ACCP Flashcards

Question

Which AWS feature will reduce the customer’s total cost of ownership (TCO)? A. Shared responsibility security model B. Single tenancy C. Elastic computing D. Encryption

Answer 1

C. Elastic computing

Answer 2

B. Elastic Load Balancing Explanation/Reference: Reference: https://aws.amazon.com/elasticloadbalancing/

Answer 3

C. AWS Artifact Explanation/Reference: Reference: https://aws.amazon.com/compliance/soc-faqs/

Answer 4

B. Encrypting data on the client-side D. Configuring Network Access Control Lists (ACL) Explanation/Reference: Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 5

C. Ensure that the application is designed to accommodate failure of any single component.

Answer 6

B. Use loosely coupled components. Explanation/Reference: Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

Answer 7

D. Using Multi-Factor Authentication (MFA) E. Enforcing password strength and expiration

Answer 8

B. Amazon RDS E. Amazon EFS

Answer 9

A. It simplifies relational database administration tasks.

Answer 10

A. Amazon Aurora Explanation/Reference: Reference: https://aws.amazon.com/rds/aurora/serverless/

Answer 11

A. Availability Zone Explanation/Reference: Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/global-infrastructure.html

Answer 12

D. Awareness and training Explanation/Reference: Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 13

B. A minimum of two

Answer 14

C. it allows the business to focus on business activities.

Answer 15

A. Amazon S3

Answer 16

B. Access keys Explanation/Reference: Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access- keys.html

Answer 17

C. Amazon DynamoDB Explanation/Reference: Reference: https://aws.amazon.com/dynamodb/

Answer 18

D. Decreased acquisition time for new compute resources Explanation/Reference: Reference: https://aws.amazon.com/blogs/enterprise-strategy/risk-is-lack-of-agility/

Answer 19

B. AWS Organizations Explanation/Reference: Reference: https://aws.amazon.com/organizations/

Answer 20

A. Using many instances in parallel Explanation/Reference: Reference: https://aws.amazon.com/solutions/case-studies/encoding/

Answer 21

B. Physical security

Answer 22

B. Global reach

Answer 23

C. Patching Amazon EC2 instances Explanation/Reference: Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 24

C. Use the consolidated billing feature from AWS Organizations. Explanation/Reference: Reference: https://aws.amazon.com/answers/account-management/aws-multi-account-billing-strategy/

Answer 25

D. Real-time monitoring E. Adjustable retention

Answer 26

A. Amazon Route53 Explanation/Reference: Reference: https://aws.amazon.com/getting-started/tutorials/get-a-domain/

Answer 27

A. Reduced latency to users C. Data sovereignty compliance

Answer 28

D. Amazon Simple Storage Service (Amazon S3) Explanation/Reference: Reference: https://aws.amazon.com/getting-started/projects/host-static-website/

Answer 29

D. Spot Instances Explanation/Reference: Reference: https://aws.amazon.com/ec2/spot/

Answer 30

B. Data encryption

Answer 31

A. Amazon EC2

Answer 32

D. Amazon Redshift Explanation/Reference: Reference: https://aws.amazon.com/redshift/

Answer 33

B. It distributes incoming application traffic across one or more Amazon EC2 instances. Explanation/Reference: Reference: https://aws.amazon.com/elasticloadbalancing/

Answer 34

A. Command line interface C. Software Development Kits

Answer 35

B. Global infrastructure

Answer 36

B. Amazon S3 E. Amazom CloudFront Explanation/Reference: Reference: https://aws.amazon.com/getting-started/tutorials/deliver-content-faster/ https://aws.amazon.com/cloudfront/

Answer 37

C. Hybrid architecture Explanation/Reference: Reference: https://aws.amazon.com/enterprise/hybrid/

Answer 38

B. They have better performance than customer-managed services.

Answer 39

D. Amazon S3 Explanation/Reference: Reference: https://aws.amazon.com/what-is-cloud-object-storage/

Answer 40

D. IAM policy Explanation/Reference: Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

Answer 41

B. AWS Trusted Advisor security checks C. Data encryption Explanation/Reference: Reference: https://aws.amazon.com/security/

Answer 42

D. Amazon RDS Explanation/Reference: Explanation Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. Reference: https://aws.amazon.com/rds/?c=db&sec=srv

Answer 43

D. Amazon EFS Explanation/Reference: Explanation: Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. Amazon EFS is designed to provide the throughput, IOPS, and low latency needed for Linux workloads. Throughput and IOPS scale as a file system grows and can burst to higher throughput levels for short periods of time to support the unpredictable performance needs of file workloads. For the most demanding workloads, Amazon EFS can support performance over 10 GB/sec and up to 500,000 IOPS.

Answer 44

D. Implement elasticity Cloud services main proposition is to provide elasticity through horizontal scaling. It’s already there. As for using largest instance possible, it is not a design principle that helps cloud applications in anyway. Scrum development process is not related to architecting. Therefore, a key principle is to provision your application for on-demand capacity. Peak loads is something that cloud applications experience everyday. Peak load management should be a necessary part of cloud application design principle. Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

Answer 45

B. Amazon Glacier Explanation/Reference: Explanation Amazon S3 Glacier is a secure, durable, and low-cost storage class of S3 for data archiving and long-term backup. Customers can store large or small amounts of data for as little as $0.004 per gigabyte per month. The S3 Glacier storage class is ideal for archives where data is regularly retrieved and some of the data may be needed in minutes. Amazon RDS is a relational database service that hosts databases. It helps you create and manage databases. Amazon Snowball is a petabyte-scale data transfer service that provides cost efficient data transfer to AWS from tamper proof physical devices. Similarly, Elastic block storage offers persistent block storage volumes for EC2 instances. Reference: https://aws.amazon.com/backup-restore/services/

Answer 46

B. Patch management

Answer 47

D. Amazon Direct Connect Explanation/Reference: Explanation: AWS Direct Connect enables you to securely connect your AWS environment to your on-premises data center or office location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic connection. AWS Direct Connect offers dedicated high speed, low latency connection, which bypasses internet service providers in your network path. An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. AWS Direct Connect allows you to logically partition the fiber-optic connections into multiple logical connections called Virtual Local Area Networks (VLAN). You can take advantage of these logical connections to improve security, differentiate traffic, and achieve compliance requirements. Reference: https://aws.amazon.com/getting-started/projects/connect-data-center-to-aws/

Answer 48

B. AWS Lambda Explanation/Reference: Explanation: AWS Lambda is an integral part of coding on AWS. It reduces physical compute footprint by utilizing aws cloud services to run code.

