A Cloud Guru Practice Test Flashcards
Which of the following best describes Availability Zones (AZs)?
Restricted areas designed specifically for the creation of virtual private clouds (VPCs) that span AZs
Two zones containing compute resources that are designed to automatically maintain synchronized copies of each other’s data
Distinct locations from within an AWS Region that are engineered to be isolated from failures
A content distribution network used to deliver content to users
Distinct locations from within an AWS Region that are engineered to be isolated from failures
Availability Zones are distinct locations from within an AWS Region that are engineered to be isolated from failures. Each Region is made up of 1 or more AZs. Availability Zones host almost every AWS service, including EC2 instances, S3 buckets, and much more. Some services will maintain copies of your data between Availability Zones, but this is dependent on the individual service (for example, S3 can store data in multiple AZs, whereas an EC2 instance is tied to a single AZ).
When you pay a subscription fee to a hosting company to serve your website on an instance you manage, which cloud computing model are you using?
Infrastructure as a Service (IaaS)
Function as a Service (FaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
A. Infrastructure as a Service (IaaS)
IaaS offers building blocks that can be rented. When you pay a web hosting fee, you’re using IaaS.
An organization is considering migrating internal applications to the AWS Cloud. The organization will follow the 5 pillars of the AWS Well-Architected Framework. Which items are pillars of the AWS Well-Architected Framework? (Pick 2)
Ease of use
Reliability
Operational excellence
Scalability
Elasticity
Reliability
The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
Operational excellence
The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to improve supporting processes and procedures continually.
Which of the following can be used as a web-based interface to view processes in AWS?
AWS SDK
AWS Management Console
AWS API
AWS CLI
AWS Management Console
AWS Management Console is a web application for managing Amazon Web Services.
Which AWS service can help you optimize your AWS environment by giving recommendations to reduce cost, increase performance, and improve security?
AWS Trusted Advisor
AWS Inspector
AWS CloudWatch
AWS Optimizations
A. AWS Trusted Advisor
Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.
Which of the following are characteristics of cloud computing? (Pick 3)
On-demand delivery
Pay-as-you-go pricing
Cloud charges are capital expenditures.
Services are delivered via the internet.
No extra skills or training are required.
On-demand delivery
The on-demand delivery via the internet of services with pay-as-you-go pricing characterizes cloud computing.
Pay-as-you-go pricing
The on-demand delivery via the internet of services with pay-as-you-go pricing characterizes cloud computing.
Services are delivered via the internet.
The on-demand delivery via the internet of services with pay-as-you-go pricing characterizes cloud computing. Services incurred from a cloud services provider are operating expenses, not capital expenses. Capital expenditure (CapEX) is less common with the cloud, in favor of operational expenditure (OpEx). Skills and training for personnel are required to leverage cloud computing.
Which of the following are advantages of cloud computing? (Pick3)
Agility
Variable expense
Elasticity
Requires large amounts of capital
Agility
The cloud gives you increased agility. All the services you have access to help you innovate faster, giving you speed to market.
Variable expense
You pay for what you use instead of making huge upfront investments.
Elasticity
With elasticity, you do not have to plan ahead of time how much capacity you need. You can provision only what you need, and then grow and shrink based on demand.
You are reviewing the AWS Shared Responsibility model to present an overview to management on what your company is responsible for in AWS. Which option is a customer responsibility?
Edge locations
Availability Zones
Networking
Customer data
Customer data
Customers are responsible for the storage and securing of their own data.
A company is considering a serverless architecture and wants to build and run applications without having to manage infrastructure. Which AWS services should the company consider using when building applications? (Pick 4)
EC2
Lambda
Fargate
DynamoDB
S3
Lambda
Serverless is a way to build and run applications without having to manage infrastructure. Lambda is considered serverless.
Fargate
Serverless is a way to build and run applications without having to manage infrastructure. Fargate is considered serverless.
DynamoDB
Serverless is a way to build and run applications without having to manage infrastructure. DynamoDB is considered serverless.
S3
Serverless is a way to build and run applications without having to manage infrastructure. S3 is considered serverless.
A DevOps engineer is planning for the deployment of an application that can’t be impacted if an entire geographic location is affected by a disaster. How can the engineer deploy this application?
Place a load balancer in front of the application.
Deploy the application to multiple VPCs.
Deploy the application to multiple subnets.
Deploy the application to multiple Regions.
Deploy the application to multiple Regions.
AWS logically groups its Regions into geographic locations. Each Region is spread out and fully independent and isolated from other Regions. If there’s a flood, tsunami or earthquake in 1 Region, the other Regions will not be impacted. Because of this, it makes sense to deploy your application to multiple Regions.
