Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-AWS Cloud Practitioner Practice Exams (Udemy) > AWS Certified Cloud Practitioner: Test 4 > Flashcards

AWS Certified Cloud Practitioner: Test 4 Flashcards

1
Q

An organization has multiple AWS accounts and uses a mixture of on-demand and reserved instances. One account has a considerable amount of unused reserved instances. How can the organization reduce their costs? (Select TWO.)
A.Create an AWS organization configuration linking the accounts
B.Switch to using placement groups
C.Setup consolidated billing between the accounts
D.Use Spot instances instead

A

A.Create an AWS organization configuration linking the accounts
C.Setup consolidated billing between the accounts

Explanation:
AWS organizations allow you to consolidate multiple AWS accounts into an organization that you create and centrally manage. Unused reserved instances (RIs) for EC2 are applied across the group so the organization can utilize their unused reserved instance instead of consuming on-demand instances which will lower their costs.

CORRECT: “Create an AWS Organization configuration linking the accounts” is the correct answer.

CORRECT: “Setup consolidated billing between the accounts” is the correct answer.

INCORRECT: “Use Spot instances instead” is incorrect. Spot instance pricing is variable so it is not guaranteed to lower the cost and it is not suitable for workloads that cannot be unexpectedly terminated by AWS.

INCORRECT: “Redeem their reserved instances” is incorrect. You cannot redeem your reserved instances. You can sell them on the AWS marketplace, however.

INCORRECT: “Switch to using placement groups” is incorrect. Using placement groups will not lower their costs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which AWS service enables hybrid cloud storage between on-premises and the AWS Cloud?
A.Amazon Elastic File System (EFS)
B.Amazon CloudFront
C.Amazon S3 Cross Region Replication (CRR)
D.AWS Storage Gateway

A

D.AWS Storage Gateway

Explanation

The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS Cloud. It seamlessly integrates on-premises enterprise applications and workflows with Amazon’s block and object cloud storage services through industry standard storage protocols.

CORRECT: “AWS Storage Gateway” is the correct answer.

INCORRECT: “Amazon S3 Cross Region Replication (CRR)” is incorrect. Amazon S3 CRR is used for copying data from one S3 bucket to another S3 bucket in another region. That is not an examples of hybrid cloud.

INCORRECT: “Amazon Elastic File System (EFS)” is incorrect. Amazon EFS is not a hybrid cloud storage solution. With EFS you can mount file systems from on-premises servers, however it does not offer a local cache or method of moving data into the cloud.

INCORRECT: “Amazon CloudFront” is incorrect. Amazon CloudFront is a content delivery network. It is used to get content closer to users, it is not a hybrid cloud storage solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the advantages of cloud listed below is most closely addressed by the capabilities of AWS Auto Scaling?
A.Stop guessing about capacity
B.Benefit from massive economies of scale
C.GO global in minutes
D.Stop spending money running and maintaining data centers

A

A.Stop guessing about capacity

Explanation:
AWS Auto Scaling helps you to adapt to the demand for you application and scale up and down as needed. This means you don’t have to guess capacity upfront as you can provision what you need and allows Auto Scaling to manage the scaling.

CORRECT: “Stop guessing about capacity” is the correct answer.

INCORRECT: “Benefit from massive economies of scale” is incorrect. This is a cost advantage of cloud.

INCORRECT: “Stop spending money running and maintaining data centers” is incorrect. This is a cost advantage of moving to cloud.

INCORRECT: “Go global in minutes” is incorrect. This is a benefit of deploying cloud services globally.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
What are two components of Amazon S3? (Select TWO.)
A.Block devices
B.Directories
C.Buckets
D.Objects
E.File systems
A

C.Buckets
D.Objects

Explanation:
Amazon S3 is an object-based storage system that is accessed using a RESTful API over HTTP(S). It consists of buckets, which are root level folders, and objects, which are the files, images etc. that you upload

The terms directory, file system and block device do not apply to Amazon S3.

CORRECT: “Buckets” is a correct answer.

CORRECT: “Objects” is also a correct answer.

INCORRECT: “Directories” is incorrect as explained above.

INCORRECT: “Block devices” is incorrect as explained above.

INCORRECT: “File systems” is incorrect as explained above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
When performing a total cost of ownership (TCO) analysis between on-premises and the AWS Cloud, which factors are only relevant to on-premises deployments? (Select TWO.)
A.Facility operatings costs
B.Hardware procurement teams
C.Database administration
D.Application licensing
E.Operating system licensing
A

A.Facility operatings costs
B.Hardware procurement teams

Explanation:
Facility operations and hardware procurement costs are something you no longer need to pay for in the AWS Cloud. These factors therefore must be included as an on-premise cost so you can understand the cost of staying in your own data centers.

Database administration, operating system licensing and application licensing will still be required in the AWS Cloud.

CORRECT: “Hardware procurement teams” is a correct answer.

CORRECT: “Facility operations costs” is also a correct answer.

INCORRECT: “Operating system licensing” is incorrect as these are factors that are relevant to both on-premise and the cloud.

INCORRECT: “Database administration” is incorrect as these are factors that are relevant to both on-premise and the cloud.

INCORRECT: “Application licensing” is incorrect as these are factors that are relevant to both on-premise and the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
Which AWS service should be used to create a billing alarm?
A.Amazon CloudWatch
B.AWS Trusted Advisor
C.AWS CloudTrail
D.Amazon QuickSight
A

A.Amazon CloudWatch

Explanation:
You can monitor your estimated AWS charges by using Amazon CloudWatch. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data.

Billing metric data is stored in the US East (N. Virginia) Region and represents worldwide charges. This data includes the estimated charges for every service in AWS that you use, in addition to the estimated overall total of your AWS charges.

The alarm triggers when your account billing exceeds the threshold you specify. It triggers only when actual billing exceeds the threshold. It doesn’t use projections based on your usage so far in the month.

CORRECT: “Amazon CloudWatch” is the correct answer.

INCORRECT: “AWS Trusted Advisor” is incorrect. AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices.

INCORRECT: “AWS CloudTrail” is incorrect. CloudTrail logs API activity, not performance or billing metrics.

INCORRECT: “Amazon QuickSight” is incorrect. Amazon QuickSight is a fast, cloud-powered business intelligence service that makes it easy to deliver insights to everyone in your organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following are advantages of the AWS Cloud? (Select TWO.)
A.AWS Manages the maintenance of the cloud infrastrucuture
B.AWS manages capacity planning for physical servers
C.AWS manages the development of applications on AWS
D.AWS manages cost planning for virtual servers
E.AWS manages the security of applications built on AWS

A

A.AWS Manages the maintenance of the cloud infrastrucuture
B.AWS manages capacity planning for physical servers

Explanation:
AWS is responsible for security of the AWS Cloud as well as capacity planning and maintenance of the AWS infrastructure. This includes physical infrastructure such as data centers, servers, storage systems, and networking equipment.

CORRECT: “AWS manages the maintenance of the cloud infrastructure” is a correct answer.

CORRECT: “AWS manages capacity planning for physical servers” is also a correct answer.

INCORRECT: “AWS manages the security of applications built on AWS” is incorrect. This is the responsibility of the customer.

INCORRECT: “AWS manages the development of applications on AWS” is incorrect. This is the responsibility of the customer.

