ACCP Flashcards

Question 1

Q

Under the shared responsibility model, which of the following is the customer responsible for?

A. Ensuring that disk drives are wiped after use.
B. Ensuring that firmware is updated on hardware devices.
C. Ensuring that data is encrypted at rest.
D. Ensuring that network cables are category six or higher.

Answer

A

C. Ensuring that data is encrypted at rest.

Explanation:
AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes

Question 2

Q

The use of what AWS feature or service allows companies to track and categorize spending on a detailed level?

A. Cost allocation tags
B. Consolidated billing
C. AWS Budgets
D. AWS Marketplace

Answer

A

C. AWS Budgets

Reference: https://aws.amazon.com/blogs/startups/how-to-set-aws-budget-when-paying-with-aws-credits/

Question 3

Q

Which service stores objects, provides real-time access to those objects, and offers versioning and lifecycle
capabilities?

A. Amazon Glacier
B. AWS Storage Gateway
C. Amazon S3
D. Amazon EBS

Answer

A

C. Amazon S3

Reference: https://aws.amazon.com/s3/faqs/

Question 4

Q

What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty
practice areas?

A. AWS Enterprise Support
B. AWS Solutions Architects
C. AWS Professional Services
D. AWS Account Managers

Answer

A

C. AWS Professional Services

Reference: https://aws.amazon.com/professional-services/

Question 5

Q

A customer would like to design and build a new workload on AWS Cloud but does not have the AWS-related software technical expertise in-house.

Which of the following AWS programs can a customer take advantage of to achieve that outcome?

A. AWS Partner Network Technology Partners
B. AWS Marketplace
C. AWS Partner Network Consulting Partners
D. AWS Service Catalog

Answer

A

C. AWS Partner Network Consulting Partners

Question 6

Q

Distributing workloads across multiple Availability Zones supports which cloud architecture design principle?

A. Implement automation.
B. Design for agility.
C. Design for failure.
D. Implement elasticity.

Answer

A

A. Implement automation.
example: (Auto Scaling Group)

Explanation/Reference:
Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

Question 7

Q

Which AWS services can host a Microsoft SQL Server database? (Select TWO.)

A. Amazon EC2
B. Amazon Relational Database Service (Amazon RDS)
C. Amazon Aurora
D. Amazon Redshift
E. Amazon S3

Answer

A

A. Amazon EC2
B. Amazon Relational Database Service (Amazon RDS)

Explanation/Reference:
Reference: https://aws.amazon.com/sql/

Question 8

Q

Which of the following inspects AWS environments to find opportunities that can save money for users and also improve system performance?

A. AWS Cost Explorer
B. AWS Trusted Advisor
C. Consolidated billing
D. Detailed billing

Answer

A

A. AWS Cost Explorer

Explanation/Reference:
Reference: https://wa.aws.amazon.com/wat.pillar.costoptimization.en.html

Question 9

Q

Which of the following Amazon EC2 pricing models allow customers to use existing server-bound
software licenses?

A. Spot Instances
B. Reserved Instances
C. Dedicated Hosts
D. On-Demand Instances

Answer

A

C. Dedicated Hosts

Explanation/Reference:
Reference: https://aws.amazon.com/ec2/pricing/

Question 10

Q

Which AWS characteristics make AWS cost effective for a workload with dynamic user demand? (Select TWO.)

A. High availability
B. Shared security model
C. Elasticity
D. Pay-as-you-go pricing
E. Reliability

Answer

A

C. Elasticity
D. Pay-as-you-go pricing

Explanation/Reference:
Reference: https://aws.amazon.com/ec2/pricing/

Question 11

Q

Which service enables risk auditing by continuously monitoring and logging account activity, including user actions in the AWS Management Console and AWS SDKs?

A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS Config
D. AWS Health

Answer

A

B. AWS CloudTrail

Explanation/Reference:
Reference: https://aws.amazon.com/cloudtrail/

Question 12

Q

Which of the following are characteristics of Amazon S3? (Select TWO.)

A. A global filesystem
B. An object store
C. A local file store
D. A network file system
E. A durable storage system

Answer

A

A. A global filesystem
B. An object store

Question 13

Q

Which services can be used across hybrid AWS Cloud architectures? (Select TWO.)

A. Amazon Route53
B. Virtual Private Gateway
C. Classic Load Balancer
D. Auto Scaling
E. Amazon CloudWatch default metrics

Answer

A

A. Amazon Route53
B. Virtual Private Gateway

https://www.stratoscale.com/blog/cloud/building-hybrid-cloud-environment-using-amazon-cloud/

Question 14

Q

What costs are included when comparing AWS Total Cost of Ownership (TCO) with on-premises TCO?

A. Project management
B. Antivirus software licensing
C. Data center security
D. Software development

Answer

A

A. Project management

Question 15

Q

A company is considering using AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes.

Which service should the company use?

A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon Elastic Compute Cloud (Amazon EC2) with Amazon EC2 instance store
D. Amazon EC2 with Amazon Elastic Block Store (Amazon EBS)

Answer

A

A. Amazon Redshift

Question 16

Q

Which of the following is a correct relationship between regions, Availability Zones, and edge locations?

A. Datacenters contain regions.
B. Regions contain Availability Zones.
C. Availability Zones contain edge locations.
D. Edge locations contain regions.

Answer

A

B. Regions contain Availability Zones.

Explanation/Reference:
Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/#Region_Maps_and_Edge_Networks

Question 17

Q

Which AWS tools assist with estimating costs? (Select TWO.)

A. Detailed billing report
B. Cost allocation tags
C. AWS Simple Monthly Calculator
D. AWS Total Cost of Ownership (TCO) Calculator
E. Cost Eliminator

Answer

A

B. Cost allocation tags
D. AWS Total Cost of Ownership (TCO) Calculator

Explanation/Reference:
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/estimating-aws-resource-costs/

Question 18

Q

Which of the following are advantages of AWS consolidated billing? (Select TWO.)

A. The ability to receive one bill for multiple accounts
B. Service limits increasing by default in all accounts
C. A fixed discount on the monthly bill
D. Potential volume discounts, as usage in all accounts is combined
E. The automatic extension of the master account’s AWS support plan to all accounts

Answer

A

A. The ability to receive one bill for multiple accounts
D. Potential volume discounts, as usage in all accounts is combined

Explanation/Reference:
Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

Question 19

Q

Which of the following Reserved Instance (RI) pricing models provides the highest average savings compared to On-
Demand pricing?

A. One-year, NoUpfront, Standard RI pricing
B. One-year, All Upfront, Convertible RI pricing
year
C. Three-year, All Upfront, Standard RI pricing
D. Three-year, No Upfront, Convertible RI pricing

Answer

A

C. Three-year, All Upfront, Standard RI pricing

Explanation/Reference:
Reference: https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/

Question 20

Q

Compared with costs in traditional and virtualized datacenters, AWS has:

A. greater variable costs and greater up front costs.
B. fixed usage costs and lower up front costs.
C. lower variable costs and greater upfront costs.
D. lower variable costs and lower upfront costs.

Answer

A

D. lower variable costs and lower upfront costs.

Explanation/Reference:
Reference: https://d1.awsstatic.com/whitepapers/introduction-to-aws-cloud-economics-final.pdf (10)

Question 21

Q

A characteristic of edge locations is that they:

A. host Amazon EC2 instances closer to users.
B. help lower latency and improve performance for users.
C. cache frequently changing data without reaching the origin server.
D. refresh data changes daily.

Answer

A

C. cache frequently changing data without reaching the origin server.

Explanation/Reference:
Reference: https://www.edureka.co/community/600/what-is-an-edge-location-in-aws

Question 22

Q

Which of the following can limit Amazon Storage Service (Amazon S3) bucket access to specific users?

A. A public and private key-pair
B. Amazon Inspector
C. AWS Identity and Access Management (IAM) policies
D. Security Groups

Answer

A

C. AWS Identity and Access Management (IAM) policies

Explanation/Reference:
Reference: https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/

Question 23

Q

Which of the following security-related actions are available at no cost?

A. Calling AWS Support
B. Contacting AWS Professional Services to request a workshop
C. Accessing forums, blogs, and whitepapers
D. Attending AWS classes at a local university

Answer

A

C. Accessing forums, blogs, and whitepapers

Question 24

Q

Which of the Reserved Instance (RI) pricing models can change the attributes of the RI as long as the exchange results in the creation of RIs of equal or greater value?

A. Dedicated RIs
B. Scheduled RIs
C. Convertible RIs
D. Standard RIs

Answer

A

C. Convertible RIs

Explanation/Reference:
Reference: https://aws.amazon.com/ec2/pricing/reserved-instances/

Question 25

Q

Which AWS feature will reduce the customer’s total cost of
ownership (TCO)?

A. Shared responsibility security model
B. Single tenancy
C. Elastic computing
D. Encryption

Answer

A

C. Elastic computing

Question 26

Q

Which of the following services will automatically scale with an expected increase in web traffic?

