AWSBoy Cloud Practitioner Exam 2

Question 1

Why does it take between 24 to 48 hours for changes made to a hosted zone in Amazon Route53 to reflect globally?

A. AWS Name Servers need between 24 to 48 hours to create record sets, update their respective values and process changes.

B. DNS resolvers around the world can only reflect the changes in their cache after the Time To Live (TTL) has expired, it is 24 hours by default.

C. AWS Name Servers around the world update their cache in tandem, it takes between 24 hours to 48 hours for the process to complete.

D. If changes to the hosted zone are made in the same AWS Region as the DNS resolver, it can take between 6 to 12 hours.

Answer 1

B. DNS resolvers around the world can only reflect the changes in their cache after the Time To Live (TTL) has expired, it is 24 hours by default.

Generally, DNS resolvers query for changes every 86400 seconds, which means DNS resolver cache is stagnant for up to 24 hours. This can be changed, but the widely accepted time is 24 hours.

Question 2

Which of the following can be attached to EC2 Instances to store data?

A. Amazon Glacier
B. Amazon EBS Volumes
C. Amazon EBS Snapshots
D. Amazon SQS

Answer 2

B. Amazon EBS Volumes

An Amazon EBS volume is a durable, block-level storage device that you can attach to a single EC2 instance. You can use EBS volumes as primary storage for data that requires frequent updates, such as the system drive for an instance or storage for a database application

Question 3

Your company handles a crucial ecommerce application. This applications needs to have an uptime of at least 99.5%. There is a decision to move the application to the AWS Cloud. Which of the following deployment strategies can help build a robust architecture for such an application.

A. Deploying the application across multiple VPC’s
B. Deploying the application across multiple Regions
C. Deploying the application across Edge locations
D. Deploying the application across multiple subnets

Answer 3

B. Deploying the application across multiple Regions

Businesses are using the AWS cloud to enable faster disaster recovery of their critical IT systems without incurring the infrastructure expense of a second physical site. The AWS cloud supports many popular disaster recovery (DR) architectures from “pilot light” environments that may be suitable for small customer workload data center failures to “hot standby” environments that enable rapid failover at scale. With data centers in Regions all around the world, AWS provides a set of cloud-based disaster recovery services that enable rapid recovery of your IT infrastructure and data.

Question 4

Which of the following can be used to spin up EC2 instances on the AWS Cloud ?

A. EBS Volumes
B. EBS Snapshots
C. Amazon Machine Image
D. Amazon VMware

Answer 4

C. Amazon Machine Image

An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.

Question 5

Your company is planning to pay for an AWS Support plan. They have the following requirements as far as the support plan goes 24×7 access to Cloud Support Engineers via email, chat & phone Response time of less than 1 hour for any business critical system faults. Which of the following plans will suffice to keep in mind the above requirement?

A. Basic
B. Developer
C. Business
D. Enterprise

Answer 5

D. Enterprise

As per the AWS document, there is no critical support available for Basic, Developer and Business plans.

If you see the second point, it says “critical faults”. Critical faults can be handled only by the “Sr. Cloud Support Engineers”. Even if it is less than 1 hour or 15 mins.
Enterprise plan has critical support within 15 minutes. The question mentions less than 1 hour for critical faults. Normally it will be less than 15 minutes. Hence the correct answer is Enterprise.

The Enterprise support plan has support time less than 15 minutes for Business-critical system down.

Question 6

You are planning on deploying a video based application onto the AWS Cloud. These videos will be accessed by users across the world. Which of the below services can help stream the content in an efficient manner to the users across the globe?

A. Amazon SES
B. Amazon Cloudtrail
C. Amazon CloudFront
D. Amazon S3

Answer 6

C. Amazon CloudFront

Amazon CloudFront is a web service that gives businesses and web application developers an easy and cost effective way to distribute content with low latency and high data transfer speeds. Like other AWS services, Amazon CloudFront is a self-service, pay-per-use offering, requiring no long term commitments or minimum fees. With CloudFront, your files are delivered to end-users using a global network of edge locations.

Question 7

Which of the following components of the Cloudfront service can be used to distribute contents to users across the globe.

A. Amazon VPC
B. Amazon Regions
C. Amazon Availability Zones
D. Amazon Edge locations

Answer 7

D. Amazon Edge locations

Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations.

Question 8

Which of the following Amazon Web Services can be referred to as a serverless service? (Select three).

A. AWS Lambda
B. Elastic Load Balancing
C. Amazon SNS
D. Amazon DynamoDB

Answer 8

A. AWS Lambda
C. Amazon SNS
D. Amazon DynamoDB

The serverless concept refers to the ability to leverage compute processing functions without the infrastructure overhead. AWS Lambda is a serverless online code scripting platform within AWS that allows the user to write, edit and run code functions in various languages including JSON. These functions can be triggered to call or invoke other AWS applications in the user’s build. AWS Cloud9 is a serverless online integrated development environment (IDE) used to author, edit, run debug code of various languages.
With DynamoDB, there are no servers to provision, patch, or manage and no software to install, maintain, or operate.

