Aws Practice 5 Flashcards

Question 1

Q

Which AWS service lets connected devices easily and securely interact with cloud applications and other devices?

AWS Server Migration Service (SMS)
AWS IoT Core
AWS Directory Service
Amazon Workspaces

Answer

A

AWS IoT Core

AWS IoT Core is a managed cloud service that lets connected devices easily and securely interact with cloud applications and other devices. AWS IoT Core can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely.

Question 2

Q

Which of the following statements is correct about Amazon S3 cross-region replication?

Both source and destination S3 buckets must have versioning disabled
The source and destination S3 buckets cannot be in different AWS Regions
S3 buckets conﬁgured for cross-region replication can be owned by a single AWS account or by different accounts
The source S3 bucket owner must have the source and destination AWS Regions disabled for their account

Answer

A

S3 buckets conﬁgured for cross-region replication can be owned by a single AWS account or by different accounts

Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can copy objects between different AWS Regions or within the same Region.

Both source and destination buckets must have versioning enabled. The source bucket owner must have the source and destination AWS Regions enabled for their account. The destination bucket owner must have the destination Region-enabled for their account.

Question 3

Q

Which services allow you to store files on AWS? (Select TWO.)

Amazon EFS
Amazon LightSail
Amazon EBS
Amazon SQS
AWS Lambda

Answer

A

Amazon EFS
Amazon EBS

Question 4

Q

How can you configure Amazon Route 53 to monitor the health and performance of your application?

Using the Route 53 API
Using DNS lookups
Using CloudWatch
Using Route 53 health checks

Answer

A

Using Route 53 health checks

Amazon Route 53 health checks monitor the health and performance of your web applications, web servers, and other resources.

None of the other options provide a solution that can check the health and performance of an application.

Question 5

Q

Which AWS feature of Amazon EC2 allows an administrator to create a standardized image that can be used for launching new instances?

Amazon Golden Image
Amazon Block Template
Amazon Machine Image
Amazon EBS Mount Point

Answer

A

Amazon Machine Image

Question 6

Q

What feature of Amazon S3 enables you to set rules to automatically transfer objects between different storage classes at defined time intervals?

Elastic Data Management
Object Lifecycle Management
Auto Lifecycle Scaling
S3 Archiving

Answer

A

Object Lifecycle Management

Question 7

Q

A company has deployed several relational databases on Amazon RDS. Every month, the database software vendor releases new security patches that need to be applied to the database.

What is the MOST efficient way to apply the security patches?

Enable automatic patching for the instances using the Amazon RDS console
Use AWS Systems Manager to automate database patching according to a schedule
In AWS Config, conﬁgure a rule for the instances and the required patch level
Connect to each database instance on a monthly basis, and download and apply the necessary security patches from the vendor

Answer

A

Enable automatic patching for the instances using the Amazon RDS console

Periodically, Amazon RDS performs maintenance on Amazon RDS resources. Maintenance most often involves updates to the DB instance’s underlying hardware, underlying operating system (OS), or database engine version. Updates to the operating system most often occur for security issues and should be done as soon as possible.

Required patching is automatically scheduled only for patches that are related to security and instance reliability. Such patching occurs infrequently (typically once every few months) and seldom requires more than a fraction of your maintenance window.

Question 8

Q

Which AWS services form the app-facing services of the AWS serverless infrastructure? (Select TWO.)

AWS Lambda
AWS Step Functions
Amazon API Gateway
Amazon DynamoDB
Amazon EFS

Answer

A

AWS Lambda
Amazon API Gateway

AWS Lambda and Amazon API Gateway are both app-facing components of the AWS Serverless infrastructure

Question 9

Q

Which AWS service is part of the suite of “serverless” services and runs code as functions?

Amazon EKS
AWS Lambda
Amazon ECS
AWS CodeCommit

Answer

A

AWS Lambda

AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. The code you run on AWS Lambda is called a “Lambda function”.

Question 10

Q

What are the benefits of using IAM roles for applications that run on EC2 instances? (Select TWO.)

Role credentials are permanent
More secure than storing access keys within applications
It is easier to manage IAM roles
Easier to configure than using storing access keys within the EC2 instance
Can apply multiple roles to a single instance

Answer

A

More secure than storing access keys within applications
It is easier to manage IAM roles

Question 11

Q

What are two benefits of using AWS Lambda? (Select TWO.)

