AWS CCP Practice questions Flashcards

1
Q

Which authentication method is used to authenticate programmatic calls to AWS services?

  • Console password
  • Access Keys
  • Key Pair
  • Server certificate
A

Access Keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which AWS services are associated with Edge Locations? (Select TWO.)

  • AWS Direct Connect
  • AWS Config
  • Amazon EBS
  • Amazon CloudFront
  • AWS Shield
A

CloudFront
Shield

Edge Locations are parts of the Amazon CloudFront content delivery network (CDN) that are all around the world and are used to get content closer to end-users for better performance.

AWS Shield which protects against Distributed Denial of Service (DDoS) attacks is available globally on Amazon CloudFront Edge Locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which AWS services are associated with Edge Locations? (Select TWO.)

  • AWS Direct Connect
  • AWS Config
  • Amazon EBS
  • Amazon CloudFront
  • AWS Shield
A

CloudFront
Shield

Edge Locations are parts of the Amazon CloudFront content delivery network (CDN) that are all around the world and are used to get content closer to end-users for better performance.

AWS Shield which protects against Distributed Denial of Service (DDoS) attacks is available globally on Amazon CloudFront Edge Locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A user needs a quick way to determine if any Amazon EC2 instances have ports that allow unrestricted access.

Which AWS service will support this requirement?

  • AWS CloudWatch Logs
  • VPC Flow Logs
    -AWS Trusted Advisor
    -AWS shield
A

AWS Trusted Advisor

Explanation
Access to the ports on an Amazon EC2 instance is controlled through security groups. AWS Trusted Advisor scans the security groups in your account to see if any security groups allow unrestricted access to any ports. This information is then presented to you in the console and you can then act on this information to secure the ports through editing the rules in the security group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company requires a single service which can manage their backup and restore requirements, their data lakes, and archives all in one place.

Which AWS service is suitable for all these use cases?

-Amazon FSx for Lustre
- Amazon Elastic File Sytem (Amazon EFS)
- Amazon Elastic Block Store (EBS)
- Amazon Simple Storage Service (S3)

A

Amazon Simple Storage Service (S3)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A company has been using an AWS managed IAM policy for granting permissions to users but needs to add some permissions.

How can this be achieved?

  • Edit the AWS managed policy
  • Create a rule in AWS WAF.
  • Create a Service Control Policy
  • Create a custom IAM policy
A

Create a custom IAM policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which service allows an organization to view operational data from multiple AWS services through a unified user interface and automate operational tasks?

  • Amazon CloudWatch
  • AWS Systems Manager
  • AWS OpsWorks
  • AWS Config
A

AWS Systems Manager

AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A new web application is being developed by a company. Logging into the application through a social identity provider is a must have requirement for the company.

Which AWS service will meet these requirements?

  • AWS Single Sign-On.
  • AWS Directory Service
  • AWS Identity and Access Management (IAM)
  • Amazon Cognito
A
  • Amazon Cognito

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 and OpenID Connect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which pillar of the AWS Well-Architected Framework includes the design principle of defining workloads, applications, and infrastructure as code (IaC)?

  • Operational Excellence
  • Security
  • Reliability
  • Performance Efficiency
A

Operational Excellence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A company has a mission critical Linux-based application. The application must run every Monday from 6 AM until 10pm. As the application is critical, it cannot be interrupted.

Which Amazon EC2 instance purchasing option meets these requirements MOST cost-effectively?

  • On-Demand capacity reservation with Saving plan
  • spot instances
  • dedicated hosts
  • regional reserve instances
A

On-Demand capacity reservation with Saving plan

Explanation
On-Demand Capacity Reservation with Savings Plan is ideal in this scenario as the application will have predictable running times (every Monday from 6am till 10pm). It is also mission critical, so reserving the capacity within an Availability Zone using On-Demand Capacity Reservation with Savings Plan makes perfect sense. The savings plans will also make this application cost-effective whilst still maintaining the guaranteed availability that you cannot get with spot instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which AWS service or VPC component allows inbound traffic from the internet to access a VPC?

  • VPC route table
  • NAT gateway
    -Virtual private gateway
  • internet gateway
A

internet gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which AWS services can be used as infrastructure automation tools? (Select TWO.)

  • AWS batch
    -Amazon CloudFront
  • Amazon QuickSight
  • AWS Ops Works
  • AWS CloudFormation
A
  • AWS Ops Works
  • AWS CloudFormation

AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can a company separate costs for storage, Amazon EC2, Amazon S3, and other AWS services by department?
-Use AWS Organizations
-Create a separate AWS account for each department
- Add department-specific tags to each resource
- Create a separate VPC for each department.

A

Add department-specific tags to each resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have been running an on-demand Amazon EC2 instance running Linux for 4hrs, 5 minutes and 6 seconds. How much time will you be billed for?
- 4 hrs
- 4hrs, 5 mins, & 6 seconds
- 5 hrs
- 4 hrs, 6 mins

A

4hrs, 5 mins, & 6 seconds

On-demand, Reserved and Spot Amazon EC2 Linux instances are charged per second with a minimum charge of 1 minute. Therefore, as the minimum has been exceeded, exactly 4hrs, 5mins and 6 seconds will be charged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An organization moves a workload to Amazon EC2 instances on AWS. Cost-effectiveness is the key to running the workload properly in the Cloud.
What can the company do to meet this requirement?

  • Use AWS CloudFormation to deploy the infrastructure.
  • Use multiple AWS accounts and consolidated billing.
  • Rightsize all the EC2 instances that are used in the deployment
  • Use AWS Key Management Service (AWS KMS).
A

Rightsize all the EC2 instances that are used in the deployment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How does the AWS global infrastructure offer high availability and fault tolerance to customers?

  • AWS allows users to choose AWS Regions and data centers so that users can select the closest data centers in different Regions.
  • The AWS infrastructure is made up of multiple AWS Regions within various Availability Zones located in areas that have low flood risk and are interconnected with low-latency networks and redundant power supplies.
  • The AWS infrastructure consists of isolated AWS Regions with independent Availability Zones that are connected with low-latency networking and redundant power supplies.
  • The AWS infrastructure consists of subnets containing various Availability Zones with multiple data centers located in the same geographic location.
A

The AWS infrastructure consists of isolated AWS Regions with independent Availability Zones that are connected with low-latency networking and redundant power supplies.

17
Q

An organization is considering implementing a new workload in the AWS Cloud. However, the company first wants to forecast costs.
Which tool should the company use to estimate the cost of the workload?

  • AWS Cost and Usage Report.
  • Cost Explorer.
  • AWS Billing and Cost Management dashboard.
  • AWS Pricing Calculator.
A

AWS Pricing Calculator.

18
Q

A company needs to optimize costs and resource usage through monitoring of operational health for all resources running on AWS.
Which AWS service will meet these requirements?

  • Amazon CloudWatch
  • AWS Control Tower
  • AWS CloudTrail
  • AWS Config
A

Amazon CloudWatch

19
Q

How can an organization track resource inventory and configuration history for the purpose of security and regulatory compliance?

  • Implement Amazon GuardDuty
  • Create an Amazon CloudTrail trail
  • Configure AWS Config with the resource types
  • Run a report with AWS Artifact
A

Configure AWS Config with the resource types

20
Q

Are there any AWS services or features that will identify and search for externally shared AWS resources?

AWS Fargate.
AWS Control Tower.
Amazon OpenSearch Service (Amazon Elasticsearch Service).
AWS IAM Access Analyzer.

A

AWS IAM Access Analyzer.

21
Q

A company currently uses a Security Assertion Markup Language (SAML) based application to log in to third-party business applications and would like to have this hosted in AWS using managed services.
Which AWS service will meet this requirement?

AWS Identity and Access Management (IAM).

Amazon Cognito.

AWS CLI.

AWS Single Sign-On.

A

Amazon Cognito.
(Correct)

Explanation
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 and OpenID Connect.