AWS Cloud Foundations Flashcards
Cloud computing
cloud computing is the on demand delivery of compute power database storage applications and other IT resources via the internet with pay as you go pricing
Infrastructure as software
cloud computing enables you to stop thinking about infrastructure as hardware and instead think of and use it as software.
The three main cloud service models
infrastructure as a service,
platform as a service,
software as a service
IaaS
Infrastructure as a Service, services in this category are the basic building blocks for cloud IT and provide you with access to networking features, computers virtual or physical and data storage space. Highest level of flexibility and management control over your IT resources.
PaaS
Platform as a Service, reduce the need for you to manage the underlying infrastructure and enable you to focus on the deployment and management of your applications
SaaS
Software as a Service, this service provides a completed product that the service provider runs and manages. In most cases this refers to end-user applications.
Cloud computing deployment models
cloud, hybrid, on premises(private cloud)
Cloud based application
fully deployed on the cloud, and all parts of the application run in the cloud. Applications in the cloud have either been created in the cloud or have been migrated from an existing infrastructure. These can be built on low level infrastructure pieces or they can use higher level services that provide abstraction from the management architecture and scaling requirements of core infrastructure.
Hybrid based model
connects applications and infra between cloud based resources and existing resources that are not located in the cloud.
On-premises model
private cloud, deploying resources on premises, using virtualisation, and resource management tools.
Trade capital expense for variable expense
Traditional data centres require significant capital investment whereas cloud computing is a variable expense that scales based on how much you use and requires no initial investment.
Benefit from massive economies of scale
you can achieve a lower variable cost than you can get on your own. Because the cloud aggregates usage from thousands of customers, providers such as AWS can achieve economy of scale and offer lower pay as you go prices
Stop guessing capacity
eliminate the need to guess about your infrastructure capacity needs. You can access as little or as much computing power as you need and scale within minutes.
increase speed and agility
reduces the time it takes to make more resources available.
stop spending money on running and maintaining data centres
focus on projects that grow your business instead of the infrastructure that supports it.
go global in minutes
you can deploy your application in multiple AWS regions around the world with just a few clicks, as a result you can provide lower latency and better experience for your customers
What are web services?
any piece of software that makes itself available over the internet and uses a standardized format for the request and response of an application programming interface.
AWS Management Console
the console provides a rich graphical interface to a majority of the features offered by AWS
AWS CLI
provides a suite of utilities that can be launched from a command script in Linux, macOS, or Windows
SDKs
AWS provides packages that enable accessing AWS in a variety of popular programming languages.
AWS Cloud Adoption Framework
AWS CAF provides guidance and best practices to help organizations build a comprehensive approach to successful cloud adoption,
AWS CAF is organized into six perspectives, perspectives consist of sets of capabilities
Six core perspectives
business, people, governance = business capabilities
platform, security, and operations = technical capabilities
business perspective
stakeholders from the business perspective can use AWS CAF to create a strong business case for cloud adoption
People perspective
use the AWS CAF to evaluate organizational structures and roles, new skill, and process requirements and identify gaps.
governance perspective
use AWS CAF to focus on the skills and processes that are needed to align IT strategy and goals with the business strategy and goals. to maximize business value of its IT investment and minimize business risk
platform perspective
use a variety of architectural dimensions and models to understand and communicate the nature of IT systems and their relationships, AWS CAF includes principles and patterns for implementing new solutions on the cloud, and for migrating on premise workloads to the cloud.
security perspective
ensure that the organization meets security objectives for visibility, audit-ability, control, and agility. Use AWS CAF to structure the selection and implementation of security controls that meet the organizations needs
operations perspective
define how day to day, and year to year business is conducted. AWS CAF helps these stakeholders define current operating procedures. It also helps them identify the process changes and training that are needed to implement successful cloud adoption.
AWS Lambda
enables a company to run code without managing or provisioning servers.
Amazon CloudFront
a CDN platform that securely delivers video, data, and applications to customers globally with low latency and high transfer speeds.
Edge locations
AWS data centers designed to deliver services with the lowest latency possible. They are closer to users than regions or availability zones, often in major cities, so responses can be fast.
What does Amazon CloudFront use to ensure low-latency?
AWS edge locations
Which are geographic areas that host two or more Availability Zones?
AWS Regions
A data center ________ cannot be used for more than one Availability Zone.
cannot
An Amazon Region is located in a ______________, and is a ____________ that has multiple Availability Zones.
Separate geographic area, physical location
Do edge locations have to be located in the same general area as Regions?
False
Reserved Instances are
available in three options:
All Upfront Reserved Instance (or AURI)
Partial Upfront Reserved Instance (or PURI)
No Upfront Payments Reserved Instance (or NURI)
Where can a customer go to get more details on Amazon EC2 billing activity that took place up to 13 months ago?
AWS Cost Explorer
AWS storage is typically charged based on how many ______ you use.
gigabytes
The four support plans offered by AWS support:
Basic, Developer, Business, and Enterprise
What AWS tool lets you explore AWS services and create an estimate for the cost of your use cases on AWS?
AWS Pricing Calculator
As you use more, price goes down, what is this called?
