Exam 2

Question 1

Which of the following activities may help reduce your AWS monthly costs? (Choose TWO)

Answer 1

Enabling Amazon EC2 Auto Scaling for all of your workloads
(Correct)
Creating a lifecycle policy to move infrequently accessed data to less expensive storage tiers
(Correct)

Question 2

Which AWS services can be used to improve the performance of a global application and reduce latency for its users? (Choose TWO)

Answer 2

Amazon CloudFront
AWS Global accelerator

Question 3

What is the AWS service that enables you to manage all of your AWS accounts from a single master account?

Answer 3

AWS Organizations

Question 4

Sarah has deployed an application in the Northern California (us-west-1) region. After examining the application’s traffic, she notices that about 30% of the traffic is coming from Asia. What can she do to reduce latency for the users in Asia?

Answer 4

Create a CDN using CloudFront, so that content is cached at Edge Locations close to and in Asia

Question 5

A company has business critical workloads hosted on AWS and they are unwilling to accept any downtime. Which of the following is a recommended best practice to protect their workloads in the event of an unexpected natural disaster?

Answer 5

Deploy AWS resources to another AWS Region and implement an Active-Active disaster recovery strategy

Question 6

Which of the below is a best-practice when building applications on AWS?

Answer 6

Decouple the components of the application so that they run independently

Question 7

Which of the following services can help protect your web applications from SQL injection and other vulnerabilities in your application code?

Answer 7

AWS WAF
AWS WAF (Web Application Firewall) helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application.

Question 8

Which of the following AWS services is designed with native Multi-AZ fault tolerance in mind? (Choose TWO)

Answer 8

Amazon Simple Storage Service
Amazon DynamoDB

       The Multi-AZ principle involves deploying an AWS resource in multiple Availability Zones to achieve high availability for that resource.
      DynamoDB automatically spreads the data and traffic for your tables over a sufficient number of servers to handle your throughput and storage requirements, while maintaining consistent and fast performance. All of your data is stored on solid-state disks (SSDs) and is automatically replicated across multiple Availability Zones in an AWS Region, providing built-in fault tolerance in the event of a server failure or Availability Zone outage.
      Amazon S3 provides durable infrastructure to store important data and is designed for durability of 99.999999999% of objects. Data in all Amazon S3 storage classes is redundantly stored across multiple Availability Zones (except S3 One Zone-IA).

The other options are incorrect:

“Amazon Redshift” is incorrect. Currently, Amazon Redshift only supports Single-AZ deployments.

Question 9

Your application has recently experienced significant global growth, and international users are complaining of high latency. What is the AWS characteristic that can help improve your international users’ experience?

Answer 9

Global reach

Question 10

Your company is designing a new application that will store and retrieve photos and videos. Which of the following services should you recommend as the underlying storage mechanism?

Answer 10

Amazon S3

Question 11

Based on the AWS Shared Responsibility Model, which of the following are the sole responsibility of AWS? (Choose TWO)

Answer 11

Hardware maintenance
Creating hypervisors

Question 12

Which AWS Service can be used to establish a dedicated, private network connection between AWS and your datacenter?

Answer 12

AWS Direct Connect

Question 13

What is the primary storage service used by Amazon RDS database instances?

Answer 13

Amazon EBS

Question 14

Where can you store files in AWS?  (Choose TWO)

Answer 14

Amazon EFS
Amazon EBS

Question 15

What is the AWS service that performs automated network assessments of Amazon EC2 instances to check for vulnerabilities?

Answer 15

Amazon Inspecto

Question 16

What are the change management tools that helps AWS customers audit and monitor all resource changes in their AWS environment? (Choose TWO)

Answer 16

AWS Config
AWS CloudTrail

Question 17

You are working on two projects that require completely different network configurations. Which AWS service or feature will allow you to isolate resources and network configurations?

Answer 17

Virtual Private Cloud

Question 18

A company has a large amount of structured data stored in their on-premises data center. They are planning to migrate all the data to AWS, what is the most appropriate AWS database option?

