AWS Cloud Practitioner (Pool 2/3) Flashcards

1
Q

Which AWS services can be used to store files? Choose 2 answers from the options given below:

A) Amazon CloudWatch
B) Amazon Simple Storage Service (S3)
C) Amazon Elastic Block Store (Amazon EBS)
D) AWS Config
E) Amazon Athena
A

B) Amazon Simple Storage Service (S3)
C) Amazon Elastic Block Store (Amazon EBS)

Amazon S3 is object storage built to store and retrieve any amount of data from anywhere – web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry.

For more information on the Simple Storage Service, please refer to the below URL: https://aws.amazon.com/s3/

Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability.

For more information on Amazon EBS, please refer to the below URL: https://aws.amazon.com/ebs/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following services uses AWS edge locations?

A) Amazon Virtual Private Cloud (Amazon VPC)
B) Amazon CloudFront
C) Amazon Elastic Cloud Compute (Amazon EC2)
D) AWS Storage Gateway

A

B) Amazon CloudFront

Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations.

For more information on Amazon CloudFront, please refer to the below URL: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is a benefit of Amazon Elastic Compute Cloud (Amazon EC2) over physical servers?

A) Automated Backup
B) Paying for only what you use
C) The ability to chose hardware vendors
D) Root /administrator access

A

B) Paying for only what you use

One of the advantages of EC2 Instances is the per second billing concept. This is given in the AWS documentation also With per-second billing, you pay for only what you use. It takes cost of unused minutes and seconds in an hour off of the bill, so you can focus on improving your applications instead of maximizing usage to the hour. Especially, if you manage instances running for irregular periods of time, such as dev/testing, data processing, analytics, batch processing and gaming applications, can benefit.

For more information on EC2 Pricing, please refer to the below URL: https://aws.amazon.com/ec2/pricing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which AWS service provides infrastructure security optimization recommendations?

A) AWS Price List Application Programming Interface (API)
B) Reserved Instances
C) AWS Trusted Advisor
D) Amazon Elastic Compute Cloud (Amazon EC2) Spot Fleet

A

C) AWS Trusted Advisor

An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment, Trusted Advisor provides real time guidance to help you provision your resources following AWS best practices.

For more information on the AWS Trusted Advisor, please refer to the below URL: https://aws.amazon.com/premiumsupport/trustedadvisor/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which service allows for the collection and tracking of metrics for AWS services?

A) Amazon CloudFront
B) Amazon CloudSearch
C) Amazon CloudWatch
D) Amazon Machine Learning (Amazon ML)

A

C) Amazon CloudWatch

Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.

For more information on AWS CloudWatch, please refer to the below URL: https://aws.amazon.com/cloudwatch/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A company needs to know which user was responsible for terminating several critical Amazon Elastic Compute Cloud (Amazon EC2) Instances. Where can the customer find this information?

A) AWS Trusted Advisor
B) Amazon EC2 instance usage report
C) Amazon CloudWatch
D) AWS CloudTrail logs

A

C) Amazon CloudWatch

Using CloudWatch trail , one can monitor all the API activity conducted on all AWS services. The AWS Documentation additionally mentions the following AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

For more information on AWS Cloudtrail, please refer to the below URL: https://aws.amazon.com/cloudtrail/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which service should an administrator use to register a new domain name with AWS?

A) Amazon Route 53
B) Amazon CloudFront
C) Elastic Load Balancing
D) Amazon Virtual Private Cloud (Amazon VPC)

A

A) Amazon Route 53

Route53 allows for registration of new domain names in AWS The AWS Documentation additionally mentions the following Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well.

For more information on AWS Route53, please refer to the below URL: https://aws.amazon.com/route53/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the value of having AWS Cloud services accessible through an Application Programming Interface (API)?

A) Cloud resources can be managed programmatically
B) AWS will always use be cost-optimized
C) All Application testing is managed by AWS
D) Customer-owned, On-premise infrastructure becomes programmable

A

A) Cloud resources can be managed programmatically

It allows developers to easily work with the various AWS resources programmatically.

For more information on the various programming tools available for AWS, please refer to the below URL: https://aws.amazon.com/tools/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following examples supports the cloud design principle “design for failure and nothing will fail’’?

