Aws Practice 4 Flashcards
Which aspects of security on AWS are customer responsibilities? (Select TWO.)
Availability of AWS regions
Server-side encryption
Physical access controls
Setting up account password policies
Patching of storage systems
Server-side encryption
Setting up account password policies
AWS are responsible for the “security of the cloud”. This includes protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
The customer is responsible for “security in the cloud”. Customer responsibility depends on the service consumed but includes aspects such as Identity and Access Management (includes password policies), encryption of data, protection of network traffic, and operating system, network and firewall configuration.
In order to perform analytical tasks, a company needs a data warehouse. Standard SQL queries must be supported by the data warehouse.
Which AWS service meets these requirements?
Amazon RDS
Amazon Redshift
Amazon Athena
Amazon EMR
Amazon Redshift
Amazon Redshift uses SQL to analyze structured and semi-structured data across data warehouses, operational databases, and data lakes, using AWS-designed hardware and machine learning to deliver the best price performance at any scale.
Data warehouses are built on databases designed for online analytics processing (OLAP) use cases.
There is a need to perform queries and to search and analyze logs interactively within an organization.
Which AWS service or feature will meet this requirement?
-Amazon EventBridge (Amazon CloudWatch Events).
-Amazon CloudWatch anomaly detection.
-Amazon CloudWatch Logs Insights.
-Amazon CloudWatch Logs streams.
Amazon CloudWatch Logs Insights.
CloudWatch Logs Insights enables you to interactively search and analyze your log data in Amazon CloudWatch Logs. You can perform queries to help you more efficiently and effectively respond to operational issues. If an issue occurs, you can use CloudWatch Logs Insights to identify potential causes and validate deployed fixes.
“Amazon EventBridge (Amazon CloudWatch Events)” is incorrect. Amazon EventBridge is a serverless event bus that ingests data from your own apps, SaaS apps and AWS services and routes that data to targets.
Which service can be used to improve performance for users around the world?
Amazon Connect
Amazon CloudFront
Amazon ElastiCache
AWS LightSail
Amazon CloudFront
Amazon CloudFront is a content delivery network (CDN) that caches content at Edge Locations around the world. This gets the content closer to users which improves performance.
A user has an AWS account with a Business-level AWS Support plan and needs assistance with handling a production service disruption.
Which action should the user take?
Open a production system down support case
Open a business-critical system down support case
Contact the dedicated AWS Concierge Support team
Contact the dedicated Technical Account Manager
Open a production system down support case
The Business support plan provides a service level agreement (SLA) of < 1 hour for production system down support cases.
The dedicated TAM only comes with the Enterprise support plan.
The concierge support team only comes with the Enterprise support plan.
The business-critical system down support only comes with the Enterprise support plan.
Which of the following are advantages of the AWS Cloud? (Select TWO.)
AWS manages capacity planning for physical servers
AWS manages the security of applications built on AWS
AWS manages the development of applications on AWS
AWS manages the maintenance of the cloud infrastructure
AWS manages cost planning for virtual servers
-AWS manages capacity planning for physical servers
-AWS manages the maintenance of the cloud infrastructure
Which of the following need to be included in a total cost of ownership (TCO) analysis? (Select TWO.)
Data center security costs
Company wide marketing
IT Manager salary
Facility equipment installation
Application development
Data center security costs
Facility equipment installation
To perform a TCO you need to document all of the costs you’re incurring today to run your IT operations. That includes facilities equipment installation and data center security costs. That way you get to compare the full cost of running your IT on-premises today, to running it in the cloud.
How can consolidated billing within AWS Organizations help lower overall monthly expenses?
By leveraging service control policies (SCP) for centralized service management
By providing a consolidated view of monthly billing across multiple accounts
By pooling usage across multiple accounts to achieve a pricing tier discount
By automating the creation of new accounts through APls
By pooling usage across multiple accounts to achieve a pricing tier discount
You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) accounts.
An organization has multiple AWS accounts and uses a mixture of on-demand and reserved instances. One account has a considerable amount of unused reserved instances. How can the organization reduce their costs? (Select TWO.)
Redeem their reserved instances
Use Spot instances instead
Create an AWS Organization configuration linking the accounts
Switch to using placement groups
Setup consolidated billing between the accounts
-Create an AWS Organization configuration linking the accounts
-Setup consolidated billing between the accounts
AWS organizations allow you to consolidate multiple AWS accounts into an organization that you create and centrally manage. Unused reserved instances (RIs) for EC2 are applied across the group so the organization can utilize their unused reserved instance instead of consuming on-demand instances which will lower their costs.
AWS Business Support customers have access to which of the following?
AWS Health API
AWS DDoS Response Team (DRT)
AWS Support concierge
AWS technical account manager (TAM)
AWS Health API
The AWS Health API is available to all Business, Enterprise On-Ramp, or Enterprise Support customers. You can use the API operations to get information about events that might affect your AWS services and resources.
AWS DDoS Response Team (DRT)” is incorrect. This is not available through a support plan, but through the AWS Shield Advanced service.
“AWS technical account manager (TAM)” is incorrect. You get a dedicated AWS TAM when you have Enterprise Support, and you get access to a pool of TAMs when you are using Enterprise On-Ramp.
AWS Support concierge” is incorrect. This is only available to Enterprise Support customers.
When performing a total cost of ownership (TCO) analysis between on-premises and the AWS Cloud, which factors are only relevant to on-premises deployments? (Select TWO.)
Application licensing
Hardware procurement teams
Operating system licensing
Facility operations costs
Database administration
Hardware procurement teams
Facility operations costs
Facility operations and hardware procurement costs are something you no longer need to pay for in the AWS Cloud. These factors therefore must be included as an on-premise cost so you can understand the cost of staying in your own data centers.
Database administration, operating system licensing and application licensing will still be required in the AWS Cloud.
What is the benefit of using fully managed services compared to deploying 3rd party software on EC2?
You don’t need to back-up your data
Improved security
Reduced operational overhead
You have greater control and flexibility
Reduced operational overhead
Fully managed services reduce your operational overhead as AWS manage not just the infrastructure layer but the service layers above it. Examples are Amazon Aurora and Amazon ElastiCache where the database is managed for you.
Which type of AWS Storage Gateway can be used to backup data with popular backup software?
Gateway Virtual Tape Library (Tape Gateway)
Backup Gateway
Volume Gateway
File Gateway
Gateway Virtual Tape Library
The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud.
The Gateway Virtual Tape Library can be used with popular backup software such as NetBackup, Backup Exec and Veeam. Uses a virtual media changer and tape drives.
Which tool can be used to create alerts when the actual or forecasted cost of AWS services exceed a certain threshold?
AWS Cost and Usage report
AWS Budgets
AWS CloudTrail
AWS Cost Explorer
AWS Budgets
AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.
You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations.
What can be assigned to an IAM user? (Select TWO.)
A password for access to the management console
A password for logging into Linux
A key pair
An SSL/TLS certificate
An access key ID and secret access key
A password for access to the management console
An access key ID and secret access key
An IAM user is an entity that represents a person or service. Users can be assigned an access key ID and secret access key for programmatic access to the AWS API, CLI, SDK, and other development tools and a password for access to the management console.
What AWS service offers managed DDoS protection?
Amazon GuardDuty
Amazon Inspector
AWS Shield
AWS Firewall Manager
AWS Shield
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield – Standard and Advanced.
When a company moves an on-premises, internet-facing website to the AWS Cloud, what benefits does it obtain? (Select TWO.)
The company can take advantage of the pay-as-you-go pricing model.
The website shows up with higher priority in internet search engines.
AWS automatically provides the company with the lowest-cost pricing model.
Website capacity can expand or contract as website traffic changes.
Data that is stored in the AWS Cloud is automatically encrypted.
The company can take advantage of the pay-as-you-go pricing model.
Website capacity can expand or contract as website traffic changes.
Website capacity expanding and contracting is a sign of elasticity, and this is one of the most popular benefits of moving to the cloud. This is defined as the ability to acquire resources as you need them and release resources when you no longer need them.
Also, when you move to the cloud you do not pay upfront for your resources as standard and move to a OPEX model (operational expenditure.)
How can I deploy AWS Cloud infrastructure to multiple AWS Regions quickly, automatically, and reliably?
-Create and launch an Amazon EC2 Amazon Machine Image (AMI) containing the source code with built-in deployment hooks to launch other AWS services.
-Use AWS Systems Manager to automate management tasks, such as creating Amazon EC2 Amazon Machine Images (AMIs) and applying patches.
-Create and use an AWS CloudFormation template.
Use AWS CodeStar to set up a continuous delivery toolchain for automated deployment.
Create and use an AWS CloudFormation template.
AWS CloudFormation is an Infrastructure as Code (IaC) tool which allows users to provision infrastructure services using either JSON or YAML. With AWS CloudFormation you can easily provision resources in a different Region easily.
Which team is available to support AWS customers on an Enterprise support plan with account issues?
AWS Technical Account Manager
AWS Concierge
AWS Billing and Accounts
AWS Technical Support
AWS Concierge
Included as part of the Enterprise Support plan, the Support Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts.
The Technical Account Manager provides expert monitoring and optimization for your environment and coordinates access to other programs and experts.
When storing passwords on AWS, what is the MOST secure method?
Store passwords in AWS Storage Gateway.
Store passwords as AWS CloudFormation parameters.
Store passwords in AWS Secrets Manager.
Store passwords in an Amazon S3 bucket.
Store passwords in AWS Secrets Manager.
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text.
A company is considering migrating from on-premises to the AWS Cloud. In order to handle the workload efficiently, the IT team needs to offload this heavy lifting as much as possible.
What should the IT team do to accomplish this goal?
Build hardware refreshes into the operational calendar to ensure availability.
Use Amazon Elastic Container Service (Amazon ECS) on Amazon EC2 instances.
Use AWS Managed Services to provision, run, and support the company infrastructure.
Overprovision compute capacity for seasonal events and traffic spikes to prevent downtime.
Use AWS Managed Services to provision, run, and support the company infrastructure.
AWS Managed Services (AMS) helps you adopt AWS at scale and operate more efficiently and securely. We leverage standard AWS services and offer guidance and execution of operational best practices with specialized automations, skills, and experience that are contextual to your environment and applications. You can easily leave a lot of the heavy lifting to AWS when you are using managed services.
When an Amazon EC2 instance is stopped, which of the following AWS services can be used to identify the user who stopped it?
-AWS CloudTrail
-Amazon Inspector
-Amazon CloudWatch
-VPC Flow Logs
AWS CloudTrail
AWS CloudTrail tracks API calls that are made within a particular AWS account. it will track the API call made, the IP address it originated from and which IAM principal initiated the action and in this case will capture who stopped an EC2 instance.
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
An organization is migrating to AWS Cloud. During the migration, the company needs consulting and guidance on its applications. Upon completion of the migration, the company requires a response within 30 minutes in the event of a business-critical system failure.
Which AWS Support plans meet these requirements? (Select TWO.)
-AWS Enterprise On-Ramp Support
-AWS Enterprise Support
AWS Enterprise Support is a support plan which provides a less than 15 minutes response time for business-critical system failure, and AWS Enterprise On-Ramp provides a less than 30 minutes response time for business-critical system failure.
A company needs significant cost savings for their non-interruptible workloads on AWS.
Which EC2 instance pricing model should the company select?
Spot Instances
Dedicated Hosts
On-Demand Instances
Reserved Instances
Reserved Instances
Reserved instances allow a customer to use on-demand EC2 instances at a discounted price based on a commitment of usage. If you require cost optimization of non-interruptible workloads, you can use Reserved instances to provide discounts on your EC2 spend.
Which AWS service should be used to create a billing alarm?
-Amazon QuickSight
-AWS Trusted Advisor
-AWS CloudTrail
-Amazon CloudWatch
-Amazon CloudWatch
You can monitor your estimated AWS charges by using Amazon CloudWatch. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data.
Billing metric data is stored in the US East (N. Virginia) Region and represents worldwide charges. This data includes the estimated charges for every service in AWS that you use, in addition to the estimated overall total of your AWS charges.
The alarm triggers when your account billing exceeds the threshold you specify. It triggers only when actual billing exceeds the threshold. It doesn’t use projections based on your usage so far in the month.
Which AWS service enables hybrid cloud storage between on-premises and the AWS Cloud?
Amazon CloudFront
AWS Storage Gateway
Amazon Elastic File System (EFS)
Amazon S3 Cross Region Replication (CRR)
AWS Storage Gateway
The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS Cloud. It seamlessly integrates on-premises enterprise applications and workflows with Amazon’s block and object cloud storage services through industry standard storage protocols.
