Cloud Practitioner - PRACTICE 6

Question 1

The AWS Cost Management tools give users the ability to do which of the following? (Select TWO.)

1. Terminate all AWS resources automatically if budget thresholds are exceeded
2. Break down AWS costs by day, service, and linked AWS account
3. Create budgets and receive notifications if current or forecasted usage exceeds the budgets
4. Switch automatically to Reserved Instances or Spot Instances, whichever is most cost- effective
5. Move data stored in Amazon S3 to a more cost-effective storage class

Answer 1

Break down AWS costs by day, service, and linked AWS account & Create budgets and receive notifications if current or forecasted

Question 2

Which AWS service or feature helps restrict the AWS service, resources, and individual API actions the users and roles in each member account can access?

1. Amazon Cognito
2. AWS Organizations
3. AWS Shield
4. AWS Firewall Manager

Answer 2

AWS Organizations

Question 3

Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Select TWO.)

1. Ensuring that application data is encrypted at rest
2. Ensuring that AWS NIP servers are set to the correct time
3. Ensuring that users have received security training in the use of AWS services
4. Ensuring that access to data centers is restricted
5. Ensuring that hardware is disposed of properly

Answer 3

Ensuring that application data is encrypted at rest & Ensuring that users have received security training in the use of AWS services

As a customer on AWS you take responsibility for encrypting data. This includes encrypting data at rest and data in transit. It’s also a customer’s responsibility to properly train their staff in security best practices and procedures for the AWS services they use.

Question 4

Under the AWS shared responsibility model, which of the following are customer responsibilities? (Select TWO.)

1. Setting up server-side encryption on an Amazon S3 bucket
2. Amazon RDS instance patching
3. Network and firewall configurations
4. Physical security of data center facilities
5. Compute capacity availability

Answer 4

Setting up server-side encryption on an Amazon S3 bucket & Network and firewall configurations

As a customer on AWS you take responsibility for encrypting data. This includes encrypting data at rest and data in transit. Another security responsibility the customer owns is setting network and firewall configurations. For instance, you must configure Network ACLs and Security Groups, and any operating
system-level firewalls on your EC2 instances.

Question 5

A web application running on AWS has been received malicious requests from the same set of IP addresses. Which AWS service can help secure the application and block the malicious traffic?

1. AWS IAM
2. Amazon GuardDuty
3. Amazon SNS
4. AWS WAF

Answer 5

AWS WAF

The AWS Web Application Firewall (WAF) is used to protect web applications or APIs against common web exploits. Rules can be created that block traffic based on source IP address.

Question 6

Which AWS service provides the ability to detect inadvertent data leaks of personally identifiable information (PII) and user credential data?

1. Amazon GuardDuty
2. Amazon Inspector
3. Amazon Macie
4. AWS Shield

Answer 6

Amazon Macie

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in Amazon S3.

Question 7

According to the AWS Well-Architected Framework, what change management steps should be taken to achieve reliability in the AWS Cloud? (Select TWO.)

1. Use AWS Config to generate an inventory of AWS resources
2. Use service limits to prevent users from creating or making changes to AWS resources
3. Use AWS CloudTrail to record AWS API calls into an auditable log file
4. Use AWS Certificate Manager to create a catalog of approved services
5. Use Amazon GuardDuty to record API
   activity to an S3 bucket

Answer 7

Use AWS Config to generate an inventory of AWS resources & Use AWS CloudTrail to record AWS API calls into an auditable log file

AWS Config can be used to track the configuration state of your resources and how the state has changed over time. With CloudTrail you can audit who made what API
calls on what resources at what time. This can help with identifying changes that cause reliability issues.

Question 8

Which of the following acts as a virtual firewall at the Amazon EC2 instance level to control traffic for one or more instances?

1. Route table
2. Virtual private gateways (VPG)
3. Security groups
4. Network Access Control Lists (ACL)

Answer 8

Security Groups

A security group is an instance-level firewall that can be used to control traffic the that reaches (ingress/inbound) and is sent out from (egress/outbound) your EC2 instances. Rules are created for inbound or outbound traffic.

Question 9

Which AWS Cloud design principles can help increase reliability? (Select TWO.)

1. Using monolithic architecture
2. Measuring overall efficiency
3. Testing recovery procedures
4. Adopting a consumption model
5. Automatically recovering from failure

Answer 9

Testing recovery procedures
& Automatically recovering from failure

Question 10

Which pricing model will interrupt a running Amazon EC2 instance if capacity becomes temporarily unavailable?

1. On-Demand Instances
2. Standard Reserved Instances
3. Spot Instances
4. Convertible Reserved Instances

Answer 10

Spot Instances

Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. When AWS need to reclaim the capacity you get a 2 minute warning and then your instances are terminated.

Question 11

Which of the following statements about AWS’s pay-as-you-go pricing model is correct?

1. It results in reduced capital expenditures
2. It requires payment up front for AWS services
3. It is relevant only for Amazon EC2, Amazon S3, and Amazon DynamoDB
4. It reduces operational expenditures

Answer 11

It results in reduced capital expenditures

The pay-as-you-go pricing model means you only pay for the services and consumption you actually use. You are charged for compute, storage and outbound data transfer. This model reduces capital expenditure as you pay a monthly bill (operational expenditure).

Question 12

Which AWS service can serve a static website?

1. Amazon S3
2. Amazon Route 53
3. Amazon QuickSight
4. AWS X-Ray

Answer 12

Amazon S3

Question 13

A startup eCommerce company needs to quickly deliver new website features in an iterative manner, minimizing
the time to market. Which AWS Cloud feature allows this?

1. Elasticity
2. High availability
3. Agility
4. Reliability

Answer 13

Agility

Question 14

What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions?

1. Use AWS Direct Connect
2. Use AWS VPN
3. Use AWS Client VPN
4. Use an AWS Transit Gateway

Answer 14

AWS Transit Gateway

AWS Transit Gateway is a service that enables customers to connect their Amazon Virtual Private Clouds (VPCs)
and their on-premises networks to a single gateway.

Question 15

A company is using the AWS CLI and programmatic access of AWS resources from its on-premises network. What is a mandatory requirement in this scenario?

1. Using an AWS Direct Connect connection
2. Using an AWS access key and a secret key
3. Using Amazon API Gateway
4. Using an Amazon EC2 key pair

Answer 15

Using an AWS access key and a secret key

Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret
access key (for example, walrXUtnFEMI/K7MDENG/
bPxRfiCYEXAMPLEKEY). Like a username and password, you must use both the access key ID and secret access key together to authenticate your requests.

Question 16

Which AWS service is suitable for an event-driven workload?

1. Amazon EC2
2. AWS Elastic Beanstalk
3. AWS Lambda
4. Amazon Lumberyard

Answer 16

AWS Lambda

AWS Lambda is an event-driven service. For example you can configure an Amazon S3 bucket with event notifications that trigger an AWS Lambda function when data is uploaded to an S3 bucket.

Question 17

Based on the shared responsibility model, which of the following security and compliance tasks is AWS responsible for?

1. Granting access to individuals and services
2. Encrypting data in transit
3. Updating Amazon EC2 host firmware
4. Updating operating systems

Answer 17

Updating Amazon EC2 host firmware

AWS are responsible for updating Amazon EC2 host firmware. This is considered “security of the cloud”. All other tasks are the responsibility of the customer.

Question 18

Which AWS service can be used to run Docker containers?

1. AWS Lambda
2. Amazon ECR
3. AWS Fargate
4. Amazon AMI

Answer 18

AWS Fargate

AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS).

Question 19

Which type of Elastic Load Balancer operates at the TCP connection level?

1. Application Load Balancer (ALB)
2. Network Load Balancer (NLB)
3. Classic Load Balancer (CLB)
4. Amazon Route 53 Load Balancer

Answer 19

Network Load Balancer (NLB)

A Network Load Balancer functions at the
fourth layer of the Open Systems Interconnection (OSI) model. NLBs direct connections based on information at the TCP connection level.

Question 20

Which AWS technology can be referred to as a “virtual hard disk in the cloud”?

1. Amazon EFS Filesystem
2. Amazon S3 Bucket
3. Amazon EBS volume
4. Amazon ENI

Answer 20

Amazon EBS Volume

An Amazon Elastic Block Store (EBS) volume is often described as a “virtual hard disk in the cloud”. EBS volumes are block-level storage volumes that are attached to EC2 instances much as you would attach a virtual hard disk to a virtual machine in a virtual
infrastructure.

Question 21

In which ways does AWS’ pricing model benefit organizations?

1. Eliminates licensing costs
2. Focus spend on capital expenditure, rather than operational expenditure
3. Reduce the cost of maintaining idle resources
4. Reduces the people cost of application development

Answer 21

Reduce the cost of maintaining idle resources

Using AWS you can provision only what you need and adjust resources automatically and elastically. This reduces the amount of resources that are sitting idle which reduces cost.

Question 22

Which service allows you to monitor and troubleshoot systems using system and application log files generated by those systems?

1. CloudTrail Logs
2. Cloud Watch Metrics
3. CloudWatch Logs
4. CloudTrail Metrics

Answer 22

CloudWatch Logs

Amazon CloudWatch Logs lets you monitor and troubleshoot your systems and applications using your existing system, application and custom log files. Cloud Watch Logs can be used for real time application and system monitoring as well as long term log retention.

Question 23

According to the AWS Shared Responsibility Model,
which of the following is a shared control?

1. Operating system patching
2. Awareness and training
3. Protection of infrastructure
4. Client-side data encryption

Answer 23

Awareness and training

Shared Controls are controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include patch management, configuration management, and awareness and training.

Question 24

Where do Amazon Identity and Access Management (IAM) accounts need to be created for a global organization?

1. In each region where the users are located
2. Just create them once, as IAM is a global service
3. Create them globally, and then replicate them regionally
4. In each geographical area where the users are located

Answer 24

Just create them once, as IAM is a global service

IAM is a global service so you only need to create your users once and can then use those user accounts anywhere globally. The other options are all incorrect. as you do not create IAM accounts regionally, replicate them regionally, or create them within geographical areas.

Question 25

What is the name for the top-level container used to hold objects within Amazon S3?

1. Folder
2. Directory
3. Instance Store
4. Bucket

Answer 25

Bucket

Amazon S3 is an object-based storage system. You upload your objects into buckets.

Question 26

Which of the following are examples of horizontal scaling? (Select TWO.)

1. Add more CPU/RAM to existing instances as demand increases
2. Add more instances as demand increases
3. Requires a restart to scale up or down
4. Automatic scaling using services such as AWS Auto Scaling
5. Scalability is limited by maximum instance size

Answer 26

Add more instances as demand increases & Automatic scaling using services such as AWS Auto Scaling

With horizontal scaling you add more instances to a fleet of instances to service demand as it increases.
This can be achieved automatically by using AWS Auto Scaling to add instances in response to CloudWatch performance metrics.

Question 27

Which resource should you use to access AWS security and compliance reports?

1. AWS Artifact
2. AWS Business Associate Addendum (BAA)
3. AWS IAM
4. AWS Organizations

Answer 27

AWS Artifact

AWS Artifact, available in the console, is a self-service audit artifact retrieval portal that provides our customers with on-demand access to AWS’ compliance documentation and AWS agreements.

Question 28

What methods are available for scaling an Amazon RDS database? (Select TWO.)

1. You can scale up by moving to a larger instance size
2. You can scale out automatically with EC2 Auto Scaling
3. You can scale up by increasing storage capacity
4. You can scale out by implementing Elastic Load Balancing
5. You can scale up automatically using AWS Auto Scaling

Answer 28

You can scale up by moving to a larger instance size & You can scale up by increasing storage capacity

To handle a higher load in your database, you can vertically scale up your master database with a simple push of a button. There are currently over 18 instance sizes that you can choose from when resizing your RDS, MySQL, PostgreSQL, MariaDB, Oracle, or Microsoft SQL Server instance.

Question 29

Which type of scaling does Amazon EC2 Auto Scaling provide?

1. Vertical
2. Linear
3. Horizontal
4. Incremental

Answer 29

Horizontal

Amazon EC2 Auto Scaling scales horizontally by adding launching and terminating EC2 instances based on
actual demand for your application.

Question 30

Which feature of Amazon S3 enables you to create rules to control the transfer of objects between different
storage classes?

1. Object sharing
2. Versioning
3. Lifecycle management
4. Bucket policies

Answer 30

Lifecycle management

To manage your objects so that they are stored cost effectively throughout their lifecycle, configure their Amazon S3 Lifecycle. An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects.

Question 31

How can a database administrator reduce operational overhead for a MySQL database?

1. Migrate the database onto an EC2 instance
2. Migrate the database onto AWS Lambda
3. Use AWS CloudFormation to manage operations
4. Migrate the database onto an Amazon RDS instance

Answer 31

Migrate the database onto an Amazon RDS instance

Amazon RDS is a managed database service that supports MySQL. The DBA can reduce operational overhead by moving to RDS and having less work to do to manage the database.

Question 32

Which AWS database service is schema-less and can be scaled dynamically without incurring downtime?

1. Amazon RDS
2. Amazon Aurora
3. Amazon RedShift
4. Amazon DynamoDB

Answer 32

Amazon DynamoDB

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Push button scaling means that you can scale the DB at any time without incurring downtime. DynamoDB is schema-less.

Question 33

Which type of AWS database is ideally suited to analytics using SQL queries?

1. Amazon DynamoDB
2. Amazon RedShift
3. Amazon RDS
4. Amazon S3

Answer 33

Amazon Redshift

Amazon Redshift is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and existing Business Intelligence (BI) tools. RedShift is a SQL based data warehouse used for analytics applications.

Question 34

Which AWS service is designed to be used for operational analytics?

1. Amazon EMR
2. Amazon Athena
3. Amazon QuickSight
4. Amazon Elasticsearch Service

Answer 34

Amazon Elasticsearch Service

Amazon Elasticsearch Service is involved with operational analytics such as application monitoring, log analytics and clickstream analytics. Amazon Elasticsearch Service allows you to search, explore, filter, aggregate, and visualize your data in near real-time.

Question 35

You need to connect your company’s on-premise network into AWS and would like to establish an AWS managed VPN service. Which of the following configuration items needs to be setup on the Amazon VPC side of the connection?

1. A Virtual Private Gateway
2. A Customer Gateway
3. A Network Address Translation device
4. A Firewall

Answer 35

A Virtual Private Gateway

A Virtual Private Gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual
private gateway and attach it to the VPC from which you want to create the VPN connection.

Question 36

Where are Amazon EBS snapshots stored?

1. On an Amazon EBS instance store
2. On an Amazon EFS filesystem
3. Within the EBS block store
4. On Amazon S3

Answer 36

On Amazon S3

You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved.

Question 37

Which AWS service makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow?

1. Amazon SWF
2. AWS Step Functions
3. Amazon SNS
4. Amazon SES

Answer 37

AWS Step Functions

AWS Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. AWS Step Functions lets you build visual workflows that enable fast translation of business requirements into technical requirements.

Question 38

A Cloud Practitioner is creating the business process workflows associated with an order fulfilment system. Which AWS service can assist with coordinating tasks across distributed application components?

1. AWS STS
2. Amazon SQS
3. Amazon SWF
4. Amazon SNS

Answer 38

Amazon SWF

Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks.

Question 39

Your manager has asked you to explain some of the security features available in the AWS cloud. How can you describe the function of Amazon CloudHSM?

1. It provides server-side encryption for S3 obiects
2. It is a Public Key Infrastructure (PKI)
3. It can be used to generate, use and manage encryption keys in the cloud
4. It is a firewall for use with web applications

Answer 39

It can be used to generate, use and manage encryption keys in the cloud

AWS CloudHSM is a cloud-based hardware security module (HSM) that allows you to easily add secure key storage and high-performance crypto operations to your AWS applications.