Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Cloud Practitioner > Cloud Practitioner - PRACTICE 2 > Flashcards

Cloud Practitioner - PRACTICE 2 Flashcards

1
Q

According to the shared responsibility mode, which security and compliance task is AWS responsible for?

  1. Granting permissions to users and services
  2. Updating Amazon EC2 host firmware
  3. Encrypting data at rest
  4. Updating operating systems
A

Updating Amazon EC2 host firmware

According to the AWS shared responsibility model AWS are
responsible for security “of” the cloud. This includes updating the firmware of the EC2 host servers on which instances run. All of the other answers are incorrect as they represent security “in” the cloud which is a customer responsibility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company has a global user base and needs to deploy AWS services that can decrease network latency for their users. Which services may assist? (Select TWO.)

  1. Amazon CloudFront
  2. Amazon VPC
  3. Application Auto Scaling
  4. AWS Direct Connect
  5. AWS Global Accelerator
A

Amazon CloudFront & AWS Global Accelerator

Amazon CloudFront is a content delivery network (CDN) that caches media assets such as files, photos, and videos in Edge locations around the world. This gets your content closer to the user base which decreases latency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What can be used to allow an application running on an Amazon EC2 instance to securely store data in an Amazon S3 bucket without using long-term credentials?

  1. AWS Systems Manager
  2. Amazon Connect
  3. AWS IAM role
  4. AWS IAM access key
A

AWS IAM Role

An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which AWS service does AWS Snowball Edge natively support?

  1. AWS Server Migration Service (AWS SMS)
  2. AWS Database Migration Service (AWS DMS)
  3. AWS Trusted Advisor
  4. Amazon EC2
A

Amazon EC2
You can run Amazon EC2 compute instances hosted on a Snowball Edge with the sbel, sbe-c, and sbe-g instance types. The sbe1 instance type works on devices with the Snowball Edge Storage Optimized option. The sbe-c instance type works on devices with the Snowball Edge Compute Optimized option. Both the sbe-c and sbe-g instance types work on devices with the Snowball Edge Compute Optimized with GPU option.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AWS are able to continue to reduce their pricing due to:

  1. Pay-as-you go pricing
  2. The AWS global infrastructure
  3. Economies of scale
  4. Reserved instance pricing
A

Economies of scale

By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale, which translates into lower pay as-you-go prices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

According to the AWS shared responsibility model, which task is the customer’s responsibility?

  1. Maintaining the infrastructure needed to run Amazon DynamoDB.
  2. Updating the operating system of AWS Lambda instances.
  3. Maintaining Amazon API Gateway infrastructure.
  4. Updating the guest operating system on Amazon EC2 instances.
A

Updating the guest operating system on Amazon EC2 instances

According to the AWS Shared Responsibility Model updating Amazon EC2 guest operating systems falls under the area of security “in” the cloud which is a customer responsibility. With EC2, AWS manage the underlying platform on which EC2 runs but you must launch and manage your operating systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A Cloud Practitioner noticed that IP addresses that are owned by AWS are being used to attempt to flood ports on some of the company’s systems. To whom should the issue be reported?

  1. AWS Professional Services
  2. AWS Partner Network (APN)
  3. AWS Trust & Safety team
  4. AWS Technical Account Manager (TAM)
A

AWS Trust & Safety team

If you suspect that AWS resources are used for abusive purposes, contact the AWS Trust & Safety team using the Report Amazon AWS abuse form, or by contacting abuse@amazonaws.com. Provide all the necessary information, including logs in plaintext, email headers, and so on, when you submit your request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which on-premises costs must be included in a Total Cost of Ownership (TCO) calculation when comparing against the AWS Cloud? (Select TWO.)

  1. Physical compute hardware
  2. Operating system administration
  3. Network infrastructure in the data center
  4. Project management services
  5. Database schema development
A

Physical compute hardware & Network infrastructure in the data center

When performing a TCO analysis you must include all costs you are currently incurring in the on-premises environment that you will not pay for in the AWS Cloud. This should include labor costs for activities that will be reduced or eliminated. Labor costs that will continue to be incurred in the cloud need not be included.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following can be used to identify a specific user who terminated an Amazon RDS DB instance?