INCORRECT: “AWS manages cost planning for virtual servers” is incorrect. This is the responsibility of the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
What is the most cost-effective Amazon S3 storage tier for data that is not often accessed but requires high availability?
A.Amazon S3 Standard
B.Amazon GLacier
C.Amazon S3 Standard-IA
D.Amazon S3 One Zone-IA
A

C.Amazon S3 Standard-IA

Explanation:
S3 Standard-IA is for data that is accessed less frequently, but requires rapid access when needed. S3 Standard-IA offers the high durability, high throughput, and low latency of S3 Standard with 99.9% availability

CORRECT: “Amazon S3 Standard-IA” is the correct answer.

INCORRECT: “Amazon S3 Standard” is incorrect as this class will cost more and is designed for data that requires regular access.

INCORRECT: “Amazon S3 One Zone-IA” is incorrect. S3 One Zone-IA is for data that is accessed less frequently, but requires rapid access when needed. Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ and offers lower availability.

INCORRECT: “Amazon Glacier” is incorrect. Glacier is a data archiving solution so not suitable for a storage tier that requires infrequent access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
Which Amazon EC2 pricing option provides significant discounts for fixed term contracts?
A.Dedicated instances
B.Reserved instances
C.Spot instances
D.Dedicated hosts
A

B.Reserved instances

Explanation:
Reserved instances provide significant discounts, up to 75% compared to On-Demand pricing, by paying for capacity ahead of time.

CORRECT: “Reserved Instances” is the correct answer.

INCORRECT: “Spot Instances” is incorrect. Spot Instances allow you to purchase spare computing capacity with no upfront commitment at discounted hourly rates. This is not used for long-term requirements.

INCORRECT: “Dedicated Instances” is incorrect. Dedicated Instances are Amazon EC2 instances that run in a VPC on hardware that’s dedicated to a single customer.

INCORRECT: “Dedicated Hosts” is incorrect. Dedicated hosts are EC2 servers dedicated to a single customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
Which service can be used to assign a policy to a group?
A.AWS IAM
B.Amazon Cognito
C.AWS Shield
D.AWSn STS
A

A.AWS IAM

Explanation:
IAM is used to securely control individual and group access to AWS resources. Groups are collections of users and have policies attached to them. You can use IAM to attach a policy to a group

CORRECT: “AWS IAM” is the correct answer.

INCORRECT: “Amazon Cognito” is incorrect. Amazon Cognito is used for authentication using mobile apps

INCORRECT: “AWS STS” is incorrect. The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users)

INCORRECT: “AWS Shield” is incorrect. AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
Which team is available to support AWS customers on an Enterprise support plan with account issues?
A.AWS Concierge
B.AWS Technical Account Manager
C.AWS Technical support
D.AWS Billing and Accounts
A

A.AWS Concierge

Explanation:
Included as part of the Enterprise Support plan, the Support Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts.

CORRECT: “AWS Concierge” is the correct answer.

INCORRECT: “AWS Technical Support” is incorrect as this is not the name of the team.

INCORRECT: “AWS Billing and Accounts” is incorrect as the Support Concierge Team fulfil this role.

INCORRECT: “AWS Technical Account Manager” is incorrect. The Technical Account Manager provides expert monitoring and optimization for your environment and coordinates access to other programs and experts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following can be assigned to an IAM user? (Select TWO.)
A.A password for access to the management console
B.An SSL/TLS certificate
C.An access key ID and secret access key
D.A password for logging into Linux
E.A key pair

A

A.A password for access to the management console
C.An access key ID and secret access key

Explanation:
An IAM user is an entity that represents a person or service. Users can be assigned an access key ID and secret access key for programmatic access to the AWS API, CLI, SDK, and other development tools and a password for access to the management console.

CORRECT: “An access key ID and secret access key” is the correct answer.

CORRECT: “A password for access to the management console” is the correct answer.

INCORRECT: “An SSL/TLS certificate” is incorrect. You cannot assign an SSL/TLS certificate to a user.

INCORRECT: “A key pair” is incorrect. Key pairs are used with Amazon EC2 as a method of using public key encryption to securely access EC2 instances.

INCORRECT: “A password for logging into Linux” is incorrect. You cannot assign an IAM user with a password for logging into a Linux instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q 
Which of the below are components that can be configured in the VPC section of the AWS management console? (Select TWO.)
A.DNS records
B.EBS Volumes
C.Endpoints
D.Subnet
E.Elastic Load balancer
A

C.Endpoints
D.Subnet

Explanation:
You can configure subnets and endpoints within the VPC section of AWS management console.

EBS volumes and ELB must be configured in the EC2 section of the AWS management console and DNS records must be configured in Amazon Route 53.

CORRECT: “Subnet” is a correct answer.

CORRECT: “Endpoints” is also a correct answer.

INCORRECT: “EBS volumes” is incorrect as explained above.

INCORRECT: “DNS records” is incorrect as explained above.

INCORRECT: “Elastic Load Balancer” is incorrect as explained above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is an advantage of cloud computing compared to deploying your own infrastructure on-premise?
A.Ability to choose bespoke infrastructure configurations
B.Spending using a CAPEX model
C.Paying only for what you use
D.Flexibility to choose your own hardware

A

C.Paying only for what you use

Explanation:
With AWS you only pay for what you use. However, you cannot choose your own hardware/infrastructure and the payment model is operational (OPEX) not capital (CAPEX).

CORRECT: “Paying only for what you use” is the correct answer.

INCORRECT: “Flexibility to choose your own hardware” is incorrect as explained above.

INCORRECT: “Spend using a CAPEX model” is incorrect as explained above.

INCORRECT: “Ability to choose bespoke infrastructure configurations” is incorrect as explained above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q 
How are AWS Lambda functions triggered?
A.Metrics
B.Counters
C.Events
D.Schedules
A

C.Events

Explanation

AWS Lambda lets you run code as functions without provisioning or managing server. Lambda-based applications (also referred to as serverless applications) are composed of functions triggered by events.

For instance, you can trigger a Lambda function to run when an object is uploaded to an Amazon S3 bucket or a message is added to an Amazon SQS queue.

CORRECT: “Events” is the correct answer.

INCORRECT: “Schedules” is incorrect as functions are triggered by events.

INCORRECT: “Metrics” is incorrect as functions are triggered by events.

INCORRECT: “Counters” is incorrect as functions are triggered by events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does an organization need to do in Amazon IAM to enable user access to services being launched in new region?
A.Create new user accounts in the new region
B.Update the user accounts to allows access from another region
C.Enable global mode in IAM to provision the required access
D.Nothing, IAM is global

A

D.Nothing, IAM is global

Explanation:
IAM is used to securely control individual and group access to AWS resources. IAM is universal (global) and does not apply to regions.

CORRECT: “Nothing, IAM is global” is the correct answer.

INCORRECT: “Enable global mode in IAM to provision the required access” is incorrect as you do not need to do anything to use IAM globally.

INCORRECT: “Update the user accounts to allow access from another region” is incorrect as you don’t need to update user accounts.

INCORRECT: “Create new user accounts in the new region” is incorrect as IAM is global.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following are architectural best practices for the AWS Cloud? (Select TWO.)
A.Deploy into multiple Availability Zones
B.Deploy into a single availability zone
C.Design for fault tolerance
D.Create monolithic architectures
E.Close coupling

A

A.Deploy into multiple Availability Zones
C.Design for fault tolerance

Explanation

It is an architectural best practice to deploy your resources into multiple availability zones and design for fault tolerance. These both ensure that if resources or infrastructure fails, your application continues to run.

CORRECT: “Deploy into multiple Availability Zones” is a correct answer.