Question 9

Your company has just started using the resources on the AWS Cloud. They want to get an idea on the costs being incurred so far for the resources being used. How can this be achieved.

A. By going to the Amazon EC2 dashboard. Here you can see the costs of the running EC2 resources.

B. By using the AWS Cost Explorer. Here you can see the running and forecast costs.

C. By using the AWS Trusted Advisor dashboard. This dashboard will give you all the costs.

D. By seeing the AWS Cloud Trail logs.

Answer 9

B. By using the AWS Cost Explorer. Here you can see the running and forecast costs.

Cost Explorer is a free tool that you can use to view your costs. You can view data up to the last 13 months, forecast how much you are likely to spend for the next three months, and get recommendations for what Reserved Instances to purchase

Question 10

By default who from the below roles has complete administrative control over all resources in the respective AWS account?

A. AWS Support Team
B. AWS Account Owner
C. AWS Security Team
D. AWS Technical Account Manager (TAM)

Answer 10

B. AWS Account Owner

The entire of control of data within an AWS account is with the Account Owner.

Question 11

Whilst running an application on an EC2 instance behind an Elastic Load Balancer, an administrator receives a 504 error on their browser. What does this mean?

A. The ELB instance has stopped running
B. The application running on the EC2 instance is serving the 504 error page because it has exceeded its response timeout
C. The URL for the application has expired
D. The application is unresponsive so the ELB instance serves the 504 error page

Answer 11

D. The application is unresponsive so the ELB instance serves the 504 error page

The 504 error is served by the Elastic Load Balancer to indicated that the application is unresponsive, the idle time-out period has lapsed.

Question 12

Which AWS Cloud service helps in quick deployment of resources which can make use of different programming languages such as .Net and Java?

A. AWS Elastic Beanstalk
B. AWS Elastic Compute Cloud (Amazon EC2)
C. AWS VPC
D. AWS SQS

Answer 12

A. AWS Elastic Beanstalk

AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.

Question 13

Your company is planning to host resources in the AWS Cloud. They want to use services which can be used to decouple resources hosted on the cloud. Which of the following services can help fulfil this requirement

A. AWS EBS Volumes
B. AWS EBS Snapshots
C. AWS Glacier
D. AWS SQS

Answer 13

D. AWS SQS

Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly-scalable hosted queue for storing messages as they travel between applications or microservices. It moves data between distributed application components and helps you decouple these components

Note:
Decoupling is where the different components/layers that make up the system interact with each other using well-defined interfaces rather than depending tightly on eah other. With this architecture, the components/layers can be developed independently without having to wait for their dependencies to complete. This leads to pipelined development, resulting in more streamlined and faster development. This also improves testability of the components.

Question 14

Your company is planning to use the AWS Cloud. But there is a management decision that resources need to split department wise. And the decision is tending towards managing multiple AWS accounts. Which of the following would help in effective management and also provide an efficient costing model.

A. AWS Organizations
B. Amazon Dev Pay
C. AWS Trusted Advisor
D. AWS Cost Explorer

Answer 14

A. AWS Organizations

AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts and then apply policies to those groups. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes.

Question 15

An administrator would like to check if the Amazon CloudFront identity they created is making access API calls to an S3 bucket where a static website is hosted. Where can this information be obtained?

A. Configuring Amazon Athena to run queries on the Amazon CloudFront distribution
B. Check AWS CloudWatch logs on the S3 bucket.
C. In the webserver, tail for identity access logs from the Amazon CloudFront identity
D. In AWS CloudTrail Event history, look up access calls and filter for the Amazon CloudFront identity.

Answer 15

D. In AWS CloudTrail Event history, look up access calls and filter for the Amazon CloudFront identity.

By viewing Event history in Amazon CloudTrail, the administrator can be able to access operational, access and activity logs for the past 90 days, to the S3 bucket that hosts the static website.

Question 16

Using Content Delivery Network (CDN) an administrator would like to serve varying types of content based on the viewer’s browser cookies. Which is the most appropriate serverless technique that can be used to achieve this?

A. AWS CodeCommit
B. AWS Lambda@Edge
C. AWS CodeStar
D. AWS Cloud9

Answer 16

B. AWS Lambda@Edge

AWS Lambda@Edge is a serverless service that makes it possible to run event-triggered functions on Edge Locations within the AWS Content Delivery Network. Using AWS CloudFront, an administrator can introduce decision-making and compute processing closer to the viewer’s location, thereby improving on their browsing experience.

Question 17

Your company wants to move an existing Oracle database to the AWS Cloud. Which of the following services can help facilitate this move.

A. AWS Database Migration Service
B. AWS VM Migration Service
C. AWS Inspector
D. AWS Trusted Advisor

Answer 17

A. AWS Database Migration Service

AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases.

Question 18

Which of the below cannot be used to get data from Amazon Glacier?

A. AWS Glacier API
B. AWS Console
C. AWS Glacier SDK
D. AWS S3 Lifecycle policies

Answer 18

D. AWS S3 Lifecycle policies

Note that the AWS Console cannot be used to upload data onto Glacier. The console can only be used to create a Glacier vault which can be used to upload the data.

AWS Glacier API
AWS Glacier is a storage service optimized for infrequently used data, or “cold data”. This option is used for programatically access Glacier and work with it. Due to this reason this option is not matched with the question.

AWS Glacier SDK: SDK i.e., Software Development Kit is used to develop applications for Amazon S3 Glacier. They provide libraries that map to the underlying REST API and provide objects that you can use to easily construct requests and process responses. Due to this reason, it’s not the valid answer for the asked question.

AWS S3 Lifecycle Policies: It’s an XML file, which comprises a set of rules with predefined actions that you want Amazon S3 to perform on objects during their lifetime. Using this we can have access to Glacier and work with it, and due to this, it’s not the correct answer to our question.

Question 19

Which of the following AWS services use serverless technology. Choose 2 answers from the options given below.

A. DynamoDB
B. EC2
C. Simple Storage Service
D. AWS Autoscaling

Answer 19

A. DynamoDB
C. Simple Storage Service

The Simple Storage service and DynamoDB are services where you don’t need to manage the underlying infrastructure.

Question 20

If there is a requirement to host EC2 Instances in the AWS Cloud wherein the utilization is guaranteed to be consistent for a long period of time, which of the following would you utilize to ensure costs are minimized?

A. Reserved instances
B. On-demand instances
C. Spot instances
D. Regular instances

Answer 20

A. Reserved instances

When you have instances that will be used continuously and throughout the year, the best option is to buy reserved instances. By buying reserved instances, you are actually allocated an instance for the entire year or the duration you specify with a reduced cost.

Question 21

A company is planning to migrate their On-premises Services to the Cloud. Which of the following would help them do a cost benefit analysis of moving to the AWS Cloud.

A. AWS TCO calculator
B. AWS Config
C. AWS Cost Explorer
D. AWS Consolidating billing

Answer 21

A. AWS TCO calculator

Use this calculator to compare the cost of running your applications in an on-premises or colocation environment to AWS. Describe your on-premises or colocation configuration to produce a detailed cost comparison with AWS.

Question 22

An ELB instance is configured with the default HealthCheck and Response Timeout intervals as 30 seconds and 5 seconds respectively. How long will it take for an instance within a target group to be labelled as OutOfService, if it goes down a second after the latest HealthCheck?

A. 34 seconds
B. 30 seconds
C. 35 seconds
D. 4 seconds

Answer 22

A. 34 seconds

Since the health check runs every 30 seconds and the instance goes down one second into the cycle, it means 29 seconds will lapse before a new health check is run. Additionally, it will take 5 more seconds of the ELB instance probing the instance that is down, upon getting no response, it would then fail the health check. Therefore, 29 + 5 seconds = 34 seconds.

Question 23

Which of the following is the responsibility of AWS according to the Shared Security Model? Choose 3 answers from the options given below

A. Managing AWS Identity and Access Management (IAM)
B. Securing edge locations
C. Monitoring physical device security
D. Implementing service organization Control (SOC) standards

Answer 23

B. Securing edge locations
C. Monitoring physical device security
D. Implementing service organization Control (SOC) standards

The responsibility of AWS includes the following

1) Securing edge locations
2) Monitoring physical device security
3) Implementing service organization Control (SOC) standards

Question 24

Which of the following statements are FALSE when it comes to elasticity. Choose 2 answers from the options given below

A. Diverting traffic to instances based on the demand
B. Diverting traffic to instances with the least load
C. Diverting traffic across multiple regions
D. Diverting traffic to instances with higher capacity

Answer 24

C. Diverting traffic across multiple regions
D. Diverting traffic to instances with higher capacity

The concept of Elasticity is the means of an application having the ability to scale up and scale down based on demand. An example of such a service is the Autoscaling service

Question 25

Select TWO statements that describe the main roles of AWS Web Application Firewall (WAF) and AWS Shield?

A. AWS Shield Standard is inherently available within the AWS WAF service at no extra cost

B. AWS WAF is inherently available within the AWS Shield Standard service at an additional charge

C. AWS Web Application Firewall (WAF) will provide expanded protection against SYN floods, DNS query floods and UDP reflection attacks at no additional cost

D. AWS Web Application Firewall (WAF) and AWS Shield are fully-managed services

E. AWS WAF is a web application firewall that includes AWS Shield – a service that prevents distributed denial of service (DDoS) attacks

Answer 25

A. AWS Shield Standard is inherently available within the AWS WAF service at no extra cost

E. AWS WAF is a web application firewall that includes AWS Shield – a service that prevents distributed denial of service (DDoS) attacks

AWS Web Application Firewall (WAF) is a web-based application that allows for monitoring of ingress and egress traffic on provisioned web services. These could be in an AWS CloudFront distribution, behind an AWS Load Balancer or standalone instance. AWS WAF includes AWS Shield (AWS Shield Standard that comes at no additional cost and AWS Shield Advanced, on subscription) that protects against SYN floods, DNS query floods and UDP reflection attacks amongst others.

Question 26

Which of the following options is true regarding the vulnerability and security assessment on AWS resources ?

A. AWS is responsible for security of the cloud, vulnerability and penetration testing is not permissible and unnecessary on AWS resources and infrastructure.

B. An organisation can contract a third-party organisation to run vulnerability and security assessments on any of their AWS resources.

C. Vulnerability and security assessments can be conducted on specified AWS resources.

D. It is not permissible to run vulnerability and penetration tests on AWS resources without the prior consent and

Answer 26

C. Vulnerability and security assessments can be conducted on specified AWS resources.

AWS permits users to conduct vulnerability and penetration testing certain specified AWS services. This allows organisations to comply with any industry regulations that stipulate that vulnerability and penetration testing be conducted on services and infrastructure.

Question 27

You are the architect of a custom application running inside your corporate data center. The application runs with some unresolved bugs that produce a lot of data inside custom log files generating time-consuming activities to the operation team who is responsible for analyzing them. You want to move the application to AWS using EC2 instances, and at the same time, take the opportunity for improving logging and monitoring capabilities but without touching the application code. What AWS service should you use to satisfy the requirement?

A. AWS Kinesis Data Streams
B. AWS CloudTrail
C. AWS CloudWatch Logs
D. AWS Application Logs

Answer 27

C. AWS CloudWatch Logs

AWS CloudWatch Logs has the capability to reuse existing application logs increasing efficiency in operation with the ability to generate on them metrics, alerts and analytics with AWS CloudWatch Logs Insight. As the application and custom log files are exactly as they were when the application was running on-prem you don’t need to change any piece of application code that make them ingestible by AWS CloudWatch Logs AWS official documentation in the FAQ section highlights the reusing capability with the sentence “AWS CloudWatch Logs lets you monitor and troubleshoot your systems and applications using your existing system, application and custom log files… so, no code changes are required.”

You can also leverage CloudWatch Metrics, Alarms and Dashboards with Logs to get full operational visibility into your applications. This empowers you to understand your applications, make improvements, and find and fix problems quickly, so that you can continue to innovate rapidly.

Question 28

Which of the following features of Amazon RDS allows for better availability of databases. Choose 2 answers from the options given below

A. VPC Peering
B. Multi-AZ
C. Read Replica’s
D. Multi-Region

Answer 28

B. Multi-AZ
C. Read Replica’s

If you are looking to use replication to increase database availability while protecting your latest database updates against unplanned outages, consider running your DB instance as a Multi-AZ deployment.

You can use Multi-AZ deployments and Read Replicas in conjunction to enjoy the complementary benefits of each. You can simply specify that a given Multi-AZ deployment is the source DB instance for your Read Replica(s). That way you gain both the data durability and availability benefits of Multi-AZ deployments and the read scaling benefits of Read Replicas.

Question 29

Which of the following storage options provides the option of Lifecycle policies that can be used to move objects to archive storage.

A. Amazon S3
B. Amazon Glacier
C. Amazon Storage Gateway
D. Amazon EBS

Answer 29

A. Amazon S3

Lifecycle configuration enables you to specify the lifecycle management of objects in a bucket. The configuration is a set of one or more rules, where each rule defines an action for Amazon S3 to apply to a group of objects. These actions can be classified as follows:

· Transition actions – In which you define when objects transition to another storage class. For example, you may choose to transition objects to the STANDARD_IA (IA, for infrequent access) storage class 30 days after creation, or archive objects to the GLACIER storage class one year after creation.

· Expiration actions – In which you specify when the objects expire. Then Amazon S3 deletes the expired objects on your behalf.

Question 30

You have a devops team in your current organization structure. They are keen to know if there is any service available in AWS which can be used to manage infrastructure as code. Which of the following can be met with such a requirement

A. Using AWS Cloudformation
B. Using AWS Config
C. Using AWS Inspector
D. Using AWS Trusted Advisor

Answer 30

A. Using AWS Cloudformation

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. You don’t need to individually create and configure AWS resources and figure out what’s dependent on what; AWS CloudFormation handles all of that

Question 31

After making changes to a record set in a Route53 hosted zone and saving accordingly, an administrator immediately attempts to test for the new settings. All the attempts are unsuccessful. What is the most plausible reason for this?

A. In Amazon Route53, changes in the hosted zones cannot reflect until the set Time to live (TTL) duration has lapsed.

B. It is likely that the administrator cleared the browser and DNS cache before testing.

C. Changes to hosted zones propagate and reflect instantly but the administrator’s browser has cached content.

D. Whilst logged onto the hosted zone, the administrator did not commit the changes to the respective Amazon Route53 nameservers.

Answer 31

A. In Amazon Route53, changes in the hosted zones cannot reflect until the set Time to live (TTL) duration has lapsed.

In Amazon Route53 any alterations made to record sets in hosted zones will take the duration of the set Time to live (TTL) before they can reflect. However, flushing of the local DNS and browser cache will prompt a new query to the Route53 hosted zone thereby giving the new changes.

Question 32

A live online game uses DynamoDB instances in the backend to store real-time scores of the participants as they compete against each other from various parts of the world. Which data consistency option it the most appropriate to implement?

A. Strongly consistent
B. Eventually consistent
C. Strong Eventual consistency
D. Optimistic consistency

Answer 32

A. Strongly consistent

Since the gamers are participating live over the internet from geographically distinct locations, the data consistency will need to be that of immediately readable within a second of them being written. Therefore strongly consistent.

Question 33

An organization runs several EC2 instances inside a VPC using three subnets, one for Development, one for Test and one for Production. The Security team has some concerns about the VPC configuration and requires to restrict the communication across the EC2 instances using Security Groups. Which of the following options is true for Security Groups?

A. You can change a Security Group associated to an instance if the instance state is stopped or running.

B. You can change a Security Group associated to an instance if the instance state is stopped but not if the instance state is running.

C. You can change a Security Group only if there are no instances associated to it.

D. The only Security Group you can change is the Default Security Group.

E. None of the above

Answer 33

A. You can change a Security Group associated to an instance if the instance state is stopped or running.

AWS documentation mentions it in the section called “Changing an Instance’s Security Group” using the following sentence: “After you launch an instance into a VPC, you can change the security groups that are associated with the instance. You can change the security groups for an instance when the instance is in the running or stopped state.”

Question 34

Which of the following can be used as an additional layer of security to using a user name and password when logging into the AWS Console.

A. Multi-Factor Authentication (MFA)
B. Secondary password
C. Root access privileges
D. Secondary user name

Answer 34

A. Multi-Factor Authentication (MFA)

AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password.

Question 35

An administrator is looking to run their cloud infrastructure along best practice guidelines by leveraging on Amazon Inspector and AWS Trusted Advisor services.
Which of the following statements correctly describe how this can be done? (Select TWO)

A. Running Amazon Inspector service to probe and protect cloud infrastructure from threats regularly

B. Adhering to recommendations given in the main pillars of AWS Trusted Advisor, which are cost optimization, security, performance, fault-tolerance and service limits

D. AWS Trusted Advisor will highlight pending tasks to be resolved in only performance and cost optimization best practices whilst Amazon Inspector will alert the administrator of security vulnerabilities.

E. Amazon Inspector will highlight pending tasks to be resolved in only performance and cost optimization best practices whilst AWS Trusted Advisor will alert the administrator of security vulnerabilities.

Answer 35

B. Adhering to recommendations given in the main pillars of AWS Trusted Advisor, which are cost optimization, security, performance, fault-tolerance and service limits

C. Regularly running Amazon Inspector service on EC2 instances to get a concise list of security vulnerabilities and exposures to attack.

Amazon Inspector will assess AWS provisioned infrastructure for compliance and security vulnerabilities. AWS Trusted Advisor will provide real-time guidelines in best practice implementation and maintenance of AWS resources.

Question 36

Your company is planning on moving to the AWS Cloud. Once the movement to the Cloud is complete, they want to ensure that the right security settings are put in place. Which of the below tools can assist from a Security compliance. Choose 2 answers from the options given below.

A. AWS Inspector
B. AWS Trusted Advisor
C. AWS Support
D. AWS Kinesis

Answer 36

A. AWS Inspector
B. AWS Trusted Advisor

An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment, Trusted Advisor provides real time guidance to help you provision your resources following AWS best practices
The AWS Inspector can inspect EC2 Instances against common threats.

Question 37

A company is deploying a two-tier, highly available web application to AWS. The application needs a storage layer to store artifacts such as photos and videos. Which of the following services can be used as the underlying storage mechanism?

A. Amazon EBS volume
B. Amazon S3
C. Amazon EC2 instance store
D. Amazon RDS instance

Answer 37

B. Amazon S3

Amazon S3 is the default storage service that should be considered for companies. It provides durable storage for all static content.

Question 38

Which of the below mentioned services is equivalent to hosting virtual servers on an on-premises location?

A. AWS IAM
B. AWS Server
C. AWS EC2
D. AWS Regions

Answer 38

C. AWS EC2

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

Question 39

Which of the following can be used to increase the fault tolerance of an application.

A. Deploying resources across multiple edge locations
B. Deploying resources across multiple VPC’s
C. Deploying resources across multiple Availability Zones
D. Deploying resources across multiple AWS Accounts

Answer 39

C. Deploying resources across multiple Availability Zones

Each AZ is a set of one or more data centers. By deploying your AWS resources to multiple Availability zones , you are designing with failure with mind. So if one AZ were to go down , the other AZ’s would still be up and running and hence your application would be more fault tolerant.

Question 40

You have a set of EC2 Instances hosted on the AWS Cloud. The EC2 Instances are hosting a web application. Which of the following acts as a firewall to your VPC and the instances in it? Choose 2 answers from the options given below

A. Usage of Security Groups
B. Usage of AWS Config
C. Usage of Network Access Control Lists
D. Usage of the Internet gateway

Answer 40

A. Usage of Security Groups
C. Usage of Network Access Control Lists

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic

A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

Question 41

Your design team is planning to design an application that will be hosted on the AWS Cloud. One of their main non-functional requirements is given below Reduce inter-dependencies so failures do not impact other components. Which of the following concepts does this requirement relate to?

A. Integration
B. Decoupling
C. Aggregation
D. Segregation

Answer 41

B. Decoupling

The entire concept of decoupling components is to ensure that the different components of an applications can be managed and maintained separately. If all components are tightly coupled then when one component goes down, the entire application would do down. Hence it is always a better design practice to decouple application components.

Question 42

A company currently has an application which consist of a .Net layer which connects to a MySQL database. They now want to move this application onto AWS. They want to make use of all AWS features such as high availability and automated backups. Which of the following would be an ideal database in AWS to migrate to for this requirement.

A. Aurora
B. DynamoDB
C. An EC2 instance with MySQL installed.
D. An EC2 instance with Aurora installed.

Answer 42

A. Aurora

Amazon Aurora (Aurora) is a fully managed, MySQL- and PostgreSQL-compatible, relational database engine. It combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. It delivers up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications.

Question 43

Which of the following networking component can be used to host EC2 resources in the AWS Cloud?

A. AWS Trusted Advisor
B. AWS VPC
C. AWS Elastic Load Balancer
D. AWS Autoscaling

Answer 43

B. AWS VPC

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Question 44

Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities

A. AWS Trusted Advisor
B. AWS Inspector
C. AWS WAF
D. AWS Shield

Answer 44

B. AWS Inspector

Amazon Inspector enables you to analyze the behavior of your AWS resources and helps you to identify potential security issues. Using Amazon Inspector, you can define a collection of AWS resources that you want to include in an assessment target. You can then create an assessment template and launch a security assessment run of this target.

Question 45

Which of the following service is most useful when a Disaster Recovery method is triggered in AWS.

A. Amazon Route 53
B. Amazon SNS
C. Amazon SQS
D. Amazon Inspector

Answer 45

A. Amazon Route 53

Rouet53 is a domain name system service by AWS. When a Disaster does occur, it can be easy to switch to secondary sites using the Route53 service.

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well

Question 46

Which of the following features of AWS RDS allows you to reduce the load on the database while reading data?

A. Cross region replication
B. Creating Read Replicas
C. Using snapshots
D. Using Multi-AZ feature

Answer 46

B. Creating Read Replicas

You can reduce the load on your source DB Instance by routing read queries from your applications to the read replica. Read replicas allow you to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads.

Question 47

A. Password Policies
B. User permissions
C. Physical security
D. Disk disposal 
E. Hardware patching

Answer 47

C. Physical security
D. Disk disposal
E. Hardware patching

As per the Shared Responsibility model , the Patching of the underlying hardware and physical security of AWS resources is the responsibility of AWS.

Disk disposal:
Storage Device Decommissioning When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.

Question 48

Why is Amazon DynamoDB service best-suited for implementation in mobile, Internet of Things (IoT) and gaming applications?

A. DynamoDB is a fully-managed database instance with no infrastructure overheads

B. DynamoDB has a flexible data model and single-digit millisecond latency

C. Whilst in operation, DynamoDB instances are spread across at least three geographically distinct centers, AWS Regions

D. DynamoDB supports eventual and strongly consistent reads

Answer 48

B. DynamoDB has a flexible data model and single-digit millisecond latency

The use cases mentioned in the scenario have unstructured data in common, therefore, the most appropriate attribute of Amazon DynamoDB is its flexible data model and single-digit millisecond latency.

Question 49

Currently your organization has an operational team that takes care of ID management in their on-premise data center. They now also need to manage users and groups created in AWS. Which of the following AWS tools would they need to use for performing this management function.

A. AWS Config
B. AWS Cloud Trail
C. AWS Key Management Service (AWS KMS)
D. AWS Identity and Access Management (IAM)

Answer 49

D. AWS Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

Question 50

Which of the following does AWS perform on its behalf for EBS volumes to make it less prone to failure?

A. Replication of the volume across Availability Zones
B. Replication of the volume in the same Availability Zone
C. Replication of the volume across Regions
D. Replication of the volume across Edge locations

Answer 50

B. Replication of the volume in the same Availability Zone

When you create an EBS volume in an Availability Zone, it is automatically replicated within that zone to prevent data loss due to failure of any single hardware component

Question 51

Which of the following terms refers to a geographic location in AWS?

A. Availability Zone
B. Data center
C. Region
D. Edge location

Answer 51

C. Region

Regions correspond to different geographic locations in AWS.

Question 52

Your company is planning to move to the AWS Cloud. You need to give a presentation on the cost perspective when moving existing resources to the AWS Cloud. When it comes to Amazon EC2, which of the following is an advantage when it comes to the cost perspective.

A. Having the ability of automated backups of the EC2 instance, so that you don’t need to worry about the maintenance costs.
B. The ability to choose low cost AMI’s to prepare the EC2 Instances
C. The ability to only pay for what you use
D. Ability to tag instances to reduce the overall cost

Answer 52

C. The ability to only pay for what you use

One of the advantages of EC2 Instances is the per second billing concept. This is given in the AWS documentation also
With per-second billing, you pay for only what you use. It takes cost of unused minutes and seconds in an hour off of the bill, so you can focus on improving your applications instead of maximizing usage to the hour. Especially, if you manage instances running for irregular periods of time, such as dev/testing, data processing, analytics, batch processing and gaming applications, can benefit.

Question 53

Your company is planning to offload some of the batch processing workloads on to AWS. These jobs can be interrupted and resumed at any time. Which of the following instance types would be the most cost effective to use for this purpose.

A. On-Demand
B. Spot
C. Full Upfront Reserved
D. Partial Upfront Reserved

Answer 53

B. Spot

Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks

Question 54

You are requested to expose your serverless application implemented with AWS Lambda to HTTP clients.( using HTTP Proxy )
Which of the following AWS services can you use to accomplish the task? (Select TWO)

A. AWS Elastic Load Balancing (ELB)
B. AWS Route53 
C. AWS API Gateway 
D. AWS Lightsail
E. AWS Elastic Beanstalk

Answer 54

A. AWS Elastic Load Balancing (ELB)
C. AWS API Gateway

AWS documentation mentions it “Application Load Balancers now support invoking Lambda functions to serve HTTP(S) requests. This enables users to access serverless applications from any HTTP client, including web browsers.

API Gateway + Lambda is a common pattern for exposing serverless functions via HTTP/HTTPS. AWS documentation mentions it “Creating, deploying, and managing a REST application programming interface (API) to expose backend HTTP endpoints, AWS Lambda functions, or other AWS services”

Question 55

There is a requirement to collect important metrics from AWS RDS and EC2 Instances. Which AWS service would be helpful to fulfill this requirement?

A. Amazon CloudFront
B. Amazon CloudSearch
C. Amazon CloudWatch
D. Amazon Config

Answer 55

C. Amazon CloudWatch

Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources

Question 56

You have an EC2 Instance in development that interacts with the Simple Storage Service. The EC2 Instance is going to be promoted to the production environment. Which of the following features should be used for secure communication between the EC2 Instance and the Simple Storage Service.

A. IAM Users
B. IAM Roles
C. IAM Groups
D. IAM policies

Answer 56

B. IAM Roles

An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials (password or access keys) associated with it. Instead, if a user assumes a role, temporary security credentials are created dynamically and provided to the user.

Question 57

Which of the following disaster recovery deployment mechanisms that has the highest downtime

A. Pilot light
B. Warm standby
C. Multi Site
D. Backup and Restore

Answer 57

D. Backup and Restore

The below snapshot from the AWS Documentation shows the spectrum of the Disaster recovery methods. If you go to the further end of the spectrum you have the least time for downtime for the users.

AWS Multi Region

   - Backup & Restore
   - Pilot Light
   - Warm Standby
   - Multi Site

In most traditional environments, data is backed up to tape and sent off-site regularly. If you use this method, it can take a long time to restore your system in the event of a disruption or disaster.

Question 58

A company wants to have a database hosted on AWS. As much as possible they want to have control over the database itself. Which of the following would be an ideal option for this.

A. Using the AWS DynamoDB service
B. Using the AWS RDS service
C. Hosting the database on an EC2 Instance
D. Using the Amazon Aurora service

Answer 58

C. Hosting the database on an EC2 Instance

If you want a self-managed database, that means you want complete control over the database engine and the underlying infrastructure. In such a case you need to host the database on an EC2 Instance

Question 59

Your company is moving a large application to AWS using a set of EC2 instances. A key requirement is reusing existing server-bound software licensing. Which of the following options is the best for satisfying the requirement?

A. EC2 Dedicated Instances
B. EC2 Reserved Instances
C. EC2 Dedicated Hosts
D. EC2 Spot Instances

Answer 59

C. EC2 Dedicated Hosts

Because instances run on a dedicated hardware where AWS gives visibility of physical characteristics. AWS documentation mentions this with the following sentence: “…Dedicated Host gives you additional visibility and control over how instances are placed on a physical server, and you can consistently deploy your instances to the same physical server over time. As a result, Dedicated Hosts enable you to use your existing server-bound software licenses and address corporate compliance and regulatory requirements.”

Question 60

A research team conducting its work in remote locations of the world, without internet access, wishes to leverage Amazon services for their storage. The team collects petabytes of information at a time. Which service will best meet to transfer the petabytes of information?

A. Amazon S3
B. Amazon Elastic Block Store (EBS)
C. Amazon S3 Glacier
D. AWS Snowball

Answer 60

D. AWS Snowball

The AWS Snowball service uses physical storage devices to transfer large amounts of data between Amazon Simple Storage Service (Amazon S3) and your onsite data storage location at faster-than-internet speeds. By working with AWS Snowball, you can save time and money. Snowball provides powerful interfaces that you can use to create jobs, track data, and track the status of your jobs through to completion.

Snowball devices are physically rugged devices that are protected by the AWS Key Management Service (AWS KMS). They secure and protect your data in transit.

Question 61

Which statement is accurate about AWS Budgets and Cost Explorer?

A. AWS Budgets uses the cost visualizations provided by AWS Cost Explorer to show the status of preset budgets and to provide forecasts of estimated costs.

B. Both AWS Budgets and AWS Cost Explorer can be used to predict usage and to give recommended cost-optimization measures.

C. AWS Cost Explorer will lists the costs incurred over a period of time with a further breakdown by region and linked account.

D. Due to the sensitivity of billing and cost management information, with the AWS Cost Explorer and AWS Budgets services, it is not possible to view the information for multiple accounts.

Answer 61

A. AWS Budgets uses the cost visualizations provided by AWS Cost Explorer to show the status of preset budgets and to provide forecasts of estimated costs.

Under the Billing and Cost Management service in the AWS management service, it is possible to use the AWS Budgets and Cost Explorer to show the status of preset budgets and to provide forecasts of estimated costs.

Question 62

Which of the following are features of an edge location. Choose 3 answers from the options given below

A. Distribute content to users
B. Cache common responses
C. Distribute load across multiple resources
D. Used in conjunction with the Cloudfront service

Answer 62

A. Distribute content to users
B. Cache common responses
D. Used in conjunction with the Cloudfront service

Amazon CloudFront employs a global network of edge locations and regional edge caches that cache copies of your content close to your viewers. Amazon CloudFront ensures that end-user requests are served by the closest edge location. As a result, viewer requests travel a short distance, improving performance for your viewers. For files not cached at the edge locations and the regional edge caches, Amazon CloudFront keeps persistent connections with your origin servers so that those files can be fetched from the origin servers as quickly as possible.

Question 63

Which of the following scenarios is most appropriate to implement Amazon ElastiCache in order to improve on performance?

A. Where there are frequent writes to a database instance
B. Where there are frequent reads of static content on a web application
C. Where there are frequent reads of dynamic content on a web application
D. Where there are infrequent random reads to static content on a web application

Answer 63

B. Where there are frequent reads of static content on a web application

In the scenario outlined in Option B, implementing and configuring Amazon ElastiCache will improve the performance by storing frequently accessed content in-memory. The storage type is a managed, high-speed, volatile and not disk-based, making information retrieval faster than disk-based stored content.

Question 64

Your company is planning to host a large ecommerce application on the AWS Cloud. One of their major concerns is Internet attacks such as DDos attacks. Which of the following services can help mitigate this concern. Choose 2 answers from the options given below

A. Cloudfront
B. AWS Shield
C. AWS EC2
D. AWS Config

Answer 64

A. Cloudfront
B. AWS Shield

AWS Services for DDoS Attack Mitigation
AWS offers globally distributed, high network bandwidth and resilient services that, when used in conjunction with application-specific strategies, are key to mitigating DDoS attacks. For more information on how to leverage each of these services and details on how their various features help protect against DDoS attacks, see the whitepaper AWS Best Practices for DDoS Resiliency.

Amazon CloudFront distributes traffic across multiple edge locations and filters requests to ensure that only valid HTTP(S) requests will be forwarded to backend hosts. CloudFront also supports geoblocking, which you can use to prevent requests from particular geographic locations from being served.

Question 65

When designing a system, you use the principle of “design for failure and nothing will fail”. Which of the following services/features of AWS can assist in supporting this design principle. Choose 3 answers from the options given below

A. Availability Zones
B. Regions
C. Elastic Load Balancer
D. Pay as you go

Answer 65

A. Availability Zones
B. Regions
C. Elastic Load Balancer

Each AZ is a set of one or more data centers. By deploying your AWS resources to multiple Availability zones , you are designing with failure with mind. So if one AZ were to go down , the other AZ’s would still be up and running and hence your application would be more fault tolerant.

For disaster recovery scenarios , one can move or make resources run in other regions. And finally one can use the Elastic Load Balancer to distribute load to multiple backend instances within a particular region.