A) Adding an Elastic Load Balancer in front of a Single Amazon Elastic Cloud Compute (Amazon EC2) instance
B) Creating and deploying the most cost-effective solution
C) Deploying an Application in multiple Availability Zones
D) Using Amazon CloudWatch alerts to monitor performance

A

C) Deploying an Application in multiple Availability Zones

Each AZ is a set of one or more data centers. By deploying your AWS resources to multiple Availability zones , you are designing with failure with mind. So if one AZ were to go down , the other AZ’s would still be up and running and hence your application would be more fault tolerant.

For more information on AWS Regions and AZ’s, please refer to the below URL: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which service allows an administrator to create and modify AWS user permissions?

A) AWS Config
B) AWS CloudTrail
C) AWS Key Management Service (AWS KMS)
D) AWS Identity and Access Management (IAM)

A

D) AWS Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

For more information on AWS IAM, please refer to the below URL: http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which AWS service automates infrastructure provisioning and administrative tasks for an analytical data warehouse?

A) Amazon Redshift
B) Amazon DynamoDB
C) Amazon ElastiCache
D) Amazon Aurora

A

A) Amazon Redshift

Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers.

For more information on AWS Redshift, please refer to the below URL: http://docs.aws.amazon.com/redshift/latest/mgmt/welcome.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which tool can display the distribution of AWS spending?

A) AWS Organizations
B) Amazon Dev Pay
C) Amazon Trusted Advisor
D) AWS Cost Explorer

A

D) AWS Cost Explorer

Cost Explorer is a free tool that you can use to view your costs. You can view data up to the last 13 months, forecast how much you are likely to spend for the next three months, and get recommendations for what Reserved Instances to purchase. You can use Cost Explorer to see patterns in how much you spend on AWS resources over time, identify areas that need further inquiry, and see trends that you can use to understand your costs. You also can specify time ranges for the data, and view time data by day or by month.

For more information on the AWS Cost Explorer, please refer to the below URL: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-explorer-what-is.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can the AWS Management Console be secured against unauthorized access?

A) Apply Multi-Factor Authentication (MFA)
B) Set up a Secondary Password
C) Request root access privileges
D) Disable AWS Console access

A

A) Apply Multi-Factor Authentication (MFA)

AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password.

For more information on the AWS MFA, please refer to the below URL: https://aws.amazon.com/iam/details/mfa/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which AWS Cloud service is used to turn on Multi-Factor Authentication (MFA)?

A) AWS Identity and Access Management (IAM)
B) Amazon Elastic Compute Cloud (Amazon EC2)
C) AWS Config
D) Amazon Inspector

A

A) AWS Identity and Access Management (IAM)

You can use IAM in the AWS Management Console to enable a virtual MFA device for an IAM user in your account.

For more information on enabling AWS MFA, please refer to the below URL: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.htm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A disaster recovery strategy on AWS should be based on launching infrastructure in a separate:

A) Subnet
B) AWS Region
C) AWS Edge location
D) Amazon Virtual Cloud (Amazon VPC)

A

B) AWS Region

Businesses are using the AWS cloud to enable faster disaster recovery of their critical IT systems without incurring the infrastructure expense of a second physical site. The AWS cloud supports many popular disaster recovery (DR) architectures from “pilot light” environments that may be suitable for small customer workload data center failures to “hot standby” environments that enable rapid failover at scale. With data centers in Regions all around the world, AWS provides a set of cloud-based disaster recovery services that enable rapid recovery of your IT infrastructure and data.

For more information on enabling AWS Disaster Recovery, please refer to the below URL: https://aws.amazon.com/disaster-recovery/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is a factor when calculating Total Cost of Ownership (TCO) for the AWS Cloud?

A) The number of servers migrated to AWS
B) The number of users migrated to AWS
C) The number of passwords migrated to AWS
D) The number of keys migrated to AWS

A

A) The number of servers migrated to AWS

Since EC2 Instances carry a charge when they are running, you need to factor in the number of servers that need to be migrated to AWS.

