AWS Certified Cloud Practitioner Diagnostic Diagnostic(JonBoso) Flashcards
What is the difference between an Availability Zone and a Local Zone?
A.An availability Zone is an extension of an AWS Region in a geographic proximity to your users. A local zone is an isolated location within an AWS region
B.An Availability Zone delivers cached content to the closest location to reduce latency for users. A Local Zone is an extension of an AWS Region in geographic proximity to your users
C.An Availability Zone delivers cached content to the closest location to reduce latency for users. A Local Zone is an extension of an AWS Region in geographic proximity to your users
D.An Availability Zone is an isolated location within an AWS region. A Local Zone is an extension of an AWS Region in geographic proximity to your users
D.An Availability Zone is an isolated location within an AWS region. A Local Zone is an extension of an AWS Region in geographic proximity to your users
Explanation:
An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. AZ’s give customers the ability to operate production applications and databases that are more highly available, fault-tolerant, and scalable than would be possible from a single data center
AWS Local Zones are managed and supported by AWS, bringing you all of the elasticity, scalability, and security benefits of the cloud. Each AWS Local Zone location is an extension of an AWS Region where you can run your latency-sensitive applications using AWS services such as Amazon Elastic Compute Cloud, Amazon Virtual Private Cloud, Amazon Elastic Block Store, Amazon File Storage, and Amazon Elastic Load Balancing in geographic proximity to end-users.
Hence, the correct option is: An Availability Zone is an isolated location within an AWS region. A Local Zone is an extension of an AWS Region in geographic proximity to your users.
The option that says: An Availability Zone is a separate geographic area. A Local Zone delivers cached content to the closest location to reduce latency for users is incorrect because this describes an AWS Region and Edge Location respectively. AWS Region consists of multiple, isolated, and physically separate AZ’s within a geographic area while an Edge Location delivers cached content to the closest location to reduce latency for users.
The option that says: An Availability Zone delivers cached content to the closest location to reduce latency for users. A Local Zone is an extension of an AWS Region in geographic proximity to your users is incorrect because the first statement describes an Edge Location. An Availability Zone is an isolated location within an AWS region and it doesn’t deliver cached content.
The option that says: An Availability Zone is an extension of an AWS Region in geographic proximity to your users. A Local Zone is an isolated location within an AWS region is incorrect because the descriptions for the Local Zone and Availability Zone are swapped.
Which of the following services offers you the same AWS hardware infrastructure, services, APIs, and tools to build and run your applications on-premises and in the cloud? A.AWS Lambda B.AWS Organizations C.AWS Outposts D.AWS Wavelength
C.AWS Outposts
Explanation
AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any data center, co-location space, or on-premises facility for a truly consistent hybrid experience. AWS Outposts is ideal for workloads that require low latency access to on-premises systems, local data processing, or local data storage.
AWS Outposts offers you the same AWS hardware infrastructure, services, APIs, and tools to build and run your applications on-premises and in the cloud for a truly consistent hybrid experience.
Hence, the correct answer is: AWS Outposts.
AWS Organizations is incorrect because this is just an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. This service is not suitable for running AWS infrastructure and services on-premises.
AWS Wavelength is incorrect because this is not a service for hybrid infrastructure. Wavelength only brings AWS services to the edge of the 5G network, minimizing the latency to connect to an application from a mobile device.
AWS Lambda is incorrect because this is simply an event-driven, serverless computing platform.
Who is your designated technical point of contact that provides all the necessary AWS expertise to maintain an operationally healthy AWS environment? A.Operations Support B.Concierge Support C.Technical Account Manager (TAM) D.AWS System Manager
C.Technical Account Manager (TAM)
Explanation:
A Technical Account Manager (TAM) is your designated technical point of contact who provides advocacy and guidance to help plan and build solutions using best practices, coordinates access to subject matter experts and product teams, and proactively keeps your AWS environment operationally healthy.
In addition to what is available with Basic Support, Enterprise Support provides:
AWS Trusted Advisor - Access to the full set of Trusted Advisor checks and guidance to provision your resources following best practices to help reduce costs, increase performance and fault tolerance, and improve security.
AWS Personal Health Dashboard - A personalized view of the health of AWS services, and alerts when your resources are impacted. Also includes the Health API for integration with your existing management systems.
AWS Support API - Programmatic access to AWS Support Center features to create, manage, and close your support cases, and operationally manage your Trusted Advisor check requests and status.
Proactive Technical Account Management - A Technical Account Manager (TAM) is your designated technical point of contact who provides advocacy and guidance to help plan and build solutions using best practices, coordinates access to subject matter experts and product teams, and proactively keeps your AWS environment operationally healthy.
Architecture Support – Contextual guidance on how services fit together to meet your specific use-case, workload, or application.
Third-Party Software Support - Guidance, configuration, and troubleshooting of AWS interoperability with many common operating systems, platforms, and application stack components.
Proactive Support Programs – Included access to Well-Architected Reviews, Operations Reviews, and Infrastructure Event Management.
