareness & Training belongs to the shared controls. AWS trains AWS employees, but a customer must train their own employees.

Which of the following AWS Cloud services is designed with native Multi-AZ fault tolerance in mind? (Choose two) (a)Amazon DynamoDB (b)Amazon ElastiCache (c)Elastic Load Balancing (d)Amazon Virtual Private Cloud (Amazon VPC) (e)Amazon Simple Storage Service (Amazon S3)

Answer(A , E) ** Amazon DynamoDB runs across AWS proven, high-availability data centers. The service replicates data across three facilities in an AWS region to provide fault tolerance in the event of a server failure or Availability Zone outage. ** Amazon S3 provides durable infrastructure to store important data and is designed for durability of 99.999999999% of objects. Your data is redundantly stored across multiple facilities and multiple devices in each facility. Options B & C are not correct. Although Elastic Load Balancing and Amazon ElastiCache can be deployed across multiple Availability Zones, you must explicitly take such steps when creating them. Option D is not correct. The Multi-AZ principle involves deploying an AWS resource in multiple Availability Zones to achieve high availability for that resource. A virtual private cloud (VPC) is not a resource, it is a virtual network dedicated to your AWS account where you can deploy your AWS resources.

Which of the following are use cases for Amazon S3? (Choose two) (a)Hosting static websites (b)Cost-effective database and log storage (c)Hosting websites that require sustained high CPU utilization (d)Processing data streams at any scale (e)A media store for the CloudFront service

Answer(A , E) ou can host a static website on Amazon Simple Storage Service (Amazon S3). On a static website, individual webpages include static content. They might also contain client-side scripts. To host a static website, you configure an Amazon S3 bucket for website hosting, allow public read access, and then upload your website content to the bucket. By contrast, a dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting. Amazon Web Services (AWS) also has resources for hosting dynamic websites such as Amazon EC2. Amazon S3 is an excellent storage facility for your media assets. It is infinitely scalable, has built-in redundancy, and is available to you on a pay-as-you-go basis. For example, if you want to deliver or stream video files to your global users, all you need to do is to put your content in an S3 bucket and create a CloudFront distribution that points to the bucket. Your user's video player will use CloudFront URLs to request the video file. The request will be directed to the best edge location, based on the user's location. The Amazon Cloudfront Content Delivery Network (CDN) will serve the video from its cache, fetching it from the S3 bucket if it has not already been cached. The CDN caches content at the edge locations for consistent, low-latency, high-throughput video delivery.

A company is planning to introduce a new product to their customers. They are expecting high traffic to their web application. As part of the Enterprise support plan, which of the following could provide them with architectural and scaling guidance? (a)Infrastructure Event Management (b)AWS Management Support (c)AWS Support API (d)AWS Support Concierge Service

Answer(A) Infrastructure Event Management is a short-term engagement with AWS Support, included in the Enterprise-level Support product offering, and available for additional purchase for Business-level Support subscribers. AWS Infrastructure Event Management partners with your technical and project resources to gain a deep understanding of your use case and provide architectural and scaling guidance for an event. Common use-case examples for AWS Event Management include advertising launches, new product launches, and infrastructure migrations to AWS.

Which pillar of AWS Well-Architected Framework is responsible for making sure that you select the right resource types and sizes based on your workload requirements? (a)Performance Efficiency (b)Reliability (c)Cost Optimization (d)Operational Excellence

Answer(A) Performance Efficiency - The performance efficiency pillar focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.

Which of the following S3 storage classes is ideal for data with unpredictable access patterns? (a)Amazon S3 Intelligent-Tiering. (b)Amazon S3 On-demand-Tiering. (c)Amazon S3 Standard. (d)Amazon S3 Standard-Infrequent Access. (e)Amazon S3 Glacier.

Answer(A) The S3 Intelligent-Tiering storage class is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. It works by storing objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. For a small monthly monitoring and automation fee per object, Amazon S3 monitors access patterns of the objects in S3 Intelligent-Tiering, and moves the ones that have not been accessed for 30 consecutive days to the infrequent access tier. If an object in the infrequent access tier is accessed, it is automatically moved back to the frequent access tier. There are no retrieval fees when using the S3 Intelligent-Tiering storage class, and no additional tiering fees when objects are moved between access tiers. It is the ideal storage class for long-lived data with access patterns that are unknown or unpredictable.

Upgrading a server with a larger hard drive is an example of __________ , while adding more hard drives to a storage array is an example of __________ . (a)Vertical Scaling, Horizontal Scaling. (b)Vertical Scaling, Vertical Scaling. (c)Horizontal Scaling, Vertical Scaling. (d)Horizontal Scaling, Horizontal Scaling.

Answer(A) ** Scaling Vertically: Scaling vertically takes place through an increase in the specifications of an individual resource (e.g., upgrading a server with a larger hard drive, adding more memory, or provisioning a faster CPU). On Amazon EC2,this can easily be achieved by stopping an instance and resizing it to an instance type that has more RAM, CPU, IO,or networking capabilities. This way of scaling can eventually hit a limit and it is not always a cost efficient or highly available approach. However, it is very easy to implement and can be sufficient for many use cases especially in the short term. ** Scaling Horizontally: Scaling horizontally takes place through an increase in the number of resources (e.g., adding more hard drives to a storage array or adding more servers to support an application). This is a great way to build Internet-scale applications that leverage the elasticity of cloud computing.

An AWS hardware failure has impacted one of your EBS volumes. Which AWS service will alert you of the affected resources and provide a remedial action? (a)AWS Personal Health Dashboard (b)AWS Trusted Advisor (c)Amazon GuardDuty (d)AWS Config

Answer(A) AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view of the performance and availability of the AWS services underlying your AWS resources. The dashboard displays relevant and timely information to help you manage events in progress, and provides proactive notification to help you plan for scheduled activities. With Personal Health Dashboard, alerts are triggered by changes in the health of AWS resources, giving you event visibility, and guidance to help quickly diagnose and resolve issues. For example, in the event of an AWS hardware failure impacting one of your EBS volumes, you will get an alert that includes a list of your affected resources, a recommendation to restore your volume, and links to the steps to help you restore it from a snapshot.

