AWS CCP Flashcards
Provide you with a significant discount (up to 54%) compared to On-Demand Instances and can be purchased for a 1-year or 3-year term. Good if you need additional flexibility, such as the ability to use different instance families, operating systems, or tenancies over the Reserved Instance term.
Convertible Reserved Instances (RI)
A highly available and scalable cloud Domain Name System (DNS) web service in AWS
Route 53
Customer is responsible for
Service and Communications Protection or Zone Security
Shared responsibilities are
– Patch Management: AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.
– Configuration Management: AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.
– Awareness & Training: AWS trains AWS employees, but a customer must train their own employees.
AWS is responsible for
Physical and Environmental controls
Professional services firms that help customers of all sizes design, architect, migrate, or build new applications on AWS. They include System Integrators (SIs), Strategic Consultancies, Resellers, Digital Agencies, Managed Service Providers (MSPs), and Value-Added Resellers (VARs).
APN Consulting Partners
Provide software solutions that are either hosted on or integrated with the AWS platform. They include Independent Software Vendors (ISVs), SaaS, PaaS, developer tools, management, and security vendors.
APN Technology Partners
Which service should a company use to centrally manage account policies and consolidate billing across multiple AWS accounts?
AWS Organization
Gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. Also lets you set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define.
AWS Budget
Which service should you use if you need a scalable, fast, and flexible non-relational database service
DynamoDB
A suitable service to use to store static content (high-resolution images, videos, and other static files)
Amazon S3
Which of the following is an advantage of using managed services like RDS, ElastiCache, and CloudSearch in AWS?
Simplifies all of your OS patching and backup activities to help keep your resources current and secure
Amazon [ ] offers fully managed Redis and Memcached. Seamlessly deploy, run, and scale popular open-source compatible in-memory data stores. Build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. Amazon [ ] is a popular choice for Gaming, Ad-Tech, Financial Services, Healthcare, and IoT apps You no longer need to perform management tasks such as hardware provisioning, software patching, setup, configuration, monitoring, failure recovery, and backups. [ ] continuously monitors your clusters to keep your workloads up and running so that you can focus on higher-value application development.
Elasticache
Allows you to easily undo mistakes on your database. If you mistakenly perform a destructive action, such as a DELETE without a WHERE clause, you can backtrack the DB cluster to a time before the destructive action with minimal interruption of service.
Amazon Aurora Backtrack
Store the results of I/O-intensive SQL database queries to improve application performance?
Elasticache
Consolidated billing benefits
One bill – You get one bill for multiple accounts.
Easy tracking – You can track the charges across multiple accounts and download the combined cost and usage data.
Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with individual standalone accounts.
No extra fee – Consolidated billing is offered at no additional cost.
How can you apply and easily manage the common access permissions to a large number of IAM users in AWS?
Attach the necessary policies or permissions required to a new IAM Group then afterwards, add the IAM Users to the IAM group.
Which of the following is a key use case of AWS Control Tower?
An easy way to establish a landing zone that implements an AWS well-architected, multi-account environment and applies the AWS best practices. Easy way to set up and govern a secure and compliant multi-account AWS environment based on best practices
With the AWS Cost & Usage Report, you can do the following:
Access comprehensive AWS cost and usage information
– The AWS Cost & Usage Report gives you the ability to delve deeply into your AWS cost and usage data, understand how you are using your AWS implementation, and identify opportunities for optimization.
Track your Amazon EC2 Reserved Instance (RI) usage
– Each line item of usage that receives an RI discount contains information about where the discount was allocated. This makes it easier to trace which instances are benefitting from specific reservations.
Leverage strategic data integrations
– Using the Amazon Athena data integration feature, you can quickly query your cost and usage information using standard SQL queries. You can also upload your data directly into Amazon Redshift or Amazon QuickSight.
Which of the following AWS Global Infrastructure components is made up of one or more discrete data centers, each with redundant power, networking, and connectivity and housed in separate facilities?