Support Concierge - the Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts. They will quickly and efficiently assist you with your billing and account inquiries, and work with you to implement billing and account best practices so that you can focus on what matters: running your business.
For companies with a Business support plan, you can have access to the Infrastructure Event Management for an additional fee. However, all other proactive support programs such as Well-Architected Reviews and Operations Reviews are exclusively available for companies who opted for Enterprise support.
Hence, the correct answer in this scenario is: Technical Account Manager (TAM).
Concierge Support is incorrect because this just assists you with your billing and account inquiries, and works with you to implement billing and account best practices so that you can focus on what matters: running your business.
Operations Support is incorrect because they simply assist you in consultative reviews of your cloud operations and gives advice for optimization.
AWS Systems Manager is incorrect because this is not a person in the first place. This is an AWS service that provides a unified user interface so you can view operational data from multiple AWS services. It also allows you to automate operational tasks across your AWS resources. Systems Manager is not part of the AWS Support Plan.
Which of the following AWS services provides a security management tool to configure your AWS WAF rules across your accounts. A.AWS Firewall Manager B.Amazon GuardDuty C.AWS Resource Manager D.AWS Trusted Advisor
A.AWS Firewall Manager
Explanation:
AWS Firewall Manager is a security management service that allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organization. As new applications are created, the Firewall Manager makes it easy to bring new applications and resources into compliance by enforcing a common set of security rules. It is a single service to build firewall rules, create security policies, and enforce them in a consistent, hierarchical manner across your entire infrastructure.
Firewall Manager simplifies your AWS WAF administration and maintenance tasks across multiple accounts and resources. You set up your firewall rules just once, and the service automatically applies your rules across your accounts and resources.
Hence, the correct answer is: AWS Firewall Manager.
AWS Trusted Advisor is incorrect because this is just a tool that provides you real-time guidance to help you provision your resources following AWS best practices. The security check doesn’t support the configuration of a web application firewall. Trusted Advisor only recommends and alerts the user account.
Amazon GuardDuty and AWS Resource Manager are both incorrect because these services cannot configure AWS WAF rules across your accounts.
A developer needs to access an EC2 Instance to modify a WordPress configuration file. Which of the following methods let them connect to their instance? (Select TWO.) A.VPC Peering B.AWS Direct Connect C.EC2 Instance Connect D.User Data E.Session Manager
C.EC2 Instance Connect
E.Session Manager
Explanation:
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates your need to invest in hardware up front, so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic.
To connect to an EC2 instance you can use:
Secure Shell (SSH) - the most common tool to connect to Linux servers.
Session Manager - it is a fully managed AWS Systems Manager capability that lets you manage your EC2 instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS CLI.
EC2 Instance Connect - connect to your Linux instances using a browser-based client.
Hence, the correct options are:
- EC2 Instance Connect
- Session Manager
AWS Direct Connect is incorrect because this is simply a networking service that is primarily used to establish private connectivity between AWS and your datacenter, office, or colocation environment.
VPC Peering is incorrect because this is only used to connect two or more VPCs. You can’t use this to connect to your EC2 instance.
User Data is incorrect because this is just used to configure an instance during launch or to run a configuration script.
A customer needs to access a broad collection of AWS services via an intuitive, web-based user interface. Which of the following options would you recommend? A.AWS Management Console B.AWS CLI C.Bastion Host D.AWS SDK
A.AWS Management Console
Explanation:
The AWS Management Console provides a simple web interface for Amazon Web Services. You can log in using your AWS account name and password. If you have enabled AWS Multi-Factor Authentication, you will be prompted for your device’s authentication code.
The home page provides access to each service console as well as an intuitive user interface for exploring AWS and getting helpful tips.
Hence, the correct answer is: AWS Management Console.
Bastion Host is incorrect because this is just a server that provides access to a private network from an external network, such as the Internet. Also, you cannot manage AWS services using a Bastion Host.
AWS CLI is incorrect because this is simply a tool to access an AWS service from the command line and automate tasks through scripts. Also, AWS CLI does not have an intuitive user interface.
AWS SDK is incorrect because this is primarily used to access and manage AWS services using your preferred development language. Also, SDK does not have an intuitive user interface since it is just a collection of software development tools.
Which of the following are valid use cases supported by Amazon CloudFront? (Select TWO.) A.Automated Backups B.Serverless Interactive Query C.Live and on-demand video streaming D.Schema Conversion E.Static asset caching
C.Live and on-demand video streaming
E.Static asset caching
Explanation:
Amazon CloudFront is a content delivery network service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services.
Amazon CloudFront use cases are:
Static asset caching - speed up the delivery of your static content to viewers across the globe.
Live & on-demand video streaming - multiple options for streaming your media – both pre-recorded files and live events at sustained, high throughput required for 4K delivery to global viewers.
Security - integrates seamlessly with AWS Shield for Layer 3/4 DDoS mitigation and AWS WAF for Layer 7 protection.
