Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Certified Cloud Practitioner (CCP) > Exam Questions > Flashcards

Exam Questions Flashcards

1
Q

Which AWS database service provides a fully managed data warehouse that can be analyzed using SQL tools and business intelligence tools?

Amazon Dynamo DB
Amazon ElastiCache
Amazon RDS
Amazon RedShift

A

Amazon RedShift is a fully managed data warehouse service designed to handle petabytes of data for analysis. Data can be analyzed with standard SQL tools and business intelligence tools. RedShift allows you to run complex analytic queries against petabytes of structured data.

CORRECT: “Amazon RedShift” is the correct answer.

INCORRECT: “Amazon RDS” is incorrect. RDS is Amazon’s transactional relational database.

INCORRECT: “Amazon DynamoDB” is incorrect. DynamoDB is Amazon’s non-relational database service.

INCORRECT: “Amazon ElastiCache” is incorrect. ElastiCache is a data caching service that is used to help improve the speed/performance of web applications running on AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A security operations engineer needs to implement threat detection and monitoring for malicious or unauthorized behavior. Which service should be used?

AWS KMS
Amazon GuardDuty
AWS Shield
AWS CloudHSM

A

Amazon GuardDuty offers threat detection and continuous security monitoring for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.

CORRECT: “AWS GuardDuty” is the correct answer.

INCORRECT: “AWS Shield” is incorrect. AWS Shield is a managed Distributed Denial of Service (DDoS) protection service.

INCORRECT: “AWS KMS” is incorrect. AWS Key Management Service gives you centralized control over the encryption keys used to protect your data.

INCORRECT: “AWS CloudHSM” is incorrect. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which AWS services are associated with Edge Locations? (Select TWO.)

AWS Config
AWS Shield
AWS Direct Connect
Amazon EBS
Amazon CloudFront
A

Edge Locations are parts of the Amazon CloudFront content delivery network (CDN) that are all around the world and are used to get content closer to end-users for better performance.

AWS Shield which protects against Distributed Denial of Service (DDoS) attacks is available globally on Amazon CloudFront Edge Locations.

CORRECT: “Amazon CloudFront” is a correct answer.

CORRECT: “AWS Shield” is also a correct answer.

INCORRECT: “AWS Direct Connect” is incorrect. AWS Direct Connect is a networking service used for creating a hybrid cloud between on-premises and AWS Cloud using a private network connection

INCORRECT: “Amazon EBS” is incorrect. Amazon EBS is a storage service.

INCORRECT: “AWS Config” is incorrect. AWS Config is used for evaluating the configuration state of AWS resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a benefit of moving an on-premises database to Amazon Relational Database Service (RDS)?

  • You can run any database engine
  • You can scale vertically w/out downtime
  • There is no database administration required
  • There is no need to manage operating systems
A

With Amazon RDS, which is a managed service, you do not need to manage operating systems. This reduces operational costs.

CORRECT: “There is no need to manage operating systems” is the correct answer.

INCORRECT: “You can scale vertically without downtime” is incorrect. You cannot scale vertically without downtime. When scaling with RDS you must change the instance type, and this requires a short period of downtime while the instances’ operating system reboots.

INCORRECT: “There is no database administration required” is incorrect. There is still database administration required in the cloud. You don’t manage the underlying operating system but still need to manage your own tables and data within the DB.

INCORRECT: “You can run any database engine” is incorrect. You cannot run any database engine with RDS. The options are MySQL, Microsoft SQL, MariaDB, Oracle, PostgreSQL and Aurora.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which service can an organization use to track API activity within their account?

AWS IAM
AWS CloudTrail
Amazon CloudWatch
AWS CloudHSM

A

AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is for auditing (CloudWatch is for performance monitoring).

CloudTrail is about logging and saves a history of API calls for your AWS account. Provides visibility into user activity by recording actions taken on your account. API history enables security analysis, resource change tracking, and compliance auditing

CORRECT: “AWS CloudTrail” is the correct answer.

INCORRECT: “Amazon CloudWatch” is incorrect. Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring (CloudTrail is for auditing). Used to collect and track metrics, collect and monitor log files, and set alarms.

