Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

AWS Cloud Practitioner > Cloud Practitioner - PRACTICE 3 > Flashcards

Cloud Practitioner - PRACTICE 3 Flashcards

1
Q

Which AWS service or feature can be used to restrict the individual API actions that users and roles in each member account can access?

  1. Amazon Macie
  2. AWS Organizations
  3. AWS Shield
  4. AWS IAM
A

AWS Organizations

AWS Organizations offers Service control policies (SCPs) which are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions (API actions) for all accounts in your organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which AWS service can be used to track the activity of users on AWS?

  1. AWS CloudTrail
  2. AWS Directory Service
  3. Amazon Inspector
  4. Amazon CloudWatch
A

AWS CloudTrail

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A user needs a quick way to determine if any Amazon EC2 instances have ports that allow unrestricted access. Which AWS service will support this requirement?

  1. VPC Flow Logs
  2. AWS Shield
  3. AWS Trusted Advisor
  4. AWS CloudWatch Logs
A

AWS Trusted Advisor

Access to the ports on an Amazon EC2 instance is controlled through security groups. AWS Trusted Advisor scans the security groups in your account to see if any security groups allow unrestricted access to any ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A company has a website that delivers static content from an Amazon S3 bucket to users from around the world. Which AWS service will deliver the content with low latency?

  1. AWS Lambda
  2. Amazon CloudFront
  3. AWS Elastic Beanstalk
  4. AWS Global Accelerator
A

Amazon CloudFront

Amazon CloudFront is a content delivery network (CDN) and can use an Amazon S3 bucket configured as a static website as an origin for the content is caches globally. CloudFront reduces latency for global users by serving the requested content from a local cache.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which AWS service or component allows inbound traffic from the internet to access a VPC?

  1. NAT Gateway
  2. Internet gateway
  3. VPC Route Table
  4. Virtual Private Gateway
A

Internet Gateway

An Internet gateway is attached to a VPC and allows inbound traffic from the internet to access the VPC. It is also used as a target in route tables for outbound internet traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A company plans to connect their on-premises data center to the AWS Cloud and requires consistent bandwidth and performance. Which AWS service should the company choose?

  1. AWS VPN
  2. Amazon Connect
  3. AWS Direct Connect
  4. Amazon CloudFront
A

AWS Direct Connect

AWS Direct Connect is a cloud service solution that makes it easv to establish a dedicated network connection from your premises to AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A manager is planning to migrate applications to the AWS Cloud and needs to obtain AWS compliance reports. How can these reports be generated?

  1. Download the reports from AWS Secrets Manager.
  2. Contact the AWS Compliance team.
  3. Create a support ticket with AWS Support.
  4. Download the reports from AWS Artifact.
A

AWS Artifact

AWS Artifact is your go-to, central resource for compliance-related
information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A company has been using an AWS managed IAM policy for granting permissions to users but needs to add some permissions. How can this be achieved?

  1. Create a rule in AWS WAF.
  2. Create a custom IAM policy.
  3. Edit the AWS managed policy.
  4. Create a Service Control Policy.
A

Create a custom IAM policy

AWS managed policies cannot be edited so if you need to add permissions to users that are not granted in the policy you must create your own custom IAM policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which AWS service or feature can be used to capture information about inbound and outbound IP traffic on network interfaces in a VPC?

  1. Internet Gateway
  2. AWS CloudTrail
  3. VPC Endpoint
  4. VPC Flow Logs
A

VPC Flow Logs

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon Cloud Watch Logs or Amazon S3. After you’ve created

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which AWS services can be used as infrastructure automation tools? (Select TWO.)

  1. AWS CloudFormation
  2. Amazon CloudFront
  3. AWS Batch
  4. AWS Ops Works
  5. Amazon QuickSight
A

CloudFormation & OpsWorks

AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What technology enables compute capacity to adjust as loads change?

  1. Load balancing
  2. Automatic failover
  3. Round robin
  4. Auto Scaling
A

Auto Scaling

Auto Scaling allows the dynamic adjustment of provisioned resources based on demand. For instance, you can use Amazon EC2 Auto Scaling to launch additional EC2 instances when CloudWatch metrics report the CPU utilization has reached a certain threshold.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can a company separate costs for storage, Amazon EC2, Amazon S3, and other AWS services by department?

