AWS Service

Question 1

Amazon RDS for SQL Server?

Answer 1

Amazon RDS for SQL Server is a fully managed SQL database service which you can migrate your on-premises database into. You do not need to refactor or change your on-premises database and you can perform homogeneous migrations with ease.

Question 2

AWS Global Accelerator?

Answer 2

AWS Global Accelerator is a service that improves the availability and performance of applications with local or global users.

It provides static IP addresses that act as a fixed entry point to application endpoints in a single or multiple AWS Regions, such as Application Load Balancers, Network Load Balancers or EC2 instances.

Uses the AWS global network to optimize the path from users to applications, improving the performance of TCP and UDP traffic.

Question 3

CloudWatch Logs Insights?

Answer 3

CloudWatch Logs Insights enables you to interactively search and analyze your log data in Amazon CloudWatch Logs. You can perform queries to help you more efficiently and effectively respond to operational issues. If an issue occurs, you can use CloudWatch Logs Insights to identify potential causes and validate deployed fixes.

Question 4

AWS Organizations?

Answer 4

AWS Organizations offers the following policy types:

Service control policies (SCPs) offer central control over the maximum available permissions for all of the accounts in your organization.

Tag policies help you standardize tags across resources in your organization’s accounts.

SCPs are used to restrict access within member accounts. For instance you can create an SCP that restricts a specific API action such as deploying a particular Amazon EC2 instance type. The policy would then prevent anyone, including administrators, from being able to launch EC2 instances using that instance type.

Question 5

AWS CloudFormation?

Answer 5

AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment.

CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.

Question 6

AWS Elastic Beanstalk?

Answer 6

AWS Elastic Beanstalk is used for running applications in a managed environment.

Question 7

AWS Direct Connect?

Answer 7

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.

Question 8

CloudFront?

Answer 8

CloudFront is a content delivery network (CDN) that allows you to store (cache) your content at “edge locations” located around the world. This allows customers to access content more quickly and provides security against DDoS attacks. CloudFront can be used for data, videos, applications, and APIs.

Question 9

Internet gateway:

Answer 9

An Internet gateway is attached to a VPC and allows inbound traffic from the internet to access the VPC. It is also used as a target in route tables for outbound internet traffic.

Question 10

AWS Step Functions?

Answer 10

AWS Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. AWS Step Functions lets you build visual workflows that enable fast translation of business requirements into technical requirements.

Question 11

Amazon SWF:

Answer 11

Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps. SWF is not a visual workflow tool.

Question 12

SNS:

Answer 12

Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service.

Question 13

NAT instances:

Answer 13

NAT instances are not used for VPN, they are used by EC2 instances in private subnets to access the Internet.

Question 14

Amazon Glacier:

Answer 14

Amazon Glacier is an archival storage service provided by Amazon Web Services (AWS). It is designed for long-term data archival and storage at a very low cost. Glacier is suitable for data that is infrequently accessed and for which retrieval times of several hours are acceptable.

Question 15

Amazon CloudWatch:

Answer 15

Amazon CloudWatch is a performance monitoring tool that receives metrics from AWS services. This data can be used for monitoring the operational health of resources as well as being used to optimize costs through ensuring systems are right-sized and just enough capacity is provisioned.

Question 16

AWS Control Tower:

Answer 16

AWS Control Tower is a service that is intended for organizations with multiple accounts and teams who are looking for the easiest way to set up their new multi-account AWS environment and govern at scale

Question 17

Inspector:

Answer 17

Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Inspector automatically assesses applications for vulnerabilities or deviations from best practices. Inspector uses an agent installed on EC2 instances.

Question 18

Trusted Advisor:

Answer 18

Trusted Advisor is an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. Trusted Advisor provides real time guidance to help you provision your resources following AWS best practices. Offers a Service Limits check (in the Performance category) that displays your usage and limits for some aspects of some services.

Question 19

AWS Personal Health Dashboard:

Answer 19

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you.

Question 20

AWS TCO calculator:

Answer 20

The AWS TCO calculator can be used to compare the cost of running your applications in an on-premises or colocation environment to AWS.

Question 21

Amazon DynamoDB Accelerator (DAX):

Answer 21

Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second.

DAX does all the heavy lifting required to add in-memory acceleration to your DynamoDB tables, without requiring developers to manage cache invalidation, data population, or cluster management.

Question 22

AWS Site-to-Site VPN

Answer 22

By default, instances that you launch into an Amazon VPC can’t communicate with your own (remote) network. You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection.

Although the term VPN connection is a general term, in this documentation, a VPN connection refers to the connection between your VPC and your own on-premises network. Site-to-Site VPN supports Internet Protocol security (IPsec) VPN connections.

Question 23

Route 53:

Answer 23

Route 53 is a highly available and scalable DNS web service. The three main functions of Route 53 are registering domain names, routing internet traffic to the resources for your domain, and checking the health of those resources. Route 53 can direct traffic to S3 buckets. But because the question describes only one S3 bucket, Route 53 would have only one potential route and could not reduce latency.

Question 24

Amazon Transcribe:

Answer 24

Amazon Transcribe is a service that uses machine learning to convert audio data to text. Amazon Transcribe is not a text-to-speech conversion service.

Question 25

Amazon Polly:

Answer 25

Amazon Polly is a machine learning service that converts text to speech. This service provides the ability to read text out loud.

Question 26

Amazon Textract:

Answer 26

Amazon Textract is a machine learning service that can extract text from scanned documents. Amazon Textract is not a text-to-speech conversion service.

Question 27

AWS CodeBuild:

Answer 27

CodeBuild is a service that helps users to automatically compile source code, run unit tests, and produce software packages that are ready for deployment. CodeBuild is not a code management service.

Question 28

AWS CodePipeline:

Answer 28

CodePipeline is a service that manages the movement of code between the individual services. CodePipeline is not a source code storage service.

Question 29

AWS CodeCommit

Answer 29

AWS is a source code version control service. CodeCommit helps users store and manage developers’ source code in AWS.

Question 30

AWS CodeArtifact:

Answer 30

CodeArtifact is a managed artifact repository service that stores and shares software that is ready for deployment. CodeArtifact is not a source code management service.

Question 31

Amazon FSx for Windows File Server:

Answer 31

Amazon FSx for Windows File Server provides fully managed Microsoft Windows file servers, backed by a fully native Windows file system. Amazon FSx supports a broad set of enterprise Windows workloads with fully managed file storage built on Microsoft Windows Server. Amazon FSx has native support for Windows file system features and for the industry-standard Server Message Block (SMB) protocol to access file storage over a network.

Question 32

When storing passwords on AWS, what is the MOST secure method?

AWS Secrets Manager?

Answer 32

AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text.

Question 33

AWS CloudHSM?

Answer 33

AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud

Question 34

What is the benefit of using fully managed services compared to deploying 3rd party software on EC2?

Answer 34

Reduced operational overhead.

Fully managed services reduce your operational overhead as AWS manage not just the infrastructure layer but the service layers above it. Examples are Amazon Aurora and Amazon ElastiCache where the database is managed for you.

Question 35

In order to perform analytical tasks, a company needs a data warehouse. Standard SQL queries must be supported by the data warehouse.

Which AWS service meets these requirements?

Answer 35

Amazon Redshift uses SQL to analyze structured and semi-structured data across data warehouses, operational databases, and data lakes, using AWS-designed hardware and machine learning to deliver the best price performance at any scale.

Data warehouses are built on databases designed for online analytics processing (OLAP) use cases.

Question 36

Amazon EMR?

Answer 36

Amazon EMR is a cloud big data platform for running large-scale distributed data processing jobs, interactive SQL queries, and machine learning (ML) applications using open-source analytics frameworks such as Apache Spark, Apache Hive, and Presto.

Question 37

AWS Config?

Answer 37

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. It does not detect threats.

Question 38

Which tool can be used to create alerts when the actual or forecasted cost of AWS services exceed a certain threshold?

Answer 38

AWS Budgets

Question 39

Which aspects of security on AWS are customer responsibilities?

Answer 39

• Server-side encryption
• Setting up account password policies

AWS are responsible for the “security of the cloud”. This includes protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

The customer is responsible for “security in the cloud”. Customer responsibility depends on the service consumed but includes aspects such as Identity and Access Management (includes password policies), encryption of data, protection of network traffic, and operating system, network and firewall configuration.

Question 40

Amazon Athena?

Answer 40

Amazon Athena is a serverless, interactive analytics service built on open-source frameworks, supporting open-table and file formats. Athena provides a simplified, flexible way to analyze petabytes of data where it lives. Analyze data or build applications from an Amazon Simple Storage Service (S3) data lake and 30 data sources, including on-premises data sources or other cloud systems using SQL or Python. Athena is built on open-source Trio and Presto engines and Apache Spark frameworks, with no provisioning or configuration effort required.

Answer 42

Provides data for financial reporting, budgeting, and cost allocation.
Suitable for organizations with complex cost structures and specific reporting needs.

Question 43

AWS Pricing Calculator:

Answer 43

Used for high-level cost estimation and planning.
Helps users quickly assess the cost impact of different service configurations.
Ideal for users who want a quick estimate before deploying resources.