Certified Cloud Practitioner CLF-C02 Questions Flashcards

Question

Which of the following is a primary use case for AWS Backup? 1) Providing a hybrid cloud storage service 2) Managing file shares for Windows workloads 3) Storing data for infrequent access 4) Automating and centralizing backups across AWS services

Answer 1

4) AWS Backup provides a centralized way to manage backups across AWS services.

Answer 2

1) Tape Gateway enables archiving in the cloud as virtual tapes.

Answer 3

3) EBS provides persistent, block-level storage volumes for use with EC2 instances.

Answer 4

4) Provisioned IOPS SSD offers the highest performance for mission-critical low-latency or high-throughput workloads.

Answer 5

1) FSx provides fully managed file systems, like Windows File Server and Lustre.

Answer 6

3) The primary role of an intenet gateway is to facilitate communication between instances in the VPC and the internet

Answer 7

2) Route 53 traffic flow is a feature of Amazon Route 53 that allows you to manage how traffic is routed to your application

Answer 8

4) Security groups act as virtual firewalls for EC2 instances, controlling inbound and outbound traffic.

Answer 9

2) The primary function of a CDN like CloudFront is to deliver content globally with low latency and high transfer speeds.

Answer 10

1) AWS Global Accelerator optimizes global applications' performance by routing user traffic through AWS's optimized network paths.

Answer 11

4) The primary use case for AWS VPN is to provide secure, encrypted connectivity over the public internet.

Answer 12

4) DNS services like Amazon Route 53 route end users to applications running on AWS by resolving domain names to IP addresses.

Answer 13

4) Amazon VPC allows users to create a logically isolated section of the AWS cloud for deploying AWS resources.

Answer 14

2) AWS Direct Connect is preferred when high-capacity, dedicated data transfer paths are needed.

Answer 15

1) A key aspect of Amazon Route 53 is managing DNS records and routing ineternet traffic to the appropriate location.

Answer 16

1) Long polling is recommended for most use cases, because it only returns a response when a message is in the queue or the timeout is reached. This helps avoid paying for empty responses, and is the most cost-effective option.

Answer 17

2) With loose coupling, application components can be connected to each other but are not dependent on each other.

Answer 18

2) AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem.

Answer 19

4) CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.

Answer 20

4) CloudFormation allows you to provision your AWS resources via scripted templates.

Answer 21

3) CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or Amazon ECS services.

Answer 22

3) Continuous Integration (CI) is the practice of merging all developers' working copies to a shared repository frequently, preferably several times a day. One of the key benefits of integrating regularly is that you can detect errors quickly and locate them more easily. As each change introduced is typically small, pinpointing the specific change that introduced a defect can be done quickly.

Answer 23

2) EventBridge is a service that can help you build event-driven applications that respond to state changes triggered by AWS services like EC2. For instance, an EC2 instance might change state from running to rebooting.

Answer 24

2) Simple Notification Service (SNS) allows you to send emails and text messages from your distributed applications.

Answer 25

3) AWS CloudShell is a browser-based shell with the AWS CLI pre-installed.

Answer 26

4) CloudFormation is AWS's go-to Infrastructre-as-Code solution.

Answer 27

4) Step Functions are a great way to visualize your serverless application. They automatically trigger and track each step in a process, and log the state of each step, so you can track what went wrong, and where.

Answer 28

4) Cloud9 is an integrated development environment (IDE) that allows you to write code within your web browser.

Answer 29

4) SQS tries to process messages based on first-in/first-out, but the order is only guaranteed with SQS FIFO queues.

Answer 30

1) Elastic Beanstalk can be used to quickly and easily deploy a Java web application, including provisioning the EC2 instances needed to run the application, configuring an Elastic Load Balancer, and even installing Apache Tomcat. Elastic Beanstalk supports applications that use the following technologies: Java, .NET, PHP, Node.js, PHP, Python, Ruby, Go, Apache Tomcat, Docker, and more.

Answer 31

3) CodePipeline is a developer tool that allows you to continuously automate the software release process.

Answer 32

2) AWS CodeArtifact is an artifact repository service that makes it easy for organizations to securely store, publish, and share software packages used in their software developmnent process.

Answer 33

2) SES allows you to send plaintext and HTML-formatted emails from your applications. It is ideal for marketing campaigns and professional emails.

Answer 34

2) Simple Queue Service (SQS) can be used to decouple the components of an application. By exchanging messages using SQS, components are not dependent on one another and do not expect an immediate response. Removing dependencies between application components allows different parts of the application to fail without bringing down the whole application.

Answer 35

2) CodeArtifact is a fully managed artifact repository service that makes it easy for organizations of any size to securely store, publish, and share software packages used in their software development process. This includes everything needed to build your application, including libraries, deployable packages, compiled applications, and documentation relating to your application.

Answer 36

2) Snowmobile enables you to transport extremely large amounts of data to AWS. For instance, each Snowmobile supports transporting up to 100 PB of data stored in a shipping container pulled by a truck.

Answer 37

3) Snowcone is a small, rugged, military-grade data transfer device that is used to let you process and transfer data to AWS. It is designed for environments that lack consistent network bandwidth or connectivity.

Answer 38

3) Application Discovery Service is used to automatically create an inventory of your systems, including details of installed applications, operating system versions, and inbound/outbound network communications.

Answer 39

2) Snowmobile is a data transfer solution designed for migrating 10 PB or more to AWS.

Answer 40

2) Migration Hub is a service that integrates with Application Discovery Service, Application Migration Service, and Database Migration Service, to orchestrate and track migrations of multiple servers to AWS.

Answer 41

1) Transfer Family is a service that provides file sharing and transfer, enabling external parties to transfer files to and from your AWS storage. Multiple protocols are supported, including SFTP, AS2, FTPS, and FTP.

Answer 42

3) Database Migration Service is used to migrate databases to AWS.

Answer 43

3) AWS Snowball is suitable for moving terabytes of data from your on-premises data center to AWS. Snowball is designed to let you transfer datasets of 10 TB or more.

Answer 44

3) The Schema Conversion Tool is used to convert from one database schema to another.

Answer 45

2) Application Migration Service is used to migrate applications running on physical servers, virtual servers, other cloud providers, and other AWS accounts or regions.

Answer 46

2) QuickSight is a business analytics service that lets you make better decisions based on your data. It enables you to easily build dashboards to help visualize your data.

Answer 47

3) Athena is an interactive query service for data in S3. It enables you to query data stored in S3 using standard SQL.

Answer 48

4) Kendra is a service that provides custom search functionality, enabling users to search .doc, .ppt, .PDF, HTML, XML, and CSV documents using natural language.

Answer 49

3) Kineses Data Fire hose captures, transforms, and loads data continuously into data stores.

Answer 50

1) SageMaker is a service that is designed to let you build, train, and deploy machine learning models in the cloud.

Answer 51

2) OpenSearch is a fully managed Elasticsearch service that is based on open-source technology. Common use cases include log analytics, application monitoring, security analytics, and business data analytics. OpenSearch can ingest data from CloudWatch Logs, S3, and DynamoDB.

Answer 52

2) AWS Data Exchange is a service that allows you to securely exchange and use data provided by third parties on a subscription basis.

Answer 53

4) Amazon MSK (Managed Streaming for Apache Kafka) is a fully managed Apache Kafka service that can be used to process a continuous stream of data in real-time.

Answer 54

1) Amazon Textract is a service that is designed to extract text and information from documents.

Answer 55

Polly is a text-to-speech service that can be used to add natural-sounding speech to your applications, including reading out blog posts and websites.

Answer 56

3) Amazon EMR (Elastic MapReduce) is a fully managed Big Data solution that supports open-source technologies like Apache Spark, Apache Hive, Presto, and Hadoop.

Answer 57

3) Lex is a service that is designed to let you easily build a conversational chatbot.

Answer 58

3) AWS Glue is an ETL service that prepares your data for analytics and Machine Learning. It catalogs your data as well as performs Extract, Transform, and Load functions.

Answer 59

2) AppStream will handle hosting, scaling, and user management for your application and help you convert it into a SaaS product for your employees or customers.

Answer 60

1) Config leverages pre-defined or custom rules to alert administrators when non-compliant resources are detected.

Answer 61

3) CloudWatch collects data in real time that can be viewed in a dashboard

Answer 62

4) AWS Health Dashboard will give you a view of all outages across AWS, as well as a personal dashboard that displays only those services and Regions that are relevant to your cloud resources.

Answer 63

1) CloudWatch alarms can be used to send notifications or trigger automated events when metrics reach defined thresholds.

Answer 64

1) Applying tags to your resources can help you group and visualize them on CloudWatch or System Manager.

Answer 65

2) Unless otherwise specified, CloudWatch logs will be stored indefinitely.

Answer 66

1) The Well-Architected Tool helps you use the Well-Architected Framework as a set of lenses through which to analyze your workloads. You can use it to learn about the Well-Architected Framework and generate action plans to bring your architectures into alignment with it.

Answer 67

2) Trusted Advisor uses AWS Config rules to determine if you are following best practices, and it provides a prioritized list of recommendations.

Answer 68

4) This is more applicable to the Well-Architected Tool

Answer 69

1) Secrets Manger allows you to programmatically access encrypted secrets as well as enables automatic secret rotation.

Answer 70

4) AWS Artifact is a free self-service portal that provides access to compliance reports.

Answer 71

1) IAM Policies define granular access permissions for any principle.

Answer 72

3) Limiting permissions to only those necessary will prevent accidental resource provisioning, and limit the blast radius in the event of a security breach.

Answer 73

3) S3 buckets are encrypted by default upon creation.

Answer 74

1) Macie uses machine learning (ML) and pattern matching to discover and help you protect your sensitive data.

Answer 75

4) Shield is purpose-built to dynamically detect and mitigate DDoS attacks.

Answer 76

1) AWS Organizations allows you to connect multiple accounts to a management account, take advantage of consolidated billing, and enable centralized resources and security monitoring.

Answer 77

1) GuardDuty is an intelligent threat detection service that can dynamically detect threats across your AWS account or Organization.

Answer 78

3) Inspector provides automated and continual vulnerability management at scale.

Answer 79

1) AWS Organizations is the core service to achieve multi-account AWS environments, but AWS Control Tower is the service responsible for automating best practices.

Answer 80

2) Spot Instances can provide compute discounts of up to 90%, but these instances are only available when AWS has a surplus of available compute. This is the perfect scenario for utilizing Spot Instances. You can scale them out when they are needed, and the process is not harmed if the instances stop unexpectedly.

Answer 81

4) S3 Intelligent Tiering can automatically move objects to cost-effective storage classes, which is great for cost savings when you have unknown access frequencies.

Answer 82

1) Use Standard Reserved Instances - You can reserve Ec2 instances of a particular instance type in 1 or 3 year contracts to reduce cost by up to 72%. This is perfect for known and constant workloads that run 24/7.

Answer 83

4) Glacier Instant Retrieval provides storage up to 68% cheaper than S3 Standard-IA, specifically for use cases where you are accessing the data only once or twice per year.

Answer 84

2) Cost and Usage Reports give super granular cloud cost data broken down by account, service, and resource groups.

Answer 85

3) In Cost Explorer, you can create dashboards that help you project and monitor your actual AWS costs.

Answer 86

3) Minimize the cost of compute. If you own your own servers, compute is free. But cloud is often less expensive when you account for the Total Cost of Ownership (TCO), which includes things like server maintenance, utilities, and disaster recovery.

Answer 87

3) At $100/month, the Business Support plan is the cheapest plan that includes the full set of Trusted Advisor checks and 24/7 access to phone and chat support teams. These features are also available in Enterprise On-Ramp and Enterprise support plans.

Answer 88

1) AWS IQ can help you find AWS Certified freelancers and consultants.

Answer 89

3) Compute optimized

Answer 90

1 and 3 years

Answer 91

2) Spot Instance Reserved Instances require a 1 or 3 year contract Dedicated Instances run on a VPC on dedicated hardware and have a higher cost On-Demand requires a minimum contract length and costs more than Spot instances

Answer 92

1) Elastic Load Balancing is the AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances. This helps to ensure that no single resource becomes overutilized.

Answer 93

4) Amazon EKS is a fully managed Kubernetes service. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale.

Answer 94

3) Each Region has at least 3 Availability Zones within it.

Answer 95

4) Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and delivery content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.

Answer 96

3) Edge locations

Answer 97

4) AWS Outposts allows you to extend AWS infrastructure and services to different locations, including your on-premises data center.

Answer 98

2) Place the Amazon EC2 instances in a public subnet and the Amazon RDS databases instances in a private subnet. A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private. Public subnets contain resources that need to be accessible by the public, such as an online store’s website. Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.

Answer 99

3) AWS Direct Connect

Answer 100

1) Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance. By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs.

Answer 101

4) Internet gateway

Answer 102

4) Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that host in AWS. Another feature of Route 53 is the ability to manage the DNS records for domain names. You can transfer DNS records for existing domain names managed by other domain registrars. You can also register new domain names directly in Route 53.

Answer 103

1) EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones. An EBS volume must be located in the same Availability Zone as the Amazon EC2 instance to which it is attached. Data in an Amazon EFS file system can be accessed concurrently from all the Availability Zones in the Region where the file system is located.

Answer 104

4) Amazon S3

Answer 105

2) A serverless key-value database service. Amazon DynamoDB is a key-value database service. It is serverless, which means that you do not have to provision, patch, or manage server

Answer 106

1) Amazon Redshift. Amazon Redshift is a data warehousing service that you can use for big data analytics. Use Amazon Redshift to collect data from many sources and help you understand relationships and trends across your data.

Answer 107

2) A document that grants or denies permissions to AWS services and resources. IAM policies provide you with the flexibility to customize users’ levels of access to resources. For instance, you can allow users to access all the Amazon S3 buckets in your AWS account or only a specific bucket.

Answer 108

3)IAM role. An IAM role is an identity that you can assume to gain temporary access to permissions. When someone assumes an IAM role, they abandon all permissions that they had under a previous role and assume the permissions of the new role. IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily instead of long-term.

Answer 109

3) Granting only the permissions that are needed to perform specific job tasks. When you grant permissions by following the principle of least privilege, you prevent users or roles from having more permissions than needed to perform specific job tasks. For example, cashiers in the coffee shop should be given access to the cash register system. As a best practice, grant IAM users and roles a minimum set of permissions and then grant additional permissions as needed.

Answer 110

4) AWS Shield. As network traffic comes into your applications, AWS Shield uses a variety of analysis techniques to detect potential DDoS attacks in real time and automatically mitigates them.

Answer 111

3) Create cryptographic keys. AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

Answer 112

1 & 4 Monitor your resources’ utilization and performance Access metrics from a single dashboard

Answer 113

3) AWS Trusted Advisor. AWS Trusted Advisor is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. The inspection includes security checks, such as Amazon S3 buckets with open access permissions.

Answer 114

2 & 5 Performance Fault tolerance AWS Trusted Advisor continuously inspects your AWS environment and provides best practice recommendations across five categories: cost optimization, performance, security, fault tolerance, and service limits.

Answer 115

3) Combine usage across accounts to receive volume pricing discounts.

Answer 116

3) AWS Cost Explorer. AWS Cost Explorer includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level.

Answer 117

2) AWS Budgets. In AWS Budgets, you can set custom alerts that will notify you when your service usage exceeds (or is forecasted to exceed) the amount that you have budgeted. Your budget can be based on costs or usage. For example, you can set an alert that will notify you when you have incurred $100.00 of costs in Amazon EC2 or 500,000 requests in AWS Lambda.

Answer 118

2) Enterprise. A Technical Account Manager (TAM) is available only to AWS customers with the Enterprise On-Ramp and Enterprise Support plans. A TAM provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications.

Answer 119

1) AWS Marketplace. AWS Marketplace is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS.

Answer 120

2) Security Perspective. The Security Perspective of the AWS Cloud Adoption Framework also helps you to identify areas of non-compliance and plan ongoing security initiatives.

Answer 121

2 & 5 Retaining Rehosting The application migration strategies are rehosting, replatforming, refactoring/re-architecting, repurchasing, retaining, and retiring.

Answer 122

4) 100 PB. AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot-long shipping container that is pulled by a semi-trailer truck.

Answer 123

1) "A service that enables you to build conversational interfaces using voice and text." In Amazon Lex, you can quickly build, test, and deploy conversational chatbots to use in your applications.

Answer 124

2) Operational Excellence

Answer 125

1 & 5 The two correct response options are: Increase speed and agility. Stop spending money running and maintaining data centers. The six advantages of cloud computing are: Trade upfront expense for variable expense. Benefit from massive economies of scale. Stop guessing capacity. Increase speed and agility. Stop spending money running and maintaining data centers. Go global in minutes.

Answer 126

1) EC2 Instance Savings Plans. EC2 Instance Savings Plans reduces compute costs by committing to a consistent hourly spend for a 1-year or 3-year term. This results in savings of up to 72% over On-Demand Instance costs. Any EC2 usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an hour). Any EC2 usage beyond the commitment is charged at regular On-Demand Instance rates.

Answer 127

2) AWS CloudTrail. With CloudTrail, a person can view a complete history of user activity and API calls for their applications and resources. Events are typically updated in CloudTrail within 15 minutes after an API call was made. A person can filter events by specifying the time and date that an API call occurred, the user who requested the action, the type of resource that was involved in the API call, and more.

Answer 128

3) Amazon Augmented AI. Amazon Augmented AI (Amazon A2I) provides built-in human review workflows for common machine learning use cases, such as content moderation and text extraction from documents. With Amazon A2I, a person can also create their own workflows for machine learning models built on Amazon SageMaker or any other tools.

Answer 129

1 & 4 Connect user requests to infrastructure in AWS and outside of AWS. Manage DNS records for domain names. Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that are hosted in AWS. Additionally, businesses can transfer DNS records for existing domain names that are currently managed by other domain registrars, or register new domain names directly within Amazon Route 53.

Answer 130

1) Deliver content to customers through a global network of edge locations. Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.

Answer 131

1 & 4 S3 Standard S3 Standard-IA In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects access patterns. If an object has not accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If an object is accessed in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard.

Answer 132

4) AWS Command Line Interface. The AWS Command Line Interface (AWS CLI) provides the capability to control multiple AWS services directly from the command line within one tool. For example, a person can use commands to start an Amazon EC2 instance, connect an Amazon EC2 instance to a specific Auto Scaling group, and more. The AWS CLI is available for users on Windows, macOS, and Linux.

Answer 133

2) AWS Cost Explorer. With AWS Cost Explorer, businesses can quickly create custom reports to analyze their AWS cost and usage data.

Answer 134

1) Performance Efficiency. The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

Answer 135

4) A service that provides intelligent threat detection for your AWS infrastructure and resources. AWS GuardDuty identifies threats by continually monitoring the network activity and account behavior within an AWS environment.

Answer 136

1) Amazon Elastic Kubernetes Service (Amazon EKS). Amazon EKS is a fully managed service that runs Kubernetes on AWS. Kubernetes is open-source software that deploys and manages containerized applications at scale. Containers provide a standard way to package an application's code and dependencies into a single object. Containers are frequently used for processes and workflows in which there are essential requirements for security, reliability, and scalability.

Answer 137

4) A digital catalog that includes thousands of listings from independent software vendors. Businesses can use AWS Marketplace to find, test, and buy software that runs on AWS.

Answer 138

4) AWS Direct Connect. AWS Direct Connect is a service that establishes a dedicated private connection between an on-premises data center and VPC. The private connection that AWS Direct Connect provides helps reduce network costs and increase the amount of bandwidth that can travel through a network.

Answer 139

1) Amazon Simple Queue Service (Amazon SQS). Amazon SQS is a message queuing service. Using Amazon SQS, an application developer can send, store, and receive messages between software components at any volume size, without losing messages or requiring other services to be available. In Amazon SQS, an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.

Answer 140

4) Amazon Elastic Block Store (Amazon EBS). Amazon EBS provides block-level storage volumes for Amazon EC2 instances. If a person stops or terminates an Amazon EC2 instance, all the data on the attached EBS volume remains available.

Answer 141

4) Amazon S3 Intelligent-Tiering. In the Amazon S3 Intelligent-Tiering storage class, Amazon S3 monitors object access patterns. If an object has not been accessed for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, Amazon S3 Standard-IA. If an object is accessed in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, Amazon S3 Standard.

Answer 142

2) Businesses pay only for compute time while their code is running. AWS Lambda is a service that runs code without needing to provision or manage servers. While using AWS Lambda, businesses pay only for the compute time that they consume. They are charged only when their application code is running. With AWS Lambda, they can run code for virtually any type of application or backend service, all with zero administration.

Answer 143

3 & 4 Enterprise Business

Answer 144

3) AWS Elastic Beanstalk. Businesses upload their application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.

Answer 145

1) A fully isolated portion of the AWS global infrastructure. An Availability Zone is a single data center or a group of data centers within a Region. Availability Zones are located tens of miles apart from each other. This helps them to provide interconnectivity to support the services and applications that run within a Region.

Answer 146

4) AWS Organizations. In AWS Organizations, businesses centrally control permissions for their accounts by using service control policies (SCPs). Additionally, businesses can use the consolidated billing feature in AWS Organizations to combine usage and receive a single bill for multiple AWS accounts.

Answer 147

4) security group. A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance. By default, a security group denies all inbound traffic and allows all outbound traffic. Businesses can add custom rules to configure which traffic should be allowed or denied.

Answer 148

4) Refactoring

Answer 149

2) AWS Snowmobile. AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot-long shipping container that is pulled by a semi-trailer truck.

Answer 150

4) A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances. A load balancer acts as a single point of contact for all incoming web traffic to an Auto Scaling group. This means that as Amazon EC2 instances are added or removed in response to the amount of incoming traffic, these requests are routed to the load balancer first and then spread across multiple resources that will handle them.

Answer 151

4) instance store. Instance stores are ideal for temporary data that does not need to be kept long term. When an Amazon EC2 instance is stopped or terminated, all the data that has been written to the attached instance store is deleted.

Answer 152

1) Amazon DynamoDB. Amazon DynamoDB is a key-value database service. A key-value database might include data pairs such as “Name: John Doe,” “Address: 123 Any Street,” and “City: Anytown”. In a key-value database, you can add or remove attributes from items in the table at any time. Additionally, not every item in the table has to have the same attributes.

Answer 153

2 & 5 The two correct response options are: Maintaining virtualization infrastructure Configuring AWS infrastructure devices

Answer 154

1) Performance. In this category, AWS Trusted Advisor also helps improve the performance of services by providing recommendations for how to take advantage of provisioned throughput.

Answer 155

3) Operations Perspective. The Operations Perspective of the AWS Cloud Adoption Framework also includes principles for operating in the cloud by using agile best practices. The other response options are incorrect because: The Business Perspective helps moves a business from a model that separates business and IT strategies into a business model that integrates IT strategy. The People Perspective helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies. The Governance Perspective provides the capability to update the staff skills and organizational processes that are necessary to ensure business governance in the cloud.

Answer 156

1) Trusted Advisor checks security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity, such as hacking, denial-of-service attacks, or loss of data.

Answer 157

4) With Spot Instances, you can access unused EC2 capacity. Spot Instances can be discounted.

Answer 158

2) Macie is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Answer 159

3) Aurora is a MySQL- and PostgreSQL-compatible relational database built for the cloud. Aurora combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases.

Answer 160

4) CloudFront is a web service that speeds up the distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. Content is cached in edge locations. Content that is repeatedly accessed can be served from the edge locations instead of the source S3 bucket.

Answer 161

4) Site-to-Site VPN creates an encrypted network path between your on-premises network and your AWS Cloud network. This connection between your on-premises network and your AWS Cloud network uses the internet.

Answer 162

2) The reliability pillar includes the ability of a workload to perform its intended function correctly and consistently when it is expected to do so. The deployment of Amazon RDS in multiple Availability Zones supports the goal of reliability because it reduces single points of failure.

Answer 163

2) Organizations provides centralized governance and billing for an AWS environment, including multiple accounts.

Answer 164

3) Direct Connect links your internal network to a Direct Connect location through a standard Ethernet fiber-optic cable. One end of the cable connects to your router. The other end of the cable connects to a Direct Connect router. AWS Direct Connect is consistent and private because your company is the only user of the cable.

Answer 165

1 & 4 The deployment of the EC2 instances in multiple Availability Zones prevents a single point of failure. Availability Zones are designed for physical redundancy and to provide resilience with uninterrupted performance. If you host all your instances in a single location that is affected by a failure, none of your instances would be available. Availability Zones are designed for physical redundancy and to provide resilience with uninterrupted performance.

Answer 166

4 & 5 AWS provides AWS Identity and Access Management (IAM) as a service. The customer defines IAM users and the access policies that apply to those users. The customer determines access permissions to S3 buckets that the customer owns.

Answer 167

1 & 3 Lambda charges are dependent on the amount of time it takes to run the code. Lambda charges are dependent on the number of requests for your Lambda functions.

Answer 168

2) Amazon Polly is a machine learning service that converts text to speech. This service provides the ability to read text out loud.

Answer 169

3) AWS MGN is an automated lift-and-shift solution. This solution can migrate physical servers and any databases or applications that run on them to EC2 instances in AWS. It is not 1 because AWS DMS can be used to migrate data from an on-premises database to a database in AWS. However, AWS DMS does not migrate the actual server to an EC2 instance.

Answer 170

1) ACM is a service that is used to create, store, and renew public and private SSL/TLS certificates. You can use ACM to implement encryption in transit and at rest by using a protocol, such as TLS.

Answer 171

4) Amazon SNS is a service used to deliver publications to subscribers. You can use Amazon SNS to send notifications, such as mobile text messages, push notifications, or emails, to subscribers of a quality assurance test-failure topic.

Answer 172

1& 3 Programmatic access requires an access key ID and a secret access key that can be assigned to an AWS user.

Answer 173

2) You can call or chat with technical support by using the Business Support plan or the Enterprise Support plan. The Business Support plan is the minimum plan that provides this feature.

Answer 174

1 & 3 The use of Regions around the world will improve an application's global performance and reduce latency for users. CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to global customers with low latency and high transfer speeds.

Answer 175

2) It blocks all inbound traffic and allows all outbound traffic.

Answer 176

False - A network ACL secures subnets. A security group is responsible for securing EC2 instances.

Answer 177

1 & 3 The use of Regions around the world will improve an application's global performance and reduce latency for users. CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to global customers with low latency and high transfer speeds.

Answer 178

1) Amazon S3 is an object storage service designed for large objects like media files. Because you can store unlimited objects and each individual object can be up to 5 TB, Amazon S3 is an ideal service for hosting video, photo, and music uploads.

Answer 179

3) With Amazon DynamoDB, you can build internet-scale applications supporting user-content metadata and caches that require high concurrency and connections for millions of users and millions of requests per second.