AWS Certified Cloud Practitioner: Test 5

Question 1

What is the name of the online, self-service portal that AWS provides to enable customers to view reports and, such as PCI reports, and accept agreements?
A. AWS Documentation Portal
B.AWS DocuFact
C.AWS Compliance Portal
D.AWS Artifact

Answer 1

D.AWS Artifact
Explanation

AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements.

Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls.

Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).

CORRECT: “AWS Artifact” is the correct answer.

INCORRECT: “AWS Compliance Portal” is incorrect as this is not a real service.

INCORRECT: “AWS Documentation Portal” is incorrect as this is not a real service.

INCORRECT: AWS DocuFact”” is incorrect as this is not a real service.

Question 2

Which service provides alerts and remediation guidance when AWS is experiencing events that may impact you?
A.AWS Trusted Advisory
B.AWS Inspector
C.AWS Personal Health Dashboard
D.AWS Shield

Answer 2

C.AWS Personal Health Dashboard

Explanation:
AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you.

CORRECT: “AWS Personal Health Dashboard” is the correct answer.

INCORRECT: “AWS Trusted Advisor” is incorrect. Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment.

INCORRECT: “AWS Inspector” is incorrect. Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

INCORRECT: “AWS Shield” is incorrect. AWS Shield is a managed Distributed Denial of Service (DDoS) protection service.

Question 3

Which AWS program can help an organization to design, build, and manage their workloads on AWS?
A.AWS Consulting Partners
B.AWS Business Development Manager
C.APN Technology Consultants
D.AWS Technical Account Manager

Answer 3

A.AWS Consulting Partners

Explanation:
APN Consulting Partners are professional services firms that help customers of all sizes design, architect, build, migrate, and manage their workloads and applications on AWS. Consulting Partners include System Integrators (SIs), Strategic Consultancies, Agencies, Managed Service Providers (MSPs), and Value-Added Resellers (VARs).

None of the other options are AWS Programs that can assist a customer with the design, build and management of their workloads.

CORRECT: “APN Consulting Partners” is the correct answer.

INCORRECT: “APN Technology Consultants” is incorrect as explained above.

INCORRECT: “AWS Business Development Manager” is incorrect as explained above.

INCORRECT: “AWS Technical Account Manager” is incorrect as explained above.

Question 4

Assuming you have configured them correctly, which AWS services can scale automatically without intervention? (Select TWO.)
A.Amazon EC2
B.Amazon EBS
C.Amazon S3
D.Amazon RDS
E.Amazon DynamoDB

Answer 4

C.Amazon S3

Explanation:
Both S3 and DynamoDB automatically scale as demand dictates. In the case of DynamoDB you can either configure the on-demand or provisioned capacity mode. With on-demand capacity mode DynamoDB automatically adjusts the read and write throughput for you.

EBS and RDS do not scale automatically. You must intervene to adjust volume sizes and database instance types to scale these resources

CORRECT: “Amazon S3” is a correct answer.

CORRECT: “Amazon DynamoDB” is also a correct answer.

INCORRECT: “Amazon RDS” is incorrect as explained above.

INCORRECT: “Amazon EC2” is incorrect. EC2 cannot scale automatically. You need to use Auto Scaling to scale the number of EC2 instances deployed.

INCORRECT: “Amazon EBS” is incorrect as explained above.

Question 5

What is an Edge location?
A.A public endpoint for Amazon S3
B.A content delivery network (CDN) endpoint for CloudFront
C.A virtual private gateway for VPN
D.A VPC peering connection endpoint

Answer 5

B.A content delivery network (CDN) endpoint for CloudFront

Explanation:
Edge locations are Content Delivery Network (CDN) endpoints for CloudFront. There are many more edge locations than regions.

CORRECT: “A content delivery network (CDN) endpoint for CloudFront” is the correct answer.

INCORRECT: “A public endpoint for Amazon S3” is incorrect as it is not related to S3.

INCORRECT: “A virtual private gateway for VPN” is incorrect as it is not related to VPN.

INCORRECT: “A VPC peering connection endpoint” is incorrect as it is not related to VPC.

Question 6

What information must be entered into the AWS TCO Calculator?
A.The number of applications in your company
B.The number of storage systems in your company
C.The number of servers in your company
D.The number of end users in your company

Answer 6

C.The number of servers in your company

Explanation:
The TCO calculator asks for the number of servers (Physical or VMs) you are running on-premises. You also need to supply the resource information (CPU, RAM) and specify whether the server is a DB or non-DB.
CORRECT: “The number of servers in your company” is the correct answer.

INCORRECT: “The number of end users in your company” is incorrect. You do not need to supply the number of end users.

INCORRECT: “The number of applications in your company” is incorrect. You do not need to supply the number of applications.

INCORRECT: “The number of storage systems in your company” is incorrect. You don’t need to specify the number of storage systems, you just need to specify the raw capacity.

Use this new calculator to compare the cost of your applications in an on-premises or traditional hosting environment to AWS. Describe your on-premises or hosting environment configuration to produce a detailed cost comparison with AWS.

Question 7

Which service runs your application code only when needed without needing to run servers?
A.Amazon EC2
B.Amazon ECS
C.AWS LightSail
D.AWS Lambda

Answer 7

D.AWS Lambda

Explanation:
AWS Lambda is a serverless service that runs code as “functions”. That means that your code is run when needed but there are no servers running (at least not servers that you see or manage). This reduces cost and operational overhead.

CORRECT: “AWS Lambda” is the correct answer.

INCORRECT: “Amazon EC2” is incorrect. Amazon EC2 is used for running server instances so this is an incorrect answer.

INCORRECT: “Amazon ECS” is incorrect. Amazon ECS is used for running Docker containers which do need to run waiting for requests.

INCORRECT: “AWS LightSail” is incorrect. AWS LightSail is a service that is used for running virtual instances and databases using a simplified user interface for users who are less experienced with AWS (also at a much lower cost than EC2).

Question 8

Which of the following are advantages of using the AWS cloud computing over legacy IT? (Select TWO.)
A. You do not need to worry about over provisioning as youcan elastically scale
B.You are able to pass responsibility for the availability of your applications to AWS
C.You can bring services closer to your end users
D.You can bring new applications to market faster
E.You do not need to patch your operating systems

Answer 8

A. You do not need to worry about over provisioning as youcan elastically scale
D.You can bring new applications to market faster

Explanation:
With cloud computing you no longer need to guess about capacity as you can elastically scale. This means you don’t end up overprovisioning but instead react to the load on your servers. You can also be faster and more agile with development and release of applications.

CORRECT: “You don’t need to worry about over provisioning as you can elastically scale” is a correct answer.

CORRECT: “You can bring new applications to market faster” is also a correct answer.

INCORRECT: “You are able to pass responsibility for the availability of your application to AWS” is incorrect. You do not pass responsibility for your application to AWS. AWS runs the infrastructure but you still manage the application

INCORRECT: “You don’t need to patch your operating systems” is incorrect. You still need to patch your own operating systems.

INCORRECT: “You can bring services closer to your end users” is incorrect. The cloud is centralized so you won’t necessarily bring services closer to your end users.

Question 9

A company wants to utilize a pay as you go cloud model for all of their applications without CAPEX costs and which is highly elastic. Which cloud delivery model will suit them best?    
A.Private
B.On-premise
C.Public
D.Hybrid

Answer 9

C.Public

Explanation;
The public cloud is offered under a purely pay as you go model (unless you choose to reserve), and allows companies to completely avoid CAPEX costs. The public cloud is also highly elastic so companies can grow and shrink the applications as demand changes.