CORRECT: “Design for fault tolerance” is also a correct answer.

INCORRECT: “Deploy into a single availability zone” is incorrect. You should not deploy all of your resources into a single availability zone as any infrastructure failure will take down access to your resources.

INCORRECT: “Close coupling” is incorrect. Close coupling is not an architectural best practice – loose coupling is. With loose coupling you reduce interdependencies between components of an application and often put a middle layer such as a message bus between components.

INCORRECT: “Create monolithic architectures” is incorrect. You should not create monolithic architectures. With monolithic architectures you have a single instance running multiple components of the application, if any of these components fails, your application fails. It is better to design microservices architectures where components are spread across more instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does an organization need to do to move to another AWS region?
A.Just start deploying resources in the additional region
B.Apply for another AWS account in that region
C.Submit an application to extend their account to the additional region
D.Create a separate IAM account for that region

A

A.Just start deploying resources in the additional region

Explanation:
You don’t need to do anything except start deploying resources in the new region. With the AWS cloud you can use any region around the world at any time. There is no need for a separate account, and IAM is a global service.

CORRECT: “Just start deploying resources in the additional region” is the correct answer.

INCORRECT: “Create a separate IAM account for that region” is incorrect as IAM is a global service.

INCORRECT: “Apply for another AWS account in that region” is incorrect as you can use IAM across Regions and do not need another account.

INCORRECT: “Submit an application to extend their account to the additional region” is incorrect as you do not need to extend accounts across Regions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q 
Which services can be used for asynchronous integration between application components? (Select TWO.)
A.AWS Route 53
B.Amazon SQS
C.Amazon EC2 Auto Scaling
D.AWS CloudFormation
E,Amazon Step Functions
A

B.Amazon SQS
E,Amazon Step Functions

Explanation:
Asynchronous integration is a form of loose coupling between services. This model is suitable for any interaction that does not need an immediate response and where an acknowledgement that a request has been registered will suffice.

Amazon Simple Queue Service (SQS) and Amazon Step Functions both provide asynchronous integration. SQS provides a durable message bus and Step Functions is an orchestrated workflow service.

Amazon EC2 Auto Scaling helps with horizontal scaling of your EC2 instances. This is not an example of asynchronous integration.

AWS CloudFormation automates the deployment of infrastructure based on templates.

AWS Route 53 is a DNS service that resolves domain names to IP addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q 
Which AWS service lets you add user sign up, sign-in and access control to web and mobile apps?
A.AWS Artifact
B.AWS CloudHSM
C.Amazon Cognito
D.AWS Directory Service
A

C.Amazon Cognito

Explanation:
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.

CORRECT: “AWS Cognito” is the correct answer.

INCORRECT: “AWS Artifact” is incorrect. AWS Artifact is your go-to, central resource for compliance-related information that matters to you.

INCORRECT: “AWS CloudHSM” is incorrect. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud

INCORRECT: “AWS Directory Service” is incorrect. AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the scope of an Amazon Virtual Private Cloud (VPC)?
A.It spans all Availability Zones within a region
B.It spans multiple subnets
C.It spans a single CIDR block
D.it spans all availability zones in all regions

A

A.It spans all Availability Zones within a region

Explanation:
A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. A VPC spans all the Availability Zones in the region.

CORRECT: “It spans all Availability Zones within a region” is the correct answer.

INCORRECT: “It spans a single CIDR block” is incorrect. You can have multiple CIDR blocks in a VPC.

INCORRECT: “It spans multiple subnets” is incorrect. An Amazon VPC spans AZs, subnets are created within AZs

INCORRECT: “It spans all Availability Zones in all regions” is incorrect as it is within a single Region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q 
The ability to horizontally scale Amazon EC2 instances based on demand is an example of which concept?
A.Economy of scale
B.Agility
C.High availability
D.Elasticity
A

D.Elasticity

Explanation:
Elasticity is the ability to dynamically adjust the capacity of a service or resource based on demand. Scaling can be vertical (e.g. increase instance size) or horizontal (e.g. add more EC2 instances).

CORRECT: “Elasticity” is the correct answer.

INCORRECT: “Economy of scale” is incorrect. This refers to pricing benefits based on AWS purchasing large amounts of resources.

INCORRECT: “High availability” is incorrect. This is an example of resilience.

INCORRECT: “Agility” is incorrect. This is an example of flexibility and speed of implementation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q 
Which Compute service should be used for running a Linux operating system upon which you will install custom software?
A.Amazon EC2
B.Amazon ECS
C.AMazon EKS
D.AWS Lambda
A

A.Amazon EC2

Explanation:
Amazon EC2 should be used when you need access to a full operating system instance that you can manage.

Amazon Elastic Container Service (ECS) and Amazon Elastic Container Service for Kubernetes (EKS) are used for running software containers, not full operating system instances.

AWS Lambda runs code as functions in response to events.

CORRECT: “Amazon EC2” is the correct answer.

INCORRECT: “Amazon ECS” is incorrect as explained above.

INCORRECT: “Amazon EKS” is incorrect as explained above.

INCORRECT: “AWS Lambda” is incorrect as explained above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How can consolidated billing within AWS Organizations help lower overall monthly expenses?
A.By providing a consolidated view of monthly billing across multiple accounts
B.By leveraging service control policies (SOP) for centralized service management
C.By automating the creation of new accounts through APIs
D.By pooling usage across multiple accounts to achieve a pricing tier discount

A

D.By pooling usage across multiple accounts to achieve a pricing tier discount

Explanation

You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) accounts.

Consolidated billing has the following benefits:

  • One bill – You get one bill for multiple accounts.
  • Easy tracking – You can track the charges across multiple accounts and download the combined cost and usage data.
  • Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts, Reserved Instance discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts.
  • No extra fee – Consolidated billing is offered at no additional cost.

CORRECT: “By pooling usage across multiple accounts to achieve a pricing tier discount” is the correct answer.

INCORRECT: “By providing a consolidated view of monthly billing across multiple accounts” is incorrect. This is useful, but doesn’t lower costs.

INCORRECT: “By automating the creation of new accounts through APls” is incorrect as this does not lower costs.

INCORRECT: “By leveraging service control policies (SCP) for centralized service management” is incorrect. SCPs are used for controlling the API actions you can use, not for lowering costs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is the benefit of using fully managed services compared to deploying 3rd party software on EC2?
A.Improved security
B.Reduced operational overhead
C.You dont need to backup your data
D.You have greater control and flexibility

A

B.Reduced operational overhead

Explanation:
Fully managed services reduce your operational overhead as AWS manage not just the infrastructure layer but the service layers above it. Examples are Amazon Aurora and Amazon ElastiCache where the database is managed for you.

CORRECT: “Reduced operational overhead” is the correct answer.

INCORRECT: “You don’t need to back-up your data” is incorrect. You do still need to backup your data. For instance, with Amazon ElastiCache it’s up to you to configure backups to S3.

INCORRECT: “Improved security” is incorrect. Security is not necessarily improved by managing your own software stack. AWS are extremely good at securing their services and there is arguably less chance that they will expose vulnerabilities than a customer who deploys their own applications.

INCORRECT: “You have greater control and flexibility” is incorrect. You do not have greater control and flexibility with fully managed services. AWS take more responsibility for providing the service and you therefore have fewer options. For example you may not be able to configure the performance parameters of a database as you’d like to or use your own backup or operational software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q 
Which tool can be used to provide real time guidance on provisioning resources following AWS best practices?
A.AWS Inspector
B.AWS Simple Monthly Calculator
C.AWS Trusted Advisor
D.AWS Personal Health Dashboard
A

C.AWS Trusted Advisor

Explanation:
Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment. Trusted Advisor provides real time guidance to help you provision your resources following best practices.

