A Cloud Guru Practice Test

Question 1

You need to stream data in real time for a dashboard application. Which AWS service would you use?

AWS Kinesis
AWS CloudWatch
Amazon Redshift
AWS CloudTrail

Answer 1

AWS Kinesis
Kinesis allows you to analyze data and video streams in real time.

Question 2

When considering the security of an AWS EC2 instance, which of the below are users responsible for? (Pick 2)

Patching and maintenance of server hardware
Patching and maintenance of OS and applications
Security configuration
Physical and environmental controls

Answer 2

Patching and maintenance of OS and applications
Under the Shared Responsibility Model, users are entirely responsible for the security, patching, and maintenance of AWS IaaS services such as EC2. AWS will only take care of the underlying hardware used to provide the service.

Security configuration
Under the Shared Responsibility Model, users are entirely responsible for the security, patching, and maintenance of AWS IaaS services such as EC2. AWS will only take care of the underlying hardware used to provide the service.

Question 3

An independent developer needs help with monitoring service limits to ensure they don’t exceed free-tier usage on their account. Which services will help them monitor service limits? (Pick 2)

Config
CloudWatch
Trusted Advisor
Inspector
GuardDuty

Answer 3

CloudWatch
CloudWatch Alarms can be used to determine the percentage of utilization versus the limit.

Trusted Advisor
Trusted Advisor has a service limit dashboard that helps you monitor service limits.

Question 4

Which of the following allows you to access AWS services from popular programming languages like Java, Python, and C#?

Software development kits
AWS Management Console
Command line interface
Programming languages

Answer 4

Software development kits

Software development kits (or SDKs) provide everything you need to develop and manage applications in AWS, including the programming language of your choice.

Question 5

Enabling Amazon GuardDuty automatically grants the service permission to analyze which of the following data sources? (Pick 3)

Amazon S3 buckets
DNS query logs
VPC Flow Logs
AWS CloudTrail logs

Answer 5

DNS query logs
Amazon GuardDuty monitors the security of your AWS environment by analyzing and processing 3 data sources, which are VPC Flow Logs, AWS CloudTrail event logs, and DNS logs.

VPC Flow Logs
Amazon GuardDuty monitors the security of your AWS environment by analyzing and processing 3 data sources, which are VPC Flow Logs, AWS CloudTrail event logs, and DNS logs.

AWS CloudTrail logs
Amazon GuardDuty monitors the security of your AWS environment by analyzing and processing 3 data sources, which are VPC Flow Logs, AWS CloudTrail event logs, and DNS logs.

Question 6

Which of the following are characteristics of cloud computing? (Pick 3)

On-demand delivery
Pay-as-you-go pricing
Cloud charges are capital expenditures.
Services are delivered via the internet.
No extra skills or training are required.

Answer 6

On-demand delivery
The on-demand delivery via the internet of services with pay-as-you-go pricing characterizes cloud computing.

Pay-as-you-go pricing
The on-demand delivery via the internet of services with pay-as-you-go pricing characterizes cloud computing.

Services are delivered via the internet.
The on-demand delivery via the internet of services with pay-as-you-go pricing characterizes cloud computing. Services incurred from a cloud services provider are operating expenses, not capital expenses. Capital expenditure (CapEX) is less common with the cloud, in favor of operational expenditure (OpEx). Skills and training for personnel are required to leverage cloud computing.

Question 7

Which of the following are steps you should take in securing your AWS account? (Pick 3)

Use groups to delegate access to IAM users.
Create individual IAM users.
Assign policies directly to your administrative users
Activate Multi-factor Authentication (MFA) on your root account.

Answer 7

Use groups to delegate access to IAM users.
Groups should be used to delegate permissions to the users you create, instead of individual assigning policies to IAM users, since it makes administration easier.

Create individual IAM users.
You should always create IAM users for individual users, since the root account should never be used for actual work.

Activate Multi-factor Authentication (MFA) on your root account.
The root account should have MFA enabled, due to its unlimited access to an account.

Question 8

A developer wants to be alerted when an EC2 running their application is approaching 100% CPU utilization. Which service helps the developer do this in an automated way?

CloudFormation
CloudTrail
CloudWatch
Cost budgets in AWS Budgets

Answer 8

CloudWatch
CloudWatch can monitor the state of your AWS resources and can notify you when an EC2 is approaching 100% utilization.

