Practice test 5
What offerings are included in the Amazon Lightsail product set? (Select TWO.) 1. Virtual Private Server 2. NoSQL database 3. Managed MySQL database 4. Object storage 5. Serverless functions
1, 3 Amazon LightSail provides an easy, low cost way to consume cloud services without needing the skill set for using VPC resources. the product set includes virtual private servers (instances), managed MySQL databases, HA storage, and load balancing You can connect to other AWS services such as S3, DynamoDB, and CloudFront, however these are not part of the LightSail product range
To reward customers for using their services, what are two ways AWS reduce prices? (Select TWO.) 1. Volume based discounts when you use more services 2. Reduction in inbound data transfer charges 3. Reduced cost for reserved capacity 4. Discounts for using a wider variety of services 5. Removal of termination fees for customers who spend more
1,3 AWS provide volume based discount so that when you use more services you reduce the cost per service. You can also reserve capacity by locking in to fixed 1 or 3 year contracts to get significant discounts You never pay for inbound data transfer You don't get discounts for using a variety of services, only when you use more services
Which DynamoDB feature provides in-memory acceleration to tables that result in significant performance improvements? 1. Amazon ElastiCache 2. Amazon DynamoDB Accelerator (DAX) 3. Amazon EFS 4. Amazon CloudFront
: 2 Explanation: Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement - from milliseconds to microseconds - even at millions of requests per second. DAX does all the heavy lifting required to add in-memory acceleration to your DynamoDB tables, without requiring developers to manage cache invalidation, data population, or cluster management.
What is the name of the online, self-service portal that AWS provides to enable customers to view reports and, such as PCI reports, and accept agreements? 1. AWS Compliance Portal 2. AWS Documentation Portal 3. AWS Artifact 4. AWS DocuFact
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements.
Which AWS service lets connected devices easily and securely interact with cloud applications and other devices? 1. Amazon Workspaces 2. AWS Directory Service 3. AWS IoT Core 4. AWS Server Migration Service (SMS)
AWS IoT Core is a managed cloud service that lets connected devices easily and securely interact with cloud applications and other devices. AWS IoT Core can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely Amazon WorkSpaces is a managed, secure cloud desktop service AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS.
Which AWS service is part of the suite of "serverless" services and runs code as functions? 1. Amazon ECS 2. Amazon EKS 3. AWS Lambda 4. AWS CodeCommit
AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. The code you run on AWS Lambda is called a "Lambda function".
Which service runs your application code only when needed without needing to run servers? 1. Amazon EC2 2. Amazon ECS 3. AWS Lambda 4. AWS LightSail
AWS Lambda is a serverless service that runs code as "functions". That means that your code is run when needed but there are no servers running (at least not servers that you see or manage). This reduces cost and operational overhead.
Which service provides alerts and remediation guidance when AWS is experiencing events that may impact you? 1. AWS Trusted Advisor 2. AWS Inspector 3. AWS Personal Health Dashboard 4. AWS Shield
AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment. Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS
Which of the following Amazon EC2 pricing models allows customers to use existing server-bound software licenses? 1. Spot Instances 2. Reserved Instances 3. Dedicated Hosts 4. On-Demand Instances
Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2, so that you get the flexibility and cost effectiveness of using your own licenses, but with the resiliency, simplicity and elasticity of AWS. An Amazon EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate compliance requirements.
Which service allows an organization to bring their own licensing on host hardware that is physically isolated from other AWS accounts? 1. EC2 Dedicated Instances 2. EC2 Spot Instances 3. EC2 Dedicated Hosts 4. EC2 Reserved Instances
An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses, including Windows Server, Microsoft SQL Server, SUSE, Linux Enterprise Server, and so on.
Which AWS feature of Amazon EC2 allows an administrator to create a standardized image that can be used for launching new instances? 1. Amazon Golden Image 2. Amazon Block Template 3. Amazon Machine Image 4. Amazon EBS Mount Point
An Amazon Machine Image (AMI) provides the information required to launch an instance. You can use an AMI to launch identical instances from a standard template. This is also known as a Golden Image (though no such feature exists in AWS with this name). An AMI is created from an EBS snapshot and also includes launch permissions and a block device mapping.
