ET wrong Flashcards
Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)?
A. Sustainability
B. Performance efficiency
C. Governance
D. Reliability
Correct Answer: C. Governance
Explanation: Governance is one of the six perspectives of AWS CAF, focusing on managing and measuring cloud investments while ensuring compliance.
WRONG:
A. Sustainability - Not an AWS CAF perspective (it is a pillar of the AWS Well-Architected Framework).
B. Performance efficiency - A Well-Architected Framework pillar, not an AWS CAF perspective.
D. Reliability - Also a Well-Architected Framework pillar, not part of AWS CAF.
Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose two.)
A. AWS Cost Explorer
B. AWS Billing Conductor
C. Amazon CodeGuru
D. Amazon SageMaker
E. AWS Compute Optimizer
A. AWS Cost Explorer & E. AWS Compute Optimizer
Explanation:
AWS Cost Explorer helps analyze costs and usage, identifying cost-saving opportunities.
AWS Compute Optimizer provides recommendations for EC2 instance sizing based on utilization patterns.
WRONG
B. AWS Billing Conductor - Used for billing customization, not rightsizing.
C. Amazon CodeGuru - Focuses on improving code quality, not EC2 sizing.
D. Amazon SageMaker - A machine learning service, unrelated to EC2 rightsizing.
An e-learning platform needs to run an application for 2 months each year. The application will be deployed on Amazon EC2 instances. Any application downtime during those 2 months must be avoided.
Which EC2 purchasing option will meet these requirements MOST cost-effectively?
A. Reserved Instances
B. Dedicated Hosts
C. Spot Instances
D. On-Demand Instances
D. On-Demand Instances
Explanation: On-Demand instances are cost-effective for short-term, unpredictable workloads without long-term commitments.
WRONG:
A. Reserved Instances - More cost-effective for long-term, continuous workloads.
B. Dedicated Hosts - More expensive and used for compliance or licensing needs.
C. Spot Instances - Cheapest but can be interrupted at any time, unsuitable for zero downtime needs.
A developer wants to deploy an application quickly on AWS without manually creating the required resources.
Which AWS service will meet these requirements?
A. Amazon EC2
B. AWS Elastic Beanstalk
C. AWS CodeBuild
D. Amazon Personalize
Correct Answer: B. AWS Elastic Beanstalk
Explanation: Elastic Beanstalk automates deployment, scaling, and management of applications.
WRONG:
A. Amazon EC2 - Requires manual setup.
C. AWS CodeBuild - Builds and tests code but does not deploy applications.
D. Amazon Personalize - A machine learning service for recommendations, not deployment.
A company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks.
Which pillar of the AWS Well-Architected Framework is supported by these goals?
A. Reliability
B. Security
C. Operational excellence
D. Performance efficiency
Correct Answer: B. Security
Explanation: Security focuses on protecting AWS systems, assessing risks, and mitigating threats.
WRONG:
A. Reliability - Ensures system recovery and resilience.
C. Operational excellence - Focuses on process improvements.
D. Performance efficiency - Optimizes resource utilization.
Which tasks are customer responsibilities, according to the AWS shared responsibility model? (Choose two.)
A. Configure the AWS provided security group firewall.
B. Classify company assets in the AWS Cloud.
C. Determine which Availability Zones to use for Amazon S3 buckets.
D. Patch or upgrade Amazon DynamoDB.
E. Select Amazon EC2 instances to run AWS Lambda on.
A. Configure the AWS provided security group firewall. & B. Classify company assets in the AWS Cloud.
Explanation: Customers are responsible for configuring security settings and classifying their data.
WRONG:
C. Availability Zones for S3 - AWS handles data durability; customers do not choose AZs.
D. Patching DynamoDB - AWS manages DynamoDB as a fully managed service.
E. Running EC2 for Lambda - Lambda does not require EC2 instances.
A company has 5 TB of data stored in Amazon S3. The company plans to occasionally run queries on the data for analysis.
Which AWS service should the company use to run these queries in the MOST cost-effective manner?
A. Amazon Redshift
B. Amazon Athena
C. Amazon Kinesis
D. Amazon RDS
Correct Answer: B. Amazon Athena
Explanation: Athena enables SQL queries on S3 data without requiring database setup, making it cost-effective.
WRONG:
A. Redshift - A data warehouse for structured data, more expensive for occasional queries.
C. Kinesis - Used for real-time streaming, not querying.
D. RDS - A relational database, not optimized for querying S3.
Which AWS service can run a managed PostgreSQL database that provides online transaction processing (OLTP)?
A. Amazon DynamoDB
B. Amazon Athena
C. Amazon RDS
D. Amazon EMR
Correct Answer: C. Amazon RDS
Explanation: Amazon RDS supports managed relational databases, including PostgreSQL.
WRONG:
A. DynamoDB - NoSQL database, not relational.
B. Athena - Used for querying, not OLTP.
D. EMR - Used for big data processing, not OLTP.
A company wants to provide managed Windows virtual desktops and applications to its remote employees over secure network connections.
Which AWS services can the company use to meet these requirements? (Choose two.)
A. Amazon Connect
B. Amazon AppStream 2.0
C. Amazon WorkSpaces
D. AWS Site-to-Site VPN
E. Amazon Elastic Container Service (Amazon ECS)
B. Amazon AppStream 2.0 & C. Amazon WorkSpaces
Explanation:
Amazon AppStream 2.0 - Streams desktop applications.
Amazon WorkSpaces - Provides virtual desktops.
WRONG:
A. Amazon Connect - A call center service.
D. Site-to-Site VPN - Connects networks, not desktops.
E. ECS - Container service, unrelated to virtual desktops.
A company wants to monitor for misconfigured security groups that are allowing unrestricted access to specific ports.
Which AWS service will meet this requirement?
A. AWS Trusted Advisor
B. Amazon CloudWatch
C. Amazon GuardDuty
D. AWS Health Dashboard
Correct Answer: A. AWS Trusted Advisor
Explanation: Trusted Advisor checks for security misconfigurations, including overly permissive security groups.
WRONG:
B. CloudWatch - Monitors metrics, not security settings.
C. GuardDuty - Detects threats, not security misconfigurations.
D. Health Dashboard - Reports AWS service health, not security issues.
Which AWS service is a key-value database that provides sub-millisecond latency on a large scale?
A. Amazon DynamoDB
B. Amazon Aurora
C. Amazon DocumentDB (with MongoDB compatibility)
D. Amazon Neptune
Correct Answer: A. Amazon DynamoDB
Explanation: DynamoDB is a key-value NoSQL database optimized for high-speed, large-scale applications.
WRONG:
B. Aurora - A relational database, not key-value.
C. DocumentDB - A document-based NoSQL database.
D. Neptune - A graph database.
Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.)
A. EC2 Reserved Instances
B. EC2 Amazon Machine Images (AMIs)
C. Amazon Elastic Block Store (Amazon EBS) snapshots
D. AWS Shield
E. Amazon GuardDuty
B. EC2 Amazon Machine Images (AMIs) & C. Amazon Elastic Block Store (Amazon EBS) snapshots
Explanation:
EC2 AMIs - Capture full instance configurations for backup/recovery.
EBS snapshots - Backup storage volumes for disaster recovery.
WRONG
A. Reserved Instances - Provide cost savings, not disaster recovery.
D. AWS Shield - Protects against DDoS attacks, not disaster recovery.
E. GuardDuty - Detects threats but does not help with recovery.
A network engineer needs to build a hybrid cloud architecture connecting on-premises networks to the AWS Cloud using AWS Direct Connect. The company has a few VPCs in a single AWS Region and expects to increase the number of VPCs to hundreds over time.
Which AWS service or feature should the engineer use to simplify and scale this connectivity as the VPCs increase in number?
A. VPC endpoints
B. AWS Transit Gateway
C. Amazon Route 53
D. AWS Secrets Manager
Correct Answer: B. AWS Transit Gateway
Explanation: AWS Transit Gateway simplifies connectivity between multiple VPCs and on-premises networks, scaling effectively as VPCs grow.
WRONG:
A. VPC endpoints - Enable private connectivity to AWS services but don’t manage VPC-to-VPC or hybrid cloud connectivity.
C. Amazon Route 53 - DNS service, not designed for network connectivity.
D. AWS Secrets Manager - Manages credentials, not network connections.
A company wants to assess its operational readiness. It also wants to identify and mitigate any operational risks ahead of a new product launch.
Which AWS Support plan offers guidance and support for this kind of event at no additional charge?
A. AWS Business Support
B. AWS Basic Support
C. AWS Developer Support
D. AWS Enterprise Support
Correct Answer: D. AWS Enterprise Support
Explanation: Enterprise Support provides operational readiness guidance and risk mitigation for critical events.
WRONG:
A. Business Support - Provides technical support but does not include proactive event planning.
B. Basic Support - Offers limited support without proactive guidance.
C. Developer Support - Focuses on troubleshooting, not operational readiness.
A company wants to establish a schedule for rotating database user credentials.
Which AWS service will support this requirement with the LEAST amount of operational overhead?
A. AWS Systems Manager
B. AWS Secrets Manager
C. AWS License Manager
D. AWS Managed Services
Correct Answer: B. AWS Secrets Manager
Explanation: AWS Secrets Manager automates credential rotation, reducing operational overhead.
WRONG:
A. Systems Manager - Helps manage configurations but does not rotate secrets.
C. License Manager - Manages software licenses, not credentials.
D. Managed Services - Helps with cloud management but not specific credential rotation.
Which AWS service is used to provide encryption for Amazon EBS?