Answer 49

A. AWS Personal Health Dashboard Explanation/Reference: Explanation: AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. Reference: https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

Answer 50

A. Fault Tolerance D. Performance Explanation/Reference: Explanation: Like your customized cloud expert, AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: cost optimization, performance, security, fault tolerance and service limits. Reference: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

Answer 51

C. Updating Amazon EC2 host firmware Explanation/Reference: Explanation: AWS Compliance enables customers to establish and operate in an AWS security control environment The shared responsibility model is part of AWS Compliance program The Security of the cloud is managed by Amazon AWS provider The Security in the cloud is responsibility of the customer The customer is responsible for their information and data, their secure transmission, integrity, and encryption Also, the customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2 AWS customers retain control and ownership of their data The AWS network provides significant protection against traditional network security issues and the customer can implement further protection Reference: https://www.whizlabs.com/blog/aws-security-shared-responsibility/

Answer 52

A. AWS Marketplace Explanation/Reference: Explanation: AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS. Reference: https://aws.amazon.com

Answer 53

B. Ability to focus on revenue-generating activities. Explanation/Reference: Explanation: Developer and IT staff productivity accounted for nearly 30% of overall financial benefits. The remaining benefits were driven by the flexibility and agility of Amazon cloud infrastructure services, which make it easier to trial new business models, support revenue-generating applications, and provide more reliable services to end users. Reference: https://media.amazonwebservices.com/IDC_Business_Value_of_AWS_Accelerates_Over_time.pdf

Answer 54

A. Dedicated Hosts Explanation/Reference: Explanation: Use Dedicated Hosts to launch Amazon EC2 instances on physical servers that are dedicated for your use. Dedicated Hosts give you additional visibility and control over how instances are placed on a physical server, and you can reliably use the same physical server over time. As a result, Dedicated Hosts enable you to use your existing server-bound software licenses like Windows Server and address corporate compliance and regulatory requirements.

Answer 55

D. AWS CloudFormation Explanation/Reference: Explanation: AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. This file serves as the single source of truth for your cloud environment. Reference: https://aws.amazon.com/cloudformation/

Answer 56

A. AWS Config Explanation/Reference: Explanation: AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. Reference: https://aws.amazon.com/config/

Answer 57

B. A metrics repository with customizable notification thresholds and channels. Explanation/Reference: Explanation: Amazon CloudWatch is basically a metrics repository. An AWS service — such as Amazon EC2 — puts metrics into the repository, and you retrieve statistics based on those metrics. If you put your own custom metrics into the repository, you can retrieve statistics on these metrics as well. Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_architecture.html

Answer 58

B. AWS Organizations Explanation/Reference: Explanation: use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master account that pays the charges of all the member accounts. Consolidated billing has the following benefits: One bill – You get one bill for multiple accounts. Easy tracking – You can track the charges across multiple accounts and download the combined cost and usage data. Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with individual standalone accounts. For more information, see Volume Discounts. No extra fee – Consolidated billing is offered at no additional cost.

Answer 59

B. AWS OpsWorks C. AWS Code Deploy Explanation/Reference: Reference: https://docs.aws.amazon.com/codedeploy/latest/userguide/instances-on-premises.html https://aws.amazon.com/blogs/aws/opsworks-on-prem-and-existing- instances/

Answer 60

C. Spot Instances Explanation/Reference: Explanation: In the new model, the Spot prices are more predictable, updated less frequently, and are determined by supply and demand for Amazon EC2 spare capacity, not bid prices. Reference: https://aws.amazon.com/blogs/compute/new-amazon-ec2-spot-pricing/

Answer 61

C. Implement loose coupling. E. Design for scalability. Explanation/Reference: Explanation: Rearchitecting applications involves sweeping change where an old monolithic application is completely revamped according to modern microservices architecture. Using individual components to re-architect a big application is one part of the process. The most important part is to design the application for scalability because the level of investment for a monolithic application can only be justified when resilience and scalability is needed. Reference: https://www.architech.ca/re- architect-applications/

Answer 62

B. Business Explanation/Reference: Reference: https://aws.amazon.com/premiumsupport/plans/

Answer 63

A. AWS Artifact Explanation/Reference: Explanation: WS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’s security and compliance reports and select online agreements. The AWS SOC 2 report is particularly helpful for completing questionnaires because it provides a comprehensive description of the implementation and operating effectiveness of AWS security controls. Another useful document is the Executive Briefing within the AWS FedRAMP Partner Package. Reference: https://aws.amazon.com/compliance/faq/

Answer 64

C. AWS Personal Health Dashboard Explanation/Reference: Explanation: Personal Health Dashboard gives you a personalized view of the status of the AWS services that power your applications, enabling you to quickly see when AWS is experiencing issues that may impact you. For example, in the event of a lost EBS volume associated with one of your EC2 instances, you would gain quick visibility into the status of the specific service you are using, helping save precious time troubleshooting to determine root cause. Reference: https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

Answer 65

A. Volume pricing qualification Explanation/Reference: Explanation: If you have multiple standalone accounts, your charges might decrease if you add the accounts to an organization. AWS combines usage from all accounts in the organization to qualify you for volume pricing discounts. Reference: https://help.nops.io/consolidated-billing

Answer 66

D. Request and wait for approval from AWS support, and then conduct testing. Explanation/Reference: Explanation: AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services. Reference: https://aws.amazon.com/security/penetration-testing/

Answer 67

B. Amazon Machine Image Explanation/Reference: Explanation: To use Amazon EC2, you simply: Select a pre-configured, templated Amazon Machine Image (AMI) to get up and running immediately. Or create an AMI containing your applications, libraries, data, and associated configuration settings. Configure security and network access on your Amazon EC2 instance. Choose which instance type(s) you want, then start, terminate, and monitor as many instances of your AMI as needed, using the web service APIs or the variety of management tools provided. Determine whether you want to run in multiple locations, utilize static IP endpoints, or attach persistent block storage to your instances. Pay only for the resources that you actually consume, like instance-hours or data transfer. Reference: https://aws.amazon.com/ec2/features/

Answer 68

A. Apply an IAM policy to an IAM group. Explanation/Reference: Explanation: Instead of defining permissions for individual IAM users, it's usually more convenient to create groups that relate to job functions (administrators, developers, accounting, etc.). Next, define the relevant permissions for each group. Finally, assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group. That way, you can make changes for everyone in a group in just one place. As people move around in your company, you can simply change what IAM group their IAM user belongs to. Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Answer 69