CORRECT: “AWS Trusted Advisor” is the correct answer.

INCORRECT: “AWS Simple Monthly Calculator” is incorrect. The AWS Simple Monthly Calculator helps you to estimate the cost of using AWS services.

INCORRECT: “AWS Inspector” is incorrect. Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS

INCORRECT: “AWS Personal Health Dashboard” is incorrect. AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q 
Which of the following is an architectural best practice recommended by AWS?
A.Use manual operational processes
B.Design for success
C.Think servers, not services
D.Design for failure
A

D.Design for failure

Explanation:
It is recommended that you design for failure. This means always considering what would happen if a component of an application fails and ensuring there is resilience in the architecture.

CORRECT: “Design for failure” is the correct answer.

INCORRECT: “Design for success” is incorrect. Design for success sounds good, but this is not an architectural best practice. As much as we want our applications to be successful, we should always be cognizant of the potential failures that might occur and ensure we are prepared for them.

INCORRECT: “Think servers, not services” is incorrect. AWS do not recommend that you “think servers, not services”. What they do recommend is that you “think services, not servers”. This means that you should consider using managed services and serverless services rather than just using Amazon EC2.

INCORRECT: “Use manual operational processes” is incorrect. You should not use manual operational processes; this is not an architectural best practice. You should automate as much as possible in the cloud.

28
Q 
Which feature of AWS IAM enables you to identify unnecessary permissions that have been assigned to users?
A.Group Advisor
B.Access Advisor
C.Permissions Advisor
D.Role Advisor
A

B.Access Advisor

Explanation:
The IAM console provides information about when IAM users and roles last attempted to access AWS services. This information is called service last accessed data. This data can help you identify unnecessary permissions so that you can refine your IAM policies to better adhere to the principle of “least privilege.”

That means granting the minimum permissions required to perform a specific task. You can find the data on the Access Advisor tab in the IAM console by examining the detail view for any IAM user, group, role, or managed policy.

CORRECT: “Access Advisor” is the correct answer.

INCORRECT: “Role Advisor” is incorrect as this is not a valid feature.

INCORRECT: “Permissions Advisor” is incorrect as this is not a valid feature.

INCORRECT: “Group Advisor” is incorrect as this is not a valid feature.

29
Q

What is the difference between an EBS volume and an Instance store?
A.EBS volumes are object storage devices whereas instance store volumes are block based
B.Instance store volumes can be used with all EC2 instance types where as EBS cannot
C.EBS volumes are file level storage devices where as Instance store volumes are object-based
D.Instance store volumes are ephemeral whereas EBS volumes are persistent storage

A

D.Instance store volumes are ephemeral whereas EBS volumes are persistent storage

Explanation:
EBS-backed means the root volume is an EBS volume and storage is persistent. Instance store-backed means the root volume is an instance store volume and storage is not persistent. Both EBS and Instance store volumes are block-based storage devices.

EBS volumes can be used with all EC2 instance types whereas Instance store volumes are more limited in compatibility

CORRECT: “Instance store volumes are ephemeral whereas EBS volumes are persistent storage” is the correct answer.

INCORRECT: “EBS volumes are object storage devices whereas Instance store volume are block based” is incorrect as both are block-based storage devices.

INCORRECT: “Instance store volumes can be used with all EC2 instance types whereas EBS cannot” is incorrect as this is not true.

INCORRECT: “EBS volumes are file-level storage devices whereas Instance store volumes are object-based” is incorrect as both are block-based storage devices.

30
Q 
Which Amazon EC2 billing option gives you low cost, maximum flexibility, no upfront costs or commitment, and you only pay for what you use?
A.On-Demand Instances
B.Dedicated Host
C.Reserved Instances
D.Spot Instances
A

A.On-Demand Instances

Explanation:
With On-Demand instances you pay for hours used with no commitment. There are no upfront costs so you have maximum flexibility.

CORRECT: “On-Demand Instances” is the correct answer.

INCORRECT: “Dedicated Host” is incorrect. Dedicated hosts use physically dedicated EC2 servers to isolate your workloads and are expensive

INCORRECT: “Spot Instances” is incorrect. Spot instances are used for getting a very low price which you bid on. You lose some flexibility as you are constrained by market prices and your workloads can be terminated if the market price exceeds your bid price

INCORRECT: “Reserved Instances” is incorrect. Reserved instances are based on a commitment to 1 or 3 years in exchange for a large discount.

31
Q 
Which of the following is a benefit of moving to the AWS Cloud?
A.Long term commitment
B.Outsource All IT operations
C.Pay for what you use
D.Capital purchases
A

C.Pay for what you use

Explanation:
With the AWS cloud you pay for what you use. This is a significant advantage compared to on-premises infrastructure where you need to purchase more equipment than you need to allow for peak capacity. You also need to pay for that equipment upfront.

CORRECT: “Pay for what you use” is the correct answer.

INCORRECT: “Outsource all IT operations” is incorrect. You do not outsource all IT operations when moving to the AWS Cloud. AWS provide some higher-level managed services which reduces your operations effort but does not eliminate it.

INCORRECT: “Capital purchases” is incorrect. Capital purchases are not a benefit of moving to the cloud. The AWS Cloud is mostly an operational expenditure which is favored by many CFOs.

INCORRECT: “Long term commitments” is incorrect. You do not need to enter into long term commitments with the AWS Cloud. There are options for 1 or 3 year commitments to lower prices with some services but this is not an advantage of the cloud.

32
Q

What is the main benefit of the principle of “loose coupling”?
A.Reduce interdependencies so a failure in one component does not cascade to other components
B.Automate the deployment of infrastructure using code
C.Enables applications to scale automatically based on current demand
D.Reduce operational complexity

A

A.Reduce interdependencies so a failure in one component does not cascade to other components

Explanation:
As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components.

CORRECT: “Reduce interdependencies so a failure in one component does not cascade to other components” is the correct answer.

INCORRECT: “Reduce operational complexity” is incorrect. Loose coupling does not reduce operational complexity. In fact, it may increase complexity as you have more services running and more interactions.

INCORRECT: “Automate the deployment of infrastructure using code” is incorrect. This is an example of “Infrastructure as code” – services such as CloudFormation provide this functionality.

INCORRECT: “Enables applications to scale automatically based on current demand” is incorrect. This is an example of Elasticity.

33
Q 
What types of monitoring can Amazon CloudWatch be used for? (Select TWO.)
A. Infrastructure
B.API Access
C.Operational health
D.Data center
E.Application performance
A

C.Operational health
E.Application performance

Explanation:
Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch performs performance monitoring and can monitor custom metrics generated by applications and the operational health of your AWS resources

Infrastructure and data center monitoring is not accessible to AWS customers

CORRECT: “Operational health” is a correct answer.

CORRECT: “Application performance” is also a correct answer.

INCORRECT: “Infrastructure” is incorrect as this monitoring is not accessible to AWS customers.

INCORRECT: “Data center” is incorrect as this monitoring is not accessible to AWS customers.

INCORRECT: “API access” is incorrect. AWS CloudTrail monitors API access

34
Q

The AWS acceptable use policy for penetration testing allows?
A.AWS to perform penetration testing against customer resources without notification
B.Customers to carry out security assessments or penetration tests against their AWS infrastrucuture after obtaining authorization from AWS
C..Customers to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for selected services
D.Authorized security assessors to perform penetration tests against any AWS customer without authorization

A

C..Customers to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for selected services

Explanation:
AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for the following eight services:

  • Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers.
  • Amazon RDS.
  • Amazon CloudFront.
  • Amazon Aurora.
  • Amazon API Gateways.
  • AWS Lambda and Lambda Edge functions.
  • Amazon LightSail resources.
  • Amazon Elastic Beanstalk environments.

CORRECT: “Customers to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for selected services” is the correct answer.

INCORRECT: “Customers to carry out security assessments or penetration tests against their AWS infrastructure after obtaining authorization from AWS” is incorrect as you do not need authorization.

INCORRECT: “AWS to perform penetration testing against customer resources without notification” is incorrect as AWS will not perform penetration testing on customer resources.

INCORRECT: “Authorized security assessors to perform penetration tests against any AWS customer without authorization” is incorrect. This is not something that is authorized

35
Q 
Which AWS service provides a quick and automated way to create and manage AWS accounts?
A.AWS Organization
B.AWS QuickSight
C.Amazon Connect
D.Amazon LightSail
A

A.AWS Organization

Explanation:
AWS Organizations is a web service that enables you to consolidate your multiple AWS accounts into an organization and centrally manage your accounts and their resources. The AWS Organizations API can be used to create AWS accounts and this can be automated through code.

CORRECT: “AWS Organizations” is the correct answer.

INCORRECT: “AWS QuickSight” is incorrect. Amazon QuickSight is a fast, cloud-powered business intelligence service that makes it easy to deliver insights to everyone in your organization.

INCORRECT: “Amazon LightSail” is incorrect. LightSail offers virtual servers (instances) that are easy to set up and backed by the power and reliability of AWS.

INCORRECT: “Amazon Connect” is incorrect. Amazon Connect is an easy to use omnichannel cloud contact center that helps companies provide superior customer service at a lower cost

36
Q

What are two examples of the advantages of cloud computing? (Select TWO.)
A.Trade operating costs for capital costs
B.Trade variable expense for capital expense
C.Increase speed and agility
D.Secure data centers
E.Benefit from massive economies of scale

A

C.Increase speed and agility
E.Benefit from massive economies of scale

Explanation:
The 6 advantages of cloud computing are:

– Trade capital expense for variable expense.

– Benefit from massive economies of scale.

– Stop guessing about capacity.

– Increase speed and agility.

– Stop spending money running and maintaining data centers.

– Go global in minutes.

CORRECT: “Increase speed and agility” is a correct answer.

CORRECT: “Benefit from massive economies of scale” is also a correct answer.

INCORRECT: “Trade operating costs for capital costs” is incorrect as this is backwards.

INCORRECT: “Secure data centers” is incorrect. Secure data centers are not a reason to move to the cloud. Your on-premises data centers should also be secure.

INCORRECT: “Trade variable expense for capital expense” is incorrect as this is backwards

37
Q 
To reduce the price of your Amazon EC2 instances, which term lengths are available for reserved instances? (Select TWO.)
A.5 years
B.2 years
C. 3 years
D.1 years
E.4 years
A

C. 3 years
D.1 years

Explanation:
Reserved instances provide significant discounts, up to 75% compared to On-Demand pricing, by paying for capacity ahead of time. They are good for applications that have predictable usage, that need reserved capacity, and for customers who can commit to a 1 or 3-year term.

CORRECT: “1 year” is a correct answer.

CORRECT: “3 years” is also a correct answer.

INCORRECT: “4 years” is incorrect as only 1 and 3 year options are available.

INCORRECT: “5 years” is incorrect as only 1 and 3 year options are available.

INCORRECT: “2 years” is incorrect as only 1 and 3 year options are available.

38
Q 
What are the fundamental charges for Elastic Block Store (EBS) volumes? (Select TWO.)
A.Inbound data transfer
B.The amount of data storage provisioned
C.The amount of data storage consumed
D.Provisioned IOPS
E.Number of snapshots
A

B.The amount of data storage provisioned
D.Provisioned IOPS

Explanation:
With EBS volumes you are charged for the amount of data provisioned (not consumed) per month. This means you can have empty space within a volume and you still pay for it. With provisioned IOPS volumes you are also charged for the amount you provision in IOPS

CORRECT: “The amount of data storage provisioned” is a correct answer.

CORRECT: “Provisioned IOPS” is also a correct answer.

INCORRECT: “The amount of data storage consumed” is incorrect as you pay for the amount provisioned.

INCORRECT: “Number of snapshots” is incorrect. You pay for the storage consumed by snapshots, not by the number of snapshots.

INCORRECT: “Inbound data transfer” is incorrect as you do not pay for data ingress.

39
Q

Which of the following security related activities are AWS customers responsible for? (Select TWO.)
A.Implementing data center access controls
B.Implementing IAM password policies
C.installing patches on network devices
D.Secure disposal of faulty disk drives
E.Installing patches on Windows operating systems

A

B.Implementing IAM password policies
E.Installing patches on Windows operating systems

Explanation:
Customers are responsible for configuring their own IAM password policies and installing operating system patches on Amazon EC2 instances

AWS are responsible for installing patches on physical hardware devices, data center access controls and secure disposal of disk drives

CORRECT: “Installing patches on Windows operating systems” is the correct answer.

CORRECT: “Implementing IAM password policies” is the correct answer.

INCORRECT: “Secure disposal of faulty disk drives” is incorrect as this is an AWS responsibility.

INCORRECT: “Implementing data center access controls” is incorrect as this is an AWS responsibility.

INCORRECT: “Installing patches on network devices” is incorrect as this is an AWS responsibility.

40
Q 
Where can resources be launched when configuring Amazon EC2 Auto Scaling?
A. multiple VPCs
B.Multiple AZs and multiple regions
C.A single subnet
D.Multiple AZs within a region
A

D.Multiple AZs within a region

Explanation:
Amazon EC2 Auto Scaling is configured within the EC2 console and can launch instances within a VPC across multiple AZs. It cannot launch resources into another AWS Region.

CORRECT: “Multiple AZs within a region” is the correct answer.

INCORRECT: “Multiple AZs and multiple regions” is incorrect as you cannot launch resources into another Region.

INCORRECT: “A single subnet” is incorrect as instances can be launched in multiple subnets.

INCORRECT: “Multiple VPCs” is incorrect as you cannot use a single Auto Scaling group to launch resources into multiple subnets.

41
Q 
In addition to DNS services, what other services does Amazon Route 53 provide? (Select TWO.)
A.IP Routing
B.Traffic flow
C.DHCP
D.Caching
EE.Domain Registration
A

B.Traffic flow

E.Domain Registration

Explanation:
Amazon Route 53 features include domain registration, DNS, traffic flow, health checking, and failover. .Route 53 does not support DHCP, IP routing or caching.

CORRECT: “Domain registration” is the correct answer.

CORRECT: “Traffic flow” is the correct answer.

INCORRECT: “DHCP” is incorrect as explained above.

INCORRECT: “Caching” is incorrect as explained above.

INCORRECT: “ IP Routing” is incorrect. The DNS features of Route 53 are called “routing policies”, however this is not traditional IP routing which is performed by routers. It is intelligent DNS that responds with different results based on certain factors such as latency, weight, or failover configuration.