A. AWS Code Pipeline
B. Elastic Load Balancing
C. Amazon EBS
D. AWS Direct Connect

Answer

A

B. Elastic Load Balancing

Explanation/Reference:
Reference: https://aws.amazon.com/elasticloadbalancing/

Question 27

Q

Where are AWS compliance documents, such as an SOC 1 report, located?

A. Amazon Inspector
B. AWS CloudTrail
C. AWS Artifact
D. AWS Certificate Manager

Answer

A

C. AWS Artifact

Explanation/Reference:
Reference: https://aws.amazon.com/compliance/soc-faqs/

Question 28

Q

Under the AWS shared responsibility model, which of the following activities are the customer’s responsibility? (Choose two.)

A. Patching operating system components for Amazon Relational Database Server (Amazon RDS)
B. Encrypting data on the client-side
C. Training the data center staff
D. Configuring Network Access Control Lists (ACL)
E. Maintaining environmental controls within a datacenter

Answer

A

B. Encrypting data on the client-side
D. Configuring Network Access Control Lists (ACL)

Explanation/Reference:
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Question 29

Q

Which is a recommended pattern for designing a highly available
architecture on AWS?

A. Ensure that components have low-latency network connectivity.
B. Run enough Amazon EC2 instances to operate at peak load.
C. Ensure that the application is designed to accommodate failure of any single component.
D. Use a monolithic application that handles all operations.

Answer

A

C. Ensure that the application is designed to accommodate failure of any single component.

Question 30

Q

According to best practices, how should an application be designed to run in
the AWS Cloud?

A. Use tightly coupled components.
B. Use loosely coupled components.
C. Use infrequently coupled components. D. Use frequently coupled components.

Answer

A

B. Use loosely coupled components.

Explanation/Reference:
Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

Question 31

Q

AWS supports which of the following methods to add security to Identity and Access Management (IAM) users? (Choose two.)

A. Implementing Amazon Rekognition
B. Using AWS Shield-protected resources
C. Blocking access with Security Groups
D. Using Multi-Factor Authentication (MFA)
E. Enforcing password strength and expiration

Answer

A

D. Using Multi-Factor Authentication (MFA)
E. Enforcing password strength and expiration

Question 32

Q

Which AWS services should be used for read/write of constantly changing
data? (Choose two.)

A. Amazon Glacier
B. Amazon RDS
C. AWS Snowball
D. Amazon Redshift
E. Amazon EFS

Answer

A

B. Amazon RDS
E. Amazon EFS

Question 33

Q

What is one of the advantages of the Amazon Relational Database Service
(Amazon RDS)?

A. It simplifies relational database administration tasks.
B. It provides 99.99999999999% reliability and durability.
C. It automatically scales databases for loads.
D. It enabled users to dynamically adjust CPU and RAM resources.

Answer

A

A. It simplifies relational database administration tasks.

Question 34

Q

A customer needs to run a MySQL databasethat easily scales.

Which AWS service should they use?

A. Amazon Aurora
B. Amazon Redshift
C. Amazon DynamoDB
D. Amazon ElastiCache

Answer

A

A. Amazon Aurora

Explanation/Reference:
Reference: https://aws.amazon.com/rds/aurora/serverless/

Question 35

Q

Which of the following components of the AWS Global Infrastructure consists of one or more discrete data centers interconnected through low latency links?

A. Availability Zone
B. Edge location
C. Region
D. Private networking

Answer

A

A. Availability Zone

Explanation/Reference:
Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/global-infrastructure.html

Question 36

Q

Which of the following is a shared control between the customer and AWS?

A. Providing a key for Amazon S3 client-side encryption
B. Configuration of an Amazon EC2 instance
C. Environmental controls of physical AWS data centers
D. Awareness and training

Answer

A

D. Awareness and training

Explanation/Reference:
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Question 37

Q

How many Availability Zones should compute resources be provisioned across to achieve high availability?

A. A minimum of one
B. A minimum of two
C. A minimum of three
D. A minimum of four or more

Answer

A

B. A minimum of two

Question 38

Q

One of the advantages to moving infrastructure from an on-premises data center to the AWS Cloud is:

A. it allows the business to eliminate IT bills.
B. it allows the business to put a server in each customer’s datacenter.
C. it allows the business to focus on business activities.
D. it allows the business to leave servers unpatched.

Answer

A

C. it allows the business to focus on business activities.

Question 39

Q

What is the lowest-cost, durable storage option for retaining database backups for
immediate retrieval?

A. Amazon S3
B. Amazon Glacier
C. Amazon EBS
D. Amazon EC2 Instance Store

Answer

A

A. Amazon S3

Question 40

Q

Which AWS IAM feature allows developers to access AWS services through the AWS CLI?

A. API keys
B. Access keys
C. User names/Passwords
D. SSH keys

Answer

A

B. Access keys

Explanation/Reference:
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access- keys.html

Question 41

Q

Which of the following is a fast and reliable NoSQL database service?

A. Amazon Redshift
B. Amazon RDS
C. Amazon DynamoDB
D. Amazon S3

Answer

A

C. Amazon DynamoDB

Explanation/Reference:
Reference: https://aws.amazon.com/dynamodb/

Question 42

Q

What is an example of agility in
the AWS Cloud?

A. Access to multiple instance types
B. Access to managed services
C. Using Consolidated Billing to produce one bill
D. Decreased acquisition time for new compute resources

Answer

A

D. Decreased acquisition time for new compute resources

Explanation/Reference:
Reference: https://aws.amazon.com/blogs/enterprise-strategy/risk-is-lack-of-agility/

Question 43

Q

Which service should a customer use to consolidate and centrally manage multiple
AWS accounts?

A. AWS IAM
B. AWS Organizations
C. AWS Schema Conversion Tool
D. AWS Config

Answer

A

B. AWS Organizations

Explanation/Reference:
Reference: https://aws.amazon.com/organizations/

Question 44

Q

What approach to transcoding a large number of individual video files adheres to AWS architecture principles?

A. Using many instances in parallel
B. Using a single large instance during off-peakhours
C. Using dedicated hardware
D. Using a large GPU instance type

Answer

A

A. Using many instances in parallel

Explanation/Reference:
Reference: https://aws.amazon.com/solutions/case-studies/encoding/

Question 45

Q

For which auditing process does AWS have
sole responsibility?

A. AWS IAM policies
B. Physical security
C. Amazon S3 bucket policies
D. AWS CloudTrail Logs

Answer

A

B. Physical security

Question 46

Q

Which feature of the AWS Cloud will support an international company’s requirement for low latency to all of its customers?

A. Fault tolerance
B. Global reach
C. Pay-as-you-go pricing
D. High availability

Answer

A

B. Global reach

Question 47

Q

Which of the following is the customer’s responsibility under the AWS shared
responsibility model?

A. Patching underlying infrastructure
B. Physical security
C. Patching Amazon EC2 instances
D. Patching network infrastructure

Answer

A

C. Patching Amazon EC2 instances

Explanation/Reference:
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Question 48

Q

A customer is using multiple AWS accounts with separate billing.

How can the customer take advantage of volume discounts with minimal impact to the AWS resources?

A. Create one global AWS account and move all AWS resources to that account. B. Sign up for three years of Reserved Instance pricing up front.
C. Use the consolidated billing feature from AWS Organizations.
D. Sign up for the AWS Enterprise support plan to get volume discounts.

Answer

A

C. Use the consolidated billing feature from AWS Organizations.

Explanation/Reference:
Reference: https://aws.amazon.com/answers/account-management/aws-multi-account-billing-strategy/

Question 49

Q

Which of the following are features of Amazon CloudWatch Logs? (Choose two.)

A. Summaries by Amazon Simple Notification Service (Amazon SNS)
B. Free Amazon Elasticsearch Service analytics
C. Provided at no charge
D. Real-time monitoring
E. Adjustable retention

Answer

A

D. Real-time monitoring
E. Adjustable retention

Question 50

Q

Which of the following is an AWS managed Domain Name System (DNS) web service?

A. Amazon Route53
B. Amazon Neptune
C. Amazon SageMaker
D. Amazon Lightsail

Answer

A

A. Amazon Route53

Explanation/Reference:
Reference: https://aws.amazon.com/getting-started/tutorials/get-a-domain/

Question 51

Q

A customer is deploying a new application and needs to choose an AWS Region.

Which of the following factors could influence the customer’s decision? (Choose two.)

A. Reduced latency to users
B. The application’s presentation in the local language
C. Data sovereignty compliance
D. Cooling costs in hotter climates
E. Proximity to the customer’s office for on-site visits

Answer

A

A. Reduced latency to users
C. Data sovereignty compliance

Question 52

Q

Which storage service can be used as a low-cost option for hosting
static websites?

A. Amazon Glacier
B. Amazon DynamoDB
C. Amazon Elastic File System (Amazon EFS)
D. Amazon Simple Storage Service (Amazon S3)

Answer

A

D. Amazon Simple Storage Service (Amazon S3)

Explanation/Reference:
Reference: https://aws.amazon.com/getting-started/projects/host-static-website/

Question 53

Q

Which Amazon EC2 instance pricing model can provide discounts of up to 90%?