INCORRECT: “AWS IAM” is incorrect. AWS Identity and Access Management is an identity service that provide authentication and authorization services

INCORRECT: “AWS CloudHSM” is incorrect. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How does Amazon EC2 Auto Scaling help with resiliency?

  • By distributing connections to EC2 instances
  • By changing instance types to increase capacity
  • By launching and terminating instances as needed
  • By automating the failover applications
A

Amazon EC2 Auto Scaling launches and terminates instances as demand changes. This helps with resiliency and high availability as it can also be set to ensure a minimum number of instances are always available.

CORRECT: “By launching and terminating instances as needed” is the correct answer.

INCORRECT: “By distributing connections to EC2 instances” is incorrect. Auto Scaling is not responsible for distributing connections to EC2 instances, that is a job for an Elastic Load Balancer (ELB).

INCORRECT: “By changing instance types to increase capacity” is incorrect. Auto Scaling does not change the instance type. You have to create a new launch configuration if you need to increase your instance size, this is not automatic.

INCORRECT: “By automating the failover of applications” is incorrect. Auto Scaling does not do application failover.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have been running an on-demand Amazon EC2 instance running Linux for 4hrs, 5 minutes and 6 seconds. How much time will you be billed for?

4hrs, 5mins, and 6 seconds
5hrs
4hrs, 6mins
4hrs

A

On-demand, Reserved and Spot Amazon EC2 Linux instances are charged per second with a minimum charge of 1 minute. Therefore, as the minimum has been exceeded, exactly 4hrs, 5mins and 6 seconds will be charged.

CORRECT: “4hrs, 5mins, and 6 seconds” is the correct answer.

INCORRECT: “5hrs” is incorrect as explained above.

INCORRECT: “4hrs, 6mins” is incorrect as explained above.

INCORRECT: “4hrs” is incorrect as explained above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the options below are recommendations in the cost optimization pillar of the well-architected framework? (Select TWO.)

Start spending money on data center operations
Adopt a capital expenditure model
Analyze and attribute expenditure
Manage your services independently
Adopt a consumption model
A

The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or suboptimal resource.

There are five design principles for cost optimization in the cloud:

– Adopt a consumption model.

– Measure overall efficiency.

– Stop spending money on data center operations.

– Analyze and attribute expenditure.

– Use managed services to reduce cost of ownership.

CORRECT: “Adopt a consumption model” is the correct answer.

CORRECT: “Analyze and attribute expenditure” is the correct answer.

INCORRECT: “Adopt a capital expenditure model” is incorrect. Please refer to the design principles above.

INCORRECT: “Start spending money on data center operations” is incorrect. Please refer to the design principles above.

INCORRECT: “Manage your services independently” is incorrect. Please refer to the design principles above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which AWS service can be used to track the activity of users on AWS?

Amazon CloudWatch
Amazon Inspector
AWS CloudTrail
AWS Directory Service

A

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.

Think of CloudTrail is an auditing service (who did what and when), and CloudWatch as a performance monitoring service (how much resource was used).

CORRECT: “AWS CloudTrail” is the correct answer.

INCORRECT: “AWS Directory Service” is incorrect. This service provides several options for running directory services on AWS and connecting to directory services on-premises.

INCORRECT: “Amazon Inspector” is incorrect. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS

INCORRECT: “Amazon CloudWatch” is incorrect. CloudWatch is used for performance monitoring, not auditing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which AWS service or feature can be used to restrict the individual API actions that users and roles in each member account can access?

Amazon Macie
AWS Organizations
AWS Shield
AWS IAM

A

AWS Organizations offers Service control policies (SCPs) which are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions (API actions) for all accounts in your organization. SCPs help you to ensure your accounts stay within your organization’s access control guidelines. SCPs are available only in an organization that has all features enabled.

CORRECT: “AWS Organizations” is the correct answer.

INCORRECT: “Amazon Macie” is incorrect. Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS

INCORRECT: “AWS Shield” is incorrect. AWS Shield a service that protects workloads against distributed denial of service (DDoS) attacks.