For more information on AWS TCO, please refer to the below URL: https://aws.amazon.com/blogs/aws/the-new-aws-tco-calculator/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which AWS service is used as a global content delivery network (CDN) service in AWS?

A) Amazon SES
B) Amazon CloudTrail
C) Amazon CloudFront
D) Amazon S3

A

C) Amazon CloudFront

Amazon CloudFront is a web service that gives businesses and web application developers an easy and cost effective way to distribute content with low latency and high data transfer speeds. Like other AWS services, Amazon CloudFront is a self-service, pay-per-use offering, requiring no long term commitments or minimum fees. With CloudFront, your files are delivered to end-users using a global network of edge locations.

For more information on CloudFront, please visit the Link: https://aws.amazon.com/cloudfront/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following is a fully managed NoSQL database service available with AWS?

A) Amazon RDS
B) Amazon DynamoDB
C) Amazon Redshift
D) Amazon MongoDB

A

B) Amazon DynamoDB

Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models. Its flexible data model, reliable performance, and automatic scaling of throughput capacity, makes it a great fit for mobile, web, gaming, ad tech, IoT, and many other applications.

For more information on DynamoDB, please visit the Link: https://aws.amazon.com/dynamodb/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A company wants to store data that is not frequently accessed. What is the best and most cost efficient solution that should be considered?

A) Amazon Storage Gateway
B) Amazon Glacier
C) Amazon EBS
D) Amazon S3

A

B) Amazon Glacier

Amazon Glacier is a secure, durable, and extremely low-cost cloud storage service for data archiving and long-term backup. It is designed to deliver 99.999999999% durability, and provides comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements.

For more information on Amazon Glacier, please visit the Link: https://aws.amazon.com/glacier/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You are currently hosting infrastructure and most of the EC2 instances are near 90 – 100% utilized. What type of EC2 instances would you utilize to ensure costs are minimized?

A) Reserved Instances
B) On-Demand Instances
C) Spot Instances
D) Regular Instances

A

A) Reserved Instances

When you have instances that will be used continuously and throughout the year, the best option is to buy reserved instances. By buying reserved instances, you are actually allocated an instance for the entire year or the duration you specify with a reduced cost.

For more information on Reserved Instances, please visit the Link: https://aws.amazon.com/ec2/pricing/reserved-instances/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the ability provided by AWS to enable fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket?

A) File Transfer
B) HTTP Transfer
C) Transfer Acceleration
D) Transfer S3

A

C) Transfer Acceleration

Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

For more information on Reserved Instances, please visit the Link: http://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

As per the AWS Acceptable Use Policy, penetration testing of EC2 instances:

A) May be performed by AWS, and will be performed by AWS upon customer request
B) May be performed by AWS, and is periodically performed by AWS
C) Are expressly prohibited under all circumstances
D) May be perfumed by the customer on their own instances with prior authorization from AWS
E) May be perfumed by the customer on their own instances only if performed by EC2 instances.

A

D) May be perfumed by the customer on their own instances with prior authorization from AWS

You need to take prior authorization from AWS before doing a penetration test on EC2 Instances.

Please refer to the below URL for more details. https://aws.amazon.com/security/penetration-testing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

The Trusted Advisor service provides insight regarding which four categories of an AWS account?

A) Security, Fault Tolerance, High Availability and Connectivity
B) Security, Access Control, High Availability and Performance
C) Performance, Cost Optimization, Security and Fault Tolerance
D) Performance, Cost Optimization, Access Control and Connectivity

A

C) Performance, Cost Optimization, Security and Fault Tolerance

Screenshot in below AWS Doc shows what services the Trusted Advisor Dashboard offers.

For more information on the AWS Trusted Advisor, please visit the Link: https://aws.amazon.com/premiumsupport/trustedadvisor/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A company is deploying a two-tier, highly available web application to AWS. Which service provides durable storage for static content while utilizing lower Overall CPU resources for the web tier?

A) Amazon EBS volume
B) Amazon S3
C) Amazon EC2 instance store
D) Amazon RDS instance.

A

B) Amazon S3

Amazon S3 is the default storage service that should be considered for companies. If provides durable storage for all static content.