A. Reserved Instances
B. On-Demand
C. Dedicated Hosts
D. Spot Instances

Answer

A

D. Spot Instances

Explanation/Reference:
Reference: https://aws.amazon.com/ec2/spot/

Question 54

Q

What is the AWS customer responsible for according to the AWS shared
responsibility model?

A. Physical access controls
B. Data encryption
C. Secure disposal of storage devices
D. Environmental risk management

Answer

A

B. Data encryption

Question 55

Q

Which of the following AWS Cloud services can be used to run a customer-managed
relational database?

A. Amazon EC2
B. Amazon Route53
C. Amazon ElastiCache
D. Amazon DynamoDB

Answer

A

A. Amazon EC2

Question 56

Q

A company is looking for a scalable data
warehouse solution.

Which of the following AWS solutions would meet the company’s needs?

A. Amazon Simple Storage Service (Amazon S3)
B. Amazon DynamoDB
C. Amazon Kinesis
D. Amazon Redshift

Answer

A

D. Amazon Redshift

Explanation/Reference:
Reference: https://aws.amazon.com/redshift/

Question 57

Q

Which statement best describes Elastic
Load Balancing?

A. It translates a domain name into an IP address using DNS.
B. It distributes incoming application traffic across one or more Amazon EC2 instances.
C. It collects metrics on connected Amazon EC2 instances.
D. It automatically adjusts the number of Amazon EC2 instances to support incoming traffic.

Answer

A

B. It distributes incoming application traffic across one or more Amazon EC2 instances.

Explanation/Reference:
Reference: https://aws.amazon.com/elasticloadbalancing/

Question 58

Q

Which of the following are valid ways for a customer to interact with AWS services? (Choose two.)

A. Command line interface
B. On-premises
C. Software Development Kits
D. Software-as-a-service
E. Hybrid

Answer

A

A. Command line interface
C. Software Development Kits

Question 59

Q

The AWS Cloud’s multiple Regions are
an example of:

A. Agility
B. Global infrastructure
C. Elasticity
D. Pay-as-you-go pricing

Answer

A

B. Global infrastructure

Question 60

Q

Which of the following AWS services can be used to serve large amounts of online video content with the lowest possible latency? (Choose two.)

A. AWS Storage Gateway
B. Amazon S3
C. Amazon Elastic File System (EFS)
D. Amazon Glacier
E. Amazom CloudFront

Answer

A

B. Amazon S3
E. Amazom CloudFront

Explanation/Reference:
Reference: https://aws.amazon.com/getting-started/tutorials/deliver-content-faster/ https://aws.amazon.com/cloudfront/

Question 61

Q

Web servers running on Amazon EC2 access a legacy application running in a corporate data center.

What term would describe this model?

A. Cloud-native
B. Partner network
C. Hybrid architecture
D. Infrastructure as a service

Answer

A

C. Hybrid architecture

Explanation/Reference:
Reference: https://aws.amazon.com/enterprise/hybrid/

Question 62

Q

What is the benefit of using AWS managed services, such as Amazon ElastiCache and Amazon Relational Database Service (Amazon RDS)?

A. They require the customer to monitor and replace failing instances.
B. They have better performance than customer-managed services.
C. They simplify patching and updating underlying OSs.
D. They do not require the customer to optimize instance type or size selections.

Answer

A

B. They have better performance than customer-managed services.

Question 63

Q

Which service provides a virtually unlimited amount of online highly durable object storage?

A. Amazon Redshift
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elastic Container Service (Amazon ECS)
D. Amazon S3

Answer

A

D. Amazon S3

Explanation/Reference:
Reference: https://aws.amazon.com/what-is-cloud-object-storage/

Question 64

Q

Which of the following Identity and Access Management (IAM) entities is associated with an access key ID and secret access key when using AWS Command Line Interface (AWS CLI)?

A. IAM group
B. IAM user
C. IAM role
D. IAM policy

Answer

A

D. IAM policy

Explanation/Reference:
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

Answer 65

A

B. AWS Trusted Advisor security checks
C. Data encryption

Explanation/Reference:
Reference: https://aws.amazon.com/security/

Answer 66

A

D. Amazon RDS

Explanation/Reference:
Explanation
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such
as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. Reference:
https://aws.amazon.com/rds/?c=db&sec=srv

Answer 67

A

D. Amazon EFS

Explanation/Reference:
Explanation:
Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth.
Amazon EFS is designed to provide the throughput, IOPS, and low latency needed for Linux workloads. Throughput and IOPS scale as a file system grows and can burst to higher throughput levels for short periods of time to support the unpredictable performance needs of file workloads. For the most demanding workloads, Amazon EFS can support performance over 10 GB/sec and up to 500,000 IOPS.

Answer 68

A

D. Implement elasticity

Cloud services main proposition is to provide elasticity through horizontal scaling. It’s already there. As for using largest instance possible, it is not a design principle that helps cloud applications in anyway. Scrum development process is not related to architecting. Therefore, a key principle is to provision your application for on-demand capacity. Peak loads is something that cloud applications experience everyday. Peak load management should be a necessary part of cloud application design principle.
Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

Answer 69

A

B. Amazon Glacier

Explanation/Reference:
Explanation
Amazon S3 Glacier is a secure, durable, and low-cost storage class of S3 for data archiving and long-term backup. Customers can store large or small amounts of data for as little as $0.004 per gigabyte per month. The S3 Glacier storage class is ideal for archives where data is regularly retrieved and some of the data may be needed in minutes.
Amazon RDS is a relational database service that hosts databases. It helps you create and manage databases. Amazon Snowball is a petabyte-scale data transfer service that provides cost efficient data transfer to AWS from tamper proof physical devices. Similarly, Elastic block storage offers persistent block storage volumes for EC2 instances. Reference: https://aws.amazon.com/backup-restore/services/

Answer 70

A

B. Patch management

Answer 71

A

D. Amazon Direct Connect

Explanation/Reference:
Explanation:
AWS Direct Connect enables you to securely connect your AWS environment to your on-premises data center or office location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic connection. AWS Direct Connect offers dedicated high speed, low latency connection, which bypasses internet service providers in your network path. An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. AWS Direct Connect allows you to logically partition the fiber-optic connections into multiple logical connections called Virtual Local Area Networks (VLAN). You can take advantage of these logical connections to improve security, differentiate traffic, and achieve compliance requirements.
Reference: https://aws.amazon.com/getting-started/projects/connect-data-center-to-aws/

Answer 72

A

B. AWS Lambda

Explanation/Reference:
Explanation:
AWS Lambda is an integral part of coding on AWS. It reduces physical compute footprint by utilizing aws cloud services to run code.

Answer 73

A

A. AWS Personal Health Dashboard

Explanation/Reference:
Explanation:
AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.
Reference: https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

Answer 74

A

A. Fault Tolerance
D. Performance

Explanation/Reference:
Explanation:
Like your customized cloud expert, AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: cost optimization, performance, security, fault tolerance and service limits. Reference: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

Answer 75

A

C. Updating Amazon EC2 host firmware

Explanation/Reference:
Explanation:
AWS Compliance enables customers to establish and operate in an AWS security control environment
The shared responsibility model is part of AWS Compliance program
The Security of the cloud is managed by Amazon AWS provider
The Security in the cloud is responsibility of the customer
The customer is responsible for their information and data, their secure transmission, integrity, and encryption
Also, the customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2
AWS customers retain control and ownership of their data
The AWS network provides significant protection against traditional network security issues and the customer can implement further protection Reference:
https://www.whizlabs.com/blog/aws-security-shared-responsibility/

Answer 76

A

A. AWS Marketplace

Explanation/Reference:
Explanation:
AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS.
Reference: https://aws.amazon.com

Answer 77

A

B. Ability to focus on revenue-generating activities.

Explanation/Reference:
Explanation:
Developer and IT staff productivity accounted for nearly 30% of overall financial benefits. The remaining benefits were driven by the flexibility and agility of Amazon cloud infrastructure services, which make it easier to trial new business models, support revenue-generating applications, and provide more reliable services to end users.
Reference: https://media.amazonwebservices.com/IDC_Business_Value_of_AWS_Accelerates_Over_time.pdf

Answer 78

A

A. Dedicated Hosts

Explanation/Reference:
Explanation:
Use Dedicated Hosts to launch Amazon EC2 instances on physical servers that are dedicated for your use. Dedicated Hosts give you additional visibility and control over how instances are placed on a physical server, and you can reliably use the same physical server over time. As a result, Dedicated Hosts enable you to use your existing server-bound software licenses like Windows Server and address corporate compliance and regulatory requirements.

Answer 79

A

D. AWS CloudFormation

Explanation/Reference:
Explanation:
AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated
and secure manner, all the resources needed for your applications across all regions and accounts. This file serves as the single source of truth for your cloud environment. Reference: https://aws.amazon.com/cloudformation/

Answer 80

A

A. AWS Config

Explanation/Reference:
Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of
recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. Reference: https://aws.amazon.com/config/

Answer 81

A

B. A metrics repository with customizable notification thresholds and channels.

Explanation/Reference:
Explanation:
Amazon CloudWatch is basically a metrics repository. An AWS service — such as Amazon EC2 — puts metrics into the repository, and you retrieve statistics based on those metrics. If you put your own custom metrics into the repository, you can retrieve statistics on these metrics as well.
Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_architecture.html

Answer 82

A

B. AWS Organizations

Explanation/Reference:
Explanation:
use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master account that pays the charges of all the member accounts. Consolidated billing has the following benefits:
One bill – You get one bill for multiple accounts.
Easy tracking – You can track the charges across multiple accounts and download the combined cost and usage data.
Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company
than with individual standalone accounts. For more information, see Volume Discounts. No extra fee – Consolidated billing is offered at no additional cost.

Answer 83

A

B. AWS OpsWorks
C. AWS Code Deploy

Explanation/Reference:
Reference: https://docs.aws.amazon.com/codedeploy/latest/userguide/instances-on-premises.html https://aws.amazon.com/blogs/aws/opsworks-on-prem-and-existing- instances/

Answer 84

A

C. Spot Instances

Explanation/Reference:
Explanation:
In the new model, the Spot prices are more predictable, updated less frequently, and are determined by supply and demand for Amazon EC2 spare capacity, not bid prices.
Reference: https://aws.amazon.com/blogs/compute/new-amazon-ec2-spot-pricing/

Answer 85

A

C. Implement loose coupling.
E. Design for scalability.

Explanation/Reference:
Explanation:
Rearchitecting applications involves sweeping change where an old monolithic application is completely revamped according to modern microservices architecture. Using individual components to re-architect a big application is one part of
the process. The most important part is to design the application for scalability because the level of investment for a monolithic application can only be justified when resilience and scalability is needed. Reference: https://www.architech.ca/re- architect-applications/

Answer 86

A

B. Business

Explanation/Reference:
Reference: https://aws.amazon.com/premiumsupport/plans/

Answer 87

A

A. AWS Artifact

Explanation/Reference:
Explanation:
WS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’s security and compliance reports and select online agreements. The AWS SOC 2 report is particularly helpful for completing questionnaires because it provides a comprehensive description of the implementation and operating effectiveness of AWS security controls. Another useful document is the Executive Briefing within the AWS FedRAMP Partner Package.
Reference: https://aws.amazon.com/compliance/faq/

Answer 88

A

C. AWS Personal Health Dashboard

Explanation/Reference:
Explanation:
Personal Health Dashboard gives you a personalized view of the status of the AWS services that power your applications, enabling you to quickly see when AWS is experiencing issues that may impact you. For example, in the event of a lost EBS volume associated with one of your EC2 instances, you would gain quick visibility into the status of the specific service you are using, helping save precious time troubleshooting to determine root cause.
Reference: https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

Answer 89

A

A. Volume pricing qualification

Explanation/Reference:
Explanation:
If you have multiple standalone accounts, your charges might decrease if you add the accounts to an organization. AWS combines usage from all accounts in the organization to qualify you for volume pricing discounts. Reference:
https://help.nops.io/consolidated-billing

Answer 90

A

D. Request and wait for approval from AWS support, and then conduct testing.

Explanation/Reference:
Explanation:
AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services. Reference:
https://aws.amazon.com/security/penetration-testing/

Answer 91

A

B. Amazon Machine Image

Explanation/Reference:
Explanation:
To use Amazon EC2, you simply:
Select a pre-configured, templated Amazon Machine Image (AMI) to get up and running immediately. Or create an AMI containing your applications, libraries, data, and associated configuration settings. Configure security and network access on your Amazon EC2 instance.
Choose which instance type(s) you want, then start, terminate, and monitor as many instances of your AMI as needed, using the web service APIs or the variety of management tools provided.
Determine whether you want to run in multiple locations, utilize static IP endpoints, or attach persistent block storage to your instances. Pay only for the resources that you actually consume, like instance-hours or data transfer. Reference: https://aws.amazon.com/ec2/features/

Answer 92

A

A. Apply an IAM policy to an IAM group.

Explanation/Reference:
Explanation:
Instead of defining permissions for individual IAM users, it’s usually more convenient to create groups that relate to job functions (administrators, developers, accounting, etc.). Next, define the relevant permissions for each group. Finally, assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group. That way, you can make changes for everyone in a group in just one place. As people move around in your company, you can simply change what IAM group their IAM user belongs to.
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Answer 93

A

D. Auto Scaling

Explanation/Reference:
Explanation:
AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it’s easy to setup application scaling for multiple resources across multiple services in minutes. The service provides a simple, powerful user interface that lets you build scaling plans for resources including Amazon EC2 instances and Spot Fleets, Amazon ECS tasks, Amazon DynamoDB tables and indexes, and Amazon Aurora Replicas. AWS Auto Scaling makes scaling simple with recommendations that allow you to optimize performance, costs, or balance between them. If you’re already using Amazon EC2 Auto Scaling to dynamically scale your Amazon EC2 instances, you can now combine it with AWS Auto Scaling to scale additional resources for other AWS services. With AWS Auto Scaling, your applications always have the right resources at the right time.
Reference: https://aws.amazon.com/autoscaling/

Answer 94

A

A. Amazon Route 53
D. Amazon CloudFront

Explanation/Reference:
Reference: http://jayendrapatil.com/aws-global-vs-regional-vs-az-resources/

Answer 95

A

A. AWS Artifact

Explanation/Reference:
Explanation:
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact
include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). Reference: https://aws.amazon.com/artifact/

Answer 96

A

A. Ensuring that application data is encrypted at rest
C. Ensuring that users have received security training in the use of AWS services

Answer 97

A

C. Amazon EC2

Answer 98

A

D. Amazon EC2 Reserved Instances

Answer 99

A

A. reduced Total Cost of Ownership (TCO).
C. reduced operational expenditure (opex).

Answer 100

A

C. AWS Cost and Usage report

Explanation/Reference:
Explanation:
The Cost & Usage Report is your one-stop-shop for accessing the most granular data about your AWS costs and usage. You can also load your cost and usage information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice.
Reference: https://aws.amazon.com/aws-cost-management/

Answer 101

A

E. AWS Management Console

Answer 102

A

B. Implement loose coupling.

Loose coupling between services can also be done through asynchronous integration. It involves one component that generates events and another that consumes them. The two components do not integrate through direct point-to-point interaction, but usually through an intermediate durable storage layer. This approach decouples the two components and introduces additional resiliency. So, for example, if a process that is reading messages from the queue fails, messages can still be added to the queue to be processed when the system recovers.
Reference: https://www.botmetric.com/blog/aws-cloud-architecture-design-principles/

Answer 103

A

B. Grant least privilege access to IAM users.
E. Activate multi-factor authentication (MFA) for privileged users.

Explanation/Reference:
Explanation:
If you decided to create service accounts (that is, accounts used for programmatic access by applications running outside of the AWS environment) and generate access keys for them, you should create a dedicated service account for each use case. This will allow you to restrict the associated policy to only the permissions needed for the particular use case, limiting the blast radius if the credentials are compromised. For example, if a monitoring tool and a release management tool both require access to your AWS environment, create two separate service accounts with two separate policies that define the minimum set of permissions for each tool.
Reference: https://aws.amazon.com/blogs/security/guidelines-for-protecting-your-aws-account-while-using-programmatic-access/

Answer 104

A

C. AWS Storage Gateway

Explanation/Reference:
Explanation:
AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. These include moving tape backups to the cloud, reducing on-premises storage with cloud-backed file shares, providing low latency access to data in AWS for on-premises applications, as well as various migration, archiving, processing, and disaster recovery use cases.
Reference: https://aws.amazon.com/storagegateway/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc

Answer 105

A

B. Amazon EC2

Explanation/Reference:
Explanation:
The customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2. Reference:
https://www.whizlabs.com/blog/aws-security-shared-responsibility/

Answer 106

A

A. Use multiple Availability Zones.

Explanation/Reference:
Explanation:
Data Center resilience is practiced through Availability Zones across data centers that reduce the impact of failures.
Fault isolation improvement can be made to traditional horizontal scaling by sharding (a method of grouping instances into groups called shards, instead of sending the traffic from all users to every node like in the traditional IT structure.)
Reference: https://www.botmetric.com/blog/aws-cloud-architecture-design-principles/

Answer 107

A

B. Enterprise

Explanation/Reference:
Explanation:
The enterprise support plans supports technical account manager. Developer and business support plans are devoid of this facility. Reference:
https://aws.amazon.com/premiumsupport/plans/

Answer 108

A

B. AWS manages the maintenance of the operating system.

Answer 109

A

C. Amazon ElastiCache

Explanation:
Amazon ElastiCache for Redis is a great choice for implementing a highly available, distributed, and secure in-memory cache to decrease access latency, increase throughput, and ease the load off your relational or NoSQL databases and applications. ElastiCache can serve frequently requested items at sub-millisecond response times, and enables you to easily scale for higher loads without growing the costlier backend databases. Database query results caching, persistent session caching, and full-page caching are all popular examples of caching with ElastiCache for Redis.
Reference: https://aws.amazon.com/products/databases/real-time-apps-elasticache-for-redis/

Answer 110

A

D. Auditing physical data center assets

Explanation/Reference:
Explanation:
Of course, Amazon is responsible for auditing physical data center assets and resources since it is the property of Amazon Inc. Customers have no access to physical sites, hence they are not responsible for maintaining physical data center assets.