Which of the following best describes a system that will remain operational even in the event of a component failure?
Fault tolerant
Elastic
Highly available
Scalable
Fault tolerant
A fault-tolerant system will remain operational even in the event of a component failure.
Which of the following are characteristics of Availability Zones (AZs)? (Pick 3)
Data centers housed in the same facility
Physically separated
Fault tolerant
Connected through low-latency links
Physically separated
AZs are physically separated.
Fault tolerant
AZs are fault tolerant.
Connected through low-latency links
AZs are connected to each other through low-latency links.
If you have a new application and you are not sure about future demand, which of the below characteristics of cloud make cloud an ideal place to host it? (Pick 3)
Performance efficiency
High availability
Pay as you go
No single point of failure
No upfront payment
Scalability
Pay as you go
No upfront payment and pay as you go mean that you do not need an initial outlay of capital for resources to build in cloud. Rather, you only need to pay for what you use going forward. These combined with the ability to consume more resources when needed (scalability) mean that cloud is a great way to host applications that have dynamic requirements.
No upfront payment
No upfront payment and pay as you go mean that you do not need an initial outlay of capital for resources to build in cloud. Rather, you only need to pay for what you use going forward. These combined with the ability to consume more resources when needed (scalability) mean that cloud is a great way to host applications that have dynamic requirements.
Scalability
No upfront payment and pay as you go mean that you do not need an initial outlay of capital for resources to build in cloud. Rather, you only need to pay for what you use going forward. These combined with the ability to consume more resources when needed (scalability) mean that cloud is a great way to host applications that have dynamic requirements.
Which of the following does Amazon ensure will happen when paying for AWS on an as-needed basis? (Pick 3)
Spending more money in the long term
Enabling the full elasticity of business operations
Spending less money in the long term
Redirecting focus to innovation and invention
Reducing procurement complexity
Enabling the full elasticity of business operations
Amazon provides certain benefits when you pay for services on an as-needed basis for your business. You can spend more time innovating and inventing, which consequently enables your business to be fully elastic.
Redirecting focus to innovation and invention
Amazon provides certain benefits when you pay for services on an as-needed basis for your business, so you can spend more time innovating and inventing.
Reducing procurement complexity
Amazon provides certain benefits when you pay for services on an as-needed basis for your business. You can spend more time innovating and inventing, which consequently reduces the complexity of procurement.
A company is planning for increased sales and traffic during an upcoming holiday sale. How can the company BEST prepare to meet the upcoming change in demand?
Develop a page to display, when demand can’t be met, asking the customer to try again later.
Review traffic from the previous year’s sale and add additional instances to match the capacity used.
Implement EC2 Auto Scaling.
Cache content using Amazon ElastiCache.
Implement EC2 Auto Scaling.
Auto Scaling adds or removes EC2 instances based on demand.
Who are the main users of the AWS Command Line Interface (CLI)?
Non-technical roles
New cloud users
Developers
Business Analysts
Developers
Developers are the main the users of the CLI.
Which of the following best describes an AWS Region?
A collection of data centers that are spread evenly around a specific continent
A console that gives you a quick, global picture of your cloud computing environment
A collection of databases that can only be accessed from a specific geographic region
A distinct location within a geographic area designed to provide high availability to a specific geography
A distinct location within a geographic area designed to provide high availability to a specific geography
A Region is a distinct location within a geographic area designed to provide high availability to a specific geography. Regions are a key concept in AWS’ Global Infrastructure — each is made up of 1 or more isolated (within that Region) Availability Zones. There are often multiple AWS Regions on each continent, such as North America.
According to the Shared Responsibility Model, which of the following is AWS responsible for?(Pick 2)
Amazon Virtual Private Cloud infrastructure
Security groups
Network access control lists
Elastic Cloud Compute (EC2) infrastructure
Subnets
Amazon Virtual Private Cloud infrastructure
Protecting the infrastructure that runs all of the services in the AWS Cloud is the responsibility of AWS. Such services include EC2 infrastructure — the hardware compute platform for running EC2 instances and Amazon Virtual Private Cloud — or VPC, which enables customers to provision a logically isolated section of the AWS Cloud to launch their resources. The subnets, security groups, and network access control lists configured in the VPC are the responsibility of the customer.
Elastic Cloud Compute (EC2) infrastructure
Protecting the infrastructure that runs all of the services in the AWS Cloud is the responsibility of AWS. Such services include EC2 infrastructure — the hardware compute platform for running EC2 instances and Amazon Virtual Private Cloud — or VPC, which enables customers to provision a logically isolated section of the AWS Cloud to launch their resources. The subnets, security groups, and network access control lists configured in the VPC are the responsibility of the customer.
An oil and gas utility company which is highly regulated must create a Cloud governance scheme. The company is organized into multiple autonomous departments which will all be using AWS resources. These departments each sponsor independent projects that are reviewed by regulatory boards for the approval of customer price increases. The code and infrastructure for each project has production, development, and testing environments. Which of the following account strategies will maximize security and operational efficiency for the company?
Create multiple AWS accounts, 1 for each autonomous department within the company.
Create multiple AWS accounts: 1 for the production environment, 1 for the development environment, and 1 for the testing environment for all departments.
Create a single AWS account for centralized security management.
Create an Organizational Unit structure in AWS Organizations with separate underlying accounts for production, development, and testing environments.
Create an Organizational Unit structure in AWS Organizations with separate underlying accounts for production, development, and testing environments.
A multi-layered account structure will work best for this company, leveraging AWS Organizations to establish Organizational Units for each department, with separate production, development, and testing environments. While there is no physical AWS account at the department level, service control policies can be applied at the Organizational Unit level, and billing can be reported separately for each department. An account for each department — in which the department combines dev/test/prod — or a single account for the company hosting all workloads together will NOT provide segregation of production, development, and testing environments at the account level. Multiple standalone accounts for each department and environment would compromise operational efficiency in managing environments across departments, as there is no overarching AWS Organization to manage all the accounts centrally.
A developer doesn’t want to hardcode the database password in their application code when developing a new application. Which service will help with accessing the password without having to hardcode it?
AWS Artifact
IAM credential report
Secrets Manager
Key Management Service (KMS)
Secrets Manager
Secrets Manager allows you to manage and retrieve secrets (passwords or keys).
How can a customer meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated hardware in the cloud?
DynamoDB
CloudHSM
Identity and Access Management
Secrets Manager
CloudHSM
CloudHSM allows customers to meet compliance requirements for data security by using dedicated hardware.
A user uses CloudFormation to deploy infrastructure to multiple Regions. This multi-Region deployment strategy involves which pillar of the AWS Well-Architected Framework?
Performance Efficiency
Reliability
Security
Operational Excellence
Performance Efficiency
This Performance Efficiency pillar focuses on the effective use of resources to meet demand.
AWS uses the shared responsibility model. For security, which of the following are the responsibilities of AWS? (Pick 3)
User password rules
Physically securing compute resources
Configure security groups
Network patching
Disk disposal
Physically securing compute resources
AWS is in charge of physically securing compute resources, as it is part of the infrastructure that runs all of the services offered in the AWS cloud.
Network patching
Network patching is one of AWS’s responsibilities, as it is connected to the infrastructure AWS handles.
Disk disposal
Disk disposal is one of AWS’s responsibilities, as it is connected to the infrastructure AWS handles.
Which service powers the creation of encrypted EBS volumes for Amazon EC2?
CloudHSM
Secrets Manager
Identity and Access Management (IAM)
Key Management Service (KMS)
Key Management Service (KMS)
When you create an encrypted Amazon EBS volume, you’re able to specify a KMS customer master key.
When considering the security of an AWS EC2 instance, which of the below are users responsible for? (Pick 2)
Patching and maintenance of server hardware
Patching and maintenance of OS and applications
Security configuration
Physical and environmental controls
Patching and maintenance of OS and applications
Under the Shared Responsibility Model, users are entirely responsible for the security, patching, and maintenance of AWS IaaS services such as EC2. AWS will only take care of the underlying hardware used to provide the service.
Security configuration
Under the Shared Responsibility Model, users are entirely responsible for the security, patching, and maintenance of AWS IaaS services such as EC2. AWS will only take care of the underlying hardware used to provide the service.
Enabling Amazon GuardDuty automatically grants the service permission to analyze which of the following data sources? (Pick 3)
Amazon S3 buckets
DNS query logs
VPC Flow Logs
AWS CloudTrail logs
DNS query logs
Amazon GuardDuty monitors the security of your AWS environment by analyzing and processing 3 data sources, which are VPC Flow Logs, AWS CloudTrail event logs, and DNS logs.
VPC Flow Logs
Amazon GuardDuty monitors the security of your AWS environment by analyzing and processing 3 data sources, which are VPC Flow Logs, AWS CloudTrail event logs, and DNS logs.
AWS CloudTrail logs
Amazon GuardDuty monitors the security of your AWS environment by analyzing and processing 3 data sources, which are VPC Flow Logs, AWS CloudTrail event logs, and DNS logs.
