AWS Practice Exam 5 Flashcards
Assuming you have configured them correctly, which AWS services can scale automatically without intervention? (Select TWO.)
Amazon DynamoDB
Amazon EBS
Amazon S3
Amazon EC2
Amazon RDS
Amazon DynamoDB
Amazon S3
Both S3 and DynamoDB automatically scale as demand dictates. In the case of DynamoDB you can either configure the on-demand or provisioned capacity mode. With on-demand capacity mode DynamoDB automatically adjusts the read and write throughput for you.
EBS and RDS do not scale automatically. You must intervene to adjust volume sizes and database instance types to scale these resources
EC2 cannot scale automatically. You need to use Auto Scaling to scale the number of EC2 instances deployed.
Which AWS feature of Amazon EC2 allows an administrator to create a standardized image that can be used for launching new instances?
Amazon Golden Image
Amazon Block Template
Amazon Machine Image
Amazon EBS Mount Point
Amazon Machine Image
An Amazon Machine Image (AMI) provides the information required to launch an instance. You can use an AMI to launch identical instances from a standard template. This is also known as a Golden Image (though no such feature exists in AWS with this name). An AMI is created from an EBS snapshot and also includes launch permissions and a block device mapping.
Which AWS services form the app-facing services of the AWS serverless infrastructure? (Select TWO.)
AWS Step Functions
Amazon DynamoDB
AWS Lambda
Amazon API Gateway
Amazon EFS
AWS Lambda
Amazon API Gateway
AWS Lambda and Amazon API Gateway are both app-facing components of the AWS Serverless infrastructure
“AWS Step Functions” is incorrect. This is a serverless orchestration service.
“Amazon DynamoDB” is incorrect. Amazon DynamoDB is a serverless database service. Databases are backend, not app-facing.
“Amazon EFS” is incorrect. EFS is a filesystem. Typically, EFS is mounted by Amazon EC2 instances.
What is the relationship between subnets and availability zones?
You can create one or more subnets within each availability zone
Subnets span across multiple availability zones
Subnets contain one or more availability zones
You can create one subnet per availability zone
You can create one or more subnets within each availability zone
You can create one or more subnets within each availability zone but subnets cannot span across availability zones.
What is the name of the AWS managed Docker registry service used by the Amazon Elastic Container Service (ECS)?
Elastic Container Registry
Docker Image Repository
ECS Container Registry
Docker Container Registry
Elastic Container Registry
Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.
Amazon ECR is integrated with Amazon Elastic Container Service (ECS). Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure.
What are two benefits of using AWS Lambda? (Select TWO.)
Continuous scaling (scale out)
Flexible operating system choices
Open source software
Integrated snapshots
No servers to manage
Continuous scaling (scale out)
No servers to manage
With AWS Lambda you don’t have any servers to manage (serverless). Lambda functions scale out rather than up running multiple invocations of the function in parallel.
What is an Edge location?
A content delivery network (CDN) endpoint for CloudFront
A public endpoint for Amazon S3
A VPC peering connection endpoint
A virtual private gateway for VPN
A content delivery network (CDN) endpoint for CloudFront
Edge locations are Content Delivery Network (CDN) endpoints for CloudFront. There are many more edge locations than regions.
Under the AWS Shared Responsibility Model, which of the following is the customer NOT responsible for?
Adding firewall rules to security groups and network ACLs
Applying encryption to data stored on an EBS volume
Applying bucket policies to share Amazon S3 data
Installing firmware updates on host servers
Installing firmware updates on host servers
Which of the following are advantages of using the AWS cloud computing over legacy IT? (Select TWO.)
You are able to pass responsibility for the availability of your application to AWS
You don’t need to worry about over provisioning as you can elastically scale
You don’t need to patch your operating systems
You can bring new applications to market faster
You can bring services closer to your end users
-You don’t need to worry about over provisioning as you can elastically scale
-You can bring new applications to market faster
Which service can you use to monitor, store and access log files generated by EC2 instances and on-premises servers?
Amazon Kinesis
Amazon CloudWatch Logs
AWS OpsWorks
AWS CloudTrail
Amazon CloudWatch Logs
You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources. You can then retrieve the associated log data from CloudWatch Logs.
Amazon Kinesis is a set of services used for collecting, processing and analyzing streaming data.
OpsWorks is a configuration management service.
AWS CloudTrail is used for recording a history of API actions taken on your account.
Which of the following constitute the six pillars for the AWS Well-Architected Framework? (Select TWO.)
Operational excellence, elasticity and scalability
Operational excellence, security, and reliability
Cost prioritization, and cost optimization
Data consistency, and cost optimization
Performance efficiency, sustainability, and cost optimization
Operational excellence, security, and reliability
Performance efficiency, sustainability, and cost optimization
- QUESTION
A cloud practitioner needs to decrease application latency and increase performance for globally distributed users.
Which services can assist? (Select TWO.)
Amazon ElastiCache
Amazon CloudFront
Amazon ECS
Amazon S3
Amazon AppStream 2.0
Amazon CloudFront
Amazon S3
Amazon S3 is an object-based storage system. It can be used to store data such as files and images that need to be served. Optionally, an S3 bucket can be configured as a static website. Amazon CloudFront is a content delivery network (CDN) that caches content at Edge Locations around the world.
These two services can work together with an S3 bucket configured as an origin for the CloudFront distribution. Users around the world will then be able to pull the content from the local Edge Location with lower latency and better performance.
What feature of Amazon S3 enables you to set rules to automatically transfer objects between different storage classes at defined time intervals?
Auto Lifecycle Scaling
S3 Archiving
Object Lifecycle Management
Elastic Data Management
Object Lifecycle Management
Which of the following statements is correct about Amazon S3 cross-region replication?
Both source and destination S3 buckets must have versioning disabled
The source and destination S3 buckets cannot be in different AWS Regions
S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts
The source S3 bucket owner must have the source and destination AWS Regions disabled for their account
S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts
Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can copy objects between different AWS Regions or within the same Region.
Both source and destination buckets must have versioning enabled. The source bucket owner must have the source and destination AWS Regions enabled for their account. The destination bucket owner must have the destination Region-enabled for their account.
A company needs protection from distributed denial of service (DDoS) attacks on its website and assistance from AWS experts during such events.
Which AWS managed service will meet these requirements?
AWS Firewall Manager
Amazon GuardDuty
AWS Web Application Firewall
AWS Shield Advanced
AWS Shield Advanced
AWS Shield Advanced provides enhanced detection and includes a specialized support team for customers on Enterprise or Business support plans. The AWS DDoS Response Team (DRT) are available 24/7 and can be engaged before, during, or after a DDoS attack.
Which support plan is the lowest cost option that allows unlimited cases to be open?
Basic
Developer
Business
Enterprise
Developer
With the Developer plan you can open unlimited cases. You can also open unlimited cases with the Business and Enterprise plans but these are more expensive. You cannot open any support cases with the basic support plan.
A company wants to utilize a pay as you go cloud model for all of their applications without CAPEX costs and which is highly elastic. Which cloud delivery model will suit them best?
Public
Private
Hybrid
On-premise
Public
The public cloud is offered under a purely pay as you go model (unless you choose to reserve), and allows companies to completely avoid CAPEX costs. The public cloud is also highly elastic so companies can grow and shrink the applications as demand changes.
Private and on-premise clouds are essentially the same, though both could be managed by a third party and even could be delivered under an OPEX model by some vendors. However, they are typically more CAPEX heavy and the elasticity is limited.
A hybrid model combines public and private and this company wants to go all in on a single model.
Which AWS service is part of the suite of “serverless” services and runs code as functions?
Amazon EKS
AWS Lambda
Amazon ECS
AWS CodeCommit
AWS Lambda
AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. The code you run on AWS Lambda is called a “Lambda function”.
Which of the following descriptions is incorrect in relation to the design of Availability Zones?
AZ’s have direct, low-latency, high throughput and redundant network connections between each other
Each subnet in a VPC is mapped to all AZs in the region
Each AZ is designed as an independent failure zone
AZs are physically separated within a typical metropolitan region and are located in lower risk flood plains
Each subnet in a VPC is mapped to all AZs in the region
What charges are applicable to Amazon S3 Standard storage class? (Select TWO.)
Minimum capacity charge per object
Retrieval fee
Per GB/month storage fee
Data ingress
Data egress
Per GB/month storage fee
Data egress
With the standard storage class you pay a per GB/month storage fee, and data transfer out of S3. Standard-IA and One Zone-IA have a minimum capacity charge per object. Standard-IA, One Zone-IA, and Glacier also have a retrieval fee. You don’t pay for data into S3 under any storage class.
Which AWS components aid in the construction of fault-tolerant applications? (Select TWO.)
ARNs
AMIs
Tags
Elastic IP addresses
Block device mappings
ARNs
Elastic IP addresses
Elastic IP addresses can be easily remapped between EC2 instances in the event of a failure. Amazon Machine Images (AMIs) can be used to quickly launch replacement instances when there is a failureAmazon Resource Names (ARNs), tags and block device mappings don’t really help with fault tolerance
Which type of storage stores objects comprised of key, value pairs?
Amazon S3
Amazon EBS
Amazon DynamoDB
Amazon EFS
Amazon S3
Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 is an object-based storage system that stores objects that are comprised of key, value pairs.
How can a company connect from their on-premises network to VPCs in multiple regions using private connections?
Inter-Region VPC Peering
Amazon CloudFront
AWS Direct Connect Gateway
AWS Managed VPN
AWS Direct Connect Gateway
You can use an AWS Direct Connect gateway to connect your AWS Direct Connect connection over a private virtual interface to one or more VPCs in your account that are located in the same or different Regions
AWS Managed VPN uses the public Internet and is therefore not a private connection.
Inter-Region VPC peering does not help you to connect from an on-premise network.
How can you configure Amazon Route 53 to monitor the health and performance of your application?
Using the Route 53 API
Using DNS lookups
Using CloudWatch
Using Route 53 health checks
Using Route 53 health checks
Amazon Route 53 health checks monitor the health and performance of your web applications, web servers, and other resources.
None of the other options provide a solution that can check the health and performance of an application.
What are the benefits of using IAM roles for applications that run on EC2 instances? (Select TWO.)
Role credentials are permanent
More secure than storing access keys within applications
It is easier to manage IAM roles
Easier to configure than using storing access keys within the EC2 instance
Can apply multiple roles to a single instance
More secure than storing access keys within applications
It is easier to manage IAM roles
Which type of EBS volumes can be encrypted?
Non-root volumes only
Both non-root and root volumes
Only root volumes can have encryption applied at launch time
Only non-root volumes created from snapshots
Both non-root and root volumes
Amazon EBS encryption offers a straight-forward encryption solution for your EBS resources that doesn’t require you to build, maintain, and secure your own key management infrastructure. It uses AWS Key Management Service (AWS KMS) customer master keys (CMK) when creating encrypted volumes and snapshots.
Encryption operations occur on the servers that host EC2 instances, ensuring the security of both data-at-rest and data-in-transit between an instance and its attached EBS storage.
All volumes can now be encrypted at launch time and it’s possible to set this as the default setting.
An Elastic IP Address can be remapped between EC2 instances across which boundaries?
Edge Locations
DB Subnets
Regions
Availability Zones
Availability Zones
Elastic IP addresses are for use in a specific region only and can therefore only be remapped between instances within that region. You can use Elastic IP addresses to mask the failure of an instance in one Availability Zone by rapidly remapping the address to an instance in another Availability Zone.
What information must be entered into the AWS TCO Calculator?
The number of servers in your company
The number of storage systems in your company
The number of applications in your company
The number of end users in your company
The number of servers in your company
The TCO calculator asks for the number of servers (Physical or VMs) you are running on-premises. You also need to supply the resource information (CPU, RAM) and specify whether the server is a DB or non-DB.
Use this new calculator to compare the cost of your applications in an on-premises or traditional hosting environment to AWS. Describe your on-premises or hosting environment configuration to produce a detailed cost comparison with AWS.
