Amazon

Question 1

Cloud Concepts
Q 1: According to AWS, what is the benefit of Elasticity?

Answer 1

B. Create systems that scale to the required capacity based on changes in demand

Question 2

Billing and Pricing
Q2: Which tool can you use to forecast your AWS spending?

Answer 2

AWS Cost Explorer
-view data up to the last 12 months.
-forecast next 12 months
- get recommendations for what Reserved Instances to purchase

Question 3

Technology
Q3: A business analyst would like to move away from creating complex database queries and static spreadsheets when generating regular reports for high-level management. They would like to publish insightful, graphically appealing reports with interactive dashboards. Which service can they use to accomplish this?

Answer 3

Amazon QuickSight
-fully-managed service
-graphical and interactive dashboards.
-machine learning to discover inconspicuous trends and patterns

*Amazon Redshift service is a data warehouse
*Amazon CloudWatch : monitor AWS system resources and infrastructure services
* Amazon Athena is a query service that allows for easy data analysis in Amazon S3 by using standard SQL.

Question 4

Technology
Q4. What is the AWS feature that enables fast, easy and secure transfers of files over long distances between your client and your Amazon S3 bucket?

Answer 4

Amazon S3 Transfer Acceleration
- fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.
-takes advantage of Amazon CloudFront’s globally distributed edge locations.
-As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

Question 5

Security
Q5:What best describes the “Principle of Least Privilege”?

Answer 5

B. Users should be granted permission to access only resources they need to do their assigned job.

Question 6

Security
Q6: A web administrator maintains several public and private web-based resources for an organisation. Which service can they use to keep track of the expiry dates of SSL/TLS certificates as well as updating and renewal?

Answer 6

AWS Certificate Manager

The AWS Certificate Manager allows the web administrator to maintain one or several SSL/TLS certificates, both private and public certificates including their update and renewal so that the administrator does not worry about the imminent expiry of certificates.

The AWS Lifecycle Manager creates life cycle policies for specified resources to automate operations.
AWS License Manager serves the purpose of differentiating, maintaining third-party software provisioning vendor licenses. It also decreases the risk of license expirations and the penalties.

AWS Firewall Manager aids in the administration of Web Application Firewall (WAF), by presenting a centralised point of setting firewall rules across different web resources.

Question 7

Security
Q7: Which of the following is the responsibility of the customer to ensure the availability and backup of the EBS volumes?

Answer 7

Q7: Which of the following is the responsibility of the customer to ensure the availability and backup of the EBS volumes?

Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved.

When you create an EBS volume based on a snapshot, the new volume begins as an exact replica of the original volume that was used to create the snapshot. The replicated volume loads data in the background so that you can begin using it immediately.

Question 8

Security
Q8: Which of the following services can be used as an application firewall in AWS?

Answer 8

B. AWS WAF

AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront or an Application Load Balancer. AWS WAF also lets you control access to your content.

Question 9

Cloud
Your design team is planning to design an application that will be hosted on the AWS Cloud. One of their main non-functional requirements is given below:
Reduce inter-dependencies so failures do not impact other components.
Which of the following concepts does this requirement relate to?

Answer 9

B. Decoupling

The entire concept of decoupling components ensures that the different components of applications can be managed and maintained separately. If all components are tightly coupled, the entire application would go down when one component goes down. Hence it is always a better practice to decouple application components.

Question 10

Billing and Pricing
Q10: A manufacturing firm has recently migrated their application servers to the Amazon EC2 instance. The IT Manager is looking for the details of upcoming scheduled maintenance activities which AWS would be performing on AWS resources, that may impact the services on these EC2 instances.

Answer 10

AWS Personal Health Dashboard

AWS Personal Health Dashboard provides alerts for AWS services availability & performance which may impact resources deployed in your account. Customers get emails & mobile notifications for scheduled maintenance activities which might impact services on these AWS resources.

AWS Trusted Advisor will provide notification on AWS resources created within the account for cost optimization, security, fault tolerance, performance, and service limits. It will not provide notification for scheduled maintenance activities performed by AWS on its resources.

Service Health Dashboard displays the general status of all AWS services & will not display scheduled maintenance activities.

Question 11

Security
Q11: Which of the following AWS services can be used to retrieve configuration changes made to AWS resources causing operational issues?

Answer 11

AWS Config
AWS Config can be used to audit, evaluate configurations of AWS resources. If there are any operational issues, AWS config can be used to retrieve configurational changes made to AWS resources that may have caused these issues.

Amazon Inspector can be used to analyze potential security threats for an Amazon EC2 instance against an assessment template with predefined rules. It does not provide historical data for configurational changes done to AWS resources

AWS CloudFormation provided templates to provision and configure resources in AWS.

AWS Trusted Advisor can help optimize resources with AWS cloud with respect to cost, security, performance, fault tolerance, and service limits. It does not provide historical data for configurational changes done to AWS resources.

Question 12

Security
Q12: An organization runs several EC2 instances inside a VPC using three subnets, one for Development, one for Test, and one for Production. The Security team has some concerns about the VPC configuration. It requires restricting communication across the EC2 instances using Security Groups.

Answer 12

You can change a Security Group associated with an instance if the instance is in the running state.

because the AWS documentation mentions it in the section called “Changing an Instance’s Security Group” using the following sentence: “After you launch an instance into a VPC, you can change the security groups that are associated with the instance. You can change the security groups for an instance when the instance is in the running or stopped state.”

Question 13

Technology
Q13: Which of the following features of Amazon RDS allows for better availability of databases? Choose the answer from the options given below.