Question 9

A developer doesn’t want to hardcode the database password in their application code when developing a new application. Which service will help with accessing the password without having to hardcode it?

AWS Artifact
IAM credential report
Secrets Manager
Key Management Service (KMS)

Answer 9

Secrets Manager
Secrets Manager allows you to manage and retrieve secrets (passwords or keys).

Question 10

Which of the following is AWS’ managed DDoS protection service?

AWS Shield
Access control lists
Security groups
AWS WAF

Answer 10

AWS Shield
AWS Shield is AWS’ managed DDoS protection service at Layer 4.

Question 11

You have many database backups you need to store for an indefinite amount of time. If the backups are ever needed, they just need to be retrieved within 6 hours. What is the lowest cost solution for this scenario?

Amazon S3 Standard-IA
Amazon Glacier
Amazon EFS
Amazon S3

Answer 11

Amazon Glacier
Amazon Glacier provides the lowest cost option for long-term storage and is perfectly suited for this scenario. The backups would not need to be retrieved quickly, so Glacier is the best option.

Question 12

According to the Shared Responsibility Model, which of the following is AWS responsible for?(Pick 2)

Amazon Virtual Private Cloud infrastructure
Security groups
Network access control lists
Elastic Cloud Compute (EC2) infrastructure
Subnets

Answer 12

Amazon Virtual Private Cloud infrastructure
Protecting the infrastructure that runs all of the services in the AWS Cloud is the responsibility of AWS. Such services include EC2 infrastructure — the hardware compute platform for running EC2 instances and Amazon Virtual Private Cloud — or VPC, which enables customers to provision a logically isolated section of the AWS Cloud to launch their resources. The subnets, security groups, and network access control lists configured in the VPC are the responsibility of the customer.

Elastic Cloud Compute (EC2) infrastructure
Protecting the infrastructure that runs all of the services in the AWS Cloud is the responsibility of AWS. Such services include EC2 infrastructure — the hardware compute platform for running EC2 instances and Amazon Virtual Private Cloud — or VPC, which enables customers to provision a logically isolated section of the AWS Cloud to launch their resources. The subnets, security groups, and network access control lists configured in the VPC are the responsibility of the customer.

Question 13

If you have a new application and you are not sure about future demand, which of the below characteristics of cloud make cloud an ideal place to host it? (Pick 3)

Performance efficiency
High availability
Pay as you go
No single point of failure
No upfront payment
Scalability

Answer 13

Pay as you go
No upfront payment and pay as you go mean that you do not need an initial outlay of capital for resources to build in cloud. Rather, you only need to pay for what you use going forward. These combined with the ability to consume more resources when needed (scalability) mean that cloud is a great way to host applications that have dynamic requirements.

No upfront payment
No upfront payment and pay as you go mean that you do not need an initial outlay of capital for resources to build in cloud. Rather, you only need to pay for what you use going forward. These combined with the ability to consume more resources when needed (scalability) mean that cloud is a great way to host applications that have dynamic requirements.

Scalability
No upfront payment and pay as you go mean that you do not need an initial outlay of capital for resources to build in cloud. Rather, you only need to pay for what you use going forward. These combined with the ability to consume more resources when needed (scalability) mean that cloud is a great way to host applications that have dynamic requirements.

Question 14

A company wants to block network traffic from accessing an EC2 instance. What’s the best way to protect the EC2 instance from unwanted traffic?

Security group
Macie
Trusted Advisor
IAM group

Answer 14

Security group
The security group acts as a virtual firewall to protect the EC2 instance.

Question 15

Which service powers the creation of encrypted EBS volumes for Amazon EC2?

CloudHSM
Secrets Manager
Identity and Access Management (IAM)
Key Management Service (KMS)

Answer 15

Key Management Service (KMS)
When you create an encrypted Amazon EBS volume, you’re able to specify a KMS customer master key.

Question 16

You need to set up a data warehouse on AWS for financial/actuary data. Which AWS service will you use?

Redshift
ElastiCache
DynamoDB
RDS

Answer 16

Redshift
Redshift is a scalable data warehouse solution.

Question 17

A company is launching a new product and needs help with assessing its operational readiness and identifying and mitigating risks. Which feature of the Enterprise Support plan provides this?

Managed Services
Technology partner from the AWS Partner Network (APN)
Professional Services
Infrastructure Event Management

Answer 17

Infrastructure Event Management
Infrastructure Event Management provides support for planning and running business-critical events.

