AWS EXAM SET 2 Flashcards
A company wants to launch a Microsoft SQL Server database in AWS. The database instance should only be managed by the company’s DBA and must be accessible via RDP. A standard license for SQL Server is required but the company is not yet sure how much CPU and memory to allocate to the database.
Which option gives the most convenience and flexibility to determine the best database size while still being cost-effective?
Use a Windows Server with SQL Server Standard bundled AMI so you won’t need to buy and manage your own license.
A leading company wants to ensure that its cloud services are consistently delivered at the agreed-upon level of its business stakeholders. The company is considering using the AWS Cloud Adoption Framework (AWS CAF) to guide its cloud operations.
Which capabilities within the AWS CAF’s Operations perspective would be most helpful for the company?
Performance and Capacity Management
Which of the following will allow you to create a data warehouse in AWS for your business intelligence needs?
Amazon Redshift
A customer currently has a Basic support plan and they are planning to use the Infrastructure Event Management, Well-Architected Reviews and Operations Reviews features in AWS. What should they do in order to access these features in the most cost-effective manner?
Upgrade to Enterprise support plan.
What is the best type of instance purchasing option to choose if you will run an EC2 instance for 3 months to perform a job that is uninterruptible?
On-Demand Instance
You are permitted to conduct security assessments and penetration testing without prior approval against which AWS resources? (Select TWO.)
Amazon Aurora
Amazon RDS
A customer is building a cloud architecture in AWS which should scale horizontally or vertically in order to automatically adjust capacity and maintain steady, predictable performance at the lowest possible cost. Which of the following statements are true regarding horizontal and vertical scaling? (Select TWO.)
- Adding more EC2 instances to your resource pool is an example of Horizontal Scaling
- Upgrading to a higher EC2 instance type is an example of Vertical Scaling
The IT Security team of your company needs to conduct a vulnerability analysis on your application servers to ensure that the EC2 instances comply with the annual security IT audit. You need to set up an automated security assessment service to improve the security and compliance of your applications. The solution should automatically assess applications for exposure, vulnerabilities, and deviations from the AWS best practices.
Which of the following options would you implement to satisfy this requirement?
AWS Inspector
Which of the following cloud best practices reinforces the use of the Service-Oriented Architecture (SOA) design principle?
Decouple your components.
Which of the following is best suited for load balancing Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Transport Layer Security (TLS) traffic and has the capability of handling millions of requests per second while maintaining ultra-low latencies?
Network Load Balancer
Which of the following is the benefit of using Amazon Relational Database Service (Amazon RDS) over traditional database management?
Lower administrative burden through automatic software patching and maintenance of the underlying operating system
Which of the following is the most cost-effective payment option when you purchase either a Standard or Convertible Reserved Instance for a 1-year term?
All Upfront
A customer needs to retrieve the instance ID, instance profile permissions, and kernel information of their EC2 instance for an app that is running within the same instance. Where can the customer find this information?
Instance metadata
Which among the services below can you use to test and troubleshoot IAM and resource-based policies?
IAM Policy Simulator
Which service allows you to add powerful visual analysis feature to your applications that enables you to search, verify, and organize millions of images?
Amazon Rekognition
Which of the following services are part of the AWS serverless platform that does not require provisioning, maintaining, and administering servers for backend components? (Select TWO.)
- Amazon API Gateway
- Lambda@Edge
A customer has a number of on-demand instances running simultaneously to serve customer transactions. Occasionally, most of these instances do not perform any tasks when demand is low. What is a good cost optimization strategy to implement for this case?
Implement an auto scaling group to control the number of running instances at a time
A space agency is using Amazon S3 to store their high-resolution satellite images and videos everyday. Which of the following should they do to minimize the upload time?
Use the Multipart upload API
When a company uses AWS and decouple from their on-premises data center, they will be able to have which of the following benefits? (Select TWO.)
- Decrease your TCO.
- Reduce time to market.
Which of the following provides software solutions that are either hosted on or integrated with the AWS platform which may include Independent Software Vendors (ISVs), SaaS, PaaS, developer tools, management, and security vendors?
AWS Partner Network Technology Partners
Which of the following are the characteristics of Amazon EC2 Convertible Reserved Instances? (Select TWO.)
- Has the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value
- Allows the change of instance family, operating system, tenancy, and payment option
Which of the following is not required when launching an EBS-backed EC2 instance?
Elastic IP address
Which of the following should you use to automatically transfer your infrequently accessed data in your S3 bucket to a more cost-effective storage class?
Amazon S3 Lifecycle Policy
In compliance with the Sarbanes-Oxley Act (SOX) federal law, a US-based company is required to provide SOC 1 and SOC 2 reports of their cloud resources. Where are these AWS compliance documents located?
AWS Artifact
Which of the following is a fully managed database in AWS that can be used to store JSON documents?
Amazon DynamoDB
Which of the following are the best practices that can help secure your AWS resources using the AWS Identity and Access Management (IAM) service? (Select TWO.)
- Lock away your AWS account root user access keys.
- Grant least privilege.
An insurance company plans to use AWS to visually create, run, and monitor ETL workflows. Which of the following services would you recommend?
AWS Glue Studio
Which of the following are defined as global services in AWS? (Select TWO.)
- Amazon CloudFront
- AWS Identity and Access Management
What is the most secure way to provide applications temporary access to your AWS resources?
Create an IAM role and have the application assume the role
A company plans to migrate their on-premises MySQL database to Amazon RDS. Which AWS service should they use for this task?
AWS Database Migration Service (AWS DMS)
Which of the following AWS Cost Management tools enable you to forecast future costs and usage of your AWS resources based on your past consumption?
Cost Explorer
Which of the following is one of the benefits of migrating your systems from an on-premises data center to AWS Cloud?
Enables the customer to focus on business activities rather than on the heavy lifting of racking, stacking, and powering servers
In the AWS Shared Responsibility Model, whose responsibility is it to patch the host operating system of an Amazon EC2 instance?
AWS
Which of the following should you use if you need to provide temporary AWS credentials for users who have been authenticated via their social media logins as well as for guest users who do not require any authentication?
Amazon Cognito Identity Pool
Which of the following is true regarding the Business support plan in AWS?
Provides a 1-hour response time support if your production system goes down
In Amazon EC2, which pricing construct adjusts its price based on supply and demand of EC2 instances?
Spot Instance
Which is a fully-managed source control service that allows you to host Git-based repositories and enable code collaboration for your team via pull requests, branching, and merging?
AWS CodeCommit
Which of the following is used to enable instances in the public subnet to connect to the public Internet?
Internet Gateway
A company needs to troubleshoot an issue on their serverless application which is composed of an API Gateway, Lambda function, and a DynamoDB database. Which service should they use to trace user requests as they travel through their entire application?
AWS X-Ray
Which of the following AWS service enables customers to analyze, investigate, and identify the root cause of potential security issues or suspicious activities in their AWS environment?
Amazon Detective
What services will help you create a highly available and scalable web app in the cloud? (Select TWO.)
- Amazon EC2 Auto Scaling
- AWS ELB
Which of the following cloud design principles supports growth in users, traffic, or data size with no drop-in performance?
Scalability
Which service would you use to speed up content delivery to your customers?
Amazon CloudFront
A new AWS customer needs to deploy up to 100 t3a.large EC2 instances on their recently launched VPC, which is way beyond the default service limit. What should they do so they can launch their additional instances?
Create a case in the AWS Support Center page and request a service limit increase.
Which of the following policies grant the necessary permissions required to access your Amazon S3 resources? (Select TWO.)
- User policies
- Bucket policies
A website is experiencing varying levels of traffic throughout the day and is not fully consuming server capacity all the time. Which advantage does AWS Cloud provide over traditional data centers when it comes to handling traffic load?
Elasticity
A customer in North Virginia, USA is doing some drone work and collecting environmental data. Which of the following services allows him to easily obtain terabytes of data storage for use in a space-constrained environment and allows him to transfer these data to AWS?
AWS Snowcone.
Which of the following tasks fall under the sole responsibility of AWS based on the shared responsibility model?
Physical and environmental controls
Which of the following is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using appliances with on-board storage and compute capabilities?
AWS Snowball Edge
Which AWS service is commonly used for streaming data in real-time?
Amazon Kinesis
There is an incident with your team where an S3 object was deleted using an account without the owner’s knowledge. What can be done to prevent unauthorized deletion of your S3 objects?
Configure MFA delete on the S3 bucket.
Which of the following is a valid characteristic of an IAM Group?
A group can contain many users, and a user can belong to multiple groups
Which of the following actions will AWS charge you for? (Select TWO.)
- Transfer of EC2 files between two AWS Regions
- Provisioning elastic IPs and attaching them to running EC2 instances
A startup wants to move its on-premises infrastructure to AWS. The IT Security team wants to protect all of the applications against unintended and unauthorized access as well as potential vulnerabilities.
Which of the following capability of AWS CAF’s Security perspective would be most relevant to address this concern?
Infrastructure Protection
Which of the following are pillars of the AWS Well-Architected Framework? (Select TWO.)
- Performance Efficiency
- Sustainability
__________ lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.
Amazon VPC
Which of the following is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads?
Amazon GuardDuty
Which of the following is typically used to secure your VPC subnets?
Network ACL
Which of the following is the most cost-effective instance purchasing option for hosting an application which will run non-interruptible workloads for a period of three years?
Amazon EC2 Standard Reserved Instances
A customer needs to establish a dedicated connection between their on-premises network and their AWS VPC that provides a more consistent network experience than Internet-based connections. Which of the following network services should they use?
AWS Direct Connect
A manufacturing company has multiple AWS accounts for various departments. As the company grows, they are experiencing an increase in its AWS costs and want to optimize its expenses by taking advantage of any available discounts.
Which of the following actions below will allow you to take advantage of volume discounts in AWS?
Use AWS Organizations and enable the consolidated billing feature.
Which service does AWS use to notify you when AWS is experiencing events that may impact you?
AWS Health.
Which of the following statements accurately describes the AWS Shared Responsibility model?
AWS is responsible for securing the physical infrastructure of the cloud, while customers are responsible for securing their applications and data in the cloud.
In AWS, which of the following is a design principle that you should implement when designing your cloud architecture?
Use multiple Availability Zones
Which is a machine learning-powered security service that discovers, classifies, and protects sensitive data such as personally identifiable information (PII) or intellectual property?
Amazon Macie