Availability Zones
What is true about RDS
Makes it easy to set up, operate, and scale a relational database
Simplifies the management of time-consuming database administration tasks
Which of the following is true on how AWS lessens the time to provision your IT resources?
It provides various ways to programmatically provision IT resources.
Five categories of Trust Advisor
Cost Optimization – recommendations that can potentially save you money by highlighting unused resources and opportunities to reduce your bill.
Security – identification of security settings that could make your AWS solution less secure.
Fault Tolerance – recommendations that help increase the resiliency of your AWS solution by highlighting redundancy shortfalls, current service limits, and over-utilized resources.
Performance – recommendations that can help to improve the speed and responsiveness of your applications.
Service Limits – recommendations that will tell you when service usage is more than 80% of the service limit.
Four ways to launch a new RDS database cluster
AWS Management Console, AWS CLI, AWS SDK and AWS CloudFormation
Which type of Elastic Load Balancer supports path-based routing, host-based routing, and bi-directional communication channels using WebSockets?
Application Load Balancer
Which of the following can you use to resolve the connection between your on-premises VPN and your AWS virtual private cloud?
Virtual Private Gateway and Route 53
A customer gateway is an anchor on your side of that connection. It can be a physical or software appliance. The anchor on the AWS side of the VPN connection is called a virtual private gateway.
Which of the following Amazon EC2 instance purchasing options can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses?
Dedicated Host
AWS Budget
Gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.
CloudWatch Billing Alarm does not allow you to set coverage targets and receive alerts when your utilization drops below the threshold you define.
Amazon Simple Storage Service
An object storage service that offers industry-leading scalability, data availability, security, and performance with virtually unlimited storage space
EC2 Instance Store
High-performance hardware disk, better I/O performance, good for buffer/cache/scratch data/temporary content.
EC2 Instance Store lose their storage if they’re stopped (if shut down), has a
risk of data loss if hardware fails
Which of the following services is capable of inspecting your AWS environment and making recommendations to lower expenditures, improve system performance and reliability, and close security gaps?
AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. It inspects your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps.
Which of the following channels shares a collection of offerings to help you achieve specific business outcomes related to enterprise cloud adoption through paid engagements in several specialty practice areas?
AWS Professional Services
A fully-managed service that automates time-consuming administration tasks like hardware provisioning, database setup, patching, and backups without any manual intervention from you. Also if you need to launch a highly scalable MySQL OLTP database.
AWS Aurora
For security audit purposes, a company needs to download compliance-related documents in AWS such as ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports. Where can they retrieve these files?
AWS Artifact
What are the benefits of using Edge locations in AWS?
Improves application performance by delivering content closer to your users
Provides caching which reduces the load on your origin servers
AWS Global Service and AWS Zonal Service
Global: IAM, STS, Route 53, CloudFront, and WAF
Zonal: EC2 Instances and EBS Volumes which are tied to the Availability Zone
Regional: All the other
CloudEndure Disaster Recovery
A tool that minimizes downtime and data loss by providing fast, reliable recovery of physical, virtual, and cloud-based servers into AWS Cloud. You can also use CloudEndure Disaster Recovery to protect your most critical SQL databases thanks to the continuous replication of your machines into a low-cost staging area in your target AWS account and preferred Region.
AWS QuickSight
A business intelligence service for creating visualizations and dashboards.
Amazon CloudWatch Logs has the following features
Monitor Logs from Amazon EC2 Instances, Monitor AWS CloudTrail Logged Events, Log Retention, Archive Log Data, and Log Route 53 DNS Queries
Serverless services
FAG ASS READLE ASS
* Fargate
* Athena
* Glue
- API Gateway
- Step Function,
- S3
- RedShift
- EFS
- Aurora
- DyanomoDB
- Lambda
- EventBridge
- AppSync
- SQS
- SNS
Which service does AWS use to notify you when AWS is experiencing events that may impact you?
AWS Health. AWS Health provides ongoing visibility into your resource performance and the availability of your AWS services and accounts.
What is required when launching an EBS-backed EC2 instance?