  1. Add department-specific tags to each resource
  2. Create a separate VPC for each department
  3. Create a separate AWS account for each department
  4. Use AWS Organizations
A

Add department-specific tags to each resource

A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a value. For each resource, each tag key must be unique, and each tag key can have only one value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which AWS Support plan provides access to architectural and operational reviews, as well as 24/7 access to Cloud Support Engineers through email, online chat, and phone?

  1. Basic
  2. Business
  3. Developer
  4. Enterprise
A

Enterprise

Only the enterprise plan provides Well-Architected Reviews and Operational Reviews. 24/7 access to Cloud Support Engineers through email, online chat,
and phone is offered on the business and enterprise plans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Under the AWS shared responsibility model, which of the following is an example of security in the AWS Cloud?

  1. Managing edge locations
  2. Physical security
  3. Firewall configuration
  4. Global infrastructure
A

Firewall Configuration

Firewall configuration is an example of “security in the cloud”. This is the customer’s responsibility, not an AWS responsibility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which AWS service provides on-demand downloads of AWS security and compliance reports?

  1. AWS Directory Service
  2. AWS Artifact
  3. AWS Trusted Advisor
  4. Amazon Inspector
A

AWS Artifact

AWS Artifact is the go-to, central resource for compliance-related
information that matters to you. It provides on-demand access to AWS’ security amd compliance reports and select online agreements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which Amazon EC2 pricing model is the most cost-effective for an always-up, right-sized database server running a project that will last 1 year?

  1. On-Demand Instances
  2. Convertible Reserved Instances
  3. Spot Instances
  4. Standard Reserved Instances
A

Standard Reserved Instances

Reserved Instances (RIs) provide you with a significant discount (up to 72%) compared to On-Demand instance pricing. Standard reserved instances offer the most cost savings. RIs are based on a 1 or 3 year contract so they are suitable for workloads that will run for the duration of the contract period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which feature enables fast, easy, and secure transfers of files over long distances between a client and an Amazon S3 bucket?

  1. S3 Static Websites
  2. S3 Copy
  3. Multipart Upload
  4. S3 Transfer Acceleration
A

Amazon S3 Transfer Acceleration

Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket.
S3 Transfer Acceleration leverages Amazon CloudFront’s globally distributed AWS Edge Locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Under the AWS shared responsibility model what is AWS responsible for? (Select TWO.)

  1. Physical security of the data center
  2. Replacement and disposal of disk drives
  3. Configuration of security groups
  4. Patch management of operating systems
  5. Encryption of customer data
A

Physical security of the data center & Replacement and disposal of disk drives

AWS are responsible for “Security of the Cloud” and customers are responsible for “Security in the Cloud”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which AWS service is known as a “serverless” service and runs code as functions triggered by events?

  1. Amazon ECS
  2. AWS Lambda
  3. Amazon CodeDeploy
  4. Amazon Cognito
A

AWS Lambda

AWS Lambda lets you run code as functions without provisioning or managing servers. Lambda-based applications (also referred to as serverless applications) are composed of functions triggered by events. With serverless computing, your application still runs on servers, but all the server management is done by AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which statement best describes Amazon Route 53?

  1. Amazon Route 53 is a service that enables routing within VPCs in an account
  2. Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service
  3. Amazon Route 53 enables hybrid cloud models by extending an organization’s on-premise networks into the AWS cloud
  4. Amazon Route 53 is a service for distributing incoming connections between a fleet of registered EC2 instances
A

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A company needs to optimize costs and resource usage through monitoring of operational health for all resources running on AWS. Which AWS service will meet these requirements?

  1. AWS Control Tower
  2. Amazon CloudWatch
  3. AWS CloudTrail
  4. AWS Config
A

Amazon CloudWatch

Amazon CloudWatch is a performance monitoring tool that receives metrics from AWS services. This data can be used for monitoring the operational
health of resources as well as being used to optimize costs through ensuring systems are right-sized and just enough capacity is provisioned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which service provides a way to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs?

  1. Amazon Elastic Transcoder
  2. AWS Glue
  3. Amazon Rekognition
  4. Amazon Comprehend
A

Amazon Elastic Transcoder

Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or “transcode”) video and audio
files from their source format into versions that will playback on devices like smartphones, tablets and PCs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

When using AWS Organizations with consolidated billing what are two valid best practices? (Select TWO.)