Open source software
Flexible operating system choices
Continuous scaling (scale out)
Integrated snapshots
No servers to manage

Answer

A

Continuous scaling (scale out)
No servers to manage

With AWS Lambda you don’t have any servers to manage (serverless). Lambda functions scale out rather than up running multiple invocations of the function in parallel.

Question 12

Q

What is the name of the AWS managed Docker registry service used by the Amazon Elastic Container Service (ECS)?

Docker Image Repository
Docker Container Registry
ECS Container Registry
Elastic Container Registry

Answer

A

Elastic Container Registry ECR

Question 13

Q

What charges are applicable to Amazon S3 Standard storage class? (Select TWO.)

Minimum capacity charge per object
Data egress
Per GB/month storage fee
Data ingress
Retrieval fee

Answer

A

Data egress
Per GB/month storage fee

With the standard storage class you pay a per GB/month storage fee, and data transfer out of S3. Standard-IA and One Zone-IA have a minimum capacity charge per object. Standard-IA, One Zone-IA, and Glacier also have a retrieval fee. You don’t pay for data into S3 under any storage class.

Question 14

Q

Which DynamoDB feature provides in-memory acceleration to tables that result in significant performance improvements?

Amazon ElastiCache
Amazon CloudFront
Amazon DynamoDB Accelerator (DAX)
Amazon EFS

Answer

A

Amazon DynamoDB Accelerator (DAX)

Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second.

DAX does all the heavy lifting required to add in-memory acceleration to your DynamoDB tables, without requiring developers to manage cache invalidation, data population, or cluster management.

Question 15

Q

A Cloud Practitioner needs to rapidly deploy a popular IT solution and start using it immediately.

What should the Cloud Practitioner use?

AWS Quick Start reference deployments
AWS Elastic Beanstalk
Amazon CloudFront
AWS Well-Architected Framework documentation

Answer

A

Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately.

Each Quick Start includes AWS CloudFormation templates that automate the deployment and a guide that discusses the architecture and provides step-by-step deployment instructions.

Question 16

Q

What is the relationship between subnets and availability zones?

Subnets span across multiple availability zones
You can create one subnet per availability zone
Subnets contain one or more availability zones
You can create one or more subnets within each availability zone

Answer

A

You can create one or more subnets within each availability zone

Question 17

Q

Which AWS services form the app-facing services of the AWS serverless infrastructure? (Select TWO.)

AWS Step Functions
Amazon DynamoDB
AWS Lambda
Amazon API Gateway
Amazon EFS

Answer

A

AWS Lambda
Amazon API Gateway

AWS Lambda and Amazon API Gateway are both app-facing components of the AWS Serverless infrastructure

“AWS Step Functions” is incorrect. This is a serverless orchestration service.

“Amazon DynamoDB” is incorrect. Amazon DynamoDB is a serverless database service. Databases are backend, not app-facing.

“Amazon EFS” is incorrect. EFS is a filesystem. Typically, EFS is mounted by Amazon EC2 instances.

Question 18

Q

Which AWS components aid in the construction of fault-tolerant applications? (Select TWO.)

ARNs
Elastic IP addresses
Tags
AMIs
Block device mappings

Answer

A

Elastic IP addresses
AMIs

Elastic IP addresses can be easily remapped between EC2 instances in the event of a failure. Amazon Machine Images (AMIs) can be used to quickly launch replacement instances when there is a failure

Question 19

Q

How can a company connect from their on-premises network to VPCs in multiple regions using private connections?

Inter-Region VPC Peering
Amazon CloudFront
AWS Direct Connect Gateway
AWS Managed VPN

Answer

A

AWS Direct Connect Gateway

You can use an AWS Direct Connect gateway to connect your AWS Direct Connect connection over a private virtual interface to one or more VPCs in your account that are located in the same or different Regions

AWS Managed VPN uses the public Internet and is therefore not a private connection.

Inter-Region VPC peering does not help you to connect from an on-premise network.

Question 20

Q

Which of the following statements is correct about Amazon S3 cross-region replication?

The source S3 bucket owner must have the source and destination AWS Regions disabled for their account
S3 buckets conﬁgured for cross-region replication can be owned by a single AWS account or by different accounts
Both source and destination S3 buckets must have versioning disabled
The source and destination S3 buckets cannot be in different AWS Regions

Answer

A

S3 buckets conﬁgured for cross-region replication can be owned by a single AWS account or by different accounts

Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can copy objects between different AWS Regions or within the same Region.

Both source and destination buckets must have versioning enabled. The source bucket owner must have the source and destination AWS Regions enabled for their account. The destination bucket owner must have the destination Region-enabled for their account.

Question 21

Q

What is the relationship between subnets and availability zones?

Subnets span across multiple availability zones
You can create one subnet per availability zone
Subnets contain one or more availability zones
You can create one or more subnets within each availability zone

Answer

A

You can create one or more subnets within each availability zone

Question 22

Q

What are the primary benefits of using AWS Elastic Load Balancing? (Select TWO.)

High availability
Elasticity
Automation
Caching
Regional resilience

Answer

A

High availability
Elasticity

High availability – ELB automatically distributes traffic across multiple EC2 instances in different AZs within a region.

Elasticity – ELB is capable of handling rapid changes in network traffic patterns.

Question 23

Q

What is the name of the AWS managed Docker registry service used by the Amazon Elastic Container Service (ECS)?

Elastic Container Registry
Docker Image Repository
ECS Container Registry
Docker Container Registry

Answer

A

Elastic Container Registry

Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.

Amazon ECR is integrated with Amazon Elastic Container Service (ECS). Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure.

Question 24

Q

A developer needs a way to automatically provision a collection of AWS resources. Which AWS service is primarily used for deploying infrastructure as code?

AWS CloudFormation
AWS Elastic Beanstalk
Jenkins
AWS CodeDeploy

Answer

A

AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. Think of CloudFormation as deploying infrastructure as code.

“AWS CodeDeploy” is incorrect. AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers.

Question 25

Q

Assuming you have configured them correctly, which AWS services can scale automatically without intervention? (Select TWO.)

Amazon DynamoDB
Amazon EBS
Amazon S3
Amazon EC2
Amazon RDS

Answer

A

Amazon DynamoDB
Amazon S3

Both S3 and DynamoDB automatically scale as demand dictates. In the case of DynamoDB you can either configure the on-demand or provisioned capacity mode. With on-demand capacity mode DynamoDB automatically adjusts the read and write throughput for you.

EBS and RDS do not scale automatically. You must intervene to adjust volume sizes and database instance types to scale these resources

EC2 cannot scale automatically. You need to use Auto Scaling to scale the number of EC2 instances deployed.

Question 26

Q

Which of the following constitute the six pillars for the AWS Well-Architected Framework? (Select TWO.)

Operational excellence, elasticity and scalability
Cost prioritization, and cost optimization
Performance efficiency, sustainability, and cost optimization
Operational excellence, security, and reliability
Data consistency, and cost optimization

Answer

A

Performance efficiency, sustainability, and cost optimization
Operational excellence, security, and reliability

Question 27

Q

Which type of storage stores objects comprised of key, value pairs?

Amazon DynamoDB
Amazon EBS
Amazon EFS
Amazon S3

Answer

A

Amazon S3

Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 is an object-based storage system that stores objects that are comprised of key, value pairs.

Amazon DynamoDB stores items, not objects, based on key, value pairs.

Amazon EBS is a block-based storage system.

Amazon EFS is a file-based storage system.

Question 28

Q

Which service is used introduce fault tolerance into an application architecture?

Amazon CloudFront
Amazon DynamoDB
Amazon ElastiCache
Amazon Elastic Load Balancing

Answer

A

Amazon Elastic Load Balancing

Amazon Elastic Load Balancing is used to spread load and introduce fault tolerance by distributing connections across multiple identically configured back-end EC2 instances.

Question 29

Q

With which service can a developer upload code using a ZIP or WAR file and have the service handle the end-to-end deployment of the resources?

Amazon ECS
AWS Elastic Beanstalk
AWS CodeDeploy
AWS CodeCommit

Answer

A

AWS Elastic Beanstalk

AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Developers upload applications and Elastic Beanstalk handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.

You can upload code directly using a ZIP or WAR file. You can also use a Git archive.

Question 30

Q

What is an Edge location?

A content delivery network (CDN) endpoint for CloudFront
A public endpoint for Amazon S3
A VPC peering connection endpoint
A virtual private gateway for VPN

Answer

A

A content delivery network (CDN) endpoint for CloudFront

Edge locations are Content Delivery Network (CDN) endpoints for CloudFront. There are many more edge locations than regions.

Question 31

Q

An Elastic IP Address can be remapped between EC2 instances across which boundaries?

Edge Locations
DB Subnets
Regions
Availability Zones

Answer

A

Availability Zones

Elastic IP addresses are for use in a specific region only and can therefore only be remapped between instances within that region. You can use Elastic IP addresses to mask the failure of an instance in one Availability Zone by rapidly remapping the address to an instance in another Availability Zone.

Question 32

Q

How can you configure Amazon Route 53 to monitor the health and performance of your application?

Using DNS lookups
Using the Route 53 API
Using CloudWatch
Using Route 53 health checks

Answer

A

Using Route 53 health checks

Amazon Route 53 health checks monitor the health and performance of your web applications, web servers, and other resources.

None of the other options provide a solution that can check the health and performance of an application.

Question 33

Q

What is the relationship between subnets and availability zones?

You can create one or more subnets within each availability zone
Subnets span across multiple availability zones
Subnets contain one or more availability zones
You can create one subnet per availability zone

Answer

A

You can create one or more subnets within each availability zone

You can create one or more subnets within each availability zone but subnets cannot span across availability zones.

Question 34

Q

Which AWS service can be used to send automated notifications to HTTP endpoints?

Amazon SQS
Amazon SES
Amazon SWF
Amazon SNS

Answer

A

Amazon SNS

Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud. SNS can be used to send automated or manual notifications to email, mobile (SMS), SQS, and HTTP endpoints.

“Amazon SQS” is incorrect. Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. This is a message bus, not a notification service.

Amazon SWF” is incorrect. Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential step. It is not a notification service.

“Amazon SES” is incorrect. Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails. It is limited to sending email.

Question 35

Q

A company needs protection from distributed denial of service (DDoS) attacks on its website and assistance from AWS experts during such events.

Which AWS managed service will meet these requirements?

Amazon GuardDuty
AWS Web Application Firewall
AWS Firewall Manager
AWS Shield Advanced

Answer

A

AWS Shield Advanced

AWS Shield Advanced provides enhanced detection and includes a specialized support team for customers on Enterprise or Business support plans. The AWS DDoS Response Team (DRT) are available 24/7 and can be engaged before, during, or after a DDoS attack.

INCORRECT: “AWS Firewall Manager” is incorrect. This service is used to simplify management of AWS WAF, AWS Shield Advanced, and Amazon VPC security groups.

INCORRECT: “AWS Web Application Firewall” is incorrect. AWS WAF is used for protecting web applications and APIs against malicious attacks. This is not a DDoS prevention service.

INCORRECT: “Amazon GuardDuty” is incorrect. This service is used for continuously monitoring AWS resources for threats. It is not a DDoS prevention service, it uses machine learning and anomaly detection to identify security vulnerabilities in resources.

Question 36

Q

Which AWS security service provides a firewall at the subnet level within a VPC?

Security Group
Network Access Control List
Bucket Policy
IAM Policy

Answer

A

Network Access Control List

A Network ACL is a firewall that is associated with a subnet within your VPC. It is used to filter the network traffic that enters and exits the subnet

A Security Group is a firewall that is associated with an EC2 instances (not the subnet). Security Groups control the traffic the inbound and outbound network traffic from/to the instance.

Question 37

Q

Which services allow you to store files on AWS? (Select TWO.)

AWS Lambda
Amazon LightSail
Amazon EBS
Amazon EFS
Amazon SQS

Answer

A

Amazon EBS
Amazon EFS

You can store files on the Elastic Block Store (EBS), and Elastic File System (EFS). EBS volumes are mounted as block devices to EC2 instances and EFS volumes are mounted to the instance using the NFS protocol.

Question 38

Q

Which AWS program can help an organization to design, build, and manage their workloads on AWS?

AWS Technical Account Manager
AWS Business Development Manager
APN Technology Consultants
APN Consulting Partners

Answer

A

APN Consulting Partners

APN Consulting Partners are professional services firms that help customers of all sizes design, architect, build, migrate, and manage their workloads and applications on AWS. Consulting Partners include System Integrators (SIs), Strategic Consultancies, Agencies, Managed Service Providers (MSPs), and Value-Added Resellers (VARs).

Question 39

Q

A company needs protection from distributed denial of service (DDoS) attacks on its website and assistance from AWS experts during such events.

Which AWS managed service will meet these requirements?

AWS Firewall Manager
Amazon GuardDuty
AWS Web Application Firewall
AWS Shield Advanced

Answer

A

AWS Shield Advanced

AWS Shield Advanced provides enhanced detection and includes a specialized support team for customers on Enterprise or Business support plans. The AWS DDoS Response Team (DRT) are available 24/7 and can be engaged before, during, or after a DDoS attack.

Question 40

Q

Which service is used for caching data?

Amazon Elastic File System (EFS)
Amazon Simple Queue Service (SQS)
Amazon DynamoDB DAX
AWS Key Management Service (KMS)

Answer

A

Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second.

Question 41

Q

Which tools can you use to manage identities in IAM? (choose 2

AWS Management Console
AWS Command Line Tools
EC2 Management Console
Amazon Workspaces
Amazon CloudWatch API

Answer

A

AWS Management Console
AWS Command Line Tools

Question 42

Q

How can a company protect their Amazon S3 data from a regional disaster?

Use lifecycle actions to move to another S3 storage class
Archive to Amazon Glacier
Use Cross-Region Replication (CRR) to copy to another region
Enable Multi-Factor Authentication (MFA) delete

Answer

A

Use Cross-Region Replication (CRR) to copy to another region

Cross-Region replication (CRR) is used to copy objects across Amazon S3 buckets in different AWS Regions. The only option here that will help is to use CRR to copy the data to another region. This will provide disaster recovery.

Question 43

Q

A Cloud Practitioner is developing a disaster recovery plan and intends to replicate data between multiple geographic areas.

Which of the following meets these requirements?

Edge locations
Availability Zones
AWS Regions
AWS Accounts

Answer

A

AWS Regions

AWS has the concept of a Region, which is a physical location around the world where we cluster data centers. We call each group of logical data centers an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate AZ’s within a geographic area.

Question 44

Q

What information must be entered into the AWS TCO Calculator?

The number of servers in your company
The number of storage systems in your company
The number of applications in your company
The number of end users in your company

Answer

A

The number of servers in your company

The TCO calculator asks for the number of servers (Physical or VMs) you are running on-premises. You also need to supply the resource information (CPU, RAM) and specify whether the server is a DB or non-DB.

Use this new calculator to compare the cost of your applications in an on-premises or traditional hosting environment to AWS. Describe your on-premises or hosting environment configuration to produce a detailed cost comparison with AWS.

Question 45

Q

What is the name of the online, self-service portal that AWS provides to enable customers to view reports and, such as PCI reports, and accept agreements?

AWS DocuFact
AWS Compliance Portal
AWS Documentation Portal
AWS Artifact

Answer

A

AWS Artifact

AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements.

Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls.

Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).

Question 46

Q

What are two correct statements about AWS Organizations with consolidated billing? (Select TWO.)

CloudTrail can be configured per organization
Multiple bills are provided per organization
One bill provided for multiple accounts
Linked accounts lose their management independence
Volume pricing discounts applied across multiple accounts

Answer

A

One bill provided for multiple accounts
Volume pricing discounts applied across multiple accounts

CloudTrail is on a per account basis and per region basis but can be aggregated into a single bucket in the paying account.

Question 47

Q

Which support plan is the lowest cost option that allows unlimited cases to be open?

Basic
Developer
Business
Enterprise

Answer

A

Developer

With the Developer plan you can open unlimited cases. You can also open unlimited cases with the Business and Enterprise plans but these are more expensive. You cannot open any support cases with the basic support plan.

Question 48

Q

When designing a VPC, what is the purpose of an Internet Gateway?

Enables Internet communications for instances in public subnets
Provides Internet access for EC2 instances in private subnets
It’s a bastion host for inbound management connections
It’s used for making VPN connections to a VPC

Answer

A

Enables Internet communications for instances in public subnets

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic.

An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.

Question 49

Q

Which type of EBS volumes can be encrypted?

Non-root volumes only
Both non-root and root volumes
Only root volumes can have encryption applied at launch time
Only non-root volumes created from snapshots

Answer

A

Both non-root and root volumes

Amazon EBS encryption offers a straight-forward encryption solution for your EBS resources that doesn’t require you to build, maintain, and secure your own key management infrastructure. It uses AWS Key Management Service (AWS KMS) customer master keys (CMK) when creating encrypted volumes and snapshots.

Encryption operations occur on the servers that host EC2 instances, ensuring the security of both data-at-rest and data-in-transit between an instance and its attached EBS storage.

All volumes can now be encrypted at launch time and it’s possible to set this as the default setting.

Question 50

Q

What feature of Amazon S3 enables you to set rules to automatically transfer objects between different storage classes at defined time intervals?

Auto Lifecycle Scaling
S3 Archiving
Object Lifecycle Management
Elastic Data Management

Answer

A

Object Lifecycle Management

Question 51

Q

What charges are applicable to Amazon S3 Standard storage class? (Select TWO.)

Minimum capacity charge per object
Retrieval fee
Per GB/month storage fee
Data ingress
Data egress

Answer

A

Per GB/month storage fee
Data egress

With the standard storage class you pay a per GB/month storage fee, and data transfer out of S3. Standard-IA and One Zone-IA have a minimum capacity charge per object. Standard-IA, One Zone-IA, and Glacier also have a retrieval fee. You don’t pay for data into S3 under any storage class.

Question 52

Q

Which of the following descriptions is incorrect in relation to the design of Availability Zones?

AZ’s have direct, low-latency, high throughput and redundant network connections between each other
Each subnet in a VPC is mapped to all AZs in the region
Each AZ is designed as an independent failure zone
AZs are physically separated within a typical metropolitan region and are located in lower risk flood plains

Answer

A

Each subnet in a VPC is mapped to all AZs in the region

Question 53

Q

What offerings are included in the Amazon Lightsail product set? (Select TWO.)

File storage
Managed MySQL database
NoSQL database
Serverless functions
Virtual Private Server

Answer

A

Managed MySQL database
Virtual Private Server

Amazon LightSail provides an easy, low cost way to consume cloud services without needing the skill set for using VPC resources. The product set includes virtual private servers (instances), managed MySQL databases, block and object storage, simplified load balancers, and CDN distributions.

Question 54

Q

Which AWS feature of Amazon EC2 allows an administrator to create a standardized image that can be used for launching new instances?

Amazon Golden Image
Amazon Block Template
Amazon Machine Image
Amazon EBS Mount Point

Answer

A

Amazon Machine Image

An Amazon Machine Image (AMI) provides the information required to launch an instance. You can use an AMI to launch identical instances from a standard template. This is also known as a Golden Image (though no such feature exists in AWS with this name). An AMI is created from an EBS snapshot and also includes launch permissions and a block device mapping.

Question 55

Q

When designing a VPC, what is the purpose of an Internet Gateway?

It’s used for making VPN connections to a VPC
Provides Internet access for EC2 instances in private subnets
Enables Internet communications for instances in public subnets
It’s a bastion host for inbound management connections

Answer

A

Enables Internet communications for instances in public subnets

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic.

An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.

Question 56

Q

Which type of EBS volumes can be encrypted?

Only root volumes can have encryption applied at launch time
Only non-root volumes created from snapshots
Both non-root and root volumes
Non-root volumes only

Answer

A

Amazon EBS encryption offers a straight-forward encryption solution for your EBS resources that doesn’t require you to build, maintain, and secure your own key management infrastructure. It uses AWS Key Management Service (AWS KMS) customer master keys (CMK) when creating encrypted volumes and snapshots.

Encryption operations occur on the servers that host EC2 instances, ensuring the security of both data-at-rest and data-in-transit between an instance and its attached EBS storage.

Question 57

Q

Which of the following are advantages of using the AWS cloud computing over legacy IT? (Select TWO.)

You are able to pass responsibility for the availability of your application to AWS
You don’t need to worry about over provisioning as you can elastically scale
You don’t need to patch your operating systems
You can bring new applications to market faster
You can bring services closer to your end users

Answer

A

-You don’t need to worry about over provisioning as you can elastically scale
-You can bring new applications to market faster

Question 58

Q

Which type of storage stores objects comprised of key, value pairs?

Amazon S3
Amazon EBS
Amazon DynamoDB
Amazon EFS

Answer

A

Amazon S3

Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 is an object-based storage system that stores objects that are comprised of key, value pairs.

Question 59

Q

What is an Edge location?

A VPC peering connection endpoint
A virtual private gateway for VPN
A content delivery network (CDN) endpoint for CloudFront
A public endpoint for Amazon S3

Answer

A

A content delivery network (CDN) endpoint for CloudFront

Edge locations are Content Delivery Network (CDN) endpoints for CloudFront. There are many more edge locations than regions.

Question 60

Q

Which service can you use to monitor, store and access log files generated by EC2 instances and on-premises servers?

Amazon Kinesis
Amazon CloudWatch Logs
AWS OpsWorks
AWS CloudTrail

Answer

A

Amazon CloudWatch Logs

You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources. You can then retrieve the associated log data from CloudWatch Logs.

Amazon Kinesis is a set of services used for collecting, processing and analyzing streaming data.

OpsWorks is a configuration management service.

AWS CloudTrail is used for recording a history of API actions taken on your account.

Question 61

Q

A user deploys an Amazon Aurora database instance in multiple Availability Zones.

This strategy involves which pillar of the AWS Well-Architected Framework?

Security
Cost optimization
Reliability
Performance efﬁciency

Answer

A

There are five design principles for reliability in the cloud:

Test recovery procedures

Automatically recover from failure

Scale horizontally to increase aggregate system availability

Stop guessing capacity

Manage change in automation

Question 62

Q

Which type of Amazon RDS automated backup allows you to restore the database with a granularity of as little as 5 minutes?

Point-in-time recovery
Incremental backup
Full backup
Snapshot backup

Answer

A

You can restore an Amazon RDS database instance to a specific point in time with a granularity of 5 minutes. Amazon RDS uses transaction logs which it uploads to Amazon S3 to do this.

Question 63

Q

A company wants to utilize a pay as you go cloud model for all of their applications without CAPEX costs and which is highly elastic. Which cloud delivery model will suit them best?

Public
Private
Hybrid
On-premise

Answer

A

Public

The public cloud is offered under a purely pay as you go model (unless you choose to reserve), and allows companies to completely avoid CAPEX costs. The public cloud is also highly elastic so companies can grow and shrink the applications as demand changes.

Private and on-premise clouds are essentially the same, though both could be managed by a third party and even could be delivered under an OPEX model by some vendors. However, they are typically more CAPEX heavy and the elasticity is limited.

A hybrid model combines public and private and this company wants to go all in on a single model.

Question 64

Q

Which service provides alerts and remediation guidance when AWS is experiencing events that may impact you?

AWS Trusted Advisor
AWS Inspector
AWS Health Dashboard
AWS Shield

Answer

A

AWS Health Dashboard

AWS Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you.

Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment.

Answer 65

A

Amazon CloudFront

Amazon S3

Amazon S3 is an object-based storage system. It can be used to store data such as files and images that need to be served. Optionally, an S3 bucket can be configured as a static website. Amazon CloudFront is a content delivery network (CDN) that caches content at Edge Locations around the world.

These two services can work together with an S3 bucket configured as an origin for the CloudFront distribution. Users around the world will then be able to pull the content from the local Edge Location with lower latency and better performance.

Answer 66

A

Amazon SageMaker

Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. Amazon SageMaker removes all the barriers that typically slow down developers who want to use machine learning.

Answer 67

A

Operational excellence, security, and reliability

Performance efficiency, sustainability, and cost optimization

Answer 68

A

Continuous scaling (scale out)
No servers to manage

With AWS Lambda you don’t have any servers to manage (serverless). Lambda functions scale out rather than up running multiple invocations of the function in parallel.

Answer 69

A

It is easier to manage IAM roles
More secure than storing access keys within applications

Answer 70

A

Installing firmware updates on host servers

Answer 71

A

Replace an EC2 compute instance with AWS Lambda

Where possible, you should replace EC2 workloads with AWS managed services that don’t require you to take any capacity decisions. AWS Lambda is a serverless services and you only pay for actual processing time. Other examples of services that you don’t need to make capacity decisions with include: ELB, CloudFront, SQS, Kinesis Firehose, SES, and CloudSearch.

Answer 72

A

ARNs
Elastic IP addresses

Elastic IP addresses can be easily remapped between EC2 instances in the event of a failure. Amazon Machine Images (AMIs) can be used to quickly launch replacement instances when there is a failureAmazon Resource Names (ARNs), tags and block device mappings don’t really help with fault tolerance

Brainscape's Knowledge GenomeTM

Aws Practice 5 Flashcards

Brainscape's Knowledge Genome^TM