EBS Root volume, Security Group, and VPC and subnet specification. Elastic IP address is NOT required.
What is the most secure way to provide applications temporary access to your AWS resources?
Create an IAM role and have the application assume the role
A space agency is using Amazon S3 to store their high-resolution satellite images and videos everyday. Which of the following should they do to minimize the upload time?
Use the Multipart upload API
Amazon Kinesis
Used for streaming data in real-time. Amazon Kinesis is the service used to ingest real-time data such as video, audio, application logs, website clickstreams, and IoT telemetry data for machine learning, analytics, and other applications.
What services will help you create a highly available and scalable web app in the cloud?
EC2 Auto Scaling and ELB
Agility
Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.
AWS Server Migration Service
An agentless service that makes it easier and faster for you to migrate thousands of on-premises applications to AWS. This is not the appropriate service to use in migrating your on-premises database. Replaced by Application Migration Service (MGN)
IAM Policy Simulator
Use to test and troubleshoot IAM and resource-based policies
AWS Penetration Test accepted services are:
REAL CEAL
- RDS
- EC2 instances, NAT Gateways, and Elastic Load Balancers
- API Gateways
- Lambda and Lambda Edge functions
- CloudFront
- Elastic Beanstalk environments
- Aurora
- Lightsail resources
AWS Penetration Test prohibited activities are:
– DNS zone walking via Amazon Route 53 Hosted Zones
– Denial of Service (DoS), Distributed Denial of Service (DDoS), Simulated DoS, Simulated DDoS
– Port flooding
– Protocol flooding
– Request flooding (login request flooding, API request flooding)
A company needs to troubleshoot an issue on their serverless application which is composed of an API Gateway, Lambda function, and a DynamoDB database. Which service should they use to trace user requests as they travel through their entire application?
AWS X-Ray.
How to help prevent accidental bucket deletion
Configure MFA delete on S3
Amazon Inspector
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It is for EC2, Container Image, and Lambda.
Amazon SQS
Allows you to send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available
AWS Directory Service
AWS Directory Service provides multiple ways to use Amazon Cloud Directory and Microsoft Active Directory (AD) with other AWS services.
Three ways to connect to EC2
Secure Shell (SSH) – the most common tool to connect to Linux servers.
Session Manager – it is a fully managed AWS Systems Manager capability that lets you manage your EC2 instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS CLI.
EC2 Instance Connect – connect to your Linux instances using a browser-based client.
AWS Global Accelerator
AWS Global Accelerator provides you with static IP addresses that serve as a fixed entry point to your applications hosted in one or more AWS Regions. These IP addresses are anycast from AWS edge locations, so they’re announced from multiple AWS edge locations at the same time. This enables traffic to ingress onto the AWS global network as close to your users as possible.
A customer needs to organize and consolidate information based on criteria specified in tags or resources in AWS. Which of the following services would you recommend to satisfy this requirement?
Resource Groups
AWS Firewall Manager
AWS Firewall Manager is a security management service that allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations.
Amazon free services
ABCCIV
A - Auto Scaling Group
B - Beanstalk
C - CloudFormation
C - Consolidated Billing
I - IAM
V - VPC
AWS Systems Manager
Gives you visibility and control of your infrastructure on AWS. It provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.
Patching automation and run commands across an entire fleet of servers
Amazon Machine Image (AMI)
A backup of an EC2 instance along with all of its EBS volumes. If only a single volume needs to be backed up, you should create EBS Snapshots instead.
What feature will allow you to label and sort your EC2 instances according to their deployment stage (development, staging, production)?
Instance tag
Which of the following services will be able to reroute traffic to your secondary EC2 instances in another region during disaster recovery?
Amazon Route 53
What service allows you to create alarms that notify you when EC2 CPU Utilization thresholds are breached?
Amazon CloudWatch
Which of the following services allow you to mask downtime of your application by rerouting your traffic to healthy instances?
Route 53 and ELB
You wish to host a static website of your own in AWS at a low cost. Which service should be used for this purpose?