Question 18

When you pay a subscription fee to a hosting company to serve your website on an instance you manage, which cloud computing model are you using?

Infrastructure as a Service (IaaS)
Function as a Service (FaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)

Answer 18

A. Infrastructure as a Service (IaaS)
IaaS offers building blocks that can be rented. When you pay a web hosting fee, you’re using IaaS.

Question 19

A customer is managing multiple AWS accounts using AWS Organizations. What can the customer use to restrict the same permissions across all AWS accounts managed under AWS Organizations using minimal effort?

Service control policies
S3 bucket policy
IAM organization policy
IAM user policy

Answer 19

Service control policies
AWS Organizations provides central governance and management for multiple accounts. Organization service control policies (SCPs) allow you to create permissions guardrails that apply to all accounts within a given organization.

Question 20

A company is deploying an application to an EC2 instance. They care most about achieving the lowest cost possible and don’t mind if their workloads are interrupted. Which pricing option should the company consider?

Savings Plan
Reserved Instance
Spot Instance
Dedicated Host

Answer 20

Amazon CloudWatch

CloudWatch is a collection of services that help you monitor and observe your cloud resources.

Question 21

Which of the following does Amazon ensure will happen when paying for AWS on an as-needed basis? (Pick 3)

Spending more money in the long term
Enabling the full elasticity of business operations
Spending less money in the long term
Redirecting focus to innovation and invention
Reducing procurement complexity

Answer 21

Enabling the full elasticity of business operations
Amazon provides certain benefits when you pay for services on an as-needed basis for your business. You can spend more time innovating and inventing, which consequently enables your business to be fully elastic.

Redirecting focus to innovation and invention
Amazon provides certain benefits when you pay for services on an as-needed basis for your business, so you can spend more time innovating and inventing.

Reducing procurement complexity
Amazon provides certain benefits when you pay for services on an as-needed basis for your business. You can spend more time innovating and inventing, which consequently reduces the complexity of procurement.

Question 22

Several S3 buckets have been deleted, and a few EC2 instances have been terminated. Which AWS service can you use to determine who took these actions?

AWS CloudWatch
Amazon Inspector
AWS CloudTrail
Trusted Advisor

Answer 22

AWS CloudTrail
CloudTrail provides the event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.

Question 23

Which of the following best describes a system that will remain operational even in the event of a component failure?

Fault tolerant
Elastic
Highly available
Scalable

Answer 23

Fault tolerant
A fault-tolerant system will remain operational even in the event of a component failure.

Question 24

Which of the following best describes an AWS Region?

A collection of data centers that are spread evenly around a specific continent
A console that gives you a quick, global picture of your cloud computing environment
A collection of databases that can only be accessed from a specific geographic region
A distinct location within a geographic area designed to provide high availability to a specific geography

Answer 24

A distinct location within a geographic area designed to provide high availability to a specific geography

A Region is a distinct location within a geographic area designed to provide high availability to a specific geography. Regions are a key concept in AWS’ Global Infrastructure — each is made up of 1 or more isolated (within that Region) Availability Zones. There are often multiple AWS Regions on each continent, such as North America.

Question 25

Which of the following statements are true of Amazon Redshift? (Pick 2)

It is designed for storing petabytes of data.
It is used for transactional systems.
It is a data warehouse service.
It stores unstructured data.

Answer 25

It is designed for storing petabytes of data.
Amazon Redshift is AWS’s data warehouse service designed to scale up to petabytes of structured data.

It is a data warehouse service.
Amazon Redshift is AWS’s data warehouse service designed to scale up to petabytes of structured data.

Question 26

Which AWS service can help you optimize your AWS environment by giving recommendations to reduce cost, increase performance, and improve security?

AWS Trusted Advisor
AWS Inspector
AWS CloudWatch
AWS Optimizations

Answer 26

A. AWS Trusted Advisor
Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.

Question 27

A customer provisioned an on-demand EC2 instance using a Linux AMI. The instance ran for 10 hours, 3 minutes, and 7 seconds before the user terminated it. How much time will the customer be billed for?

10 hours, 4 minutes
10 hours, 3 minutes
10 hours
10 hours, 3 minutes, and 7 seconds

Answer 27

10 hours, 3 minutes, and 7 seconds
You are billed down to the second for an EC2 instance.