42
Q 
Which type of connection should be used to connect an on-premises data center with the AWS cloud that is high speed, low latency and does not use the Internet?
A.VPC Endpoints
B.Direct Connect
C.AWS Managed VPN
D>Client VPN
A

B.Direct Connect

Explanation:
AWS Direct Connect is a network service that provides an alternative to using the Internet to connect a customer’s on premise sites to AWS. Data is transmitted through a private network connection between AWS and a customer’s datacenter or corporate network. Direct Connect is high bandwidth, and low latency.
CORRECT: “Direct Connect” is the correct answer.

INCORRECT: “VPC Endpoints” is incorrect. VPC endpoint enable private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies.

INCORRECT: “AWS Managed VPN” is incorrect. The AWS Managed VPN (which is a type of IPSec VPN) is fast to setup but uses the public Internet and therefore latency is not as good and is unpredictable.

INCORRECT: “Client VPN” is incorrect. A site-to-site VPN should be used rather than a client VPN to connect two sites together.

43
Q

Which statement is true in relation to data stored within an AWS Region?
A.Data is always replicated to another region
B.Data is not replicated outside of a region unless you configure it
C.Data is automatically archived after 90 days
D.Data is always automatically replicated to at least one other availability zone

A

B.Data is not replicated outside of a region unless you configure it

Explanation:
Data stored within an AWS region is not replicated outside of that region automatically. It is up to customers of AWS to determine whether they want to replicate their data to other regions. You must always consider compliance and network latency when making this decision.

CORRECT: “Data is not replicated outside of a region unless you configure it” is the correct answer.

INCORRECT: “Data is always replicated to another region” is incorrect. Data is never replicated outside of a region unless you configure it.

INCORRECT: “Data is automatically archived after 90 days” is incorrect. Data is never automatically archived. You must configure data to be archived.

INCORRECT: “Data is always automatically replicated to at least one other availability zone” is incorrect. Data is not automatically replicated to at least one availability zone – this is specific to each service and you must check how your data is stored and whether the availability and durability is acceptable.

44
Q 
When using Amazon RDS databases, which items are you charged for? (Select TWO.)
A.Outbound data transfer
B.Single AZ
C.Multi AZ
D.Inbound data transfer
E.Backup to the DB size
A

A.Outbound data transfer
C.Multi AZ

Explanation:
With Amazon RDS you are charged for the type and size of database, the uptime, any additional storage of backup (above the DB size), requests, deployment type (e.g. you pay for multi AZ), and data transfer outbound.

CORRECT: “Multi AZ” is a correct answer.

CORRECT: “Outbound data transfer” is also a correct answer.

INCORRECT: “Inbound data transfer” is incorrect as you do not pay for inbound data.

INCORRECT: “Single AZ” is incorrect as this is not something you pay an additional charge for.

INCORRECT: “Backup up to the DB size” is incorrect as you do not pay for backup storage up to the size of the database. You only pay for backup storage in excess of the database size.

45
Q

How does “elasticity” benefit an application design?
A.By reducing interdependencies between application components
B.By selecting the correct storage tier for your workload
C.By reserving capacity to reduce costs
D.By automatically scaling resources based on demand

A

D.By automatically scaling resources based on demand

Explanation:
Elasticity refers to the automatic scaling of resources based on demand. The benefit is that you provision only the necessary resources at a given time (optimizing cost) and don’t have to worry about absorbing spikes in demand.

CORRECT: “By automatically scaling resources based on demand” is the correct answer.

INCORRECT: “By reducing interdependencies between application components” is incorrect. Elasticity does not reduce interdependencies between systems – this is known as loose coupling.

INCORRECT: “By selecting the correct storage tier for your workload” is incorrect. Selecting the correct storage tier would be an example of right-sizing, not elasticity.

INCORRECT: “By reserving capacity to reduce cost” is incorrect. Reserving capacity to reduce cost refers to using reservations such as EC2 Reserved Instances.

46
Q 
You would like to collect custom metrics from a production application every 1 minute. What type of monitoring should you use?
A.CloudWatch with basic monitoring
B.CloudWatch with detailed monitoring
C.CloudTrail with detailed monitoring
D.CloudTrail with basic monitoring
A

B.CloudWatch with detailed monitoring

Explanation:
Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring (CloudTrail is for auditing).

It is used to collect and track metrics, collect and monitor log files, and set alarms. Basic monitoring collects metrics every 5 minutes whereas detailed monitoring collects metrics every 1 minute

AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is for auditing, whereas CloudWatch is for performance monitoring. CloudTrail is about logging and saves a history of API calls for your AWS account

CORRECT: “CloudWatch with detailed monitoring” is the correct answer.

INCORRECT: “CloudTrail with basic monitoring” is incorrect as explained above.

INCORRECT: “CloudWatch with basic monitoring” is incorrect as explained above.

INCORRECT: “CloudTrail with detailed monitoring” is incorrect as explained above.

47
Q 
Which Amazon RDS deployment type is best used to enable fault tolerance in the event of the failure of an availability zone?
A.Multiple Regions
B.Write Replicas
C.Multiple Availability Zones
D.Read Replicas
A

C.Multiple Availability Zones

Explanation:
Multi AZ provides a mechanism to failover the RDS database to another synchronously replicated copy in the event of the failure of an AZ. The endpoint address for the RDS instances gets remapped to the standby instance as can be seen in the image below:

CORRECT: “Multiple Availability Zones” is the correct answer.

INCORRECT: “Multiple Regions” is incorrect. There is no option for multiple region failover of Amazon RDS.

INCORRECT: “Read Replicas” is incorrect. Read replicas are used for offloading read traffic from a primary database but cannot be used for writing. You can failover the DB by promoting a read replica in a DR situation but this is not the best answer as the multi-AZ feature is preferred.

INCORRECT: “Write Replicas” is incorrect. There is no such thing as write replicas.

48
Q

Which statement is correct in relation to the AWS Shared Responsibility Model?
A.AWS is responsible for the security of regions and availability zones
B.Customers are responsible for security of the cloud
C.Customers are responsible for patching storage systems
D.AWS is responsible for encrypting customer data

A

A.AWS is responsible for the security of regions and availability zones

Explanation:
AWS are responsible for “Security of the Cloud”. AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services, and this includes regions, availability zones and edge locations.

Customers are responsible for “Security in the Cloud”. This includes encrypting customer data, patching operating systems but not patching or maintaining the underlying infrastructure.

CORRECT: “AWS are responsible for the security of regions and availability zones” is the correct answer.

INCORRECT: “Customers are responsible for patching storage systems” is incorrect as this is an AWS responsibility.

INCORRECT: “AWS are responsible for encrypting customer data” is incorrect as this is a customer responsibility.

INCORRECT: “Customers are responsible for security of the cloud” is incorrect as this is an AWS responsibility.

49
Q 
Which of the options below are recommendations in the reliability pillar of the well-architected framework? (Select TWO.)
A.Stop guessing about capacity
B.Manage change in manual processes
C.Manually recover from failure
D.Test recovery procedures
E.Scale vertically using big systems
A

A.Stop guessing about capacity
D.Test recovery procedures

Explanation:
The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues

There are five design principles for reliability in the cloud:

– Test recovery procedures.

– Automatically recover from failure.

– Scale horizontally to increase aggregate system availability.

– Stop guessing capacity.

– Manage change in automation.

CORRECT: “Test recovery procedures” is a correct answer.

CORRECT: “Stop guessing about capacity” is also a correct answer.

INCORRECT: “Manually recover from failure” is incorrect as applications should automatically recover from failure.