Answer 111

A

B. AWS Online Tech Talks
E. AWS Classroom Training

Answer 112

A

C. Security Groups
D. Subnets

Explanation/Reference:
Explanation:
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.
You can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your web servers that has access to the Internet, and place your backend systems such as databases or
application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet. Reference: https://aws.amazon.com/vpc/

Answer 113

A

C. Create an AWS Organization from the payer account and invite the other accounts to join.

Explanation/Reference:
Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

Answer 114

A

A. Periodic price reductions as the result of Amazon’s operational efficiencies

Answer 115

A

C. AWS CloudTrail
E. Amazon CloudWatch

Explanation/Reference:
Explanation:
AWS offers a solution that uses AWS CloudTrail to log account activity, Amazon Kinesis to compute and stream metrics in real-time, and Amazon DynamoDB to durably store the computed data. Metrics are calculated for create, modify, and delete API calls for more than 60 supported AWS services. The solution also features a dashboard that visualizes your account activity in real-time.
Reference: https://aws.amazon.com/solutions/real-time-insights-account-activity/

Answer 116

A

A. Patching databases software
C. Backing up databases

Answer 117

A

D. A company has a number of infrequent, interruptible jobs that are currently using On-Demand Instances.

Explanation/Reference:
Reference: https://docs.aws.amazon.com/whitepapers/latest/cost-optimization-leveraging-ec2-spot-instances/spot-instance-interruptions.html

Answer 118

A

B. Availability Zones

Explanation/Reference:
Explanation:
This is to achieve High Availability for any web application (in this case SwiftCode) deployed in AWS. The following features will be present:
High availability across multiple instances/multiple availability zones.
Auto Scaling of instances (scale up and scale down) based on number of requests coming in Additional Security to the instances/database that are in production
No impact to end users during newer version of code deployment
No Impact during patching the instances
Reference: https://betsol.com/2018/01/how-to-make-high-availability-web-applications-on-amazon-web-services/

Answer 119

A

A. Enterprise

Answer 120

A

A. AmazonS3

Explanation/Reference:
Explanation:
You can host a static website on Amazon Simple Storage Service (Amazon S3). On a static website, individual webpages include static content. They might also contain client-side scripts. By contrast, a dynamic website relies on serverside processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting.
Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html

Answer 121

A

C. It provides the ability to programmatically provision existing resources.

Answer 122

A

B. Delivering content closer to users
D. Reducing traffic on the server by caching responses

Explanation/Reference:
Explanation:
CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you’re serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.
Reference: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html

Answer 123

A

C. AWS Identity and Access Management (IAM) policies

Explanation/Reference:
Explanation:
To allow users to perform S3 actions on the bucket from the VPC endpoints or IP addresses, you must explicitly grant those user-level permissions. You can grant user-level permissions on either an AWS Identity and Access Management (IAM) policy or another statement in the bucket policy.
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/block-s3-traffic-vpc-ip/

Answer 124

A

B. Implement elasticity

Explanation/Reference:
Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

Answer 125

A

C. Moving from upfront capital expense (capex) to variable operational expense (opex).

Answer 126

A

C. AWS Simple Monthly Calculator

Explanation/Reference:
Explanation:
You can use Cost explorer which is part of Cost and Usage report to forecast future costs of running an application.
Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ce-forecast.html

Answer 127

A

B. Business

Explanation/Reference:
Reference: https://aws.amazon.com/premiumsupport/plans/

Answer 128

A

C. Securing the Amazon EC2 hypervisor

Explanation/Reference:
Explanation:
In EC2, the AWS IaaS offering, everything from the hypervisor layer down is AWS’s responsibility. A customer’s poorly coded applications, misconfigured operating systems, or insecure firewall settings will not affect the hypervisor, it will only affect the customer’s virtual machines running on that hypervisor.
Reference: https://www.mindpointgroup.com/blog/the-aws-shared-responsibility-model-part-1-security-in-the-cloud/

Answer 129

A

C. paying only for time used.

Explanation/Reference:
Explanation:
On-Demand Capacity Reservations are priced exactly the same as their equivalent (On-Demand) instance usage. If a Capacity Reservation is fully utilized, you only pay for instance usage and nothing towards the Capacity Reservation. If a
Capacity Reservation is partially utilized, you pay for the instance usage and for the unused portion of the Capacity Reservation. Reference: https://aws.amazon.com/ec2/pricing/on-demand/

Answer 130

A

D. AWS Quick Start reference deployments

Explanation/Reference:
Explanation:
Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately.
Reference: https://aws.amazon.com/quickstart/?quickstart-all.sort-by=item.additionalFields.updateDate&quickstart-all.sort-order=desc

Answer 131

A

C. AWS Lambda

Explanation/Reference:
Explanation:
AWS provides a set of fully managed services that you can use to build and run serverless applications. Serverless applications don’t require provisioning, maintaining, and administering servers for backend components such as compute, databases, storage, stream processing, message queueing, and more. You also no longer need to worry about ensuring application fault tolerance and availability. Instead, AWS handles all of these capabilities for you. Serverless platform includes: AWS lambda, Amazon S3, DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and services. Reference: https://aws.amazon.com/serverless/

Answer 132

A

C. AWS Step Functions, Amazon DynamoDB, Amazon SNS

Explanation/Reference:
Explanation:
AWS provides a set of fully managed services that you can use to build and run serverless applications. Serverless applications don’t require provisioning, maintaining, and administering servers for backend components such as compute,
databases, storage, stream processing, message queueing, and more. You also no longer need to worry about ensuring application fault tolerance and availability. Instead, AWS handles all of these capabilities for you. Serverless platform includes: AWS lambda, Amazon S3, DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and services. Reference: https://aws.amazon.com/serverless/

Answer 133

A

B. Edge location management

Explanation/Reference:
Explanation:
Client-side data, application security is the sole responsibility of the customer. Patch management is a shared responsibility. That leaves us with edge location management and since this out of the control of the customer, AWS is the one responsible for it.
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 134

A

B. Groups

Explanation/Reference:
Explanation:
An IAM group is a collection of IAM users. You can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html

Answer 135

A

B. Elasticity
C. Agility

planation/Reference:
Explanation:
The most celebrated benefit of AWS cloud is elasticity since you can expand the services when you experience more traffic.
Agile developments in AWS Cloud through strategies are day by day becoming more established within the enterprises across the world. With so much improvement and call for optimization in the cloud, it is necessary that these strategies get established from the ground up within the organizations. It is highly important as already enterprises have a lot of bequest, politics and hierarchies which act as barriers in their businesses.
Reference: https://www.botmetric.com/blog/evolution-agile-enterprises-aws-cloud/

Answer 136

A

B. AWS Directory Service

Explanation/Reference:
Explanation:
Single sign-on only works when used on a computer that is joined to the AWS Directory Service directory. It cannot be used on computers that are not joined to the directory.
Reference: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_single_sign_on.html

Answer 137

A

D. Availability Zones

Explanation/Reference:
Explanation:
Each Region is completely independent. Each Availability Zone is isolated, but the Availability Zones in a Region are connected through low-latency links. A Local Zone is an AWS infrastructure deployment that places select services closer to your end users. A Local Zone is an extension of a Region that is in a different location from your Region. It provides a high-bandwidth backbone to the AWS infrastructure and is ideal for latency-sensitive applications, for example machine learning.
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html

Answer 138

A

B. AWS is responsible for the maintenance of common compliance framework documentation.
C. It assures customers that AWS is maintaining physical security and data protection.

Explanation/Reference:
Reference: https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf

Answer 139

A

B. AWS Artifact

Explanation:
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact
include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). Reference: https://aws.amazon.com/artifact/

Answer 140

A

A. Security management of datacenter

Explanation/Reference:
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 141

A

C. Storage hardware
D. Physical servers

Explanation/Reference:
Reference: https://aws.amazon.com/blogs/aws/the-new-aws-tco-calculator/

Answer 142

A

B. Managing the VPC network access control lists.
C. Encrypting data in transit and at rest.

Explanation/Reference:
Explanation:
The hardware related jobs is the prime responsibility of AWS. VPC network access control lists is something a customer has to do himself to secure the applications. Encrypting data in transit and at rest is a shared responsibility in which AWS plays a part. All hardware related jobs have nothing to do with the customer.
Reference: https://dzone.com/articles/aws-shared-responsibility-model-cloud-security

Answer 143

A

A. Scaling the number of Amazon EC2 instances based on traffic.
B. Resizing Amazon RDS instances as business needs change.

Explanation/Reference:
Reference: https://wa.aws.amazon.com/wat.concept.elasticity.en.html

Answer 144

A

A. When there is flexibility in when an application needs to run.

Explanation/Reference:
Explanation:
The key to understanding spot instances is to look at the way that cloud service providers such as Amazon Web Services (AWS) operate. Cloud service providers invest in hardware resources and then release those resources (often on a per-hour basis) to subscribers. One of the problems with this business model, however, is that at any given time, there are likely to be compute resources that are not being utilized. These resources represent hardware capacity that AWS has paid for but are sitting idle, and not making AWS any money at the moment.
Rather than allowing these computing resources to go to waste, AWS offers them at a substantially discounted rate, with the understanding that if someone needs those resources for running a normal EC2 instance, that instance will take priority over spot instances that are using the hardware resources at a discounted rate. In fact, spot instances will be stopped if the resources are needed elsewhere.
Reference: https://awsinsider.net/articles/2017/09/25/aws-spot-instances-primer.aspx

Answer 145

A

B. Power consumption of the data center
C. Labor costs to replace old servers

Answer 146

A

D. Users pay based on the number of requests and consumed compute resources.

Explanation/Reference:
Explanation:
AWS Lambda is charging its users by the number of requests for their functions and by the duration, which is the time the code needs to execute. When code starts running in response to an event, AWS Lambda counts a request. It will charge the total number of requests across all of the functions used. Duration is calculated by the time when your code started executing until it returns or until it is terminated, rounded up near to 100ms. The AWS Lambda pricing depends on the amount of memory that the user used to allocate to the function.
Reference: https://dashbird.io/blog/aws-lambda-pricing-model-explained/

Answer 147

A

A. Act as a virtual firewall for the Amazon EC2 instance.

Explanation/Reference:
Explanation:
AWS Security Groups act like a firewall for your Amazon EC2 instances controlling both inbound and outbound traffic. When you launch an instance on Amazon EC2, you need to assign it to a particular security group. After that, you can set up ports and protocols, which remain open for users and computers over the internet.
AWS Security Groups are very flexible. You can use the default security group and still customize it according to your liking (although we don’t recommend this practice because groups should be named according to their purpose.) Or you can create a security group that you want for your specific applications. To do this, you can write the corresponding code or use the Amazon EC2 console to make the process easier.
Reference: https://www.threatstack.com/blog/aws-security-groups-what-they-are-and-how-to-get-the-most-out-of-them

Answer 148

A

D. Multi-site active-active

Explanation/Reference:
Explanation:
Backup and Restore: a simple, straightforward, cost-effective method that backs up and restores data as needed. Keep in mind that because none of your data is on standby, this method, while cheap, can be quite time-consuming.
Pilot Light: This method keeps critical applications and data at the ready so that it can be quickly retrieved if needed.
Warm Standby: This method keeps a duplicate version of your business’ core elements running on standby at all times, which makes for a little downtime and an almost seamless transition.
Multi-Site Solution: Also known as a Hot Standby, this method fully replicates your company’s data/applications between two or more active locations and splits your traffic/usage between them. If a disaster strikes, everything is simply
rerouted to the unaffected area, which means you’ll suffer almost zero downtime. However, by running two separate environments simultaneously, you will obviously incur much higher costs. Reference: https://cloudranger.com/best-practices-aws-disaster-recovery-planning/

Answer 149

A

B. AWS Total Cost of Ownership (TCO) Calculator

Explanation/Reference:
Explanation:
AWS TCO calculators allow you to estimate the cost savings when using AWS and provide a detailed set of reports that can be used in executive presentations. The calculators also give you the option to modify assumptions that best meet your business needs.
Reference: https://aws.amazon.com/tco-calculator/

Answer 150

A

B. Linked accounts and consolidated billing

Explanation/Reference:
Explanation:
The way that Reserved Instance discounts apply to accounts in an organization’s consolidated billing family depends on whether Reserved Instance sharing is turned on or off for the account. By default, Reserved Instance sharing for all accounts in an organization is turned on. You can change this setting by Turning Off Reserved Instance Sharing for an account.
The capacity reservation for a Reserved Instance applies only to the account the Reserved Instance was purchased on, regardless of whether Reserved Instance sharing is turned on or off.
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-consolidated-billing/

Answer 151

A

B. AWS Organizations

Explanation/Reference:
Explanation:
You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) accounts.
Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

Answer 152

A

A. Amazon CloudFront

Explanation/Reference:
Explanation:
Use AWS Local Zones to deploy workloads closer to your end-users for low-latency requirements. AWS Local Zones have their own connection to the internet and support AWS Direct Connect, so resources created in the Local Zone can serve local end-users with very low-latency communications.nation
Reference: https://aws.amazon.com/about-aws/global-infrastructure/localzones/faqs/

Answer 153

A

C. Cloud

Explanation/Reference:
Explanation:
The cloud allows you to trade capital expenses (such as data centers and physical servers) for variable expenses, and only pay for IT as you consume it. Plus, the variable expenses are much lower than what you would pay to do it yourself because of the economies of scale.
Reference: https://aws.amazon.com/what-is-cloud-computing/

Answer 154

A

B. AWS performs infrastructure discovery scans on the customer’s behalf.

Explanation/Reference:
Explanation:
AWS assets are centrally managed through an inventory management system that stores and tracks owner, location, status, maintenance, and descriptive information for AWS-owned assets. Following procurement, assets are scanned and
tracked, and assets undergoing maintenance are checked and monitored for ownership, status, and resolution. Reference: https://aws.amazon.com/compliance/data-center/controls/

Answer 155

A

C. Cross-Region read replicas

Explanation/Reference:
Reference:
https://aws.amazon.com/blogs/aws/cross-region-read-replicas-for-amazon-rds-for-mysql/

Answer 156

A

C. least privilege access.

Explanation/Reference:
Explanation:
When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks.
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Answer 157

A

B. Create separate accounts for each department.
D. Use tags to associate each instance with a particular department.

Answer 158

A

C. Configuring the operating system, network, and firewall.

Explanation/Reference:
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 159

A

B. AWS Trusted Advisor

Explanation/Reference:
Explanation:
AWS offers premium services such as AWS Trusted Advisor, which provides real-time guidance to help you reduce cost, increase performance, and improve security.
Reference: https://www.ibm.com/downloads/cas/2N40X4PQ

Answer 160

A

D. Amazon EC2 Auto Scaling

Explanation/Reference:
Explanation:
Support for monitoring the health of each service independently, as health checks are defined at the target group level and many CloudWatch metrics are reported at the target group level. Attaching a target group to an Auto Scaling group enables you to scale each service dynamically based on demand.
Reference: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html

Answer 161

A

C. Encryption management
E. Firewall management

Explanation/Reference:
Explanation:
With the basic Cloud infrastructure secured and maintained by AWS, the responsibility for what goes into the cloud falls on you. This covers both client and server side encryption and network traffic protection, security of the operating system, network, and firewall configuration, followed by application security and identity and access management.
Firewall configuration remains the responsibility of the end user, which integrates at the platform and application management level. For example, RDS utilizes security groups, which you would be responsible for configuring and implementing.
Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

Answer 162

A

C. AWS Storage Gateway

Explanation/Reference:
Explanation:
The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS Cloud. It seamlessly integrates on-premises enterprise applications and workflows with Amazon’s block and object cloud storage services through industry standard storage protocols. It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. It provides an optimized data transfer mechanism and bandwidth management, which tolerates unreliable networks and minimizes the amount of data being transferred. It brings the security, manageability, durability, and scalability of AWS to existing enterprise environments through native integration with AWS encryption, identity management, monitoring, and storage services. Typical use cases include backup and archiving, disaster recovery, moving data to S3 for in-cloud workloads, and tiered storage.
Reference: https://aws.amazon.com/storagegateway/faqs/

Answer 163

A

C. Updating the firmware on the underlying EC2 hosts.

Explanation/Reference:
Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

Answer 164

A

B. Design for failure.

Explanation/Reference:
Explanation:
Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention. Reference: https://aws.amazon.com/rds/details/multi-az/

Answer 165

A

D. It is granting only the permissions required to perform a given task.

Explanation/Reference: Explanation:
When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks.
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege

Answer 166

A

C. It prevents cascading failures between different components.

Explanation/Reference:
Explanation:
IT systems should ideally be designed in a way that reduces inter-dependencies. Your components need to be loosely coupled to avoid changes or failure in one of the components from affecting others.
Your infrastructure also needs to have well defined interfaces that allow the various components to interact with each other only through specific, technology-agnostic interfaces. Modifying any underlying operations without affecting other components should be made possible.
Reference: https://www.botmetric.com/blog/aws-cloud-architecture-design-principles/

Answer 167

A

B. AWS Direct Connect

Explanation/Reference:
Explanation:
Amazon VPC provides multiple network connectivity options for you to leverage depending on your current network designs and requirements. These connectivity options include leveraging either the internet or an AWS Direct Connect connection as the network backbone and terminating the connection into either AWS or user-managed network endpoints. Additionally, with AWS, you can choose how network routing is delivered between Amazon VPC and your networks, leveraging either AWS or user-managed network equipment and routes.
Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/introduction.html

Answer 168

A

C. Focusing on decoupling components by isolating them and ensuring individual components can function when other components fail.