  1. Always enable multi-factor authentication (MFA) on the root account
  2. Always use a straightforward password on the root account
  3. The paying account should be used for billing purposes only
  4. Use the paying account for deploying resources
  5. Never exceed the limit of 20 linked accounts
A

Enable MFA & The Paying account should be used for billing purposes only

When using AWS Organizations with consolidated billing, best practices include:
- Always enable multi-factor authentication (MA) on the root account.
-The Paying account should be used for billing purposes only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which AWS support plan comes with a Technical Account Manager (TAM)?

  1. Basic
  2. Developer
  3. Business
  4. Enterprise
A

Enterprise

Only the Enterprise plan comes with a TAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which service provides the ability to simply upload applications and have AWS handle the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring?

  1. Amazon EC2
  2. AWS Elastic Beanstalk
  3. Amazon EC2 Auto Scaling
  4. AWS OpsWorks
A

AWS Elastic Beanstalk

AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

You are concerned that you may be getting close to some of the default service limits for several AWS services. What AWS tool can be used to display current usage and limits?

  1. AWS Cloud Watch
  2. AWS Personal Health Dashboard
  3. AWS Trusted Advisor
  4. AWS Systems Manager
A

Trusted Advisor

Trusted Advisor provides real time guidance to help you provision your resources following AWS best practices. Offers a Service Limits check (in the Performance category) that displays your usage and limits for some aspects of some services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

You need to run a production process that will use several EC2 instances and run constantly on an ongoing basis. The process cannot be interrupted or restarted without issue. What EC2 pricing model would be best for this workload?

  1. Reserved instances
  2. Spot instances
  3. On-demand instances
  4. Flexible instances
A

Reserved Instances

Reserved Instance (RIs) provide you with a significant discount (up to 75%) compared to On-Demand instance pricing. You have the flexibility to change families, OS types, and tenancies while benefitting from RI pricing when you use Convertible RIs.

28
Q

Which AWS service does API Gateway integrate with to enable users from around the world to achieve the lowest possible latency for API requests and responses?

  1. AWS Direct Connect
  2. Amazon S3 Transfer Acceleration
  3. Amazon CloudFront
  4. AWS Lambda
A

Amazon CloudFront

Amazon CloudFront is used as the public endpoint for API Gateway. Provides reduced latency and distributed denial of service protection through the use of CloudFront.

29
Q

Which service can an organization use to track API activity within their account?

  1. AWS CloudTrail
  2. Amazon Cloud Watch
  3. AWS IAM
  4. AWS CloudHSM
A

AWS CloudTrail

AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket.

30
Q

What tool provides real time guidance to help you provision your resources following best practices in the area of cost optimization, performance, security and fault tolerance?

  1. AWS Inspector
  2. AWS Trusted Advisor
  3. AWS Personal Health Dashboard
  4. AWS IAM
A

AWS Trusted Advisor

Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment. Trusted Advisor provides real time guidance to help you provision your
resources following best practices. Advisor will advise you on Cost Optimization, Performance, Security, and Fault Tolerance

31
Q

What is the best way for an organization to transfer hundreds of terabytes of data from their on-premise data center into Amazon S3 with limited bandwidth available?

  1. Use S3 Transfer Acceleration
  2. Apply compression before uploading
  3. Use AWS Snowball
  4. Use Amazon CloudFront
A

AWS Snowball

Snowball is a petabyte-scale data transport solution that uses devices
designed to be secure to transfer large amounts of data into and out
of the AWS Cloud. Using Snowball addresses common challenges with
large-scale data transfers including high network costs, long transfer
times, and security concerns

32
Q

Which database allows you to scale at the push of a button without incurring any downtime?

  1. Amazon RDS
  2. Amazon EMR
  3. Amazon DynamoDB
  4. Amazon RedShift
A

Amazon Dynamo DB

Amazon Dynamo DB is a fully managed NoSQL database service thatprovides fast and predictable performance with seamless scalability. Push button scaling means that you can scale the DB at any time without incurring downtime.

33
Q

What are the charges for using Amazon Glacier? (Select TWO.)

  1. Data transferred into Glacier
  2. Retrieval requests
  3. Data storage
  4. Enhanced networking
  5. Number of Availability Zones
A

Retrieval Requests & Data Storage

With Amazon Glacier you pay for storage on a per GB / month basis,
retrieval requests and quantity (based on expedited, standard, or bulk), and data transfer out of Glacier.