Which services allow the customer to retain full administrative privileges of the underlying virtual infrastructure? (a)Amazon EC2 (b)Amazon S3 (c)Amazon Lambda (d)Amazon DynamoDB

Answer(A) All of the other services are all managed by AWS as serverless components. Only you have complete control over the EC2 service

Miller is working with a large data set, and he needs to import it into a relational database service. What AWS service will meet his needs? (a)RDS (b)DynamoDB (c)ElastiCache (d)Neptune

Answer(A) RDS is the AWS's relational database service.

Once an AWS service has been provisioned, it is expected to work uninterrupted without any network or access issues. In case of any failures, the service should recover quickly. Which pillar of the AWS Well-Architected Framework caters to this ability? (a)Reliability (b)Security (c)Performance Efficiency (d)Operational Excellence

Answer(A) The reliability pillar focuses on the ability to prevent, and quickly recover from failures to meet business and customer demand. Key topics include foundational elements around setup, cross-project requirements, recovery planning, and how we handle change.

Which of the following AWS services scale automatically without your intervention? (Choose three) (a)Amazon S3 (b)Amazon EMR (c)Amazon EFS (d)Amazon EC2 (e)AWS Lambda

Answer(A, C, E) Both S3 and EFS scale automatically in storage capacity without any intervention to meet increased demand. Also, AWS Lambda dynamically scales function execution in response to increased traffic. Option B is not correct. Amazon EMR doesn't scale on its own. You have to configure the AWS Auto Scaling feature to scale EMR automatically. Option D is not correct. Amazon EC2 does scale automatically, but first you have to create an Auto Scaling system by creating a launch configuration, an auto scaling group, and determine the desired, minimum and maximum number of instances to provision.

Which of the following will impact the price paid for an EC2 instance? (Choose two) (a)The Availability Zone where the instance is provisioned (b)Instance Type. (c)Compute time consumed (d)Storage capacity (e)The IAM identity that uses the instance

Answer(B , D) EC2 instance pricing varies depending on many variables: - The buying option (On-demand, Reserved, Spot, Dedicated) - Selected AMI - Selected instance type - Region - Data Transfer in/out - Storage capacity. Option A is not correct. Prices of the Amazon EC2 instances may vary depending on the Region where the instances are provisioned. They do not vary based on which AZ they are hosted within a region. Option C is not correct. An EC2 instance once allocated, you will be charged for it. For example, If you provision 2 EC2 instances and they are in the running state you will be charged for every hour they are running until you stop or terminate them. AWS will continue to charge you for the 2 instances whether you are using them or not. Option E is not correct. IAM identities include users, groups and roles. These identities are used to control who can access and use the instances. They don't have any impact on EC2 pricing.

What are characteristics of Amazon S3? Choose 2 answers from the options given below. (a)S3 allows you to store objects of virtually unlimited size. (b)S3 allows you to store unlimited amounts of data. (c)S3 should be used to host a relational database. (d)Objects are directly accessible via a URL.

Answer(B , D) Each object does have a limitation in S3(5TB), but you can store virtually unlimited amounts of data. Also each object gets a directly accessible URL

Which of the following reserved instance payment options result in you paying a discounted hourly rate throughout the duration of the term? (Choose two) (a)All Upfront option. (b)Partial Upfront option. (c)Percentage Upfront option. (d)No Upfront option.

Answer(B , D) You can choose between three payment options when you purchase a Standard or Convertible Reserved Instance: 1- No Upfront: No upfront payment is required. You are billed a discounted hourly rate for every hour within the term, regardless of whether the Reserved Instance is being used. No Upfront Reserved Instances are based on a contractual obligation to pay monthly for the entire term of the reservation. A successful billing history is required before you can purchase No Upfront Reserved Instances. 2- Partial Upfront: A portion of the cost must be paid up front and the remaining hours in the term are billed at a discounted hourly rate, regardless of whether you're using the Reserved Instance. 3- All Upfront: With the All Upfront option, you pay for the entire Reserved Instance term with one upfront payment. This option provides you with the largest discount compared to On-Demand instance pricing. Option A is not correct. When choosing "All Upfront", a full payment is made at the start of the term, with no other costs or additional hourly charges incurred for the remainder of the term, regardless of hours used. Option C is not correct. Percentage upfront is not an available option.

Which of the following services allows you to manage your agreements with AWS? (a)AWS Organization. (b)AWS Artifact. (c)AWS Systems Manager. (d)AWS Certificate Manager.

Answer(B) AWS Artifact is a self-service audit artifact retrieval portal that provides our customers with on-demand access to AWS' compliance documentation and AWS agreements. You can use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports. You can use AWS Artifact Agreements to review, accept, and track the status of AWS agreements such as the Business Associate Addendum (BAA). Option D is not correct. AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources

A gaming company is looking at a technology/service that can deliver a consistent low-latency gameplay to ensure a great user experience for end-users in various locations. Which AWS technology/service will provide the necessary low-latency access to the end-users? (a)AWS Edge location (b)AWS Local Zones (c)AWS Direct Connect (d)AWS Wavelength

Answer(B) AWS Local Zones allow you to use select AWS services, like compute and storage services, closer to more end-users, providing them very low latency access to the applications running locally. AWS Local Zones are also connected to the parent region via Amazon's redundant and very high bandwidth private network, giving applications running in AWS Local Zones fast, secure, and seamless access to the rest of AWS services. You should use AWS Local Zones to deploy workloads closer to your end-users for low-latency requirements. AWS Local Zones have their connection to the internet and support AWS Direct Connect, so resources created in the Local Zone can serve local end-users with very low-latency communications. Incorrect option i selected is AWS Edge Location. An AWS Edge location is a site that CloudFront uses to cache copies of the content for faster delivery to users at any location.