INCORRECT: “Manage change in manual processes” is incorrect as you should manage change in automation.

INCORRECT: “Scale vertically using big systems” is incorrect as you should scale applications horizontally.

50
Q 
Which of the following need to be included in a total cost of ownership (TCO) analysis? (Select TWO.)
A.Company wide marketing
B.Facility equipment installation
C.Application development
D. IT manager salary
E.Data center security costs
A

B.Facility equipment installation
E.Data center security costs

Explanation:
To perform a TCO you need to document all of the costs you’re incurring today to run your IT operations. That includes facilities equipment installation and data center security costs. That way you get to compare the full cost of running your IT on-premises today, to running it in the cloud.

CORRECT: “Facility equipment installation” is a correct answer.

CORRECT: “Data center security costs” is also a correct answer.

INCORRECT: “IT Manager salary” is incorrect. The IT manager’s salary should not be included, as it will still need to be paid when the organization moves to the cloud.

INCORRECT: “Application development” is incorrect. Application development still needs to continue as you will still have applications running in the cloud.

INCORRECT: “Company-wide marketing” is incorrect. Company-wide marketing campaigns are unaffected by moving to the cloud

51
Q 
Which AWS service allows you to automate the evaluation of recorded configurations against desired configuration?
A.AWS CloudFormation
B.AWS Service Catalog
C.AWS Config
D.AWS OpsWorks
A

C.AWS Config

Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

CORRECT: “AWS Config” is the correct answer.

INCORRECT: “AWS OpsWorks” is incorrect. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet.

INCORRECT: “AWS Service Catalog” is incorrect. AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS.

INCORRECT: “AWS CloudFormation” is incorrect. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment.

52
Q 
Which service can be added to a database to provide improved performance for some requests?
A.Amazon RedShift
B.Amazon RDS
C.Amazon EFS
D.Amazon ElastiCache
A

D.Amazon ElastiCache

Explanation:
Amazon ElastiCache provides in-memory caching which improves performance for read requests when the data is cached in ElastiCache. ElastiCache can be placed in front of your database.
CORRECT: “Amazon ElastiCache” is the correct answer.

INCORRECT: “Amazon RedShift” is incorrect. Amazon RedShift is a data warehouse that is used for performing analytics on data.

INCORRECT: “Amazon EFS” is incorrect. Amazon EFS is an Elastic File System, not a caching service.

INCORRECT: “Amazon RDS” is incorrect. Amazon RDS is a relational SQL type of database. It is not a service that you place in front of another database to improve performance. Instead you might use RDS as your back-end database and use ElastiCache in front of it to improve performance through its in-memory caching.

53
Q 
Which tool can be used to create alerts when the actual or forecasted cost of AWS services exceed a certain threshold?
A.AWS Cost and Usage Report
B.AWS CloudTrail
C.AWS Cost Explorer
D.AWS Budgets
A

D.AWS Budgets

Explanation:
AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.
You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations.

CORRECT: “AWS Budgets” is the correct answer.

INCORRECT: “AWS Cost Explorer” is incorrect. Cost Explorer lets you visualize and understand your costs but AWS Budgets should be used for alerting based on forecast or actual usage.

INCORRECT: “AWS Cost and Usage report” is incorrect. This is another tool that can be used to view usage for AWS services by category but AWS Budgets should be used for alerting based on forecast or actual usage.

INCORRECT: “AWS CloudTrail” is incorrect. CloudTrail is used for logging API activity, it will not alert you based on usage of AWS services.

54
Q 
Which service can be used to manage configuration versions?
A.Amzon Inspector
B.AWS Service Catalog
C.AWS Config
D.AWS Artifact
A

C.AWS Config

Explanation:
AWS Config is a fully-managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and regulatory compliance.

CORRECT: “AWS Config” is the correct answer.

INCORRECT: “AWS Service Catalog” is incorrect. AWS Service Catalog is used to create and manage catalogs of IT services that you have approved for use on AWS, including virtual machine images, servers, software, and databases to complete multi-tier application architectures.

INCORRECT: “AWS Artifact” is incorrect. AWS Artifact is a central resource for compliance-related information. This service can be used to get compliance information related to AWS’ certifications/attestations.

INCORRECT: “Amazon Inspector” is incorrect. Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

55
Q 
Which storage type can be mounted using the NFS protocol to many EC2 instances simultaneously?
A.Amazon EBS
B.Amazon EFS
C.Amazon Instance Store
D.Amazon S3
A

B.Amazon EFS

Explanation:
EFS is a fully-managed service that makes it easy to set up and scale file storage in the Amazon Cloud. EFS uses the NFSv4.1 protocol. Can concurrently connect 1 to 1000s of EC2 instances, from multiple AZs.

CORRECT: “Amazon EFS” is the correct answer.

INCORRECT: “Amazon Instance Store” is incorrect. Amazon Instance Store is a type of ephemeral block-based volume that can be attached to a single EC2 instance at a time.

INCORRECT: “Amazon EBS” is incorrect. EBS volumes can only be attached to a single EC2 instance at a time and are block devices (not NFS).

INCORRECT: “Amazon S3” is incorrect. Amazon S3 is an object store and is connected to using a RESTful protocol over HTTP.

56
Q 
Which AWS service uses a highly secure hardware storage device to store encryption keys?
A.AWS IAM
B.Amazon Cloud Directory
C.AWS WAF
D.AWS CloudHSM
A

D.AWS CloudHSM

Explanation:
AWS CloudHSM is a cloud-based hardware security module (HSM) that allows you to easily add secure key storage and high-performance crypto operations to your AWS applications

CORRECT: “AWS CloudHSM” is the correct answer.

INCORRECT: “AWS IAM” is incorrect. AWS Identity and Access Management (IAM) is used for managing users, groups, and roles in AWS.

INCORRECT: “Amazon Cloud Directory” is incorrect. Amazon Cloud Directory enables you to build flexible cloud-native directories for organizing hierarchies of data along multiple dimensions.

INCORRECT: “AWS WAF” is incorrect. AWS WAF is a web application firewall that helps protect your web applications from common web exploits.

57
Q 
An organization has an on-premises cloud and accesses their AWS Cloud over the Internet. How can they create a private hybrid cloud connection that avoids the internet?
A.AWS VPN CloudHub
B.AWS Direct Connect
C,AWS VPC Endpoint
D.AWS Managed VPN
A

B.AWS Direct Connect

Explanation:
AWS Direct Connect is a low-latency, high-bandwidth, private connection to AWS. This can be used to create a private hybrid cloud connection between on-premises and the AWS Cloud.

CORRECT: “AWS Direct Connect” is the correct answer.

INCORRECT: “AWS Managed VPN” is incorrect. AWS Managed VPN uses the Internet for network connections, so it is not creating a private connection. The connection is secured but uses the Internet.

INCORRECT: “AWS VPN CloudHub” is incorrect. AWS VPN CloudHub uses the Internet for network connections, so it is not creating a private connection. The connection is secured but uses the Internet.

INCORRECT: “AWS VPC Endpoint” is incorrect. An AWS VPC Endpoint is a PrivateLink connection that connects an AWS public service to a VPC using a private connection. This does not connect on-premises environments to AWS.

58
Q 
Which service can be used to improve performance for users around the world?
A.AWS Lightsail
B.Amazon Connect
C.Amazon ElastiCache
D.Amazon CloudFront
A

D.Amazon CloudFront

Explanation:
Amazon CloudFront is a content delivery network (CDN) that caches content at Edge Locations around the world. This gets the content closer to users which improves performance.
CORRECT: “Amazon CloudFront” is the correct answer.