34
Q

Which of the following statements are correct about the benefits of AWS Direct Connect? (Select TWO.)

  1. Quick to implement
  2. Increased reliability (predictable performance)
  3. Lower cost than a VPN
  4. Increased bandwidth (predictable bandwidth)
  5. Uses redundant paths across the Internet
A

Increased Reliability & Increased Bandwidth

AWS Direct Connect is a network service that provides an alternative to
using the Internet to connect customers’ on premise sites to AWS.
Data is transmitted through a private network connection between
AWS and a customer’s data center or corporate network.

35
Q

Which AWS service lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments?

  1. AWS Elastic Beanstalk
  2. AWS CloudFormation
  3. AWS Systems Manager
  4. AWS Ops Works
A

AWS OpsWorks

AWS OpsWorks is a configuration management service that provides
managed instances of Chef and Puppet. OpsWorks lets you use Chef
and Puppet to automate how servers are configured, deployed, and
managed across your Amazon EC2 instances or on-premises compute
environments.

36
Q

Which AWS database service provides a fully managed data warehouse that can be analyzed using SQL tools and business intelligence tools?

  1. Amazon RDS
  2. Amazon DynamoDB
  3. Amazon RedShift
  4. Amazon ElastiCache
A

Amazon RedShift

Amazon RedShift is a fully managed data warehouse service designed to handle petabytes of data for analysis. Data can be analyzed with standard SQL tools and business intelligence tools. RedShift allows you to run complex analytic queries against petabytes of structured data.

37
Q

Which service can be used to create sophisticated, interactive graph applications?

  1. Amazon RedShift
  2. Amazon Neptune
  3. AWS X-Ray
  4. Amazon Athena
A

Amazon Neptune

Amazon Neptune is a fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. With Amazon Neptune, you can create sophisticated, interactive graph applications that can query billions of relationships in milliseconds.

38
Q

When using Amazon IAM, what authentication methods are available to use? (Select TWO.)

  1. Client certificates
  2. Access keys
  3. AWS KMS
  4. Server certificates
  5. AES 256
A

Access Keys & Server Certificates

Supported authentication methods include console passwords, access
keys and server certificates. Access keys are a combination of an access key ID and a secret access key and can be used to make programmatic calls to AWS. Server certificates are SSL/TLS certificates that you can use to
authenticate with some AWS services.

39
Q

How does the consolidated billing feature of AWS Organizations treat Reserved Instances that were purchased by another account in the organization?

  1. All accounts in the organization are treated as one account so any account can receive the hourly cost benefit
  2. Only the master account can benefit from the hourly cost benefit of the reserved instances
  3. All accounts in the organization are treated as one account for volume discounts but not for reserved instances
  4. AWS Organizations does not support any volume or reserved instance benefits across accounts, it is just a method of aggregating bills
A

All accounts in the organization are treated as one account so any account can receive the hourly cost benefit

For billing purposes, the consolidated billing feature of AWS Organizations treats all the accounts in the organization as one account. This means that all accounts in the organization can receive the hourly
cost benefit of Reserved Instances that are purchased by any other
account.

40
Q

Which of the below AWS services supports automated backups as a default configuration?

  1. Amazon S3
  2. Amazon RDS
  3. Amazon EC2
  4. Amazon EBS
A

Amazon RDS

Amazon RDS automated backups allow point in time recovery to any point within the retention period down to a second. When automated backups are turned on for your DB Instance, Amazon RDS automatically performs a full daily snapshot of your data (during your preferred backup window) and captures transaction logs (as updates to your DB Instance are made).

41
Q

What are the advantages of Availability Zones? (Select TWO.)

  1. They allow regional disaster recovery
  2. They provide fault isolation
  3. They enable the caching of data for faster delivery to end users
  4. They are connected by low-latency network connections
A

They provide fault isolation & They are connected by low-latency network connections

42
Q

Which of the options below are recommendations in the cost optimization pillar of the well-architected framework? (Select TWO.)

  1. Adopt a consumption model
  2. Adopt a capital expenditure model
  3. Start spending money on data center
    operations
  4. Analyze and attribute expenditure
  5. Manage your services independently
A

Adopt a consumption model & Analyze and attribute expenditure

43
Q

What are Edge locations used for?

