Cloud Practitioner

Question 1

Amazon Inspector

Answer 1

Amazon Inspector can be used to analyze potential security threats for an Amazon EC2 instance against an assessment template with predefined rules. It does not provide historical data for configurational changes done to AWS resources.

Question 2

AWS Config

Answer 2

AWS Config can be used to audit, evaluate configurations of AWS resources. If there are any operational issues, AWS Config can be used to retrieve configurational changes made to AWS resources that may have caused these issues. It can also keep multiple date-stamped versions in a reviewable history.

Question 3

AWS Artifact

Answer 3

AWS Artifact is a comprehensive resource center to have (downloadable) access to the AWS auditor-issued reports and security and compliance documentation from several renowned independent standard organizations.

Question 4

AWS Resource Center

Answer 4

AWS Resource Center is a repository of tutorials, whitepapers, digital training, and project use cases that aid in learning the core concepts of AWS.

Question 5

AWS Service Catalog

Answer 5

AWS Service Catalog allows organizations to create and save their own IT service catalogs for further use, but they have to be approved by AWS. IT service catalogs can be multi-tiered applications architectures.

Question 6

Which service to use to optimize performance for global users to transfer large-sized data objects to a centralized S3 bucket?

Answer 6

Enable S3 Transfer Acceleration on the Amazon S3 bucket.

Question 7

When to use Multi-part upload?

Answer 7

For all data objects exceeding 100 megabytes. (For better performance, S3 transfer acceleration should be enabled.)

Question 8

AWS X-Ray

Answer 8

AWS X-Ray is a service that collects data about requests that your application serves and provides tools that you can use to view, filter, and gain insights into that data to identify issues and opportunities for optimization. It helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture.

Question 9

AWS Cloudwatch vs AWS X-Ray

Answer 9

X-Ray can help with debugging. Cloudwatch primarily monitors.

Question 10

Business vs Enterprise Support

Answer 10

Enterprise support adds 15 minute response time for business-critical system outages, as well as consultative guidance.

Question 11

Which service can detect users’ personal credit card numbers from data stored in Amazon S3?

Answer 11

Amazon Macie

Question 12

Which AWS managed database service provides processing power up to 5x faster than a traditional MySQL database?

Answer 12

Aurora

Question 13

AWS CodeStar

Answer 13

AWS CodeStar enables you to develop, build, and deploy applications on AWS quickly. AWS CodeStar provides a unified user interface, enabling you to manage your software development activities in one place easily.

Question 14

AWS CodeArtifact

Answer 14

AWS CodeArtifact is a fully managed artifact repository service that makes it easy for organizations of any size to securely store, publish, and share software packages used in their software development process.

Question 15

Amazon Athena

Answer 15

Amazon Athena queries data directly from S3, Athena is compatible with many formats such as CSV, JSON, ORC, AVRO, and Parquet, but Athena can only query in SQL.

Question 16

AWS Trusted Advisor

Answer 16

AWS Trusted Advisor checks for service usage for all the resources within AWS Cloud and provides notifications.

Question 17

Amazon Detective

Answer 17

Amazon Detective uses machine learning and graph theory capability on automatically collected log data to help you conduct faster and efficient security investigations.

Question 18

EFS or S3 for Linux?

Answer 18

Storing files (even petabytes of data) in a Linux-based workload is best done with EFS. S3 is not suitable for deploying Linux-based workloads and uses objects not files.

Question 19

Cost Explorer compared to Pricing Calculator?

Answer 19

Cost Explorer helps users to view graph displays of cost of your billing data and analyze them & get a forecast for likely spends for the next 12 months. The scenario is more to do with clients getting a cost estimate of different AWS services before they move to AWS cloud.

Question 20

Cost Explorer compared to Pricing Calculator?

Answer 20

Through AWS Pricing Calculator a client can estimate costs that he will incur for various AWS services that he wishes to use. The pricing calculator guides the user through a set of well defined service parameters.

Question 21

Amazon Redshift

Answer 21

Automates infrastructure provisioning and admin tasks for an analytical data warehouse. Redshift is a fully managed, petabyte scale data warehouse. You can start with small data and scale up to large data, allowing you to acquire new insights for your business and customers.

Question 22

AWS Audit Manager

Answer 22

Audit Manager is used for auditing AWS usage and building audit reports for risk & compliance. This will not generate AWS security & compliance documents.

Question 23

AWS License Manager

Answer 23

AWS License Manager provisions & tracks license usage across multiple AWS accounts and also on-premises environment.

Question 24

AWS Cloud HSM

Answer 24

AWS Cloud HSM (Hardware Security Model) for generating and managing encryption keys on the AWS cloud. It can be used for offloading SSL processing for web servers.

Question 25

AWS Secrets Manager

Answer 25

AWS Secrets Manager can be used to implement password rotation policy for secrets stored. Not suitable for SSL processing.

Question 26

S3 Glacier vs Glacier Deep Archive

Answer 26

Standard is 3-5 Hrs vs < 12 Hrs. Expedited is 1-5 Mins vs Not available.

Question 27

AWS CodeCommit

Answer 27

Data store to store source code, scripts, etc., accessible over the internet, and encrypts at rest and in transit. Q about startup company wants to store their source code on open-source repository publicly accessible but secured…

Question 28

Acceptable use for penetration testing of EC2 instances..

Answer 28

Can be performed by the customer (without prior AWS approval), provided they work with the list of services mentioned by AWS.

Question 29

Trusted Advisor - what 5 categories does it provide insight for?

Answer 29

Cost Optimization, Performance, Security, Fault Tolerance, Service Limits.

Question 30

AWS CodeDeploy

Answer 30

managed service that automates software deployment on a large scale to EC2 instances and on-premise services.

Question 31

AWS Personal Health Dashboard

Answer 31

AWS Personal Health Dashboard is a tool that shows the status of AWS services running the user-specific resources. It is a graphical representation that sends alerts / notifications of any personal pending issues, planned changes, and scheduled activities.

Question 32

Savings Plans services

Answer 32

Flexible discount pricing models that offer reduced rates for 1 to 3 year commitments - confined to EC2, Fargate, and Lambda

Question 33

CloudFront vs Global Accelerator - Static IP

Answer 33

Global Accelerator provides static public IP addresses. CloudFront uses domain name and can resolve to dynamic public IP addresses.

Question 34

AWS Systems Manager

Answer 34

AWS Systems Manager allows users to control their AWS resources by unifying services into a user interface. They can view, automate, and monitor tasks - across AWS regions and by account.

Question 35

Which service can collect important metrics from AWS RDS and EC2 instances?

Answer 35

Amazon CloudWatch

Question 36

An application has been deployed to multiple regions to improve performance. How to best achieve the optimal regional endpoint to increase the availability of the application?

Answer 36

Use Global Accelerator

Question 37

What endpoints are available for standard Global Accelerator?

Answer 37

Network Load Balancers, Application Load Balancers, EC2 Instances, or Elastic IP Addresses.

Question 38

Which AWS service can be used to manage infrastructure as code?

Answer 38

AWS CloudFormation

Question 39

Which service can be used to create steps to automate build, test, and deployment for a web application?

Answer 39

AWS CodePipeline

Question 40

What is AWS CodeCommit used for?

Answer 40

CodeCommit is used to store deployment codes.

Question 41

What is AWS CodeDeploy used for?

Answer 41

CodeDeploy is used for deployment of code to resources.

Question 42

What is AWS CodeBuild used for?

Answer 42

CodeBuild is used to test and build application code.

Question 43

CloudWatch vs CloudTrails - re API calls

Answer 43

CloudTrails logs API calls; CloudWatch does not.

Question 44

Which service can be used to retreive configuration changes to an AWS resource causing operational issues?

Answer 44

AWS Config. (NOT Amazon Inspector)

Question 45

Amazon Workspaces

Answer 45

Allows users to log in remotely to access Windows or Linux desktops from any location.

Question 46

Which service can be used to create a customized portfolio that will help users for a quick deployment?

Answer 46

AWS Service Catalog. Portfolio is the key - Code Deploy automates code deployment, but is not used for creating a portfolio of resources.

Question 47

Which services are used by AWS Service Catalog to create a portfolio of products?

Answer 47

AWS IAM and AWS CloudFormation

Question 48

Which service provides location-based web personalization using geolocation headers?

Answer 48

Amazon CloudFront. (NOT Route 53)

Question 49

Route 53 - what routing policy to use when one location is experiencing degraded service?

Answer 49

Failover routing policy. (NOT latency-based or geo-location)

Question 50

What service to use to re-engineer the application by decoupling the components?

Answer 50

Amazon SQS. (NOT Load Balancing - this is for distributing workloads across EC2 instances but not for refactoring or re-engineering.)

Question 51

Kinesis Data Streams vs Kinesis Data Analytics?

Answer 51

Data Streams is an ingestion service that provides data streams to consumers. Data Analytics is a fully managed solution using SQL to process data from a data stream.

Question 52

AWS Elastic Beanstalk

Answer 52

Developers simply upload their application and Beanstalk automatically handles the deployment details of scaling, provisioning and health monitoring.

Question 53

What service to use for launching a quick simple application or website in AWS Cloud with pre-configured resources?

Answer 53

Amazon LightSail. (NOT Beanstalk, which uses more resources to support an application.) For quick and simple and preconfigured, use LightSail.

Question 54

What 3 actions can Amazon Macie perform on users’ data?

Answer 54

Discover, Monitor, Protect

Question 55

Facts about Cost Explorer

Answer 55

12 months back and forward / Provides trends to understand your costs / Usage-based forecasting

Question 56

Network ACLs - Default Count - How many?

Answer 56

200 Network ACLs per VPC spanning multiple AZs

Question 57

List 4 Support Plans

Answer 57

Basic, Developer, Business, Enterprise - - - that’s it, only 4.

Question 58

Subnets - Route Tables - Default Count - How many?

Answer 58

200 Route tables are supported per VPC - a soft limit which can be adjusted. Each Route Table supports 50 non-propagated routes and 100 BGP advertised propagated routes.

Question 59

Which tool can check service limits for resources launched in the aws cloud?

Answer 59

AWS Trusted Advisor

Question 60

Can user run Oracle DB and maintain full control?

Answer 60

Yes - Run Oracle SQL DBase using Amazon EC2.

Question 61

CodePipeline typical use case?

Answer 61

To orchestrate and automate the various phases involved int he release of application undates in-line with a predefined release model.

Question 62

Snow transfer limitations:

Answer 62

Snowcone (14 TB w/ ssd; 8 TB w/o) / Snowball Edge Compute Optimized (42 TB) / Snowball Edge Storage Optimized (100 TB; 80 TB usable, w/ 24 vCPUs and 32 GB memory for in-transit processing) / Snowmobile (100 Petabytes)

Question 63

AWS Budgets and utilization triggers

Answer 63

AWS Budgets allows you to set reservation utilization budgets that define a threshold and send alerts when utilization falls below that threshold

Question 64

What service provides a POSIX compliant, NFS file storage solution?

Answer 64

AWS Elastic File System (EFS)

Question 65

Aurora or Redshift - which one can utilize standard SQL queries and existing BI tools?

Answer 65

Redshift. / Aurora uses MySQL and PostgreSQL.

Question 66

Aurora or Redshift - which one uses OLAP?

Answer 66

Redshift. / Aurora uses OLTP

Question 67

Priority of the job queue is set by the Priority Parameter of the Job Queue

Answer 67

Not the Priority Parameter of the Job Definition.

Question 68

What resources can WAF integrate with?

Answer 68

Application Load Balancer / CloudFront / API Gateway / AppSync

Question 69

Are Savings Plans available in all regions?

Answer 69

No - Savings Plans are not available in China

Question 70

Examples of CloudTrail Events include?

Answer 70

Actions taken in the AWS Management Console, AWS Command Line Interface (CLI), AWS SDKs and AWS APIs.

Question 71

What does a VPC Security Group do?

Answer 71

A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance. By default, a security group denies all inbound traffic and allows all outbound traffic.

Question 72

What does a VPC Subnet do?

Answer 72

A subnet is a section of a VPC in which you can group resources based on security or operational needs.

Question 73

What does a VPC Network Access Control List (NACL) do?

Answer 73

A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level.

Question 74

What does a VPC Internet Gateway do?

Answer 74

An internet gateway is a connection between a VPC and the internet. It allows public traffic from the internet to access a VPC.