You need to migrate a large number of on-premises workloads to AWS. Which of the following is the fastest way to achieve your goal? (a)Use the AWS Database Migration Service. (b)Use the AWS Server Migration Service. (c)Use the AWS Application Discovery Service. (d)None of the above.

Answer(B) AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS. AWS SMS allows you to automate, schedule, and track incremental replications of live server volumes, making it easier for you to coordinate large-scale server migrations. Option A is not correct. AWS Database Migration Service is used to migrate your data to and from most of the widely used commercial and open source databases. Option C is not correct. AWS Application Discovery Service is used to discover on-premises server inventory and behavior. This service is very useful when creating a migration plan to AWS.

company has decided to migrate to the AWS Cloud. AWS offers a wide range of services and instance types. They want to reduce costs as much as possible. Which of the following is the main factor to consider when choosing the instance type of services like Amazon RDS and Amazon Redshift? (a)Your team experience with these services. (b)Workload utilization of CPU & RAM. (c)The type of your current on-premise database. (d)Sources of traffic.

Answer(B) AWS offers a broad range of resource types and configurations to suit a plethora of use cases. For example, services like Amazon EC2, Amazon RDS, Amazon Redshift, and Amazon Elasticsearch Service(Amazon ES) give you a lot of choice of instance types. In some cases, you should select the cheapest type that suits your workload's requirements. In other cases, using fewer instances of a larger instance type might result in lower total cost or better performance. You should benchmark and select the right instance type depending on how your workload utilizes CPU, RAM, network, storage size, and I/O. Incorrect Option A is not correct. The services mentioned and most of the AWS services are easy to set up, deploy, and manage. These services automate most of the common administrative tasks to manage, monitor, and scale your AWS resources. Option C is not correct. You can migrate your current on-premise database data to and from most widely used commercial and open-source databases using the AWS database migration service. Option D is not correct. In Web analytics, traffic sources is a report that provides an overview of the different kinds of sources that send traffic to your Web site, for example direct traffic (clicks from bookmarks or visitors who know your URL) , Web search engines, referring URLs(other Web sites directing traffic to you), ... etc. Sources of traffic are an important factor when analyzing your marketing procedures NOT when choosing an instance type.

What is the easiest way to launch and manage a virtual private server in AWS? (a)Using Amazon Virtual Private Cloud (b)Using Amazon Lightsail (c)Using AWS Virtual Private Network (d)Using Amazon Route 53

Answer(B) Amazon Lightsail is designed to be the easiest way to launch and manage a virtual private server with AWS. Lightsail plans include everything you need to jumpstart your project -a virtual machine, SSD-based storage, data transfer, DNS management, and a static IPaddress-for a low, predictable price. Option A is not correct. Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined.

You have 2 accounts in your AWS account. One for the Dev and the other for QA. All are part of consolidated billing. The master account has purchase 3 reserved instances. The Dev department is currently using 2 reserved instances. The QA team is planning on using 3 instances which of the same instance type. What is the pricing tier of the instances that can be used by the QA Team? (a)No Reserved and 3 on-demand (b)One Reserved and 2 on-demand (c)Two Reserved and 1 on-demand (d)Three Reserved and no on-demand

Answer(B) Since all are a part of consolidating billing, the pricing of reserved instances can be shared by All. And since 2 are already used by the Dev team , another one can be used by the QA team. The rest of the instances can be on-demand instances. For more information on AWS Reserved instances

Which of the following allows you to carve out a portion of the AWS Cloud? (a)AWS Subnets (b)AWS VPC (c)AWS Regions (d)AWS Availability Zones

Answer(B) The AWS Documentation mentions the following Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

You have an EC2 Instance in development that interacts with the Simple Storage Service. The EC2 Instance is going to be promoted to the production environment. Which of the following features should be used for secure communication between the EC2 Instance and the Simple Storage Service. (a)IAM Users (b)IAM Roles (c)IAM Groups (d)AM policies

Answer(B) The AWS Documentation mentions the following An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials (password or access keys) associated with it. Instead, if a user assumes a role, temporary security credentials are created dynamically and provided to the user.

AWS changes the way you pay for servers compared to other traditional hosting providers. What purchasing option does Amazon EC2 make available so you pay lower prices for compute instances? (a)The ability to pay a bidding price that is lower than the on-demand price. (b)The ability to pay upfront to get lower hourly costs (c)The ability to pay only for the compute time you use (d)The ability to pay lower hourly costs when using more compute capacity

Answer(B) With Reserved Instances, you can save up to 75% over equivalent on-demand capacity. When you buy Reserved Instances, the larger the upfront payment, the greater the discount. Option A is not correct. The way the Spot instance pricing model works is that you bid a price for your instance, the spot market will accept bids when the bid price is higher than the market price. You get the instance as long as the market price is lower than your bidding price. You pay the lower market price, NOT the bidding price. Option C is not correct. Amazon EC2 allows you to pay only for the instances you allocate. Once you provision an EC2 instance, you will pay for every hour the instance is in the running state. This is regardless of whether you are using the instance or not. Note: The service that allows you to pay only for the compute time you consume is Lambda. Option D is not correct. Tiered pricing or Volume pricing is not applied to compute services. Tiered pricing is available only for storage and data transfer. The more storage and data transfer you use, the less you pay per gigabyte.

An e-commerce company would like to receive alerts when the Reserved EC2 Instances utilization drops below a certain threshold. Which AWS service can be used to address this use-case? (a)AWS Systems Manager (b)AWS Budgets (c)AWS Cost Explorer (d)AWS Trusted Advisor

Answer(B) AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. You can define a utilization threshold and receive alerts when your RI usage falls below that threshold. This lets you see if your RIs are unused or under-utilized. Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations.

A research lab wants to optimize the caching capabilities for its scientific computations application running on EC2 instances. Which EC2 storage option is best suited for this use-case? (a)Amazon EBS (b)Amazon EC2 Instance Store (c)Amazon EFS (d)Amazon S3

Answer(B) Amazon EC2 Instance Store An Instance Store provides temporary block-level storage for your EC2 instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for the temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers. Instance storage is temporary, data is lost if instance experiences failure or is terminated.

You have decided to pay a low upfront fee in order to get a significantly discounted hourly rate. What payment model are you planning to use? (a)Pay as you go (b)Save when you reserve. (c)Pay less as AWS grows (d)Pay less by using more.

Answer(B) For certain products, like Amazon EC2 and Amazon RDS, you can invest in reserved capacity. In that case, you pay a low upfront fee and get a significantly discounted hourly rate, which results in overall savings up to 75%(depending on the type of instance you reserve) over equivalent on-demand capacity. Option A is not correct. On-demand is the option that represents the "Pay as you go" payment model. Option C is not correct. Pay less as AWS grows refers to the discounts that you get over time as AWS grows. This sometimes called "AWS Economies of Scale". For example, AWS has reduced the per GB storage price of S3 by 80% since the service was first introduced in 2006. Option D is not correct. "Pay less by using more" means that you get volume based discounts and as your usage increases. For services such as S3, pricing is tiered, meaning the more you use, the less you pay per GB.

What is the primary benefit of deploying an RDS database in a Read Replica configuration? (a)Read Replica enhances database availability (b)Read Replica improves database scalability (c)Read Replica reduces database usage costs (d)Read Replica protects the database from a regional failure

Answer(B) Read Replica improves database scalability Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. Read Replicas allow you to create read-only copies that are synchronized with your master database. Read Replicas are used for improved read performance. You can also place your read replica in a different AWS Region closer to your users for better performance. Incorrect Read Replica enhances database availability -Amazon RDS Multi-AZ deployments provide enhanced availability and durability for RDS database (DB) instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Read Replica cannot enhance database availability. Read Replica protects the database from a regional failure - You need to use RDS in Multi-Region deployment configuration to protect from a regional failure. Read Replica cannot protect from a regional failure. Read Replica reduces database usage costs - RDS with Read Replicas increases the database costs compared to the standard deployment. So this option is incorrect.

A company has developed an eCommerce web application and the application needs an uptime of at least 99.5%. Which of the following deployment strategies should they use? (a)Deploying the application across multiple VPC's (b)Deploying the application across multiple Regions (c)Deploying the application across Edge locations (d)Deploying the application across multiple subnets

Answer(B) The AWS Global infrastructure is built around Regions and Availability Zones (AZs). Each AWS Region is a separate geographic area. Each AWS Region has multiple, isolated locations known as Availability Zones. Availability Zones in a region are connected with low latency, high throughput, and highly redundant networking. These Availability Zones offer AWS customers an easier and more effective way to design and operate applications and databases, making them more highly available, fault tolerant, and scalable than traditional single datacenter infrastructures or multi-datacenter infrastructures. ***Option C is not correct. Edge locations are not used to host applications. Edge locations are used by CloudFront to cache and distribute content to your global customers with low latency.***

A company has a static website hosted on an S3 bucket in an AWS Region in Asia. Although most of its users are in Asia, now it wants to drive growth globally. How can it improve the global performance of its static website? (a)Use CloudWatch to improve the performance of your website (b)Use CloudFront to improve the performance of your website (c)Use WAF to improve the performance of your website (d)Use S3 Transfer Acceleration to improve the performance of your website

Answer(B) Use CloudFront to improve the performance of your website You can use Amazon CloudFront to improve the performance of your website. CloudFront makes your website files (such as HTML, images, and video) available from data centers around the world (called edge locations). When a visitor requests a file from your website, CloudFront automatically redirects the request to a copy of the file at the nearest edge location. This results in faster download times than if the visitor had requested the content from a data center that is located farther away. Incorrect Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront's globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path. Transfer Acceleration cannot be used to improve the performance of a static website.

Which of the following does AWS perform on its behalf for EBS volumes to make it less probe to failure? (a)Replication of the volume across Availability Zones (b)Replication of the volume in the same Availability Zone (c)Replication of the volume across Regions (d)Replication of the volume across Edge locations

Answer(B) When you create an EBS volume in an Availability Zone, it is automatically replicated within that zone to prevent data loss due to failure of any single hardware component

Which of the following AWS services are part of the AWS Foundation services for the Reliability pillar of the Well-Architected Framework in AWS Cloud? (Select two) (a)AWS CloudTrail (b)AWS CloudFormation (c)AWS Trusted Advisor (d)AWS Service Quotas (e)Amazon CloudWatch

Answer(C , D) Foundations are part of the Reliability pillar of the AWS Well-Architected Framework. AWS states that before architecting any system, foundational requirements that influence reliability should be in place. The services that are part of foundations are: Amazon VPC, AWS Trusted Advisor, AWS Service Quotas (formerly called AWS Service Limits). AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits, and performance improvement. Whether establishing new workflows, developing applications, or as part of ongoing improvement, recommendations provided by Trusted Advisor regularly help keep your solutions provisioned optimally. Service Quotas enables you to view and manage your quotas for AWS services from a central location. Quotas, also referred to as limits in AWS, are the maximum values for the resources, actions, and items in your AWS account. Each AWS service defines its quotas and establishes default values for those quotas. Incorrect Answers AWS CloudTrail - AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides the event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. Think account-specific activity and audit; think CloudTrail. AWS CloudFormation - AWS CloudFormation provides a common language to model and provision AWS and third-party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all Regions and accounts. Think infrastructure as code; think CloudFormation. Amazon CloudWatch - Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides data and actionable insights to monitor applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. This is an excellent service for building Resilient systems. Think resource performance monitoring, events, and alerts; think CloudWatch. https://wa.aws.amazon.com/wat.pillar.reliability.en.html

Which of the following is NOT a factor when estimating the cost of Amazon EC2? (Choose two) (a)Elastic IP Addresses (b)Clock hours of server time (c)Number of security groups (d)Number of instances (e)Elastic Load Balancing. (f)Number of Hosted Zones.

Answer(C , F)

A company needs to track resource changes using the API call history. Which AWS service can help the company achieve this goal? (a)AWS Config (b)AWS CloudFormation (c)AWS CloudTrail (d)AWS CloudWatch

Answer(C) AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. With CloudTrail, you can get a history of AWS API calls for your account, including API calls made using the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services (such as AWS CloudFormation). The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing. Option A is not correct. AWS Config is used to monitor and record your AWS resource configurations and allow you to automate the evaluation of recorded configurations against desired configurations.

You are sure that your application deployed in AWS needs frequent updates for the next 6 months. Which of the following services would allow you to make these updates easily, retaining the ability to change the AWS resources powering the application any time? (a)AWS Simple Storage Service. (b)AWS Elastic File System. (c)AWS Elastic Beanstalk. (d)AWS CodeCommit.

Answer(C) AWS Elastic Beanstalk is considered a Platform as a Service (PaaS). it is an easy-to-use service for deploying, scaling and updating web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time Option D is not correct. AWS CodeCommit is a source code control service that hosts secure Git-based repositories. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.

You want to monitor the CPU utilization of an EC2 resource in AWS. Which of the below services can help in this regard? (a)AWS Config (b)AWS Inspector (c)AWS Cloudwatch (d)AWS Trusted Advisor

Answer(C) Amazon CloudWatch is a service that monitors AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate.

A company has decided to migrate to AWS. What design principles should they consider to facilitate good design in the cloud? (a)Analyze your on-premises usage to guess your capacity needs on AWS. (b)Use AWS reservations to reduce costs when testing your production environment. (c)Automate to make architectural experimentation easier (d)Spend more time and effort when architecting your environment, it is not easy to change your decisions later.

Answer(C) The Well-Architected Framework identifies a set of general design principles to facilitate good design in the cloud: 1- Stop guessing your capacity needs: Eliminate guessing about your infrastructure capacity needs. When you make a capacity decision before you deploy a system, you might end up sitting on expensive idle resources or dealing with the performance implications of limited capacity. With cloud computing, these problems can go away. You can use as much or as little capacity as you need, and scale up and down automatically. 2- Test systems at production scale: In the cloud, you can create a production-scale test environment on demand, complete your testing, and then decommission the resources. Because you only pay for the test environment when it's running, you can simulate your live environment for a fraction of the cost of testing on premises. 3- Automate to make architectural experimentation easier: Automation allows you to create and replicate your systems at low cost and avoid the expense of manual effort. You can track changes to your automation, audit the impact, and revert to previous parameters when necessary. 4- Allow for evolutionary architectures: Allow for evolutionary architectures. In a traditional environment, architectural decisions are often implemented as static, one-time events, with a few major versions of a system during its lifetime. As a business and its context continue to change, these initial decisions might hinder the system's ability to deliver changing business requirements. In the cloud, the capability to automate and test on demand lowers the risk of impact from design changes. This allows systems to evolve over time so that businesses can take advantage of innovations as a standard practice. 5- Drive architectures using data: In the cloud you can collect data on how your architectural choices affect the behavior of your workload. This lets you make fact-based decisions on how to improve your workload. Your cloud infrastructure is code, so you can use that data to inform your architecture choices and improvements over time. 6- Improve through game days: Test how your architecture and processes perform by regularly scheduling game days to simulate events in production. This will help you understand where improvements can be made and can help develop organizational experience in dealing with events.

Which AWS service can be used to set up billing alarms to monitor estimated charges on your AWS account? (a)Consolidated Billing (b)AWS Cost Explorer (c)Amazon CloudWatch (d)AWS Organizations

Answer(C) Amazon CloudWatch Amazon CloudWatch can be used to create an alarm to monitor your estimated charges. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data. You can choose to receive alerts by email when charges have exceeded a certain threshold. These alerts are triggered by CloudWatch and messages are sent using Amazon Simple Notification Service (Amazon SNS). Billing metric data is stored in the US East (N. Virginia) Region and reflects worldwide charges. The alarm triggers when your account billing exceeds the threshold you specify. It triggers only when actual billing exceeds the threshold. It doesn't use projections based on your usage so far in the month. ***Exam Alert: It is useful to note the difference between CloudWatch Billing vs Budgets: CloudWatch Billing Alarms: Sends an alarm when the actual cost exceeds a certain threshold. Budgets: Sends an alarm when the actual cost exceeds the budgeted amount or even when the cost forecast exceeds the budgeted amount.***

You have 2 accounts in AWS. One for Dev and the other for QA. All are part of consolidated billing. The master account has purchased 4 reserved instances. The Dev department is currently using 2 reserved instances. The QA team is planning on using 3 instances, which are of the same instance type. What is the pricing tier of the instances that can be used by the QA Team? (a)No Reserved and 3 on-demand (b)One Reserved and 2 on-demand (c)Two Reserved and 1 on-demand (d)Three Reserved and one on-demand

Answer(C) For billing purposes, the consolidated billing feature of AWS Organizations treats all the accounts in the organization as one account. This means that all accounts in the organization can receive the hourly cost benefit of Reserved Instances that are purchased by any other account. Since 2 reserved instances are already used by the Dev team , then there are another 2 instances that can be used by the QA team. The rest of the instances can be on-demand instances. Therefore the correct answer is 2 reserved and 1 on-demand.

An IT company is on a cost-optimization spree and wants to identify all EC2 instances that are under-utilized. Which AWS services can be used off-the-shelf to address this use-case without needing any manual configurations? (Select two) (a)Amazon CloudWatch (b)AWS Budgets (c)The AWS Cost and Usage Reports (d)AWS Cost Explorer (e)AWS Trusted Advisor

Answer(D , E) AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: Cost Optimization, Performance, Security, Fault Tolerance, Service Limits. AWS Trusted Advisor checks the Amazon Elastic Compute Cloud (Amazon EC2) instances that were running at any time during the last 14 days and alerts you if the daily CPU utilization was 10% or less and network I/O was 5 MB or less on 4 or more days. AWS Cost Explorer AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. AWS Cost Explorer includes a default report that helps you visualize the costs and usage associated with your top five cost-accruing AWS services, and gives you a detailed breakdown of all services in the table view. The reports let you adjust the time range to view historical data going back up to twelve months to gain an understanding of your cost trends. The rightsizing recommendations feature in Cost Explorer helps you identify cost-saving opportunities by downsizing or terminating EC2 instances. You can see all of your underutilized EC2 instances across member accounts in a single view to immediately identify how much you can save. Incorrect options: AWS Cost and Usage Reports - The AWS Cost and Usage Reports (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use Cost and Usage Reports to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that break down your costs by the hour or month, by product or product resource, or by tags that you define yourself. Cost and Usage Reports cannot be used to identify under-utilized EC2 instances. Amazon CloudWatch - Amazon CloudWatch can be used to create alarm to monitor your estimated charges. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data. You can choose to receive alerts by email when charges have exceeded a certain threshold. Think resource performance monitoring, events, and alerts; think CloudWatch. CloudWatch cannot be used to identify under-utilized EC2 instances without manually configuring an alarm with the appropriate threshold to track the EC2 utilization, so this option is incorrect. AWS Budgets - AWS Budgets gives the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. Budgets can be created at the monthly, quarterly, or yearly level, and you can customize the start and end dates. You can further refine your budget to track costs associated with multiple dimensions, such as AWS service, linked account, tag, and others. AWS Budgets cannot be used to identify under-utilized EC2 instances without manually configuring coverage targets, so this option is incorrect.

which budget types can be created under AWS Budgets (Select three)? (a)Resource budget (b)Software budget (d)Hardware budget (d)Reservation budget (e)Usage budget (f)Cost budget

Answer(D ,E, F) Correct options: AWS Budgets enable you to plan your service usage, service costs, and instance reservations. AWS Budgets information is updated up to three times a day. Updates typically occur between 8 to 12 hours after the previous update. Budgets track your unblended costs, subscriptions, refunds, and RIs. There are four different budget types you can create under AWS Budgets - Cost budget, Usage budget, Reservation budget and Savings Plans budget. Cost budget - Helps you plan how much you want to spend on a service. Usage budget - Helps you plan how much you want to use one or more services. Reservation budget - This helps you track the usage of your Reserved Instances (RI). Two ways of doing it - RI utilization budgets (This lets you see if your RIs are unused or under-utilized), RI coverage budgets (This lets you see how much of your instance usage is covered by a reservation).

Which AWS Support plan provides general architectural guidance on how services can be used for various use-cases, workloads, or applications? (a)Enterprise (b)Business (c)Basic (d)Developer

Answer(D) Developer - AWS recommends Developer Support plan if you are testing or doing early development on AWS and want the ability to get email-based technical support during business hours. This plan also supports general guidance on how services can be used for various use cases, workloads, or applications. You do not get access to Infrastructure Event Management with this plan.

What information is required to calculate the Total Cost of Ownership for the AWS Cloud? (a)The number of end users you are currently serving (b)The number of on-premise applications (c)The number of active databases (d)The number of on-premise virtual machines

Answer(D) The AWS TCO (Total Cost of Ownership) Calculator provides directional guidance on possible realized savings when deploying AWS. This tool is built on an underlying calculation model, that generates a fair assessment of value that a customer may achieve given the data provided by the user which includes the number of servers migrated to AWS, the server type, the number of processors and so on.

Select the services that can be used to build hybrid cloud architectures. (Choose two) (a)AWS Cloud9 (b)AWS Artifact (c)AWS CloudTrail (d)AWS Identity and Access Management (e)Amazon Virtual Private Cloud

Answer(D, E) AWS Identity and Access Management (IAM) can grant your employees and applications access to the AWS Management Console and AWS service APIs using your existing identity systems. AWS IAM supports federation from corporate systems like Microsoft Active Directory, as well as external Web Identity Providers like Google and Facebook. Amazon Virtual Private Cloud (Amazon VPC) allows you to create a Hardware VPN connection between your corporate data center and your VPC to leverage the AWS Cloud as an extension of your corporate datacenter.

A multi-national organization has separate VPCs for each of its business units on the AWS Cloud. The organization also wants to connect its on-premises data center with all VPCs for better organization-wide collaboration. Which AWS services can be combined to build the MOST efficient solution for this use-case? (Select two) (a)VPC Peering (b)AWS Transit Gateway (c)AWS Direct Connect (d)AWS Internet Gateway (e)AWS Storage Gateway

Answers( B , C) AWS Transit Gateway connects VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router - each new connection is only made once. As you expand globally, inter-Region peering connects AWS Transit Gateways using the AWS global network. Your data is automatically encrypted and never travels over the public internet. AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.

What are the benefits of using AWS X-Ray

Benefits of AWS X-Ray include: 1- Review request behavior: AWS X-Ray traces user requests as they travel through your entire application. It aggregates the data generated by the individual services and resources that make up your application, providing you an end-to-end view of how your application is performing. 2- Discover application issues: With AWS X-Ray, you can glean insights into how your application is performing and discover root causes. With X-Ray's tracing features, you can follow request paths to pinpoint where in your application and what is causing performance issues.

An IT company wants to run a log backup process every Monday at 2 AM. The usual runtime of the process is 5 minutes. As a Cloud Practitioner, which AWS services would you recommend to build a serverless solution for this use-case? (Select two) (a)CloudWatch (b)Step Function (c)EC2 Instance (d)Systems Manager (e)Lambda

CloudWatch Lambda ***To build the solution for the given use-case, you can create a CloudWatch Events rule that triggers on a schedule via a cron expression. You can then set the Lambda as the target for this rule.*** Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides data and actionable insights to monitor applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume. The lambda has a maximum execution time of 15 minutes, so it can be used to run this log backup process.

Which of the following statements are true about Cost Allocation Tags in AWS Billing? (Select two) (a)You must activate both AWS generated tags and user-defined tags separately before they can appear in Cost Explorer or on a cost allocation report (b)Tags helps in organizing resources and are a mandatory configuration item to run reports (c)For each resource, each tag key must be unique, but can have multiple values (d)Only user-defined tags need to be activated before they can appear in Cost Explorer or on a cost allocation report (e)For each resource, each tag key must be unique, and each tag key can have only one value

Correct Answer(A and E) A Cost Allocation Tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a value. For each resource, each tag key must be unique, and each tag key can have only one value. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. AWS provides two types of cost allocation tags, an AWS generated tags and user-defined tags. AWS defines, creates, and applies the AWS generated tags for you, and you define, create, and apply user-defined tags. You must activate both types of tags separately before they can appear in Cost Explorer or on a cost allocation report.

Which of the following types are free under the Amazon S3 pricing model? (Select two) (a)Data storage fee for objects stored in S3 Glacier (b)Data transferred in from the internet (c)Data storage fee for objects stored in S3 Standard (d)Data transferred out to an Amazon Elastic Compute Cloud (Amazon EC2) instance in any AWS Region (e)Data transferred out to an Amazon Elastic Compute Cloud (Amazon EC2) instance, when the instance is in the same AWS Region as the S3 bucket

Correct Answers (B and E) There are four cost components to consider for S3 pricing - storage pricing request and data retrieval pricing data transfer and transfer acceleration pricing data management features pricing. Under "Data Transfer", You pay for all bandwidth into and out of Amazon S3, except for the following: (1) Data transferred in from the internet, (2) Data transferred out to an Amazon Elastic Compute Cloud (Amazon EC2) instance, when the instance is in the same AWS Region as the S3 bucket, (3) Data transferred out to Amazon CloudFront (CloudFront). Incorrect options: Data storage fee for objects stored in S3 Standard - S3 Standard charges a storage fee for objects. Data storage fee for objects stored in S3 Glacier - S3 Glacier charges a storage fee for objects.

he DevOps team at a Big Data consultancy has set up EC2 instances across two AWS Regions for its flagship application. Which of the following characterizes this application architecture? (a)Deploying the application across two AWS Regions improves security (b)Deploying the application across two AWS Regions improves performance (c)Deploying the application across two AWS Regions improves availability (d)Deploying the application across two AWS Regions improves scalability

Deploying the application across two AWS Regions improves availability Highly available systems are those that can withstand some measure of degradation while remaining available. Each AWS Region is fully isolated and comprised of multiple Availability Zones (AZ's), which are fully isolated partitions of AWS infrastructure. To better isolate any issues and achieve high availability, you can partition applications across multiple AZ's in the same AWS Region or even across multiple AWS Regions.

Which of the following statements is correct regarding the AWS Elastic File System (EFS) storage service? (a)EC2 instances can access files on an EFS file system across many Availability Zones, regions and VPCs (b)EC2 instances can access files on an EFS file system only in one Availability Zone (c)EC2 instances can access files on an EFS file system across many Availability Zones and VPCs (d)EC2 instances can access files on an EFS file system across many Availability Zones

EC2 instances can access files on an EFS file system across many Availability Zones, regions and VPCs Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability. Amazon EC2 instances can access your file system across AZs, regions, and VPCs, while on-premises servers can access using AWS Direct Connect or AWS VPN.

What should you do if you see resources, which you don't remember creating, in the AWS Management Console

If you suspect that your account has been compromised, or if you have received a notification from AWS that the account has been compromised, perform the following tasks: **Change your AWS root account password and the passwords of any IAM users. **Delete or rotate all root and AWS Identity and Access Management (IAM) access keys. **Delete any resources on your account you didn't create, such as EC2 instances and AMIs, EBS volumes and snapshots, and IAM users. **Respond to any notifications you received from AWS Support through the AWS Support Center. https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/

What is the primary benefit of deploying an RDS database in a Multi-AZ configuration? (a)Multi-AZ protects the database from a regional failure (b)Multi-AZ enhances database availability (c)Multi-AZ improves database performance for read-heavy workloads (d)Multi-AZ reduces database usage costs

Multi-AZ enhances database availability Amazon RDS Multi-AZ deployments provide enhanced availability and durability for RDS database (DB) instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby so that you can resume database operations as soon as the failover is complete.

Which pillar of AWS Well-Architected Framework is responsible for making sure that you focus on continually improving your processes and procedures? (a)Performance Efficiency (b)Reliability (c)Operational Excellence (d)Cost Optimization

Operational Excellence - The Operational Excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. In the cloud, you can apply the same engineering discipline that you use for application code to your entire environment. You can define your entire workload (applications, infrastructure) as code and update it with code. You can implement your operations procedures as code and automate their execution by triggering them in response to events.

Which pillar of AWS Well-Architected Framework is responsible for making sure that you select the right resource types and sizes based on your workload requirements? (a)Performance Efficiency (b)Reliability (c)Cost Optimization (d)Operational Excellence

Performance Efficiency The performance efficiency pillar focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.

Which of the following S3 storage classes do not charge any data retrieval fee? (Select two) (a)S3 Glacier (b)S3 One Zone-IA (c)S3 Standard (d)S3 Standard-IA (e)S3 Intelligent-Tiering

S3 Standard S3 Intelligent-Tiering ***S3 Standard does not charge any data retrieval fee.*** ***S3 Intelligent-Tiering does not charge any data retrieval fee.***

Which design principle of the AWS Well-Architected Framework can answer the question- "Who did what"? (a)Operational Excellence (b)Reliability (c)Security (d)Performance Efficiency

Security "Who did what" is nothing but traceability of action by any user on the system. It tells us which user performed what action on the system. Traceability is part of the Security design principle of AWS Cloud. So this is the correct option.

Which security procedures should you perform yourself even if you are using a managed service

The amount of security configuration work you have to do varies depending on which services you select and how sensitive your data is. However, there are certain security features—such as individual user accounts and credentials, SSL/TLS for data transmissions, and user activity logging—that you should configure no matter which AWS service you use.

What are design principles for performance efficiency in the cloud?

There are five design principles for performance efficiency in the cloud: 1- Democratize advanced technologies: Technologies that are difficult to implement can become easier to consume by pushing that knowledge and complexity into the cloud vendor's domain. Rather than having your IT team learns how to host and run a new technology, they can simply consume it as a service. For example, NoSQL databases, media transcoding, and machine learning are all technologies that require expertise that is not evenly dispersed across the technical community. In the cloud, these technologies become services that your team can consume while focusing on product development rather than resource provisioning and management. 2- Go global in minutes: Easily deploy your system in multiple Regions around the world with just a few clicks. This allows you to provide lower latency and a better experience for your customers at minimal cost. 3- Use serverless architectures: In the cloud, serverless architectures remove the need for you to run and maintain servers to carry out traditional compute activities. For example, storage services can act as static websites, removing the need for web servers, and event services can host your code for you. This not only removes the operational burden of managing these servers, but also can lower transactional costs because these managed services operate at cloud scale. 4- Experiment more often: With virtual and automatable resources, you can quickly carry out comparative testing using different types of instances, storage, or configurations. 5- Mechanical sympathy: Use the technology approach that aligns best to what you are trying to achieve. For example, consider data access patterns when selecting database or storage approaches.

You need to set up a security certificate for a client's eCommerce website in order to use the HTTPS protocol.. which AWS services do you need to access in order to manage your SSL server certificate?

To enable HTTPS connections to your website or application in AWS, you need an SSL/TLS server certificate. You can use a server certificate provided by AWS Certificate Manager (ACM) or one that you obtained from an external provider. You can use ACM or IAM to store and deploy server certificates. Use IAM as a certificate manager only when you must support HTTPS connections in a region that is not supported by ACM. IAM supports deploying server certificates in all regions, but you must obtain your certificate from an external provider for use with AWS.

What are the benefits of using a managed service on AWS?

WS Managed Services provides ongoing management of your AWS infrastructure so you can focus on your applications. By implementing best practices to maintain your infrastructure, AWS Managed Services helps to reduce your operational overhead and risk. AWS Managed Services automates common activities such as change requests, monitoring, patch management, security, and backup services, and provides full-lifecycle services to provision, run, and support your infrastructure. Our rigor and controls help to enforce your corporate and security infrastructure policies, and enable you to develop solutions and applications using your preferred development approach. AWS Managed Services improves agility, reduces cost, and unburdens you from infrastructure operations so you can direct resources toward differentiating your business. Because these services are instantly available to developers, they reduce dependency on in-house specialized skills and allow organizations to deliver new solutions faster. They are also designed for scalability and high availability, so they can reduce risk for your implementations.

Which of the following approaches can be used to automate the process of deploying new compute resources having the same configuration and the same state of a running resource?

Whether you are deploying a new environment for testing, or increasing capacity of an existing system to cope with extra load, you will not want to manually set up new resources with their configuration and code. It is important that you make this an automated and repeatable process that avoids long lead times and is not prone to human error. The following approaches can be used to achieve this: **Bootstrapping: When you launch an AWS resource like an Amazon EC2 instance or Amazon Relational Database (Amazon RDS)DB instance, you start with a default configuration. You can then execute automated bootstrapping actions. That is, scripts that install software or copy data to bring that resource to a particular state. You can parameterize configuration details that vary between different environments (e.g.,production, test, etc.) so that the same scripts can be reused without modifications. **Golden Images: Certain AWS resource types like Amazon EC2instances, Amazon RDS DB instances, Amazon Elastic Block Store (Amazon EBS) volumes, etc., can be launched from a golden image: a snapshot of a particular state of that resource. When compared to the bootstrapping approach, a golden image results in faster start times and removes dependencies to configuration services or third-party repositories. This is important in auto-scaled environments where you want to be able to quickly and reliably launch additional resources as a response to demand changes.

AWS responsibility in AWS Managed Services

With respect to the AWS managed services, AWS is responsible for software maintenance, patch management, monitoring, backup, disaster recovery.


Related study sets

Chapter 10 - Issues in Efficient Market

View Set

IP Addresses and Networking In Depth, Hardware and Network Troubleshooting, ports, Networking

View Set

Mental Health Nsg Exam 2: Suicide

View Set

1 • Basic Principles of Insurance KeyWords

View Set

GW B1+ Unit 2 Grammar Revision ex.5

View Set