A. AWS Certificate Manager
B. AWS Systems Manager
C. AWS KMS
D. AWS Config
Correct Answer: C. AWS KMS (Key Management Service)
Explanation: AWS KMS encrypts EBS volumes, providing key management and security.
WRONG:
A. AWS Certificate Manager - Manages SSL/TLS certificates, not EBS encryption.
B. AWS Systems Manager - Helps with operational management but does not handle encryption.
D. AWS Config - Tracks resource changes but does not encrypt data.
What are the benefits of consolidated billing for AWS Cloud services? (Choose two.)
A. Volume discounts
B. A minimal additional fee for use
C. One bill for multiple accounts
D. Installment payment options
E. Custom cost and usage budget creation
A. Volume discounts & C. One bill for multiple accounts
Explanation:
Volume discounts - Consolidated billing allows organizations to achieve lower costs through bulk usage.
One bill for multiple accounts - Consolidated billing simplifies cost tracking by grouping accounts.
WRONG:
B. Additional fee - Consolidated billing does not have extra charges.
D. Installment payments - AWS does not offer installment plans.
E. Cost budgets - AWS Budgets provides this, but it is separate from consolidated billing.
A user wants to review all Amazon S3 buckets with ACLs and S3 bucket policies in the S3 console.
Which AWS service or resource will meet this requirement?
A. S3 Multi-Region Access Points
B. S3 Storage Lens
C. AWS IAM Identity Center (AWS Single Sign-On)
D. Access Analyzer for S3
Correct Answer: D. Access Analyzer for S3
Explanation: Access Analyzer for S3 helps review bucket ACLs and policies to identify overly permissive access.
WRONG:
A. Multi-Region Access Points - Enables cross-region access but does not review policies.
B. S3 Storage Lens - Provides storage analytics, not policy analysis.
C. IAM Identity Center - Manages identity and access, but does not analyze S3 bucket security.
Which AWS service provides highly durable object storage?
A. Amazon S3
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon FSx
Correct Answer: A. Amazon S3
Explanation: Amazon S3 is designed for 99.999999999% (11 nines) durability, making it the most durable object storage service.
WRONG:
B. EFS - A file storage service, not object storage.
C. EBS - Block storage designed for EC2 instances.
D. FSx - A managed file storage solution, not object storage.
Which responsibility belongs to AWS when a company hosts its databases on Amazon EC2 instances?
A. Database backups
B. Database software patches
C. Operating system patches
D. Operating system installations
Correct Answer: C. Operating system patches
Explanation: AWS provides patching for managed services but EC2 requires customers to manage database software and backups.
WRONG:
A. Database backups - Customer responsibility unless using a managed service like RDS.
B. Database patches - Customers manage database software updates.
D. OS installations - Customers install and configure OS on EC2 instances.
Which of the following are advantages of moving to the AWS Cloud? (Choose two.)
A. The ability to turn over the responsibility for all security to AWS.
B. The ability to use the pay-as-you-go model.
C. The ability to have full control over the physical infrastructure.
D. No longer having to guess what capacity will be required.
E. No longer worrying about users access controls.
B. The ability to use the pay-as-you-go model.
D. No longer having to guess what capacity will be required.
Explanation:
Pay-as-you-go - AWS allows cost flexibility based on actual usage.
Capacity planning - AWS’s scalability eliminates the need for upfront capacity guessing.
WRONG:
A. Full security handover - Security is shared between AWS and customers.
C. Full control over infrastructure - AWS manages the physical infrastructure.
E. User access controls - Customers must still manage IAM and security settings.
Which AWS service is a hybrid cloud storage service that provides on-premises users access to virtually unlimited cloud storage?
A. AWS DataSync
B. Amazon S3 Glacier
C. AWS Storage Gateway
D. Amazon Elastic Block Store (Amazon EBS)
Correct Answer: C. AWS Storage Gateway
Explanation: AWS Storage Gateway enables on-premises applications to access cloud storage, making it ideal for hybrid cloud setups.
A. DataSync - Transfers data between on-premises and AWS but doesn’t provide continuous hybrid storage.
B. S3 Glacier - Long-term cold storage, not hybrid cloud storage.
D. EBS - Block storage for EC2 instances, not hybrid storage.
Which AWS service or tool can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet?
A. Security group
B. AWS WAF
C. AWS Firewall Manager
D. Network ACL
Correct Answer: D. Network ACL
Explanation: Network ACLs (NACLs) act as a firewall for controlling inbound and outbound traffic at the subnet level in a VPC. They allow or deny traffic based on rules applied to all instances within a subnet.
WRONG:
A. Security groups - Act as virtual firewalls at the instance level, not the subnet level.
B. AWS WAF - Protects against web application threats but does not control VPC subnet traffic.
C. AWS Firewall Manager - Helps manage firewall rules across accounts but does not directly enforce traffic control at the subnet level.
