CloudAcademy: Knowledge Check: Management (SAA-C03) 2 of 2

Question 1

An AWS CloudFormation _____ allows you to create, update, or delete your stacks across a number of AWS accounts in different regions with a single template.

A. StackSet
B. stack instance
C. stack policy
D. stack trigger

Answer 1

A. StackSet

Explanation:
StackSets allow you to create, update, or delete your stacks across a number of AWS accounts in different regions with a single template.

Question 2

To install the CloudWatch Logs agent on EC2 instances to send data back to CloudWatch, you need to correctly configure an IAM role and attach it to your instance. When attaching permissions policies, what option(s) should you select?

A. Only CloudWatch Agent Server Policy
B. Only Amazon EC2 Role for SSM
C. CloudWatch Agent Server Policy and with Amazon EC2 Role for SSM
D. Only Amazon Cloudwatch service role for SSM

Answer 2

C. CloudWatch Agent Server Policy and with Amazon EC2 Role for SSM

Explanation:
The role that is simply used to install the agent and send data back to CloudWatch needs the following configuration, the ‘select type of trusted identity’ needs to be ‘AWS service’. The option ‘choose the service that will use this role’ needs to be ‘EC2 Allows EC2 instances to call AWS services on your behalf’. And finally under the ‘Attach Permissions Policies’ it needs to be ‘CloudWatch Agent Server Polic’y and ‘Amazon EC2 Role for SSM’.

Question 3

What is an AWS CloudFormation stack?

A. a JSON or YAML file that describes your environment and resources to build within your account
B. a tool that allows you to replicate existing infrastructure that wasn’t deployed using CloudFormation
C. a set of AWS resources that you can provision, update, or delete all at once
D. a tool that allows you to visually create your environment through a drag-and-drop interface, which allows CloudFormation to automatically create a template based off of your design

Answer 3

C. a set of AWS resources that you can provision, update, or delete all at once

Explanation:
A CloudFormation stack is a set of AWS resources that you can provision, update, or delete all at once.

Question 4

Which of the following are use cases for AWS Glue? (Choose 3 answers)

A. Queries against an Amazon S3 data lake
B. Unified view of data across multiple data stores
C. Analyze log data in data warehouse
D. Generate the schema for structured data

Answer 4

A. Queries against an Amazon S3 data lake
B. Unified view of data across multiple data stores
C. Analyze log data in data warehouse

Explanation:
We can use the AWS Glue Data Catalog to quickly discover and search across multiple AWS data sets without moving the data. Once the data is cataloged, it is immediately available for search and query using Amazon Athena, Amazon EMR, and Amazon Redshift Spectrum. AWS Glue generates the schema for Userr semi-structured data, creates ETL code to transform, flatten, and enrich Userr data, and loads Userr data warehouse on a recurring basis.

Question 5

In AWS Cost Explorer, _____ costs represent your usage costs on the day that they are charged to you, or, in finance terms, they represent your costs on a cash basis of accounting.

A. standard
B. recurrent
C. unblended
D. amortized

Answer 5

C. unblended

Explanation:
The unblended costs represent your usage costs on the day that they are charged to you, or, in finance terms, they represent your costs on a cash basis of accounting.

Question 6

When a log file is delivered to an S3 bucket, CloudTrail creates a ______ which is a set of unique characters created from a data source.

A. Hash File
B. Log File
C. Data File
D. Action File

Answer 6

A. Hash File

Explanation:
When a log file is delivered to an S3 bucket a hash is created for it by CloudTrail. A hash file is a set of characters that are unique that are created from a data source.

Question 7

Which AWS Glue component can scan data in all kinds of repositories, classify it, extract schema information from it, and store the metadata automatically?

A. AWS Glue Crawlers
B. AWS Glue Data Catalog
C. AWS Glue ETL Operations
D. AWS Glue Jobs system

Answer 7

A. AWS Glue Crawlers

Explanation:
AWS Glue also lets user set up crawlers that can scan data in all kinds of repositories, classify it, extract schema information from it, and store the metadata automatically in the AWS Glue Data Catalog. The AWS Glue Data Catalog can then be used to guide ETL operations.

Question 8

In AWS, _____ allow the user to receive notifications when costs or usage exceed a certain predefined amount.

A. budgets
B. quotas
C. thresholds
D. alarms

Answer 8

A. budgets

Explanation:
Budgets allow the user to get notified when costs or usage exceed a certain predefined amount.

Question 9

Which of the following actions is not a best practice for AWS resource tagging?

A. Use a consistent tag naming convention.
B. Tag as few resources as possible.
C. Think of a certain use case before adding a tag.
D. Find redundancies and overlapping tags and simplify them.

Answer 9

B. Tag as few resources as possible.

Explanation:
Let’s look at some tagging best practices. Tag everything. Tag as many resources as possible so that no resource is left untagged. Make this a rule. Next, find a purpose for each tag. Think of a certain use case before adding a tag. Find redundancies and overlapping tags and simplify them. Next, consistency is key. Use a consistent naming convention.

Question 10

What is the purpose of AWS CloudFormation?

A. to provision infrastructure resources via a simple template in a YAML or JSON format
B. to connect to, configure, and provision an RDS or DynamoDB database
C. to create a Virtual Private Cloud with both private and public subnets with Network Access Control Lists for security
D. to introduce autoscaling and elastic load balancers for higher variability

Answer 10

A. to provision infrastructure resources via a simple template in a YAML or JSON format

Explanation:
Now, by using AWS CloudFormation you can provision all of your infrastructure resources that you require via a simple template in a YAML or JSON format.

Question 11

____ tags are special tags that are used by Cost Explorer and other services for allocation and visualization.

A. Simple Resource Name
B. Cost allocation
C. Environment
D. Cost visualization

Answer 11

B. Cost allocation

Explanation:
Cost allocation tags are special tags that are used by Cost Explorer and other services for allocation and visualization.

Question 12

Which of the following actions is not a best practice for AWS resource tagging?

A. Audit and maintain your tags.
B. Maximize the number of different tags you adopt.
C. Automate tag management.
D. Set up policies to forbid launching untagged resources.

Answer 12

B. Maximize the number of different tags you adopt.

Explanation:
Let’s look at some tagging best practices. Limit the number of tags you adopt. Automate tag management. Set up policies to forbid launching untagged resources. And, finally, audit and maintain your tags.

Question 13

With _____, AWS introduced a sort of reward system for particularly active users and developers.

A. billing
B. credits
C. vouchers
D. rewards

Answer 13

B. credits

Explanation:
With credits, AWS introduced a sort of reward system for particularly active users and developers. You can use them instead of spending money on certain services.

Question 14

Which of the following actions is not a best practice for AWS resource tagging?

A. Keep the number of different tags as low as necessary, but the information value of each tag as high as possible.
B. Tag maintenance should involve at most one or two people from the team.
C. Make it a habit to review tags from time to time and verify their purpose.
D. Make use of tools like the AWS tag editor to automate your tagging.

Answer 14

B. Tag maintenance should involve at most one or two people from the team.

Explanation:
Let’s look at some tagging best practices. Obviously, the more tags you have, the more tags you have to deal with. Keep the number as low as necessary, but the information value as high as possible. Make use of tools like the AWS Tag Editor to automate your tagging. Make it a habit to review tags from time to time and verify their purpose. Tag maintenance is essential and should involve everyone on the team.

Question 15

AWS Artifact reports are known as _____.

A. compliance agreements
B. SOC artifacts
C. audit artifacts
D. identity-based policies

Answer 15

C. audit artifacts

Explanation:
AWS Artifact reports consist of AWS auditor-issued reports and include everything from ISO certifications to PCI and SOC reports. These reports, known as audit artifacts, may be shared with auditors and regulators by creating IAM users with an associated identity-based policy that grants access only to the necessary reports.

Question 16

_______ allows you to capture IP traffic information that travels between the network interfaces of your resources within your VPC.

A. VPC Flow Logs
B. Data Logs
C. IP Logs
D. CloudFront access logs

Answer 16

A. VPC Flow Logs

Explanation:
VPC Flow Logs allows you to capture IP traffic information that flows between your network interfaces of your resources within your VPC.

Question 17

The AWS _____ is a complex CSV file that stores all details about your cost and usage data for all AWS resources.

A. Financial Report (FR)
B. Recurrent Charges Report (RCR)
C. Billing Report (BR)
D. Cost and Usage Reports (CUR)

Answer 17

D. Cost and Usage Reports (CUR)

Explanation:
The CUR is a pretty complex CSV file that stores all details about your cost and usage data for all AWS resources. Enabling the CUR is super important because it’s the most granular and detailed mechanism with which to collect data for AWS costs and usage. It offers historical by-the-hour data that can offer clarity on trends and lead to a more accurate data-driven insight.

Question 18

In AWS Cost Explorer, _____ costs are a powerful tool if you seek to gain insight into the effective daily costs associated with your reservation portfolio, or when you are looking for an easy way to normalize costs and usage information when operating at scale.

A. standard
B. recurrent
C. unblended
D. amortized

Answer 18

D. amortized

Explanation:
Amortized costs are a powerful tool if you seek to gain insight into the effective daily costs associated with your reservation portfolio, or when you are looking for an easy way to normalize costs and usage information when operating at scale.

Question 19

To enableloggingfor your CloudFront distribution, the user account activating that feature need to have access to which of the policies? (Choose 2 answers)

A. S3 GetBucketAcl
B. S3 PutBucketAcl
C. S3 GetObjectAcl
D. S3 PutObjectAcl

Answer 19

A. S3 GetBucketAcl
B. S3 PutBucketAcl

Explanation:
To enablelogging for your distribution, the user account activating that feature must have full control on the ACL for the S3 bucket, along with the S3 GetBucketAcl and S3 PutBucketAcl.

Question 20

AWS _____ reports include items for each unique combination of product, usage type, and operation that is used in your AWS environment.

A. cost and usage
B. financial
C. KPI
D. efficiency and resource

Answer 20

A. cost and usage

Explanation:
With the help of AWS cost and usage reports, you can track the monthly AWS costs and usage associated with your AWS account. The report includes items for each unique combination of product, usage type, and operation that is used in your AWS environment.q

Question 21

How does AWS CloudFormation make it easier for others to review and verify your code?

A. The entire infrastructure is deployed via scripted code, which allows it to be reviewed easily.
B. Code reviews and comments are managed automatically in AWS CloudFormation using SNS messages.
C. Code reviews and comments are managed automatically in AWS CloudFormation using AWS Lambda functions.
D. It allows you to deploy the same level of infrastructure and resources across multiple regions.

Answer 21

A. The entire infrastructure is deployed via scripted code, which allows it to be reviewed easily.

Explanation:
Simply Code: As the entire infrastructure is deployed via scripted code, it may make it easy for other members of your team or people outside of the team to review and verify your code to ensure that it’s correct before deployment.

Question 22

Which of the following services lets you easily visualize and analyze your data, create detailed and precise visualizations, and then publish your dashboards and analyses?

A. Amazon QuickSight
B. Amazon Athena
C. AWS Glue
D. Amazon Rekognition

Answer 22

A. Amazon QuickSight

Explanation:
Amazon QuickSight lets you easily visualize and analyze your data. Similar to Athena, you can put datasets from AWS and outside sources into the service and let it process the data for you for easier exploration and deeper analysis. What’s more, you can create outstandingly detailed and precise visualizations. Moreover, the service lets you publish and share your dashboards and analyses with anyone, regardless of the receiver’s AWS knowledge.

Question 23

The ____ contains details of all the logs delivered within the last hour along with a hash for each of them.

A. Digest file
B. Hash File
C. Log File
D. Data File

Answer 23

A. Digest file

Explanation:
CloudTrail creates a new file every hour, called a digest file, which is used to help verify your log files have not changed. The digest file contains details of all the logs delivered within the last hour along with a hash for each of them.

Question 24

Which of the following statements about audit artifacts in AWS Artifact is false?

A. They can and should inform the security controls you choose to implement as part of your own cloud architecture and solution design.
B. The compliance reports provided within AWS Artifact certify the security/compliance of your company, organization, or application.
C. They allow you to provide evidence of AWS security controls to ensure compliance with any applicable governance, regulations, or frameworks when architecting solutions in the AWS cloud.
D. They may be shared with auditors and regulators by creating IAM users with an associated identity-based policy that grants access only to the necessary reports.

Answer 24

B. The compliance reports provided within AWS Artifact certify the security/compliance of your company, organization, or application.

Explanation:
These reports, known as audit artifacts, may be shared with auditors and regulators by creating IAM users with an associated identity-based policy that grants access only to the necessary reports. And these audit artifacts allow you to provide evidence of AWS security controls to ensure compliance with any applicable governance, regulations, or frameworks when architecting solutions in the AWS cloud. Now, of course, this is always done in accordance with the AWS Shared Responsibility Model, where AWS is responsible for the underlying security OF the cloud, but you remain responsible for your own systems’ and applications’ security IN the cloud. However, these audit artifacts can and should inform the security controls you choose to implement as part of your own cloud architecture and solution design.

Question 25

Arrange the following steps in the correct order for creating an AWS Glue Crawler. A. Create a new name for Crawler. B. Create the schedule for this crawler and configure the crawler’s output. C. Choose a data store for the crawler and include a path to the data store.

A. A - B - C
B. B - C - A
C. A - C - B
D. B - A - C

Answer 25

C. A - C - B

Explanation:
Firstly, name crawler. User must then choose a data store and include a path to it and here User might include aced glued patterns. Optionally, add another data store, select the IAM row or create a new one. Create the schedule for this crawler, configure the crawler’s output and in this step, User must add or select an existing database which contains tables created by the crawler User are creating and finally there are other configuration options as per the requirments.