  1. AWS CloudTrail
  2. Amazon Inspector
  3. Amazon CloudWatch
  4. AWS Trusted Advisor
A

AWS CloudTrail

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which AWS service can be used to perform data extract, transform, and load (ETL) operations so you can prepare data for analytics?

  1. Amazon QuickSight
  2. AWS Glue
  3. Amazon Athena
  4. Amazon S3 Select
A

AWS GLUE

AWS Glue is a serverless data integration service that makes it easy to discover, prepare, and combine data for analytics, machine learning, and application development. AWS Glue provides all of the capabilities needed for data integration so that you can start analyzing your data and putting it to use in minutes instead of months.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following tasks can a user perform to optimize Amazon EC2 costs? (Select TWO.)

  1. Implement Auto Scaling groups to add and remove instances based on demand.
  2. Create a policy to restrict IAM users from accessing the Amazon EC2 console.
  3. Set a budget to limit spending on Amazon EC2 instances using AWS Budgets.
  4. Purchase Amazon EC2 Reserved Instances.
  5. Create users in a single Region to reduce the spread of EC2 instances globally.
A

Implement Auto Scaling groups to add and remove instances based on demand & Purchase Amazon EC2 Reserved Instances

Cost optimization can include using Auto Scaling groups to scale the number of EC2 instances according to actual demand. Also, using Amazon EC2 reserved instances for suitable workloads is a good way of optimizing costs over the longer term.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

According to the shared responsibility model, which security related task is the responsibility of the customer?

  1. Maintaining server-side encryption.
  2. Securing servers and racks at AWS data centers.
  3. Maintaining firewall configurations at hardware level.
  4. Maintaining physical networking configuration.
A

Maintaining server-side encryption

All client-side and server-side encryption is a responsibility of the customer using the AWS Cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company plan to move the application development to AWS. Which benefits can they achieve when developing and running applications in the AWS Cloud compared to on premises? (Select TWO.)

  1. AWS automatically replicates all data globally.
  2. AWS will fully manage the entire application.
  3. AWS makes it easy to implement high availability.
  4. AWS can accommodate large changes in application demand.
  5. AWS takes care of application security patching.
A

AWS makes it easy to implement high availability & AWS can accommodate large changes in application demand

AWS provides many options for high availability including multiple availability zones within Regions and multiple Regions around the world. There are also many options to leverage durable data storage, message buses, databases. AWS have a huge global infrastructure with massive amounts of capacity. It is therefore very easy to accommodate large changes in application demand and this can often be seamless to your application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which AWS services offer compute capabilities? (Select TWO.)

  1. Amazon DynamoDB
  2. Amazon ECS
  3. Amazon EFS
  4. Amazon CloudHSM
  5. AWS Lambda
A

Amazon ECS & AWS Lambda

The Amazon Elastic Container Service (ECS) is a compute service that allows you to run Docker containers as tasks on AWS. AWS Lambda is a function as a service offering that provides the ability to run compute functions in response to triggers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A cloud practitioner needs to migrate a 70 TB of data from an on-premises data center into the AWS Cloud. The company has a slow and unreliable internet connection. Which AWS service can the cloud practitioner leverage to transfer the data?

  1. Amazon S3 Glacier
  2. AWS Snowball
  3. AWS Storage Gateway
  4. AWS DataSync
A

AWS Snowball

AWS Snowball is a method of transferring the data using a physical device. A Snowball Edge device can hold up to 80 TB so a single device can be used. This transfer method completely avoids the slow and unreliable internet connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which AWS service is a fully-managed source control service that hosts secure Git-based repositories?

  1. AWS CodeBuild
  2. AWS CodeDeploy
  3. AWS CodeCommit
  4. AWS CodePipeline
A

AWS CodeCommit

AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A Cloud Practitioner is re-architecting a monolithic application. Which design principles for cloud architecture do AWS recommend? (Select TWO.)

  1. Implement manual scalability.
  2. Implement loose coupling.
  3. Use self-managed servers.
  4. Rely on individual components.
  5. Design for scalability.
A

Implement loose coupling & Design for scalability

Dependencies such as queuing systems, streaming systems, workflows, and load balancers are loosely coupled. Loose coupling helps isolate behavior of a component from other components that depend on it, increasing resiliency and agility AWS recommend that you architect applications that scale horizontally to increase aggregate workload availability. This scaling should be automatic where possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following a valid best practices for using the AWS Identity and Access Management (IAM) service? (Select TWO.)

  1. Embed access keys in application code.
  2. Create individual IAM users.
  3. Use inline policies instead of customer managed policies.
  4. Use groups to assign permissions to IAM users.
  5. Grant maximum privileges to IAM users.
A

Create individual IAM users & Use groups to assign permissions to lAM users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which benefit of AWS enables companies to replace upfront fixed expenses with variable expenses when using on-demand technology services?

  1. Pay-as-you-go pricing
  2. Economies of scale
  3. Global reach
  4. High availability
A

Pay-as-you-go pricing

Pay-as-you-go-pricing is an example of the AWS advantage “Trade capital expense for variable expense”. This is documented in the Six Advantages of Cloud Computing. Instead of having to invest heavily in data centers and servers before you know how you’re going to use them, you can pay only when you consume computing resources, and pay only for how much vou consume.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A Service Control Policy (SCP) is used to manage the maximum available permissions and is associated with which of the following?

  1. AWS Global Infrastructure
  2. AWS Regions
  3. AWS Organizations
  4. Availability Zones
A

AWS Organizations

Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization. SCs are associated with AWS Organizations and help you to ensure your accounts stay within your organization’s access control guidelines. SCs are available only in an organization that has all features enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What should a Cloud Practitioner ensure when designing a highly available architecture on AWS?

  1. Servers have low-latency and high throughput network connectivity.
  2. The failure of a single component should not affect the application.
  3. There are enough servers to run at peak load available at all times.
  4. A single monolithic application component handles all operations.
A

The failure of a single component should not affect the application

In a highly available system the failure of a single component should not affect the application. This means that if a single component such as an application server fails, there should be other applications servers available that can seamlessly take over operations and ensure the application continues to operate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which technology can automatically adjust compute capacity as demand for an application increases or decreases?

  1. Load balancing
  2. Auto Scaling
  3. Fault tolerance
  4. High availability
A

Auto Scaling

Amazon EC2 Auto Scaling helps you maintain application availability and allows you to automatically add or remove EC2 instances according to conditions you define. You can use the fleet management features of EC2 Auto Scaling to maintain the health and availability of your fleet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following is an advantage for a company running workloads in the AWS Cloud vs on-premises? (Select TWO.)

  1. Less staff time is required to launch new workloads.
  2. Increased time to market for new application features.
  3. Higher acquisition costs to support elastic workloads.
  4. Lower overall utilization of server and storage systems.
  5. Increased productivity for application development teams.
A

Less staff time is required to launch new workloads & Increased productivity for application development
teams

Using AWS cloud services can help development teams to be more productive as they spend less time working on the infrastructure layer as it is provided for them. This additionally means launching new workloads requires less time as you can automate the implementation of the application and there is no underlying hardware layer to configure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which cloud architecture design principle is supported by deploying workloads across multiple Availability Zones?

  1. Automate infrastructure.
  2. Design for agility.
  3. Enable elasticity.
  4. Design for failure.
A

Design for failure

Amazon EC2 instances can be deploved in an Amazon VPC across multiple Availability Zones. You would then typically use an Elastic Load Balancer (ELB) to distribute load between the available instances. This architecture enables high availability as if a single instance fails or if something fails that causes an outage in an entire Availability Zone, the application still has available instances to continue to service demand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A company requires a dashboard for reporting when using a business intelligence solution. Which AWS service can a Cloud Practitioner use?

  1. Amazon Redshift
  2. Amazon Kinesis
  3. Amazon Athena
  4. Amazon QuickSight
A

Amazon QuickSight

Amazon QuickSight is a scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A Cloud Practitioner wants to configure the AWS CLI for programmatic access to AWS services. Which credential components are required? (Select TWO.)

  1. An access key ID
  2. Apublic key
  3. A secret access key
  4. An IAM Role
  5. A private key
A

An access key ID & A secret access key

Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which service can a Cloud Practitioner use to configure custom cost and usage limits and enable alerts for when defined thresholds are exceeded?

  1. Consolidated billing
  2. AWS Trusted Advisor
  3. Cost Explorer
  4. AWS Budgets
A

AWS Budgets

AWS Budgets allows you to set custom budgets to track your cost and usage. With AWS Budgets, you can choose to be alerted by email or SNS notification when actual or forecasted cost and usage exceed your budget threshold, or when your actual RI and Savings Plans’ utilization or coverage drops below your desired threshold.

28
Q

What is the function of Amazon EC2 Auto Scaling?

  1. Scales the size of EC2 instances up or down automatically, based on demand.
  2. Automatically updates the EC2 pricing model, based on demand.
  3. Scales the number of EC2 instances in or out automatically, based on demand.
  4. Automatically modifies the network throughput of EC2 instances, based on demand.
A

Scales the number of EC2 instances in or out automatically, based on demand.

Amazon EC2 Auto Scaling helps you maintain application availability and allows you to automatically add or remove EC2 instances according to conditions you define. You can use the fleet management features of EC2 Auto Scaling to maintain the health and availability of your fleet. You can also use the dynamic and predictive scaling features of EC2 Auto Scaling to add or remove EC2 instances.

29
Q

Which AWS service should a Cloud Practitioner use to establish a secure network connection between an on-premises network and AWS?

  1. AWS Mobile Hub
  2. AWS Web Application Firewall (WAF)
  3. Amazon Virtual Private Cloud (VPC)
  4. Virtual Private Network
A

Virtual Private Network

AWS Virtual Private Network solutions establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network.

30
Q

Which AWS-managed service can be used to process vast amounts of data using a hosted Hadoop framework?

  1. Amazon DynamoDB
  2. Amazon Athena
  3. Amazon EMR
  4. Amazon Redshift
A

Amazon EMR

Amazon Elastic Map Reduce (EMR) is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. EMR utilizes a hosted Hadoop framework running on Amazon EC2 and Amazon S3.

31
Q

Which Amazon EC2 pricing model should be avoided if a workload cannot accept interruption if capacity becomes temporarily unavailable?

  1. Spot Instances
  2. On-Demand Instances
  3. Standard Reserved Instances
  4. Convertible Reserved Instances
A

Spot Instances

Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. The downside is that if capacity becomes temporarily unavailable, your instances may be terminated.

32
Q

A Cloud Practitioner requires a simple method to identify if unrestricted access to resources has been allowed by security groups. Which service can the Cloud Practitioner use?

  1. AWS Trusted Advisor
  2. Amazon CloudWatch
  3. VPC Flow Logs
  4. AWS CloudTrail
A

AWS Trusted Advisor

AWS Trusted Advisor checks security groups for rules that allow unrestricted access (0.0.0.0/0) to specific ports. Unrestricted access increases opportunities for malicious activity (hacking, denial-of- service attacks, loss of data).

33
Q

An eCommerce company plans to use the AWS Cloud to quickly deliver new functionality in an iterative manner, minimizing the time to market. Which feature of the AWS Cloud provides this functionality?

  1. Elasticity
  2. Agility
  3. Fault tolerance
  4. Cost effectiveness
A

Agility

In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.

34
Q

What can a Cloud Practitioner do with the AWS Cost Management tools? (Select TWO.)

  1. Visualize AWS costs by day, service, and linked AWS account.
  2. Terminate EC2 instances automatically if budget thresholds are exceeded.
  3. Automatically modify EC2 instances to use Spot pricing to reduce costs.
  4. Create budgets and receive notifications if current or forecasted usage exceeds the budgets.
  5. Archive data to Amazon Glacier if it is not accessed for a configured period of time.
A

Visualize AWS costs by day, service, and linked AWS account & Create budgets and receive notifications if current or
forecasted usage exceeds the budgets

AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. It can be used to visualize AWS costs by day, service, and linked AWS account. AWS Budgets can be used to receive notifications if current or forecasted usage exceeds the budgets.

35
Q

Which AWS dashboard displays relevant and timely information to help users manage events in progress, and provides proactive notifications to help plan for scheduled activities?

  1. AWS Service Health Dashboard
  2. AWS Personal Health Dashboard
  3. AWS Trusted Advisor dashboard
  4. Amazon Cloud Watch dashboard
A

AWS Personal Health Dashboard

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you.