D. Auto Scaling Explanation/Reference: Explanation: AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it’s easy to setup application scaling for multiple resources across multiple services in minutes. The service provides a simple, powerful user interface that lets you build scaling plans for resources including Amazon EC2 instances and Spot Fleets, Amazon ECS tasks, Amazon DynamoDB tables and indexes, and Amazon Aurora Replicas. AWS Auto Scaling makes scaling simple with recommendations that allow you to optimize performance, costs, or balance between them. If you’re already using Amazon EC2 Auto Scaling to dynamically scale your Amazon EC2 instances, you can now combine it with AWS Auto Scaling to scale additional resources for other AWS services. With AWS Auto Scaling, your applications always have the right resources at the right time. Reference: https://aws.amazon.com/autoscaling/

Answer 70

A. Amazon Route 53 D. Amazon CloudFront Explanation/Reference: Reference: http://jayendrapatil.com/aws-global-vs-regional-vs-az-resources/

Answer 71

A. AWS Artifact Explanation/Reference: Explanation: AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). Reference: https://aws.amazon.com/artifact/

Answer 72

A. Ensuring that application data is encrypted at rest C. Ensuring that users have received security training in the use of AWS services

Answer 73

C. Amazon EC2

Answer 74

D. Amazon EC2 Reserved Instances

Answer 75

A. reduced Total Cost of Ownership (TCO). C. reduced operational expenditure (opex).

Answer 76

C. AWS Cost and Usage report Explanation/Reference: Explanation: The Cost & Usage Report is your one-stop-shop for accessing the most granular data about your AWS costs and usage. You can also load your cost and usage information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice. Reference: https://aws.amazon.com/aws-cost-management/

Answer 77

E. AWS Management Console

Answer 78

B. Implement loose coupling. Loose coupling between services can also be done through asynchronous integration. It involves one component that generates events and another that consumes them. The two components do not integrate through direct point-to-point interaction, but usually through an intermediate durable storage layer. This approach decouples the two components and introduces additional resiliency. So, for example, if a process that is reading messages from the queue fails, messages can still be added to the queue to be processed when the system recovers. Reference: https://www.botmetric.com/blog/aws-cloud-architecture-design-principles/

Answer 79

B. Grant least privilege access to IAM users. E. Activate multi-factor authentication (MFA) for privileged users. Explanation/Reference: Explanation: If you decided to create service accounts (that is, accounts used for programmatic access by applications running outside of the AWS environment) and generate access keys for them, you should create a dedicated service account for each use case. This will allow you to restrict the associated policy to only the permissions needed for the particular use case, limiting the blast radius if the credentials are compromised. For example, if a monitoring tool and a release management tool both require access to your AWS environment, create two separate service accounts with two separate policies that define the minimum set of permissions for each tool. Reference: https://aws.amazon.com/blogs/security/guidelines-for-protecting-your-aws-account-while-using-programmatic-access/

Answer 80

C. AWS Storage Gateway Explanation/Reference: Explanation: AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. These include moving tape backups to the cloud, reducing on-premises storage with cloud-backed file shares, providing low latency access to data in AWS for on-premises applications, as well as various migration, archiving, processing, and disaster recovery use cases. Reference: https://aws.amazon.com/storagegateway/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc

Answer 81

B. Amazon EC2 Explanation/Reference: Explanation: The customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2. Reference: https://www.whizlabs.com/blog/aws-security-shared-responsibility/

Answer 82

A. Use multiple Availability Zones. Explanation/Reference: Explanation: Data Center resilience is practiced through Availability Zones across data centers that reduce the impact of failures. Fault isolation improvement can be made to traditional horizontal scaling by sharding (a method of grouping instances into groups called shards, instead of sending the traffic from all users to every node like in the traditional IT structure.) Reference: https://www.botmetric.com/blog/aws-cloud-architecture-design-principles/

Answer 83

B. Enterprise Explanation/Reference: Explanation: The enterprise support plans supports technical account manager. Developer and business support plans are devoid of this facility. Reference: https://aws.amazon.com/premiumsupport/plans/

Answer 84

B. AWS manages the maintenance of the operating system.

Answer 85

C. Amazon ElastiCache Explanation: Amazon ElastiCache for Redis is a great choice for implementing a highly available, distributed, and secure in-memory cache to decrease access latency, increase throughput, and ease the load off your relational or NoSQL databases and applications. ElastiCache can serve frequently requested items at sub-millisecond response times, and enables you to easily scale for higher loads without growing the costlier backend databases. Database query results caching, persistent session caching, and full-page caching are all popular examples of caching with ElastiCache for Redis. Reference: https://aws.amazon.com/products/databases/real-time-apps-elasticache-for-redis/

Answer 86

D. Auditing physical data center assets Explanation/Reference: Explanation: Of course, Amazon is responsible for auditing physical data center assets and resources since it is the property of Amazon Inc. Customers have no access to physical sites, hence they are not responsible for maintaining physical data center assets.

Answer 87

B. AWS Online Tech Talks E. AWS Classroom Training

Answer 88

C. Security Groups D. Subnets Explanation/Reference: Explanation: Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications. You can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your web servers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet. Reference: https://aws.amazon.com/vpc/

Answer 89

C. Create an AWS Organization from the payer account and invite the other accounts to join. Explanation/Reference: Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

Answer 90

A. Periodic price reductions as the result of Amazon’s operational efficiencies

Answer 91

C. AWS CloudTrail E. Amazon CloudWatch Explanation/Reference: Explanation: AWS offers a solution that uses AWS CloudTrail to log account activity, Amazon Kinesis to compute and stream metrics in real-time, and Amazon DynamoDB to durably store the computed data. Metrics are calculated for create, modify, and delete API calls for more than 60 supported AWS services. The solution also features a dashboard that visualizes your account activity in real-time. Reference: https://aws.amazon.com/solutions/real-time-insights-account-activity/

Answer 92

A. Patching databases software C. Backing up databases

Answer 93

D. A company has a number of infrequent, interruptible jobs that are currently using On-Demand Instances. Explanation/Reference: Reference: https://docs.aws.amazon.com/whitepapers/latest/cost-optimization-leveraging-ec2-spot-instances/spot-instance-interruptions.html