  1. They are used for terminating VPN connections
  2. They are used by CloudFront for caching content
  3. They are the public-facing APIs for Amazon S3
  4. They are used by regions for inter-region connectivity
A

They are used by CloudFront for caching content

An edge location is used by CloudFront and is the location where content is cached (separate to AWS regions/AZs). Requests are automatically routed to the nearest edge location. Edge locations are not tied to Availability Zones or regions

44
Q

To ensure the security of your AWS account, what are two AWS best practices for managing access keys? (Select TWO.)

  1. Don’t create any access keys, use IAM roles instead
  2. Don’t generate an access key for the root account user
  3. Where possible, use IAM roles with temporary security credentials
  4. Rotate access keys daily
  5. Use MFA for access keys
A

Don’t generate an access key for the root account user & Where possible, use IAM roles with temporary security credentials

45
Q

An Amazon EC2 instance running the Amazon Linux 2 AMI is billed in what increment?

  1. Per second
  2. Per hour
  3. Per CPU
  4. Per GB
A

Per Second

Amazon EC2 instances running Linux are billed in one second
increments, with a minimum of 60 seconds.

46
Q

To gain greater discounts, which services can be reserved? (Select TWO.)

  1. Amazon RedShift
  2. Amazon S3
  3. AWS Lambda
  4. Amazon DynamoDB
  5. Amazon Cloud Watch
A

Amazon RedShift & Amazon DynamoDB

Reservations provide you with greater discounts, up to 75%, by paying for capacity ahead of time. Some of the services you can reserve include: EC2, DynamoDB, ElastiCache, RDS, and RedShift.

47
Q

Which service allows an organization to view operational data from multiple AWS services through a unified user interface and automate operational tasks?

  1. AWS Config
  2. AWS Ops Works
  3. AWS Systems Manager
  4. Amazon CloudWatch
A

AWS Systems Manager

AWS Systems Manager gives you visibility and control of your
infrastructure on AWS. Systems Manager provides a unified user
interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS
resources.

48
Q

How can an organization track resource inventory and configuration history for the purpose of security and regulatory compliance?

  1. Configure AWS Config with the resource types
  2. Create an Amazon CloudTrail trail
  3. Implement Amazon GuardDuty
  4. Run a report with AWS Artifact
A

Configure AWS Config with the resource types

AWS Config is a fully-managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and regulatory compliance.

49
Q

A security operations engineer needs to implement threat detection and monitoring for malicious or unauthorized behavior. Which service should be used?

  1. AWS Shield
  2. AWS KMS
  3. AWS CloudHSM
  4. AWS GuardDuty
A

Amazon GuardDuty

Amazon GuardDuty offers threat detection and continuous security monitoring for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.

50
Q

Which authentication method is used to authenticate programmatic calls to AWS services?

  1. Console password
  2. Server certificate
  3. Key pair
  4. Access keys
A

Access keys

Access keys are a combination of an access key ID and a secret access
key. They are used to make programmatic calls to AWS using the API.

51
Q

What is a benefit of moving an on-premises database to Amazon Relational Database Service (RDS)?

  1. There is no need to manage operating systems
  2. You can scale vertically without downtime
  3. There is no database administration required
  4. You can run any database engine
A

There is no need to manage operating systems

With Amazon RDS, which is a managed service, you do not need to manage operating systems. This reduces operational costs.

52
Q

What are the benefits of using Amazon Rekognition with image files?

  1. Can be used to resize images
  2. Can be used to identify objects in an image
  3. Can be used to transcode audio
  4. Can help with image compression
A

Can be used to identify objects in an image

Rekognition Image is a deep learning powered image recognition service that detects objects, scenes, and faces; extracts text; recognizes celebrities; and identifies inappropriate content in images. It also allows you to search and compare faces.

53
Q

Which IAM entity is associated with an access key ID and secret access
key?

  1. IAM Group
  2. IAM Role
  3. IAM Policy
  4. IAM User
A

I AM User

An access key ID and secret access key are used to sign programmatic
requests to AWS. They are associated with an IAM user

54
Q

Which IAM entity can be used for assigning permissions to multiple users?

  1. IAM User
  2. IAM Group
  3. IAM Role
  4. IAM password policy
A

IAM Group

Groups are collections of users and have policies attached to them. You can use groups to assign permissions to multiple users. To do this place the users in the group and then create an IAM policy with the correct permissions and attach it to the group.

55
Q

Which service can be used to cost-effectively move exabytes of data into AWS?