INCORRECT: “AWS IAM” is incorrect. AWS IAM is used for assigning permissions but SCPs in AWS Organizations are used to control which API actions are allowed in an account. You need to be granted permission in IAM and have the API allowed to be able to use the API successfully.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

To ensure the security of your AWS account, what are two AWS best practices for managing access keys? (Select TWO.)

Where possible, use IAM roles with temporary security credentials
Don’t create any access keys, use IAM roles instead
Rotate access keys daily
Use MFA for access keys
Don’t generate an access key for the root account use

A

Best practices include:

– Don’t generate an access key for the root account user.

– Use Temporary Security Credentials (IAM Roles) Instead of Long-Term Access Keys.

– Manage IAM User Access Keys Properly.

CORRECT: “Don’t generate an access key for the root account user” is a correct answer.

CORRECT: “Where possible, use IAM roles with temporary security credentials” is also a correct answer.

INCORRECT: “Don’t create any access keys, use IAM roles instead” is incorrect. You should use IAM roles where possible, but AWS do not recommend that you don’t create any access keys as they also have a purpose

INCORRECT: “Rotate access keys daily” is incorrect. Rotating access keys is a recommended practice, but doing it daily would be excessive and hard to manage.

INCORRECT: “Use MFA for access keys” is incorrect. You can use MFA for securing accounts, but it does not secure access keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which IAM entity can be used for assigning permissions to multiple users?

IAM Group
IAM User
IAM Role
IAM password policy

A

Groups are collections of users and have policies attached to them. You can use groups to assign permissions to multiple users. To do this place the users in the group and then create an IAM policy with the correct permissions and attach it to the group.

You do not use an IAM User, Role, or password policy to assign permissions to multiple users.

CORRECT: “IAM Group” is the correct answer.

INCORRECT: “IAM User” is incorrect as explained above.

INCORRECT: “IAM Role” is incorrect as explained above.

INCORRECT: “IAM password policy” is incorrect as explained above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company needs to optimize costs and resource usage through monitoring of operational health for all resources running on AWS.

Which AWS service will meet these requirements?

AWS Control Tower
AWS CloudTrail
Amazon CloudWatch
AWS Config

A

Amazon CloudWatch is a performance monitoring tool that receives metrics from AWS services. This data can be used for monitoring the operational health of resources as well as being used to optimize costs through ensuring systems are right-sized and just enough capacity is provisioned.

CORRECT: “Amazon CloudWatch” is the correct answer.

INCORRECT: “AWS Control Tower” is incorrect. AWS Control Tower is a service that is intended for organizations with multiple accounts and teams who are looking for the easiest way to set up their new multi-account AWS environment and govern at scale

INCORRECT: “AWS CloudTrail” is incorrect. CloudTrail is used for auditing (who did what and when), it is not used for monitoring operational health.

INCORRECT: “AWS Config” is incorrect. Config is used for managing compliance for AWS services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which AWS service or component allows inbound traffic from the internet to access a VPC?

NAT Gateway
VPC Route Table
Internet gateway
Virtual Private Gateway

A

An Internet gateway is attached to a VPC and allows inbound traffic from the internet to access the VPC. It is also used as a target in route tables for outbound internet traffic.

CORRECT: “Internet gateway” is the correct answer.

INCORRECT: “NAT Gateway” is incorrect. A NAT gateway is used for outbound internet access for instances running in a private subnet.

INCORRECT: “VPC Route Table” is incorrect. The route table is used within a VPC for directing traffic.

INCORRECT: “Virtual Private Gateway” is incorrect. A VGW is used for IPSec VPN connections to access a VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the benefits of using reserved instances? (Select TWO.)

More flexibility
Uses dedicated hardware
High availability
Reduced cost

A

With reserved instances you commit to a 1- or 3-year term and get a significant discount from the on-demand rate. You can also reserve capacity in an availability zone with reserved instances.

CORRECT: “Reduced cost” is a correct answer.

CORRECT: “Reserve capacity” is also a correct answer.

INCORRECT: “More flexibility” is incorrect. You don’t get more flexibility with reserved instances. If you need flexibility on-demand is better but more costly.