Answer 13

Multi-AZ

If you are looking to use replication to increase database availability while protecting your latest database updates against unplanned outages, consider running your DB instance as a Multi-AZ deployment.

For more information on AWS RDS, please visit the FAQ Link:https://aws.amazon.com/rds/faqs/

Question 14

TechnologyQ14: Your company wants to move an existing Oracle database to the AWS Cloud. Which of the following services can help facilitate this move?

Answer 14

AWS Database Migration Service
AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from the most widely used commercial and open-source databases.

Question 15

Security
Q15: Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities?

Answer 15

AWS Inspector
Amazon Inspector enables you to analyze the behavior of your AWS resources and helps you to identify potential security issues. Using Amazon Inspector, you can define a collection of AWS resources that you want to include in an assessment target. You can then create an assessment template and launch a security assessment run of this target.

Question 16

Technology
Q16: A website for an international sport governing body would like to serve its content to viewers from different parts of the world in their vernacular language. Which of the following services provide location-based web personalization using geolocation headers?

Answer 16

Amazon CloudFront
Amazon CloudFront supports country-level location-based web content personalization with a feature called Geolocation Headers.
You can configure CloudFront to add additional geolocation headers that provide more granularity in your caching and origin request policies. The new headers give you more granular control of cache behavior and your origin access to the viewer’s country name, region, city, postal code, latitude, and longitude, all based on the viewer’s IP address.

Amazon Lightsail will primarily allow for developing, deploying, and hosting websites and web applications. The service will not meet the requirements of the scenario.

because the geolocation routing policy of Route53 allows different resources to serve content based on the origin of the request. Route 53 does not use geolocation headers.

Question 17

Security
Q17: Which of the following can be used to protect against DDoS attacks? Choose 2 answers from the options given below.

Answer 17

C. AWS Shield
D. AWS Shield Advanced
AWS Shield – All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge. AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your web site or applications

AWS Shield Advanced – For higher levels of protection against attacks targeting your web applications running on Amazon EC2, Elastic Load Balancing (ELB), CloudFront, and Route 53 resources, you can subscribe to AWS Shield Advanced. AWS Shield Advanced provides expanded DDoS attack protection for these resources.

Question 18

Technology
Q18: Which of the following are the recommended resources to be deployed in the Amazon VPC private subnet?

Answer 18

Database Servers

As Database servers contain confidential information, so for a security perspective, it should be deployed in a Private Subnet.

Amazon Virtual Private Cloud (Amazon VPC) enables the user to launch AWS resources into a virtual network that a user has defined.

Option A is incorrect because NAT devices (NAT Gateway, Nat Instance) allow instances in private subnets to connect to the internet, other VPCs, or on-premises networks. It is deployed in a public subnet.

Option B is incorrect because bastion host is a server whose purpose is to provide access (SSH access) to a private network from an external network, such as the Internet. It is deployed in a public subnet.

Option D is incorrect because an Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

Question 19

Technology
Q19: A company wants to utilize AWS storage. For them, low storage cost is paramount. The data is rarely retrieved and a data retrieval time of 13-14 hours is acceptable for them. What is the best storage option to use?

Answer 19

S3 Glacier Deep Archive
S3 Glacier Deep Archive offers the lowest cost storage in the cloud, at prices lower than storing and maintaining data in on-premises magnetic tape libraries or archiving data offsite.

It expands our data archiving offerings, enabling you to select the optimal storage class based on storage and retrieval costs, and retrieval times.

Option B is correct because S3 Glacier Deep Archive offers low-cost storage and retrieval time doesn’t matter for the company. If the question asks for fast retrieval time then S3 Glacier would be correct.

Option A is incorrect because S3 Glacier is not cheaper than S3 Glacier Deep Archive.

Options C and D are incorrect because they are not suitable for data archive and faster retrieval. Also, the CloudFront is not for storage.
Amazon S3 Glacier
-Expedited:1–5 minutes
-Standard:3–5 hours
-Bulk:5–12 hours
S3 Glacier Deep Archive
-Expedited:Not Available
-Within 12 hours
-Within 48 hours

Question 20

Cloud Concepts
Q20: Which AWS service provides a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability?

Answer 20

B. DynamoDB
DynamoDB is a fully managed NoSQL offering provided by AWS. It is now available in most regions for users to consume.

Question 21

Cloud Concepts
Q21: For which of the following AWS resources, the Customer is responsible for the infrastructure-related security configurations?

Answer 21

C. Amazon
Amazon EC2 is an Infrastructure as a Service (IaaS) for which customers are responsible for the security and the management of guest operating systems.

Options A, B, and D are incorrect as all these resources are part of abstracted services for which AWS is responsible for the security, & infrastructure layer. Customers are responsible for data that is saved on these resources.

Question 22

Cloud Concepts
Q22: In the shared responsibility model for infrastructure services, such as Amazon Elastic Compute Cloud, which of the below two are customers responsibility?

Answer 22

Amazon Machine Images (AMIs)
Policies and configuration

– Facilities

– Physical security of hardware

– Network infrastructure

– Virtualization infrastructure

Customers are responsible for the security of the following assets:

– Amazon Machine Images (AMIs)

– Operating systems

– Applications

– Data in transit

– Data at rest

– Data stores

– Credentials

Option B is CORRECT. The given statement is False. For China Regions, savings plans are not available.

Question 23

Q23: AWS offers two savings plans to enable more savings and flexibility for its customers, namely, compute saving plans and EC2 Instance Savings plans.

Answer 23

B. Savings Plans are available for all the regions.

Question 24

Technology
Q24: Which of the below-listed services is a region-based AWS service?

Answer 24

Amazon EFS

AWS IAM ,Route 53, Amazon Cloudfront is a global service.