Answer 94

B. Availability Zones Explanation/Reference: Explanation: This is to achieve High Availability for any web application (in this case SwiftCode) deployed in AWS. The following features will be present: High availability across multiple instances/multiple availability zones. Auto Scaling of instances (scale up and scale down) based on number of requests coming in Additional Security to the instances/database that are in production No impact to end users during newer version of code deployment No Impact during patching the instances Reference: https://betsol.com/2018/01/how-to-make-high-availability-web-applications-on-amazon-web-services/

Answer 95

A. Enterprise

Answer 96

A. AmazonS3 Explanation/Reference: Explanation: You can host a static website on Amazon Simple Storage Service (Amazon S3). On a static website, individual webpages include static content. They might also contain client-side scripts. By contrast, a dynamic website relies on serverside processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting. Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html

Answer 97

C. It provides the ability to programmatically provision existing resources.

Answer 98

B. Delivering content closer to users D. Reducing traffic on the server by caching responses Explanation/Reference: Explanation: CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. Reference: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html

Answer 99

C. AWS Identity and Access Management (IAM) policies Explanation/Reference: Explanation: To allow users to perform S3 actions on the bucket from the VPC endpoints or IP addresses, you must explicitly grant those user-level permissions. You can grant user-level permissions on either an AWS Identity and Access Management (IAM) policy or another statement in the bucket policy. Reference: https://aws.amazon.com/premiumsupport/knowledge-center/block-s3-traffic-vpc-ip/

Answer 100

B. Implement elasticity Explanation/Reference: Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

Answer 101

C. Moving from upfront capital expense (capex) to variable operational expense (opex).

Answer 102

C. AWS Simple Monthly Calculator Explanation/Reference: Explanation: You can use Cost explorer which is part of Cost and Usage report to forecast future costs of running an application. Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ce-forecast.html

Answer 103

B. Business Explanation/Reference: Reference: https://aws.amazon.com/premiumsupport/plans/

Answer 104

C. Securing the Amazon EC2 hypervisor Explanation/Reference: Explanation: In EC2, the AWS IaaS offering, everything from the hypervisor layer down is AWS’s responsibility. A customer’s poorly coded applications, misconfigured operating systems, or insecure firewall settings will not affect the hypervisor, it will only affect the customer’s virtual machines running on that hypervisor. Reference: https://www.mindpointgroup.com/blog/the-aws-shared-responsibility-model-part-1-security-in-the-cloud/

Answer 105

C. paying only for time used. Explanation/Reference: Explanation: On-Demand Capacity Reservations are priced exactly the same as their equivalent (On-Demand) instance usage. If a Capacity Reservation is fully utilized, you only pay for instance usage and nothing towards the Capacity Reservation. If a Capacity Reservation is partially utilized, you pay for the instance usage and for the unused portion of the Capacity Reservation. Reference: https://aws.amazon.com/ec2/pricing/on-demand/

Answer 106

D. AWS Quick Start reference deployments Explanation/Reference: Explanation: Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately. Reference: https://aws.amazon.com/quickstart/?quickstart-all.sort-by=item.additionalFields.updateDate&quickstart-all.sort-order=desc

Answer 107

C. AWS Lambda Explanation/Reference: Explanation: AWS provides a set of fully managed services that you can use to build and run serverless applications. Serverless applications don’t require provisioning, maintaining, and administering servers for backend components such as compute, databases, storage, stream processing, message queueing, and more. You also no longer need to worry about ensuring application fault tolerance and availability. Instead, AWS handles all of these capabilities for you. Serverless platform includes: AWS lambda, Amazon S3, DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and services. Reference: https://aws.amazon.com/serverless/

Answer 108

C. AWS Step Functions, Amazon DynamoDB, Amazon SNS Explanation/Reference: Explanation: AWS provides a set of fully managed services that you can use to build and run serverless applications. Serverless applications don’t require provisioning, maintaining, and administering servers for backend components such as compute, databases, storage, stream processing, message queueing, and more. You also no longer need to worry about ensuring application fault tolerance and availability. Instead, AWS handles all of these capabilities for you. Serverless platform includes: AWS lambda, Amazon S3, DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and services. Reference: https://aws.amazon.com/serverless/

Answer 109

B. Edge location management Explanation/Reference: Explanation: Client-side data, application security is the sole responsibility of the customer. Patch management is a shared responsibility. That leaves us with edge location management and since this out of the control of the customer, AWS is the one responsible for it. Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 110

B. Groups Explanation/Reference: Explanation: An IAM group is a collection of IAM users. You can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html

Answer 111

B. Elasticity C. Agility planation/Reference: Explanation: The most celebrated benefit of AWS cloud is elasticity since you can expand the services when you experience more traffic. Agile developments in AWS Cloud through strategies are day by day becoming more established within the enterprises across the world. With so much improvement and call for optimization in the cloud, it is necessary that these strategies get established from the ground up within the organizations. It is highly important as already enterprises have a lot of bequest, politics and hierarchies which act as barriers in their businesses. Reference: https://www.botmetric.com/blog/evolution-agile-enterprises-aws-cloud/

Answer 112

B. AWS Directory Service Explanation/Reference: Explanation: Single sign-on only works when used on a computer that is joined to the AWS Directory Service directory. It cannot be used on computers that are not joined to the directory. Reference: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_single_sign_on.html

Answer 113

D. Availability Zones Explanation/Reference: Explanation: Each Region is completely independent. Each Availability Zone is isolated, but the Availability Zones in a Region are connected through low-latency links. A Local Zone is an AWS infrastructure deployment that places select services closer to your end users. A Local Zone is an extension of a Region that is in a different location from your Region. It provides a high-bandwidth backbone to the AWS infrastructure and is ideal for latency-sensitive applications, for example machine learning. Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html

Answer 114

B. AWS is responsible for the maintenance of common compliance framework documentation. C. It assures customers that AWS is maintaining physical security and data protection. Explanation/Reference: Reference: https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf

Answer 115

B. AWS Artifact Explanation: AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). Reference: https://aws.amazon.com/artifact/

Answer 116

A. Security management of datacenter Explanation/Reference: Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 117

C. Storage hardware D. Physical servers Explanation/Reference: Reference: https://aws.amazon.com/blogs/aws/the-new-aws-tco-calculator/

Answer 118

B. Managing the VPC network access control lists. C. Encrypting data in transit and at rest. Explanation/Reference: Explanation: The hardware related jobs is the prime responsibility of AWS. VPC network access control lists is something a customer has to do himself to secure the applications. Encrypting data in transit and at rest is a shared responsibility in which AWS plays a part. All hardware related jobs have nothing to do with the customer. Reference: https://dzone.com/articles/aws-shared-responsibility-model-cloud-security