Question 28

Which of the following can be used as a web-based interface to view processes in AWS?

AWS SDK
AWS Management Console
AWS API
AWS CLI

Answer 28

AWS Management Console
AWS Management Console is a web application for managing Amazon Web Services.

Question 29

You are reviewing the AWS Shared Responsibility model to present an overview to management on what your company is responsible for in AWS. Which option is a customer responsibility?

Edge locations
Availability Zones
Networking
Customer data

Answer 29

Customer data
Customers are responsible for the storage and securing of their own data.

Question 30

A healthcare company has nightly batch jobs that can afford to be interrupted. Which EC2 pricing model can meet this need and provide great savings by using a supply-and-demand model?

Spot Instances
Standard Reserved Instances
On-Demand
Scheduled Reserved Instances

Answer 30

Spot Instances
EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS Cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices.

Question 31

When would you use the EC2 On-Demand pricing model? (Pick 2)

Discounted cost model compared to Reserved Instances
Guaranteed cost
Unpredictable workloads that cannot be interrupted
No upfront payments required

Answer 31

Unpredictable workloads that cannot be interrupted
You would use the EC2 On-Demand model when you need compute capability that does not require any up front payments or long term commitments, and where you have applications with short-term or unpredictable workloads that cannot be interrupted.

No upfront payments required
You would use the EC2 On-Demand model when you need compute capability that does not require any up front payments or long term commitments, and where you have applications with short-term or unpredictable workloads that cannot be interrupted.

Question 32

Which of the following support services do all accounts receive as part of the AWS Support Basic tier?

Technical Account Manager
Architectural support
Billing support
24/7 support via phone and chat

Answer 32

Billing support
The AWS Support Basic tier is the free support given to all AWS accounts. All accounts receive billing support, because every customer needs an avenue to lodge disputes or make requests around their billing.

Question 33

Which of the following is AWS’ managed database service that is compatible with MySQL?

Aurora
DynamoDB
PostgreSQL
MariaDB

Answer 33

Aurora
Aurora is AWS’ managed database service that is up to 5x faster than a traditional MySQL database.

Question 34

Which of the following are support levels offered by AWS? (Pick 3)

Business
Developer
Start-up
Individual
Basic

Answer 34

Business
AWS Support has 4 levels. Basic is their free entitlement for all AWS Customers. The 3 paid support plans in order of ascending cost are Developer, Business, and Enterprise.

Developer
AWS Support has 4 levels. Basic is their free entitlement for all AWS Customers. The 3 paid support plans in order of ascending cost are Developer, Business, and Enterprise.

Basic
AWS Support has 4 levels. Basic is their free entitlement for all AWS Customers. The 3 paid support plans in order of ascending cost are Developer, Business, and Enterprise.

Question 35

A user uses CloudFormation to deploy infrastructure to multiple Regions. This multi-Region deployment strategy involves which pillar of the AWS Well-Architected Framework?

Performance Efficiency
Reliability
Security
Operational Excellence

Answer 35

Performance Efficiency
This Performance Efficiency pillar focuses on the effective use of resources to meet demand.

Question 36

In Identity and Access Management (IAM), which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS?

Principal
Identity
Resource
Entity

Answer 36

Principal
A principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.

Question 37

Which of the following are advantages of cloud computing? (Pick3)

Agility
Variable expense
Elasticity
Requires large amounts of capital

Answer 37

Agility
The cloud gives you increased agility. All the services you have access to help you innovate faster, giving you speed to market.

Variable expense
You pay for what you use instead of making huge upfront investments.

Elasticity
With elasticity, you do not have to plan ahead of time how much capacity you need. You can provision only what you need, and then grow and shrink based on demand.

Question 38

Which of the following are classified as migration services? (Pick 2)

AWS OpsWorks
AWS Application Discovery Service
AWS Snowball
AWS Config

Answer 38

AWS Application Discovery Service
AWS Application Discovery Service helps you gather information about your on-premises environment and is considered a migration tool.

AWS Snowball
Snowball helps you migrate massive amounts of data into cloud, so it is considered a migration tool.

Question 39

A company has multiple AWS accounts across many departments. They are considering using Organizations to group all their accounts under 1 master payer account. What are the benefits of using Organizations? (Pick 3)

They can reduce costs by sharing resources across accounts.
They can easily add new accounts or create new accounts.
The IAM integration allows for IAM users to be deleted automatically when an account is closed.
They can receive 1 bill for all their AWS accounts.
They can automatically be alerted when new accounts are set up.

