Cloud Practitioner Flashcards

Question 1

Q

AWS Cost Explorer

Answer

A

A tool that enables you to visualize, understand, and manage your AWS costs and usage over time.

It includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level.

Question 2

Q

AWS Budgets

Answer

A

Can create budgets to plan your service usage, service costs, and instance reservations.

The information updates three times a day. This helps you to accurately determine how close your usage is to your budgeted amounts or to the AWS Free Tier limits.

You can also set custom alerts when your usage exceeds (or is forecasted to exceed) the budgeted amount.

Question 3

Q

AWS Pricing Calculator

Answer

A

Lets you explore AWS services and create an estimate for the cost of your use cases on AWS. You can enter details for your cloud computing requirements and then receive a detailed estimate that can be exported and shared.

Question 4

Q

AWS Artifact

Answer

A

A service that enables you to access AWS security and compliance reports and special online agreements.

Question 5

Q

AWS CAF: Operations

Answer

A

Helps you to enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders.

Define how day-to-day, quarter-to-quarter, and year-to-year business is conducted. Align with and support the operations of the business. The AWS CAF helps these stakeholders define current operating procedures and identify the process changes and training needed to implement successful cloud adoption. Includes principles for operating in the cloud by using agile best practices.

Common roles in this Perspective include:

IT operations managers
IT support managers

Question 6

Q

AWS CAF: Business

Answer

A

Helps you to move from a model that separates business and IT strategies into a business model that integrates IT strategy.

Ensures that IT aligns with business needs and that IT investments link to key business results.

Use this Perspective to create a strong business case for cloud adoption and prioritize cloud adoption initiatives. Ensure that your business strategies and goals align with your IT strategies and goals.

Common roles in this Perspective include:

Business managers
Finance managers
Budget owners
Strategy stakeholders

Question 7

Q

AWS CAF: People

Answer

A

Helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies.

Supports development of an organization-wide change management strategy for successful cloud adoption.

Use this Perspective to evaluate organizational structures and roles, new skill and process requirements, and identify gaps. This helps prioritize training, staffing, and organizational changes.

Common roles in this Perspective include:

Human resources
Staffing
People managers

Question 8

Q

AWS CAF: Governance

Answer

A

Helps you understand how to update the staff skills and organizational processes that are necessary to ensure business governance in the cloud.

Focuses on the skills and processes to align IT strategy with business strategy. This ensures that you maximize the business value and minimize risks.

Use this Perspective to understand how to update the staff skills and processes necessary to ensure business governance in the cloud. Manage and measure cloud investments to evaluate business outcomes.

Common roles in this Perspective include:

Chief Information Officer (CIO)
Program managers
Enterprise architects
Business analysts
Portfolio managers

Question 9

Q

AWS CAF: Platform

Answer

A

This Perspective includes principles and patterns for implementing new solutions on the cloud, and migrating on-premises workloads to the cloud.

Use a variety of architectural models to understand and communicate the structure of IT systems and their relationships. Describe the architecture of the target state environment in detail.

Common roles in this Perspective include:

Chief Technology Officer (CTO)
IT managers
Solutions architects

Question 10

Q

AWS CAF: Security

Answer

A

This Perspective ensures that the organization meets security objectives for visibility, auditability, control, and agility.

Use the AWS CAF to structure the selection and implementation of security controls that meet the organization’s needs.

Common roles in this Perspective include:

Chief Information Security Officer (CISO)
IT security managers
IT security analysts

Question 11

Q

Six Core Perspectives of Cloud Adoption Framework (AWS CAF)

Answer

A

Business
People
Governance
Platform
Security
Operations

Question 12

Q

Six Benefits of Cloud Computing

Answer

A

Trade upfront expense for variable expense
Stop spending money to run and maintain data centers
Stop guessing capacity
Benefit from massive economies of scale
Increase speed and agility
Go global in minutes

Question 13

Q

Six Pillars of Well-Architected Framework

Answer

A

Operational excellence
Security
Reliability
Performance efficiency
Cost optimization
Sustainability

Question 14

Q

Pillar: Operational Excellence

Answer

A

Ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

Design principles for this pillar include performing operations as code, annotating documentation, anticipating failure, and frequently making small, reversible changes.