Answer 119

A. Scaling the number of Amazon EC2 instances based on traffic. B. Resizing Amazon RDS instances as business needs change. Explanation/Reference: Reference: https://wa.aws.amazon.com/wat.concept.elasticity.en.html

Answer 120

A. When there is flexibility in when an application needs to run. Explanation/Reference: Explanation: The key to understanding spot instances is to look at the way that cloud service providers such as Amazon Web Services (AWS) operate. Cloud service providers invest in hardware resources and then release those resources (often on a per-hour basis) to subscribers. One of the problems with this business model, however, is that at any given time, there are likely to be compute resources that are not being utilized. These resources represent hardware capacity that AWS has paid for but are sitting idle, and not making AWS any money at the moment. Rather than allowing these computing resources to go to waste, AWS offers them at a substantially discounted rate, with the understanding that if someone needs those resources for running a normal EC2 instance, that instance will take priority over spot instances that are using the hardware resources at a discounted rate. In fact, spot instances will be stopped if the resources are needed elsewhere. Reference: https://awsinsider.net/articles/2017/09/25/aws-spot-instances-primer.aspx

Answer 121

B. Power consumption of the data center C. Labor costs to replace old servers

Answer 122

D. Users pay based on the number of requests and consumed compute resources. Explanation/Reference: Explanation: AWS Lambda is charging its users by the number of requests for their functions and by the duration, which is the time the code needs to execute. When code starts running in response to an event, AWS Lambda counts a request. It will charge the total number of requests across all of the functions used. Duration is calculated by the time when your code started executing until it returns or until it is terminated, rounded up near to 100ms. The AWS Lambda pricing depends on the amount of memory that the user used to allocate to the function. Reference: https://dashbird.io/blog/aws-lambda-pricing-model-explained/

Answer 123

A. Act as a virtual firewall for the Amazon EC2 instance. Explanation/Reference: Explanation: AWS Security Groups act like a firewall for your Amazon EC2 instances controlling both inbound and outbound traffic. When you launch an instance on Amazon EC2, you need to assign it to a particular security group. After that, you can set up ports and protocols, which remain open for users and computers over the internet. AWS Security Groups are very flexible. You can use the default security group and still customize it according to your liking (although we don’t recommend this practice because groups should be named according to their purpose.) Or you can create a security group that you want for your specific applications. To do this, you can write the corresponding code or use the Amazon EC2 console to make the process easier. Reference: https://www.threatstack.com/blog/aws-security-groups-what-they-are-and-how-to-get-the-most-out-of-them

Answer 124

D. Multi-site active-active Explanation/Reference: Explanation: Backup and Restore: a simple, straightforward, cost-effective method that backs up and restores data as needed. Keep in mind that because none of your data is on standby, this method, while cheap, can be quite time-consuming. Pilot Light: This method keeps critical applications and data at the ready so that it can be quickly retrieved if needed. Warm Standby: This method keeps a duplicate version of your business’ core elements running on standby at all times, which makes for a little downtime and an almost seamless transition. Multi-Site Solution: Also known as a Hot Standby, this method fully replicates your company’s data/applications between two or more active locations and splits your traffic/usage between them. If a disaster strikes, everything is simply rerouted to the unaffected area, which means you’ll suffer almost zero downtime. However, by running two separate environments simultaneously, you will obviously incur much higher costs. Reference: https://cloudranger.com/best-practices-aws-disaster-recovery-planning/

Answer 125

B. AWS Total Cost of Ownership (TCO) Calculator Explanation/Reference: Explanation: AWS TCO calculators allow you to estimate the cost savings when using AWS and provide a detailed set of reports that can be used in executive presentations. The calculators also give you the option to modify assumptions that best meet your business needs. Reference: https://aws.amazon.com/tco-calculator/

Answer 126

B. Linked accounts and consolidated billing Explanation/Reference: Explanation: The way that Reserved Instance discounts apply to accounts in an organization's consolidated billing family depends on whether Reserved Instance sharing is turned on or off for the account. By default, Reserved Instance sharing for all accounts in an organization is turned on. You can change this setting by Turning Off Reserved Instance Sharing for an account. The capacity reservation for a Reserved Instance applies only to the account the Reserved Instance was purchased on, regardless of whether Reserved Instance sharing is turned on or off. Reference: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-consolidated-billing/

Answer 127

B. AWS Organizations Explanation/Reference: Explanation: You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) accounts. Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

Answer 128

A. Amazon CloudFront Explanation/Reference: Explanation: Use AWS Local Zones to deploy workloads closer to your end-users for low-latency requirements. AWS Local Zones have their own connection to the internet and support AWS Direct Connect, so resources created in the Local Zone can serve local end-users with very low-latency communications.nation Reference: https://aws.amazon.com/about-aws/global-infrastructure/localzones/faqs/

Answer 129

C. Cloud Explanation/Reference: Explanation: The cloud allows you to trade capital expenses (such as data centers and physical servers) for variable expenses, and only pay for IT as you consume it. Plus, the variable expenses are much lower than what you would pay to do it yourself because of the economies of scale. Reference: https://aws.amazon.com/what-is-cloud-computing/

Answer 130

B. AWS performs infrastructure discovery scans on the customer’s behalf. Explanation/Reference: Explanation: AWS assets are centrally managed through an inventory management system that stores and tracks owner, location, status, maintenance, and descriptive information for AWS-owned assets. Following procurement, assets are scanned and tracked, and assets undergoing maintenance are checked and monitored for ownership, status, and resolution. Reference: https://aws.amazon.com/compliance/data-center/controls/

Answer 131

C. Cross-Region read replicas Explanation/Reference: Reference: https://aws.amazon.com/blogs/aws/cross-region-read-replicas-for-amazon-rds-for-mysql/

Answer 132

C. least privilege access. Explanation/Reference: Explanation: When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks. Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Answer 133

B. Create separate accounts for each department. D. Use tags to associate each instance with a particular department.

Answer 134

C. Configuring the operating system, network, and firewall. Explanation/Reference: Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 135

B. AWS Trusted Advisor Explanation/Reference: Explanation: AWS offers premium services such as AWS Trusted Advisor, which provides real-time guidance to help you reduce cost, increase performance, and improve security. Reference: https://www.ibm.com/downloads/cas/2N40X4PQ

Answer 136

D. Amazon EC2 Auto Scaling Explanation/Reference: Explanation: Support for monitoring the health of each service independently, as health checks are defined at the target group level and many CloudWatch metrics are reported at the target group level. Attaching a target group to an Auto Scaling group enables you to scale each service dynamically based on demand. Reference: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html

Answer 137

C. Encryption management E. Firewall management Explanation/Reference: Explanation: With the basic Cloud infrastructure secured and maintained by AWS, the responsibility for what goes into the cloud falls on you. This covers both client and server side encryption and network traffic protection, security of the operating system, network, and firewall configuration, followed by application security and identity and access management. Firewall configuration remains the responsibility of the end user, which integrates at the platform and application management level. For example, RDS utilizes security groups, which you would be responsible for configuring and implementing. Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

Answer 138

C. AWS Storage Gateway Explanation/Reference: Explanation: The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS Cloud. It seamlessly integrates on-premises enterprise applications and workflows with Amazon’s block and object cloud storage services through industry standard storage protocols. It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. It provides an optimized data transfer mechanism and bandwidth management, which tolerates unreliable networks and minimizes the amount of data being transferred. It brings the security, manageability, durability, and scalability of AWS to existing enterprise environments through native integration with AWS encryption, identity management, monitoring, and storage services. Typical use cases include backup and archiving, disaster recovery, moving data to S3 for in-cloud workloads, and tiered storage. Reference: https://aws.amazon.com/storagegateway/faqs/

Answer 139

C. Updating the firmware on the underlying EC2 hosts. Explanation/Reference: Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

Answer 140

B. Design for failure. Explanation/Reference: Explanation: Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention. Reference: https://aws.amazon.com/rds/details/multi-az/

Answer 141

D. It is granting only the permissions required to perform a given task. Explanation/Reference: Explanation: When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks. Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege

Answer 142

C. It prevents cascading failures between different components. Explanation/Reference: Explanation: IT systems should ideally be designed in a way that reduces inter-dependencies. Your components need to be loosely coupled to avoid changes or failure in one of the components from affecting others. Your infrastructure also needs to have well defined interfaces that allow the various components to interact with each other only through specific, technology-agnostic interfaces. Modifying any underlying operations without affecting other components should be made possible. Reference: https://www.botmetric.com/blog/aws-cloud-architecture-design-principles/

Answer 143

B. AWS Direct Connect Explanation/Reference: Explanation: Amazon VPC provides multiple network connectivity options for you to leverage depending on your current network designs and requirements. These connectivity options include leveraging either the internet or an AWS Direct Connect connection as the network backbone and terminating the connection into either AWS or user-managed network endpoints. Additionally, with AWS, you can choose how network routing is delivered between Amazon VPC and your networks, leveraging either AWS or user-managed network equipment and routes. Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/introduction.html

Answer 144

C. Focusing on decoupling components by isolating them and ensuring individual components can function when other components fail.

Answer 145

B. Enable Multi-Factor Authentication (MFA) C. Use Amazon Cognito to manage access Explanation/Reference: Explanation: Your root account should always be protected by Multi-Factor Authentication (MFA). This additional layer of security helps protect against unauthorized logins to your account by requiring two factors: something you know (a password) and something you have (for example, an MFA device). AWS supports virtual and hardware MFA devices and U2F security keys. Cognito can be used as an Identity Provider (IdP), where it stores and maintains users and credentials securely for your applications, or it can be integrated with OpenID Connect, SAML, and other popular web identity providers like Amazon.com. Using Amazon Cognito, you can generate temporary access credentials for your clients to access AWS services, eliminating the need to store long-term credentials in client applications. Reference: https://aws.amazon.com/blogs/security/guidelines-for-protecting-your-aws-account-while-using-programmatic-access/

Answer 146

D. AWS Organizations Explanation/Reference: Explanation: To improve control over your AWS environment, you can use AWS Organizations to create groups of accounts, and then attach policies to a group to ensure the correct policies are applied across the accounts without requiring custom scripts and manual processes. Reference: https://aws.amazon.com/organizations/

Answer 147

B. AWS Budgets Explanation/Reference: Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html

Answer 148

A. AWS security and compliance documents Explanation/Reference: Explanation: You can use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports. Reference: https://aws.amazon.com/artifact/faq/

Answer 149

A. Enterprise Explanation/Reference: Reference: https://aws.amazon.com/premiumsupport/plans/

Answer 150

B. Ability to recover from failure Explanation/Reference: Reference: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

Answer 151

B. Amazon EC2 instance store Explanation/Reference: Explanation: When you stop or terminate an instance, every block of storage in the instance store is reset. Therefore, your data cannot be accessed through the instance store of another instance. Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html

Answer 152

A. Users do not have to guess about future capacity needs. Explanation/Reference: Reference: https://data-flair.training/blogs/aws-advantages/

Answer 153

B. Amazon EC2

Answer 154

D. Design for failure. Explanation/Reference: Explanation: There are six design principles for operational excellence in the cloud: Perform operations as code Annotate documentation Make frequent, small, reversible changes Refine operations procedures frequently Anticipate failure Learn from all operational failures Reference: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

Answer 155

A. AWS Software Development Kit Explanation/Reference: Reference: https://aws.amazon.com/tools/

Answer 156

A. On-Demand Instances With On-Demand instances, you pay for compute capacity by the hour or the second depending on which instances you run. No longer-term commitments or upfront payments are needed. You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified per hourly rates for the instance you use. Reference: https://aws.amazon.com/ec2/pricing/

Answer 157

D. Amazon Aurora Explanation/Reference: Explanation: Amazon Aurora is a relational database service that combines the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. The MySQL-compatible edition of Aurora delivers up to 5X the throughput of standard MySQL running on the same hardware, and enables existing MySQL applications and tools to run without requiring modification. Amazon Aurora will automatically grow the size of your database volume as your database storage needs grow. Your volume will grow in increments of 10 GB up to a maximum of 64 TB. You don't need to provision excess storage for your database to handle future growth. Reference: https://aws.amazon.com/rds/aurora/mysql-features/

Answer 158

C. Amazon VPC peering Explanation/Reference: Explanation: A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection). Reference: https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

Answer 159

D. AWS Code Commit Explanation/Reference: Explanation: AWS CodeCommit is a version control service hosted by Amazon Web Services that you can use to privately store and manage assets (such as documents, source code, and binary files) in the cloud. Reference: https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html

Answer 160

B. AWS Total Cost of Ownership (TCO) Calculator Explanation/Reference: Explanation: TCO calculator compare the cost of running your applications in an on-premises or colocation environment to AWS. Reference: https://awstcocalculator.com

Answer 161

D. AWS Snowmobile Explanation/Reference: Explanation: AWS Snowmobile is an exabyte-scale data transfer service that can move extremely large amounts of data to AWS in a fast, secure, and cost-effective manner. You can transfer up to 100PB per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration. All data is encrypted with 256-bit encryption and you can manage your encryption keys with AWS Key Management Service (AWS KMS). Snowmobile includes GPS tracking, alarm monitoring, 24/7 video surveillance and an optional escort security vehicle while in transit. Reference: https://aws.amazon.com/about-aws/whats-new/2016/11/move-exabyte-scale-data-sets-with-aws-snowmobile/

Answer 162

B. Pay-as-you-go D. Planned Explanation/Reference: Reference: https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf

Answer 163

C. Classic Load Balancers E. Application Load Balancers Explanation: Elastic Load Balancing supports the following types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers. Amazon ECS services can use either type of load balancer. Application Load Balancers are used to route HTTP/HTTPS (or Layer 7) traffic. Network Load Balancers and Classic Load Balancers are used to route TCP (or Layer 4) traffic. Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html

Answer 164

B. AWS does not require long-term contracts and provides a pay-as-you-go model. Explanation: AWS offers you a pay-as-you-go approach for pricing for over 160 cloud services. With AWS you pay only for the individual services you need, for as long as you use them, and without requiring long-term contracts or complex licensing. AWS pricing is similar to how you pay for utilities like water and electricity. You only pay for the services you consume, and once you stop using them, there are no additional costs or termination fees. Reference: https://aws.amazon.com/pricing/

Answer 165

B. Amazon CloudFront to edge locations Explanation: You can deliver content and decrease end-user latency of your web application using Amazon CloudFront. CloudFront speeds up content delivery by leveraging its global network of data centers, known as edge locations, to reduce delivery time by caching your content close to your end users. CloudFront fetches your content from an origin, such as an Amazon S3 bucket, an Amazon EC2 instance, an Amazon Elastic Load Balancing load balancer or your own web server, when it's not already in an edge location. CloudFront can be used to deliver your entire website or application, including dynamic, static, streaming, and interactive content. Reference: https://aws.amazon.com/getting-started/tutorials/deliver-content-faster/

Answer 166

D. AWS Artifact Explanation: AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). Reference: https://aws.amazon.com/artifact/

Answer 167

D. Amazon Elastic Compute Cloud (Amazon EC2) Explanation/Reference: Reference: https://severalnines.com/news/aws-users-prefer-self-managed-databases

Answer 168

B. Access to a Technical Account Manager Explanation/Reference: Reference: https://aws.amazon.com/premiumsupport/plans/enterprise/

Answer 169

C. Deploy applications across multiple AWS Regions. Explanation: An AWS Region is a geographic location where AWS provides multiple, physically separated and isolated Availability Zones which are connected with low latency, high throughput, and highly redundant networking. Reference: https://aws.amazon.com/s3/faqs/

Answer 170

A. It provides on-demand resources for peak usage. Explanation: You can continue to optimize your spend and keep your development costs low by making sure you revisit your architecture often, to adjust to your startup growth. Manage your cost further by leveraging different options such as S3 CloudFront for caching & offloading to reduce cost of EC2 computing, as well as Elastic Load Balancing which prepares you for massive scale, high reliability and uninterrupted growth. Another way to keep costs down is to use AWS Identity and Access Management solutions (IAM) to manage governance of your cost drivers effectively and by the right teams. Reference: https://aws.amazon.com/startups/lean/

Answer 171

D. Agility Explanation: Agile is a time boxed, iterative approach to software delivery that builds software incrementally from the start of the project, instead of trying to deliver it all at once near the end. Reference: http://www.agilenutshell.com

Answer 172

D. Enterprise and Business Support

Answer 173

A. AWS WAF D. Amazon CloudFront Explanation/Reference: Reference: https://aws.amazon.com/shield/

Answer 174

A. Compute costs C. Storage costs E. Network infrastructure costs Explanation/Reference: Reference: https://aws.amazon.com/blogs/aws/the-new-aws-tco-calculator/

Answer 175

B. Amazon Rekognition provides automatic detection of objects appearing in pictures. Explanation: Rekognition Image is an image recognition service that detects objects, scenes, and faces; extracts text; recognizes celebrities; and identifies inappropriate content in images. It also allows you to search and compare faces. Rekognition Image is based on the same proven, highly scalable, deep learning technology developed by Amazon’s computer vision scientists to analyze billions of images daily for Prime Photos. Reference: https://aws.amazon.com/rekognition/faqs/

Answer 176

A. Data center security Explanation/Reference: Reference: https://www.awstcocalculator.com/Output/Load/f85bbf7e131446643911859504

Answer 177

D. Managing the network infrastructure Explanation/Reference: Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

Answer 178

B. AWS Simple Monthly Calculator Explanation: To forecast your costs, use the AWS Cost Explorer. Use cost allocation tags to divide your resources into groups, and then estimate the costs for each group. Reference: https://aws.amazon.com/premiumsupport/knowledge-center/estimating-aws-resource-costs/

Answer 179

B. AWS Trusted Advisor

Answer 180

B. Amazon CloudWatch Explanation: You can monitor your estimated AWS charges by using Amazon CloudWatch. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data. Billing metric data is stored in the US East (N. Virginia) Region and represents worldwide charges. This data includes the estimated charges for every service in AWS that you use, in addition to the estimated overall total of your AWS charges. Reference: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html

Answer 181

C. All Upfront Reserved Instances for a 3-year term Explanation/Reference: Reference: https://aws.amazon.com/ec2/pricing/reserved-instances/

Answer 182

B. Physically destroying storage media at end of life Explanation: Media storage devices used to store customer data are classified by AWS as Critical and treated accordingly, as high impact, throughout their life-cycles. AWS has exacting standards on how to install, service, and eventually destroy the devices when they are no longer useful. When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. Media that stored customer data is not removed from AWS control until it has been securely decommissioned. Reference: https://aws.amazon.com/compliance/data-center/controls/

Answer 183

C. There is no guessing on capacity needs. Explanation: AWS manages dozens of compliance programs in its infrastructure. This means that segments of your compliance have already been completed. Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.html

Answer 184

D. Amazon CloudFront Explanation: Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. Reference: https://aws.amazon.com/cloudfront/

Answer 185

A. AWS Elastic Beanstalk D. AWS CloudFormation Reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/deploying.applications.html

Answer 186

C. AWS Total Cost of Ownership (TCO) Calculator Explanation: The TCO Calculator provides directional guidance on possible realized savings when deploying AWS. This tool is built on an underlying calculation model, that generates a fair assessment of value that a customer may achieve given the data provided by the user. Reference: https://aws.amazon.com/tco-calculator/

Answer 187

A. Design for automated failure recovery B. Use multiple Availability Zones Reference: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

Answer 188

A. Rotate passwords and access keys. E. Contact AWS Support. Reference: https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/

Answer 189

B. Ensuring an application remains accessible, even if a resource fails Reference: https://aws.amazon.com/blogs/startups/high-availability-for-mere-mortals/

Answer 190

D. AWS Shield Explanation: AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield - Standard and Advanced. Reference: https://aws.amazon.com/shield/

Answer 191

B. Amazon CloudWatch Explanation: With Basic monitoring you get data on your cloudwatch metrics every 5 minutes. Enabling detailed monitoring, you will get the data every one minute. To check if detailed monitoring is enabled, on your EC2 Console, Select the instance, on the lower plane, Select Monitoring. Reference: https://forums.aws.amazon.com/thread.jspa?threadID=263876

Answer 192

C. An entity that defines a set of permissions for use with an AWS resource Explanation: AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. Reference: https://aws.amazon.com/iam/

Answer 193

A. They provide a discount over on-demand pricing. E. Customers can reserve capacity in an Availability Zone. Reference: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-basics/

Answer 194

B. They automatically add or replace instances across multiple Availability Zones when the application needs it. Explanation: When the unhealthy Availability Zone returns to a healthy state, Auto Scaling automatically redistributes the application instances evenly across all of the designated Availability Zones. Reference: https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-benefits.html

Answer 195

B. By using AWS Organizations consolidated billing Explanation: The account that originally purchased the Reserved Instance receives the discount first. If the purchasing account doesn't have any instances that match the terms of the Reserved Instance, the discount for the Reserved Instance is assigned to any matching usage on another account in the organization. Reference: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-consolidated-billing/

Answer 196

B. 3 hours, 5 minutes, and 6 seconds Reference: https://aws.amazon.com/about-aws/whats-new/2017/10/announcing-amazon-ec2-per-second-billing/

Answer 197

A. AWS Lambda B. Amazon Elastic Container Service (Amazon ECS) Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/compute-services.html

Answer 198

B. AWS CloudFormation Explanation: AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. This gives you a single source of truth for your AWS and third party resources. Reference: https://aws.amazon.com/cloudformation/

Answer 199

B. AWS Direct Connect D. AWS Storage Gateway Reference: https://aws.amazon.com/hybrid/

Answer 200

B. AWS Direct Connect Explanation: AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple virtual interfaces. This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. Virtual interfaces can be reconfigured at any time to meet your changing needs. Reference: https://aws.amazon.com/directconnect/

Answer 201

A. Amazon CloudFront B. AWS Shield Reference: https://www.edureka.co/community/600/what-is-an-edge-location-in-aws

Answer 202

B. AWS Direct Connect Explanation: Amazon Virtual Private Cloud (Amazon VPC) is a logically isolated, private section of the AWS Cloud to launch resources in a virtual data center in the cloud. Amazon VPC allows you to leverage multiple Availability Zones (AZ) within a region so that you can build greater fault tolerance within your workloads. You have complete control. Reference: https://aws.amazon.com/blogs/publicsector/aws-networking-capabilities-gives-you-choices-for-hybrid-cloud-connectivity-but-which-service-works-best-for-your-use-case/

Answer 203

D. AWS Total Cost of Ownership (TCO) Calculator Reference: https://aws.amazon.com/tco-calculator/

Answer 204

A. Users pay for software by the hour or month depending on licensing. B. AWS Marketplace enables the user to launch applications with 1-Click. Reference: https://aws.amazon.com/partners/aws-marketplace/

Answer 205

B. Loosely couple components. Explanation: Loosely coupled architectures reduce interdependencies, so that a change or failure in a component does not cascade to other components. Reference: https://aws-certified-cloud-practitioner.fandom.com/wiki/1.3_List_the_different_cloud_architecture_design_principles

Answer 206

B. Patching of operating systems E. Configuration of the security group Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 207

D. AWS Config Explanation: AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. Reference: https://aws.amazon.com/config/

Answer 208

B. AWS Trusted Advisor

Answer 209

C. It is shared between AWS and the customer. Explanation: AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 210

C. Amazon CloudFront Explanation: Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. Reference: https://aws.amazon.com/cloudfront/

Answer 211

C. Elasticity Reference: https://wa.aws.amazon.com/wat.map.en.html

Answer 212

D. AWS Abuse team Reference: https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/

Answer 213

A. There are no upfront commitments. C. Users have the ability to provision resources on demand.

Answer 214

B. make programmatic calls to AWS from AWS APIs. Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

Answer 215

C. It is an online tool with a set of automated checks that provides recommendations on cost optimization, performance, and security. Explanation: AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally. Reference: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

Answer 216

B. AWS Cost Explorer Explanation: AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. Reference: https://aws.amazon.com/aws-cost-management/aws-cost-explorer/

Answer 217

B. AWS Artifact Explanation: AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). Reference: https://aws.amazon.com/artifact/

Answer 218

A. Companies can deploy applications in multiple AWS Regions to reduce latency. C. Amazon CloudFront has multiple edge locations around the world to reduce latency. Reference: https://aws.amazon.com/comprehend/features/ https://aws.amazon.com/cloudfront/

Answer 219

B. AWS Elastic Beanstalk Explanation Upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time. Reference: https://aws.amazon.com/elasticbeanstalk/

Answer 220

C. Amazon VPC Reference: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Security.html

Answer 221

B. Availability Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html

Answer 222

A. reduces capital expenditures. Reference: https://www.10thmagnitude.com/opex-vs-capex-the-real-cloud-computing-cost-advantage/

Answer 223

B. Physical security of global infrastructure Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

Answer 224

B. AWS Organizations Explanation: You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) accounts. Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

Answer 225

B. Physical security Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 226

D. AWS Discussion Forums Reference: https://aws.amazon.com/premiumsupport/faqs/

ACCP Flashcards

CLF-C02