Private and on-premise clouds are essentially the same, though both could be managed by a third party and even could be delivered under an OPEX model by some vendors. However, they are typically more CAPEX heavy and the elasticity is limited.

A hybrid model combines public and private and this company wants to go all in on a single model.

CORRECT: “Public” is the correct answer.

INCORRECT: “Private” is incorrect as explained above.

INCORRECT: “Hybrid” is incorrect as explained above.

INCORRECT: “On-premise” is incorrect as explained above.

Question 10

What are the primary benefits of using AWS Elastic Load Balancing? (Select TWO.)
A.Automation
B.Elasticity
C.Caching
D.Regional resilience
E.high availability

Answer 10

B.Elasticity
E.high availability

High availability – ELB automatically distributes traffic across multiple EC2 instances in different AZs within a region.

Elasticity – ELB is capable of handling rapid changes in network traffic patterns.

CORRECT: “High availability” is a correct answer.

CORRECT: “Elasticity” is also a correct answer.

INCORRECT: “Automation” is incorrect. Automation is not a primary benefit of ELB.

INCORRECT: “Caching” is incorrect. Caching is not a benefit of ELB

INCORRECT: “Regional resilience” is incorrect. An ELB can distribute incoming traffic across your Amazon EC2 instances in a single Availability Zone or multiple Availability Zones, but not across regions (for regional resilience).

Question 11

Which of the following constitute the five pillars for the AWS Well-Architected Framework? (Select TWO.)
A.Operational excellence, elasticity and scalability
B.Operational excellence, security and reliability
C.Performance efficiency and cost optimization
D.Data consistency and cost optimization
E.Cost prioritization and cost optimization

Answer 11

B.Operational excellence, security and reliability
C.Performance efficiency and cost optimization

Explanation:
The five pillars of the AWS Well-Architected Framework are operational excellence, security, reliability, performance efficiency, and cost optimization

CORRECT: “Operational excellence, security, and reliability” is the correct answer.

CORRECT: “Performance efficiency, and cost optimization” is the correct answer.

INCORRECT: “Operational excellence, elasticity and scalability” is incorrect as elasticity and scalability are not included.

INCORRECT: “Cost prioritization, and cost optimization” is incorrect as cost prioritization is not included.

INCORRECT: “Data consistency, and cost optimization” is incorrect as data consistency is not included.

Question 12

Which service can you use to monitor, store and access log files generated by EC2 instances and on-premises servers?
A.Amazon CloudWatch Logs
B.AWS OpsWorks
C.AWS CloudTrail
D.Amazon kenesis

Answer 12

A.Amazon CloudWatch Logs

Explanation:
You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources. You can then retrieve the associated log data from CloudWatch Logs.

CORRECT: “Amazon CloudWatch Logs” is the correct answer.

INCORRECT: “AWS CloudTrail” is incorrect. AWS CloudTrail is used for recording a history of API actions taken on your account.

INCORRECT: “AWS OpsWorks” is incorrect. OpsWorks is a configuration management service.

INCORRECT: “Amazon Kinesis” is incorrect. Amazon Kinesis is a set of services used for collecting, processing and analyzing streaming data.

Question 13

A company needs protection from distributed denial of service (DDoS) attacks on its website and assistance from AWS experts during such events.

Which AWS managed service will meet these requirements?
A.AWS Firewall manager
B.AWS Shield Advanced
C.AWS Web Application Firewall
D.Amazon GuardDuty

Answer 13

B.AWS Shield Advanced

Explanation:
AWS Shield Advanced provides enhanced detection and includes a specialized support team for customers on Enterprise or Business support plans. The AWS DDoS Response Team (DRT) are available 24/7 and can be engaged before, during, or after a DDoS attack.

CORRECT: “AWS Shield Advanced” is the correct answer.

INCORRECT: “AWS Firewall Manager” is incorrect. This service is used to simplify management of AWS WAF, AWS Shield Advanced, and Amazon VPC security groups.

INCORRECT: “AWS Web Application Firewall” is incorrect. AWS WAF is used for protecting web applications and APIs against malicious attacks. This is not a DDoS prevention service.

INCORRECT: “Amazon GuardDuty” is incorrect. This service is used for continuously monitoring AWS resources for threats. It is not a DDoS prevention service, it uses machine learning and anomaly detection to identify security vulnerabilities in resources.

Question 14

Which type of EBS volumes can be encrypted?
A.Both non-root and root volumes
B.Only non-root volumes created from snapshots
C.Only root volumes can have encryption applied at launch time
D.Non-root volumes only

Answer 14

A.Both non-root and root volumes

Amazon EBS encryption offers a straight-forward encryption solution for your EBS resources that doesn’t require you to build, maintain, and secure your own key management infrastructure. It uses AWS Key Management Service (AWS KMS) customer master keys (CMK) when creating encrypted volumes and snapshots.

Encryption operations occur on the servers that host EC2 instances, ensuring the security of both data-at-rest and data-in-transit between an instance and its attached EBS storage.

All volumes can now be encrypted at launch time and it’s possible to set this as the default setting.

CORRECT: “Both non-root and root volumes” is the correct answer.

INCORRECT: “Non-root volumes only” is incorrect as this is not true.

INCORRECT: “Only non-root volumes created from snapshots” is incorrect as you can encrypt all EBS volumes whether created from snapshots or not.

INCORRECT: “Only root volumes can have encryption applied at launch time” is incorrect as all volumes can have encryption applied at launch time.

Question 15

Under the AWS Shared Responsibility Model, which of the following is the customer NOT responsible for?
A.Applying encryption to data stored on an EBS volume
B.Adding firewall rules to security groups and network ACLs
C.Installing firmware updates on host servers
D.Applying bucket policies to share Amazon S3 data

Answer 15

C.Installing firmware updates on host servers

Explanation:
AWS customers are not responsible for installing firmware updates on the underlying infrastructure. AWS customers must protect their AWS services through policies, encryption, and firewall rules.

CORRECT: “Installing firmware updates on host servers” is the correct answer.

INCORRECT: “Adding firewall rules to security groups and network ACLs” is incorrect as this is a customer responsibility.

INCORRECT: “Applying encryption to data stored on an EBS volume” is incorrect as this is a customer responsibility.

INCORRECT: “Applying bucket policies to share Amazon S3 data” is incorrect as this is a customer responsibility.

Question 16

Which AWS security service provides a firewall at the subnet level within a VPC?
A.Bucket Policy
B.Network Access Control List
C.IAM Policy
D.Security Policy

Answer 16

B.Network Access Control List

Explanation:
A Network ACL is a firewall that is associated with a subnet within your VPC. It is used to filter the network traffic that enters and exits the subnet.

CORRECT: “Network Access Control List” is the correct answer.

INCORRECT: “Security Group” is incorrect. A Security Group is a firewall that is associated with an EC2 instances (not the subnet). Security Groups control the traffic the inbound and outbound network traffic from/to the instance.

INCORRECT: “IAM Policy” is incorrect. An IAM Policy is used to assign permissions to users and roles.

INCORRECT: “Bucket Policy” is incorrect. A Bucket Policy is used with Amazon S3 buckets to control access.

Question 17

Which AWS support plan provides email only support by Cloud Support Associates?
A.Eneterpsie
B.Developer
C.Basic
D.Business

Answer 17

B.Developer

Explanation:
Developer provides email support by the Cloud Support Associates team whereas Business and Enterprise provide email, 24×7 phone and chat access to Cloud Support Engineers. Basic does not provide email support at all.
CORRECT: “Developer” is the correct answer.