Question 15

Q

Pillar: Security

Answer

A

Ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

When considering the security of your architecture, apply these best practices:

Automate security best practices when possible.
Apply security at all layers.
Protect data in transit and at rest.

Question 16

Q

Pillar: Reliability

Answer

A

Ability of a system to do the following:

Recover from infrastructure or service disruptions
Dynamically acquire computing resources to meet demand
Mitigate disruptions such as misconfigurations or transient network issues

This includes testing recovery procedures, scaling horizontally to increase aggregate system availability, and automatically recovering from failure.

Question 17

Q

Pillar: Performance Efficiency

Answer

A

Ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.

Evaluating the performance efficiency of your architecture includes experimenting more often, using serverless architectures, and designing systems to be able to go global in minutes.

Question 18

Q

Pillar: Cost Optimization

Answer

A

Ability to run systems to deliver business value at the lowest price point.

Includes adopting a consumption model, analyzing and attributing expenditure, and using managed services to reduce the cost of ownership.

Question 19

Q

Pillar: Sustainability

Answer

A

Ability to run systems to deliver business value at the lowest price point.

Cost optimization includes adopting a consumption model, analyzing and attributing expenditure, and using managed services to reduce the cost of ownership.

Question 20

Q

EC2 Savings Plans

Answer

A

Enable you to reduce your compute costs by committing to a consistent amount of compute usage for a 1-year or 3-year term.

This results in savings of up to 72% over On-Demand Instance costs.

Any usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an hour). Any usage beyond the commitment is charged at regular On-Demand Instance rates.

Question 21

Q

EC2 Reserved Instances

Answer

A

Billing discount that is applied to the use of On-Demand Instances in your account.

You can purchase Standard and Convertible Instances for a one-year or three-year term, and Scheduled Instances for a one-year term.

Unlike Savings Plans, these do not require you to commit to a consistent amount of compute usage over the duration of the contract.

Question 22

Q

EC2 Spot Instances

Answer

A

Ideal for workloads with flexible start and end times or that can withstand interruptions. These Instances leverage unused EC2 computing capacity and offer you cost savings at up to 90% of On-Demand Instance prices.

Question 23

Q

EC2 Dedicated Hosts

Answer

A

Physical servers with EC2 instance capacity that is fully dedicated to your use.

You can use your existing per-socket, per-core, or per-VM software licenses to help maintain license compliance. You can purchase On-Demand or Reserved. Of all the Amazon EC2 options that were covered in this course, these are the most expensive.

Question 24

Q

AWS Organizations

Answer

A

Centrally control permissions for the accounts in your organization by using service control policies (SCPs).

Additionally, you can use the consolidated billing feature in AWS Organizations to combine usage and receive a single bill for multiple AWS accounts.

You can group accounts into organizational units (OUs) to make it easier to manage accounts with similar business or security requirements. When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.

Question 25

Q

AWS Identity and Access Management (IAM)

Answer

A

Service that you can use to manage access to AWS services and resources.

Question 26

Q

AWS Marketplace

Answer

A

A digital catalog that includes thousands of listings from independent software vendors.

You can use AWS Marketplace to find, test, and buy software that runs on AWS.

Question 27

Q

AWS Support

Answer

A

A resource that can answer questions about best practices and assist with troubleshooting issues.

Question 28

Q

Technical Account Manager (TAM)

Answer

A

A resource that provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications.

Question 29

Q

AWS Trusted Advisor

Answer

A

A web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices.

It compares its findings to AWS best practices in five categories: cost optimization, performance, security, fault tolerance, and service limits. For the checks in each category, this offers a list of recommended actions and additional resources to learn more about AWS best practices.

The guidance provided by this can benefit your company at all stages of deployment. For example, you can use this to assist you while you are creating new workflows and developing new applications. Or you can use it while you are making ongoing improvements to existing applications and resources.

Question 30

Q

DynamoDB

Answer

A

A key-value database service. A key-value database might include data pairs such as “Name: John Doe,” “Address: 123 Any Street,” and “City: Anytown”.

In a key-value database, you can add or remove attributes from items in the table at any time. Additionally, not every item in the table has to have the same attributes.

Question 31

Q

Amazon Relational Database Service (Amazon RDS)

Answer

A

A service that enables you to run relational databases in the AWS Cloud.

A managed service that automates tasks such as hardware provisioning, database setup, patching, and backups. With these capabilities, you can spend less time completing administrative tasks and more time using data to innovate your applications. You can integrate it with other services to fulfill your business and operational needs, such as using AWS Lambda to query your database from a serverless application.

Provides a number of different security options. Many of these database engines offer encryption at rest (protecting data while it is stored) and encryption in transit (protecting data while it is being sent and received).

Question 32

Q

Amazon Aurora

Answer

A

An enterprise-class relational database. It is compatible with MySQL and PostgreSQL relational databases. It is up to five times faster than standard MySQL databases and up to three times faster than standard PostgreSQL databases.

Helps to reduce your database costs by reducing unnecessary input/output (I/O) operations, while ensuring that your database resources remain reliable and available.

Consider if your workloads require high availability. It replicates six copies of your data across three Availability Zones and continuously backs up your data to Amazon S3.

Question 33

Q

Amazon DocumentDB

Answer

A

A document database service that supports MongoDB workloads.

Question 34

Q

Elastic Load Balancing

Answer

A

A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances.

Acts as a single point of contact for all incoming web traffic to your Auto Scaling group. This means that as Amazon EC2 instances are added or removed in response to the amount of incoming traffic, these requests are routed here first and then spread across multiple resources that will handle them.

Question 35

Q

AWS Auto Scaling

Answer

A

A service that monitors your applications and automatically adds or removes capacity from your resource groups in response to changing demand.

Question 36

Q

Amazon CloudWatch

Answer

A

A service that provides data that you can use to monitor your applications, optimize resource utilization, and respond to system-wide performance changes.

You can create alarms that automatically perform actions if the value of your metric has gone above or below a predefined threshold.

Question 37

Q

Amazon ElastiCache

Answer

A

A service that adds caching layers on top of your databases to help improve the read times of common requests.

It supports two types of data stores: Redis and Memcached.

Question 38

Q

AWS Trusted Advisor Categories

Answer

A

Cost Optimization
Performance
Security
Fault Tolerance
Service Limits

Question 39

Q

AWS Command Line Interface (CLI)

Answer

A

Enables you to control multiple AWS services directly from the command line within one tool. For example, you can use commands to start an Amazon EC2 instance, connect an Amazon EC2 instance to a specific Auto Scaling group, and more. This tool is available for users on Windows, macOS, and Linux.

Question 40

Q

Amazon Redshift

Answer

A

Data warehousing service that you can use for big data analytics. It offers the ability to collect data from many sources and help you to understand relationships and trends across your data.

Question 41

Q

Amazon Quantum Ledger Database (Amazon QLDB)

Answer

A

A ledger database service. You can use this to review a complete history of all the changes that have been made to your application data.

Question 42

Q

AWS Snowball Edge Storage Optimized

Answer

A

A device that enables you to transfer large amounts of data into and out of AWS.

Suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs.

Storage: 80 TB of hard disk drive (HDD) capacity for block volumes and Amazon S3 compatible object storage, and 1 TB of SATA solid state drive (SSD) for block volumes.
Compute: 40 vCPUs, and 80 GiB of memory to support Amazon EC2 sbe1 instances (equivalent to C5).

Question 43

Q

AWS Snowball Edge Compute Optimized

Answer

A

A powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks.

Storage: 42-TB usable HDD capacity for Amazon S3 compatible object storage or Amazon EBS compatible block volumes and 7.68 TB of usable NVMe SSD capacity for Amazon EBS compatible block volumes.
Compute: 52 vCPUs, 208 GiB of memory, and an optional NVIDIA Tesla V100 GPU. Devices run Amazon EC2 sbe-c and sbe-g instances, which are equivalent to C5, M5a, G3, and P3 instances.

Question 44

Q

Amazon Route 53

Answer

A

A DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that are hosted in AWS.

Additionally, you can transfer DNS records for existing domain names that are currently managed by other domain registrars, or register new domain names directly within Amazon Route 53.

Question 45

Q

Amazon CloudWatch

Answer

A

Monitor your applications and respond to system-wide performance changes.

Question 46

Q

AWS Quick Starts

Answer

A

Automate the deployment of workloads into your AWS environment

Question 47

Q

AWS Artifact: Agreements

Answer

A

Can review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations. Different types of agreements are offered to address the needs of customers who are subject to specific regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).

Question 48

Q

AWS Artifact: Reports

Answer

A

Provides compliance reports from third-party auditors. These auditors have tested and verified that AWS is compliant with a variety of global, regional, and industry-specific security standards and regulations. Remains up to date with the latest reports released. You can provide the reports to your auditors or regulators as evidence of AWS security controls.

Question 49

Q

Amazon S3 Intelligent Tiering

Answer

A

S3 monitors objects’ access patterns. If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, Amazon S3 Standard-IA. If you access an object in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, Amazon S3 Standard.

Question 50

Q

Amazon S3 Glacier Flexible Retrieval

Answer

A

A low-cost storage class that is ideal for data archiving. You can retrieve objects stored in this storage class within a few minutes to a few hours.

Question 51

Q

Amazon S3 Standard-IA

Answer

A

Ideal for data that is infrequently accessed but requires high availability when needed. Both Amazon S3 Standard and Amazon S3 Standard-IA store data in a minimum of three Availability Zones. Amazon S3 Standard-IA provides the same level of availability as Amazon S3 Standard but at a lower storage price.

Question 52

Q

Amazon S3 One Zone-IA

Answer

A

Ideal for infrequently accessed data that does not require high availability.

Question 53

Q

Amazon S3 Standard

Answer

A

Provides high availability for objects. This makes it a good choice for a wide range of use cases, such as websites, content distribution, and data analytics. Has a higher cost than other storage classes intended for infrequently accessed data and archival storage.

Question 54

Q

Amazon Glacier Instant Retrieval

Answer

A

When you decide between the options for archival storage, consider how quickly you must retrieve the archived objects. You can retrieve objects stored in the Amazon S3 Glacier Instant Retrieval storage class within milliseconds, with the same performance as Amazon S3 Standard.

Question 55

Q

Amazon S3 Glacier Deep Archive

Answer

A

Supports long-term retention and digital preservation for data that might be accessed once or twice in a year. This storage class is the lowest-cost storage in the AWS Cloud, with data retrieval from 12 to 48 hours. All objects from this storage class are replicated and stored across at least three geographically dispersed Availability Zones.

Question 56

Q

Amazon S3 Outposts

Answer

A

Delivers object storage to your on-premises AWS Outposts environment. This is designed to store data durably and redundantly across multiple devices and servers on your Outposts. It works well for workloads with local data residency requirements that must satisfy demanding performance needs by keeping data close to on-premises applications.

Question 57

Q

AWS Lambda

Answer

A

A service that lets you run code without needing to provision or manage servers.

While using AWS Lambda, you pay only for the compute time that you consume. You are charged only when your code is running. With AWS Lambda, you can run code for virtually any type of application or backend service, all with zero administration.

Question 58

Q

Shared Responsibility Model: Customers

Answer

A

Customers are responsible for the security of everything that they create and put in the AWS Cloud.

When using AWS services, you, the customer, maintain complete control over your content. You are responsible for managing security requirements for your content, including which content you choose to store on AWS, which AWS services you use, and who has access to that content. You also control how access rights are granted, managed, and revoked.

The security steps that you take will depend on factors such as the services that you use, the complexity of your systems, and your company’s specific operational and security needs. Steps include selecting, configuring, and patching the operating systems that will run on Amazon EC2 instances, configuring security groups, and managing user accounts.

Question 59

Q

Shared Responsibility Model: AWS

Answer

A

AWS is responsible for security of the cloud.

AWS operates, manages, and controls the components at all layers of infrastructure. This includes areas such as the host operating system, the virtualization layer, and even the physical security of the data centers from which services operate.

AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure includes AWS Regions, Availability Zones, and edge locations.

AWS manages the security of the cloud, specifically the physical infrastructure that hosts your resources, which include:

Physical security of data centers
Hardware and software infrastructure
Network infrastructure
Virtualization infrastructure

Although you cannot visit AWS data centers to see this protection firsthand, AWS provides several reports from third-party auditors. These auditors have verified its compliance with a variety of computer security standards and regulations.

Question 60

Q

AWS Snowmobile

Answer

A

A service that is used for transferring up to 100 PB of data to AWS. Each one is a 45-foot long shipping container that is pulled by a semi-trailer truck.

Question 61

Q

Amazon Neptune

Answer

A

A graph database service. You can use to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.

Question 62

Q

Amazon CloudFront

Answer

A

A content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world.

Question 63

Q

AWS DeepRacer

Answer

A

An autonomous 1/18 scale race car that you can use to test reinforcement learning models.

Question 64

Q

Amazon GuardDuty

Answer

A

Identifies threats by continually monitoring the network activity and account behavior within your AWS environment.

After you have enabled for your AWS account, it begins monitoring your network and account activity. You do not have to deploy or manage any additional security software. It then continuously analyzes data from multiple AWS sources, including VPC Flow Logs and DNS logs.

If it detects any threats, you can review detailed findings about them from the AWS Management Console. Findings include recommended steps for remediation. You can also configure AWS Lambda functions to take remediation steps automatically in response to its security findings.

Answer 65

A

A service that automatically protects all AWS customers at no cost. It protects your AWS resources from the most common, frequently occurring types of DDoS attacks.

As network traffic comes into your applications, this uses a variety of analysis techniques to detect malicious traffic in real time and automatically mitigates it.

Answer 66

A

A service that checks applications for security vulnerabilities and deviations from security best practices.

After it has performed an assessment, it provides you with a list of security findings. The list prioritizes by severity level, including a detailed description of each security issue and a recommendation for how to fix it. However, AWS does not guarantee that following the provided recommendations resolves every potential security issue. Under the shared responsibility model, customers are responsible for the security of their applications, processes, and tools that run on AWS services.

Answer 67

A

A web application firewall that lets you monitor network requests that come into your web applications.

Works together with Amazon CloudFront and an Application Load Balancer. Recall the network access control lists that you learned about in an earlier module. This works in a similar way to block or allow traffic. However, it does this by using a web access control list (ACL) to protect your AWS resources.

Answer 68

A

A paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks.

It also integrates with other services such as Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing. Additionally, you can integrate with AWS WAF by writing custom rules to mitigate complex DDoS attacks.

Answer 69

A

A fully managed service that you can use to run Kubernetes on AWS. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale.

Containers provide you with a standard way to package your application’s code and dependencies into a single object. Containers are frequently used for processes and workflows in which there are essential requirements for security, reliability, and scalability.

Answer 70

A

A service that enables you to quickly build, train, and deploy machine learning models.

Answer 71

A

You upload your application, and it automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.

Answer 72

A

A message queuing service. You can send, store, and receive messages between software components at any volume size, without losing messages or requiring other services to be available.

An application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.

Answer 73

A

Run infrastructure in a hybrid cloud approach.

Answer 74

A

Provision resources by using programming languages or a text file.

Answer 75

A

Provision an isolated section of the AWS Cloud to launch resources in a virtual network that you define.

Answer 76

A

Rehosting
Replatforming
Refactoring/re-architecting
Repurchasing
Retaining
Retiring

Answer 77

A

Also known as “lift-and-shift” involves moving applications without changes.

In the scenario of a large legacy migration, in which the company is looking to implement its migration and scale quickly to meet a business case, the majority of applications are rehosted.

Answer 78

A

Also known as “lift, tinker, and shift,” involves making a few cloud optimizations to realize a tangible benefit. Optimization is achieved without changing the core architecture of the application.

Answer 79

A

(Also known as re-architecting) involves reimagining how an application is architected and developed by using cloud-native features. Driven by a strong business need to add features, scale, or performance that would otherwise be difficult to achieve in the application’s existing environment.

Answer 80

A

Involves moving from a traditional license to a software-as-a-service model.

For example, a business might choose to implement the repurchasing strategy by migrating from a customer relationship management (CRM) system to Salesforce.com.

Answer 81

A

Consists of keeping applications that are critical for the business in the source environment. This might include applications that require major refactoring before they can be migrated, or, work that can be postponed until a later time.

Answer 82

A

The process of removing applications that are no longer needed.

Answer 83

A

Customers in this Support plan have access to features such as:

Best practice guidance
Client-side diagnostic tools
Building-block architecture support, which consists of guidance for how to use AWS offerings, features, and services together

Answer 84

A

Customers with this plan have access to additional features, including:

Use-case guidance to identify AWS offerings, features, and services that can best support your specific needs
All AWS Trusted Advisor checks
Limited support for third-party software, such as common operating systems and application stack components

Answer 85

A

In addition to all the features included in the Basic, Developer, and Business Support plans, customers have access to:

A pool of Technical Account Managers to provide proactive guidance and coordinate access to programs and AWS experts
A Cost Optimization workshop (one per year)
A Concierge support team for billing and account assistance
Tools to monitor costs and performance through Trusted Advisor and Health API/Dashboard

This plan also provides access to a specific set of proactive support services, which are provided by a pool of Technical Account Managers.

Consultative review and architecture guidance (one per year)
Infrastructure Event Management support (one per year)
Support automation workflows
30 minutes or less response time for business-critical issues

Answer 86

A

In addition to all features included in the Basic, Developer, Business, and Enterprise On-Ramp support plans, customers with this plan have access to:

A designated Technical Account Manager to provide proactive guidance and coordinate access to programs and AWS experts
A Concierge support team for billing and account assistance
Operations Reviews and tools to monitor health
Training and Game Days to drive innovation
Tools to monitor costs and performance through Trusted Advisor and Health API/Dashboard

This plan also provides full access to proactive services, which are provided by a designated Technical Account Manager:

Consultative review and architecture guidance
Infrastructure Event Management support
Cost Optimization Workshop and tools
Support automation workflows
15 minutes or less response time for business-critical issues

Answer 87

A

Ideal for temporary data that does not need to be kept long term.

When an Amazon EC2 instance is stopped or terminated, all the data that has been written to the attached instance store is deleted.

Answer 88

A

Provides block-level storage volumes that you can use with Amazon EC2 instances.

Volume stores data in a single Availability Zone. To attach an Amazon EC2 instance to volume, both the Amazon EC2 instance and the volume must reside within the same Availability Zone.

Ideal for data that needs to be retained. When an Amazon EC2 instance is stopped or terminated, all of the data on the attached volume is still available.

Answer 89

A

A section of a virtual private cloud (VPC) in which you can group resources based on security or operational needs.

Answer 90

A

View a complete history of user activity and API calls for your applications and resources.

Events are typically updated within 15 minutes after an API call was made. You can filter events by specifying the time and date that an API call occurred, the user who requested the action, the type of resource that was involved in the API call, and more.

Answer 91

A

Provides built-in human review workflows for common machine learning use cases, such as content moderation and text extraction from documents. You can also create your own workflows for machine learning models built on Amazon SageMaker or any other tools.

Answer 92

A

A machine learning service that automatically extracts text and data from scanned documents.

Answer 93

A

A service that enables you to build conversational interfaces using voice and text.

Answer 94

A

A service that enables you to establish a dedicated private connection between your data center and VPC.

The private connection helps you to reduce network costs and increase the amount of bandwidth that can travel through your network.

Answer 95

A

A connection between a VPC and the internet. It allows public traffic from the internet to access a VPC.

Answer 96

A

Enables you to establish a virtual private network (VPN) connection between your VPC and a private network, such as an on-premises data center or internal corporate network. Also allows traffic into the VPC only if it is coming from an approved network.

Answer 97

A

A service that provides object-level storage. It stores data as objects within buckets.

Answer 98

A

A virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.

By default, denies all inbound traffic and allows all outbound traffic. You can add custom rules to configure which traffic should be allowed or denied.

Answer 99

A

A virtual firewall that controls inbound and outbound traffic at the subnet level.

Answer 100

A

A single data center or a group of data centers within a Region.

These are located tens of miles apart from each other. This helps them to provide interconnectivity to support the services and applications that run within a Region.

Answer 101

A

A separate geographical location with multiple locations that are isolated from each other.

Answer 102

A

Provide a balance of compute, memory, and networking resources. You can use them for a variety of workloads, such as:

application servers
gaming servers
backend servers for enterprise applications
small and medium databases

Answer 103

A

Ideal for compute-bound applications that benefit from high-performance processors. Like general purpose instances, you can use compute optimized instances for workloads such as web, application, and gaming servers.

However, the difference is these applications are ideal for high-performance web servers, compute-intensive applications servers, and dedicated gaming servers. You can also use compute optimized instances for batch processing workloads that require processing many transactions in a single group.

Answer 104

A

Designed to deliver fast performance for workloads that process large datasets in memory. In computing, memory is a temporary storage area. It holds all the data and instructions that a central processing unit (CPU) needs to be able to complete actions. Before a computer program or application is able to run, it is loaded from storage into memory. This preloading process gives the CPU direct access to the computer program.

Answer 105

A

Use hardware accelerators, or coprocessors, to perform some functions more efficiently than is possible in software running on CPUs. Examples of these functions include floating-point number calculations, graphics processing, and data pattern matching.

In computing, a hardware accelerator is a component that can expedite data processing. Accelerated computing instances are ideal for workloads such as graphics applications, game streaming, and application streaming.

Answer 106

A

Designed for workloads that require high, sequential read and write access to large datasets on local storage. Examples of workloads suitable for these instances include distributed file systems, data warehousing applications, and high-frequency online transaction processing (OLTP) systems.

In computing, the term input/output operations per second (IOPS) is a metric that measures the performance of a storage device. It indicates how many different input or output operations a device can perform in one second. These instances are designed to deliver tens of thousands of low-latency, random IOPS to applications.

You can think of input operations as data put into a system, such as records entered into a database. An output operation is data generated by a server. An example of output might be the analytics performed on the records in a database. If you have an application that has a high IOPS requirement, this instance can provide better performance over other instance types not optimized for this kind of use case.

Answer 107

A

Ideal for short-term, irregular workloads that cannot be interrupted. No upfront costs or minimum contracts apply. The instances run continuously until you stop them, and you pay for only the compute time you use.

Sample use cases for these Instances include developing and testing applications and running applications that have unpredictable usage patterns. These Instances are not recommended for workloads that last a year or longer because these workloads can experience greater cost savings using Reserved Instances.

Answer 108

A

A publish/subscribe service. A publisher publishes messages to subscribers.

Subscribers can be web servers, email addresses, AWS Lambda functions, or several other options.

Answer 109

A

A highly scalable, high-performance container management system that enables you to run and scale containerized applications on AWS.

Supports Docker containers. Docker is a software platform that enables you to build, test, and deploy applications quickly. AWS supports the use of open-source Docker Community Edition and subscription-based Docker Enterprise Edition. With this, you can use API calls to launch and stop Docker-enabled applications.

Answer 110

A

A serverless compute engine for containers. It works with both Amazon ECS and Amazon EKS.

When using, you do not need to provision or manage servers. This manages your server infrastructure for you. You can focus more on innovating and developing your applications, and you pay only for the resources that are required to run your containers.

Answer 111

A

A regional service. It stores data in and across multiple Availability Zones.

The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region where a file system is located. Additionally, on-premises servers can access this using AWS Direct Connect.

Answer 112

A

Enables you to migrate relational databases, nonrelational databases, and other types of data stores.

With this, you move data between a source database and a target database. The source and target databases can be of the same type or different types. During the migration, your source database remains operational, reducing downtime for any applications that rely on the database.

Answer 113

A

A service that you can use to create and manage blockchain networks with open-source frameworks.

Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority.

Answer 114

A

An in-memory cache for DynamoDB.

It helps improve response times from single-digit milliseconds to microseconds.

Answer 115

A

When you first create an AWS account, you begin with an identity known as this.

This user is accessed by signing in with the email address and password that you used to create your AWS account. It has complete access to all the AWS services and resources in the account.

Do not use for everyday tasks.

Instead, use to create your first IAM user and assign it permissions to create other users.

Then, continue to create other IAM users, and access those identities for performing regular tasks throughout AWS. Only use this user when you need to perform a limited number of tasks that are only available to the root user. Examples of these tasks include changing your email address and changing your AWS support plan.

Answer 116

A

An identity that you create in AWS. It represents the person or application that interacts with AWS services and resources. It consists of a name and credentials.

By default, when you create new ones in AWS, it has no permissions associated with it. To allow it to perform specific actions in AWS, such as launching an Amazon EC2 instance or creating an Amazon S3 bucket, you must grant it the necessary permissions.

We recommend that you create individual ones for each person who needs to access AWS.

Even if you have multiple employees who require the same level of access, you should create individual IAM users for each of them. This provides additional security by allowing each IAM user to have a unique set of security credentials.

Answer 117

A

A document that allows or denies permissions to AWS services and resources.

These enable you to customize users’ levels of access to resources. For example, you can allow users to access all of the Amazon S3 buckets within your AWS account, or only a specific bucket.

Follow the security principle of least privilege when granting permissions.

By following this principle, you help to prevent users or roles from having more permissions than needed to perform their tasks.

For example, if an employee needs access to only a specific bucket, specify the bucket. Do this instead of granting the employee access to all of the buckets in your AWS account.

Answer 118

A

A collection of IAM users. When you assign an IAM policy, all users are granted permissions specified by the policy.

Assigning IAM policies also makes it easier to adjust permissions when an employee transfers to a different job.

Answer 119

A

An identity that you can assume to gain temporary access to permissions.

Before an IAM user, application, or service can assume one, they must be granted permissions to switch to it. When someone assumes it, they abandon all previous permissions that they had under a previous one and assume the permissions of the new.

These are ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term.

Answer 120

A

Enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use this to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

With this, you can choose the specific levels of access control that you need for your keys. For example, you can specify which IAM users and roles are able to manage keys. Alternatively, you can temporarily disable keys so that they are no longer in use by anyone. Your keys never leave, and you are always in control of them.

Answer 121

A

Enables you to begin using certain services without having to worry about incurring costs for the specified period.

Three types of offers are available:

Always Free
12 Months Free
Trials

For each free tier offer, make sure to review the specific details about exactly which resource types are included.

Answer 122

A

Used to pay your AWS bill, monitor your usage, and analyze and control your costs.

Compare your current month-to-date balance with the previous month, and get a forecast of the next month based on current usage.
View month-to-date spend by service.
View Free Tier usage by service.
Access Cost Explorer and create budgets.
Purchase and manage Savings Plans.
Publish AWS Cost and Usage Reports.

Answer 123

A

A small, rugged, and secure edge computing and data transfer device.

It features 2 CPUs, 4 GB of memory, and 8 TB of usable storage.

Answer 124

A

Convert speech to text

Answer 125

A

Discover patterns in text

Answer 126

A

Identify potentially fraudulent online activities

Brainscape's Knowledge GenomeTM

Cloud Practitioner Flashcards

Brainscape's Knowledge Genome^TM