AWS Cloud Practioner Cards Flashcards

Question

Which statement best describes security groups? A) They are stateful and deny all inbound traffic by default. B) They are stateful and allow all inbound traffic by default. C) They are stateless and deny all inbound traffic by default. D) They are stateless and allow all inbound traffic by default.

Answer 1

C) They are stateless and deny all inbound traffic by default. The correct response option is Security groups are stateful and deny all inbound traffic by default. Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance. By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs. Learn more: * Security groups for your VPC

Answer 2

D) Internet gateway The correct response option is Internet gateway. The other response options are incorrect because: * A public subnet is a section of a VPC that contains public-facing resources. * An edge location is a site that Amazon CloudFront uses to store cached copies of your content for faster delivery to customers. * A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance. Learn more: * Internet gateways

Answer 3

D) Amazon Route 53 The correct response option is Amazon Route 53. Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that host in AWS. Another feature of Route 53 is the ability to manage the DNS records for domain names. You can transfer DNS records for existing domain names managed by other domain registrars. You can also register new domain names directly in Route 53. The other response options are incorrect because: * Amazon Virtual Private Cloud (Amazon VPC) is a service that enables you to provision an isolated section of the AWS Cloud. In this isolated section, you can launch resources in a virtual network that you define. * AWS Direct Connect is a service that enables you to establish a dedicated private connection between your data center and VPC. * Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. Learn more: * Amazon Route 53

Answer 4

A) Best for data that requires retention C) Separate drives from the host computer of an EC2 instance

Answer 5

C) S3 Standard-IA The correct response option is S3 Standard-IA. The S3 Standard-IA storage class is ideal for data that is infrequently accessed but requires high availability when needed. Both S3 Standard and S3 Standard-IA store data in a minimum of three Availability Zones. S3 Standard-IA provides the same level of availability as S3 Standard but at a lower storage price. The other response options are incorrect because: * In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects’ access patterns. If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If you access an object in the infrequent access tier, S3 automatically moves it to the frequent access tier, S3 Standard. * S3 Glacier Flexible Retrieval and S3 Glacier Deep Archive are low-cost storage classes that are ideal for data archiving. They would not be the best choice for this scenario, which requires high availability. You can retrieve objects stored in the S3 Glacier Flexible Retrieval storage class within a few minutes to a few hours. By comparison, you can retrieve objects stored in the S3 Glacier Deep Archive storage class within 12 hours.

Answer 6

B) Using SQL to organize data E) Storing data in an Amazon Aurora database The two correct response options are: * Using SQL to organize data * Storing data in an Amazon Aurora database The other three response options are scenarios in which you should use Amazon DynamoDB.

Answer 7

B) Amazon S3 Glacier Flexible Retrieval E) Amazon S3 Glacier Deep Archive The correct two response options are: * Amazon S3 Glacier Flexible Retrieval * Amazon S3 Glacier Deep Archive Objects stored in the Amazon S3 Glacier Flexible Retrieval storage class can be retrieved within a few minutes to a few hours. By comparison, objects that are stored in the Amazon S3 Glacier Deep Archive storage class can be retrieved within 12 hours. The other response options are incorrect because: * Amazon S3 Standard is a storage class that is ideal for frequently accessed data, not archival data. * Amazon S3 Intelligent-Tiering monitors access patterns of objects and automatically moves them between the Amazon S3 Standard and Amazon S3 Standard-IA storage classes. It is not designed for archival data. * Amazon S3 Standard-IA is ideal for data that is infrequently accessed but requires high availability when needed. Learn more: * Amazon S3 storage classes

Answer 8

C) EBS volumes and Amazon EFS file systems both store data within a single Availability Zone. The correct response option is: EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones. An EBS volume must be located in the same Availability Zone as the Amazon EC2 instance to which it is attached. Data in an Amazon EFS file system can be accessed concurrently from all the Availability Zones in the Region where the file system is located. Learn more: * Amazon EBS volumes(opens in a new tab) * Amazon EFS: How it works

Answer 9

D) Amazon Simple Storage Service (Amazon S3) The correct response option is Amazon Simple Storage Service (Amazon S3). The other response options are incorrect because: * Amazon Managed Blockchain is a service that you can use to create and manage blockchain networks with open-source frameworks. Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority. * Amazon Elastic File System (Amazon EFS) is a scalable file system used with AWS Cloud services and on-premises resources. It does not store data as object storage. * Amazon Elastic Block Store (Amazon EBS) is a service that provides block-level storage volumes that you can use with Amazon EC2 instances. Learn more: * Amazon S3(opens in a new tab) * What is cloud object storage?

Answer 10

B) A serverless key-value database service The correct response option is A serverless key-value database service. Amazon DynamoDB is a key-value database service. It is serverless, which means that you do not have to provision, patch, or manage servers. The other response options are incorrect because: * A service that enables you to run relational databases in the AWS Cloud describes Amazon Relational Database Service (Amazon RDS). * A service that you can use to migrate relational databases, nonrelational databases, and other types of data stores describes AWS Database Migration Service (AWS DMS). * An enterprise-class relational database describes Amazon Aurora. Learn more: * Amazon DynamoDB

Answer 11

A) Amazon Redshift

Answer 12

B) Patching software on Amazon EC2 instances D) Setting permissions for Amazon S3 objects The correct two response options are: * Patching software on Amazon EC2 instances * Setting permissions for Amazon S3 objects The other three response options are tasks that are the responsibility of AWS. Learn more: * AWS shared responsibility model

Answer 13

C) An individual member account E) An organizational unit (OU) The correct two response options are: * An individual member account * An organizational unit (OU) In AWS Organizations, you can apply service control policies (SCPs) to the organization root, an individual member account, or an OU. An SCP affects all IAM users, groups, and roles within an account, including the AWS account root user. You can apply IAM policies to IAM users, groups, or roles. You cannot apply an IAM policy to the AWS account root user. Learn more: * AWS Organizations(opens in a new tab) * Service control policies(opens in a new tab) * Attaching SCPs

Answer 14

A) Access AWS compliance reports on-demand. E) Review, accept, and manage agreements with AWS The correct two response options are: * Access AWS compliance reports on-demand. * Review, accept, and manage agreements with AWS. The other response options are incorrect because: * Consolidate and manage multiple AWS accounts within a central location- This task can be completed in AWS Organizations. * Create users to enable people and applications to interact with AWS services and resources- This task can be completed in AWS Identity and Access Management (IAM) * Set permissions for accounts by configuring service control policies (SCPs)- This task can be completed in AWS Organizations. Learn more: * AWS Artifact

Answer 15

B) A document that grants or denies permissions to AWS services and resources The correct response option is: A document that grants or denies permissions to AWS services and resources. IAM policies provide you with the flexibility to customize users’ levels of access to resources. For instance, you can allow users to access all the Amazon S3 buckets in your AWS account or only a specific bucket. The other response options are incorrect because: * Multi-factor authentication (MFA) is an authentication process that provides an extra layer of protection for your AWS account. * An IAM role is an identity that you can assume to gain temporary access to permissions. * The root user identity is the identity that is established when you first create an AWS account. Learn more: * AWS IAM: Policies and permissions

Answer 16

C) IAM role The correct answer is IAM role. An IAM role is an identity that you can assume to gain temporary access to permissions. When someone assumes an IAM role, they abandon all permissions that they had under a previous role and assume the permissions of the new role. IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily instead of long-term. The other response options are incorrect because: * The AWS account root user is established when you first create an AWS account. As a best practice, do not use the root user for everyday tasks. * Although you can attach IAM policies to an IAM group, this would not be the best choice for this scenario because the employee only needs to be granted temporary permissions. * Service control policies (SCPs) enable you to centrally control permissions for the accounts in your organization. An SCP is not the best choice for granting temporary permissions to an individual employee. Learn more: * IAM roles

Answer 17

C) Granting only the permissions that are needed to perform specific tasks The correct response option is: Granting only the permissions that are needed to perform specific job tasks. When you grant permissions by following the principle of least privilege, you prevent users or roles from having more permissions than needed to perform specific job tasks. For example, cashiers in the coffee shop should be given access to the cash register system. As a best practice, grant IAM users and roles a minimum set of permissions and then grant additional permissions as needed. Learn more: * Security best practices in IAM

Answer 18

D) AWS Shield The correct response option is AWS Shield. As network traffic comes into your applications, AWS Shield uses a variety of analysis techniques to detect potential DDoS attacks in real time and automatically mitigates them. The other response options are incorrect because: * Amazon GuardDuty is a service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment. * Amazon Inspector checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions. * AWS Artifact is a service that provides on-demand access to AWS security and compliance reports and select online agreements. Learn more: * AWS Shield

Answer 19

C) Create cryptographic keys. The correct response option is: Create cryptographic keys. AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications. The other response options are incorrect because: * You can configure multi-factor authentication (MFA) in AWS Identity and Access Management (IAM). * You can update the AWS account root user password in the AWS Management Console. * You can assign permissions to users and groups in AWS Identity and Access Management (IAM). Learn more: * AWS KMS

Answer 20

B) Track user activities and API requests throughout your AWS infrastructure D) Filter logs to assist with operational analysis and troubleshooting The correct two response options are: * Track user activities and API requests throughout your AWS infrastructure * Filter logs to assist with operational analysis and troubleshooting The other response options are tasks that you can perform in Amazon CloudWatch. Learn more: * AWS CloudTrail

Answer 21

C) AWS Trusted Advisor The correct response option is AWS Trusted Advisor. AWS Trusted Advisor is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. The inspection includes security checks, such as Amazon S3 buckets with open access permissions. The other response options are incorrect because: * Amazon CloudWatch is a web service that enables you to monitor and manage various metrics for the resources that run your applications. * AWS CloudTrail is a web service that enables you to review details for user activities and API calls that have occurred within your AWS environment. * Amazon GuardDuty is a service that provides intelligent threat detection for your AWS environment and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment. Learn more: * AWS Trusted Advisor

Answer 22

A) Monitor your resources’ utilization and performance D) Access metrics from a single dashboard The two correct response options are: * Monitor your resources’ utilization and performance * Access metrics from a single dashboard The other response options are incorrect because: * Receiving real-time recommendations for improving your AWS environment can be performed by AWS Trusted Advisor. * Comparing your infrastructure to AWS best practices in five categories can be performed by AWS Trusted Advisor. * Automatically detecting unusual account activity can be performed by AWS CloudTrail. Learn more: * Amazon CloudWatch

Answer 23

B) Performance E) Fault tolerance The two correct response options are: * Performance * Fault tolerance AWS Trusted Advisor continuously inspects your AWS environment and provides best practice recommendations across five categories: cost optimization, performance, security, fault tolerance, and service limits. Learn more: * AWS Trusted Advisor

Answer 24

D) 12 months The correct response option is 12 months. The AWS Free Tier consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials. For 12 months after you first sign up for an AWS account, you can take advantage of offers in the 12 Months Free category. Examples of offers in this category include specific amounts of Amazon S3 Standard Storage, thresholds for monthly hours of Amazon EC2 compute time, and amounts of Amazon CloudFront data transfer out. Learn more: * AWS Free Tier

Answer 25

C) Business The correct response option is Business. Only the Business, Enterprise On-Ramp, and Enterprise Support plans include all AWS Trusted Advisor checks. Of these three Support plans, the Business Support plan has a lower cost. Learn more: * Compare AWS Support plans

Answer 26

B) Platform Perspective The correct response option is Platform Perspective. The Platform Perspective of the AWS Cloud Adoption Framework also includes principles for implementing new solutions and migrating on-premises workloads to the cloud. The other response options are incorrect because: * The Business Perspective helps you to move from a model that separates business and IT strategies into a business model that integrates IT strategy. * The Operations Perspective focuses on operating and recovering IT workloads to meet the requirements of your business stakeholders. * The People Perspective helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies. Learn more: * Whitepaper: An Overview of the AWS Cloud Adoption Framework

Answer 27

D) Repurchasing The correct response option is Repurchasing. Repurchasing involves replacing an existing application with a cloud-based version, such as software found in AWS Marketplace. The other response options are incorrect because: * Refactoring involves changing how an application is architected and developed, typically by using cloud-native features. * Retiring involves removing an application that is no longer used or that can be turned off. * Replatforming involves selectively optimizing aspects of an application to achieve benefits in the cloud without changing the core architecture of the application. It is also known as “lift, tinker, and shift.” Learn more: * 6 Strategies for Migrating Applications to the Cloud

Answer 28

C) 80 TB The correct response option is 80 TB. Snowball Edge Storage Optimized is a device that enables you to transfer large amounts of data into and out of AWS. It provides 80 TB of usable HDD storage. Learn more: * AWS Snow Family

Answer 29

D) Amazon SageMaker The correct response option is Amazon SageMaker. With Amazon SageMaker, you can quickly and easily begin working on machine learning projects. You do not need to follow the traditional process of manually bringing together separate tools and workflows. The other response options are incorrect because: * Amazon Textract is a machine learning service that automatically extracts text and data from scanned documents. * Amazon Lex is a service that enables you to build conversational interfaces using voice and text. * AWS DeepRacer is an autonomous 1/18 scale race car that you can use to test reinforcement learning models. Learn more: * Amazon SageMaker

Answer 30

B) Security Perspective The correct response option is Security Perspective. The Security Perspective of the AWS Cloud Adoption Framework also helps you to identify areas on non-compliance and plan ongoing security initiatives. The other response options are incorrect because: * The Governance Perspective helps you to identify and implement best practices for IT governance and support business processes with technology. * The Operations Perspective focuses on operating and recovering IT workloads to meet the requirements of your business stakeholders. * The Business Perspective helps you to move from a model that separates business and IT strategies into a business model that integrates IT strategy. Learn more: * Whitepaper: An Overview of the AWS Cloud Adoption Framework

Answer 31

B) Retaining E) Rehosting The two correct response options are: * Retaining * Rehosting The application migration strategies are rehosting, replatforming, refactoring/re-architecting, repurchasing, retaining, and retiring. Learn more: * 6 Strategies for Migrating Applications to the Cloud

Answer 32

D) 100 PB The correct response option is 100 PB. AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi trailer truck. Learn more: * AWS Snow Family

Answer 33

A) A service that enables you to build conversational interfaces using voice and text The correct response option is "A service that enables you to build conversational interfaces using voice and text." In Amazon Lex, you can quickly build, test, and deploy conversational chatbots to use in your applications. The other response options are incorrect because: * A machine learning service that automatically extracts text and data from scanned document describes Amazon Textract. * A document database service that supports MongoDB workloads describes Amazon DocumentDB. * A service that enables you to identify potentially fraudulent online activities describes Amazon Fraud Detector. Learn more: * Amazon Lex

Answer 34

D) Reliability The correct response option is Reliability. The other response options are incorrect because: * The Operational Excellence pillar includes the ability to run workloads effectively, gain insights into their operations, and continuously improve supporting processes to deliver business value. * The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve. * The Security pillar includes protecting data, systems, and assets, and using cloud technologies to improve the security of your workloads. Learn more: * Whitepaper: AWS Well-Architected Framework

Answer 35

B) Receiving lower pay-as-you-go prices as the result of AWS customers’ aggregated usage of services The correct response option is: Receiving lower pay-as-you-go prices as the result of AWS customers’ aggregated usage of services. Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale. The economies of scale translate into lower pay-as-you-go prices. The other response options are incorrect because: * Deploying an application in multiple Regions around the world: This process is an example of Go global in minutes. * Paying for compute time as you use it instead of investing upfront costs in data centers: This process is an example of Trade upfront expense for variable expense. * Scaling your infrastructure capacity in and out to meet demand: This process is an example of Stop guessing capacity. Learn more: * Six advantages of cloud computing

Answer 36

B) Operational Excellence The correct response option is Operational Excellence. The other response options are incorrect because: * The Cost Optimization pillar focuses on the ability to run systems to deliver business value at the lowest price point. * The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve. * The Reliability pillar focuses on the ability of a workload to consistently and correctly perform its intended functions. Learn more: * AWS Well-Architected Framework

Answer 37

B) Receiving lower pay-as-you-go prices as the result of AWS customers’ aggregated usage of services The correct response option is: Receiving lower pay-as-you-go prices as the result of AWS customers’ aggregated usage of services. Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale. The economies of scale translate into lower pay-as-you-go prices. The other response options are incorrect because: * Deploying an application in multiple Regions around the world: This process is an example of Go global in minutes. * Paying for compute time as you use it instead of investing upfront costs in data centers: This process is an example of Trade upfront expense for variable expense. * Scaling your infrastructure capacity in and out to meet demand: This process is an example of Stop guessing capacity. Learn more: * Six advantages of cloud computing

Answer 38

B) Operational Excellence The correct response option is Operational Excellence. The other response options are incorrect because: * The Cost Optimization pillar focuses on the ability to run systems to deliver business value at the lowest price point. * The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve. * The Reliability pillar focuses on the ability of a workload to consistently and correctly perform its intended functions. Learn more: * AWS Well-Architected Framework

Answer 39

A) Increase speed and agility. E) Stop spending money running and maintaining data centers The two correct response options are: * Increase speed and agility. * Stop spending money running and maintaining data centers. The six advantages of cloud computing are: * Trade upfront expense for variable expense. * Benefit from massive economies of scale. * Stop guessing capacity. * Increase speed and agility. * Stop spending money running and maintaining data centers. * Go global in minutes. Learn more: * Six advantages of cloud computing

Answer 40

B) 700 The correct response option is 700. Key words and phrases that you might have identified in this question include minimum and AWS Certified Cloud Practitioner.

Answer 41

A) Security and Compliance D) Billing and Pricing The two correct response options are: * Security and Compliance * Billing and Pricing Key words and phrases that you might have identified in this question include domains and AWS Certified Cloud Practitioner. The other three response options are domains that are included on the AWS Certified SysOps Administrator – Associate exam.

Answer 42

D) A service that provides intelligent threat detection for AWS infrastructure and resources The correct response option is A service that provides intelligent threat detection for your AWS infrastructure and resources. AWS GuardDuty identifies threats by continually monitoring the network activity and account behavior within an AWS environment. The other response options are incorrect because: * A service that helps protect applications against distributed denial-of-service (DDoS) attacks - This response option describes AWS Shield. * A service that checks applications for security vulnerabilities and deviations from security best practices - This response option describes Amazon Inspector. * A service that monitors network requests for web applications - This response option describes AWS WAF. Learn more: * Amazon GuardDuty

Answer 43

C) AWS CloudTrail The correct response option is AWS CloudTrail. With CloudTrail, a person can view a complete history of user activity and API calls for their applications and resources. Events are typically updated in CloudTrail within 15 minutes after an API call was made. A person can filter events by specifying the time and date that an API call occurred, the user who requested the action, the type of resource that was involved in the API call, and more. The other response options are incorrect because: * Amazon CloudWatch is a service that provides data for monitoring applications, optimizing resource utilization, and responding to system-wide performance changes. * Amazon Inspector is a service that checks applications for security vulnerabilities and deviations from security best practices. * AWS Trusted Advisor is an online tool that inspects an AWS environment and provides real-time guidance in accordance with AWS best practices. Learn more: * AWS CloudTrail

Answer 44

D) Operations Perspective The correct response option is Operations Perspective. The Operations Perspective of the AWS Cloud Adoption Framework also includes principles for operating in the cloud by using agile best practices. The other response options are incorrect because: * The Business Perspective helps moves a business from a model that separates business and IT strategies into a business model that integrates IT strategy. * The People Perspective helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies. * The Governance Perspective provides the capability to update the staff skills and organizational processes that are necessary to ensure business governance in the cloud. Learn more: * Whitepaper: An Overview of the AWS Cloud Adoption Framework

Answer 45

A) AWS Cost Explorer The correct response option is AWS Cost Explorer. With AWS Cost Explorer, businesses can quickly create custom reports to analyze their AWS cost and usage data. The other response options are incorrect because: * AWS Budgets lets businesses set custom alerts that will notify individuals when a service usage exceeds (or is forecasted to exceed) the amount that has been budgeted. * AWS Pricing Calculator creates an estimate for the cost of a business' use cases on AWS. In the AWS Pricing Calculator, a person can enter details for their cloud computing requirements and then receive a detailed estimate that can be exported and shared. * AWS Artifact is a service that provides access to AWS security and compliance reports and special online agreements. Learn more: * AWS Cost Explorer

Answer 46

C) Amazon DynamoDB The correct response option is Amazon DynamoDB. Amazon DynamoDB is a key-value database service. A key-value database might include data pairs such as “Name: John Doe,” “Address: 123 Any Street,” and “City: Anytown”. In a key-value database, you can add or remove attributes from items in the table at any time. Additionally, not every item in the table has to have the same attributes. The other response options are incorrect because: * Amazon Relational Database Service (Amazon RDS) and Amazon Aurora use structured query language (SQL) to store and query data. They are not key-value databases. * Amazon DocumentDB is a document database service that supports MongoDB workloads. Learn more: * Amazon DynamoDB

Answer 47

A) Deliver content to customers through a global network of edge locations The correct response is Deliver content to customers through a global network of edge locations. Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on. The other response options are incorrect because: * Run infrastructure in a hybrid cloud approach - This action can be performed with AWS Outposts. * Provision resources by using programming languages or a text file - This action can be performed in AWS CloudFormation. * Provision an isolated section of the AWS Cloud to launch resources in a virtual network that a person defines - This action can be performed in Amazon Virtual Private Cloud (Amazon VPC). Learn more: * Amazon CloudFront

Answer 48

A) Enterprise C) Business The two correct response options are: * Enterprise * Business The other response options are incorrect because: * The Basic and Developer Support plans provide access to a limited selection of AWS Trusted Advisor checks. * The AWS Free Tier is not a Support plan. It is a program that consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials. Learn more: * AWS Trusted Advisor

Answer 49

B) Amazon S3 Intelligent-Tiering The correct response option is Amazon S3 Intelligent-Tiering. In the Amazon S3 Intelligent-Tiering storage class, Amazon S3 monitors object access patterns. If an object has not been accessed for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, Amazon S3 Standard-IA. If an object is accessed in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, Amazon S3 Standard. The other response options are incorrect because: * Amazon S3 Glacier Flexible Retrieval is a low-cost storage class that is ideal for data archiving. A person can retrieve objects stored in the Amazon S3 Glacier Flexible Retrieval storage class within a few minutes to a few hours. * The Amazon S3 Standard-IA storage class is ideal for data that is infrequently accessed but requires high availability when needed. Both Amazon S3 Standard and Amazon S3 Standard-IA store data in a minimum of three Availability Zones. Amazon S3 Standard-IA provides the same level of availability as Amazon S3 Standard but at a lower storage price. * Amazon S3 One Zone-IA is ideal for infrequently accessed data that does not require high availability. Learn more: * Amazon S3 storage classes

Answer 50

A) AWS Command Line Interface The correct response option is AWS Command Line Interface. The AWS Command Line Interface (AWS CLI) provides the capability to control multiple AWS services directly from the command line within one tool. For example, a person can use commands to start an Amazon EC2 instance, connect an Amazon EC2 instance to a specific Auto Scaling group, and more. The AWS CLI is available for users on Windows, macOS, and Linux. The other response options are incorrect because: * Amazon Redshift is a data warehousing service for providing big data analytics. It offers the ability to collect data from many sources and provides insight into relationships and trends across a data set. * Amazon Quantum Ledger Database (Amazon QLDB) is a ledger database service. A person can use Amazon QLDB to review a complete history of all the changes that have been made to application data. * AWS Snowball is a device that transfers large amounts of data into and out of AWS. Learn more: * AWS Command Line Interface

Answer 51

A) Performance The correct response option is Performance. In this category, AWS Trusted Advisor also helps improve the performance of services by providing recommendations for how to take advantage of provisioned throughput. The other response options are incorrect because: * The Security category includes checks that review permissions and identify which AWS security features to enable. * The Cost Optimization category includes checks for unused or idle resources that could be eliminated and provide cost savings. * The Fault Tolerance category includes checks to help improve an application's availability and redundancy. Learn more: * AWS Trusted Advisor

Answer 52

D) A digital catalog that includes thousands of software listings from independent software vendors The correct response option is A digital catalog that includes thousands of listings from independent software vendors. Businesses can use AWS Marketplace to find, test, and buy software that runs on AWS. The other response options are incorrect because: * A resource that can answer questions about best practices and assist with troubleshooting issues - This response option describes AWS Support. * A resource that provides guidance, architectural reviews, and ongoing communication with companies as they plan, deploy, and optimize their applications - This response option describes a Technical Account Manager (TAM). * An online tool that inspects an AWS environment and provides real-time guidance in accordance with AWS best practices - This response option describes AWS Trusted Advisor. Learn more: * AWS Marketplace

Answer 53

C) AWS Snowmobile The correct response option is AWS Snowmobile. AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi-trailer truck. The other response options are incorrect because: * Amazon Neptune is a graph database service. Amazon Neptune provides the capability to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs. * Amazon CloudFront is a content delivery service. * AWS DeepRacer is an autonomous 1/18 scale race car that tests reinforcement learning models. Learn more: * AWS Snow Family

Answer 54

A) Amazon Augmented AI The correct response option is Amazon Augmented AI. Amazon Augmented AI (Amazon A2I) provides built-in human review workflows for common machine learning use cases, such as content moderation and text extraction from documents. With Amazon A2I, a person can also create their own workflows for machine learning models built on Amazon SageMaker or any other tools. The other response options are incorrect because: * Amazon Textract is a machine learning service that automatically extracts text and data from scanned documents. * Amazon Lex is a service that builds conversational interfaces using voice and text. * Amazon Aurora is an enterprise-class relational database. Learn more: * Amazon Augmented AI

Answer 55

C) A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances The correct response option is A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances. A load balancer acts as a single point of contact for all incoming web traffic to an Auto Scaling group. This means that as Amazon EC2 instances are added or removed in response to the amount of incoming traffic, these requests are routed to the load balancer first and then spread across multiple resources that will handle them. The other response options are incorrect because: * A service that monitors applications and automatically adds or removes capacity from resource groups in response to changing demand - This response option describes AWS Auto Scaling. * A service that provides data for monitoring applications, optimize resource utilization, and respond to system-wide performance changes - This response option describes Amazon CloudWatch. Although Elastic Load Balancing does optimize resource utilization by distributing incoming traffic across available resources, this would not be the best response option because Elastic Load Balancing does not provide all the other listed features. * A service that provides the capability to create, manage, and scale a distributed in-memory or cache environment in the cloud - This response option describes Amazon ElastiCache. Learn more: * Elastic Load Balancing

Answer 56

C) EC2 Instance Savings Plans The correct response option is EC2 Instance Savings Plans. EC2 Instance Savings Plans reduces compute costs by committing to a consistent hourly spend for a 1-year or 3-year term. This results in savings of up to 72% over On-Demand Instance costs. Any EC2 usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an hour). Any EC2 usage beyond the commitment is charged at regular On-Demand Instance rates. The other response options are incorrect because: * Reserved Instances are a billing discount that is applied to the use of On-Demand Instances in an AWS account. A business can purchase Standard Reserved and Convertible Reserved Instances for a 1-year or 3-year term. Unlike EC2 Instance Savings Plans, Reserved Instances do not require an hourly spend commitment over the duration of the contract term. * Spot Instances are ideal for workloads with flexible start and end times or that can withstand interruptions. Spot Instances leverage unused EC2 computing capacity and offer cost savings at up to 90% of On-Demand Instance prices. * Dedicated Hosts are physical servers with EC2 instance capacity that is fully dedicated to a single customer. A business can use existing per-socket, per-core, or per-VM software licenses to help maintain license compliance. A business can purchase On-Demand Dedicated Hosts or Reserved Dedicated Hosts. Of all the Amazon EC2 options that were covered in this course, Dedicated Hosts are the most expensive. Learn more: * Savings Plans

Answer 57

A) A fully isolated portion of the AWS global infrastructure The correct response option is A fully isolated portion of the AWS global infrastructure. An Availability Zone is a single data center or a group of data centers within a Region. Availability Zones are located tens of miles apart from each other. This helps them to provide interconnectivity to support the services and applications that run within a Region. The other response options are incorrect because: * A separate geographical location with multiple locations that are isolated from each other - This response option describes a Region. * The server from which Amazon CloudFront gets files - This response option describes an origin. * A site that Amazon CloudFront uses to cache copies of content for faster delivery to users at any location - This response option describes an Edge location. Learn more: * AWS global infrastructure(opens in a new tab) * Regions and Availability Zones

Answer 58

D) Refactoring The correct response option is Refactoring. The other response options are incorrect because: * Repurchasing involves replacing an existing application with a cloud-based version, such as software found in AWS Marketplace. * Rehosting involves moving an application to the cloud with little to no modifications to the application itself. It is also known as “lift and shift.” * Replatforming involves selectively optimizing aspects of an application to achieve benefits in the cloud without changing the core architecture of the application. It is also known as “lift, tinker, and shift.” Learn more: * 6 Strategies for Migrating Applications to the Cloud

Answer 59

D) Businesses pay only for compute time while their code is running The correct response option is Businesses pay only for compute time while their code is running. AWS Lambda is a service that runs code without needing to provision or manage servers. While using AWS Lambda, businesses pay only for the compute time that they consume. They are charged only when their application code is running. With AWS Lambda, they can run code for virtually any type of application or backend service, all with zero administration. Learn more: * AWS Lambda

Answer 60

A) S3 Standard-IA D) S3 Standard The two correct response options are: * S3 Standard * S3 Standard-IA In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects access patterns. If an object has not accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If an object is accessed in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard. Learn more: * Amazon S3 storage classes

Answer 61

A) AWS Organizations The correct response option is AWS Organizations. In AWS Organizations, businesses centrally control permissions for their accounts by using service control policies (SCPs). Additionally, businesses can use the consolidated billing feature in AWS Organizations to combine usage and receive a single bill for multiple AWS accounts. The other response options are incorrect because: * AWS Identity and Access Management (IAM) is a service that manages access to AWS services and resources. * AWS Artifact is a service that provides the capability to access AWS security and compliance reports and special online agreements. * AWS Key Management Service (AWS KMS) is a service that creates, manages, and uses cryptographic keys. Learn more: * AWS Organizations

Answer 62

A) Manage DNS records for domain names. D) Connect user requests to infrastructure in AWS and outside of AWS The correct two response options are: * Connect user requests to infrastructure in AWS and outside of AWS. * Manage DNS records for domain names. Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that are hosted in AWS. Additionally, businesses can transfer DNS records for existing domain names that are currently managed by other domain registrars, or register new domain names directly within Amazon Route 53. The other response options are incorrect because: * Monitor applications and respond to system-wide performance changes - These actions can be performed in Amazon CloudWatch. * Access AWS security and compliance reports and special online agreements - This action can be performed in AWS Artifact. * Automate the deployment of workloads into an AWS environment - This action can be performed with AWS Quick Starts. Learn more: * Amazon Route 53

Answer 63

D) Amazon Simple Queue Service (Amazon SQS) The correct response option is Amazon Simple Queue Service (Amazon SQS). Amazon SQS is a message queuing service. Using Amazon SQS, an application developer can send, store, and receive messages between software components at any volume size, without losing messages or requiring other services to be available. In Amazon SQS, an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue. The other response options are incorrect because: * AWS Snowball is a device that transfers large amounts of data into and out of AWS. * Amazon ElastiCache is a service that adds caching layers on top of databases to help improve the read times of common requests. * Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that are hosted in AWS. Additionally, a person can transfer DNS records for existing domain names that are currently managed by other domain registrars or register new domain names directly in Amazon Route 53. Learn more: * Amazon SQS

Answer 64

C) Performance Efficiency The correct response option is Performance Efficiency. The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve. The other responses are incorrect because: * The Operational Excellence pillar includes the ability to run workloads effectively, gain insights into their operations, and continuously improve supporting processes to deliver business value. * The Security pillar focuses on protecting data, systems, and assets. It also focuses on using cloud technologies to improve the security of your workloads. * The Reliability pillar focuses on the ability of a workload to consistently and correctly perform its intended functions. Learn more: * AWS Well-Architected Framework

Answer 65

D) AWS Elastic Beanstalk The correct response option is AWS Elastic Beanstalk. Businesses upload their application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. The other response options are incorrect because: * AWS Outposts is a service that runs infrastructure in a hybrid cloud approach. * Amazon CloudFront is a content delivery service. * AWS Snowball is a device that transfers large amounts of data into and out of AWS. Learn more: * AWS Quick Starts

Answer 66

B) Maintaining virtualization infrastructure E) Configuring AWS infrastructure devices The two correct response options are: * Maintaining virtualization infrastructure * Configuring AWS infrastructure devices The other three response options are tasks that are the responsibilities of customers. Learn more: * AWS shared responsibility model

Answer 67

C) AWS Direct Connect The correct response option is AWS Direct Connect. AWS Direct Connect is a service that establishes a dedicated private connection between an on-premises data center and VPC. The private connection that AWS Direct Connect provides helps reduce network costs and increase the amount of bandwidth that can travel through a network. The other response options are incorrect because: * Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. * A virtual private gateway establishes a virtual private network (VPN) connection between a VPC and a private network, such as an on-premises data center or internal corporate network. A virtual private gateway allows traffic into the VPC only if it is coming from an approved network. * An internet gateway is a connection between a VPC and the internet. It allows public traffic from the internet to access a VPC. Learn more: * AWS Direct Connect

Answer 68

C) Security group The correct response option is security group. A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance. By default, a security group denies all inbound traffic and allows all outbound traffic. Businesses can add custom rules to configure which traffic should be allowed or denied. The other response options are incorrect because: * A subnet is a section of a VPC in which a person can group resources based on security or operational needs. * A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level. * An internet gateway is a connection between a VPC and the internet. It allows public traffic from the internet to access a VPC. Learn more: * Security groups for your VPC

Answer 69

A) Amazon Elastic Kubernetes Service (Amazon EKS) The correct response option is Amazon Elastic Kubernetes Service (Amazon EKS). Amazon EKS is a fully managed service that runs Kubernetes on AWS. Kubernetes is open-source software that deploys and manages containerized applications at scale. Containers provide a standard way to package an application's code and dependencies into a single object. Containers are frequently used for processes and workflows in which there are essential requirements for security, reliability, and scalability. The other response options are incorrect because: * Amazon SageMaker is a service that provides the capability to quickly build, train, and deploy machine learning models. * Amazon Aurora is an enterprise-class relational database. * Amazon Redshift is a data warehousing service for big data analytics. Learn more: * Amazon EKS

Answer 70

C) Amazon Elastic Block Store (Amazon EBS) The correct response option is Amazon Elastic Block Store (Amazon EBS). Amazon EBS provides block-level storage volumes for Amazon EC2 instances. If a person stops or terminates an Amazon EC2 instance, all the data on the attached EBS volume remains available. The other response options are incorrect because: * Amazon Simple Storage Service (Amazon S3) is a service that provides object-level storage. Amazon S3 stores data as objects within buckets. * AWS Lambda is a service that runs code without provisioning or managing servers. * Amazon ElastiCache is a service that adds caching layers on top of databases to help improve the read times of common requests. Learn more: * Amazon EBS

Answer 71

C) Instance store The correct response option is instance store. Instance stores are ideal for temporary data that does not need to be kept long term. When an Amazon EC2 instance is stopped or terminated, all the data that has been written to the attached instance store is deleted. The other response options are incorrect because: * Amazon EBS volumes are ideal for data that needs to be retained. When an Amazon EC2 instance is stopped or terminated, all of the data on the attached EBS volume is still available. * Amazon S3 buckets cannot be attached to Amazon EC2 instances. * A subnet is a section of a virtual private cloud (VPC) in which you can group resources based on security or operational needs. Learn more: * Amazon EC2 instance store

Answer 72

C) Combine usage across accounts to receive volume pricing discounts. The correct response option is: Combine usage across accounts to receive volume pricing discounts. The other response options are incorrect because: * Review how much cost your predicted AWS usage will incur by the end of the month - You can perform this action in AWS Budgets. * Create an estimate for the cost of your use cases on AWS - You can perform this action in AWS Pricing Calculator. * Visualize and manage your AWS costs and usage over time - You can perform this action in AWS Cost Explorer. Learn more: * Consolidated billing for AWS Organizations

Answer 73

C) AWS Cost Explorer The correct response option is AWS Cost Explorer. AWS Cost Explorer includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level. The other response options are incorrect because: * AWS Pricing Calculator enables you to create an estimate for the cost of your use cases on AWS. * AWS Budgets enables you to create budgets to plan your service usage, service costs, and instance reservations. In AWS Budgets, you can also set custom alerts when your usage exceeds (or is forecasted to exceed) the budgeted amount. * The AWS Free Tier is a program that consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials. Learn more: * AWS Cost Explorer

Answer 74

B) AWS Budgets The correct response option is AWS Budgets. In AWS Budgets, you can set custom alerts that will notify you when your service usage exceeds (or is forecasted to exceed) the amount that you have budgeted. Your budget can be based on costs or usage. For example, you can set an alert that will notify you when you have incurred $100.00 of costs in Amazon EC2 or 500,000 requests in AWS Lambda. The other response options are incorrect because: * From the billing dashboard in the AWS Management Console, you can view details on your AWS bill, such as service costs by Region, month to date spend, and more. However, you cannot set alerts from the billing dashboard. * The AWS Free Tier is a program that consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials. * AWS Cost Explorer is a tool that enables you to visualize, understand, and manage your AWS costs and usage over time. Learn more: * AWS Budgets