Customizable content delivery with Lambda@Edge - run your code across AWS locations globally, allowing you to respond to your end-users at the lowest latency and allowing you to personalize content.
Dynamic content & API acceleration - secure and accelerate your WebSocket traffic as well as API calls.
Software distribution - scales automatically as globally-distributed clients download software updates.
Hence, the correct options that correctly describe Amazon CloudFront are:
- Static asset caching
- Live & on-demand video streaming
Schema Conversion is incorrect because this is a process that is not related to content delivery. Schema conversion is used to convert your existing database schema to a different database engine. This option is only supported in Database Migration Service.
Automated Backups is incorrect because this is just an Amazon RDS feature that creates and saves automated backups of your DB instance during the backup window of your DB instance. CloudFront is not capable of doing automated backups of your instances.
Serverless Interactive Query is incorrect because this is only a capability that Amazon Athena provides. You only pay for the queries that you run and get better performance by compressing, partitioning, and converting your data into columnar formats. Since the question asks about the benefits of CloudFront, this option is wrong.
A gaming company needs a service that uses the AWS global network to optimize users' access to their applications using an anycast static IP address. Which of the following services fits this criteria? A.Amazon ElastiCache B.Amazon Route 53 C.AWS Global Accelerator D.Amazon CloudFront
C.AWS Global Accelerator
Explanation:
AWS Global Accelerator is a service that improves the availability and performance of your applications with local or global users. It provides you with static IP addresses that serve as a fixed entry point to your applications hosted in one or more AWS Regions. These IP addresses are anycast from AWS edge locations, so they’re announced from multiple AWS edge locations at the same time. This enables traffic to ingress onto the AWS global network as close to your users as possible.
Global Accelerator uses the AWS global network to optimize the path from your users to your applications, improving the performance of your traffic by as much as 60%.
Hence, the correct answer in this scenario is: AWS Global Accelerator.
Amazon ElastiCache is incorrect because it cannot route user traffic to the optimal endpoint. ElastiCache is primarily used to improve web applications’ performance by allowing you to retrieve information from a fast, managed, in-memory system, instead of relying entirely on slower disk-based databases.
Amazon CloudFront is incorrect. Although CloudFront uses the AWS global network, this is best used for HTTP use cases and securing access over your endpoints. CloudFront uses Edge Locations to cache content while Global Accelerator uses Edge Locations to find an optimal pathway to the nearest regional endpoint. In addition, CloudFront is not capable of providing static Anycast IP address.
Amazon Route 53 is incorrect because it doesn’t use static Anycast IP address to minimize the latency for end-users. Route 53 is a highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services. Route 53 is mainly used to translate specific domain names into their corresponding IP addresses.
Which service will you use to quickly and securely transfer hundreds of petabytes of data to AWS? A.AWS Data Pipeline B.AWS Snowmobile C.AWS Snowball Edge D.AWS Data Exchange
B.AWS Snowmobile
Explanation
AWS Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration. Transferring data with Snowmobile is more secure, fast, and cost-effective. You can transfer up to 100PB per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck.
Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS.
The correct answer is: AWS Snowmobile.
AWS Snowball Edge is incorrect because this is simply a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using appliances. Snowball Edge is not the best service to transfer exabyte-scale data.
AWS Data Exchange is incorrect because it is just a service that makes it easy for millions of AWS customers to securely find, subscribe to, and use third-party data in the cloud. This option is not suitable to transfer hundreds of petabytes of data to AWS.
AWS Data Pipeline is incorrect since this is not a data migration service. Data Pipeline just lets you provision pipelines and remove the development and maintenance effort required to manage your daily data operations, letting you focus on generating insights from that data.
You need to organize and consolidate information based on criteria specified in tags or resources in AWS. Which of the following should you use? A.Amazon CloudWatch Dashboard B.AWS Resource Groups C.AWS Directory Service D.AWS IAM Group
B.AWS Resource Groups
Explanation:
AWS Resource Groups lets you organize AWS resources such as Amazon EC2 instances, Amazon Relational Database Service databases, and Amazon S3 buckets into groups using criteria that you define as tags. A resource group is a collection of resources that match the resource types specified in a query and share one or more tags or portions of tags. You can create a group of resources based on their roles in your cloud infrastructure, lifecycle stages, regions, application layers, or virtually any criteria.
By default, the AWS Management Console is organized by AWS service. But with Resource Groups, you can create a custom console that organizes and consolidates information based on criteria specified in tags, or the resources in an AWS
Hence, the correct answer is: AWS Resource Groups.
Amazon CloudWatch Dashboard is incorrect because this is just a customizable home page in the CloudWatch console that you can use to monitor your resources in a single view. This service is not suitable for organizing AWS resources. You only use CloudWatch Dashboards if you need to monitor your services’ performance in a single view.
AWS IAM Group is incorrect because this is just a collection of IAM users. You can’t organize resources using this option.
AWS Directory Service is incorrect because this simply provides directories that contain information about your organization, users, groups, computers, and other resources. This service is not capable of organizing a collection of resources.