INCORRECT: “Basic” is incorrect as explained above.

INCORRECT: “Business” is incorrect as explained above.

INCORRECT: “Enterprise” is incorrect as explained above.

Question 18

A user deploys an Amazon Aurora database instance in multiple Availability Zones.

This strategy involves which pillar of the AWS Well-Architected Framework?
A.Cost optimization
B.Reliability
C.Performance efficiency
D.Security

Answer 18

B.Reliability

Explanation:
The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.

There are five design principles for reliability in the cloud:

• Test recovery procedures
• Automatically recover from failure
• Scale horizontally to increase aggregate system availability
• Stop guessing capacity
• Manage change in automation

The example given in the question is related to “Automatically recover from failure”.

CORRECT: “Reliability” is the correct answer.

INCORRECT: “Performance efficiency” is incorrect as this is an example of reliability.

INCORRECT: “Cost optimization” is incorrect as this is an example of reliability.

INCORRECT: “Security” is incorrect as this is an example of reliability.

Question 19

With which service can a developer upload code using a ZIP or WAR file and have the service handle the end-to-end deployment of the resources?
A.Amazon ECS
B.AWS CodeDeploy
C.AWS CodeCommit
D,AWS Elastic Beanstalk

Answer 19

D,AWS Elastic Beanstalk

Explanation

AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Developers upload applications and Elastic Beanstalk handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.

You can upload code directly using a ZIP or WAR file. You can also use a Git archive.

CORRECT: “AWS Elastic Beanstalk” is the correct answer.

INCORRECT: “AWS CodeDeploy” is incorrect. AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and on-premises servers.

INCORRECT: “Amazon ECS” is incorrect. Amazon Elastic Container Service is a managed service for running Docker containers.

INCORRECT: “AWS CodeCommit” is incorrect. AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It does not actually automate the build of the code or infrastructure on which it runs.

Question 20

Which type of storage stores objects comprised of key, value pairs?
A.Amazon DynamoDB
B.Amazon EBS
C.Amazon EFS
D.Amazon S3

Answer 20

D.Amazon S3

Explanation:
Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 is an object-based storage system that stores objects that are comprised of key, value pairs.

CORRECT: “Amazon S3” is the correct answer.

INCORRECT: “Amazon DynamoDB” is incorrect. Amazon DynamoDB stores items, not objects, based on key, value pairs.

INCORRECT: “Amazon EBS” is incorrect. Amazon EBS is a block-based storage system.

INCORRECT: “Amazon EFS” is incorrect. Amazon EFS is a file-based storage system.

Question 21

Which of the following statements is correct about Amazon S3 cross-region replication?
A.The source S3 bucket owner must have the source and destination AWS Regions disabled for their account
B.The source and destination S3 buckets cannot be in different AWS regions
C.S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts
D.Both source and destination S3 buckets must have versioning disabled

Answer 21

C.S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts

Explanation:
Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can copy objects between different AWS Regions or within the same Region.

Both source and destination buckets must have versioning enabled. The source bucket owner must have the source and destination AWS Regions enabled for their account. The destination bucket owner must have the destination Region-enabled for their account.

CORRECT: “S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts” is the correct answer.

INCORRECT: “Both source and destination S3 buckets must have versioning disabled” is incorrect as explained above.

INCORRECT: “The source and destination S3 buckets cannot be in different AWS Regions” is incorrect as explained above.

INCORRECT: “The source S3 bucket owner must have the source and destination AWS Regions disabled for their account” is incorrect as explained above.

Question 22

Which of the following Amazon EC2 pricing models allows customers to use existing server-bound software licenses?
A.On-Demand Instances
B.Reserved Instances
C.Spot Instances
D.Dedicated Hosts

Answer 22

D.Dedicated Hosts

Explanation:
Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2, so that you get the flexibility and cost effectiveness of using your own licenses, but with the resiliency, simplicity and elasticity of AWS. An Amazon EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate compliance requirements.

CORRECT: “Dedicated Hosts” is the correct answer.

INCORRECT: “On-Demand Instances” is incorrect. This is a standard pricing model and does not offer the advantages requested.

INCORRECT: “Spot Instances” is incorrect. This is used to obtain discounted pricing for short-term requirements that can be interrupted.

INCORRECT: “Reserved Instances” is incorrect. This is used to lower cost by reserving usage of an instance for a term of 1 or 3 years.

Question 23

How can a company connect from their on-premises network to VPCs in multiple regions using private connections?
A.Amazon CloudFront
B.AWS managed VPN
C.Inter-Region VPC Peering
D.AWS Direct Connect Gateway

Answer 23

D.AWS Direct Connect Gateway

Explanation;
You can use an AWS Direct Connect gateway to connect your AWS Direct Connect connection over a private virtual interface to one or more VPCs in your account that are located in the same or different Regions

CORRECT: “AWS Direct Connect Gateway” is the correct answer.

INCORRECT: “AWS Managed VPN” is incorrect. AWS Managed VPN uses the public Internet and is therefore not a private connection.

INCORRECT: “Amazon CloudFront” is incorrect. Amazon CloudFront is a content delivery network used for caching data.

INCORRECT: “Inter-Region VPC Peering” is incorrect. Inter-Region VPC peering does not help you to connect from an on-premise network.

Question 24

What is the name of the AWS managed Docker registry service used by the Amazon Elastic Container Service (ECS)?    
A.ECS Container Registry
B.Docker Container Registry
C.Elastic Container Registry
D.Docker Image Repository

Answer 24

C.Elastic Container Registry

Explanation:
Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.

Amazon ECR is integrated with Amazon Elastic Container Service (ECS). Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure.

CORRECT: “Elastic Container Registry” is the correct answer.

INCORRECT: “ECS Container Registry” is incorrect as this is the wrong name.

INCORRECT: “Docker Container Registry” is incorrect as this is not an AWS registry.

INCORRECT: “Docker Image Repository” is incorrect as this is not an AWS registry.

Question 25

An Elastic IP Address can be remapped between EC2 instances across which boundaries?
A.Regions
B.Edge Locations
C.DB Subnets
D.Availability Zones

Answer 25

D.Availability Zones

Explanation:
Elastic IP addresses are for use in a specific region only and can therefore only be remapped between instances within that region. You can use Elastic IP addresses to mask the failure of an instance in one Availability Zone by rapidly remapping the address to an instance in another Availability Zone.

CORRECT: “Availability Zones” is the correct answer.

INCORRECT: “Regions” is incorrect as you cannot remap across regions.

INCORRECT: “Edge Locations” is incorrect. Edge Locations are used by CloudFront and are not places where you can run EC2 instances.

INCORRECT: “DB Subnets” is incorrect. DB subnets (groups) are used by the RDS relational database service and are not used for running EC2 instances.

Question 26

A Cloud Practitioner is developing a disaster recovery plan and intends to replicate data between multiple geographic areas.

Which of the following meets these requirements?
A.Availability Zones
B.AWS Accounts
C.AWS Regions
D.Edge Locations

Answer 26

C.AWS Regions

Explanation:
AWS has the concept of a Region, which is a physical location around the world where we cluster data centers. We call each group of logical data centers an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate AZ’s within a geographic area.
Therefore, the Cloud Practitioner should replicate data between multiple Regions as these are separate geographical areas.