Answer 18

Amazon RDS

Question 19

A company has deployed a new web application on multiple Amazon EC2 instances. Which of the following should they use to ensure that the incoming HTTP traffic is distributed evenly across the instances?

Answer 19

AWS Application Load Balancer
  Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. Elastic Load Balancing offers four types of load balancers: 1- Application Load Balancer. 2- Network Load Balancer. 3- Gateway Load Balancer. 4- Classic Load Balancer. Application Load Balancer is best suited for load balancing of HTTP and HTTPS traffic. In our case, the application receives HTTP traffic. Hence, the Application Load Balancer is the correct answer here.

The other options are incorrect:

“AWS Network Load Balancer” is incorrect. The traffic comes to the instances through HTTP. Network Load Balancer is best suited for load balancing of TCP and TLS traffic.

“AWS Auto Scaling” is incorrect. AWS Auto Scaling is not for distributing traffic. AWS Auto Scaling monitors your applications and automatically adjusts capacity (up or down) to maintain steady, predictable performance at the lowest possible cost.

Question 20

Which of the following EC2 instance purchasing options supports the Bring Your Own License (BYOL) model for almost every BYOL scenario?

Answer 20

Dedicated Hosts

Question 21

Which of the following are important design principles you should adopt when designing systems on AWS? (Choose TWO)

Answer 21

Remove single points of failure

Automate wherever possible

The 5 Pillars of the AWS Well-Architected Framework:

1- Operational Excellence: The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

2- Security: The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

3- Reliability: The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as  misconfigurations or transient network issues.

4- Performance Efficiency: The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.

5- Cost Optimization: The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or sub-optimal resources.

Question 22

Which of the following AWS security features is associated with an EC2 instance and functions to filter incoming traffic requests?

Answer 22

Security Groups

“Network ACL” is incorrect. A network access control list (Network ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

Note: Network ACLs act at the subnet level, but security groups act at the instance level.

 https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Security.html#VPC_Security_Comparison

Question 23

Which of the following procedures will help reduce your Amazon S3 costs?

Answer 23

Use the right combination of storage classes based on different use cases

Question 24

Which of the following AWS offerings is a MySQL-compatible relational database service that can scale capacity automatically based on demand?

Answer 24

Amazon Aurora 

Amazon Aurora is a MySQL and PostgreSQL compatible relational database built for the cloud, that combines the performance and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. Aurora is up to five times faster than standard MySQL databases and three times faster than standard PostgreSQL databases. It provides the security, availability, and reliability of commercial-grade databases at 1/10th the cost. Aurora is fully managed by Amazon Relational Database Service (RDS), which automates time-consuming administration tasks like hardware provisioning, database setup, patching, and backups.

Question 25

Which of the following services allows you to run containerized applications on a cluster of EC2 instances?

Answer 25

Amazon ECS

(Correct)

Question 26

An organization runs many systems and uses many AWS products. Which of the following services enables them to control how each developer interacts with these products?

Answer 26

AWS Identity and Access  Management

Question 27

According to the AWS Shared responsibility model, which of the following are the responsibility of the customer? (Choose TWO)

Answer 27

Protecting the confidentiality of data in transit in Amazon S3

(Correct)

Patching applications installed on Amazon EC2
Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in AWS data centers). The AWS customer is responsible for protecting their data either at rest or in transit for all services (including S3).

    Patch management is a shared control between AWS and the customer. AWS is responsible for patching the underlying hosts, updating the firmware, and fixing flaws within the infrastructure, but customers are responsible for patching their guest operating system and applications.

“Ensuring that the underlying EC2 host is configured properly” is incorrect. Configuration management is a shared control between AWS and the customer. AWS maintains the configuration of the underlying hosts and its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.

Question 28

Amazon Glacier is an Amazon S3 storage class that is suitable for storing ____________ & ______________. (Choose TWO)

Answer 28

Long-term analytic data

Active archives

Question 29

Which of the following is one of the benefits of moving infrastructure from an on-premises data center to AWS?

Answer 29

Reduced Capital Expenditure (CapEx)

Question 30

What are the default security credentials that are required to access the AWS management console for an IAM user account?

Answer 30

A user name and password
“MFA” is incorrect. MFA is an additional layer of security (i.e. not required).

Question 31

Which of the following services will help businesses ensure compliance in AWS?

Answer 31

CloudTrail
     AWS CloudTrail is designed to log all actions taken in your AWS account. This provides a great resource for governance, compliance, and risk auditing.

Question 32

What are two advantages of using Cloud Computing over using traditional data centers? (Choose TWO)

Answer 32

Eliminating Single Points of Failure (SPOFs)
Distributed infrastructure

Question 33

A company is migrating its on-premises database to Amazon RDS. What should the company do to ensure Amazon RDS costs are kept to a minimum?

Answer 33

Right-size before and after migration

Question 34

AWS has created a large number of Edge Locations as part of its Global Infrastructure. Which of the following is NOT a benefit of using Edge Locations?

Answer 34

Edge locations are used by CloudFront to distribute traffic across multiple instances to reduce latency

AWS Edge Locations are not used to distribute traffic. Edge Locations are used in conjunction with the CloudFront service to cache common responses and deliver content to end-users with low latency.

Question 35

An organization needs to analyze and process a large number of data sets. Which AWS service should they use?

Answer 35

Amazon EMR 
Amazon EMR helps you analyze and process vast amounts of data by distributing the computational work across a cluster of virtual servers running in the AWS Cloud. The cluster is managed using an open-source framework called Hadoop.Amazon EMR lets you focus on crunching or analyzing your data without having to worry about time-consuming setup, management, and tuning of Hadoop clusters or the compute capacity they rely on.

Question 36

How are AWS customers billed for Linux-based Amazon EC2 usage?

Answer 36

EC2 instances will be billed on one second increments, with a minimum of one minute

Question 37

How are AWS customers billed for Linux-based Amazon EC2 usage?
 

Answer 37

EC2 instances will be billed on one second increments, with a minimum of one minute

Pricing is per instance-hour consumed for each instance, from the time an instance is launched until it is terminated or stopped. Each partial instance-hour consumed will be billed per-second (minimum of 1 minute) for Linux, Windows, or Ubuntu Instances and as a full hour for all other instance types.

Examples for Linux, Windows, or Ubuntu based instances:

1- If you run a Linux instance for 4 seconds or 20 seconds or 59 seconds, you will be charged for one minute. (this is what we mean by minimum of 1 minute)

2- If you run a Linux instance for 1 minute and 3 seconds, you will be charged for 1 minute and 3 seconds.

3- If you run a Linux instance for 3 hours, 25 minutes and 7 seconds, you will be charged for 3 hours, 25 minutes and 7 seconds.

Examples for instances launched in other operating systems such as Red Hat, Kali, or CentOS:

1- If you run an instance for 4 seconds or 20 seconds or 59 seconds, you will be charged for one hour.

2- If you run an instance for 1 minute and 3 seconds, you will be charged for one hour.

3- If you run an instance for 3 hours, 25 minutes and 7 seconds, you will be charged for 4 hours.

 

Question 38

A company needs to host a database in Amazon RDS for at least three years. Which of the following options would be the most cost-effective solution?

Answer 38

Reserved instances - Partial Upfront

(Correct)
The other options are incorrect:

“Spot Instances” is incorrect. Spot Instances is an option for EC2; there is no Spot option for RDS.

“Reserved instances - No Upfront” is incorrect. The No Upfront option does not require any upfront payment and provides a discounted hourly rate for the duration of the term. The Partial Upfront option provides more discounts than the No Upfront option because you spend more upfront.

“On-Demand instances” is incorrect. On-Demand is not a cost-effective solution.

Question 39

A company is developing a new application using a microservices framework. The new application is having performance and latency issues. Which AWS Service should be used to troubleshoot these issues?

Answer 39

AWS X-Ray
      AWS X-Ray helps developers analyze and debug distributed applications in production or under development, such as those built using microservice architecture. With X-Ray, you can understand how your application and its underlying services are performing so you can identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application’s underlying components. You can use X-Ray to analyze both applications in development and in production, from simple three-tier applications to complex microservices applications consisting of thousands of services. 

Question 40

jessica is managing an e-commerce web application in AWS. The application is hosted on six EC2 instances. One day, three of the instances crashed; but none of her customers were affected. What has Jessica done correctly in this scenario

Answer 40

She has properly built a fault tolerant system

(Correct)

Question 41

What are the AWS services\features that can help you maintain a highly available and fault-tolerant architecture in AWS? (Choose TWO)

Answer 41

Elastic Load Balancer

(Correct)

[Control]

Amazon EC2 Auto Scaling

(Correct)

Question 42

Which of the following is equivalent to a user name and password and is used to authenticate your programmatic access to AWS services and APIs?

Answer 42

Access Keys
       Access keys consist of two parts: an access key ID and a secret access key. You must provide your AWS access keys to make programmatic requests to AWS or to use the AWS Command Line Interface or AWS Tools for PowerShell. Like a user name and password, you must use both the access key ID and secret access key together to authenticate your requests.

(Correct)
“Key pairs” is incorrect. The AWS key pair is used to securely connect to your Amazon EC2 instances.

Question 43

What are the connectivity options that can be used to build hybrid cloud architectures? (Choose TWO)

Answer 43

AWS VPN

AWS Direct Connect

      AWS Virtual Private Network solutions establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN. AWS Site-to-Site VPN enables you to securely connect your on-premises network or branch office site to AWS. AWS Client VPN enables you to securely connect users (from any location) to AWS or on-premises networks. VPN Connections can be configured in minutes and are a good solution if you have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity.

        AWS Direct Connect does not involve the Internet; instead, it uses dedicated, private network connections between your on-premises network or branch office site and Amazon VPC. AWS Direct Connect is a network service that provides an alternative to using the Internet to connect customer’s on-premise sites to AWS. Using AWS Direct Connect, data that would have previously been transported over the Internet can now be delivered through a private network connection between AWS and your datacenter or corporate network. Companies of all sizes use AWS Direct Connect to establish private connectivity between AWS and datacenters, offices, or colocation environments. Compared to AWS VPN (Internet-based connection), AWS Direct Connect can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience.

Question 44

Which of the following aspects of security are managed by AWS? (Choose TWO)

[Control]

Answer 44

Securing global physical infrastructure
Hardware patching

Question 45

Which of the following describes the payment model that AWS makes available for customers that can commit to using Amazon EC2 over a one or 3-year term to reduce their total computing costs?

Answer 45

Save when you reserve

Question 46

Using Amazon EC2 falls under which of the following cloud computing models?

Answer 46

IaaS

Question 47

Which of the following AWS services can be used as a compute resource? (Choose TWO)

Answer 47

Amazon EC2
AWS Lambda

Question 48

Using Amazon RDS falls under the shared responsibility model. Which of the following are customer responsibilities? (Choose TWO)

Answer 48

Managing the database settings
Building the relational database schema

, Amazon RDS automates common administrative tasks such as performing backups and patching the software that powers your database. With optional Multi-AZ deployments, Amazon RDS also manages synchronous data replication across Availability Zones with automatic failover

Question 49

Which statement is correct with regards to AWS service limits? (Choose TWO)

Answer 49

You can contact AWS support to increase the service limits
You can use the AWS Trusted Advisor to monitor your service limits

Question 50

What is the AWS service\feature that takes advantage of Amazon CloudFront’s globally distributed edge locations to transfer files to S3 with higher upload speeds?

Answer 50

S3 Transfer Acceleration
Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

Question 51

A company has created a solution that helps AWS customers improve their architectures on AWS. Which AWS program may support this company?

Answer 51

APN Consulting Partners

Question 52

What is the AWS data warehouse service that supports a high level of query performance on large amounts of datasets?

Answer 52

Amazon Redshift

Question 53

In your on-premises environment, you can create as many virtual servers as you need from a single template. What can you use to perform the same in AWS?

Answer 53

AMI
An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). This pre-configured template save time and avoid errors when configuring settings to create new instances.

Question 54

What are the Amazon RDS features that can be used to improve the availability of your database? (Choose TWO)

Answer 54

Multi-AZ Deployment
Read Replicas

mazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This feature makes it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput.

Question 55

Which of the following can help protect your EC2 instances from DDoS attacks? (Choose TWO)

Answer 55

Security Groups
Network Access Control Lists (Network ACLs)

   Security groups allow you to control inbound and outbound traffic to your Amazon EC2 instances by specifically allowing communication only on the ports and protocols required for your applications. Access to any other port or protocol is automatically denied.

   Network ACLs provide an additional layer of defense for your VPC by allowing you to create allow and deny rules that are processed in numeric order, much like a traditional firewall. This is useful for allowing or denying traffic at a subnet level, as opposed to security groups that filter traffic at an EC2 instance level. For example, if you have identified Internet IP addresses or ranges that are unwanted or potentially abusive, you can block them from reaching your application with a Network ACL deny rule.
 AWS does not configure security groups or Network ACLs to protect you from DDoS attacks. It is the responsibility of the customer to set the appropriate Network ACL and security group rules to protect from these attacks and secure their network.

     In addition to Security Groups and Network ACLs, AWS provides flexible infrastructure and services that help customers implement strong DDoS mitigations and create highly available application architectures that follow AWS Best Practices for DDoS Resiliency. These include services such as Amazon Route 53, Amazon CloudFront, Elastic Load Balancing, and AWS WAF to control and absorb traffic, and deflect unwanted requests. These services integrate with AWS Shield, a managed DDoS protection service that provides always-on detection and automatic inline mitigations to safeguard web applications running on AWS.

Question 56

What does Amazon Elastic Beanstalk provide?

Answer 56

A PaaS solution to automate application deployment

Question 57

What is the AWS serverless service that allows you to run your applications without any administrative burden?

Answer 57

AWS Lambda

(Correct)

Question 58

Which of the following will impact the price paid for an EC2 instance? (Choose TWO

Answer 58

Load balancing
Instance type

Question 59

Under the Shared Responsibility Model, which of the following controls do customers fully inherit from AWS? (Choose TWO)

Answer 59

Environmental controls
Physical controls

 As mentioned in the AWS Shared Responsibility Model page, Inherited Controls are controls which a customer fully inherits from AWS such as physical controls and environmental controls.
        As a customer deploying an application on AWS infrastructure, you inherit security controls pertaining to the AWS physical, environmental and media protection, and no longer need to provide a detailed description of how you comply with these control families.

Question 60

What is the AWS tool that enables you to use scripts to manage all AWS services and resources?

Answer 60

AWS CLI

Question 61

Which statement best describes the operational excellence pillar of the AWS Well-Architected Framework?

Answer 61

The ability to monitor systems and improve supporting processes and procedures

The 5 Pillars of the AWS Well-Architected Framework:

1- Operational Excellence: The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

2- Security: The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

3- Reliability: The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as  misconfigurations or transient network issues.

4- Performance Efficiency: The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.

5- Cost Optimization: The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or sub-optimal resources.

Question 62

What does Amazon ElastiCache provide?

Answer 62

In-memory caching for read-heavy applications

   ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud. It provides a high-performance, scalable, and cost-effective caching solution, while removing the complexity associated with deploying and managing a distributed cache environment

Question 63

Savings Plans are available for which of the following AWS compute services? (Choose TWO)

Answer 63

AWS Lambda

Amazon EC2

Question 64

What is the AWS service that provides you the highest level of control over the underlying virtual infrastructure?

Answer 64

Amazon EC2