INCORRECT: “AWS LightSail” is incorrect. AWS LightSail is a compute service that offers a lower cost and easier to use alternative to Amazon EC2.

INCORRECT: “Amazon Connect” is incorrect. Amazon Connect Amazon Connect is a self-service, cloud-based contact center service that makes it easy for any business to deliver better customer service at lower cost.

INCORRECT: “Amazon ElastiCache” is incorrect. Amazon ElastiCache is a caching service for databases. Though it does improve read performance for database queries, it is not a global service that is designed to improve performance for users around the world.
CORRECT: “Amazon CloudFront” is the correct answer.

INCORRECT: “AWS LightSail” is incorrect. AWS LightSail is a compute service that offers a lower cost and easier to use alternative to Amazon EC2.

INCORRECT: “Amazon Connect” is incorrect. Amazon Connect Amazon Connect is a self-service, cloud-based contact center service that makes it easy for any business to deliver better customer service at lower cost.

INCORRECT: “Amazon ElastiCache” is incorrect. Amazon ElastiCache is a caching service for databases. Though it does improve read performance for database queries, it is not a global service that is designed to improve performance for users around the world.

59
Q

Which of the below are good use cases for a specific Amazon EC2 pricing model? (Select TWO.)
A.On-demand for ad-hoc requirements that cannot be interrupted
B.Reversed instances for steady state predictable usage
C.On-demand for regulatory requirements that do not allow multi tenant virtualization
D.Spot for consistent load over long term
E.Resevred instances for applications with flexible start and end times

A

A.On-demand for ad-hoc requirements that cannot be interrupted
B.Reversed instances for steady state predictable usage

Explanation:
Typical use cases for the pricing models listed are:

On-demand: Good for users that want the low cost and flexibility of EC2 without any up-front payment or long-term commitment. Applications with short term, spiky, or unpredictable workloads that cannot be interrupted

Reserved: Applications with steady state or predictable usage or that require reserved capacity

Spot: Applications that have flexible start and end times and that are only feasible at very low compute prices. May be terminated

Dedicated hosts: Useful for regulatory requirements that may not support multi-tenant virtualization. Great for licensing which does not support multi-tenancy or cloud deployments

CORRECT: “Reserved instances for steady state predictable usage” is a correct answer.

CORRECT: “On-demand for ad-hoc requirements that cannot be interrupted” is also a correct answer.

INCORRECT: “On-demand for regulatory requirements that do not allow multi-tenant virtualization” is incorrect. Please refer to the typical use cases above.

INCORRECT: “Spot for consistent load over a long term” is incorrect. Please refer to the typical use cases above.

INCORRECT: “Reserved instances for applications with flexible start and end times” is incorrect. Please refer to the typical use cases above.

60
Q 
Which Amazon EC2 pricing model should be used to comply with per-core software license requirements?
A.On-demand instances
B.Reserved instances
C.Dedicated Hosts
D.Spot instances
A

C.Dedicated Hosts

Explanation:
Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2, so that you get the flexibility and cost effectiveness of using your own licenses, but with the resiliency, simplicity and elasticity of AWS. An Amazon EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate compliance requirements.

CORRECT: “Dedicated Hosts” is the correct answer.

INCORRECT: “On-Demand Instances” is incorrect. This is a standard pricing model and does not offer the advantages requested.

INCORRECT: “Spot Instances” is incorrect. This is used to obtain discounted pricing for short-term requirements that can be interrupted.

INCORRECT: “Reserved Instances” is incorrect. This is used to lower cost by reserving usage of an instance for a term of 1 or 3 years.

61
Q 
What are the fundamental charges for an Amazon EC2 instance? (Select TWO.)
A.Server uptime
B.Data storage
C.Basic monitoring
D.Your own AMIs
E.Private IP address
A

A.Server uptime
B.Data storage

Explanation:
When using EC2 instances you are charged for the compute uptime of the instance based on the family and type you chose. You are also charged for the amount of data provisioned.

CORRECT: “Data storage” is a correct answer.

CORRECT: “Server uptime” is also a correct answer.

INCORRECT: “Basic monitoring” is incorrect. Basic monitoring is free for EC2, detailed monitoring is charged.

INCORRECT: “AMI” is incorrect. Amazon Machine Images (AMIs) are not chargeable. You can purchase chargeable AMIs via the marketplace but you are not charged for any you create.

INCORRECT: “Private IP address” is incorrect. You do not pay for private IP addresses

62
Q

A user has an AWS account with a Business-level AWS Support plan and needs assistance with handling a production service disruption.

Which action should the user take?
A.Contact the dedicated AWS Concierge Support team
B.Contact the dedicated Technical Account Manager
C.Open a business-critical system down support case
D.Open a production system down support case

A

D.Open a production system down support case

Explanation:
The Business support plan provides a service level agreement (SLA) of < 1 hour for production system down support cases.

CORRECT: “Open a production system down support case” is the correct answer.

INCORRECT: “Contact the dedicated Technical Account Manager” is incorrect. The dedicated TAM only comes with the Enterprise support plan.

INCORRECT: “Contact the dedicated AWS Concierge Support team” is incorrect. The concierge support team only comes with the Enterprise support plan.

INCORRECT: “Open a business-critical system down support case” is incorrect. The business-critical system down support only comes with the Enterprise support plan.

63
Q 
What billing timeframes are available for Amazon EC2 on-demand instances? (Select TWO.)
A.PEr day
B.Per week
C.Per second
D.Per hour
E.Per minute
A

C.Per second
D.Per hour

Explanation:
With EC2 you are billed either by the second, for some Linux instances, or by the hour for all other instance types.

CORRECT: “Per second” is a correct answer.

CORRECT: “Per hour” is also a correct answer.

INCORRECT: “Per week” is incorrect as explained above.

INCORRECT: “Per day” is incorrect as explained above.

INCORRECT: “Per minute” is incorrect as explained above.

64
Q 
Which type of security control can be used to deny network access from a specific IP address?
A.AWS Shield
B.Security group
C.Network ACL
D. AWS WAF
A

C.Network ACL

Explanation:
A Network ACL supports allow and deny rules. You can create a deny rule specifying a specific IP address that you would like to block.
CORRECT: “Network ACL” is the correct answer.

INCORRECT: “AWS Shield” is incorrect. AWS Shield is a managed Distributed Denial of Service (DDoS) protection service

INCORRECT: “AWS WAF” is incorrect. AWS WAF is a web application firewall

INCORRECT: “Security Group” is incorrect. A Security Group only supports allow rules

65
Q 
Which type of AWS Storage Gateway can be used to backup data with popular backup software?
A.Gateway Virtual Tape Library
B.File Gateway
C.Volume Gateway
D.Backup gateway
A

A.Gateway Virtual Tape Library

Explanation:
The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud.

The Gateway Virtual Tape Library can be used with popular backup software such as NetBackup, Backup Exec and Veeam. Uses a virtual media changer and tape drives.

CORRECT: “Gateway Virtual Tape Library” is the correct answer.

INCORRECT: “File Gateway” is incorrect. File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3.

INCORRECT: “Volume Gateway” is incorrect. The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes.

INCORRECT: “Backup Gateway” is incorrect. There is no such thing as a Backup Gateway in the AWS products.

ag-AWS Cloud Practitioner Practice Exams (Udemy) (24 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions