AWS Cloud Practitioner

Question 1

What are six Advantages of Cloud Computing?

Answer 1

1. Trade capital expense for variable expense
2. Benefit from massive economies of scale
3. Stop guessing capacity
4. Increase speed and agility
5. Stop spending money running and maintaining data centers
6. Go global in minutes

Question 2

What Models Cloud Computing provides?

Answer 2

1. Infrastructure as a Service (IaaS)
2. Platform as a Service (PaaS)
3. Software as a Service (SaaS)

Question 3

What Deployment Models Cloud Computing defines?

Answer 3

1. Cloud
2. Hybrid
3. On-premises

Question 4

What is cloud computing?

Answer 4

On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

Question 5

What is another name for on-premises deployment?

Answer 5

Private cloud deployment

Question 6

How does the scale of cloud computing help you to save costs?

Answer 6

The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.

Question 7

What types of Amazon EC2 instance are available?

Answer 7

1. General purpose instances
2. Compute optimized instances - compute optimized applications are ideal for high-performance web servers, compute-intensive applications servers, and dedicated gaming servers or batch processing workloads.
3. Memory optimized instances - idela for high-performance database or a workload that involves performing real-time processing of a large amount of unstructured data
4. Accelerated computing instances - ideal for workloads such as graphics applications, game streaming, and application streaming
5. Storage optimized instances - workloads suitable for storage optimized instances include distributed file systems, data warehousing applications, and high-frequency online transaction processing (OLTP) systems

Question 8

What type of pricing Amazon EC2 have?

Answer 8

1. On-Demand - ideal for short-term, irregular workloads that cannot be interrupted, you pay for only the compute time you use.
2. Amazon EC2 Savings Plans - you to reduce your compute costs by committing to a consistent amount of compute usage for a 1-year or 3-year term.
3. Reserved Instances - You can purchase Standard Reserved and Convertible Reserved Instances for a 1-year or 3-year term, and Scheduled Reserved Instances for a 1-year term
4. Spot Instances - ideal for workloads with flexible start and end times, or that can withstand interruptions. Spot Instances use unused Amazon EC2 computing capacity
5. Dedicated Hosts - physical servers with Amazon EC2 instance capacity that is fully dedicated to your use. Most expensive.

Question 9

Which AWS service provides scaling of computing resources?

Answer 9

Amazon EC2 Auto Scaling

Question 10

Within Amazon EC2 Auto Scaling, what are the two possible approaches?

Answer 10

1. Dynamic scaling: responds to changing demand.
2. Predictive scaling: automatically schedules the right number of Amazon EC2 instances based on predicted demand.
   It is possible to use dynamic scaling and predictive scaling together.

Question 11

What are the three parameter for an Auto Scaling Group?

Answer 11

1. Minimum capacity
2. Desired capacity (If not set, will be set equat to minimum capacity)
3. Maximum capacity

Question 12

Which is the AWS service that automatically distributes incoming application traffic across multiple resources

Answer 12

Elastic Load Balancing or ELB.
Although Elastic Load Balancing and Amazon EC2 Auto Scaling are separate services, they work together to help ensure that applications running in Amazon EC2 can provide high performance and availability

Question 13

Which are the two AWS services about messaging and queuing?

Answer 13

1. Amazon Simple Notification Service (Amazon SNS) - publish/subscribe service. Using Amazon SNS topics, a publisher publishes messages to subscribers. In Amazon SNS, subscribers can be web servers, email addresses, AWS Lambda functions, or several other options
2. Amazon Simple Queue Service (Amazon SQS) - using Amazon SQS, you can send, store, and receive messages between software components, without losing messages or requiring other services to be available. In Amazon SQS, an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue

Question 14

What is Serverless computing?

Answer 14

The term “serverless” means that your code runs on servers, but you do not need to provision or manage these servers.
Serverless computing can adjust the applications’ capacity by modifying the units of consumptions, such as throughput and memory.

Question 15

Which are the AWS basic serverless services?

Answer 15

1. AWS Lambda - is a service that lets you run code without needing to provision or manage servers. you pay only for the compute time that you consume. The code will run only when triggered on predefined events
2. Amazon Elastic Container Service (Amazon ECS) - highly scalable, high-performance container management system that enables you to run and scale containerized applications on AWS
3. Amazon Elastic Kubernetes Service (Amazon EKS) - a fully managed service that you can use to run Kubernetes on AWS

Question 16

which is a serverless compute engine for containers in AWS?

Answer 16

AWS Fargate. It is compatible with both Amazon ECS and Amazon EKS. Use cases:
1. Run and scale container workloads
2. Support AI and ML training applications
3. removes the need to manage the lifecycle of a compute infrastructure for Web apps, APIs, and microservices

Question 17

Show some examples of Auto scaling

Answer 17

1. Removing unneeded Amazon EC2 instances when demand is low
2. Adding a second Amazon EC2 instance during an online store’s popular sale
3. Automatically adjusting the number of Amazon EC2 instances to meet demand

Question 18

Which process is an example of Elastic Load Balancing?

Answer 18

Ensuring that no single Amazon EC2 instance has to carry the full workload on its own

Question 19

What are the features of ELB?

Answer 19

ELB is a regional construct in Amazon architecture

Question 20

What are the key factors for Selecting a Region?

Answer 20

1. Compliance with data governance and legal requirements
2. Proximity to your customers
3. Available services within a Region
4. Pricing

Question 21

What is an Availability zone?

Answer 21

An Availability Zone is a single data center or a group of data centers within a Region

Question 22

What is a Region in AWS?

Answer 22

A Region is a geographical area that contains AWS resources.
A Region is a separate geographical location with multiple locations that are isolated from each other.

Question 23

What is an edge location?

Answer 23

An edge location is a data center that an AWS service uses to perform service-specific operations. Amazon CloudFront uses edge locations to store cached copies of your content closer to your customers for faster delivery

Question 24

What is AWS Outposts?

Answer 24

AWS Outposts is a service that you can use to run AWS infrastructure, services, and tools in your own on-premises data center in a hybrid approach.

Question 25

In which ways is it possible to interact with AWS services?

Answer 25

1. AWS Management Console - web-based interface for accessing and managing AWS services
2. AWS Command Line Interface (AWS CLI) - AWS CLI is available for users on Windows, macOS, and Linux; is used to automate actions for AWS services and applications through scripts
3. AWS Software development kits (SDKs) - SDKs enable you to use AWS services with your existing applications or create entirely new applications that will run on AWS

Question 26

How is it possible to provision resources in AWS?

Answer 26

1. AWS Management Console
2. AWS CLI
3. AWS SDK
4. AWS Elastic Beanstalk - a service that helps you provision Amazon EC2-based environments
5. AWS CloudFormation - is an infrastructure as code tool that allows you to define a wide variety of AWS resources in a declarative way using JSON or YAML text-based documents

Question 27

Which tasks are available with AWS Elastic Beanstalk?

Answer 27

Elastic Beanstalk deploys the resources necessary to perform the following tasks:

1. Adjust capacity
2. Load balancing
3. Automatic scaling
4. Application health monitoring

Question 28

What is AWS CloudFormation?

Answer 28

AWS CloudFormation is an infrastructure as code tool

Question 29

What is an Availability zone?

Answer 29

An Availability Zone is a fully isolated portion of the AWS global infrastructure.

Question 30

What is Amazon Virtual Private Cloud (Amazon VPC)?

Answer 30

A networking service that you can use to establish boundaries around your AWS resources.

Question 31

What is an Amazon subnet?

Answer 31

A subnet is a section of a VPC that can contain resources such as Amazon EC2 instances.

Question 32

In which way traffic can access a VPC?

Answer 32

1. Internet Gateway - a connection between a VPC and the internet. Without an internet gateway, no one can access the resources within your VPC.
2. Virtual private Gateway - a component that allows protected internet traffic to enter into the VPC.
3. AWS direct Connect - AWS Direct Connect provides helps you to reduce network costs and increase the amount of bandwidth that can travel through your network.

Question 33

What is Network access control lists (ACLs) in AWS?

Answer 33

A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level.
It is stateless and allows all inbound and outbound traffic by default.

Question 34

What are Security groups in AWS?

Answer 34

A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.
It is stateful and denies all inbound and outbound traffic by default.

Question 35

What is Amazon Route 53?

Answer 35

Amazon Route 53 is a DNS web service.
It connects user requests to infrastructure running in AWS or to infrastructure outside of AWS.
It is possible to register new domain names directly in Route 53.
Ir resolves hostnames to IPs, considering the location of the point of origin.

Question 36

What are Instance stores in AWS?

Answer 36

Block-level storage volumes behave like physical hard drives. It provides temporary block-level storage for an Amazon EC2 instance. It has the same lifespan as the instance.

Question 37

What is Amazon Elastic Block Store (Amazon EBS)?

Answer 37

It is a service that provides block-level storage volumes that you can use with Amazon EC2 instances. If you stop or terminate an Amazon EC2 instance, all the data on the attached EBS volume remains available. You can take incremental backups of EBS volumes by creating Amazon EBS snapshots.

Question 38

What are Amazon EBS snapshots in AWS?

Answer 38

An EBS snapshot is an incremental backup of an EBS instance.

Question 39

What is Amazon Simple Storage Service (Amazon S3)?

Answer 39

It is a service that provides object-level storage. Amazon S3 stores data as objects in buckets. In object storage, each object consists of data, metadata, and a key. When a file in object storage is modified, the entire object is updated. The maximum file size for an object in Amazon S3 is 5 TB. It sets permissions to control visibility and access to it. You can also use the Amazon S3 versioning feature to track changes to your objects over time

Question 40

What are Amazon S3 storage classes

Answer 40

1. S3 Standard - frequently accessed data, 3 availability zones.
2. S3 Standard-Infrequent Access (S3 Standard-IA) - as Standard. Lower storage price and higher retrieval price
3. S3 One Zone-Infrequent Access (S3 One Zone-IA) - as S£ IA, but in a single Availability Zone.
4. S3 Intelligent-Tiering. If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to S3 IA, if you raise the access frequancy do the reverse. It costs a small fee for object monitored.
5. S3 Glacier - Low-cost storage designed for data archiving. Able to retrieve objects within a few minutes to hours.
6. S3 Glacier Deep Archive - Lowest-cost object storage class ideal for archiving. Able to retrieve objects within 12 hours.

Question 41

What is Amazon Elastic File System (Amazon EFS)?

Answer 41

It is a scalable file system used with AWS Cloud services and on-premises resources. Amazon EFS is a regional service. It stores data in and across multiple Availability Zones. Additionally, on-premises servers can access Amazon EFS using AWS Direct Connect.

Question 42

What is Amazon Relational Database Service (RDS)?

Answer 42

It is a service that enables you to run relational databases in the AWS Cloud. It is available on six database engines:
1. Amazon Aurora
2. PostgreSQL
3. MySQL
4. MariaDB
5. Oracle Database
6. Microsoft SQL Server

Question 43

What is Amazon Aurora?

Answer 43

It is an enterprise-class relational database. It is compatible with MySQL and PostgreSQL relational databases.It replicates six copies of your data across three Availability Zones and continuously backs up your data to Amazon S3

Question 44

What is Amazon DynamoDB?

Answer 44

It is a key-value database service. It delivers single-digit millisecond performance at any scale. DynamoDB is serverless, which means that you do not have to provision, patch, or manage servers. You also do not have to install, maintain, or operate software. As the size of your database shrinks or grows, DynamoDB automatically scales to adjust for changes in capacity while maintaining consistent performance. This makes it a suitable choice for use cases that require high performance while scaling

Question 45

What is Amazon Redshift?

Answer 45

It is a data warehousing service that you can use for big data analytics. It offers the ability to collect data from many sources and helps you to understand relationships and trends across your data.

Question 46

What is AWS Database Migration Service (AWS DMS)?

Answer 46

AWS Database Migration Service (AWS DMS) enables you to migrate relational databases, nonrelational databases, and other types of data stores. The source and target databases can be of the same type or different types. Source database remains operational.

Question 47

What are the other Amazon’s database services?

Answer 47

1. Amazon DocumentDB - is a document database service that supports MongoDB workloads
2. Amazon Neptune - is a graph database service.
3. Amazon Quantum Ledger Database (Amazon QLDB) - is a ledger database service
4. Amazon Managed Blockchain - is a service that you can use to create and manage blockchain networks with open-source frameworks.
5. Amazon ElastiCache - is a service that adds caching layers on top of your databases to help improve the read times of common requests (Redis and Memcached).
6. Amazon DynamoDB Accelerator - Amazon DynamoDB Accelerator (DAX) is an in-memory cache for DynamoDB.

Question 48

What does it mean shared responsibility model?

Answer 48

AWS is responsible for security of the cloud:
1. AWS is responsible for protecting the global infrastructure; this includes AWS Regions, Availability Zones, and edge locations.
2. AWS manages the security of the physical infrastructure that hosts your resources, which include:
- Physical security of data centers
- Hardware and software infrastructure
- Network infrastructure
- Virtualization infrastructure
Customers are responsible for the security of everything that they create and put in the AWS Cloud.

Question 49

What are the basic features of the AWS Identity and Access Management (IAM)?

Answer 49

1. IAM users, groups, and roles.
   - An IAM user is an identity that you create in AWS. By default, when you first create an AWS account, you begin with an identity known as the root user.
   - An IAM group is a collection of IAM users. all users in the group are granted permissions specified by the policy.
   - An IAM role is an identity that you can assume to gain temporary access to permissions.
2. IAM policies. An IAM policy is a document that allows or denies permissions to AWS services and resources.
3. Multi-factor authentication. It is an extra layer of security for your AWS account.

Question 50

What is the AWS Artifact service?

Answer 50

It is a service that provides on-demand access to AWS security and compliance reports and select online agreements. AWS Artifact consists of two main sections: AWS Artifact Agreements and AWS Artifact Reports.
- AWS artifact Agreements is used in case your company needs to sign an agreement with AWS regarding your use of certain types of information throughout AWS services.
- AWS Artifact Reports provide compliance reports from third-party auditors.

Question 51

What is AWS Shield?

Answer 51

It Is a service that exists in two versions:
Standard: automatically protects all AWS customers at no cost. It protects your AWS resources from the most common, frequently occurring types of DDoS attacks.
Advanced: is a paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks.

Question 52

What is AWS Key Management Service (AWS KMS)?

Answer 52

It Is a service that enables you to perform encryption operations through the use of cryptographic keys. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

Question 53

What is AWS WAF?

Answer 53

It is a web application firewall that lets you monitor network requests that come into your web applications. AWS WAF works together with Amazon CloudFront and an Application Load Balancer.

Question 54

What is Amazon Inspector?

Answer 54

Amazon Inspector helps to improve the security and compliance of applications by running automated security assessments. It checks applications for security vulnerabilities and deviations from security best practices.

Question 55

What is Amazon GuardDuty?

Answer 55

Amazon GuardDuty is a service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.

Question 56

What is Amazon Cloud Watch?

Answer 56

Amazon CloudWatch is a web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics.

Question 57

What is Amazon CloudTrail?

Answer 57

AWS CloudTrail records API calls for your account. Within CloudTrail, you can also enable CloudTrail Insights. This optional feature allows CloudTrail to automatically detect unusual API activities in your AWS account.

Question 58

Which tasks can you perform using AWS CloudTrail?

Answer 58

Track user activities and API requests throughout your AWS infrastructure
Filter logs to assist with operational analysis and troubleshooting

Question 59

What is AWS Trusted Advisor

Answer 59

AWS Trusted Advisor is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices.

Question 60

Which actions can you perform using Amazon CloudWatch?

Answer 60

Access metrics from a single dashboard
Monitor your resources’ utilization and performance

Question 61

Which categories are included in the AWS Trusted Advisor dashboard?

Answer 61

Trusted Advisor compares its findings to AWS best practices in five categories: cost optimization, performance, security, fault tolerance, and service limits

Question 62

What are the AWS pricing principles?

Answer 62

Pay for what you use.
Pay less when you reserve
Pay less with volume based discounts when you use more

Question 63

What are the different AWS support plans?

Answer 63

Basic
Developer
Business
Enterprise On-Ramp
Enterprise

Question 64

AWS Cloud Adoption Framework (AWS CAF) organizes guidance into six areas of focus, called Perspectives. What are?

Answer 64

In general, the Business, People, and Governance Perspectives focus on business capabilities, whereas the Platform, Security, and Operations Perspectives focus on technical capabilities.

Question 65

What are the AWS strategies for migration?

Answer 65

Rehosting
Replatforming
Refactoring/re-architecting
Repurchasing
Retaining
Retiring

Question 66

What is AWS Snow Family?

Answer 66

The AWS Snow Family is a collection of physical devices that help to physically transport up to exabytes of data into and out of AWS.

AWS Snow Family is composed of AWS Snowcone, AWS Snowball, and AWS Snowmobile.

Question 67

What are the pillars of the AWS Well-Architected Framework helps you understand how to design and operate reliable, secure, efficient, and cost-effective systems in the AWS Cloud

Answer 67

The Well-Architected Framework is based on six pillars:

Operational excellence
Security
Reliability
Performance efficiency
Cost optimization
Sustainability

Question 68

What are the advantages of cloud computing?

Answer 68

Trade upfront expense for variable expense.
Benefit from massive economies of scale.
Stop guessing capacity.
Increase speed and agility.
Stop spending money running and maintaining data centers.
Go global in minutes.

Question 69

What is AWS cloud formation?

Answer 69

It’s a service that helps you model
and set up your AWS resources
so that you can spend less time managing those resources
and more time focusing on your applications that run in AWS.

Question 70

What’s a data lake?

Answer 70

It’s an architectural approach to allow you to store massive amounts of data in a centralized location so that it’s readily available to be categorized, processed, analyzed, and consumed by a whole bunch of different diverse groups within your organization.

Question 71

Which AWS services are global?

Answer 71

IAM
Route53
CloudFront
SNS
SES

Question 72

Which AWS services can be used on premise?

Answer 72

AWS Snowball
AWS Snowball Edge
Storage Gateway
CodeDeploy
Opsworks
IoT Greengrass

Question 73

Which AWS services can be used to deploy applications on premise?

Answer 73

CodeDeploy
Opsworks

Question 74

What is AWS System Manager?

Answer 74

AWS System Manager can be used to manage fleets of EC2 instances & virtual machines.
A piece of software is installed on each VM
Can be both inside AWS and on premise.

Question 75

What are the AWS free services?

Answer 75

Amazon VPC,
Elastic Beanstalk,
CloudFormation,
Identity Access Management,
Auto Scaling,
Opsworks,
Consolidated Billing

Question 76

A small startup is configuring its AWS cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group?

Answer 76

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

Question 77

In Identity and Access Management, which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS?

Answer 77

A Principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.

Question 78

After configuring your VPC and all of the resources within it, you want to add an extra layer of security at the subnet level. Which will you use to add this security?

Answer 78

A network access control list (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups to add an additional layer of security to your VPC.

Question 79

Which policy will provide information on performing penetration testing on your EC2 instances?

Answer 79

Customer Service Policy for Penetration Testing

AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for Amazon EC2 instances, NAT Gateways, Elastic Load Balancers, and other 7 services.

Question 80

Your company has recently migrated large amounts of data to the AWS cloud in S3 buckets. But it is necessary to discover and protect the sensitive data in these buckets. Which AWS service can do that?

Answer 80

Amazon Macie

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.

Question 81

You are working with IAM and need to attach policies to users, groups, and roles. Which will you be attaching these policies to?

Answer 81

Identities

Identities are the IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles.

Question 82

You are trying out AWS on a trial basis and need to deploy an application without having to configure servers. Which AWS service can you use?

Answer 82

You are trying out AWS on a trial basis and need to deploy an application without having to configure servers. Which AWS service can you use?

Question 83

You have been tasked with developing a plan to move applications to AWS and use AWS services to house code, build, and deploy these applications. Which AWS service will allow you to host Git-based repositories?

Answer 83

AWS CodeCommit

AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.

Question 84

After experiencing unusual behavior in your AWS account, you need to determine if there are any issues with AWS that may be affecting your account. What section of the AWS portal helps you to inspect account alerts and find remediation guidance for your account?

Answer 84

AWS Personal Health Dashboard

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

Question 85

AWS Personal Health Dashboard

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

Answer 85

On-Demand

This is not a long enough term to make reserved instances the better option. Plus, the application can’t be interrupted, which rules out spot instances.

Question 86

You have many database backups that you need to store for an indefinite amount of time. If the backups are ever needed, they just need to be retrieved within 6 hours. What is the lowest cost solution for this scenario?

Answer 86

Amazon Glacier Flexible Retrieval

Amazon Glacier Flexible Retrieval (formerly Amazon S3 Glacier) provides the lowest cost option for long-term storage and is perfectly suited for this scenario. The backups would not need to be retrieved quickly, so Glacier Flexible Retrieval is the best option.

Question 87

You have a short term computing task to complete. It is essential that this task run uninterrupted from start to finish. Which is the best EC2 option for this task?

Answer 87

On-Demand Instance

It is a short term project, which rules out reserved instances, and it has to run uninterrupted, which rules out spot instances. With On-Demand instances, you pay for compute capacity by the hour or the second, depending on which instances you run. No longer-term commitments or upfront payments are needed. You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified per hourly rates for the instance you use.