Answer 169

A

B. Enable Multi-Factor Authentication (MFA)
C. Use Amazon Cognito to manage access

Explanation/Reference:
Explanation:
Your root account should always be protected by Multi-Factor Authentication (MFA). This additional layer of security helps protect against unauthorized logins to your account by requiring two factors: something you know (a password) and something you have (for example, an MFA device). AWS supports virtual and hardware MFA devices and U2F security keys.
Cognito can be used as an Identity Provider (IdP), where it stores and maintains users and credentials securely for your applications, or it can be integrated with OpenID Connect, SAML, and other popular web identity providers like Amazon.com.
Using Amazon Cognito, you can generate temporary access credentials for your clients to access AWS services, eliminating the need to store long-term credentials in client applications. Reference: https://aws.amazon.com/blogs/security/guidelines-for-protecting-your-aws-account-while-using-programmatic-access/

Answer 170

A

D. AWS Organizations

Explanation/Reference:
Explanation:
To improve control over your AWS environment, you can use AWS Organizations to create groups of accounts, and then attach policies to a group to ensure the correct policies are applied across the accounts without requiring custom scripts and manual processes.
Reference: https://aws.amazon.com/organizations/

Answer 171

A

B. AWS Budgets

Explanation/Reference:
Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html

Answer 172

A

A. AWS security and compliance documents

Explanation/Reference:
Explanation:
You can use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports. Reference:
https://aws.amazon.com/artifact/faq/

Answer 173

A

A. Enterprise

Explanation/Reference:
Reference: https://aws.amazon.com/premiumsupport/plans/

Answer 174

A

B. Ability to recover from failure

Explanation/Reference:
Reference: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

Answer 175

A

B. Amazon EC2 instance store

Explanation/Reference:
Explanation:
When you stop or terminate an instance, every block of storage in the instance store is reset. Therefore, your data cannot be accessed through the instance store of another instance. Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html

Answer 176

A

A. Users do not have to guess about future capacity needs.

Explanation/Reference:
Reference: https://data-flair.training/blogs/aws-advantages/

Answer 177

A

B. Amazon EC2

Answer 178

A

D. Design for failure.

Explanation/Reference: Explanation:
There are six design principles for operational excellence in the cloud:
Perform operations as code
Annotate documentation
Make frequent, small, reversible changes Refine operations procedures frequently Anticipate failure
Learn from all operational failures
Reference: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

Answer 179

A

A. AWS Software Development Kit

Explanation/Reference:
Reference: https://aws.amazon.com/tools/

Answer 180

A

A. On-Demand Instances

With On-Demand instances, you pay for compute capacity by the hour or the second depending on which instances you run. No longer-term commitments or upfront payments are needed. You can increase or decrease your compute
capacity depending on the demands of your application and only pay the specified per hourly rates for the instance you use. Reference: https://aws.amazon.com/ec2/pricing/

Answer 181

A

D. Amazon Aurora

Explanation/Reference: Explanation:
Amazon Aurora is a relational database service that combines the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. The MySQL-compatible edition of Aurora delivers up to 5X the throughput of standard MySQL running on the same hardware, and enables existing MySQL applications and tools to run without requiring modification.
Amazon Aurora will automatically grow the size of your database volume as your database storage needs grow. Your volume will grow in increments of 10 GB up to a maximum of 64 TB. You don’t need to provision excess storage for your database to handle future growth.
Reference: https://aws.amazon.com/rds/aurora/mysql-features/

Answer 182

A

C. Amazon VPC peering

Explanation/Reference:
Explanation:
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection).
Reference: https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

Answer 183

A

D. AWS Code Commit

Explanation/Reference:
Explanation:
AWS CodeCommit is a version control service hosted by Amazon Web Services that you can use to privately store and manage assets (such as documents, source code, and binary files) in the cloud.
Reference: https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html

Answer 184

A

B. AWS Total Cost of Ownership (TCO) Calculator

Explanation/Reference:
Explanation:
TCO calculator compare the cost of running your applications in an on-premises or colocation environment to AWS. Reference:
https://awstcocalculator.com

Answer 185

A

D. AWS Snowmobile

Explanation/Reference:
Explanation:
AWS Snowmobile is an exabyte-scale data transfer service that can move extremely large amounts of data to AWS in a fast, secure, and cost-effective manner. You can transfer up to 100PB per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration. All data is encrypted with 256-bit encryption and you can manage your encryption keys with AWS Key Management Service (AWS KMS). Snowmobile includes GPS tracking, alarm monitoring, 24/7 video surveillance and an optional escort security vehicle while in transit.
Reference: https://aws.amazon.com/about-aws/whats-new/2016/11/move-exabyte-scale-data-sets-with-aws-snowmobile/

Answer 186

A

B. Pay-as-you-go
D. Planned

Explanation/Reference:
Reference: https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf

Answer 187

A

C. Classic Load Balancers
E. Application Load Balancers

Explanation:
Elastic Load Balancing supports the following types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers. Amazon ECS services can use either type of load balancer. Application Load Balancers are used to route HTTP/HTTPS (or Layer 7) traffic. Network Load Balancers and Classic Load Balancers are used to route TCP (or Layer 4) traffic.
Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html

Answer 188

A

B. AWS does not require long-term contracts and provides a pay-as-you-go model.

Explanation:
AWS offers you a pay-as-you-go approach for pricing for over 160 cloud services. With AWS you pay only for the individual services you need, for as long as you use them, and without requiring long-term contracts or complex licensing.
AWS pricing is similar to how you pay for utilities like water and electricity. You only pay for the services you consume, and once you stop using them, there are no additional costs or termination fees. Reference:
https://aws.amazon.com/pricing/

Answer 189

A

B. Amazon CloudFront to edge locations

Explanation:
You can deliver content and decrease end-user latency of your web application using Amazon CloudFront. CloudFront speeds up content delivery by leveraging its global network of data centers, known as edge locations, to reduce delivery time by caching your content close to your end users. CloudFront fetches your content from an origin, such as an Amazon S3 bucket, an Amazon EC2 instance, an Amazon Elastic Load Balancing load balancer or your own web server, when it’s not already in an edge location. CloudFront can be used to deliver your entire website or application, including dynamic, static, streaming, and interactive content.
Reference: https://aws.amazon.com/getting-started/tutorials/deliver-content-faster/

Answer 190

A

D. AWS Artifact

Explanation:
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact
include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). Reference: https://aws.amazon.com/artifact/

Answer 191

A

D. Amazon Elastic Compute Cloud (Amazon EC2)

Explanation/Reference:
Reference: https://severalnines.com/news/aws-users-prefer-self-managed-databases

Answer 192

A

B. Access to a Technical Account Manager

Explanation/Reference:
Reference: https://aws.amazon.com/premiumsupport/plans/enterprise/

Answer 193

A

C. Deploy applications across multiple AWS Regions.

Explanation:
An AWS Region is a geographic location where AWS provides multiple, physically separated and isolated Availability Zones which are connected with low latency, high throughput, and highly redundant networking. Reference:
https://aws.amazon.com/s3/faqs/

Answer 194

A

A. It provides on-demand resources for peak usage.

Explanation:
You can continue to optimize your spend and keep your development costs low by making sure you revisit your architecture often, to adjust to your startup growth. Manage your cost further by leveraging different options such as S3 CloudFront for caching & offloading to reduce cost of EC2 computing, as well as Elastic Load Balancing which prepares you for massive scale, high reliability and uninterrupted growth. Another way to keep costs down is to use AWS Identity
and Access Management solutions (IAM) to manage governance of your cost drivers effectively and by the right teams. Reference: https://aws.amazon.com/startups/lean/

Answer 195

A

D. Agility

Explanation:
Agile is a time boxed, iterative approach to software delivery that builds software incrementally from the start of the project, instead of trying to deliver it all at once near the end. Reference:
http://www.agilenutshell.com

Answer 196

A

D. Enterprise and Business Support

Answer 197

A

A. AWS WAF
D. Amazon CloudFront

Explanation/Reference:
Reference: https://aws.amazon.com/shield/

Answer 198

A

A. Compute costs
C. Storage costs
E. Network infrastructure costs

Explanation/Reference:
Reference: https://aws.amazon.com/blogs/aws/the-new-aws-tco-calculator/

Answer 199

A

B. Amazon Rekognition provides automatic detection of objects appearing in pictures.

Explanation:
Rekognition Image is an image recognition service that detects objects, scenes, and faces; extracts text; recognizes celebrities; and identifies inappropriate content in images. It also allows you to search and compare faces. Rekognition
Image is based on the same proven, highly scalable, deep learning technology developed by Amazon’s computer vision scientists to analyze billions of images daily for Prime Photos. Reference: https://aws.amazon.com/rekognition/faqs/

Answer 200

A

A. Data center security

Explanation/Reference:
Reference: https://www.awstcocalculator.com/Output/Load/f85bbf7e131446643911859504

Answer 201

A

D. Managing the network infrastructure

Explanation/Reference:
Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

Answer 202

A

B. AWS Simple Monthly Calculator

Explanation:
To forecast your costs, use the AWS Cost Explorer. Use cost allocation tags to divide your resources into groups, and then estimate the costs for each group. Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/estimating-aws-resource-costs/

Answer 203

A

B. AWS Trusted Advisor

Answer 204

A

B. Amazon CloudWatch

Explanation:
You can monitor your estimated AWS charges by using Amazon CloudWatch. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data.
Billing metric data is stored in the US East (N. Virginia) Region and represents worldwide charges. This data includes the estimated charges for every service in AWS that you use, in addition to the estimated overall total of your AWS charges.
Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html

Answer 205

A

C. All Upfront Reserved Instances for a 3-year term

Explanation/Reference:
Reference: https://aws.amazon.com/ec2/pricing/reserved-instances/

Answer 206

A

B. Physically destroying storage media at end of life

Explanation:
Media storage devices used to store customer data are classified by AWS as Critical and treated accordingly, as high impact, throughout their life-cycles. AWS has exacting standards on how to install, service, and eventually destroy the
devices when they are no longer useful. When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. Media that stored customer data is not removed from AWS control until it has been securely decommissioned.
Reference: https://aws.amazon.com/compliance/data-center/controls/

Answer 207

A

C. There is no guessing on capacity needs.

Explanation:
AWS manages dozens of compliance programs in its infrastructure. This means that segments of your compliance have already been completed.
Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.html

Answer 208

A

D. Amazon CloudFront

Explanation:
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.
CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. Reference: https://aws.amazon.com/cloudfront/

Answer 209

A

A. AWS Elastic Beanstalk
D. AWS CloudFormation

Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/deploying.applications.html

Answer 210

A

C. AWS Total Cost of Ownership (TCO) Calculator

Explanation:
The TCO Calculator provides directional guidance on possible realized savings when deploying AWS. This tool is built on an underlying calculation model, that generates a fair assessment of value that a customer may achieve given the data provided by the user.
Reference: https://aws.amazon.com/tco-calculator/

Answer 211

A

A. Design for automated failure recovery
B. Use multiple Availability Zones

Reference: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

Answer 212

A

A. Rotate passwords and access keys.
E. Contact AWS Support.

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/

Answer 213

A

B. Ensuring an application remains accessible, even if a resource fails

Reference: https://aws.amazon.com/blogs/startups/high-availability-for-mere-mortals/

Answer 214

A

D. AWS Shield

Explanation:
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application
downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield - Standard and Advanced. Reference: https://aws.amazon.com/shield/

Answer 215

A

B. Amazon CloudWatch

Explanation:
With Basic monitoring you get data on your cloudwatch metrics every 5 minutes. Enabling detailed monitoring, you will get the data every one minute.
To check if detailed monitoring is enabled, on your EC2 Console, Select the instance, on the lower plane, Select Monitoring. Reference:
https://forums.aws.amazon.com/thread.jspa?threadID=263876

Answer 216

A

C. An entity that defines a set of permissions for use with an AWS resource

Explanation:
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
Reference: https://aws.amazon.com/iam/

Answer 217

A

A. They provide a discount over on-demand pricing.
E. Customers can reserve capacity in an Availability Zone.

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-basics/

Answer 218

A

B. They automatically add or replace instances across multiple Availability Zones when the application needs it.

Explanation:
When the unhealthy Availability Zone returns to a healthy state, Auto Scaling automatically redistributes the application instances evenly across all of the designated Availability Zones.
Reference: https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-benefits.html

Answer 219

A

B. By using AWS Organizations consolidated billing

Explanation:
The account that originally purchased the Reserved Instance receives the discount first. If the purchasing account doesn’t have any instances that match the terms of the Reserved Instance, the discount for the Reserved Instance is assigned to any matching usage on another account in the organization.
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-consolidated-billing/

Answer 220

A

B. 3 hours, 5 minutes, and 6 seconds

Reference: https://aws.amazon.com/about-aws/whats-new/2017/10/announcing-amazon-ec2-per-second-billing/

Answer 221

A

A. AWS Lambda
B. Amazon Elastic Container Service (Amazon ECS)

Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/compute-services.html

Answer 222

A

B. AWS CloudFormation

Explanation:
AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to
model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. This gives you a single source of truth for your AWS and third party resources. Reference:
https://aws.amazon.com/cloudformation/

Answer 223

A

B. AWS Direct Connect
D. AWS Storage Gateway

Reference: https://aws.amazon.com/hybrid/

Answer 224

A

B. AWS Direct Connect

Explanation:
AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple
virtual interfaces. This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. Virtual interfaces can be reconfigured at any time to meet your changing needs. Reference: https://aws.amazon.com/directconnect/

Answer 225

A

A. Amazon CloudFront
B. AWS Shield

Reference: https://www.edureka.co/community/600/what-is-an-edge-location-in-aws

Answer 226

A

B. AWS Direct Connect

Explanation:
Amazon Virtual Private Cloud (Amazon VPC) is a logically isolated, private section of the AWS Cloud to launch resources in a virtual data center in the cloud. Amazon VPC allows you to leverage multiple Availability Zones (AZ) within a region so that you can build greater fault tolerance within your workloads. You have complete control.
Reference: https://aws.amazon.com/blogs/publicsector/aws-networking-capabilities-gives-you-choices-for-hybrid-cloud-connectivity-but-which-service-works-best-for-your-use-case/

Answer 227

A

D. AWS Total Cost of Ownership (TCO) Calculator

Reference: https://aws.amazon.com/tco-calculator/

Answer 228

A

A. Users pay for software by the hour or month depending on licensing.
B. AWS Marketplace enables the user to launch applications with 1-Click.

Reference: https://aws.amazon.com/partners/aws-marketplace/

Answer 229

A

B. Loosely couple components.

Explanation:
Loosely coupled architectures reduce interdependencies, so that a change or failure in a component does not cascade to other components.
Reference: https://aws-certified-cloud-practitioner.fandom.com/wiki/1.3_List_the_different_cloud_architecture_design_principles

Answer 230

A

B. Patching of operating systems
E. Configuration of the security group

Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 231

A

D. AWS Config

Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. Reference: https://aws.amazon.com/config/

Answer 232

A

B. AWS Trusted Advisor

Answer 233

A

C. It is shared between AWS and the customer.

Explanation:
AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. Reference:
https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 234

A

C. Amazon CloudFront

Explanation:
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.
CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. Reference: https://aws.amazon.com/cloudfront/

Answer 235

A

C. Elasticity

Reference: https://wa.aws.amazon.com/wat.map.en.html

Answer 236

A

D. AWS Abuse team

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/

Answer 237

A

A. There are no upfront commitments.
C. Users have the ability to provision resources on demand.

Answer 238

A

B. make programmatic calls to AWS from AWS APIs.

Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

Answer 239

A

C. It is an online tool with a set of automated checks that provides recommendations on cost optimization, performance, and security.

Explanation:
AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices.
Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally. Reference: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

Answer 240

A

B. AWS Cost Explorer

Explanation:
AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time.
Reference: https://aws.amazon.com/aws-cost-management/aws-cost-explorer/

Answer 241

A

B. AWS Artifact

Explanation:
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). Reference: https://aws.amazon.com/artifact/

Answer 242

A

A. Companies can deploy applications in multiple AWS Regions to reduce latency.
C. Amazon CloudFront has multiple edge locations around the world to reduce latency.

Reference: https://aws.amazon.com/comprehend/features/ https://aws.amazon.com/cloudfront/

Answer 243

A

B. AWS Elastic Beanstalk

Explanation
Upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time.
Reference: https://aws.amazon.com/elasticbeanstalk/

Answer 244

A

C. Amazon VPC

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Security.html

Answer 245

A

B. Availability

Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html

Answer 246

A

A. reduces capital expenditures.

Reference: https://www.10thmagnitude.com/opex-vs-capex-the-real-cloud-computing-cost-advantage/

Answer 247

A

B. Physical security of global infrastructure

Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

Answer 248

A

B. AWS Organizations

Explanation:
You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) accounts.
Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

Answer 249

A

B. Physical security

Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 250

A

D. AWS Discussion Forums

Reference: https://aws.amazon.com/premiumsupport/faqs/

Brainscape's Knowledge GenomeTM

ACCP Flashcards

CLF-C02

Brainscape's Knowledge Genome^TM