Economy of scale
Benefits of using AWS organizations
-centrally managed access policies across multiple AWS accounts
-controlled access to AWS services
-automated AWS account creation and management
-consolidated billing across multiple AWS accounts
Amazon VPC smallest subnet you can have in a VPC
/28
With Amazon Virtual Private Cloud what is the max IP address range you can have in a VPC?
/16
Private subnet needs access to internet, what enables this access?
NAT gateway
Which component of AWS infrastructure does CloudFront use to ensure low-latency delivery?
AWS edge locations
What is an optional security control that can be applied at the subnet layer of a VPC?
network ACL
What happens when you use Amazon VPC to create a new VPC?
A main route table is created by default
What acts as a virtual firewall for your instance to control inbound and outbound traffic?
Security group
How many IP addresses are automatically reserved by AWS?
5
Which AWS service would allow the company to consolidate their billing for the 75 accounts?
AWS Organizations
A data analytics company working with sensitive and confidential data is using AWS Organizations to centrally manage multiple AWS accounts.
How can the company ensure that provisioned accounts stay in the company’s access control guidelines?
Use a service control policy (SCP) to define the maximum available permissions for all the AWS accounts.
A manufacturing company uses AWS Key Management Service (KMS) to protect its design data. The company must log all key usage to meet its regulatory and compliance requirements.
Which AWS service can the company use to comply with this regulatory requirement?
AWS CloudTrail,
AWS KMS integrates with AWS CloudTrail, which logs all the key usage.
A mobile app development company is building a dating app to enable users to access the various company resources stored on AWS. The company wants users to be able to sign up and sign in to the app through social identity providers, such as Facebook, Amazon, Google, or Apple.
Which AWS service satisfies this requirement?
Amazon Cognito provides authentication, authorization, and user management for web and mobile apps, allowing users to sign in directly with a username and password, or through a third party such as Facebook, Amazon, Google, or Apple.
An e-commerce giant has migrated all its legacy applications to web-based applications running on the AWS cloud. The company is worried about distributed denial of service (DDoS) attacks and wants to be sure its applications are well protected should there be a DDoS attack.
Which AWS solution can the company use to protect its web application against infrastructure attacks?
AWS Shield is a managed distributed denial of service (DDoS) protection service that safeguards applications running on AWS.
Which IP address should the cloud solution architect recommend that the developer include in the firewall rule to give access to a single host?
Every bit in a /32 IP address block is fixed, and none (zero) of the bits is flexible, which means 2^0 (or 1) IP address is available for the network. It represents a single IP address and a single host.
A small business that is just starting out in the cloud is building an e-commerce website that will be hosted on Amazon EC2 instances and will be reachable from the internet. For better customer experience, it needs a fixed IP address that will not change when it starts or stops the instance for updates.
Which type of IP address is recommended for the small business to attach to its instance?
When a company stops and restarts an EC2 instance associated with an elastic IP address, the EC2 instance retains its IP address after restarting. The existing application will not break because the application sees the (elastic) IP address it was expecting, even though the back-end EC2 instance has changed.
A cloud solutions architect is setting up a VPC to have an address space of 172.16.1.0/16. There is a requirement that all resources within the VPC must be able to talk locally to one another without any additional configuration.
What is the best destination CIDR block to route the network traffic to in the route table to meet this requirement?
Since the network traffic will travel local to the originating subnet, the destination CIDR block is the same as the originating 172.16.1.0/16 CIDR block.
A cloud solutions architect is setting up a custom VPC in the AWS cloud. The architect has assigned the VPC to an IPv4 classless inter-domain routing (CIDR) block size of 10.0.1.0/26 and created four equal-sized subnets.
How many IP addresses will be available for use by each subnet?
A /26 IP address block will have 26 (or 64) IP addresses available, which equates to 16 IP addresses for each subnet. But AWS reserves 5 IP addresses, which are not available for use, leaving only 11 IP addresses available for use per subnet.
Amazon EC2
IaaS, virtual machines, provision vm that you manage
AWS Lambda
Serverless computing, low-cost
Amazon ECS, EKS, Fargate, ECR
container based computing
AWS Elastic Beanstalk
PaaS, for web applications
AMI
Amazon Machine Image, template used to create EC2 instance
Instance type
determines the memory RAM, CPU, storage, and network performance
Amazon EBS
durable block level storage volumes
Amazon EC2 Instance Store
storage is provided on disks attached to the host computer, if the instance stops, data stored here is deleted
What is a tag?
how to attach metadata to an EC2 instance, a label that you can assign to an AWS resource
Security group
virtual firewall, creates rules that allow or ban traffic to or fro an instance.
Key-pair
at instance launch, you specify an existing key pair or create a new key pair.
a key pair consists of:
a public key that AWS stores, and a private key file that you store.
it enables secure connections to the instance.
on demand instances
low cost and flexibility, spiky work loads, development and testing
spot instances
large scale, dynamic workload, applications with flexible start and end times, users with urgent need for large amounts of additional capacity
reserved instances
predictability ensures compute capacity is available when needed, steady state workloads, applications that will be used for many months ahead
dedicated hosts
save money on licensing costs and help meet compliance and regulatory requirements, highly sensitive workloads.
The four pillars of cost optimization
right size, increase elasticity, optimal pricing model, optimize storage choices.
what are containers?
a method of operating system virtualization
container vs vm
vm runs on hypervisor and container runs directly on os
what AWS lambda?
a server-less compute service
AWS Cloud Storage
holds the information that applications use, data storage, data analysis
Amazon EBS
Elastic Block Store, persistent block storage, retains data even if shut off, non-volatile memory, scale usage based on provisioning,
Glacier
Amazon S3
simple storage service, object level storage, must re upload entire file upon changes, stored in buckets, can write read and delete, objects can be up to 5TB in size, stored redundantly, no server management, objects can be any datafile, can use IAM, and access control lists, can encrypt in transit or at rest, free to transfer data in, cost to transfer data out.
Amazon EFS
Elastic file system, storage for ec2 instances,
block storage
faster, higher bandwidth but can cost more, able to adjust file in small blocks
snapshot, baseline
baseline is first snapshot, snapshot is saved files at a point in time, recreate a new volume at any time
SSD vs HDD
HDD fast expensive, SSD
Amazon S3 glacier
for data archiving and long term backup, low cost, takes several hours to retrieve
archive- the base unit of storage.
vault- container for storing archives, vault access policy and what operations users can and cannot perform
uses for glacier
media asset archiving
health care archiving
regulatory and compliance
digital preservation
scientific data archiving
S3 standard IA
infrequent access, retrieval fee for objects.
security with amazon s3 glacier
control access with IAM management
AES 256 encryption
Amazon S3 replicates all objects ________.
in multiple availability zones within the same region.
Three services used as a storage class for an S3 object life cycle policy.
Glacier, S3 infrequent access, S3 standard access
the name of an S3 bucket must be unique _______.
worldwide across all AWS accounts
You can use Amazon EFS to:
implement storage for EC2 instances that multiple virtual machines can access at the same time.
what is a vault in S3 Glacier?
a container for storing archives
is a bucket in S3 associated with specific AWS region
yes true
features of Amazon EBS:
volumes persist when EBS stops, the data is automatically replicated with an Availability Zone, can be encrypted upon creation and used by an instance, as if they were not encrypted.
Amazon RDS
Relational Database Service, sets up and scales database built in, AWS manages load, SQL
unmanaged vs managed services
scaling fault tolerance and availability are either managed or unmanaged
managed require less configuration and a database management is used
VPC
virtual private cloud
Amazon DynamoDB
non-relational database, key-value, document, graph, scaled horizontally, better for massive datasets, NoSQL database tables, stored in SSD, low latency query performance,
DynamoDB components
tables, items, attributes
Amazon Redshift
fully managed data warehouse, simple and cost effective to set up, uses sophisticated querying
Amazon Aurora
enterprise class relational database, compatible of MySQL and PostgreSQL, automate time consuming tasks, ideal for large relational database sets, pay as you go service,
Hundreds of thousands of concurrent users with db tech to use?
amazon dynamo db
how to find an item in an Amazon Dynamo db using an attribute other than the item’s primary key?
scan
AWS service best for analyzing data by using SQL and Business intelligence tools?
redshift
database with extremely fast performance, fast scalability, and flexibility in database schema
DynamoDB
best db for complex queries or transactions?
amazon RDS
MySQL and PostgreSQL compatible database
Amazon Aurora
Which compute service will allow the developers to set triggers for when the code executes
AWS Lambda is serverless, and it enables the developers to run their code and set triggers for when the code executes without provisioning or managing servers.
Which Amazon EC2 instance type is best suited for deploying the company’s video encoding systems to effectively scale its services?
Compute optimized instances are suitable for scientific modeling, gaming, video encoding, and other applications that benefit from high compute power.
How should the company group its EC2 instances to make sure its application benefits from low network latency and high network throughput?
A cluster placement group is a logical grouping of instances within a single availability zone. It is recommended for applications that need low network latency, high network throughput, or both.
A solutions architect for a law firm wants to create a storage system for archiving multiple clients’ case files. The files are critical for audit and compliance, and multiple EC2 instances must be able to access the files simultaneously.
Which solution should the solutions architect choose to meet this requirement
Amazon EFS is a shared files system that multiple EC2 instances can access concurrently.
A startup media company is using an on-premises database but has plans to migrate its workloads to the cloud. In the meantime, the company wants to store its on-premises database snapshots and server logs in the AWS cloud.
Which storage solution meets this requirement if the database size and the server logs are 3TB and 2TB respectively?
Amazon S3 is a persistent storage that can store images, videos, server logs, and database snapshots as objects 5TB or less.
How can the company reduce the load on the RDS MySQL database and improve the overall performance?
The load can be reduced on the RDS MySQL database instance by routing read queries from the applications to the read replica.
A cloud solutions architect has been asked to design a consistent, single-digit millisecond database solution for a high volume multiplayer game application. The database must be able to handle several millions of queries per second and have consistent performance as game application grows.
Which database solution is best suited for this scenario?
Amazon DynamoDB is a NoSQL database service that delivers consistent, single-digit millisecond latency at any scale. With DynamoDB, the company can create responsive mobile, console, and desktop games.
____________________ is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze petabytes of data by using standard SQL and existing business intelligence tools.
Amazon Redshift
A commercial shipping company using MySQL database on-premises wants to migrate its database to the AWS cloud. The company wants a database service that is compatible with MySQL, has automatic failover and data backups by default, and can instantly recover if the primary database crashes and becomes unhealthy.
Which database solution best meets the company’s requirements?
Amazon Aurora is a fully managed relational database engine from Amazon Web Services that is compatible with MySQL and PostgreSQL. It has automatic data backups by default and can instantly recover from crashes within 60 seconds.
AWS Well-Architected-Framework 5 Pillars
operational excellence
security
reliability
performance efficiency
cost optimization
Operational Excellence Cloud Architecture
run and monitor systems to deliver business value
6 DESIGN PRINCIPLES
perform operations as code
annotate documentation
make frequent small, reversible changes
refine operations procedures frequently
anticipate failure
learn from all operational events and failures
Security Cloud Architecture
protect information systems and assets while delivering business value through risk assessments
7 DESIGN PRINCIPLES
implement a strong identity foundation
enable traceability
apply security at all layers
automate security best practices
protect data in transit and at rest
keep people away from data
prepare for security events
Reliability Cloud Architecture
prevent and quickly recover from failures to meet business and customer demand
5 PRINCIPLES
test recovery procedures
automatically recover from failure
scale horizontally to increase aggregate system availability, remove single point of failure
stop guessing capacity
manage change in automation
Performance Efficiency Cloud Architecture
use resources efficiently to meet system requirements,
PERFORMANCE DESIGN PRINCIPLES
democratize advanced technologies
go global in minutes
use server less architectures
experiment more often
have mechanical sympathy
Cost Optimization Cloud
run business systems at the lowest price point
5 DESIGN PRINCIPLES
adopt a consumption model, only pay for way you use
measure overall efficiency
stop spending money on data centre operations
analyze and attribute expenditure
use managed and application level services to reduce cost of ownership
Reliability
a measure of the systems ability to provide function when desired by the user, probability a system will function as intended
Availability
percentage of uptime,
normal operation time/ total time
MTBF
mean time between failures
fault tolerance
the built in redundancy of an application’s built in components and its ability to remain operational
scalability
the amount an application to accomadate increases in capacity needs without changing design
recoverability
the process, polices and procedures that are related to restoring service after a catastrophic event
AWS trusted advisor
online tool that provides real-time guidance to help you provision your resources AWS best practices
AWS trusted advisor recommends changes for the following categories:
cost optimization
performance
security
fault tolerance
service limits
3 pillars of performance of the AWS well architected farmework
tradeoffs selection and monitoring
Elastic Load Balancing
distributes incoming applications or network traffic across multiple targets in a single availability zone or multiple, scales as need changes
Application load balancer
load balancing of http https, operates at application layer, OSI model 7
Network Load Balancer
load balancing TCP, UDP, TLS traffic where extreme performance is required
Classic load balancer
operates at both the application and network layers, outdated tech
Amazon CloudWatch
used to verify that the system is performing as expected and creates an alarm to initiate an action it a metric goes outside an acceptable range,
monitors,
collects and tracks,
alarms, and
events
AWS CloudTrail
capture of who what when and where calls were made to APIs in AWS services
Amazon EC2 auto scaling
helps scale by launching and releasing or removing EC2 instances
Auto Scaling Group
a collection of EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management
Which service would you use to send alerts based on Amazon CloudWatch alarms?
Amazon Simple Notification Service
A unicorn startup is building an analytics application with support for a speech-based interface. The application will accept speech-based input from users and then convey results via speech. As a Cloud Practitioner, which solution would you recommend for the given use-case?
Use Amazon Transcribe to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speech
The DevOps team at an IT company is moving 500 GB of data from an EC2 instance to an S3 bucket in the same region. Which of the following scenario captures the correct charges for this data transfer?
The company would not be charged for this data transfer
Per AWS pricing, data transfer between S3 and EC2 instances within the same region is not charged, so there would be no data transfer charge for moving 500 GB of data from an EC2 instance to an S3 bucket in the same region.
A multi-national corporation wants to get expert professional advice on migrating to AWS and managing their applications on AWS Cloud. Which of the following entities would you recommend for this engagement?
APN Consulting Partner
APN Consulting Partners are professional services firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their migration to AWS cloud.
APN Technology Partner
APN Technology Partners provide hardware, connectivity services, or software solutions that are either hosted on or integrated with, the AWS Cloud. APN Technology Partners cannot help in migrating to AWS and managing applications on AWS Cloud.
Concierge Support Team
The Concierge Support Team are AWS billing and account experts that specialize in working with enterprise accounts. They will quickly and efficiently assist you with your billing and account inquiries. The Concierge Support Team is only available for the Enterprise Support plan. Concierge Support Team cannot help in migrating to AWS and managing applications on AWS Cloud.
Which security service of AWS is enabled for all AWS customers, by default, at no additional cost?
AWS Shield Standard
AWS Web Application Firewall (AWS WAF)
AWS WAF is a web application firewall that lets you monitor the HTTP(S) requests that are forwarded to an Amazon CloudFront distribution, an Amazon API Gateway API, or an Application Load Balancer. AWS WAF charges based on the number of web access control lists (web ACLs) that you create, the number of rules that you add per web ACL, and the number of web requests that you receive (it is not a free service).
AWS Secrets Manager
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. With Secrets Manager, you pay based on the number of secrets stored and API calls made.
AWS Shield Advanced
AWS Shield Advanced includes intelligent DDoS attack detection and mitigation for not only for network layer (layer 3) and transport layer (layer 4) attacks but also for application layer (layer 7) attacks. AWS Shield Advanced is a paid service that provides additional protections for internet-facing applications.
An intern at an IT company provisioned a Linux based On-demand EC2 instance with per-second billing but terminated it within 30 seconds as he wanted to provision another instance type. What is the duration for which the instance would be charged?
60 seconds
A data analytics company is running a proprietary batch analytics application on AWS and wants to use a storage service which would be accessed by hundreds of EC2 instances simultaneously to append data to existing files. As a Cloud Practitioner, which AWS service would you suggest for this use-case?
Amazon Elastic File System (Amazon EFS)
Question 13Incorrect
Which of the following statements are CORRECT regarding the AWS VPC service? (Select two)
Your selection is incorrect
A Security Group can have both allow and deny rules
A network access control list (network ACL) can have allow rules only
A Network Address Translation instance (NAT instance) is managed by AWS
Correct selection
A Security Group can have allow rules only
Your selection is correct
A Network Address Translation gateway (NAT gateway) is managed by AWS
A Security Group can have allow rules only
A Network Address Translation gateway (NAT gateway) is managed by AWS
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. Security groups act at the instance level, not at the subnet level. You can specify allow rules, but not deny rules. You can specify separate rules for inbound and outbound traffic
AWS Shield Advanced provides expanded DDoS attack protection for web applications running on which of the following resources?
Amazon API Gateway
AWS Global Accelerator
AWS CloudFormation
Amazon Route 53
AWS Elastic Beanstalk
AWS Global Accelerator
Amazon Route 53
Which AWS services can be used to decouple components of a microservices based application on AWS Cloud?
Amazon Simple Queue Service (SQS)
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.
Amazon Simple Notification Service (SNS)
Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. Using Amazon SNS topics, your publisher systems can fan-out messages to a large number of subscriber endpoints for parallel processing, including Amazon SQS queues, AWS Lambda functions, and HTTP/S webhooks. Additionally, SNS can be used to fan out notifications to end users using mobile push, SMS, and email.
Therefore, both SNS and SQS can be used to decouple components of a microservices-based application.
Serverless AWS Service
AWS Lambda
A research group wants to use EC2 instances to run a scientific computation application that has a fault tolerant architecture. The application needs high-performance hardware disks that provide fast I/O performance. As a Cloud Practitioner, which of the following storage options would you recommend as the MOST cost-effective solution?
Instance Store
An instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. This is a good option when you need storage with very low latency, but you don’t need the data to persist when the instance terminates or you can take advantage of fault-tolerant architectures.
Which of the following AWS services support VPC Endpoint Gateway for a private connection from a VPC?
Amazon DynamoDB
Amazon Simple Storage Service (S3)
Which of the following is CORRECT regarding removing an AWS account from AWS Organizations?
The AWS account must be able to operate as a standalone account. Only then it can be removed from AWS organizations
A startup wants to provision an EC2 instance for the lowest possible cost for a long-term duration but needs to make sure that the instance would never be interrupted. As a Cloud Practitioner, which of the following options would you recommend?
EC2 Reserved Instance
Compared to the on-demand instance prices, what is the highest possible discount offered for spot instances?
90
Which of the following AWS services support reservations to optimize costs?
DynamoDB, EC2, RDS
A company runs an application on a fleet of EC2 instances. The company wants to automate the traditional maintenance job of running timely assessments and checking for OS vulnerabilities. As a Cloud Practitioner, which service will you suggest for this use case?
Amazon Inspector
According to the AWS Cloud Adoption Framework (AWS CAF), what are two tasks that a company should perform when planning to migrate to the AWS Cloud and aiming to become more responsive to customer inquiries and feedback as part of their organizational transformation?
Organize your teams around products and value streams
Leverage agile methods to rapidly iterate and evolve
A startup wants to set up its IT infrastructure on AWS Cloud. The CTO would like to get an estimate of the monthly AWS bill based on the AWS services that the startup wants to use. As a Cloud Practitioner, which AWS service would you suggest for this use-case?
AWS Pricing Calculator
A big data analytics company is moving its IT infrastructure from an on-premises data center to AWS Cloud. The company has some server-bound software licenses that it wants to use on AWS. As a Cloud Practitioner, which of the following EC2 instance types would you recommend to the company?
Dedicated Host
A company uses reserved EC2 instances across multiple units with each unit having its own AWS account. However, some of the units under-utilize their reserved instances while other units need more reserved instances. As a Cloud Practitioner, which of the following would you recommend as the most cost-optimal solution?
Use AWS Organizations to manage AWS accounts of all units and then share the reserved EC2 instances amongst all units
Each AWS Region consists of a minimum of ______ Availability Zones (AZ)
3
Each Availability Zone (AZ) consists of ___________ or more discrete data centers
1
Which of the following AWS Support plans provide access to guidance, configuration, and troubleshooting of AWS interoperability with third-party software?
AWS Enterprise Support
AWS Enterprise Support provides customers with concierge-like service where the main focus is helping the customer achieve their outcomes and find success in the cloud. With Enterprise Support, you get 24x7 technical support from high-quality engineers, tools and technology to automatically manage the health of your environment, consultative architectural guidance delivered in the context of your applications and use-cases, and a designated Technical Account Manager (TAM) to coordinate access to proactive/preventative programs and AWS subject matter experts. You get access to guidance, configuration, and troubleshooting of AWS interoperability with many common operating systems, platforms, and application stack components.
AWS Business Support
You should use AWS Business Support if you have production workloads on AWS and want 24x7 phone, email and chat access to technical support and architectural guidance in the context of your specific use-cases. You get full access to AWS Trusted Advisor Best Practice Checks. You get access to guidance, configuration, and troubleshooting of AWS interoperability with many common operating systems, platforms, and application stack components.
Which of the following entities applies patches to the underlying OS for Amazon Aurora?
The AWS product team automatically
A company wants to have control over creating and using its own keys for encryption on AWS services. Which of the following can be used for this use-case?
customer managed key (CMK)
The DevOps team at an e-commerce company is trying to debug performance issues for its serverless application built using a microservices architecture. As a Cloud Practitioner, which AWS service would you recommend addressing this use-case?
AWS X-Ray
Which of the following is a benefit of using AWS managed services such as Amazon Relational Database Service (Amazon RDS)?
The performance of AWS managed Amazon Relational Database Service (Amazon RDS) instance is better than a customer-managed database instance
A company wants to improve the resiliency of its flagship application so it wants to move from its traditional database system to a managed AWS NoSQL database service to support active-active configuration in both the East and West US AWS regions. The active-active configuration with cross-region support is the prime criteria for any database solution that the company considers.
Which AWS database service is the right fit for this requirement?
Amazon DynamoDB with global tables
Which AWS service will help you receive alerts when the reservation utilization falls below the defined threshold?
AWS Budgets
Which AWS Support plan provides architectural guidance contextual to your specific use-cases?
AWS Business Support
Which of the following AWS services has encryption enabled by default?
AWS CloudTrail Logs
A startup wants to migrate its data and applications from the on-premises data center to AWS Cloud. Which of the following options can be used by the startup to help with this migration?
Leverage AWS Professional Services to accelerate the infrastructure migration
The AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. AWS Professional Services consultants can supplement your team with specialized skills and experience that can help you achieve quick results. Therefore, leveraging AWS Professional Services can accelerate the infrastructure migration for the startup.
Utilize AWS Partner Network (APN) to build a custom solution for this infrastructure migration
The AWS Partner Network (APN) is the global partner program for technology and consulting businesses that leverage Amazon Web Services to build solutions and services for customers. The startup can work with experts from APN to build a custom solution for this infrastructure migration.
AWS Compute Optimizer delivers recommendations for which of the following AWS resources?
Amazon Elastic Compute Cloud (Amazon EC2) instances, Amazon EC2 Auto Scaling groups
Amazon Elastic Block Store (Amazon EBS), AWS Lambda functions
Which Amazon Route 53 routing policy would you use to improve the performance for your customers by routing the requests to the AWS endpoint that provides the fastest experience?
Latency-based routing
As per the AWS Shared Responsibility Model, which of the following is a responsibility of the customer from a security and compliance point of view?
Managing patches of the guest operating system on Amazon Elastic Compute Cloud (Amazon EC2)
What foundational capability under the operations perspective is part of the AWS Cloud Adoption Framework (AWS CAF)?
Performance and capacity management
A gaming company is looking at a technology/service that can deliver a consistent low-latency gameplay to ensure a great user experience for end-users in various locations.
Which AWS technology/service will provide the necessary low-latency access to the end-users?
AWS Local Zones
Which AWS service can be used to provision resources to run big data workloads on Hadoop clusters?
Amazon EMR
Which of the following statements are correct about the AWS root user account?
Root user access credentials are the email address and password used to create the AWS account
It is highly recommended to enable Multi-Factor Authentication (MFA) for root user account
Due to regulatory and compliance reasons, an organization is supposed to use a hardware device for any data encryption operations in the cloud. Which AWS service can be used to meet this compliance requirement?
AWS CloudHSM
AWS CloudHSM is a cloud-based Hardware Security Module (HSM) that enables you to easily generate and use your encryption keys on the AWS Cloud. With CloudHSM, you can manage your encryption keys using FIPS 140-2 Level 3 validated HSMs
A company is using a message broker service on its on-premises application and wants to move this messaging functionality to AWS Cloud. Which of the following AWS services is the right choice to move the existing functionality easily?
Amazon MQ
A customer has created a VPC and a subnet within AWS Cloud. Which of the following statements is correct?
An Amazon Virtual Private Cloud (Amazon VPC) spans all of the Availability Zones (AZ) in the Region whereas a subnet spans only one Availability Zone (AZ) in the Region
An e-commerce company wants to assess its applications deployed on Amazon Elastic Compute Cloud (Amazon EC2) instances for vulnerabilities and deviations from AWS best practices. Which AWS service can be used to facilitate this?
Amazon Inspector
A data analytics company stores its data on Amazon Simple Storage Service (Amazon S3) and wants to do SQL based analysis on this data with minimum effort. As a Cloud Practitioner, which of the following AWS services will you suggest for this use case?
Amazon Athena,
is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Amazon Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.
A company wants a fully managed, flexible, and scalable file storage system, with low latency access, for its Windows-based applications. Which AWS service is the right choice for the company?
Amazon FSx for Windows File Server
Which of the following use-cases is NOT supported by Amazon Rekognition?
Quickly resize photos to create thumbnails
You cannot use Amazon Rekognition to resize photos to create thumbnails.
With Amazon Rekognition, you can identify objects, people, text, scenes, and activities in images and videos, as well as detect any inappropriate content. Amazon Rekognition also provides highly accurate facial analysis and facial search capabilities that you can use to detect, analyze, and compare faces for a wide variety of user verification, people counting, and public safety use cases.
As per the AWS Shared Responsibility Model, which of the following is a responsibility of AWS from a security and compliance point of view?
Edge Location Management
A company’s flagship application runs on a fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances. As per the new policies, the system administrators are looking for the best way to provide secure shell access to Amazon Elastic Compute Cloud (Amazon EC2) instances without opening new ports or using public IP addresses.
Which tool/service will help you achieve this requirement?
AWS Systems Manager Session Manager
Which AWS compute service provides the EASIEST way to access resizable compute capacity in the cloud with support for per-second billing and access to the underlying OS?
Amazon Elastic Compute Cloud (Amazon EC2)
An online gaming company wants to block users from certain geographies from accessing its content. Which AWS service can be used to accomplish this task?
AWS Web Application Firewall (AWS WAF)
AWS budgets 3 types
cost usage and reservation budget
How to prevent your data from deletion on Amazon S3?
Amazon S3 versioning, versioning means keeping multiple variants of an object in the same bucket.
three Amazon regional services:
Amazon S3, AWS Lambda, Amazon Rekognition
How to receive separate invoices for development and production environments?
Create separate AWS accounts for development and production environments to receive separate invoices.
What is cloud foundations?
provides a guided path to help customers deploy, configure, and secure their new workloads while ensuring they are ready for on-going operations in the cloud.
what is a security group?
A security group is stateful virtual firewall for your instance to control inbound and outbound traffic.
What is a network ACL?
An optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. Stateful, thus automatically allowing the return traffic.
Components of a AWS Site to Site VPN?
Virtual private gateway (VGW), and a customer gateway
How to improve the performance of a web app globally?
Use Amazon CloudFront to improve the performance of your website.
Amazon Elastic Block Store (Amazon EBS) Snapshots are stored _____________, which means you are billed only for the changed blocks stored
incrementally
Will uou will pay a fee each time you read from or write data stored on the Amazon Elastic File System (Amazon EFS) - Infrequent Access storage class
yes
A research group wants to provision an Amazon Elastic Compute Cloud (Amazon EC2) instance for a flexible application that can be interrupted. As a Cloud Practitioner, which of the following would you recommend as the MOST cost-optimal option?
Spot instance
How to store multiple copies of data in geographically distant locations?
Use S3 cross region replication to replicate data between distant AWS Regions
What is the region-specific constraint that the Amazon Machine Image (AMI) must meet so that it can be used for this Amazon Elastic Compute Cloud (Amazon EC2) instance?
You must use an Amazon Machine Image from the same region as that of the Amazon EC2 instance. The region of the AMI has no bearing on the performance of the Amazon EC2 instance
How to connect multiple Amazon VPC within an organization?
AWS transit gateway
Why deploy an RDS with a read replica configuration?
Read Replica improves database scalability
Compared to on demand instance prices what is the highest possible discount offered for reserved instances?
72
Where can EC2 instances access Amazon EFS?
Many AZ, Regions and VPCs
What are mandatory elements of an IAM policy?
Effect Action
AWS autoscaling
scales out and adds more EC2.
scales in and removes EC2 instances
AWS costs by the hour in an Amazon Simple Storage Service (Amazon S3) bucket
AWS Cost & Usage Report (AWS CUR)
move large volumes or on premises data to AWS Cloud from a remote location with limited bandwith.`
AWS Snowball
data migration and edge computing device
Data migration servers from on premise to AWS cloud
AWS Database Migration Service (AWS DMS)
AWS Snowball
Amazon CloudWatch billing metric data is stored in which AWS Region?
US East (N. Virginia) - us-east-1
Which Amazon Route 53 routing policy would you use when you want to route your traffic in an active-passive configuration?
Failover Routing
used when you want to configure active-passive failover. Failover routing lets you route traffic to a resource when the resource is healthy or to a different resource when the first resource is unhealthy.
For each resource, each tag key must be ________, and each tag key can have only ________ value
unique, one
Which AWS services can be used off-the-shelf to address cost optimization without needing any manual configurations?
AWS Cost Explorer and AWS Trusted Advisor
Which AWS service will you use to privately connect your virtual private cloud (VPC) to Amazon Simple Storage Service (Amazon S3)?
VPC Endpoint
How to improve the availability for a fleet of EC2 instances?
deploy EC2 instances across different AZ in the same AWS Region
Which AWS services can be used together to send alerts whenever the AWS account root user signs in?
Amazon Simple Notification Service
Amazon Cloudwatch
What is Amazon SQS
Simple Queue Service, fully managed message queuing service that enables you to decouple and scale microservices distributed systems and serverless applications. Communicate between software components at any volume
Which entity ensures that your application on Amazon Elastic Compute Cloud (Amazon EC2) always has the right amount of capacity to handle the current traffic demand?
Amazon EC2 Auto Scaling, helps you ensure you have the correct number of Amazon EC2 instances available to handle the load for your application.
Application Load Balancer
distributes traffic across multiple targets, it does not scale resources
Network Load Balancer
load balancing of TCP UDP and TLS traffic where extreme performance is required
AWS Organizations benefit
Volume discounts for Amazon EC2 and S3 aggregated across the member AWS accounts
Share the reserved Amazon EC2 instances amongst the member AWS accounts
AWS service to notify company when EC2 RI utilization drops below a certain threshold.
AWS budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define
Which AWS service will you use to provision the same AWS infrastructure across multiple AWS accounts and regions?
AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all Regions and accounts
_____________________ connects virtual private clouds (VPC) and on-premises networks through a central hub
AWS Transit Gateway
___________________is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS.
AWS Direct Connect
_________________enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket
Amazon S3 Transfer Acceleration (S3TA)
_____________________________lets you explore AWS services and create an estimate for the cost of your use cases on AWS. You can model your solutions before building them, explore the price points and calculations behind your estimate, and find the available instance types and contract terms that meet your needs.
AWS Pricing Calculator
________________has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time.
AWS Cost Explorer
Which instance type may be interrupted if Amazon needs the compute capacity?
Spot instances
Route 53
Domain registration
health checks and monitoring
DNS routing
integration with other services
AWS DataSync
automate ongoing transfers from on-premises systems into AWS while providing support for incremental data backups
__________________________________ is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (AWS IAM) users or for users that you authenticate (federated users).
AWS Security Token Service (AWS STS)
Firewall & networking configuration of Amazon Elastic Compute Cloud (Amazon EC2) responsibility of Amazon or User?
User
A company needs to keep sensitive data in its own data center due to compliance but would still like to deploy resources using AWS. Which Cloud deployment model does this refer to?
hybrid cloud,
___________ is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS.
AWS snowmobile
____________ is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS.
AWS Snowball
A Cloud Practitioner would like to deploy identical resources across all AWS regions and accounts using templates while estimating costs. Which AWS service can assist with this task?
AWS CloudFormation
_______________ is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
AWS Config
____________ checks security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity, such as hacking, denial-of-service attacks, or loss of data.
Trusted Advisor
__________________ creates an encrypted network path between your on-premises network and your AWS Cloud network. This connection between your on-premises network and your AWS Cloud network uses the internet.
Site-to-Site VPN
Which credential components are required to gain programmatic access to an AWS account?
An access key ID and a secret access key
__________ monitors your AWS resources and the applications that you run on AWS in real time. You can use _____________ with AWS CloudTrail to monitor and receive alerts about console sign-in events that involve the AWS account root user.
CloudWatch
A company is hosting a static website from a single Amazon S3 bucket.
Which AWS service will achieve lower latency and high transfer speeds?
Amazon CloudFront is a web service that speeds up the distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. Content is cached in edge locations. Content that is repeatedly accessed can be served from the edge locations instead of the source S3 bucket.
________________ is a machine learning service that converts text to speech. This service provides the ability to read text out loud.
Amazon Polly
___________________ is an automated lift-and-shift solution. This solution can migrate physical servers and any databases or applications that run on them to EC2 instances in AWS
AWS Application Migration Service
The __________ Support plan provides customer support for non-technical issues, such as increases in service quotas. However, the _____ Support plan does not provide technical support.
basic
What is the MINIMUM AWS Support plan that provides technical support through phone calls?
business support plan
The ___________ Support plan allows only email creation of support tickets and does not provide phone support.
Developer
_____________ is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
Amazon Macie
A user deploys an Amazon RDS DB instance in multiple Availability Zones.
This strategy involves which pillar of the AWS Well-Architected Framework?
reliability
The reliability pillar includes the ability of a workload to perform its intended function correctly and consistently when it is expected to do so. The deployment of Amazon RDS in multiple Availability Zones supports the goal of reliability because it reduces single points of failure.