CORRECT: “AWS Regions” is the correct answer.

INCORRECT: “AWS Accounts” is incorrect. An account is not a geographic area.

INCORRECT: “Availability Zones” is incorrect. AZs are within a Region, not across geographical areas.

INCORRECT: “Edge locations” is incorrect. These are not locations to which you can replicate your data. They are used primarily by Amazon CloudFront for caching content, not for disaster recovery.

Question 27

What are two correct statements about AWS Organizations with consolidated billing? (Select TWO.)
A.Volume pricing discounts applied accross multiple accounts
B.Multiple bills are provided per organization
D.Linked accounts lose their management independence
E.One bill provided for multiple accounts

Answer 27

A.Volume pricing discounts applied accross multiple accounts
E.One bill provided for multiple accounts

Explanation:
With AWS organizations you create a paying account and linked accounts. One bill is provided for multiple accounts within an organization. Volume pricing discounts can be applied across resources in multiple accounts.

CORRECT: “One bill provided for multiple accounts” is a correct answer.

CORRECT: “Volume pricing discounts applied across multiple accounts” is also a correct answer.

INCORRECT: “Multiple bills are provided per organization” is incorrect as one bill is provided for multiple accounts within an organization.

INCORRECT: “Linked accounts lose their management independence” is incorrect. Linked accounts can still be managed independently.

INCORRECT: “CloudTrail can be configured per organization” is incorrect. CloudTrail is on a per account basis and per region basis but can be aggregated into a single bucket in the paying account.

Question 28

Which AWS feature of Amazon EC2 allows an administrator to create a standardized image that can be used for launching new instances?
A.Amazon Block Template
B.Amazon Machine Image
C.Amazon EBS Mount Point
D.Amazon Golden Image

Answer 28

B.Amazon Machine Image

Explanation:
An Amazon Machine Image (AMI) provides the information required to launch an instance. You can use an AMI to launch identical instances from a standard template. This is also known as a Golden Image (though no such feature exists in AWS with this name). An AMI is created from an EBS snapshot and also includes launch permissions and a block device mapping.

CORRECT: “Amazon Machine Image” is the correct answer.

INCORRECT: “Amazon Golden Image” is incorrect as this is not an AWS feature.

INCORRECT: “Amazon Block Template” is incorrect. Amazon Block Templates do not exist.

INCORRECT: “Amazon EBS Mount Point” is incorrect. An Amazon EBS Mount Point is not an AWS feature. You do mount EBS volumes however this is within the operating system. Block device mappings are used in AMIs to specify how to mount the EBS volume.

Question 29

How can you configure Amazon Route 53 to monitor the health and performance of your application?
A.Using CloudWatch
B.Using Route 53 health checks
C.Using DNS lookups
D.Using the Route 53 API

Answer 29

B.Using Route 53 health checks
Amazon Route 53 health checks monitor the health and performance of your web applications, web servers, and other resources.

None of the other options provide a solution that can check the health and performance of an application.

CORRECT: “Using Route 53 health checks” is the correct answer.

INCORRECT: “Using DNS lookups” is incorrect as explained above.

INCORRECT: “Using the Route 53 API” is incorrect as explained above.

INCORRECT: “Using CloudWatch” is incorrect as explained above

Question 30

A Cloud Practitioner needs to rapidly deploy a popular IT solution and start using it immediately.

What should the Cloud Practitioner use?
A.AWS Elastic Beanstalk
B.AWS Quick Start reference deployments
C.Amazon CloudFront
D.AWS Well-Architectured Frmework documentation

Answer 30

B.AWS Quick Start reference deployments

Explanation:
Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately.

Each Quick Start includes AWS CloudFormation templates that automate the deployment and a guide that discusses the architecture and provides step-by-step deployment instructions.

CORRECT: “AWS Quick Start reference deployments” is the correct answer.

INCORRECT: “AWS Well-Architected Framework documentation” is incorrect. The well architected framework is documentation that provides guidance on design best practices. It is not used to actually deploy anything.

INCORRECT: “Amazon CloudFront” is incorrect. CloudFront is a content delivery network (CDN) that caches content for better performance.

INCORRECT: “AWS Elastic Beanstalk” is incorrect. Elastic Beanstalk can be used to easily deploy certain web applications. However, you still need to supply the code and it is limited to EC2 instances.

Question 31

Which service allows an organization to bring their own licensing on host hardware that is physically isolated from other AWS accounts?
A.EC2 Spot Instances
B.EC2 Reserved Instances
C.EC2 Dedicated hosts
D.EC2 Dedicated Instances

Answer 31

C.EC2 Dedicated hosts

An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses, including Windows Server, Microsoft SQL Server, SUSE, Linux Enterprise Server, and so on.

CORRECT: “EC2 Dedicated Hosts” is the correct answer.

INCORRECT: “EC2 Dedicated Instances” is incorrect. Dedicated Instances are Amazon EC2 instances that run in a VPC on hardware that’s dedicated to a single customer. Bring your own licensing (BYOL) is not supported for dedicated instances.

INCORRECT: “EC2 Spot Instances” is incorrect. Spot instances allow you to bid in the marketplace for EC2 instances to reduce cost, they do not allow BYOL.

INCORRECT: “EC2 Reserved Instances” is incorrect. Reserved instances allow you to reduce on-demand price by up to 70% by committing to a 1- or 3-year term.

Question 32

Which support plan is the lowest cost option that allows unlimited cases to be open?
A.Business 
B.Enterprise
C.Developer
D.basic

Answer 32

C.Developer

Explanation:
With the Developer plan you can open unlimited cases. You can also open unlimited cases with the Business and Enterprise plans but these are more expensive. You cannot open any support cases with the basic support plan.

CORRECT: “Developer” is the correct answer.

INCORRECT: “Basic” is incorrect as explained above.

INCORRECT: “Business” is incorrect as explained above.

INCORRECT: “Enterprise” is incorrect as explained above.

Question 33

What feature of Amazon S3 enables you to set rules to automatically transfer objects between different storage classes at defined time intervals?
A.Object Lifecycle management
B.S3 Archiving
C.Elastic Data Management
D.Auto Lifecycle Scaling

Answer 33

A.Object Lifecycle management

Explanation:
Object lifecycle management can be used with objects so that they are stored cost effectively throughout their lifecycle. Objects can be transitioned to another storage class or expired.

All other options are incorrect as they are not services that can automatically transfer objects between S3 storage classes.

CORRECT: “Object Lifecycle Management” is the correct answer.

INCORRECT: “Elastic Data Management” is incorrect as explained above.

INCORRECT: “Auto Lifecycle Scaling” is incorrect as explained above.

INCORRECT: “S3 Archiving” is incorrect as explained above.

Question 34

A developer needs a way to automatically provision a collection of AWS resources. Which AWS service is primarily used for deploying infrastructure as code?
A.AWS CodeDeploy
B.AWS Elastic Beanstalk
C.Jenkins
D.AWS CloudFormation

Answer 34

D.AWS CloudFormation

Explanation:
Explanation

AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. Think of CloudFormation as deploying infrastructure as code.

CORRECT: “AWS CloudFormation” is the correct answer.

INCORRECT: “AWS Elastic Beanstalk” is incorrect. Elastic Beanstalk is more focused on deploying applications on EC2 (PaaS).

INCORRECT: “AWS CodeDeploy” is incorrect. AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers.

INCORRECT: “Jenkins” is incorrect. Jenkins deploys infrastructure as code but is not an AWS service.