36
Q

Which AWS service should a Cloud Practitioner use to automate configuration management using Puppet?

  1. AWS Config
  2. AWS OpsWorks
  3. AWS CloudFormation
  4. AWS Systems Manager
A

AWS OpsWorks

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.

37
Q

Which AWS service is used to send both text and email messages from distributed applications?

  1. Amazon Simple Notification Service (Amazon SNS)
  2. Amazon Simple Email Service (Amazon SES)
  3. Amazon Simple Workflow Service (Amazon SWF)
  4. Amazon Simple Queue Service (Amazon SQS)
A

Amazon Simple Notification Service (SNS)

Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications.

38
Q

Which AWS service or feature allows a company to receive a single monthly AWS bill when using multiple AWS accounts?

  1. Consolidated billing
  2. Amazon Cloud Directory
  3. AWS Cost Explorer
  4. AWS Cost and Usage report
A

Consolidated Billing

You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) accounts.

39
Q

A user needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances and vulnerabilities on those instances. Which AWS service will provide this assessment report?

  1. EC2 security groups
  2. AWS Config
  3. Amazon Macie
  4. Amazon Inspector
A

Amazon Inspector

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.

40
Q

Which of the following best describes an Availability Zone in the AWS Cloud?

  1. One or more physical data centers
  2. A completely isolated geographic location
  3. One or more edge locations based around the world
  4. A subnet for deploying resources into
A

One or more physical data centers

An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. AZ’s give customers the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center.

41
Q

A company needs a consistent and dedicated connection between AWS resources and an on-premise system. Which AWS service can fulfil this requirement?

  1. AWS Direct Connect
  2. AWS Managed VPN
  3. Amazon Connect
  4. AWS DataSync
A

AWS Direct Connect

An AWS Direct Connect connection is a private, dedicated link to AWS. As it does not use the internet, performance is consistent.

42
Q

Which AWS service helps customers meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated hardware appliances within the AWS Cloud?

  1. AWS Secrets Manager
  2. AWS CloudHSM
  3. AWS Key Management Service (AWS KMS)
  4. AWS Directory Service
A

The AWS CloudHSM

The AWS CloudHSM service helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud. AWS CloudHSM enables you to easily generate and use your own encryption keys on the AWS Cloud.

43
Q

What can a Cloud Practitioner use the AWS Total Cost of Ownership (TCO) Calculator for?

  1. Generate reports that break down AWS Cloud compute costs by duration, resource, or tags
  2. Estimate savings when comparing the AWS Cloud to an on-premises environment
  3. Estimate a monthly bill for the AWS Cloud resources that will be used
  4. Enable billing alerts to monitor actual AWS costs compared to estimated costs
A

Estimate savings when comparing the AWS Cloud to an on-premises environment

The TCO calculators allow you to estimate the cost savings when using AWS, compared to on-premises, and provide a detailed set of reports that can be used in executive presentations. The calculators also give you the option to modify assumptions that best meet your business needs.

44
Q

Which of the following should be used to improve the security of access to the AWS Management Console? (Select TWO.)

  1. AWS Secrets Manager
  2. AWS Certificate Manager
  3. AWS Multi-Factor Authentication (AWS MFA)
  4. Security group rules
  5. Strong password policies
A

AWS Multi-Factor Authentication (AWS MA) & Strong password policies

For extra security, AWS recommends that you require multi-factor authentication (MFA) for all users in your account. With MA, users have a device that generates a response to an authentication challenge.

45
Q

An application has highly dynamic usage patterns. Which characteristics of the AWS Cloud make it cost-effective for this type of workload? (Select TWO.)

  1. High availability
  2. Strict security
  3. Elasticity
  4. Pay-as-you-go pricing
  5. Reliability
A

Elasticity & Pay-as-you-go pricing

AWS is a cost-effective for dynamic workloads because it is elastic, meaning your workload can scale based on demand. And because you only pay for what you use (pay-as-you-go pricing).

46
Q

Which benefits can a company immediately realize using the AWS Cloud? (Select TWO.)

  1. Variable expenses are replaced with capital expenses
  2. Capital expenses are replaced with variable expenses
  3. User control of physical infrastructure
  4. Increased agility
  5. No responsibility for security
A

Capital expenses are replaced with variable expenses & Increased agility

A couple of the benefits that companies will realize immediately when using the AWS Cloud are increased agility and a change from capital expenditure to variable operational expenditure. Agility is enabled through the flexibility of cloud services and the ease with which applications can be deployed, scaled, and managed.

47
Q

Which AWS hybrid storage service enables a user’s on-premises applications to seamlessly use AWS Cloud storage?

  1. AWS Backup
  2. Amazon Connect
  3. AWS Direct Connect
  4. AWS Storage Gateway
A

AWS Storage Gateway

AWS Storage Gateway is a hybrid cloud storage service that gives you on- premises access to virtually unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid
cloud storage use cases.

48
Q

A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in an Amazon VPC. Which service should be used to deploy the application?

  1. AWS CloudFormation
  2. AWS Elastic Beanstalk
  3. Amazon EC2
  4. Amazon LightSail
A

AWS Elastic Beanstalk

AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.

49
Q

How can a security compliance officer retrieve AWS compliance documentation such as a SOC 2 report?

  1. Using AWS Artifact
  2. Using AWS Trusted Advisor
  3. Using AWS Inspector
  4. Using the AWS Personal Health Dashboard
A

AWS Artifact

AWS Artifact, available in the console, is a self-service audit artifact retrieval portal that provides our customers with on-demand access to AWS’ compliance documentation and AWS agreements.

50
Q

Which AWS service can be used to run Docker containers?

  1. AWS Lambda
  2. Amazon ECR
  3. Amazon ECS
  4. Amazon AMI
A

Amazon ECS

Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances.

51
Q

What are the benefits of using the AWS Managed Services? (Select TWO.)

  1. Alignment with ITIL processes
  2. Managed applications so you can focus on infrastructure
  3. Baseline integration with ITSM tools
  4. Designed for small businesses
  5. Support for all AWS services
A

Alignment with ITIL processes & Baseline integration with ITSM tools

AWS Managed Services manages the daily operations of your AWS infrastructure in alignment with ITIL processes. AWS Managed Services provides a baseline integration with IT Service Management (ITSM) tools such as the ServiceNow platform.

52
Q

Which services are involved with security? (Select TWO.)

  1. AWS CloudHSM
  2. AWS DMS
  3. AWS KMS
  4. AWS SMS
  5. Amazon ELB
A

AWS CloudHSM & AWS KMS

Key Management Service (KMS) gives you centralized control over the encryption keys used to protect your data. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

53
Q

What are the names of two types of AWS Storage Gateway? (Select TWO.)

  1. S3 Gateway
  2. File Gateway
  3. Block Gateway
  4. Tape Gateway
  5. Cached Gateway
A

File Gateway & Tape Gateway

File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3. Tape Gateway (formerly known as Gateway Virtual Tape Library) is used for backup with popular backup software.

54
Q

An application stores images which will be retrieved infrequently, but must be available for retrieval immediately.

Which is the most cost-effective storage option that meets these requirements?

  1. Amazon Glacier with expedited retrievals
  2. Amazon S3 Standard-Infrequent Access
  3. Amazon EFS
  4. Amazon S3 Standard
A

Amazon S3 Standard-Infrequent Access

Amazon S3 Standard-Infrequent Accessis the most cost-effective choice. It provides immediate access and is suitable for this use case as it is lower cost than S3 standard. Note that you must pay a fee for retrievals which is why you would only use this tier for infrequent access use cases.

55
Q

Which AWS support plans provide support via email, chat and phone? (Select TWO.)

  1. Basic
  2. Developer
  3. Business
  4. Enterprise
  5. Global
A

Business & Enterprise

Only the business and enterprise plans provide support via email, chat and phone.

56
Q

Which AWS service can be used to host a static website?

  1. Amazon S3
  2. Amazon EBS
  3. AWS CloudFormation
  4. Amazon EFS
A

Amazon S3

You can use Amazon S3 to host a static website. On a static website, individual webpages include static content. They might also contain client-side scripts.

57
Q

Which of the following are AWS recommended best practices in relation to IAM? (Select TWO.)

  1. Assign permissions to users
  2. Create individual IAM users
  3. Embed access keys in application code
  4. Enable MFA for all users
  5. Grant greatest privilege
A

Create individual IAM users & Enable MFA for all users

AWS recommends that you create individual IAM users rather than sharing IAM user accounts. For extra security, AWS recommends that you require multi-factor authentication (MA) for all users in your account. For privileged IAM users who are allowed to access sensitive resources or API operations, AWS recommend using U2F or hardware MFA devices.

58
Q

Which of the following security operations tasks must be performed by AWS customers? (Select TWO.)

  1. Collecting syslog messages from physical firewalls
  2. Issuing data center access keycards
  3. Installing security updates on EC2 instances
  4. Enabling multi-factor authentication (MA) for privileged users
  5. Installing security updates for server firmware
A

Installing security updates on EC2 instances & Enabling multi-factor authentication (MFA) for privileged users

The customer is responsible for installing security updates on EC2 instances and enabling MFA. AWS is responsible for security of the physical data center and the infrastructure upon which customer services run.

59
Q

How can an organization assess applications for vulnerabilities and deviations from best practice?

  1. Use AWS Artifact
  2. Use AWS Inspector
  3. Use AWS Shield
  4. Use AWS WAF
A

AWS Inspector

Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Inspector automatically assesses applications for vulnerabilities or deviations from best practices.

60
Q

Which AWS service protects against common exploits that could compromise application availability, compromise security or consume excessive resources?

  1. AWS WAF
  2. AWS Shield
  3. Security Group
  4. Network ACL
A

AWS WAF

AWS WAF is a web application firewall that protects against common exploits that could compromise application availability, compromise security or consume excessive resources.

61
Q

A new user is unable to access any AWS services, what is the most likely explanation?

  1. The user needs to login with a key pair
  2. The services are currently unavailable
  3. By default new users are created without access to any AWS services
  4. The default limit for user logons has been reached
A

By default new users are created with NO access to any AWS services

They can only login to the AWS console. You must apply permissions to users to allow them to access services.

62
Q

Which of the following compliance programs allows the AWS environment to process, maintain, and store protected health information?

  1. ISO 27001
  2. PCIDSS
  3. HIPAA
  4. SOC 1
A

HIPAA

AWS enables covered entities and their business associates subiect to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure AWS environment to process, maintain, and store protected health information.

63
Q

Which AWS service can be used to load data from Amazon S3, transform it, and move it to another destination?

  1. Amazon RedShift
  2. Amazon EMR
  3. Amazon Kinesis
  4. AWS Glue
A

AWS GLUE

AWS Glue is an Extract, Transform, and Load (ETL) service. You can use AWS Glue with data sources on Amazon S3, RedShift and other databases. With AWS Glue you transform and move the data to various destinations. It is used to prepare and load data for analytics.

64
Q

How should an organization deploy an application running on multiple EC2 instances to ensure that a power failure does not cause an application outage?

  1. Launch the EC2 instances in separate regions
  2. Launch the EC2 instances into different VPCs
  3. Launch the EC2 instances into different Availability Zones
  4. Launch the EC2 instances into Edge Locations
A

Launch the EC2 instances into different Availability Zones

If you have multiple EC2 instances that are part of an application, you should deploy them into separate availability zones (AZs). Each AZ has redundant power and is also fed from a different grid. AZs also have low latency network links which is often advantageous for most applications.

65
Q

Which of the statements below is correct in relation to Consolidated Billing? (Select TWO.)

  1. You receive one bill per AWS account
  2. You receive a single bill for multiple accounts
  3. You pay a fee per linked account
  4. You can combine usage and share volume pricing discounts
  5. You are charged a fee per user
A

You receive a single bill for multiple accounts & You can combine usage and share volume pricing discounts

One bill - You get one bill for multiple accounts. Combined usage - You can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with individual standalone accounts.

66
Q

Amazon S3 is typically used for which of the following use cases? (Select TWO.)

  1. Host a static website
  2. Install an operating system
  3. Media hosting
  4. In-memory data cache
  5. Message queue
A

Host a static website & Media hosting

Amazon S3 is an object storage system. Typical use cases include: Backup and storage, application hosting, media hosting, software delivery and hosting a static website.

AWS Cloud Practitioner (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions