ET wrong 2 Flashcards
How does AWS Cloud computing help businesses reduce costs? (Choose two.)
A. AWS charges the same prices for services in every AWS Region.
B. AWS enables capacity to be adjusted on demand.
C. AWS offers discounts for Amazon EC2 instances that remain idle for more than 1 week.
D. AWS does not charge for data sent from the AWS Cloud to the internet.
E. AWS eliminates many of the costs of building and maintaining on-premises data centers.
B. AWS enables capacity to be adjusted on demand.
E. AWS eliminates many of the costs of building and maintaining on-premises data centers.
Explanation:
B. Adjusting capacity on demand - Businesses can scale resources up or down to optimize costs.
E. Eliminating on-premises costs - AWS removes the need for expensive hardware, data centers, and infrastructure maintenance.
WRONG:
A. Same pricing in all Regions - Prices vary by region due to different operational costs.
C. EC2 idle instance discounts - AWS does not offer discounts for unused instances; instead, customers can save with Reserved Instances or Savings Plans.
D. Free data transfer - AWS does charge for outbound data transfer to the internet.
Which option is an AWS Cloud Adoption Framework (AWS CAF) platform perspective capability?
A. Data architecture
B. Data protection
C. Data governance
D. Data science
Correct Answer: A. Data architecture
Explanation: The Platform Perspective in AWS CAF focuses on cloud infrastructure, including data architecture, compute, networking, and storage to support cloud adoption.
WRONG:
B. Data protection - Part of Security Perspective (not Platform).
C. Data governance - Falls under the Governance Perspective.
D. Data science - Related to AI/ML but not a direct part of AWS CAF Platform Perspective.
Which tasks are the customer’s responsibility, according to the AWS shared responsibility model? (Choose two.)
A. Establish the global infrastructure.
B. Perform client-side data encryption.
C. Configure IAM credentials.
D. Secure edge locations.
E. Patch Amazon RDS DB instances.
B. Perform client-side data encryption.
C. Configure IAM credentials.
Explanation:
B. Client-side encryption - Customers are responsible for securing their data before sending it to AWS.
C. IAM credentials - Managing user permissions and credentials is a customer responsibility.
WRONG:
A. Establish global infrastructure - AWS manages this.
D. Secure edge locations - AWS secures AWS-managed edge locations (like CloudFront PoPs).
E. Patch RDS DB instances - AWS manages RDS infrastructure, but customers configure security settings.
A company has an uninterruptible application that runs on Amazon EC2 instances. The application constantly processes a backlog of files in an Amazon Simple Queue Service (Amazon SQS) queue. This usage is expected to continue to grow for years.
What is the MOST cost-effective EC2 instance purchasing model to meet these requirements?
A. Spot Instances
B. On-Demand Instances
C. Savings Plans
D. Dedicated Hosts
Correct Answer: C. Savings Plans
Explanation: Savings Plans provide flexible, long-term cost savings for workloads that run continuously over time.
WRONG:
A. Spot Instances - Cost-effective but can be interrupted, making them unsuitable for uninterrupted applications.
B. On-Demand Instances - More expensive than Savings Plans for long-term workloads.
D. Dedicated Hosts - Best for compliance requirements, not cost-effectiveness.
Which fully managed AWS service assists with the creation, testing, and management of custom Amazon EC2 images?
A. EC2 Image Builder
B. Amazon Machine Image (AMI)
C. AWS Launch Wizard
D. AWS Elastic Beanstalk
Correct Answer: A. EC2 Image Builder
Explanation: EC2 Image Builder automates the creation, testing, and deployment of Amazon Machine Images (AMIs).
WRONG:
B. AMI - Just a pre-configured image, not a service that builds and manages images.
C. AWS Launch Wizard - Helps deploy complex applications but does not build images.
D. AWS Elastic Beanstalk - Manages applications, not EC2 images.
A company wants an automated process to continuously scan its Amazon EC2 instances for software vulnerabilities.
Which AWS service will meet these requirements?
A. Amazon GuardDuty
B. Amazon Inspector
C. Amazon Detective
D. Amazon Cognito
Correct Answer: B. Amazon Inspector
Explanation: Amazon Inspector automatically scans EC2 instances for security vulnerabilities.
WRONG:
A. GuardDuty - Detects threats but does not scan for software vulnerabilities.
C. Detective - Investigates security incidents rather than scanning EC2.
D. Cognito - Manages user authentication, not security scanning.
Which AWS service or feature provides log information of the inbound and outbound traffic on network interfaces in a VPC?
A. Amazon CloudWatch Logs
B. AWS CloudTrail
C. VPC Flow Logs
D. AWS Identity and Access Management (IAM)
Correct Answer: C. VPC Flow Logs
Explanation: VPC Flow Logs capture detailed logs of network traffic going in and out of a VPC.
WRONG:
A. CloudWatch Logs - Stores logs but does not capture VPC traffic directly.
B. CloudTrail - Logs API activity, not network traffic.
D. IAM - Manages permissions, not traffic monitoring.
A company wants to design a centralized storage system to manage the configuration data and passwords for its critical business applications.
Which AWS service or capability will meet these requirements MOST cost-effectively?
A. AWS Systems Manager Parameter Store
B. AWS Secrets Manager
C. AWS Config
D. Amazon S3
Correct Answer: A. AWS Systems Manager Parameter Store
Explanation: Parameter Store securely stores configuration data and passwords at a lower cost compared to Secrets Manager.
WRONG:
B. Secrets Manager - Better for managing dynamic, frequently rotated credentials but is more expensive.
C. AWS Config - Tracks resource configurations, not secrets or parameters.
D. Amazon S3 - General-purpose storage, not designed for configuration management.
A company plans to deploy containers on AWS. The company wants full control of the compute resources that host the containers. Which AWS service will meet these requirements?
A. Amazon Elastic Kubernetes Service (Amazon EKS)
B. AWS Fargate
C. Amazon EC2
D. Amazon Elastic Container Service (Amazon ECS)
Correct Answer: C. Amazon EC2
Explanation: Amazon EC2 provides complete control over compute resources, allowing the company to fully manage and customize the underlying infrastructure for hosting containers.
WRONG:
A. Amazon EKS - A managed Kubernetes service; still requires compute resources like EC2 but does not provide full control over infrastructure.
B. AWS Fargate - Serverless container service that abstracts infrastructure management.
D. Amazon ECS - A container orchestration service that can use EC2 or Fargate but does not inherently provide full infrastructure control.
Which AWS service or feature allows users to create new AWS accounts, group multiple accounts to organize workflows, and apply policies to groups of accounts?
A. AWS Identity and Access Management (IAM)
B. AWS Trusted Advisor
C. AWS CloudFormation
D. AWS Organizations
Correct Answer: D. AWS Organizations
Explanation: AWS Organizations enables centralized management of multiple AWS accounts, applying policies and grouping accounts efficiently.
WRONG:
A. IAM - Manages user permissions, not multiple accounts.
B. Trusted Advisor - Provides AWS best practice recommendations, not account management.
C. CloudFormation - Automates infrastructure deployment but does not manage accounts.
A company wants a unified tool to provide a consistent method to interact with AWS services.
Which AWS service or tool will meet this requirement?
A. AWS CLI
B. Amazon Elastic Container Service (Amazon ECS)
C. AWS Cloud9
D. AWS Virtual Private Network (AWS VPN)
Correct Answer: A. AWS CLI
Explanation: The AWS Command Line Interface (CLI) provides a consistent way to manage AWS resources using scripts and commands.
WRONG:
B. Amazon ECS - A container service, not a general-purpose AWS interaction tool.
C. AWS Cloud9 - A cloud-based IDE, but not a command-line tool.
D. AWS VPN - Provides secure network connections but does not interact with AWS services.
A company has a compute workload that is steady, predictable, and uninterruptible.
Which Amazon EC2 instance purchasing options meet these requirements MOST cost-effectively? (Choose two.)
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Saving Plans
E. Dedicated Hosts
Correct Answer: B. Reserved Instances D. Saving Plans
Explanation:
B. Reserved Instances - Offer significant cost savings for predictable, long-term workloads.
D. Savings Plans - Provide flexible commitment-based discounts similar to Reserved Instances.
WRONG:
A. On-Demand Instances - More expensive; better for unpredictable workloads.
C. Spot Instances - Can be interrupted; unsuitable for continuous workloads.
E. Dedicated Hosts - More for compliance needs than cost savings.
Which task is a responsibility of AWS, according to the AWS shared responsibility model?
A. Enable client-side encryption for objects that are stored in Amazon S3.
B. Configure IAM security policies to comply with the principle of least privilege.
C. Patch the guest operating system on an Amazon EC2 instance.
D. Apply updates to the Nitro Hypervisor.
Correct Answer: D. Apply updates to the Nitro Hypervisor
Explanation: AWS manages the underlying infrastructure, including the Nitro Hypervisor (which runs EC2 instances).
A. Client-side encryption - Customer responsibility.
B. IAM security policies - Customers configure their own IAM settings.
C. EC2 OS patches - Customer responsibility unless using managed services.
Which option is an AWS Cloud Adoption Framework (AWS CAF) business perspective capability?
A. Culture evolution
B. Event management
C. Data monetization
D. Platform architecture
Correct Answer: C. Data monetization
Explanation: The business perspective of AWS CAF focuses on aligning cloud adoption with business strategies. Data monetization helps businesses generate value from their data, making it a key capability in this perspective.
WRONG:
A. Culture evolution - More relevant to organizational transformation rather than direct business strategy.
B. Event management - Falls under operational excellence, not business.
D. Platform architecture - Part of the platform perspective, not business.
Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Choose two.)
A. Observability
B. Incident and problem management
C. Incident response
D. Infrastructure protection
E. Availability and continuity
Correct Answer: C. Incident response D. Infrastructure protection
Explanation: The security perspective of AWS CAF focuses on ensuring a secure cloud environment.
C. Incident response - Involves detecting, analyzing, and responding to security threats.
D. Infrastructure protection - Focuses on securing cloud environments against threats.
WRONG:
A. Observability - Related to monitoring, part of the operations perspective.
B. Incident and problem management - Falls under operational excellence, not security.
E. Availability and continuity - Related to reliability rather than security.
Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity?
A. Agility
B. Elasticity
C. Reliability
D. Durability
Correct Answer: B. Elasticity
Explanation: Elasticity in AWS allows businesses to scale resources up or down dynamically based on demand, ensuring efficient CPU utilization.
WRONG:
A. Agility - Refers to the ability to innovate and deploy quickly, not resource optimization.
C. Reliability - Ensures workloads run consistently but does not address CPU efficiency.
D. Durability - Focuses on data persistence, not compute capacity management.
Which AWS services can a company use to achieve a loosely coupled architecture? (Choose two.)
A. Amazon WorkSpaces
B. Amazon Simple Queue Service (Amazon SQS)
C. Amazon Connect
D. AWS Trusted Advisor
E. AWS Step Functions
Correct Answer: B. Amazon Simple Queue Service (Amazon SQS) E. AWS Step Functions
Explanation: A loosely coupled architecture separates application components to improve scalability and resilience.
B. Amazon SQS - Message queuing service that decouples application components.
E. AWS Step Functions - Orchestrates workflows between services, enabling loose coupling.
WRONG:
A. Amazon WorkSpaces - A virtual desktop service, not related to decoupling.
C. Amazon Connect - A cloud contact center, unrelated to application architecture.
D. AWS Trusted Advisor - Provides best practice recommendations but doesn’t help with decoupling.
A company needs to continuously run an experimental workload on an Amazon EC2 instance and stop the instance after 12 hours.
Which instance purchasing option will meet this requirement MOST cost-effectively?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Dedicated Instances
Correct Answer: A. On-Demand Instances
Explanation: On-Demand Instances are best for short-term, unpredictable workloads without long-term commitments.
B. Reserved Instances - Require a long-term commitment.
C. Spot Instances - Can be terminated at any time, making them unreliable.
D. Dedicated Instances - More expensive and used for compliance needs.
A company wants to modernize and convert a monolithic application into microservices. The company wants to move the application to AWS.
Which migration strategy should the company use?
A. Rehost
B. Replatform
C. Repurchase
D. Refactor
Correct Answer: D. Refactor
Explanation: Refactoring involves re-architecting an application (e.g., breaking a monolithic app into microservices).
A. Rehost - “Lift and shift,” moves the application without changes.
B. Replatform - Makes some optimizations but keeps the core architecture.
C. Repurchase - Replaces software with a different product.
A systems administrator created a new IAM user for a developer and assigned the user an access key instead of a user name and password. What is the access key used for?
A. To access the AWS account as the AWS account root user
B. To access the AWS account through the AWS Management Console
C. To access the AWS account through a CLI
D. To access all of a company’s AWS accounts
Correct Answer: C. To access the AWS account through a CLI or API
Explanation: An AWS access key (consisting of an access key ID and secret access key) is used for programmatic access via the AWS CLI, SDKs, or APIs.
A. Root user access - The root user has its own credentials, separate from IAM access keys.
B. AWS Management Console - Requires a username and password, not an access key.
D. Access to all AWS accounts - Access keys are specific to a single AWS account unless configured for cross-account access.
A company is moving an on-premises data center to the AWS Cloud. The company must migrate 50 petabytes of file storage data to AWS with the least possible operational overhead.
Which AWS service or resource should the company use to meet these requirements?
A. AWS Snowmobile
B. AWS Snowball Edge
C. AWS Data Exchange
D. AWS Database Migration Service (AWS DMS)
Correct Answer: A. AWS Snowmobile
Explanation: AWS Snowmobile is designed for transferring exabyte-scale data (up to 100 PB) to AWS efficiently. It is the best choice for large-scale migrations like 50 PB of file storage data.
WRONG:
B. AWS Snowball Edge - Useful for smaller-scale transfers (TB-scale), but not sufficient for petabytes of data.
C. AWS Data Exchange - A service for third-party data sharing, not data migration.
D. AWS DMS - Used for database migrations, not large-scale file storage transfers.
A company wants to query its server logs to gain insights about its customers’ experiences.
Which AWS service will store this data MOST cost-effectively?
A. Amazon Aurora
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon S3
Correct Answer: D. Amazon S3
Explanation: Amazon S3 provides highly durable and cost-effective object storage, making it ideal for storing large amounts of log data for analytics.
WRONG:
A. Amazon Aurora - A relational database, which is costly and unnecessary for storing log files.
B. Amazon EFS - More suited for shared file storage but more expensive than S3 for logs.
C. Amazon EBS - Block storage optimized for low-latency workloads, not cost-effective for log storage.
A user wants to securely automate the management and rotation of credentials that are shared between applications, while spending the least amount of time on managing tasks.
Which AWS service or feature can be used to accomplish this?
A. AWS CloudHSM
B. AWS Key Management Service (AWS KMS)
C. AWS Secrets Manager
D. Server-side encryption
Correct Answer: C. AWS Secrets Manager
Explanation: AWS Secrets Manager automates the management and rotation of secrets like database credentials and API keys, reducing manual work.
WRONG:
A. AWS CloudHSM - Provides hardware-based key storage but does not automate credential rotation.
B. AWS KMS - Used for encryption key management, not secrets rotation.
D. Server-side encryption - Encrypts data at rest but does not manage credentials.
Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from infrastructure or service disruptions and dynamically acquire computing resources to meet demand?
A. Security
B. Reliability
C. Performance efficiency
D. Cost optimization
Correct Answer: B. Reliability
Explanation: The Reliability pillar focuses on designing systems that can recover from failures and scale dynamically based on demand.
WRONG:
A. Security - Focuses on protecting systems and data, not availability or recovery.
C. Performance efficiency - Ensures efficient resource usage, but not system recovery.
D. Cost optimization - Focuses on minimizing costs, not reliability.