  1. AWS Snowmobile
  2. AWS Snowball
  3. S3 Transfer Acceleration
  4. S3 Cross-Region Replication (CRR)
A

AWS Snowmobile

With AWS Snowmobile you can move 100PB per snowmobile. AWS call
this an “Exabyte-scale data transfer service”.

56
Q

Which AWS services are associated with Edge Locations? (Select TWO.)

  1. Amazon CloudFront
  2. AWS Direct Connect
  3. AWS Shield
  4. Amazon EBS
  5. AWS Config
A

CloudFront & Shield

Edge Locations are parts of the Amazon CloudFront content delivery network (CDN) that are all around the world and are used to get content closer to end-users for better performance.

57
Q

Which service can be used to easily create multiple accounts?

  1. AWS IAM
  2. AWS CloudFormation
  3. AWS Organizations
  4. Amazon Connect
A

AWS Organizations

AWS Organizations can be used for automating AWS account creation
via the Organizations API.

58
Q

What is a specific benefit of an Enterprise Support plan?

  1. Included Technical Support Manager
  2. Included AWS Solutions Architect
  3. Included Cloud Support Associate
  4. Included Technical Account Manager
A

Included Technical Account Manager

Only the Enterprise Support plan gets a Technical Account Manager (TAM).

59
Q

You have been running an on-demand Amazon EC2 instance running Linux for 4hrs, 5 minutes and 6 seconds. How much time will you be billed for?

  1. 5hrs
  2. 4hrs, mins
  3. 4hrs, 5mins, and 6 seconds
  4. 4hrs
A

4hrs, 5mins and 6 seconds

On-demand, Reserved and Spot Amazon EC2 Linux instances are
charged per second with a minimum charge of 1 minute. Therefore, as
the minimum has been exceeded, exactly 4hrs, 5mins and 6 seconds
will be charged.

60
Q

Which of the below is an example of an architectural benefit of moving
to the cloud?

  1. Elasticity
  2. Monolithic services
  3. Proprietary hardware
  4. Vertical scalability
A

Elasticity

A key architectural benefit of moving to the cloud is that you get elasticity. This means your applications can scale as demand increases and scale back as demand decreases. This reduces cost as you only pay for what you use, when you need it.

61
Q

What are the benefits of using reserved instances? (Select TWO.)

  1. Reduced cost
  2. More flexibility
  3. Reserve capacity
  4. Uses dedicated hardware
  5. High availability
A

Reduce Cost & Reserve Capacity

With reserved instances you commit to a 1- or 3-year term and get
a significant discount from the on-demand rate. You can also reserve
capacity in an availability zone with reserved instances.

62
Q

Which AWS tools can be used for automation? (Select TWO.)

  1. AWS Elastic Beanstalk
  2. Elastic Load Balancing
  3. AWS CloudFormation
  4. Amazon Elastic File System (EFS)
  5. AWS Lambda
A

AWS Elastic Beanstalk & AWS CloudFormation

AWS Elastic Beanstalk and AWS CloudFormation are both examples of automation. Beanstalk is a platform service that leverages the automation capabilities of CloudFormation to build out application architectures.

63
Q

Which IAM entity can be used for assigning permissions to AWS services?

  1. IAM Access Key ID and Secret Access Key
  2. IAM Policy
  3. IAM Role
  4. Security Token Service (STS)
A

I AM Role

With IAM Roles you can delegate permissions to resources for users
and services without using permanent credentials (e.g. username and password). To do so you can create a role and assign an IAM policy to the role that has the permissions required.

64
Q

How does Amazon EC2 Auto Scaling help with resiliency?

  1. By distributing connections to EC2 instances
  2. By launching and terminating instances as needed
  3. By changing instance types to increase capacity
  4. By automating the failover of applications
A

By launching and terminating instances as needed

Amazon EC2 Auto Scaling launches and terminates instances as demand changes. This helps with resiliency and high availability as it can also be set to ensure a minimum number of instances are always available.

65
Q

Your CTO wants to move to cloud. What cost advantages are there to moving to cloud?

  1. You provision only what you need and adjust to peak load
  2. You can reduce your marketing costs
  3. You don’t need to pay for application licensing
  4. You get free data transfer into and out of the cloud
A

You provision only what you need and adjust to peak load

One of the best benefits of cloud is that you can launch what you need
to and automatically adjust your resources as demand changes. This
means you only ever pay for what you’re using.

AWS Cloud Practitioner (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions