AWS Practice Exam 6

Question 1

Which of the following are examples of horizontal scaling? (Select TWO.)

Add more CPU/RAM to existing instances as demand increases
Automatic scaling using services such as AWS Auto Scaling
Requires a restart to scale up or down
Scalability is limited by maximum instance size
Add more instances as demand increases

Answer 1

Automatic scaling using services such as AWS Auto Scaling
Add more instances as demand increases

With horizontal scaling you add more instances to a fleet of instances to service demand as it increases. This can be achieved automatically by using AWS Auto Scaling to add instances in response to CloudWatch performance metrics.

With vertical scaling you are adding CPU, RAM or storage to an existing instance. This may involve modifying the instance type which typically requires a restart. With vertical scaling on AWS scalability is limited by the maximum instance size.

Question 2

According to the AWS Well-Architected Framework, what change management steps should be taken to achieve reliability in the AWS Cloud? (Select TWO.)

Use Amazon GuardDuty to record API activity to an S3 bucket
Use AWS CloudTrail to record AWS API calls into an auditable log file
Use service limits to prevent users from creating or making changes to AWS resources
Use AWS Certificate Manager to create a catalog of approved services
Use AWS Config to generate an inventory of AWS resources

Answer 2

Use AWS CloudTrail to record AWS API calls into an auditable log file
Use AWS Config to generate an inventory of AWS resources

AWS Config can be used to track the configuration state of your resources and how the state has changed over time. With CloudTrail you can audit who made what API calls on what resources at what time. This can help with identifying changes that cause reliability issues.

Question 3

The AWS Cost Management tools give users the ability to do which of the following? (Select TWO.)

Create budgets and receive notifications if current or forecasted usage exceeds the budgets
Break down AWS costs by day, service, and linked AWS account
Switch automatically to Reserved Instances or Spot Instances, whichever is most cost-effective
Terminate any AWS resource automatically if budget thresholds are exceeded
Move data stored in Amazon S3 to a more cost-effective storage class

Answer 3

Create budgets and receive notifications if current or forecasted usage exceeds the budgets
Break down AWS costs by day, service, and linked AWS account

AWS has a set of solutions to help you with cost management and optimization. This includes services, tools, and resources to organize and track cost and usage data, enhance control through consolidated billing and access permission, enable better planning through budgeting and forecasts, and further lower cost with resources and pricing optimizations.

However, these tools do not terminate all resources, manipulate resources, or make changes to pricing models. It is however possible to terminate some resources using AWS Budgets Actions.

Question 4

A web application running on AWS has been received malicious requests from the same set of IP addresses.

Which AWS service can help secure the application and block the malicious traffic?

AWS IAM
AWS WAF
Amazon GuardDuty
Amazon SNS

Answer 4

AWS WAF

The AWS Web Application Firewall (WAF) is used to protect web applications or APIs against common web exploits. Rules can be created that block traffic based on source IP address.

Question 5

Under the AWS shared responsibility model, which of the following are customer responsibilities? (Select TWO.)

Setting up server-side encryption on an Amazon S3 bucket
Network and firewall configurations
Physical security of data center facilities
Amazon RDS instance patching
Compute capacity availability

Answer 5

Setting up server-side encryption on an Amazon S3 bucket
Network and firewall configurations

As a customer on AWS you take responsibility for encrypting data. This includes encrypting data at rest and data in transit. Another security responsibility the customer owns is setting network and firewall configurations. For instance, you must configure Network ACLs and Security Groups, and any operating system-level firewalls on your EC2 instances.

Question 6

What methods are available for scaling an Amazon RDS database? (Select TWO.)

You can scale up automatically using AWS Auto Scaling
You can scale out by implementing Elastic Load Balancing
You can scale up by moving to a larger instance size
You can scale out automatically with EC2 Auto Scaling
You can scale up by increasing storage capacity

Answer 6

You can scale up by moving to a larger instance size
You can scale up by increasing storage capacity

To handle a higher load in your database, you can vertically scale up your master database with a simple push of a button. There are currently over 18 instance sizes that you can choose from when resizing your RDS MySQL, PostgreSQL, MariaDB, Oracle, or Microsoft SQL Server instance.

For Amazon Aurora, you have 5 memory-optimized instance sizes to choose from. The wide selection of instance types allows you to choose the best resource and cost for your database server.

In addition to scaling your master database vertically, you can also improve the performance of a read-heavy database by using read replicas to horizontally scale your database. RDS MySQL, PostgreSQL, and MariaDB can have up to 5 read replicas, and Amazon Aurora can have up to 15 read replicas

Question 7

Which feature of Amazon S3 enables you to create rules to control the transfer of objects between different storage classes?

Versioning
Bucket policies
Lifecycle management
Object sharing

Answer 7

Lifecycle management

To manage your objects so that they are stored cost effectively throughout their lifecycle, configure their Amazon S3 Lifecycle. An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. There are two types of actions:

Transition actions—Define when objects transition to another storage class. For example, you might choose to transition objects to the S3 Standard-IA storage class 30 days after you created them, or archive objects to the S3 Glacier storage class one year after creating them.

Expiration actions—Define when objects expire. Amazon S3 deletes expired objects on your behalf. The lifecycle expiration costs depend on when you choose to expire objects.

Question 8

What is the easiest way to store a backup of an EBS volume on Amazon S3?

Write a custom script to copy the data into a bucket
Use S3 lifecycle actions to backup the volume
Create a snapshot of the volume
Use Amazon Kinesis to process the data and store the results in S3

Answer 8

Create a snapshot of the volume

You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved.

Question 9

Which AWS technology can be referred to as a “virtual hard disk in the cloud”?

Amazon EFS Filesystem
Amazon S3 Bucket
Amazon ENI
Amazon EBS volume

Answer 9

Amazon EBS volume

An Amazon Elastic Block Store (EBS) volume is often described as a “virtual hard disk in the cloud”. EBS volumes are block-level storage volumes that are attached to EC2 instances much as you would attach a virtual hard disk to a virtual machine in a virtual infrastructure.

Question 10

Which AWS Glacier data access option retrieves data from an archive in 1-5 minutes?

Accelerated
Express
Expedited
Standard

Answer 10

Expedited

Expedited retrievals allow you to quickly access your data when occasional urgent requests for a subset of archives are required. For all but the largest archives (250 MB+), data accessed using Expedited retrievals are typically made available within 1–5 minutes.

Question 11

You are evaluating AWS services that can assist with creating scalable application environments. Which of the statements below best describes the Elastic Load Balancer service?

Helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application
A highly available and scalable Domain Name System (DNS) service
Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses
A network service that provides an alternative to using the Internet to connect customers’ on-premise sites to AWS

Answer 11

Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses

Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses

Question 12

What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions?

Use AWS Direct Connect
Use AWS VPN
Use AWS Client VPN
Use an AWS Transit Gateway

Answer 12

Use an AWS Transit Gateway

AWS Transit Gateway is a service that enables customers to connect their Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway.

Question 13

Your manager has asked you to explain the benefits of using IAM groups. Which of the below statements are valid benefits? (Select TWO.)

You can restrict access to the subnets in your VPC
Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users
Provide the ability to create custom permission policies
Enables you to attach IAM permission policies to more than one user at a time
Provide the ability to nest groups to create an organizational hierarchy

Answer 13

Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users
Enables you to attach IAM permission policies to more than one user at a time

Question 14

Which service allows you to monitor and troubleshoot systems using system and application log files generated by those systems?

CloudTrail Logs
CloudWatch Metrics
CloudTrail Metrics
CloudWatch Logs

Answer 14

CloudWatch Logs

Question 15

You need to connect your company’s on-premise network into AWS and would like to establish an AWS managed VPN service. Which of the following configuration items needs to be setup on the Amazon VPC side of the connection?

A Network Address Translation device
A Firewall
A Customer Gateway
A Virtual Private Gateway

Answer 15

A Virtual Private Gateway

Question 16

A Cloud Practitioner is creating the business process workflows associated with an order fulfilment system. Which AWS service can assist with coordinating tasks across distributed application components?

AWS STS
Amazon SQS
Amazon SWF
Amazon SNS

Answer 16

Amazon Simple Workflow Service

Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks.

Question 17

To reduce cost, which of the following services support reservations? (Select TWO.)

Amazon ElastiCache
AWS Elastic Beanstalk
Amazon CloudFormation
Amazon RedShift
Amazon S3

Answer 17

Amazon ElastiCache
Amazon RedShift

Amazon ElastiCache and Amazon Redshift both support reserved nodes. Reservations can be used to gain a large discount from the on-demand rate in exchange for the commitment to a contract for 1 or 3 years.

Question 18

Which AWS service can serve a static website?

Amazon QuickSight
Amazon Route 53
AWS X-Ray
Amazon S3

Answer 18

Amazon S3

You can use Amazon S3 to host a static website. On a static website, individual webpages include static content. They might also contain client-side scripts.

To host a static website on Amazon S3, you configure an Amazon S3 bucket for website hosting and then upload your website content to the bucket. When you configure a bucket as a static website, you must enable website hosting, set permissions, and create and add an index document. Depending on your website requirements, you can also configure redirects, web traffic logging, and a custom error document.

Question 19

Which of the following are NOT features of AWS IAM? (Select TWO.)

Shared access to your AWS account
Logon using local user accounts
Charged for what you use
Identity federation
PCI DSS compliance

Answer 19

Logon using local user accounts
Charged for what you use

You cannot use IAM to create local user accounts on any system. You are also not charged for what you use, IAM is free to use

Question 20

Which type of AWS database is ideally suited to analytics using SQL queries?

Amazon S3
Amazon RDS
Amazon RedShift
Amazon DynamoDB

Answer 20

Amazon Redshift is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and existing Business Intelligence (BI) tools. RedShift is a SQL based data warehouse used for analytics applications.

Question 21

How can a company configure automatic, asynchronous copying of objects in Amazon S3 buckets across regions?

This is done by default by AWS
By configuring multi-master replication
Using cross-region replication
Using lifecycle actions

Answer 21

Using cross-region replication

Cross-region replication (CRR) enables automatic, asynchronous copying of objects across buckets in different AWS Regions. Buckets configured for cross-region replication can be owned by the same AWS account or by different account

Question 22

Which AWS service or feature helps restrict the AWS service, resources, and individual API actions the users and roles in each member account can access?

AWS Shield
AWS Organizations
Amazon Cognito
AWS Firewall Manager

Answer 22

AWS Organizations

AWS Organizations offers the following policy types:

Service control policies (SCPs) offer central control over the maximum available permissions for all of the accounts in your organization.

Tag policies help you standardize tags across resources in your organization’s accounts.

Question 23

How can a systems administrator specify a script to be run on an EC2 instance during launch?

Run Command
AWS Config
User Data
Metadata

Answer 23

User Data

When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts.

You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives. User data is data that is supplied by the user at instance launch in the form of a script. User data is limited to 16KB. User data and meta data are not encrypted.

Question 24

Which AWS service is designed to be used for operational analytics?

Amazon Athena
Amazon Elasticsearch Service
Amazon EMR
Amazon QuickSight

Answer 24

Amazon Elasticsearch Service

Amazon Elasticsearch Service is involved with operational analytics such as application monitoring, log analytics and clickstream analytics. Amazon Elasticsearch Service allows you to search, explore, filter, aggregate, and visualize your data in near real-time.

Question 25

Which of the authentication options below can be used to authenticate using AWS APIs? (Select TWO.)

Server passwords
Security groups
Key pairs
Access keys
Server certificates

Answer 25

Access keys
Server certificates

Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).

Question 25

Which of the authentication options below can be used to authenticate using AWS APIs? (Select TWO.)

Server passwords
Security groups
Key pairs
Access keys
Server certificates

Answer 25

Access keys
Server certificates

Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).