Question 35

When designing a VPC, what is the purpose of an Internet Gateway?
A.Its used for making VPN connections to a VPC
B.Enables Internet Communications for instances in public subnets
C.Provides Interent Access for EC2 instances in provate subnets
D.Its a bastion host for inbound management connections

Answer 35

B.Enables Internet Communications for instances in public subnets

Explanation:
An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic.

An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.

CORRECT: “Enables Internet communications for instances in public subnets” is the correct answer.

INCORRECT: “Provides Internet access for EC2 instances in private subnets” is incorrect. You cannot connect instances in a private subnet to the Internet using an Internet Gateway, you need a NAT Gateway or NAT Instance for this purpose.

INCORRECT: “It’s a bastion host for inbound management connections” is incorrect. You cannot use an Internet Gateway as a bastion host, deploy an EC2 instance in a public subnet for this purpose.

INCORRECT: “It’s used for making VPN connections to a VPC” is incorrect. You cannot use the Internet Gateway for making VPN connections to a VPC, you need a Virtual Private Gateway for this purpose.

Question 36

Which AWS service can be used to send automated notifications to HTTP endpoints?
A.Amazon SQS
B.Amazon SNS
C.Amazon SWF
D.Amazon SES

Answer 36

B.Amazon SNS

Explanation:
Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud. SNS can be used to send automated or manual notifications to email, mobile (SMS), SQS, and HTTP endpoints.
CORRECT: “Amazon SNS” is the correct answer.

INCORRECT: “Amazon SQS” is incorrect. Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. This is a message bus, not a notification service.

INCORRECT: “Amazon SWF” is incorrect. Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential step. It is not a notification service.

INCORRECT: “Amazon SES” is incorrect. Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails. It is limited to sending email.

Question 37

Which of the following would be good reasons to move from on-premises to the AWS Cloud? (Select TWO.)
A.gain end-to-end operational management of the entire infrastructure stack
B.Gain access to free technical support services
C.Improve agility and elasticity
D.Reduce costs through easier right-sizing of workloads
E.Outsource all security responsibility

Answer 37

C.Improve agility and elasticity
D.Reduce costs through easier right-sizing of workloads

Explanation:
There are many benefits to moving to the AWS Cloud and these include reducing costs through right-sizing workloads. This is easier with elastic computing and the ability to easily adjust workloads, monitor utilization and programmatically make changes. You can improve agility and elasticity through services such as Auto Scaling, Elastic Load Balancing and highly scalable services such as S3 and Lambda.

CORRECT: “Reduce costs through easier right-sizing of workloads” is a correct answer.

CORRECT: “Improve agility and elasticity” is also a correct answer.

INCORRECT: “Gain access to free technical support services” is incorrect. You do not get free technical support services with AWS.

INCORRECT: “Gain end-to-end operational management of the entire infrastructure stack” is incorrect. You do not gain end-to-end operational management of your entire infrastructure stack. AWS manage the infrastructure and, for some services, the application too.

INCORRECT: “Outsource all security responsibility” is incorrect. You do not outsource all security responsibility with AWS – you are still responsible for ensuring the security of your applications, users, and data.

Question 38

How can a company protect their Amazon S3 data from a regional disaster?
A.Use Cross-Region Replication (CRR) to copy to another region
B.Enable Multi-Factor Authentication (MFA) delete
C.Use lifecycle actions to move to another S3 storage class
D.Archive to Amazon Glacier

Answer 38

A.Use Cross-Region Replication (CRR) to copy to another region

Explanation

Cross-Region replication (CRR) is used to copy objects across Amazon S3 buckets in different AWS Regions. The only option here that will help is to use CRR to copy the data to another region. This will provide disaster recovery.

CORRECT: “Use Cross-Region Replication (CRR) to copy to another region” is the correct answer.

INCORRECT: “Archive to Amazon Glacier” is incorrect. Moving to Glacier does not copy the data out of the region.

INCORRECT: “Use lifecycle actions to move to another S3 storage class” is incorrect as this will not move the data to another region.

INCORRECT: “Enable Multi-Factor Authentication (MFA) delete” is incorrect. Enabling MFA delete will not protect the data from a regional disaster.

Question 39

What are two benefits of using AWS Lambda? (Select TWO.)
A.Integrated snapshots
B.No servers to manage 
C.Flexible operating system choices
D.Open source software
E.Continuous scaling (scale out)

Answer 39

B.No servers to manage
E.Continuous scaling (scale out)
Explanation:
With AWS Lambda you don’t have any servers to manage (serverless). Lambda functions scale out rather than up running multiple invocations of the function in parallel.

CORRECT: “No servers to manage” is a correct answer.

CORRECT: “Continuous scaling (scale out)” is also a correct answer.

INCORRECT: “Integrated snapshots” is incorrect. You do not have integrated snapshots (or any persistent storage) with Lambda.

INCORRECT: “Flexible operating system choices” is incorrect. You do not manage the operating system on which the functions run so have no choice of software.

INCORRECT: “Open source software” is incorrect. Lambda is AWS proprietary not open source.

Question 40

What offerings are included in the Amazon LightSail product set? (Select TWO.)
A.Serverless functions
B.NoSQL database
C.Virtual Private Server
D.Managed MySQL database
E.Object storage

Answer 40

C.Virtual Private Server
D.Managed MySQL database

Explanation:
Amazon LightSail provides an easy, low cost way to consume cloud services without needing the skill set for using VPC resources. The product set includes virtual private servers (instances), managed MySQL databases, HA storage, and load balancing

You can connect to other AWS services such as S3, DynamoDB, and CloudFront, however these are not part of the LightSail product range

CORRECT: “Virtual Private Server” is a correct answer.

CORRECT: “Managed MySQL database” is also a correct answer.

INCORRECT: “NoSQL database” is incorrect as explained above.

INCORRECT: “Object storage” is incorrect as explained above.

INCORRECT: “Serverless functions” is incorrect as explained above.

Question 41

Which of the below is an example of optimizing for cost?
A.Replace an EC2 compute instance with AWS Lambda
B.Choosing the fastest EC2 instance to ensure performance
C.Provision extra capacity to allow for growth
D.Deploy resources with AWS CLoudFormation

Answer 41

A.Replace an EC2 compute instance with AWS Lambda

Explanation:
Where possible, you should replace EC2 workloads with AWS managed services that don’t require you to take any capacity decisions. AWS Lambda is a serverless services and you only pay for actual processing time. Other examples of services that you don’t need to make capacity decisions with include: ELB, CloudFront, SQS, Kinesis Firehose, SES, and CloudSearch.

CORRECT: “Replace an EC2 compute instance with AWS Lambda” is the correct answer.

INCORRECT: “Choosing the fastest EC2 instance to ensure performance” is incorrect. You should not choose the fastest EC2 instance if you’re trying to optimize for cost as this will be expensive, you should right-size your EC2 instances, so you use the cheapest EC2 instance to suit your workload’s requirements.

INCORRECT: “Provision extra capacity to allow for growth” is incorrect. Provisioning extra capacity for growth is not an example of cost optimization. With cloud computing you no longer need to do this as you can configure applications, databases and storage systems to grow on demand.

INCORRECT: “Deploy resources with AWS CloudFormation” is incorrect. Deploying resources with CloudFormation is great for consistently deploying application configurations from a template. However, this is not an example of cost optimization, it is more an example of operational optimization.