S3 Standard
Amazon Cognito
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.
Add user sign-up, sign-in, and access control to your mobile app with a feature that supports sign-in with social identity providers such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. With Amazon Cognito, you also have the option to authenticate users through social identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions, or by using your own identity system. It is an identity management solution for customers/developers building B2C or B2B apps for their customers.
When to use Amazon MQ
If your messaging service requires the use of certain protocols
When to use Amazon SQS
To transmit any volume of data, at any level of throughput, without losing messages or requiring other services to be available.
To decouple application components so that they run and fail independently, increasing the overall fault tolerance of the system. Multiple copies of every message are stored redundantly across multiple availability zones so that they are available whenever needed.
CodeDeploy can deploy application contents that are in
GitHub, S3 buckets, and it can also deploy Lambda functions
What is a Puppet
Puppet is an automation platform that allows you to use code to automate the configurations of your servers.
OpsWorks lets you use Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.
Which AWS service lets you provision either Windows or Linux desktops in just a few minutes and can scale easily to provide thousands of desktops to workers?
AWS Workspace
If you are storing data that must be updated very frequently, you should consider using other services that take into account read and write latencies, such as
EBS volumes, RDS, DynamoDB, EFS, or relational databases running on Amazon EC2.
Read and write latencies can occur if your storage service is not placed within your VPC or in the same Availability Zone of your EC2 instance. This means that it will take some time for your data to be sent over from your server to your data storage. Amazon EBS provides the lowest latency access to data from a single EC2 instance. This is because the EBS volume is directly attached to the EC2 instance and is also located at the same Availability Zone.
Which service will allow you to quickly deploy your application into the AWS Cloud without having to build or launch the individual resources yourself?
Elastic Beanstalk. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time.
Security group valid rules
Security groups accept IP address, IP address range, and security group ID as either source or destination of inbound or outbound rules.
Services that you can use to manage or deploy applications to your servers running on-premises:
OpsWorks – AWS OpsWorks is a configuration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef and Puppet.
CodeDeploy – AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier to rapidly release new features, avoids downtime during application deployment, and handles the complexity of updating applications.
Amazon Storage Gateway
It provides a file interface into Amazon Simple Storage Service (Amazon S3) and is a combination of storage service and a virtual software appliance. This service is meant for local software hosted on your on-premises data center which requires connection to S3. It is not meant to serve a fleet of EC2 instances.
You have a fleet of on-premises servers that require a centralized scalable and durable file storage. It should be able to support massive parallel access. Which of the following is the most appropriate service to use?
Amazon EFS provides secure access for thousands of connections for Amazon EC2 instances and on-premises servers simultaneously using a traditional file permissions model, file locking capabilities, and hierarchical directory structure via the NFSv4 protocol. Amazon EC2 instances can access your file system across AZs, regions, and VPCs, while on-premises servers can access using AWS Direct Connect or AWS VPN.
Amazon Pinpoint
AWS’s digital user engagement service that enables AWS customers to effectively communicate with their end users and measure user engagement across multiple channels including email, Text Messaging (SMS) and Mobile Push Notifications.
Which of the following is the most cost-effective service to use if you want to coordinate multiple AWS services into serverless workflows?
AWS Step Functions provides serverless orchestration for modern applications. Orchestration centrally manages a workflow by breaking it into multiple steps, adding flow logic, and tracking the inputs and outputs between the steps.
You are planning to deploy a video streaming application with frequently accessed, throughput-intensive workloads to your EC2 instance which requires fast, consistent throughput. What EBS volume type should you use to maximize performance as well as cost?
Throughput Optimized HHD. This volume type is a good fit for large, sequential workloads such as Amazon EMR, ETL, data warehouses, and log processing.
Amazon Chime
Amazon Chime is a high-quality communications service that transforms online meetings with an easy-to-use app that works seamlessly across all your devices.
Which of the following services allows you to purchase Reserved Instances?
Amazon EC2, Amazon RDS, Amazon ElastiCache, Amazon Redshift, and Amazon DynamoDB.
Which service in AWS supports various business intelligence tools such as Apache Spark so that you may perform data transformation workloads (ETL) and analytics at a low cost?
Amazon Elastic MapReduce (EMR). Amazon EMR is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. It utilizes a hosted Apache Hadoop framework running on the web-scale infrastructure of Amazon EC2 and Amazon S3.
Which type of Elastic Load Balancer allows you to forward the incoming request to a target group with a Lambda function as a target?
Application Load Balancer. This is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers.
Which IAM service is responsible for enforcing privileges and access controls in your AWS environment?
IAM Policy
IAM Roles vs Policies
IAM Roles manage who has access to your AWS resources, whereas IAM policies control their permissions.
Which of the following AWS well-architected pillars discusses the use of the right computing resources to meet demand levels even as the demand changes and technologies evolve?
Performance Efficiency
Operational Excellence
Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures
Amazon EBS
General Purpose SSD – Recommended for most workloads; Can be used as system boot volumes; Best for development and test environments
Provisioned IOPS SSD – Meant for critical business applications that require sustained IOPS performance; Best used for large database workloads
Throughput Optimized HDD – Meant for streaming workloads requiring consistent, fast throughput at a low price, big data, data warehouses, and log processing. It cannot be a boot volume
Cold HDD – Meant for throughput-oriented storage for large volumes of data that are infrequently accessed or in scenarios where the lowest storage cost is important. It cannot be a boot volume
Which of the following is an example of IaaS in AWS?
EC2
Availability Zones are physically separated by a meaningful distance from any other AZ, although all are within 100 km or 60 miles of each other. What is the primary reason why Availability Zones are set up the way they are now?
To keep them as far apart from each other in case of a disaster
What is an advantage of cloud computing when it comes to equipment expenditures?
AWS does its best to reduce the cost of its operations and infrastructures each year. This reduction in cost translates to the customer such that the customer also receives lower prices for using AWS resources.
A startup is in need of a database that is capable of self-healing and has a high throughput. Which of the following services fits these criteria?
Amazon Aurora storage is also self-healing. Data blocks and disks are continuously scanned for errors and repaired automatically.
A MariaDB RDS database is known to have high memory consumption during peak hours which deteriorates the overall performance of your application. What cost-effective change can you introduce to resolve this issue if the database is handling write-intensive operations?
Scale the instance vertically to a higher memory capacity
Which of the following RDS engines allows you to bring your own license (BYOL)?
Oracle
What AWS service can monitor the compliance status of your AWS resources against a set of compliance guidelines?
AWS Config. Helps with auditing and recording compliance of your AWS resources.
Which of the following instances is it better to use IAM roles rather than IAM users?
When you have outside entities that need to perform specific actions in your AWS account
When you want to provide AWS services permissions to do certain actions
SOC1
A report on Controls at a Service Organization (CSO) which are relevant to user entities’ internal control over financial reporting.
SOC2
Focused more on making sure that systems are set up so they assure security, availability, processing integrity, confidentiality, and privacy of customer data.
AWS Cognito
The two main components of Amazon Cognito are user pools and identity pools.
- User pools – are user directories that provide sign-up and sign-in options for your app users.
- Identity pools – enable you to grant your users access to other AWS services. You can use identity pools and user pools separately or together.
Which of the following provides a collection of technical resources to help you build more effectively and efficiently in the AWS Cloud?
AWS Architecture Center
Which of the following benefits do AWS Organizations provide?
Automate AWS account creation and management
Centrally manage policies across multiple AWS accounts
A company needs to store frequently accessed data in Amazon S3. How will AWS bill you for storing objects in your S3 buckets?
The rate you are charged depends on your objects’ size (GB), how long you stored the objects during the month, and the storage class.
Origin Access Identity
An Origin Access Identity is used for sharing private content through CloudFront. The OAI is a virtual user identity that will be used to give your CloudFront distribution permission to fetch a private object from your origin server. It is replaced by Origin Access Control (OAC)
Which of the following is a benefit of using AWS Global Accelerator?
Decreased latency in accessing applications hosted in AWS
Which of the following services can establish a connection from your on-premises environment and resources hosted on AWS?
AWS Direct Connect, Site-to-Site
VPC Endpoints
Endpoints allow you to connect to AWS Services using a private network instead of the public www network. This gives you enhanced security and lower latency to access AWS services
- VPC Endpoint Gateway: S3 & DynamoDB
- VPC Endpoint Interface: the rest
AWS PrivateLink
- Most secure & scalable way to expose a service to 1000s ofVPCs
- Does not require VPC peering, internet gateway, NAT, route tables…
- Requires a network load balancer (Service VPC) and ENI (Customer VPC)
Which AWS service provides tracing and monitoring capabilities for your Lambda function?
AWS X-Ray can trace requests made to your serverless applications built using AWS Lambda. It enables you to gain insights into the performance of serverless applications, allowing you to pinpoint the root cause of issues so that you can address them.
Amazon Inspector
Amazon Inspector cannot debug, trace, or monitor a Lambda function. It is primarily used to automatically assess applications for exposure, vulnerabilities, and deviations from AWS best practices. It is a security assessment service that helps improve the security and compliance of applications.
Which of the following services protects your web applications from application-layer attacks such as SQL injection and cross-site scripting?
AWS Web Application Firewall (WAF) gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define.
A developer needs to install their application in Docker containers. Which of the following services eliminates the need to manage containers manually?
Fargate lets you define your application content, networking, storage, and scaling requirements. There is no provisioning, patching, cluster capacity management, or any infrastructure management required.
AWS just runs containers for you based on the CPU / RAM you need.
Which of the following AWS services does Amazon EBS use natively for encryption?
Amazon KMS
Which AWS team can assist you when your systems are impacted by AWS resources engaging in abusive activities such as phishing, malware, spam, and denial of service (DoS) or distributed denial of service (DDoS) incidents?
AWS Trust & Safety
Architecture Support
A team that guides customers on how AWS services fit together to meet a specific architecture, use-case, workload, or application.
Which AWS service provides automated reference deployments for key workloads in AWS via CloudFormation templates?
AWS Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately.
Which feature will customers have access to by using the AWS Business Support plan?
Architecture support
Which of the following cost management capabilities does AWS immediately provide you even before you create your AWS account?
Allows you to estimate your monthly spending in AWS (Pricing Calculator)
Which is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy?
CodeBuild
Which service lets you create rules to filter web traffic based on conditions that include IP addresses, HTTP headers, or custom URIs?
WAF
Which AWS services should you use to upload SSL certificates?
AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.
You can use IAM as a certificate manager only when you must support HTTPS connections in a region not supported by ACM. IAM securely encrypts your private keys and stores the encrypted version in IAM SSL certificate storage. IAM supports deploying server certificates in all Regions, but you must obtain your certificate from an external provider for use with AWS.
Which policy describes prohibited uses of the web services offered by Amazon Web Services?
Acceptable Use Policy
Data encryption is automatically enabled for which of the following AWS services?
Amazon S3 Glacier, Storage Gateway
How to detect underutilized services
Trusted Advisor and Cost Explorer
Reduce costs and improve performance by recommending optimal AWS resources for your workloads. Helps you choose optimal configurations and right- size your workloads (over/under provisioned)
AWS Compute Optimizer
AWS Compute Optimizer delivers recommendations for
Selected types of EC2 instances, EC2 Auto Scaling groups, EBS volumes, and Lambda functions.
Which of the following AWS services are part of the AWS Foundation services for the Reliability pillar of the Well-Architected Framework in AWS Cloud?
Service Quotas, Trusted Advisor
A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task?
With Systems Manager, you can select a resource group and view its recent API activity, resource configuration changes, related notifications, operational alerts, software inventory, and patch compliance status. You can also take action on each resource group depending on your operational needs. Systems Manager provides a central place to view and manage your AWS resources, so you can have complete visibility and control over your operations.