Answer 75

B) Enterprise The correct response option is Enterprise. A Technical Account Manager (TAM) is available only to AWS customers with the Enterprise On-Ramp and Enterprise Support plans. A TAM provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications. Learn more: * Compare AWS Support plans

Answer 76

A) AWS Marketplace The correct response option is AWS Marketplace. AWS Marketplace is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS. The other response options are incorrect because: * The AWS Free Tier consists of offers that allow customers to use AWS services without incurring costs. These offers are related to AWS services, not third-party software that can be used on AWS. * AWS Support is a resource that can answer questions about best practices, assist with troubleshooting issues, help you to identify ways to optimize your use of AWS services, and so on. * You can use the billing dashboard in the AWS Management Console to view details such as service costs by Region, the top services being used by your account, and forecasted billing costs. From the billing dashboard, you can also access other AWS billing tools, such as AWS Cost Explorer, AWS Budgets, and AWS Budgets Reports. Learn more: * AWS Marketplace

Answer 77

* Snowball Edge Storage Optimized devices are well suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs. ○ Storage: 80 TB of hard disk drive (HDD) capacity for block volumes and Amazon S3 compatible object storage, and 1 TB of SATA solid state drive (SSD) for block volumes. Compute: 40 vCPUs, and 80 GiB of memory to support Amazon EC2 sbe1 instances (equivalent to C5).

Answer 78

* Snowball Edge Compute Optimized provides powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks. ○ Storage: 80-TB usable HDD capacity for Amazon S3 compatible object storage or Amazon EBS compatible block volumes and 28 TB of usable NVMe SSD capacity for Amazon EBS compatible block volumes. Compute: 104 vCPUs, 416 GiB of memory, and an optional NVIDIA Tesla V100 GPU. Devices run Amazon EC2 sbe-c and sbe-g instances, which are equivalent to C5, M5a, G3, and P3 instances.

Answer 79

AWS Snowmobile is an exabyte-scale data transfer service used to move large amounts of data to AWS. You can transfer up to 100 petabytes of data per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi trailer truck.

Answer 80

By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers aggregates in the cloud, providers such as AWS can achieve higher economies of scale. Economies of scale translate into lower pay-as-you-go prices

Answer 81

1 Cloud Concepts 2 Security and Compliance 3 Technology 4 Billing and Pricing

Answer 82

D) On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

Answer 83

A) Private cloud deployment

Answer 84

B) The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.

Answer 85

B) Storage optimized

Answer 86

C) General purpose

Answer 87

A) Memory optimized

Answer 88

D) Compute optimized

Answer 89

D) Standard Reserved Instances

Answer 90

B) EC2 Instance Savings Plans

Answer 91

C) Amazon Simple Notification Service (Amazon SNS)

Answer 92

B) Application Load Balancer

Answer 93

B) Transit VIF from Direct Connect router to Direct Connect gateway

Answer 94

C) Resolve private zone records from on premises

Answer 95

C) Amazon EC2, ECS, and EKS resources running in the communication service provider's data center (CSP DC)

Answer 96

B) Local Zones

Answer 97

C) Direct Connect

Answer 98

A) The VPC is not from the same account as the transit gateway

Answer 99

D) Transit gate support routing between VPCs with identical CIDRs

Answer 100

B) Task definition

Answer 101

A) Amazon EC2 instance store C) Amazon EC2 with EBS D) Amazon EFS

Answer 102

A) Amazon ECS D) Amazon EAKS

Answer 103

A) Increased deployment frequency B) Decreased lead time C) Decreased deployment failure rate

Answer 104

A) EC2 instances B) AWS Lambda C) On-permises servers E) Amazon ECS

Answer 105

D) CodePipeline

Answer 106

A) Central repository B) Version control C) Automated validation

Answer 107

C) Make sure all database changes are backwards compatible

Answer 108

B) CloudFront distributions C) API Gateway deployments D) Application Load Balancers

Answer 109

A) It offers more visibility than Shield Standard C) it is a subscription service D) The AWS DDos team will triage attacks and analyze policies

Answer 110

A) Amazon S3

Answer 111

B) It can rotate keys automatically C) It protects KMS keys D) You can control key useage through policies

Answer 112

A) You can use up to 28 devices in a cluster B) You can clone clusters C) You can use it for envelopes encryption

Answer 113

A) Versioning is enabled by default C) You can use Lambda functions to automate key rotation D) The ability to rotate Amazon RDS passwords is available by default

Answer 114

A) CSV file B) Amazon S3 inventory report

Answer 115

A) You can customize workflows B) Blueprints generate AWS Glue workflows D) You can set workflows as one-time or recurring events

Answer 116

B) 30 days

Answer 117

A) AWS Budgets

Answer 118

A) Cost Anomaly Detection

Answer 119

D) AWS Cost Explorer

Answer 120

A) Increased security against DDos attacks B) Decreased latency for application end users C) Decreased data transfer costs for origin retrieval

Answer 121

C) Lambda@Edge

Answer 122

D) Anycast IP

Answer 123

A) Use signed URLs to restrict content access C) Set different TTLs for different file types D) Enforce HTTPS only connections

Answer 124

D) Refactor

Answer 125

C) repurchase

Answer 126

B) AWS SCT C) AWS DMS