AWS CCP Practice questions Flashcards
Which authentication method is used to authenticate programmatic calls to AWS services?
- Console password
- Access Keys
- Key Pair
- Server certificate
Access Keys
Which AWS services are associated with Edge Locations? (Select TWO.)
- AWS Direct Connect
- AWS Config
- Amazon EBS
- Amazon CloudFront
- AWS Shield
CloudFront
Shield
Edge Locations are parts of the Amazon CloudFront content delivery network (CDN) that are all around the world and are used to get content closer to end-users for better performance.
AWS Shield which protects against Distributed Denial of Service (DDoS) attacks is available globally on Amazon CloudFront Edge Locations.
Which AWS services are associated with Edge Locations? (Select TWO.)
- AWS Direct Connect
- AWS Config
- Amazon EBS
- Amazon CloudFront
- AWS Shield
CloudFront
Shield
Edge Locations are parts of the Amazon CloudFront content delivery network (CDN) that are all around the world and are used to get content closer to end-users for better performance.
AWS Shield which protects against Distributed Denial of Service (DDoS) attacks is available globally on Amazon CloudFront Edge Locations.
A user needs a quick way to determine if any Amazon EC2 instances have ports that allow unrestricted access.
Which AWS service will support this requirement?
- AWS CloudWatch Logs
- VPC Flow Logs
-AWS Trusted Advisor
-AWS shield
AWS Trusted Advisor
Explanation
Access to the ports on an Amazon EC2 instance is controlled through security groups. AWS Trusted Advisor scans the security groups in your account to see if any security groups allow unrestricted access to any ports. This information is then presented to you in the console and you can then act on this information to secure the ports through editing the rules in the security group.
A company requires a single service which can manage their backup and restore requirements, their data lakes, and archives all in one place.
Which AWS service is suitable for all these use cases?
-Amazon FSx for Lustre
- Amazon Elastic File Sytem (Amazon EFS)
- Amazon Elastic Block Store (EBS)
- Amazon Simple Storage Service (S3)
Amazon Simple Storage Service (S3)
A company has been using an AWS managed IAM policy for granting permissions to users but needs to add some permissions.
How can this be achieved?
- Edit the AWS managed policy
- Create a rule in AWS WAF.
- Create a Service Control Policy
- Create a custom IAM policy
Create a custom IAM policy
Which service allows an organization to view operational data from multiple AWS services through a unified user interface and automate operational tasks?
- Amazon CloudWatch
- AWS Systems Manager
- AWS OpsWorks
- AWS Config
AWS Systems Manager
AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.
A new web application is being developed by a company. Logging into the application through a social identity provider is a must have requirement for the company.
Which AWS service will meet these requirements?
- AWS Single Sign-On.
- AWS Directory Service
- AWS Identity and Access Management (IAM)
- Amazon Cognito
- Amazon Cognito
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 and OpenID Connect.
Which pillar of the AWS Well-Architected Framework includes the design principle of defining workloads, applications, and infrastructure as code (IaC)?
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
Operational Excellence
A company has a mission critical Linux-based application. The application must run every Monday from 6 AM until 10pm. As the application is critical, it cannot be interrupted.
Which Amazon EC2 instance purchasing option meets these requirements MOST cost-effectively?
- On-Demand capacity reservation with Saving plan
- spot instances
- dedicated hosts
- regional reserve instances
On-Demand capacity reservation with Saving plan
Explanation
On-Demand Capacity Reservation with Savings Plan is ideal in this scenario as the application will have predictable running times (every Monday from 6am till 10pm). It is also mission critical, so reserving the capacity within an Availability Zone using On-Demand Capacity Reservation with Savings Plan makes perfect sense. The savings plans will also make this application cost-effective whilst still maintaining the guaranteed availability that you cannot get with spot instances.
Which AWS service or VPC component allows inbound traffic from the internet to access a VPC?
- VPC route table
- NAT gateway
-Virtual private gateway - internet gateway
internet gateway
Which AWS services can be used as infrastructure automation tools? (Select TWO.)
- AWS batch
-Amazon CloudFront - Amazon QuickSight
- AWS Ops Works
- AWS CloudFormation
- AWS Ops Works
- AWS CloudFormation
AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.
How can a company separate costs for storage, Amazon EC2, Amazon S3, and other AWS services by department?
-Use AWS Organizations
-Create a separate AWS account for each department
- Add department-specific tags to each resource
- Create a separate VPC for each department.
Add department-specific tags to each resource
You have been running an on-demand Amazon EC2 instance running Linux for 4hrs, 5 minutes and 6 seconds. How much time will you be billed for?
- 4 hrs
- 4hrs, 5 mins, & 6 seconds
- 5 hrs
- 4 hrs, 6 mins
4hrs, 5 mins, & 6 seconds
On-demand, Reserved and Spot Amazon EC2 Linux instances are charged per second with a minimum charge of 1 minute. Therefore, as the minimum has been exceeded, exactly 4hrs, 5mins and 6 seconds will be charged.
An organization moves a workload to Amazon EC2 instances on AWS. Cost-effectiveness is the key to running the workload properly in the Cloud.
What can the company do to meet this requirement?
- Use AWS CloudFormation to deploy the infrastructure.
- Use multiple AWS accounts and consolidated billing.
- Rightsize all the EC2 instances that are used in the deployment
- Use AWS Key Management Service (AWS KMS).
Rightsize all the EC2 instances that are used in the deployment