AWS Practice Exam 3 Flashcards
Which Amazon EC2 pricing model is the most cost-effective for an always-up, right-sized database server running a project that will last 1 year?
-On-Demand Instances
-Standard Reserved Instances
-Convertible Reserved Instances
-Spot Instances
Standard Reserved Instances
Reserved Instances (RIs) provide you with a significant discount (up to 72%) compared to On-Demand instance pricing. Standard reserved instances offer the most cost savings. RIs are based on a 1 or 3 year contract so they are suitable for workloads that will run for the duration of the contract period.
“Convertible Reserved Instances” is incorrect. You have the flexibility to change families, OS types, and tenancies while benefitting from RI pricing when you use Convertible RIs. However, this is not required for a right-sized server.
What is a benefit of moving an on-premises database to Amazon Relational Database Service (RDS)?
-There is no need to manage operating systems
-You can run any database engine
-You can scale vertically without downtime
-There is no database administration required
There is no need to manage operating systems
With Amazon RDS, which is a managed service, you do not need to manage operating systems. This reduces operational costs.
You cannot scale vertically without downtime. When scaling with RDS you must change the instance type, and this requires a short period of downtime while the instances’ operating system reboots.
You cannot run any database engine with RDS. The options are MySQL, Microsoft SQL, MariaDB, Oracle, PostgreSQL and Aurora.
Which AWS service provides on-demand downloads of AWS security and compliance reports?
-AWS Trusted Advisor
-AWS Artifact
-AWS Directory Service
-Amazon Inspector
AWS Artifact
AWS Artifact is the go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements.
Reports available in AWS Artifact include Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls.
Which of the below is an example of an architectural benefit of moving to the cloud?
-Elasticity
-Monolithic services
-Proprietary hardware
-Vertical scalability
Elasticity
Which pillar of the AWS Well-Architected Framework includes the design principle of defining workloads, applications, and infrastructure as code (IaC)?
-Security
-Performance efficiency
-Operational excellence
-Reliability
Operational excellence
There are five design principles for operational excellence in the cloud, the first one is:
Perform operations as code: In the cloud, you can apply the same engineering discipline that you use for application code to your entire environment. You can define your entire workload (applications, infrastructure) as code and update it with code. You can implement your operations procedures as code and automate their execution by triggering them in response to events. By performing operations as code, you limit human error and enable consistent responses to events.
A new web application is being developed by a company. Logging into the application through a social identity provider is a must have requirement for the company.
Which AWS service will meet these requirements?
-AWS Directory Service.
-AWS Single Sign-On.
-Amazon Cognito.
-AWS Identity and Access Management (IAM).
Amazon Cognito.
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 and OpenID Connect.
What are the benefits of using Amazon Rekognition with image files?
-Can help with image compression
-Can be used to transcode audio
-Can be used to identify objects in an image
-Can be used to resize images
Can be used to identify objects in an image
Rekognition Image is a deep learning powered image recognition service that detects objects, scenes, and faces; extracts text; recognizes celebrities; and identifies inappropriate content in images. It also allows you to search and compare
You should use the Elastic Transcoder service to transcode audio.
Which AWS services are associated with Edge Locations? (Select TWO.)
-Amazon CloudFront
-Amazon EBS
-AWS Config
-AWS Direct Connect
-AWS Shield
-Amazon CloudFront
-AWS Shield
Edge Locations are parts of the Amazon CloudFront content delivery network (CDN) that are all around the world and are used to get content closer to end-users for better performance.
AWS Shield which protects against Distributed Denial of Service (DDoS) attacks is available globally on Amazon CloudFront Edge Locations.
How can a user block a suspicious IP address from connecting to an Amazon EC2 instance?
-Block the IP on the inbound rule of a network ACL.
-Block the IP on the outbound rule of a security group.
-Block the IP on the inbound rule of a security group and network ACL.
-Block the IP on the outbound rule of a security group and network ACL.
Block the IP on the inbound rule of a network ACL.
With a Network ACL you can block a specific IP address that would be coming inbound into your subnet. This would prevent a specific IP from gaining access if you suspected them of being a bad actor.
The table below shows the key differences between Network ACLs and Security Groups:
Which AWS services can be used as infrastructure automation tools? (Select TWO.)
-AWS OpsWorks
-Amazon CloudFront
-Amazon QuickSight
-AWS CloudFormation
-AWS Batch
-AWS OpsWorks
-AWS CloudFormation
AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.
AWS Global Infrastructure consists of which of the following components?
-AWS Regions
-AWS Organizations
-Amazon Alexa
-Amazon LightSail
AWS Regions
AWS has the concept of a Region, which is a physical location around the world where we cluster Availability Zones. Each AWS Region consists of multiple, isolated, and physically separate AZs within a geographic area. This is a key part of the AWS Global Infrastructure.
Amazon LightSail is a virtual private server (VPS) provider and is the easiest way to get started with AWS for developers, small businesses, students, and other users who need a solution to build and host their applications on cloud. Amazon LightSail is not part of the AWS Global Infrastructure.
What is a specific benefit of an Enterprise Support plan?
-Included Technical Support Manager
-Included AWS Solutions Architect
-Included Cloud Support Associate
-Included Technical Account Manager
-Included Technical Account Manager
Only the Enterprise Support plan gets a Technical Account Manager (TAM).
You do not get an AWS Solutions Architect with any plan.
Cloud Support Associates are provided in the Developer plan.
There’s no such thing as a Technical Support Manager in the AWS support plans.
An Amazon EC2 instance running the Amazon Linux 2 AMI is billed in what increment?
-Per CPU
-Per hour
-Per GB
-Per second
Per second
Amazon EC2 instances running Linux are billed in one second increments, with a minimum of 60 seconds.
You have been running an on-demand Amazon EC2 instance running Linux for 4hrs, 5 minutes and 6 seconds. How much time will you be billed for?
-4hrs, 6mins
-5hrs
-4hrs
-4hrs, 5mins, and 6 seconds
On-demand, Reserved and Spot Amazon EC2 Linux instances are charged per second with a minimum charge of 1 minute. Therefore, as the minimum has been exceeded, exactly 4hrs, 5mins and 6 seconds will be charged.
What AWS service decouples application components so that they can run independently?
-Amazon Simple Queue Service (Amazon SQS)
-AWS Glue
-Amazon Simple Workflow Service (Amazon SWF)
-Amazon Simple Notification Service (Amazon SNS)
Amazon Simple Queue Service (Amazon SQS)
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware and empowers developers to focus on differentiating work.
Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps, and is a fully managed state tracker and task coordinator in the Cloud.
Amazon Simple Notification Service (Amazon SNS) is a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication and does not directly decouple application components.
AWS Glue is a serverless data integration service that makes it easy to discover, prepare, and combine data for analytics, machine learning, and application development, and does not decouple your architecture.
A company has a mission critical Linux-based application. The application must run every Monday from 6 AM until 10pm. As the application is critical, it cannot be interrupted.
Which Amazon EC2 instance purchasing option meets these requirements MOST cost-effectively?
-Regional Reserved Instances
-Spot Instances
-On-Demand Capacity Reservation with Savings Plan
-Dedicated Hosts
On-Demand Capacity Reservation with Savings Plan is ideal in this scenario as the application will have predictable running times (every Monday from 6am till 10pm). It is also mission critical, so reserving the capacity within an Availability Zone using On-Demand Capacity Reservation with Savings Plan makes perfect sense. The savings plans will also make this application cost-effective whilst still maintaining the guaranteed availability that you cannot get with spot instances.
“Regional Reserved Instances” is incorrect because it does not give you the guaranteed service availability that On Demand Capacity reservations have, therefore it is wrong.
Which AWS tools can be used for automation? (Select TWO.)
-AWS Elastic Beanstalk
-Elastic Load Balancing
-AWS CloudFormation
-Amazon Elastic File System (EFS)
-AWS Lambda
-AWS Elastic Beanstalk
-AWS CloudFormation
AWS Elastic Beanstalk and AWS CloudFormation are both examples of automation. Beanstalk is a platform service that leverages the automation capabilities of CloudFormation to build out application architectures.
Elastic Load Balancing (ELB) is used for distributing incoming connections to Amazon EC2 instances.
A manager is planning to migrate applications to the AWS Cloud and needs to obtain AWS compliance reports.
How can these reports be generated?
-Contact the AWS Compliance team.
-Download the reports from AWS Secrets Manager.
-Create a support ticket with AWS Support.
-Download the reports from AWS Artifact.
Download the reports from AWS Artifact.
Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).
AWS Secrets Manager is used for storing secrets such as database authentication credentials or license codes. It is not used for storing compliance reports.
An organization is considering implementing a new workload in the AWS Cloud. However, the company first wants to forecast costs.
Which tool should the company use to estimate the cost of the workload?
-Cost Explorer.
-AWS Billing and Cost Management dashboard.
-AWS Pricing Calculator.
-AWS Cost and Usage Report.
AWS Pricing Calculator.
AWS Pricing Calculator is a web-based planning tool that you can use to create estimates for your AWS use cases. You can use it to model your solutions before building them, explore the AWS service price points, and review the calculations behind your estimates. You can use it to help you plan how you spend, find cost saving opportunities, and make informed decisions when using Amazon Web Services.
AWS Cost Explorer is a way to visualize your current spend across your accounts, and to forecast future spend. It does not help create estimates of how much money you would spend through building on the AWS platform.
The AWS Cost and Usage Reports (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use Cost and Usage Reports to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own and doesn’t show costs for new workloads.
Which of the following are advantages of the AWS Cloud? (Select TWO.)
-Overprovision to ensure capacity.
-Launch globally in minutes.
-Focus on managing hardware infrastructure.
-Trade variable expenses for capital expenses.
-High economies of scale.
-Launch globally in minutes.
-High economies of scale.
Economies of scales refers to the fact that because AWS has a global customer base, they can afford to sell much cheaper to any one customer. This is a benefit of being on the cloud and the customer number keeps increasing, and the price keeps going down as a result.
Also as AWS have Regions placed all over the globe, there is a large degree of choice you have in where your applications are launched. In a traditional IT environment this would have been a big problem, and it would have been a logistical nightmare launching an application across multiple Regions.
A user needs a quick way to determine if any Amazon EC2 instances have ports that allow unrestricted access.
Which AWS service will support this requirement?
-VPC Flow Logs
-AWS Shield
-AWS Trusted Advisor
-AWS CloudWatch Logs
AWS Trusted Advisor
Access to the ports on an Amazon EC2 instance is controlled through security groups. AWS Trusted Advisor scans the security groups in your account to see if any security groups allow unrestricted access to any ports. This information is then presented to you in the console and you can then act on this information to secure the ports through editing the rules in the security group.
VPC Flow Logs capture information about the IP traffic going to and from network interfaces in your VPC.
CloudWatch Logs captures logging information from applications and AWS services.
An IT company has deployed its infrastructure on the AWS cloud. There must be a database that supports reads with a latency of under a millisecond for critical applications.
Which AWS service will meet this requirement?
-AWS Glue
-Amazon ElastiCache
-Amazon RDS
-Amazon EMR
Amazon ElastiCache
Amazon ElastiCache s is a blazing fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications. Built on open-source Redis or Memcached, ElastiCache works seamlessly with Redis or Memcached without any code changes.
AWS Glue is an event-driven, serverless computing platform.
Whilst RDS is a database solution, it cannot handle single millisecond queries.
Amazon EMR is a cloud big data platform that can be queried using SQL.
After an organization has migrated several servers into AWS, they are unsure as to what they must directly manage themselves.
Which cost is the company’s direct responsibility?
-Cost of application software licenses.
-Cost of the hardware infrastructure on AWS.
-Cost of physical security for the AWS data center.
-Cost of power for the AWS servers.
Cost of application software licenses.
Under the AWS shared responsibility model, which of the following is an example of security in the AWS Cloud?
-Global infrastructure
-Firewall configuration
-Physical security
-Managing edge locations
Firewall configuration
