Certified Cloud Practitioner

Question 1

What is AWS Trusted Advisor

Answer 1

AWS Trusted Advisor provides recommendations that help you follow AWS best practices. Trusted Advisor evaluates your account by using checks. These checks identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas.

Question 2

What is Amazon S3 Intelligent-Tiering

Answer 2

The Amazon S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective access tier (Frequent Access, Infrequent Access and Archive Instant Access) when access patterns change.

Question 3

What is AWS Cost Explorer

Answer 3

AWS Cost Explorer is a tool that enables you to view and analyze your costs and usage.

• Explore usage and costs using the cost and usage reports, or the cost explorer RI reports
• View data for up to the last 12 months
• Forecast how much you’re likely to spend for the next 12 months
• Get recommendations for what Reserved Instances to purchase
• Identify areas that need further inquiry
• See trends that can be used to understand the costs

Question 4

What is a NAT Gateway

Answer 4

A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

Question 5

Connectivity types of NAT Gateways

Answer 5

• Public (Default) : Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet.
• Private : Instances in private subnets can connect to other VPCs or your on-premises network through a private NAT gateway.

Question 6

What is AWS Compute Optimizer

Answer 6

Machine-learning based tool that analyzes metrics of historical utilization and makes recommendations of compute services to be used for the workload

Question 7

What is AWS Quick Starts

Answer 7

Quick Starts are automated reference deployments built by Amazon Web Services (AWS) solutions architects and AWS Partners.

Question 8

What is AWS CodeGuru

Answer 8

Amazon CodeGuru is a developer tool that provides intelligent recommendations to improve code quality and identify an application’s most expensive lines of code.

Question 9

Which AWS service provides infrastructure security optimization recommendations?

Answer 9

AWS Trusted Advisor

Question 10

Which AWS service can be deployed to enhance read performance for applications while reading data from NoSQL database?

Answer 10

Amazon DynamoDB Accelerator

Question 11

Which tool can you use to forecast your AWS spending?

Answer 11

AWS Cost Explorer

Question 12

Which service is a Security layer attached to a subnet within a VPC for controlling traffic in & out of the VPC?

Which service is the security layer attached at instance level?

Answer 12

Network ACL is attached to subnet

Security Group is attached at instance level

Question 13

What is the AWS feature that enables fast, easy and secure transfers of files over long distances between your client and your Amazon S3 bucket?

Answer 13

Amazon S3 Transfer Acceleration

Question 14

What is AWS Artifact?

Answer 14

AWS Artifact is a comprehensive resource center to have access to the AWS’ auditor-issued reports and security and compliance documentation from several renowned independent standard organizations.

Question 15

CloudFormation: What are
- CloudFormation Drift Detection
- CloudFormation Change Sets
- CloudFormation Stack Sets
- CloudFormation Intrinsic Functions

Answer 15

• CloudFormation Drift Detection: used to detect any changes made to resources outside of CloudFormation templates
• CloudFormation Change Sets: preview changes to be made to an AWS resource which will be deployed using the AWS CloudFormation template
• CloudFormation Stack Sets: groups of stacks that are managed together
• CloudFormation Intrinsic Functions: used for assigning values to properties in CloudFormation templates

Question 16

Which action the customer must do to ensure the availability and backup of the EBS volumes?

Answer 16

Create EBS snapshots

Question 17

What is AWS Config?

Answer 17

A service that records & captures all configuration changes done to AWS resources using the Configuration Recorder. Configuration Items crated by AWS Config can be sent to S3 to be stored as log files. These log files can be retained depending on the S3 lifecycle policies defined & can be referred to during any audit. Using an automated configuration management tool helps an Organization to track compliance of its resources elegantly.

Question 18

What are the conditions to change Instance’s security group?

Answer 18

• We can change a Security Group associated with an instance if the instance is in the running or stopped state (not hibernate)
• We can change all security groups, not only default one

Question 19

What are the different support plans?

Answer 19

Basic: access to customer services, doc, whitepapers and support forums + access to 6 core Trusted Advisor checks
Developer: Basic + Business hours access to Cloud Support Associates via email
Business: Developer + 24x7 access to Cloud Support Engineers via email, chat & phone + access to full check of Trusted Advisor checks + response time for production system down < 1 h
Enterprise: Business + 24x7 access to Senior Cloud Support Engineers via email, chat & phone + response time for Business-critical system down < 15 mn

Question 20

Which service facilitate the move of an existing Oracle DB to the cloud?

Answer 20

AWS Database Migration Service

Question 21

What is Amazon Inspector?

Answer 21

Amazon Inspector is an automated vulnerability management service that continually scans Amazon Elastic Compute Cloud (EC2) and container workloads for software vulnerabilities and unintended network exposure.

Question 22

You have a mission-critical application that must be globally available at all times. If this is the case, which deployment mechanism would you employ?

Answer 22

Deployment to multiple Regions

Question 23

Which services can be used to protect against DDoS attacks?

Answer 23

AWS Shield (standard protection without additional charge)
AWS Shield Advanced (option to subscribe)

Question 24

What is Amazon Macie?

Answer 24

Security service used to detect users’ personal credit card numbers from data stored in Amazon S3?

Question 25

What is the difference between Geolocation and Geoproximity Route 53 routing policies

Answer 25

• Geolocation: used to route traffic based on the location of your users. It makes it possible for different types of content to be served depending on the browser’s geographical location.
• Geoproximity: used to route traffic based on the location of your resources and, optionally, shift traffic from resources in one location to resources in another. It allows the user to be served with content from resources closest to their geographical location.

Question 26

What are the design principles for security in the cloud, as per AWS Well-Architected Framework?

Answer 26

• Implement a strong identity foundation.
• Enable traceability.
• Apply security at all layers.
• Automate security best practices.
• Protect data in transit and at rest.
• Keep people away from data.
• Prepare for security events.

Question 27

What is Amazon GuardDuty?

Answer 27

Threat detection service that continuously monitors malicious activities and unauthorized behaviors to protect AWS accounts, workloads, and data stored in Amazon S3.

Question 28

If you want to take a backup of an EBS Volume, what would you do?

Answer 28

Create an EBS snapshot

Question 29

What is Amazon Athena?

Answer 29

Serverless query service that does not need to build databases on dedicated Elastic Block Store (EBS) volumes. Instead, it builds tables from data read directly from Amazon S3 buckets. Amazon Athena does not store any of the data. The service is compatible with the regular data formats that include CSV, JSON, ORC, AVRO and Parquet.

Question 30

What is AWS CodePipeline?

Answer 30

AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define.

Question 31

What is AWS Data Sync?

Answer 31

Service used to move huge amounts of data between on-prem storage to S3 and EFS?

Question 32

What is AWS Migration Hub?

Answer 32

Service that facilitates discovery of the existing applications and IT assets and provides a view to better plan and track application migrations?

Question 33

What is Amazon Global Accelerator?

Answer 33

Networking service that utilizes AWS global network to optimize the “user to application” path. The performance benefits realized by the use of the Global accelerator can be tested using a speed comparison tool provided by AWS.

Question 34

What is Amazon Detective?

Answer 34

AWS service that uses machine learning and graph theory capability on automatically collected log data to help you conduct faster and efficient security investigations?

Question 35

What are AWS Organizations

Answer 35

• Helps to centrally manage and govern the environment as user grows and scales AWS resources.
• Allows user to :
  
  • automate the creation of new AWS accounts and allocation of resources,
  • group accounts to organize workflows,
  • apply policies to accounts or groups for governance,
  • simplify billing by using a single payment method for all accounts.

Question 36

What is AWS License Manager

Answer 36

It provisions & tracks license usage across multiple AWS accounts & also on-premises environment. It helps to send an alert to an Administrator when license usage exceeds the limit.

Question 37

What is AWS Certificate Manager

Answer 37

It provisions, manages, and deploy public and private SSL/TLS certificates. These certificates can be directly imported from AWS certificate manager to Elastic Load Balancer, CloudFront distributions, and APIs on API Gateway.

Question 38

What is AWS CloudHSM

Answer 38

It’s a managed single-tenant hardware security module for generating and managing encryption keys on the AWS cloud. AWS CloudHSM can be used for offloading SSL processing for web servers.

Question 39

Difference between Amazon Cognito User Pools & Cognito Identity Pools

Answer 39

• Cognito User Pools : secure identiy store that scales to millions of users. They store user profiles and support authentication for users who sign up directly and for federated users who sign in with social and enterprise identity providers.
• Cognito Identity Pools : containers that Cognito Identity uses to keep your apps’ federated identities organized. Identity Pool associates federated identities from social identity providers with a unique user specific identifier..

Question 40

Which of the following is a factor when calculating Total Cost of Ownership (TCO) for the AWS Cloud?
- number of servers migrated
- number of users migrated
- number of passwords migrated
- number of keys migrated

Answer 40

number of servers migrated

Question 41

What is AWS DirectConnect

Answer 41

A dedicated network between the organization’s premises and AWS resources. While in transit, the network traffic remains on the AWS global network and never touches the public internet.

Question 42

What is Amazon QuickSight

Answer 42

A fully-managed service that allows for insightful business intelligence reporting with creative data delivery methods, including graphical and interactive dashboards. QuickSight includes machine learning that allows users to discover inconspicuous trends and patterns on their datasets.

Question 43

Which services are allowed without prior approval to carry out penetration tests?

Answer 43

Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers
Amazon RDS
Amazon CloudFront
Amazon Aurora
Amazon API Gateways
AWS Fargate
AWS Lambda and Lambda Edge functions
Amazon Lightsail resources
Amazon Elastic Beanstalk environments

Question 44

What are the five categories does Trusted Advisor service provide insight for an AWS account?

Answer 44

Cost optimization
Performance
Security
Fault tolerance
Service limits

Question 45

What is AWS Personal Health Dashboard?

Answer 45

A tool that shows the status of AWS services running the user-specific resources. It is a graphical representation that sends alerts, notifications of any personal pending issues, planned changes, and scheduled activities.

Question 46

What is AWS Personal Health Dashboard?

Answer 46

A tool that shows the status of AWS services running the user-specific resources. It is a graphical representation that sends alerts, notifications of any personal pending issues, planned changes, and scheduled activities.

Question 47

What are Savings Plans?

Answer 47

Savings Plans offer a flexible pricing model that provides savings on AWS usage. You can save up to 72 percent on your AWS compute workloads. Compute Savings Plans provide lower prices on Amazon EC2 instance usage regardless of instance family, size, OS, tenancy, or AWS Region. This also applies to AWS Fargate and AWS Lambda usage.

Question 48

What are SCPs in AWS Organizations? What is the difference with IAM?

Answer 48

AWS Organizations automate creation of AWS Accounts, OUs and their hierarchy. They use Service Control Policies (SCP) at OUs. SCPs are different from IAM in the sense that they can be applied to the Organization level. They override any IAM policies that are defined at an Account level & may also restrict the IAM policy defined. AWS Organizations do not cancel the need for IAM. It compliments what IAM can do by consolidating and centrally managing a lot of things that happen. AWS Organizations is not an authority for granting permissions, but it is an authority to approve/disapprove permissions given by IAM.

Question 49

What is AWS Systems Manager?

Answer 49

Secure end-to-end management solution for hybrid cloud environments. It’s the operations hub for your AWS applications and resources, and is broken into four core feature groups:
- Operations Management
- Application Management
- Change Management
- Node Management

Question 50

What is edge computing?

Answer 50

Edge computing is a distributed computing paradigm that brings computation and data storage closer to the sources of data. This is expected to improve response times and save bandwidth. One definition of edge computing is any type of computer program that delivers low latency nearer to the requests.
Boradly speaking, it defines all computing outside the cloud happening at the edge of the network, and more specifically in applications where real-time processing of data is required.