For more information on AWS S3, please visit the Link: https://aws.amazon.com/s3/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What best describes the “Principal of Least Privilege”? Choose the correct answer from the options given below?

A) All users should have the same baseline permissions granted to them to use basic AWS services
B) Users should be granted permission to access only the resources they need to do their assigned job
C) Users should submit all access requests in written so that there is a paper trail of who needs access to different AWS resources
D) Users should always have a little more access granted to them than they need, just in case they end up needing it in the future

A

B) Users should be granted permission to access only the resources they need to do their assigned job

The principle means giving a user account only those privileges which are essential to perform its intended function. For example, a user account for the sole purpose of creating backups does not need to install software: hence, it has rights only to run backup and backup-related applications.

For more information on principle of least privilege, please refer to the following Link: https://en.wikipedia.org/wiki/Principle_of_least_privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the below mentioned services can be used to host virtual servers in the AWS Cloud?

A) AWS IAM
B) AWS Server
C) AWS EC2
D) AWS Regions

A

C) AWS EC2

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

For more information on AWS EC2, please refer to the following Link: https://aws.amazon.com/ec2/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following can be used to protect EC2 Instances hosted in AWS. Choose 2 answers from the options given below?

A) Usage of Security Groups
B) Usage of AMI’s
C) Usage of Network Access Control List
D) Usage of the Internet Gateway

A

A) Usage of Security Groups
C) Usage of Network Access Control List

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic

For more information on Security Groups, please refer to the following Link: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

For more information on Network Access Control Lists, please refer to the following Link: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

28
Q

You work for a company that is planning on using the AWS EC2 service. They currently create golden images of their deployed Operating system. Which of the following correspond to a golden image in AWS?

A) EBS Volumes
B) EBS Snapshots
C) Amazon Machine Images
D) EC2 Copies

A

C) Amazon Machine Images

An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.

For more information on Amazon Machine Images, please refer to the following Link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html

29
Q

You are developing and planning deployment of an application onto the AWS Cloud. This application needs to be PCI Compliant. Which of the below steps would you carry out to ensure the compliance is met for the application. Choose 2 answers from below:

A) Choose AWS services which are PCI compliant
B) Ensure the right steps are take during application development for PCI compliance
C) Ensure the AWS services are made PCI compliant
D) Do an audit after the deployment of the application for PCI compliance.

A

A) Choose AWS services which are PCI compliant
B) Ensure the right steps are take during application development for PCI compliance

The snapshot from the AWS Documentation mentions that some of the AWS services are already PCI compliant. This list should be checked when designing the application.

For more information on PCI Compliance and AWS, please refer to the following Link: https://aws.amazon.com/compliance/pci-dss-level-1-faqs/

30
Q

Which of the below can be used to get data onto Amazon Glacier? Choose 3 answers from the options given below:

A) AWS Glacier API
B) AWS Console
C) AWS Glacier SDK
D) AWS S3 Lifecycle Policies

A

A) AWS Glacier API
C) AWS Glacier SDK
D) AWS S3 Lifecycle Policies

Note that the AWS Console cannot be used to upload data onto Glacier. The console can only be used to create a Glacier vault which can be used to upload the data.

For more information on uploading data onto Glacier, please refer to the following Link:

31
Q

Which of the following in the AWS Support plans gives access to a Support Concierge?

A) Basic
B) Developer
C) Business
D) Enterprise

A

D) Enterprise

Only the Enterprise support plan fits this requirement.

For more information on the support plans, please refer to the following Link: https://aws.amazon.com/premiumsupport/compare-plans/

32
Q

A company is planning to use AWS to host critical resources. Most of their systems are business critical and need to have response times less than 15 minutes. Which of the following support plans should they consider?

A) Basic
B) Developer
C) Business
D) Enterprise

A

D) Enterprise

Only the Enterprise support plan fits this requirement.

For more information on the support plans, please refer to the following Link: https://aws.amazon.com/premiumsupport/compare-plans/

33
Q

Which of the following is NOT a feature of an edge location?

A) Distribute content to users
B) Cache common responses
C) Distribute load across multiple resources
D) Used in conjunction with other CloudFront services

A

C) Distribute load across multiple resources

The Edge location does not do the job of distributing load. It is used in conjunction with the CloudFront service to cache the objects and deliver content.

For more information on CloudFront and Edge locations, please refer to the following Link: https://aws.amazon.com/cloudfront/details/

34
Q

There is a requirement for storage of objects. The objects should be able to be downloaded via a URL. Which storage option would you choose?

A) Amazon S3
B) Amazon Glacier
C) Amazon Internet Gateway
D) Amazon EBS

A

A) Amazon S3

Amazon S3 is the perfect storage option. It also provides the facility of assigning a URL to each object which can be used to download the object.

For more information on AWS S3, please visit the Link: https://aws.amazon.com/s3/

35
Q

There is a requirement to host a database server for a minimum period of one year. Which of the following would result in the least cost?

A) Spot instances
B) On-Demand
C) No upfront costs Reserved
D) Partial upfront costs Reserved

A

D) Partial upfront costs Reserved

If the database is going to be used for a minimum of one year at least , then it is better to get Reserved Instances. You can save on costs , and if you use a partial upfront options , you can get a better discount.

For more information on AWS Reserved Instances, please visit the Link: https://aws.amazon.com/ec2/pricing/reserved-instances/

36
Q

There is a requirement for a development and test environment for 3 months. Which would you use?

A) Spot instances
B) On-Demand
C) No upfront costs Reserved
D) Partial upfront costs Reserved

A

B) On-Demand

Since the requirement is just for 3 months, then the best cost effective option is to use On-Demand Instances.

For more information on AWS On-Demand Instances pricing, please visit the Link: https://aws.amazon.com/ec2/pricing/on-demand/

37
Q

When creating security groups, which of the following is a responsibility of the customer. Choose 2 answers from the options given below:

A) Giving a name and description for the Security Group
B) Defining the rules as per the customer requirement
C) Ensure the rules are applied immediately
D) Ensure the Security Groups are linked to the Elastic Network Interface

A

A) Giving a name and description for the Security Group
B) Defining the rules as per the customer requirement

When you define security rules for EC2 Instances, you give a name, description and write the rules for the security group.

For more information on AWS Security Groups , please visit the Link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.htm

38
Q

Which of the following are advantages of having infrastructure hosted on the AWS Cloud? Choose 2 answers from the options given below:

A) Having complete control over the physical infrastructure
B) Having the pay as you go model
C) No upfront costs
D) Having no need to worry about security

A

B) Having the pay as you go model
C) No upfront costs

The Physical infrastructure is a responsibility of AWS and not with the customer. Hence it is not an advantage of moving to the AWS Cloud. And AWS provides security mechanisms, but even the responsibility of security lies with the customer.

39
Q

There is an external audit being carried out on your company. The IT auditor needs to have a log of all access to the AWS resources in the company’s account. Which of the below services can assist in providing these details?

A) AWS CloudWatch
B) AWS CloudTrail
C) AWS EC2
D) AWS SNS

A

B) AWS CloudTrail

Using CloudTrail, you can monitor all the API activity conducted on all AWS services. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

40
Q

Which of the following features of RDS allows for data redundancy across regions?

A) Cross region replication
B) Creating Read Replicas
C) Using Snapshots
D) Using Multi-AZ feature

A

B) Creating Read Replicas

One can use the Read Replica feature of the database to ensure the data is replicated to another region. For more information on an example of Read Replica’s , please refer to the below URL: https://aws.amazon.com/blogs/aws/cross-region-read-replicas-for-amazon-rds-for-mysql/

41
Q

Your company has a set of EC2 Instances hosted in AWS. There is a requirement to create snapshots from the EBS volumes attached to these EC2 Instances in another geographical location. As per this requirement , where would you create the snapshots?

A) In another Availability Zone
B) In another Data Center
C) In another Region
D) In another Edge location

A

C) In another Region

Regions correspond to different geographic locations in AWS.

For more information on Regions and Availability Zones in AWS, please refer to the below URL: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html

42
Q

A company wants to host a self-managed database in AWS. How would you ideally implement this solution?

A) Using the DynamoDB service
B) Using the AWS RDS service
C) Hosting a database on an EC2 instance
D) Using the Amazon Aurora service

A

C) Hosting a database on an EC2 instance

If you want a self-managed database, that means you want complete control over the database engine and the underlying infrastructure. In such a case you need to host the database on an EC2 Instance.

For more information on EC2 Instances, please refer to the below URL: https://aws.amazon.com/ec2/

43
Q

Which of the following is a compatible MySQL database which also has the ability to grow in storage size on its own?

A) Aurora
B) DynamoDB
C) RDS Microsoft SQL Server
D) RDS MySQL

A

A) Aurora

Amazon Aurora (Aurora) is a fully managed, MySQL- and PostgreSQL-compatible, relational database engine. It combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. It delivers up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications.

For more information on Amazon Aurora, please refer to the below URL: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Overview.html

44
Q

Which of the following statements are TRUE when it comes to elasticity. Choose 2 answers from the options given below:

A) Diverting traffic to instances based upon demand
B) Diverting traffic to instances with the least load
C) Diverting traffic across multiple regions
D) Diverting traffic to instances with higher capacity

A

A) Diverting traffic to instances based upon demand
B) Diverting traffic to instances with the least load

The concept of Elasticity is the means of an application having the ability to scale up and scale down based on demand. An example of such a service is the Autoscaling service.

For more information on AWS Autoscaling service, please refer to the below URL: https://aws.amazon.com/autoscaling/

45
Q

Which of the following is the concept of the Elastic Load Balancer?

A) To distribute traffic to multiple EC2 instances
B) To scale up EC2 instances
C) To distribute traffic to AWS resources across multiple regions
D) To increase the size of the EC2 instance based upon demand

A

A) To distribute traffic to multiple EC2 instances

A load balancer distributes incoming application traffic across multiple EC2 instances in multiple Availability Zones. This increases the fault tolerance of your applications. Elastic Load Balancing detects unhealthy instances and routes traffic only to healthy instances.

For more information on the Elastic Load Balancer service, please refer to the below URL: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/introduction.html

46
Q

Which of the following is the concept of Autoscaling?

A) To scale up resources based on demand
B) To distribute traffic to multiple EC2 instances
C) To distribute traffic to AWS resources across multiple regions
D) To increase the size of the EC2 instance based on demand

A

A) To scale up resources based on demand

AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it’s easy to setup application scaling for multiple resources across multiple services in minutes.

For more information on the Auto Scaling service, please refer to the below URL: https://aws.amazon.com/autoscaling/

47
Q

Which of the following is used to derive the costs for moving artefacts from on-premise to AWS?

A) AWS TCO Calculator
B) AWS Config
C) AWS Cost Explorer
D) AWS Consolidated Billing

A

A) AWS TCO Calculator

Use this calculator to compare the cost of running your applications in an on-premises or colocation environment to AWS. Describe your on-premises or colocation configuration to produce a detailed cost comparison with AWS.

For more information on the TCO Calculator, please refer to the below URL: https://awstcocalculator.com/

48
Q

Which of the following is the responsibility of the customer when ensuring that data on EBS volumes is left safe?

A) Deleting the data when the device is destroyed
B) Creating EBS Snapshots
C) Attaching volumes to EC2 instances
D) Creating copies of EBS volumes

A

B) Creating EBS Snapshots

Creating snapshots of EBS Volumes can help ensure that you have a backup of your EBS volume in place.

For more information on EBS Snapshots, please refer to the below URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html

49
Q

Which of the following can be used to call AWS services from programming languages?

A) AWS SDK
B) AWS Console
C) AWS CLI
D) AWS IAM

A

A) AWS SDK

The AWS SDK can be plugged in for various programming languages. Using the SDK you can then call the required AWS services.

For more information on the various tools available in AWS, please refer to the below URL: https://aws.amazon.com/tools/

50
Q

Which of the following is the secure way of using AWS API to call AWS services from EC2 Instances?

A) IAM Users
B) IAM Roles
C) IAM Groups
D) IAM Policies

A

B) IAM Roles

The AWS Documentation mentions the following An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials (password or access keys) associated with it. Instead, if a user assumes a role, temporary security credentials are created dynamically and provided to the user.

For more information on IAM Roles, please refer to the below URL: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

51
Q

Which of the following are 2 ways that AWS allows linking of accounts:

A) Consolidated Billing
B) AWS Organizations
C) Cost Explorer
D) IAM

A

A) Consolidated Billing
B) AWS Organizations

You can use the consolidated billing feature in AWS Organizations to consolidate payment for multiple AWS accounts or multiple AISPL accounts. With consolidated billing, you can see a combined view of AWS charges incurred by all of your accounts. You also can get a cost report for each member account that is associated with your master account. Consolidated billing is offered at no additional charge.

For more information on Consolidated billing, please refer to the below URL: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

52
Q

Which of the following helps in DDos protection. Choose 2 answers from the options given below:

A) CloudFront
B) AWS Shield
C) AWS EC2
D) AWS Config

A

A) CloudFront
B) AWS Shield

DDoS attacks One of the first techniques to mitigate DDoS attacks is to minimize the surface area that can be attacked thereby limiting the options for attackers and allowing you to build protections in a single place. We want to ensure that we do not expose our application or resources to ports, protocols or applications from where they do not expect any communication. Thus, minimizing the possible points of attack and letting us concentrate our mitigation efforts. In some cases, you can do this by placing your computation resources behind Content Distribution Networks (CDNs) or Load Balancers and restricting direct Internet traffic to certain parts of your infrastructure like your database servers. In other cases, you can use firewalls or Access Control Lists (ACLs) to control what traffic reaches your applications.

For more information on DDos attack prevention, please refer to the below URL: https://aws.amazon.com/shield/ddos-attack-protection/

53
Q

Which of the following services can be used as a web application firewall in AWS?

A) AWS EC2
B) AWS WAF
C) AWS Firewall
D) AWS Protection

A

B) AWS WAF

AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront or an Application Load Balancer. AWS WAF also lets you control access to your content.

For more information on AWS WAF, please refer to the below URL: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html

54
Q

You want to add an extra layer of protection to the current authentication mechanism of user names and passwords for AWS. Which of the following can help in this regard?

A) Using Password Policies
B) Using a mix of User Names
C) Using AWS WAF
D) Using MFA

A

D) Using MFA

AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their user name and password (the first factor—what they know), as well as for an authentication code from their AWS MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.

For more information on AWS MFA, please refer to the below URL: https://aws.amazon.com/iam/details/mfa/

55
Q

Which of the following disaster recovery deployment mechanisms that has the lowest downtime?

A) Pilot Light
B) Warm standby
C) Backup & Restore
D) Devops

A

B) Warm standby

The snapshot from the AWS Documentation shows the spectrum of the Disaster recovery methods. If you go to the further end of the spectrum you have the least time for downtime for the users.

For more information on Disaster recovery techniques, please refer to the below URL: https://aws.amazon.com/blogs/aws/new-whitepaper-use-aws-for-disaster-recovery/

56
Q

Which of the following services in AWS allows for object level storage on the cloud?

A) Amazon EBS
B) Amazon Storage Gateway
C) Amazon S3
D) Amazon SQS

A

C) Amazon S3

Amazon S3 is object storage built to store and retrieve any amount of data from anywhere – web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry.

For more information on Amazon S3, please refer to the below URL: https://aws.amazon.com/s3/

57
Q

Which of the following is the responsibility of the AWS customer according to the Shared Security Model?

A) Managing Amazon Identity and Access Management (IAM)
B) Securing Edge locations
C) Managing physical device security
D) Implementing Service Organization Control (SOC) standards

A

A) Managing Amazon Identity and Access Management (IAM)

The responsibility of managing the various permissions of users and the roles and permission is with the AWS customer.

For more information on AWS Shared Responsibility Model, please refer to the below URL: https://aws.amazon.com/compliance/shared-responsibility-model/

58
Q

Where can a customer go to get more detail about Amazon Elastic Compute Cloud (Amazon EC2) billing activity that took place 3 month ago?

A) Amazon EC2 dashboard
B) AWS Cost and Usage reports
C) AWS Trusted Advisor dashboard
D) AWS CloudTrail logs stored in Amazon Simple Storage Service (Amazon S3)

A

B) AWS Cost and Usage reports

AWS Cost Reports Cost Explorer is a free tool that you can use to view your costs. You can view data up to the last 13 months, forecast how much you are likely to spend for the next three months, and get recommendations for what Reserved Instances to purchase.

For more information on AWS Cost Reports, please refer to the below URL: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-explorer-what-is.html

59
Q

Who has control of the data in an AWS account?

A) AWS Support Team
B) AWS Account Owner
C) AWS Security Team
D) AWS Technical Account Manager (TAM)

A

B) AWS Account Owner

The entire of control of data within an AWS account is with the Account Owner.

For more information on AWS Account identifiers, please refer to the below URL: http://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html

60
Q

The main benefit of decoupling an application is to:

A) Create a tightly integrated application
B) Reduce inter-dependencies so failures do not impact other components
C) Enable data synchronisation across the web application layer.
D) Have the ability to execute automated bootstrapping actions.

A

B) Reduce inter-dependencies so failures do not impact other components

The entire concept of decoupling components is to ensure that the different components of an applications can be managed and maintained separately. If all components are tightly coupled then when one component goes down , the entire application would do down. Hence it is always a better design practice to decouple application components.

For more information on a decoupled architecture, please refer to the below URL: http://whatis.techtarget.com/definition/decoupled-architecture

61
Q

Which of the following is a benefit of running an application across two Availability Zones?

A) Performance is improved over running in a single Availability Zone
B) It is more secure than running in a single Availability Zone
C) It significantly reduces the total cost of ownership versus running in a single Availability Zones
D) It increases the availability of an application compared to running in a single Availability Zone

A

D) It increases the availability of an application compared to running in a single Availability Zone

Each AZ is a set of one or more data centers. By deploying your AWS resources to multiple Availability zones , you are designing with failure with mind. So if one AZ were to go down , the other AZ’s would still be up and running and hence your application would be more fault tolerant.

For more information on AWS Regions and AZ’s, please refer to the below URL: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html

62
Q

Which of the following security requirements are managed by AWS customers? Select 2 answers from the options given below:

A) Password Policies
B) User Permissions
C)  Physical Security
D) Disk Disposal
E) Hardware Patching
A

A) Password Policies
B) User Permissions

As per the Shared Responsibility model , the security for users has to be managed by the AWS Customer.

For more information on AWS Shared Responsibility Model, please refer to the below URL: https://aws.amazon.com/compliance/shared-responsibility-model/

63
Q

Systems applying the cloud architecture principle of elasticity will?

A) Minimize storage requirements by reducing logging and auditing activities
B) Create systems that scale to the required capacity based on changes in demand
C) Enable AWS to automatically select the most cost-effective services
D) Accelerate the design process because recovery from failure is automated, reducing the need for testing

A

B) Create systems that scale to the required capacity based on changes in demand

The concept of Elasticity is the means of an application having the ability to scale up and scale down based on demand. An example of such a service is the Autoscaling service

For more information on AWS Autoscaling service, please refer to the below URL: https://aws.amazon.com/autoscaling/

64
Q

Amazon Elastic Compute Cloud (Amazon EC2) Spot instances are appropriate for which of the following workloads?

A) Workloads that are only run in the morning and stopped at night
B) Workloads where the availability of the Amazon EC2 instance can be flexible
C) Workloads that need to run for long periods of time without interruptions
D) Workloads that are critical and need Amazon EC2 instances with termination protection

A

B) Workloads where the availability of the Amazon EC2 instance can be flexible

Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks.

For more information on AWS Spot Instances, please refer to the below URL: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html

65
Q

What AWS feature enables a user to manage services through a web-based user interface?

A) AWS Management Console
B) AWS Application Programming Interface (API)
C) AWS Software Development Kit (SDK)
D) Amazon CloudWatch

A

A) AWS Management Console

The AWS Management console allows you to access and manage Amazon Web Services through a simple and intuitive web-based user interface.

For more information on AWS console, please refer to the below URL: https://aws.amazon.com/console/