Answer 39

They can reduce costs by sharing resources across accounts.
Cost savings is a benefit of AWS Organizations. You’ll receive volume discounts since usage is combined across accounts.

They can easily add new accounts or create new accounts.
Account governance is a benefit of AWS Organizations. You have a quick and automated way to create accounts or invite existing accounts.

They can receive 1 bill for all their AWS accounts.
Consolidated billing is a benefit of AWS Organizations. The advantage of consolidated billing is that you receive 1 bill for multiple accounts.

Question 40

A recent audit has dictated that a company begin keeping a log of AWS Management Console actions and API calls. Which AWS service can help with this?

AWS Inspector
CloudFormation
AWS CloudTrail
CloudWatch

Answer 40

AWS CloudTrail

CloudTrail tracks user activity and API calls within your account.

Question 41

Who are the main users of the AWS Command Line Interface (CLI)?

Non-technical roles
New cloud users
Developers
Business Analysts

Answer 41

Developers
Developers are the main the users of the CLI.

Question 42

A customer would like to store secondary backup copies of on-premises data to the cloud. The customer is not concerned about an extra level of protection by geographic redundancy but requires rapid access to the data when it is needed. Which Amazon S3 storage class should be used as the lowest cost option with rapid access?

S3 Standard
S3 Standard-Infrequent Access
S3 One Zone-Infrequent Access
S3 Glacier Deep Archive

Answer 42

S3 One Zone-Infrequent Access
S3 One Zone-Infrequent Access is designed for customers who want a lower cost option for infrequently accessed data but do not require the multiple Availability Zone data resilience model of the S3 Standard or S3 Standard-Infrequent Access storage classes. S3 One Zone-Infrequent Access provides millisecond access when the data is needed.

Question 43

You want to monitor the cost of using your AWS services and receive alerts when the thresholds you define are met. Which of the following AWS Budgets types should you create?

Reservation budget
Cost budget
Usage budget
Savings Plans budget

Answer 43

Cost budget
You need to create a cost budget with AWS Budgets if you want to monitor the cost of using your AWS services.

Question 44

Your team needs to begin monitoring the applications running in your AWS account by collecting metrics, logs, and events. Which AWS service can you use?

AWS App Monitoring
Amazon CloudTrail
Amazon CloudWatch
AWS Config

Answer 44

Amazon CloudWatch

CloudWatch is a collection of services that help you monitor and observe your cloud resources.

Question 45

Which of the following best describes Availability Zones (AZs)?

Restricted areas designed specifically for the creation of virtual private clouds (VPCs) that span AZs

Two zones containing compute resources that are designed to automatically maintain synchronized copies of each other’s data

Distinct locations from within an AWS Region that are engineered to be isolated from failures

A content distribution network used to deliver content to users

Answer 45

Distinct locations from within an AWS Region that are engineered to be isolated from failures

Availability Zones are distinct locations from within an AWS Region that are engineered to be isolated from failures. Each Region is made up of 1 or more AZs. Availability Zones host almost every AWS service, including EC2 instances, S3 buckets, and much more. Some services will maintain copies of your data between Availability Zones, but this is dependent on the individual service (for example, S3 can store data in multiple AZs, whereas an EC2 instance is tied to a single AZ).

Question 46

AWS VPC is a component of which of the following overall service categories?

Management Tools
Migration Services
Compute
Database
Storage
Networking and Content Delivery

Answer 46

Networking and Content Delivery

VPC is a core component of AWS’ network services and is the underlying resource that allows your other resources and instances to communicate with each other privately.

Question 47

When might Auto Scaling be used?

To control provisioning of S3 bucket capacity
When you require scalable capacity to maintain service levels in your environment
Where predictable workload patterns exist
To provision resources that can be adjusted once per 24-hour period

Answer 47

When you require scalable capacity to maintain service levels in your environment
Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost.

Question 48

How can a customer meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated hardware in the cloud?

DynamoDB
CloudHSM
Identity and Access Management
Secrets Manager

Answer 48

CloudHSM
CloudHSM allows customers to meet compliance requirements for data security by using dedicated hardware.

Question 49

You have joined a small company and inherited an AWS application built within the EC2-Classic network. Which load balancer will work with this application?