Question 42

Which of the following descriptions is incorrect in relation to the design of Availability Zones?
A.Each subnet in a VPC is mapped to all AZs in the region
B.Each AZ is designed as an independent failure zone
C.AZs are physically separated within a typical metropolitan region and are located in lower risk flood plains
D.AZs have direct, low-latency, high-throughput and redundant network connections between each other

Answer 42

A.Each subnet in a VPC is mapped to all AZs in the region

Explanation:
Subnets are created within a single AZ and do not get mapped to multiple AZs.

CORRECT: “Each subnet in a VPC is mapped to all AZs in the region” is the correct answer.

INCORRECT: “AZ’s have direct, low-latency, high throughput and redundant network connections between each other” is incorrect as this is true.

INCORRECT: “Each AZ is designed as an independent failure zone” is incorrect as this is true.

INCORRECT: “AZs are physically separated within a typical metropolitan region and are located in lower risk flood plains” is incorrect as this is true.

Question 43

Which service is used introduce fault tolerance into an application architecture?
A.Amazon ElastiCache
B.Amazon Elastic Load Balancing
C.Amazon DynamoDB
D.Amazon CloudFront

Answer 43

B.Amazon Elastic Load Balancing

Explanation:
Amazon Elastic Load Balancing is used to spread load and introduce fault tolerance by distributing connections across multiple identically configured back-end EC2 instances.

CORRECT: “Amazon Elastic Load Balancing” is the correct answer.

INCORRECT: “Amazon CloudFront” is incorrect. Amazon CloudFront is a content delivery network that is used for caching content and serving it to web-based users quickly.

INCORRECT: “Amazon ElastiCache” is incorrect. Amazon ElastiCache is an in-memory database cache and is used to introduce improved performance rather than fault tolerance.

INCORRECT: “Amazon DynamoDB” is incorrect. Amazon DynamoDB is fault tolerant; however, it is not something you add to an architecture to introduce fault tolerance to the application stack.

Question 44

Which type of Amazon RDS automated backup allows you to restore the database with a granularity of as little as 5 minutes?
A.Full backu[
B.Incremental backup
C.Snapshot backup
D.Point-in-time recovery

Answer 44

D.Point-in-time recovery

Explanation:
You can restore an Amazon RDS database instance to a specific point in time with a granularity of 5 minutes. Amazon RDS uses transaction logs which it uploads to Amazon S3 to do this.

CORRECT: “Point-in-time recovery” is the correct answer.

INCORRECT: “Snapshot backup” is incorrect. This is not a point-in-time backup with 5 minute granularity.

INCORRECT: “Full backup” is incorrect. This just describes taking a fully backup of the database, typically with backup software.

INCORRECT: “Incremental backup” is incorrect. This describes taking a backup of items that have changed since the last backup.

Question 45

What are the benefits of using IAM roles for applications that run on EC2 instances? (Select TWO.)
A.More secure than sotring access keys within applications
B.Can apply multiple roles to a single instance
C.Easier to configure than using storing access keys within the EC2 instance
D.It is easier to manage IAM roles
E.Role credentials are permanent

Answer 45

A.More secure than sotring access keys within applications
D.It is easier to manage IAM roles
Explanation

Using IAM roles instead of storing credentials within EC2 instances is more secure It is also easier to manage roles.

CORRECT: “More secure than storing access keys within applications” is the correct answer.

CORRECT: “It is easier to manage IAM roles” is the correct answer.

INCORRECT: “Easier to configure than using storing access keys within the EC2 instance” is incorrect. It is not easier to configure as there are extra steps that need to be completed.

INCORRECT: “Can apply multiple roles to a single instance” is incorrect. You cannot apply multiple roles to a single instance.

INCORRECT: “Role credentials are permanent” is incorrect. Role credentials are temporary, not permanent, and are rotated automatically.

Question 46

Which of the following must be used together to gain programmatic access to an AWS account? (Select TWO.)
A.A primary key
B.An access key ID
C.A secret access key
D.A user ID
E.A secondary key

Answer 46

B.An access key ID
C.A secret access key

Explanation:
Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).

Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).

Like a user name and password, you must use both the access key ID and secret access key together to authenticate your requests. Manage your access keys as securely as you do your user name and password.

CORRECT: “An access key ID” is the correct answer.

CORRECT: “A secret access key” is the correct answer.

INCORRECT: “A primary key” is incorrect. Primary keys are not associated with authentication.

INCORRECT: “A user ID” is incorrect. A user ID is used to logon using the AWS Management Console, not programmatically.

INCORRECT: “A secondary key” is incorrect. Secondary keys are not associated with authentication.

Question 47

A cloud practitioner needs to decrease application latency and increase performance for globally distributed users.

Which services can assist? (Select TWO.)
A.Amazon ElastiCache
B.Amazon ECS
C.Amazon CloudFront
D.Amazon AppStream 2.0
E.Amazon S3

Answer 47

C.Amazon CloudFront
E.Amazon S3
Explanation:
Amazon S3 is an object-based storage system. It can be used to store data such as files and images that need to be served. Optionally, an S3 bucket can be configured as a static website. Amazon CloudFront is a content delivery network (CDN) that caches content at Edge Locations around the world.

These two services can work together with an S3 bucket configured as an origin for the CloudFront distribution. Users around the world will then be able to pull the content from the local Edge Location with lower latency and better performance.
CORRECT: “Amazon S3” is a correct answer.

CORRECT: “Amazon CloudFront” is also a correct answer.

INCORRECT: “Amazon ECS” is incorrect. The Elastic Container Service (ECS) is used for running Docker containers on AWS. This is not going to help with reducing latency or increasing performance for global users.

INCORRECT: “Amazon AppStream 2.0” is incorrect. This is an application streaming service for streaming applications to computers. It is unsuitable for these requirements.

INCORRECT: “Amazon ElastiCache” is incorrect. ElastiCache caches data from a database in-memory. It is unsuitable for these requirements.

Question 48

Which AWS services form the app-facing services of the AWS serverless infrastructure? (Select TWO.)
A.Amazon DynamoDB
B.Amazon EFS
C.AWS Step Function
D.Amazon API Gateway
E.AWS Lambda

Answer 48

D.Amazon API Gateway
E.AWS Lambda

Explanation:
AWS Lambda and Amazon API Gateway are both app-facing components of the AWS Serverless infrastructure

AWS Step Functions is an orchestration service

CORRECT: “AWS Lambda” is a correct answer.

CORRECT: “Amazon API Gateway” is also a correct answer.

INCORRECT: “AWS Step Functions” is incorrect. This is a serverless orchestration service.

INCORRECT: “Amazon DynamoDB” is incorrect. Amazon DynamoDB is a serverless database service. Databases are backend, not app-facing.

INCORRECT: “Amazon EFS” is incorrect. EFS is a filesystem. Typically, EFS is mounted by Amazon EC2 instances.

Question 49

Which service is used for caching data?
A.Amazon DynamoDB DAX
B.Amazon Elastic FileSystem (EFS)
C.Amazon Simple Queue Service (SQS)
D.AWS Key management Service (KMS)

Answer 49

A.Amazon DynamoDB DAX

Explanation:
Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second.

CORRECT: “Amazon DynamoDB DAX” is the correct answer.

INCORRECT: “Amazon Simple Queue Service (SQS)” is incorrect. Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.

INCORRECT: “Amazon Key Management Service (KMS)” is incorrect. AWS Key Management Service (KMS) makes it easy for you to create and manage keys and control the use of encryption across a wide range of AWS services and in your applications.

INCORRECT: “Amazon Elastic File System (EFS)” is incorrect. Amazon Elastic File System (Amazon EFS) provides a simple, scalable, elastic file system for Linux-based workloads for use with AWS Cloud services and on-premises resources.

Question 50

Which DynamoDB feature provides in-memory acceleration to tables that result in significant performance improvements?
A.Amazon EFS
B.Amazon DynamoDB Accelerator (DAX)
C.Amazon ElastiCache
D.Amazon CloudFront

Answer 50

B.Amazon DynamoDB Accelerator (DAX)

ExplanatiAmazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second.

DAX does all the heavy lifting required to add in-memory acceleration to your DynamoDB tables, without requiring developers to manage cache invalidation, data population, or cluster management.

CORRECT: “Amazon DynamoDB Accelerator (DAX)” is the correct answer.

INCORRECT: “Amazon ElastiCache” is incorrect. This service is also an in-memory cache but it is not a feature of DynamoDB.

INCORRECT: “Amazon EFS” is incorrect. This is an elastic filesystem based on the NFS protocol.

INCORRECT: “Amazon CloudFront” is incorrect. This is a content delivery network for caching content.on;

Question 51

Which services allow you to store files on AWS? (Select TWO.)
A.AWS SQS
B.Amazon EFS
C.Amazon LightSail
D.Amazon EBS
E.AWS Lambda

Answer 51

B.Amazon EFS
D.Amazon EBS
Explanation

You can store files on the Elastic Block Store (EBS), and Elastic File System (EFS). EBS volumes are mounted as block devices to EC2 instances and EFS volumes are mounted to the instance using the NFS protocol.

CORRECT: “Amazon EBS” is a correct answer.

CORRECT: “Amazon EFS” is also a correct answer.

INCORRECT: “AWS Lambda” is incorrect. AWS Lambda is a compute service for running code as functions.

INCORRECT: “Amazon LightSail” is incorrect. Amazon LightSail is a compute service for running instances.

INCORRECT: “Amazon SQS” is incorrect. Amazon Simple Queue Service (SQS) is a message bus for temporarily storing data that is being passed between application components.

Question 52

Which AWS components aid in the construction of fault-tolerant applications? (Select TWO.)
A.Tags
B.Block device mappings
C.AMIs
D.ARNs
E.Elastic IP addresses

Answer 52

C.AMIs
E.Elastic IP addresses

Explanation:
Elastic IP addresses can be easily remapped between EC2 instances in the event of a failure. Amazon Machine Images (AMIs) can be used to quickly launch replacement instances when there is a failure

Amazon Resource Names (ARNs), tags and block device mappings don’t really help with fault tolerance

CORRECT: “Elastic IP addresses” is a correct answer.

CORRECT: “AMIs” is also a correct answer.

INCORRECT: “ARNs” is incorrect as explained above.

INCORRECT: “Tags” is incorrect as explained above.

INCORRECT: “Block device mappings” is incorrect as explained above.

Question 53

Which AWS service lets connected devices easily and securely interact with cloud applications and other devices?
A.Amazon Workspaces
B.AWS Server Migration Service (SMS)
C.AWS IoT Core
D.AWS Directory Service

Answer 53

C.AWS IoT Core

Explanation:
AWS IoT Core is a managed cloud service that lets connected devices easily and securely interact with cloud applications and other devices. AWS IoT Core can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely.

CORRECT: “AWS IoT Core” is the correct answer.

INCORRECT: “AWS Directory Service” is incorrect. AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud

INCORRECT: “AWS IoT Core” is incorrect. Amazon WorkSpaces is a managed, secure cloud desktop service

INCORRECT: “AWS Server Migration Service (SMS)” is incorrect. AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS.

Question 54

An application that is deployed across multiple Availability Zones could be described as:
A.Being secure
B.Being highly available
C.Having elasticity
D.Having global reach

Answer 54

B.Being highly available

Explanation:
When you deploy an application across multiple Availability Zones the application can be considered to be highly available. You must also have a way of directing traffic to the application in each AZ such as an Elastic Load Balancer.

The diagram below depicts an example of a highly available application deployed on EC2 instances in multiple AZs and using an ELB to direct traffic:

CORRECT: “Being highly available” is the correct answer.

INCORRECT: “Having global reach” is incorrect as this refers to deploying applications that can be connected to from around the world and also deploying applications into different regions.

INCORRECT: “Being secure” is incorrect as this is not an example of the implementation of security.

INCORRECT: “Having elasticity” is incorrect. Auto Scaling is an example of elasticity and it is not mentioned in this question.

Question 55

Which AWS service can assist with providing recommended actions on cost optimization?
A.AWS Artifact
B.AWS Trusted Advisor
C.Amazon CloudWatch Events
D.AWS Inspector

Answer 55

B.AWS Trusted Advisor

Explanation:
Explanation

Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment.

CORRECT: “AWS Trusted Advisor” is the correct answer.

INCORRECT: “AWS Inspector” is incorrect. Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

INCORRECT: “AWS Artifact” is incorrect. AWS Artifact is a resource for obtaining compliance-related information.

INCORRECT: “Amazon CloudWatch Events” is incorrect. Amazon CloudWatch Events delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources.

Question 56

What is the relationship between subnets and availability zones?
A.You can create one or more subnets within each availability zone
B.You can create one subnet per availability zone
C.Subnets contain one or more availability zones
D.Subnets span across multiple availability zones

Answer 56

A.You can create one or more subnets within each availability zone

Explanation:
You can create one or more subnets within each availability zone but subnets cannot span across availability zones.

CORRECT: “You can create one or more subnets within each availability zone” is the correct answer.

INCORRECT: “Subnets span across multiple availability zones” is incorrect as they are contained within a single AZ.

INCORRECT: “You can create one subnet per availability zone” is incorrect as you can create many subnets per AZ.

INCORRECT: “Subnets contain one or more availability zones” is incorrect as they are created within a single AZ.

Question 57

Which AWS service is part of the suite of "serverless" services and runs code as functions?
A.Amazon ECS
B.AWS Lambda
C.AWS CodeCommit
D.Amazon EKS

Answer 57

B.AWS Lambda

Explanation;
AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. The code you run on AWS Lambda is called a “Lambda function”.

CORRECT: “AWS Lambda” is the correct answer.

INCORRECT: “Amazon ECS” is incorrect. Amazon ECS is used for running software containers such as Docker containers.

INCORRECT: “Amazon EKS” is incorrect. Amazon EKS is used for managing software containers such as Docker containers.

INCORRECT: “AWS CodeCommit” is incorrect. AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories.

Question 58

A company has deployed several relational databases on Amazon RDS. Every month, the database software vendor releases new security patches that need to be applied to the database.

What is the MOST efficient way to apply the security patches?
A.Connect to each database instance on a monthly basis and download then apply the necessary security patches from the vendor
B.Enable automatic patching for the instances using the Amazon RDS console
C.Use AWS Systems Manager to automate database patching according to a schedule
D.In AWS Config, configure a rule for the instances and then required patch level

Answer 58

B.Enable automatic patching for the instances using the Amazon RDS console

Explanation:
Periodically, Amazon RDS performs maintenance on Amazon RDS resources. Maintenance most often involves updates to the DB instance’s underlying hardware, underlying operating system (OS), or database engine version. Updates to the operating system most often occur for security issues and should be done as soon as possible.

Required patching is automatically scheduled only for patches that are related to security and instance reliability. Such patching occurs infrequently (typically once every few months) and seldom requires more than a fraction of your maintenance window.

All you need to do to get enable patching is specify the maintenance window in which the patching will take place. This can be done at instance creation time or at any time afterwards.

CORRECT: “Enable automatic patching for the instances using the Amazon RDS console” is the correct answer.

INCORRECT: “Connect to each database instance on a monthly basis, and download and apply the necessary security patches from the vendor” is incorrect. Amazon RDS is a managed service and you do not need to do this manually.

INCORRECT: “In AWS Config, configure a rule for the instances and the required patch level” is incorrect. This service is used for auditing and evaluating resource configurations.

INCORRECT: “Use AWS Systems Manager to automate database patching according to a schedule” is incorrect. Systems Manager can be used to manage EC2 instances but it cannot be used to patch RDS instances.

Question 59

Which AWS service enables developers and data scientists to build, train, and deploy machine learning models?
A.Amazon Comprehend
B.Amazon Rekognition
C.Amazon SageMaker
D/Amazon MQ

Answer 59

C.Amazon SageMaker

Explanation:
Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. Amazon SageMaker removes all the barriers that typically slow down developers who want to use machine learning.

CORRECT: “Amazon SageMaker” is the correct answer.

INCORRECT: “Amazon Rekognition” is incorrect. Amazon Rekognition makes it easy to add image and video analysis to your applications.

INCORRECT: “Amazon Comprehend” is incorrect. Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text

INCORRECT: “Amazon MQ” is incorrect. Amazon MQ is a managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud.

Question 60

Which tools can you use to manage identities in IAM? (Select TWO.)
A.EC2 Management Console
B.Amazon CloudWatch API
C.AWS COmmand Line Tools
D.Amazon Workspaces
E.AWS Management Console

Answer 60

C.AWS COmmand Line Tools
E.AWS Management Console

You can manage AWS Identity and Access Management identities through the AWS Management Console, AWS Command Line Tools, AWS SDKs, and IAM HTTPS API.

CORRECT: “AWS Management Console” is a correct answer.

CORRECT: “AWS Command Line Tools” is also a correct answer.

INCORRECT: “Amazon CloudWatch API” is incorrect. CloudWatch is not used for managing identities in IAM. It is a service used for monitoring the state of your AWS resources.

INCORRECT: “EC2 Management Console” is incorrect. The EC2 management console cannot be used for managing identities in IAM.

INCORRECT: “Amazon Workspaces” is incorrect. Amazon WorkSpaces is a managed desktop computing service running on the AWS cloud.

Question 61

How can an online education company ensure their video courses play with minimal latency for their users around the world?
A.Use Amazon S3 Transfer Accerleration to speed up downloads
B.Use Amazon Aurora Global Database
C.USe Amazon EBS Cross Region Replication to get the content close to the users
D.Use Amazon CloudFront to get the content closer to user

Answer 61

D.Use Amazon CloudFront to get the content closer to user

Explanation:
Amazon CloudFront is a content delivery network (CDN) that enables you to cache content in Edge Locations that are located around the world. This brings your media closer to your end users which reduces latency and improves the user experience.

CORRECT: “Use Amazon CloudFront to get the content closer to users” is the correct answer.

INCORRECT: “Use Amazon S3 Transfer Acceleration to speed up downloads” is incorrect. Amazon S3 Transfer Acceleration is a feature that is used for accelerating uploads to Amazon S3, not for downloads.

INCORRECT: “Use Amazon EBS Cross Region Replication to get the content close to the users” is incorrect. Amazon EBS Cross Region Replication does not exist (S3 Cross Region Replication does). You can copy EBS volumes across regions manually (or programmatically), however EBS is not a good way to get your content closer to your users as you would need to mount the volume to an EC2 instance (additional cost) and would also need to find a way to keep your files in sync.

INCORRECT: “Use Amazon Aurora Global Database” is incorrect. Amazon Aurora Global Database is designed for globally distributed applications, allowing a single Amazon Aurora database to span multiple AWS regions. This is a way to have an SQL database across regions, which is not a good use case for hosting media files.

Question 62

Which AWS service can be used to prepare and load data for analytics using an extract, transform and load (ETL) process?
A.Amazon EMR
B.AWS Glue
C.AWS Lambda
D.Amazon Athena

Answer 62

B.AWS Glue

Explanation:
AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics.

You can point AWS Glue to data stored on AWS, and AWS Glue discovers the data and stores the associated metadata (e.g. table definition and schema) in the AWS Glue Data Catalog. Once cataloged, the data is immediately searchable, queryable, and available for ETL.

CORRECT: “AWS Glue” is the correct answer.

INCORRECT: “AWS Lambda” is incorrect. AWS Lambda is a serverless application that runs code as functions in response to events

INCORRECT: “Amazon EMR” is incorrect. Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances

INCORRECT: “Amazon Athena” is incorrect. Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL.

Question 63

Which AWS IAM best practice recommends applying the minimum permissions necessary to perform a task when creating IAM policies?
A.Create individual IAM users
B.USe roles to delegate permissions
C.Enable MFA for privileged users
D.Grant least privilege

Answer 63

D.Grant least privilege

Explanation:
When you create IAM policies, follow the standard security advice of granting least privilege—that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks.

The other answer are all valid best practices but are not related to applying minimum permissions to IAM policies.

CORRECT: “Grant least privilege” is the correct answer.

INCORRECT: “Create individual IAM users” is incorrect as explained above.

INCORRECT: “Use roles to delegate permissions” is incorrect as explained above.

INCORRECT: “Enable MFA for privileged users” is incorrect as explained above.

Question 64

What charges are applicable to Amazon S3 Standard storage class? (Select TWO.)
A.Data ingress
B.Minimum capacity charges per object
C.Retriveal fee
D.Data egress
E.Per GB/month storage fee

Answer 64

D.Data egress
E.Per GB/month storage fee

Explanation:
With the standard storage class you pay a per GB/month storage fee, and data transfer out of S3. Standard-IA and One Zone-IA have a minimum capacity charge per object. Standard-IA, One Zone-IA, and Glacier also have a retrieval fee. You don’t pay for data into S3 under any storage class.

CORRECT: “Per GB/month storage fee” is the correct answer.

CORRECT: “Data egress” is the correct answer.

INCORRECT: “Retrieval fee” is incorrect as explained above.

INCORRECT: “Minimum capacity charge per object” is incorrect as explained above.

INCORRECT: “Data ingress” is incorrect as explained above.

Question 65

To reward customers for using their services, what are two ways AWS reduce prices? (Select TWO.)
A.Volume discount when you use more services
B.Discounts for using a wider variety of services
C.Reduction in inbound data transfer
D.Reduced cost for reserved capacity
E.Removal of termination fees for customers who spend more

Answer 65

A.Volume discount when you use more services
D.Reduced cost for reserved capacity

Explanation:
AWS provide volume based discount so that when you use more services you reduce the cost per service. You can also reserve capacity by locking in to fixed 1 or 3 year contracts to get significant discounts

You never pay for inbound data transfer

You don’t get discounts for using a variety of services, only when you use more services

There are never termination fees with AWS

CORRECT: “Volume based discounts when you use more services” is the correct answer.

CORRECT: “Reduced cost for reserved capacity” is the correct answer.

INCORRECT: “Reduction in inbound data transfer charges” is incorrect $

INCORRECT: “Discounts for using a wider variety of services” is incorrect $

INCORRECT: “Removal of termination fees for customers who spend more” is incorrect $