When designing a VPC, what is the purpose of an Internet Gateway? 1. Provides Internet access for EC2 instances in private subnets 2. Enables Internet communications for instances in public subnets 3. It's a bastion host for inbound management connections 4. It's used for making VPN connections to a VPC
An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.
What is the name of the AWS managed Docker registry service used by the Amazon Elastic Container Service (ECS)? 1. Elastic Container Registry 2. ECS Container Registry 3. Docker Container Registry 4. Docker Image Repository
Answer: 1 Explanation: Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS). Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure
Which AWS program can help an organization to design, build, and manage their workloads on AWS? 1. APN Consulting Partners 2. APN Technology Consultants 3. AWS Business Development Manager 4. AWS Technical Account Manager
Answer: 1 Explanation: APN Consulting Partners are professional services firms that help customers of all sizes design, architect, build, migrate, and manage their workloads and applications on AWS. Consulting Partners include System Integrators (SIs), Strategic Consultancies, Agencies, Managed Service Providers (MSPs), and Value-Added Resellers (VARs). None of the other options are AWS Programs that can assist a customer with the design, build and management of their workloads
A company needs protection from distributed denial of service (DDoS) attacks on its website and assistance from AWS experts during such events. Which AWS managed service will meet these requirements? 5. AWS Shield Advanced 1. AWS Firewall Manager 2. AWS Web Application Firewall 3. Amazon GuardDuty
Answer: 1 Explanation: AWS Shield Advanced provides enhanced detection and includes a specialized support team for customers on Enterprise or Business support plans. The AWS DDoS Response Team (DRT) are available 24/7 and can be engaged before, during, or after a DDoS attack. AWS WAF is used for protecting web applications and APIs against malicious attacks. This is not a DDoS prevention service. Amazon GuardDuty" This service is used for continuously monitoring AWS resources for threats. It is not a DDoS prevention service, it uses machine learning and anomaly detection to identify security vulnerabilities in resources
A company wants to utilize a pay as you go cloud model for all of their applications without CAPEX costs and which is highly elastic. Which cloud delivery model will suit them best? 1. Public 2. Private 3. Hybrid 4. On-premise
Answer: 1 Explanation: The public cloud is offered under a purely pay as you go model (unless you choose to reserve), and allows companies to completely avoid CAPEX costs. The public cloud is also highly elastic so companies can grow and shrink the applications as demand changes. Private and on-premise clouds are essentially the same, though both could be managed by a third party and even could be delivered under an OPEX model by some vendors. However, they are typically more CAPEX heavy and the elasticity is limited. A hybrid model combines public and private and this company wants to go all in on a single model.
An application that is deployed across multiple Availability Zones could be described as: 1. Being highly available 2. Having global reach 3. Being secure 4. Having elasticity
Answer: 1 Explanation: When you deploy an application across multiple Availability Zones the application can be considered to be highly available. You must also have a way of directing traffic to the application in each AZ such as an Elastic Load Balancer.
What is the relationship between subnets and availability zones? 1. You can create one or more subnets within each availability zone 2. Subnets span across multiple availability zones 3. You can create one subnet per availability zone 4. Subnets contain one or more availability zones
Answer: 1 Explanation: You can create one or more subnets within each availability zone but subnets cannot span across availability zones.
What are two benefits of using AWS Lambda? (Select TWO.) 1. No servers to manage 2. Integrated snapshots 3. Continuous scaling (scale out) 4. Flexible operating system choices 5. Open source software
Answer: 1, 3 Explanation: With AWS Lambda you don't have any servers to manage (serverless). Lambda functions scale out rather than up running multiple invocations of the function in parallel.
Which AWS components aid in the construction of fault-tolerant applications? (Select TWO.) 1. Elastic IP addresses 2. ARNs 3. AMIs 4. Tags 5. Block device mappings
Answer: 1, 3 Explanation: Elastic IP addresses can be easily remapped between EC2 instances in the event of a failure. Amazon Machine Images (AMIs) can be used to quickly launch replacement instances when there is a failure Amazon Resource Names (ARNs), tags and block device mappings don't really help with fault tolerance
Which of the following constitute the five pillars for the AWS Well-Architected Framework? (Select TWO.) 1. Operational excellence, security, and reliability 2. Operational excellence, elasticity and scalability 3. Cost prioritization, and cost optimization 4. Data consistency, and cost optimization 5. Performance efficiency, and cost optimization
Answer: 1, 5 Explanation: The five pillars of the AWS Well-Architected Framework are operational excellence, security, reliability, performance efficiency, and cost optimization
Which of the following must be used together to gain programmatic access to an AWS account? (Select TWO.)' 1. An access key ID 2. A primary key 3. A secret access key 4. A user ID 5. A secondary key
Answer: 1,3 Explanation: Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).
What charges are applicable to Amazon S3 Standard storage class? (Select TWO.) 1. Per GB/month storage fee 2. Retrieval fee 3. Minimum capacity charge per object 4. Data ingress 5. Data egress
Answer: 1,5 Explanation: With the standard storage class you pay a per GB/month storage fee, and data transfer out of S3. Standard-IA and One Zone-IA have a minimum capacity charge per object. Standard-IA, One Zone-IA, and Glacier also have a retrieval fee. You don't pay for data into S3 under any storage class.
With which service can a developer upload code using a ZIP or WAR file and have the service handle the end-to-end deployment of the resources? 1. AWS CodeDeploy 2. AWS Elastic Beanstalk 3. Amazon ECS 4. AWS CodeCommit
Answer: 2 Explanation: AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Developers upload applications and Elastic Beanstalk handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring
A developer needs a way to automatically provision a collection of AWS resources. Which AWS service is primarily used for deploying infrastructure as code? 1. AWS Elastic Beanstalk 2. AWS CloudFormation 3. AWS CodeDeploy 4. Jenkin
Answer: 2 Explanation: AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. Think of CloudFormation as deploying infrastructure as code.
Which AWS service can be used to prepare and load data for analytics using an extract, transform and load (ETL) process? 1. AWS Lambda 2. AWS Glue 3. Amazon EMR 4. Amazon Athena
Answer: 2 Explanation: AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics. You can point AWS Glue to data stored on AWS, and AWS Glue discovers the data and stores the associated metadata (e.g. table definition and schema) in the AWS Glue Data Catalog. Once cataloged, the data is immediately searchable, queryable, and available for ETL Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL.
A Cloud Practitioner is developing a disaster recovery plan and intends to replicate data between multiple geographic areas. Which of the following meets these requirements? 1. AWS Accounts 2. AWS Regions 3. Availability Zones 4. Edge locations
Answer: 2 Explanation: AWS has the concept of a Region, which is a physical location around the world where we cluster data centers. We call each group of logical data centers an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate AZ's within a geographic area
Which service is used for caching data? 1. Amazon Simple Queue Service (SQS) 2. Amazon DynamoDB DAX 3. AWS Key Management Service (KMS) 4. Amazon Elastic File System (EFS)
Answer: 2 Explanation: Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement - from milliseconds to microseconds - even at millions of requests per second.
Which type of EBS volumes can be encrypted? 1. Non-root volumes only 2. Both non-root and root volumes 3. Only non-root volumes created from snapshots 4. Only root volumes can have encryption applied at launch time
Answer: 2 Explanation: Amazon EBS encryption offers a straight-forward encryption solution for your EBS resources that doesn't require you to build, maintain, and secure your own key management infrastructure. It uses AWS Key Management Service (AWS KMS) customer master keys (CMK) when creating encrypted volumes and snapshots. Encryption operations occur on the servers that host EC2 instances, ensuring the security of both data-at-rest and data-intransit between an instance and its attached EBS storage.
How can you configure Amazon Route 53 to monitor the health and performance of your application? 1. Using DNS lookups 2. Using Route 53 health checks 3. Using the Route 53 API 4. Using CloudWatch
Answer: 2 Explanation: Amazon Route 53 health checks monitor the health and performance of your web applications, web servers, and other resources.
How can a company protect their Amazon S3 data from a regional disaster? 1. Archive to Amazon Glacier 2. Use Cross-Region Replication (CRR) to copy to another region 3. Use lifecycle actions to move to another S3 storage class 4. Enable Multi-Factor Authentication (MFA) delete
Answer: 2 Explanation: Cross-Region replication (CRR) is used to copy objects across Amazon S3 buckets in different AWS Regions. The only option here that will help is to use CRR to copy the data to another region. This will provide disaster recovery.
What is an Edge location? 1. A public endpoint for Amazon S3 2. A content delivery network (CDN) endpoint for CloudFront 3. A virtual private gateway for VPN 4. A VPC peering connection endpoint
Answer: 2 Explanation: Edge locations are Content Delivery Network (CDN) endpoints for CloudFront. There are many more edge locations than regions
what feature of Amazon S3 enables you to set rules to automatically transfer objects between different storage classes at defined time intervals? 1. Elastic Data Management 2. Object Lifecycle Management 3. Auto Lifecycle Scaling 4. S3 Archiving
Answer: 2 Explanation: Object lifecycle management can be used with objects so that they are stored cost effectively throughout their lifecycle. Objects can be transitioned to another storage class or expired
A company has deployed several relational databases on Amazon RDS. Every month, the database software vendor releases new security patches that need to be applied to the database. What is the MOST efficient way to apply the security patches? 1. Connect to each database instance on a monthly basis, and download and apply the necessary security patches from the vendor 2. Enable automatic patching for the instances using the Amazon RDS console 3. In AWS Config, configure a rule for the instances and the required patch level 4. Use AWS Systems Manager to automate database patching according to a schedule
Answer: 2 Explanation: Periodically, Amazon RDS performs maintenance on Amazon RDS resources. Maintenance most often involves updates to the DB instance's underlying hardware, underlying operating system (OS), or database engine version. Updates to the operating system most often occur for security issues and should be done as soon as possible.
A user deploys an Amazon Aurora database instance in multiple Availability Zones. This strategy involves which pillar of the AWS Well-Architected Framework? 1. Performance efficiency 2. Reliability 3. Cost optimization 4. Security
Answer: 2 Explanation: The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. There are five design principles for reliability in the cloud: • Test recovery procedures • Automatically recover from failure • Scale horizontally to increase aggregate system availability • Stop guessing capacity • Manage change in automation
Which AWS service can assist with providing recommended actions on cost optimization? 1. AWS Inspector 2. AWS Trusted Advisor 3. AWS Artifact 4. Amazon CloudWatch Events
Answer: 2 Explanation: Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment.
Which support plan is the lowest cost option that allows unlimited cases to be open? 1. Basic 2. Developer 3. Business 4. Enterprise
Answer: 2 Explanation: With the Developer plan you can open unlimited cases. You can also open unlimited cases with the Business and Enterprise plans but these are more expensive. You cannot open any support cases with the basic support plan
How can a company connect from their on-premises network to VPCs in multiple regions using private connections? 1. AWS Managed VPN 2. AWS Direct Connect Gateway 3. Amazon CloudFront 4. Inter-Region VPC Peering
Answer: 2 Explanation: You can use an AWS Direct Connect gateway to connect your AWS Direct Connect connection over a private virtual interface to one or more VPCs in your account that are located in the same or different Regions AWS Managed VPN uses the public Internet and is therefore not a private connection.
Which AWS services form the app-facing services of the AWS serverless infrastructure? (Select TWO.) 1. AWS Step Functions 2. AWS Lambda 3. Amazon API Gateway 4. Amazon DynamoDB 5. Amazon EFS
Answer: 2, 3 Explanation: AWS Lambda and Amazon API Gateway are both app-facing components of the AWS Serverless infrastructure AWS Step Functions is an orchestration service
What are the benefits of using IAM roles for applications that run on EC2 instances? (Select TWO.) 1. Easier to configure than using storing access keys within the EC2 instance 2. More secure than storing access keys within applications 3. Can apply multiple roles to a single instance 4. It is easier to manage IAM roles 5. Role credentials are permanent
Answer: 2, 4 Explanation: Using IAM roles instead of storing credentials within EC2 instances is more secure It is also easier to manage roles.
What are two correct statements about AWS Organizations with consolidated billing? (Select TWO.) 1. Multiple bills are provided per organization 2. One bill provided for multiple accounts 3. Linked accounts lose their management independence 4. Volume pricing discounts applied across multiple accounts 5. CloudTrail can be configured per organization
Answer: 2, 4 Explanation: With AWS organizations you create a paying account and linked accounts. One bill is provided for multiple accounts within an organization. Volume pricing discounts can be applied across resources in multiple accounts.
Which of the following are advantages of using the AWS cloud computing over legacy IT? (Select TWO.) 1. You are able to pass responsibility for the availability of your application to AWS 2. You don't need to worry about over provisioning as you can elastically scale 3. You don't need to patch your operating systems 4. You can bring new applications to market faster 5. You can bring services closer to your end users
Answer: 2, 4 Explanation: With cloud computing you no longer need to guess about capacity as you can elastically scale. This means you don't end up overprovisioning but instead react to the load on your servers. You can also be faster and more agile with development and release of applications.
Which of the following would be good reasons to move from on-premises to the AWS Cloud? (Select TWO.) 1. Gain access to free technical support services 2. Reduce costs through easier right-sizing of workloads 3. Improve agility and elasticity 4. Gain end-to-end operational management of the entire infrastructure stack 5. Outsource all security responsibility
Answer: 2,3 Explanation: There are many benefits to moving to the AWS Cloud and these include reducing costs through right-sizing workloads. This is easier with elastic computing and the ability to easily adjust workloads, monitor utilization and programmatically make changes. You can improve agility and elasticity through services such as Auto Scaling, Elastic Load Balancing and highly scalable services such as S3 and Lambda.
Which tools can you use to manage identities in IAM? (choose 2) 1. Amazon CloudWatch API 2. AWS Management Console 3. AWS Command Line Tools 4. EC2 Management Console 5. EC2 Management Console 6. Amazon Workspaces
Answer: 2,3 Explanation: You can manage AWS Identity and Access Management identities through the AWS Management Console, AWS Command Line Tools, AWS SDKs, and IAM HTTPS API.
A cloud practitioner needs to decrease application latency and increase performance for globally distributed users. Which services can assist? (Select TWO.) 1. Amazon ECS 2. Amazon S3 3. Amazon AppStream 2.0 4. Amazon ElastiCache 5. Amazon CloudFront
Answer: 2,5 Explanation: Amazon S3 is an object-based storage system. It can be used to store data such as files and images that need to be served. Optionally, an S3 bucket can be configured as a static website. Amazon CloudFront is a content delivery network (CDN) that caches content at Edge Locations around the world. These two services can work together with an S3 bucket configured as an origin for the CloudFront distribution. Users around the world will then be able to pull the content from the local Edge Location with lower latency and better performance
Which service can you use to monitor, store and access log files generated by EC2 instances and on-premises servers? 1. AWS CloudTrail 2. AWS OpsWorks 3. Amazon CloudWatch Logs 4. Amazon Kinesis
Answer: 3 Explanation: You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources. You can then retrieve the associated log data from CloudWatch Logs.
Which service is used introduce fault tolerance into an application architecture? 1. Amazon CloudFront 2. Amazon ElastiCache 3. Amazon Elastic Load Balancing 4. Amazon DynamoDB
Answer: 3 Explanation: Amazon Elastic Load Balancing is used to spread load and introduce fault tolerance by distributing connections across multiple identically configured back-end EC2 instances Amazon ElastiCache is an in-memory database cache and is used to introduce improved performance rather than fault tolerance.
Which AWS service enables developers and data scientists to build, train, and deploy machine learning models? 1. Amazon Rekognition 2. Amazon Comprehend 3. Amazon SageMaker 4. Amazon MQ
Answer: 3 Explanation: Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. Amazon SageMaker removes all the barriers that typically slow down developers who want to use machine learning.
Which AWS service can be used to send automated notifications to HTTP endpoints? 1. Amazon SQS 2. Amazon SWF 3. Amazon SNS 4. Amazon SES
Answer: 3 Explanation: Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud. SNS can be used to send automated or manual notifications to email, mobile (SMS), SQS, and HTTP endpoints. Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential step. It is not a notification service Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. This is a message bus, not a notification service.
An Elastic IP Address can be remapped between EC2 instances across which boundaries? 1. Regions 2. Edge Locations 3. Availability Zones 4. DB Subnets
Answer: 3 Explanation: Elastic IP addresses are for use in a specific region only and can therefore only be remapped between instances within that region. You can use Elastic IP addresses to mask the failure of an instance in one Availability Zone by rapidly remapping the address to an instance in another Availability Zone.
Which AWS IAM best practice recommends applying the minimum permissions necessary to perform a task when creating IAM policies? 1. Create individual IAM users 2. Use roles to delegate permissions 3. Grant least privilege 4. Enable MFA for privileged users
Answer: 3 Explanation: When you create IAM policies, follow the standard security advice of granting least privilege that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks. The other answer are all valid best practices but are not related to applying minimum permissions to IAM policies.
Which of the below is an example of optimizing for cost? 1. Choosing the fastest EC2 instance to ensure performance 2. Provision extra capacity to allow for growth 3. Replace an EC2 compute instance with AWS Lambda 4. Deploy resources with AWS CloudFormation
Answer: 3 Explanation: Where possible, you should replace EC2 workloads with AWS managed services that don't require you to take any capacity decisions. AWS Lambda is a serverless services and you only pay for actual processing time. Other examples of services that you don't need to make capacity decisions with include: ELB, CloudFront, SQS, Kinesis Firehose, SES, and CloudSearch.
Assuming you have configured them correctly, which AWS services can scale automatically without intervention? (Select TWO.) 1. Amazon RDS 2. Amazon EC2 3. Amazon S3 4. Amazon DynamoDB 5. Amazon EBS
Answer: 3, 4 Explanation: Both S3 and DynamoDB automatically scale as demand dictates. In the case of DynamoDB you can either configure the ondemand or provisioned capacity mode. With on-demand capacity mode DynamoDB automatically adjusts the read and write throughput for you. EC2, EBS and RDS do not scale automatically. You must intervene to adjust volume sizes and database instance types to scale these resource
Which services allow you to store files on AWS? (Select TWO.) 1. AWS Lambda 2. Amazon LightSail 3. Amazon EBS 4. Amazon EFS 5. Amazon SQS
Answer: 3,4 Explanation: You can store files on the Elastic Block Store (EBS), and Elastic File System (EFS). EBS volumes are mounted as block devices to EC2 instances and EFS volumes are mounted to the instance using the NFS protocol
A Cloud Practitioner needs to rapidly deploy a popular IT solution and start using it immediately. What should the Cloud Practitioner use? 1. AWS Well-Architected Framework documentation 2. Amazon CloudFront 3. AWS Elastic Beanstalk 4. AWS Quick Start reference deployment
Answer: 4 243 Explanation: Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately. Each Quick Start includes AWS CloudFormation templates that automate the deployment and a guide that discusses the architecture and provides step-by-step deployment instructions.
Which AWS security service provides a firewall at the subnet level within a VPC? 1. Security Group 2. IAM Policy 3. Bucket Policy 4. Network Access Control List
Answer: 4 Explanation: A Network ACL is a firewall that is associated with a subnet within your VPC. It is used to filter the network traffic that enters and exits the subnet A Security Group is a firewall that is associated with an EC2 instances (not the subnet). Security Groups control the traffic the inbound and outbound network traffic from/to the instance.
Under the AWS Shared Responsibility Model, which of the following is the customer NOT responsible for? 1. Adding firewall rules to security groups and network ACLs 2. Applying encryption to data stored on an EBS volume 3. Applying bucket policies to share Amazon S3 data 4. Installing firmware updates on host servers
Answer: 4 Explanation: AWS customers are not responsible for installing firmware updates on the underlying infrastructure. AWS customers must protect their AWS services through policies, encryption, and firewall rules
How can an online education company ensure their video courses play with minimal latency for their users around the world? 1. Use Amazon S3 Transfer Acceleration to speed up downloads 2. Use Amazon EBS Cross Region Replication to get the content close to the users 3. Use Amazon Aurora Global Database 4. Use Amazon CloudFront to get the content closer to users
Answer: 4 Explanation: Amazon CloudFront is a content delivery network (CDN) that enables you to cache content in Edge Locations that are located 239 © 2022 Digital Cloud Training around the world. This brings your media closer to your end users which reduces latency and improves the user experience Amazon S3 Transfer Acceleration is a feature that is used for accelerating uploads to Amazon S3, not for downloads.
Which type of storage stores objects comprised of key, value pairs? 1. Amazon DynamoDB 2. Amazon EBS 3. Amazon EFS 4. Amazon S3
Answer: 4 Explanation: Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 is an object-based storage system that stores objects that are comprised of key, value pairs
Which type of Amazon RDS automated backup allows you to restore the database with a granularity of as little as 5 minutes? 1. Snapshot backup 2. Full backup 3. Incremental backup 4. Point-in-time recovery
Answer: 4 Explanation: You can restore an Amazon RDS database instance to a specific point in time with a granularity of 5 minutes. Amazon RDS uses transaction logs which it uploads to Amazon S3 to do this.
Which of the following statements is correct about Amazon S3 cross-region replication? 1. Both source and destination S3 buckets must have versioning disabled 2. The source and destination S3 buckets cannot be in different AWS Regions 3. S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts 4. The source S3 bucket owner must have the source and destination AWS Regions disabled for their account
Explanation: Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can copy objects between different AWS Regions or within the same Region. Both source and destination buckets must have versioning enabled. The source bucket owner must have the source and destination AWS Regions enabled for their account. The destination bucket owner must have the destination Region-enabled 241 © 2022 Digital Cloud Training for their account
What are the primary benefits of using AWS Elastic Load Balancing? (Select TWO.) 1. High availability 2. Elasticity 3. Automation 4. Caching 5. Regional resilience
High availability - ELB automatically distributes traffic across multiple EC2 instances in different AZs within a region. Elasticity - ELB is capable of handling rapid changes in network traffic patterns.
Which of the following descriptions is incorrect in relation to the design of Availability Zones? 1. AZ's have direct, low-latency, high throughput and redundant network connections between each other 2. Each AZ is designed as an independent failure zone 3. AZs are physically separated within a typical metropolitan region and are located in lower risk flood plains 4. Each subnet in a VPC is mapped to all AZs in the region
Subnets are created within a single AZ and do not get mapped to multiple AZs.
What information must be entered into the AWS TCO Calculator? 1. The number of end users in your company 2. The number of applications in your company 3. The number of storage systems in your company 4. The number of servers in your company
The TCO calculator asks for the number of servers (Physical or VMs) you are running on-premises. You also need to supply the resource information (CPU, RAM) and specify whether the server is a DB or non-DB. Use this new calculator to compare the cost of your applications in an on-premises or traditional hosting environment to AWS. Describe your on-premises or hosting environment configuration to produce a detailed cost comparison with AWS.