Network Load Balancer
None. The application needs to be upgraded.
Application Load Balancer
Classic Load Balancer

Answer 49

Classic Load Balancer

Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. Classic Load Balancer is intended for applications that were built within the EC2-Classic network.

Question 50

Which of the following best describes DynamoDB?

DynamoDB is a MySQL database.
DynamoDB is a SQL database.
DynamoDB is a NoSQL database.
DynamoDB is a Mongo database.

Answer 50

DynamoDB is a NoSQL database.
DynamoDB is a fast and flexible NoSQL database. NoSQL databases are non-relational and have a dynamic structure, whereas SQL is relational and has a pre-defined structure.

Question 51

An organization is considering migrating internal applications to the AWS Cloud. The organization will follow the 5 pillars of the AWS Well-Architected Framework. Which items are pillars of the AWS Well-Architected Framework? (Pick 2)

Ease of use
Reliability
Operational excellence
Scalability
Elasticity

Answer 51

Reliability
The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.

Operational excellence
The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to improve supporting processes and procedures continually.

Question 52

AWS uses the shared responsibility model. For security, which of the following are the responsibilities of AWS? (Pick 3)

User password rules
Physically securing compute resources
Configure security groups
Network patching
Disk disposal

Answer 52

Physically securing compute resources
AWS is in charge of physically securing compute resources, as it is part of the infrastructure that runs all of the services offered in the AWS cloud.

Network patching
Network patching is one of AWS’s responsibilities, as it is connected to the infrastructure AWS handles.

Disk disposal
Disk disposal is one of AWS’s responsibilities, as it is connected to the infrastructure AWS handles.

Question 53

You have just created a new bucket and uploaded a file into it. Will this be automatically viewable by anyone on the internet?

Only if you have a NAT gateway
Yes - by default, buckets and their contents are public
No - by default, buckets and their contents are private
Only if you have an internet gateway

Answer 53

No - by default, buckets and their contents are private

By default, all data stored in S3 is not viewable by the public. If you want a bucket or object to be accessible by the public, you must explicitly make it so. NAT gateways and internet gateways are needed to allow communications between VPCs and the internet, but they are not required when it comes to S3.

Question 54

Which of the below are you responsible for managing when storing data in S3? (Pick 2)

Who has access to data you stored on the S3 service
Who has access to the S3 infrastructure software
Who has access to the storage hardware
Who has access to the network hardware
Who has access to the S3 service

Answer 54

Who has access to data you stored on the S3 service
Under the Shared Responsibility Model for managed services, AWS takes responsibility for managing all the hardware (including access, patching, and other maintenance). When it comes to S3, the customer is responsible for all aspects of the data being stored on S3, and who has access to manage the S3 service for that account.

Who has access to the S3 service
Under the Shared Responsibility Model for managed services, AWS takes responsibility for managing all the hardware (including access, patching, and other maintenance). When it comes to S3, the customer is responsible for all aspects of the data being stored on S3, and who has access to manage the S3 service for that account.

Question 55

Which of the following are characteristics of Availability Zones (AZs)? (Pick 3)

Data centers housed in the same facility
Physically separated
Fault tolerant
Connected through low-latency links

Answer 55

Physically separated
AZs are physically separated.

Fault tolerant
AZs are fault tolerant.

Connected through low-latency links
AZs are connected to each other through low-latency links.

Question 56

You have been tasked with going into the AWS company account and getting information on saving money, improving system performance and reliability, and closing security gaps. Which tool can you use to get this information?

AWS Cost and Usage Report
AWS Inspector
CloudWatch
AWS Trusted Advisor

Answer 56

AWS Trusted Advisor
Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.

Question 57

Which of the following are valid ways for an IAM user to manage AWS resources? (Pick 3)

Security group access via the AWS command line
Using the AWS SDK
Programmatic access via the command line
Emergency access via Identity and Access Management (IAM)
AWS Management Console access

Answer 57

Using the AWS SDK
The two types of access are AWS Management Console access and programmatic access. Programmatic access is available via the AWS API, the CLI, and the SDKs - and an IAM user can use all these methods.

Programmatic access via the command line
The 2 types of access are AWS Management Console access and programmatic access. Programmatic access is available via the AWS API, the CLI, and the SDKs - and an IAM user can use all these methods.

AWS Management Console access
The 2 types of access are AWS Management Console access and programmatic access. Programmatic access is available via the AWS API, the CLI, and the SDKs - and an IAM user can use all these methods.

Question 58

A company is planning for increased sales and traffic during an upcoming holiday sale. How can the company BEST prepare to meet the upcoming change in demand?

Develop a page to display, when demand can’t be met, asking the customer to try again later.
Review traffic from the previous year’s sale and add additional instances to match the capacity used.
Implement EC2 Auto Scaling.
Cache content using Amazon ElastiCache.

Answer 58

Implement EC2 Auto Scaling.
Auto Scaling adds or removes EC2 instances based on demand.

Question 59

With which AWS service, coupled with EC2, can you implement elasticity by adding and removing instances as needed?

Elastic Beanstalk
CloudFormation
Auto Scaling
AWS Systems Manager

Answer 59

Auto Scaling
Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance.

Question 60

Your company has decided to migrate a SQL Server database to a newly created AWS account. Which service can be used to migrate the database?

Database Migration Service
ElastiCache
DynamoDB
AWS RDS

Answer 60

Database Migration Service

DMS helps you migrate databases to or within AWS.

Question 61

A DevOps engineer is planning for the deployment of an application that can’t be impacted if an entire geographic location is affected by a disaster. How can the engineer deploy this application?

Place a load balancer in front of the application.
Deploy the application to multiple VPCs.
Deploy the application to multiple subnets.
Deploy the application to multiple Regions.

Answer 61

Deploy the application to multiple Regions.
AWS logically groups its Regions into geographic locations. Each Region is spread out and fully independent and isolated from other Regions. If there’s a flood, tsunami or earthquake in 1 Region, the other Regions will not be impacted. Because of this, it makes sense to deploy your application to multiple Regions.

Question 62

A company wants to provide access to an Amazon S3 bucket to all applications running on a Reserved Instance (RI) that’s been assigned to a specific Availability Zone. What’s the best way to give S3 access to all applications running on the EC2 instance?

IAM user
IAM policy with Amazon S3 access
IAM policy with administrator access
IAM role

Answer 62

IAM role
The company will need to create a role that grants access to S3 and associate it with the instance.

Question 63

What is the maximum number of objects you can store in S3 per AWS account?

65,536
Unlimited
1,048,576
262,144

Answer 63

Unlimited

You can store an essentially unlimited number of objects in S3 - either in a single bucket or across multiple in your account.

Question 64

An oil and gas utility company which is highly regulated must create a Cloud governance scheme. The company is organized into multiple autonomous departments which will all be using AWS resources. These departments each sponsor independent projects that are reviewed by regulatory boards for the approval of customer price increases. The code and infrastructure for each project has production, development, and testing environments. Which of the following account strategies will maximize security and operational efficiency for the company?

Create multiple AWS accounts, 1 for each autonomous department within the company.

Create multiple AWS accounts: 1 for the production environment, 1 for the development environment, and 1 for the testing environment for all departments.

Create a single AWS account for centralized security management.

Create an Organizational Unit structure in AWS Organizations with separate underlying accounts for production, development, and testing environments.

Answer 64

Create an Organizational Unit structure in AWS Organizations with separate underlying accounts for production, development, and testing environments.

A multi-layered account structure will work best for this company, leveraging AWS Organizations to establish Organizational Units for each department, with separate production, development, and testing environments. While there is no physical AWS account at the department level, service control policies can be applied at the Organizational Unit level, and billing can be reported separately for each department. An account for each department — in which the department combines dev/test/prod — or a single account for the company hosting all workloads together will NOT provide segregation of production, development, and testing environments at the account level. Multiple standalone accounts for each department and environment would compromise operational efficiency in managing environments across departments, as there is no overarching AWS Organization to manage all the accounts centrally.

Question 65

A company is considering a serverless architecture and wants to build and run applications without having to manage infrastructure. Which AWS services should the company consider using when building applications? (Pick 4)

EC2
Lambda
Fargate
DynamoDB
S3

Answer 65

Lambda
Serverless is a way to build and run applications without having to manage infrastructure. Lambda is considered serverless.

Fargate
Serverless is a way to build and run applications without having to manage infrastructure. Fargate is considered serverless.

DynamoDB
Serverless is a way to build and run applications without having to manage infrastructure. DynamoDB is considered serverless.

S3
Serverless is a way to build and run applications without having to manage infrastructure. S3 is considered serverless.