INCORRECT: “Uses dedicated hardware” is incorrect. Reserved instances are different to dedicated instances. Dedicates instances and dedicates hosts use dedicated hardware but reserved instances do not.

INCORRECT: “High availability” is incorrect. You do not get high availability with reserved instances; this is a pricing model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which service provides a way to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs?

AWS Glue
Amazon Elastic Transcoder
Amazon Rekognition
Amazon Comprehend

A

Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or “transcode”) video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs.

CORRECT: “Amazon Elastic Transcoder” is the correct answer.

INCORRECT: “AWS Glue” is incorrect. AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics.

INCORRECT: “Amazon Rekognition” is incorrect. Amazon Rekognition makes it easy to add image and video analysis to your applications.

INCORRECT: “Amazon Comprehend” is incorrect. Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text.

17
Q

Which AWS services can be used as infrastructure automation tools? (Select TWO.)

AWS CloudFormation
Amazon CloudFront
AWS Batch
AWS OpsWorks
Amazon QuickSight
A

AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.

CORRECT: “AWS CloudFormation” is a correct answer.

CORRECT: “AWS OpsWorks” is also a correct answer.

INCORRECT: “Amazon CloudFront” is incorrect. Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.

INCORRECT: “AWS Batch” is incorrect. AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS.

INCORRECT: “Amazon QuickSight” is incorrect. Amazon QuickSight is a fast, cloud-powered business intelligence service that makes it easy to deliver insights to everyone in your organization.

18
Q

When using Amazon IAM, what authentication methods are available to use? (Select TWO.)

Client certificates
AWS KMS
AES 256
Access keys
Server certificates
A

Supported authentication methods include console passwords, access keys and server certificates.

Access keys are a combination of an access key ID and a secret access key and can be used to make programmatic calls to AWS.

Server certificates are SSL/TLS certificates that you can use to authenticate with some AWS services.

CORRECT: “Access keys” is a correct answer.

CORRECT: “Server certificates” is also a correct answer.

INCORRECT: “Client certificates” is incorrect. Client certificates are not a valid IAM authentication method.

INCORRECT: “AWS KMS” is incorrect. AWS Key Management Service (KMS) is used for managing encryption keys and is not used for authentication..

INCORRECT: “AES 256” is incorrect. AES 256 is an encryption algorithm, not an authentication method.

19
Q

What are the advantages of Availability Zones? (Select TWO.)

  • They are connected by low-latency network connections
  • They allow regional disaster recovery
  • They provide fault isolation
  • They enable the caching of data for faster delivery to end users
  • They enable you to connect your on-premises networks to AWS to form a hybrid cloud
  • Direct Connect is the technology that is used to connect your on-premises network to AWS to form a hybrid cloud.
A

Each AWS region contains multiple distinct locations called Availability Zones (AZs). Each AZ is engineered to be isolated from failures in other AZs. An AZ is a data center, and in some cases, an AZ consists of multiple data centers.

AZs within a region provide inexpensive, low-latency network connectivity to other zones in the same region. This allows you to replicate your data across data centers in a synchronous manner so that failover can be automated and be transparent for your users.

CORRECT: “They provide fault isolation” is a correct answer.

CORRECT: “They are connected by low-latency network connections” is also a correct answer.

INCORRECT: “They allow regional disaster recovery” is incorrect. An AZ enables fault tolerance and high availability for your applications within a region not across regions.

INCORRECT: “They enable the caching of data for faster delivery to end users” is incorrect. CloudFront is the technology that is used to enable caching of data for faster delivery to end users.

INCORRECT: “They enable you to connect your on-premises networks to AWS to form a hybrid cloud” is incorrect. Direct Connect is the technology that is used to connect your on-premises network to AWS to form a hybrid cloud.

20
Q

You need to run a production process that will use several EC2 instances and run constantly on an ongoing basis. The process cannot be interrupted or restarted without issue. What EC2 pricing model would be best for this workload?

Spot instances
Reserved instances
On-demand instances
Flexible instances

A

Reserved Instance (RIs) provide you with a significant discount (up to 75%) compared to On-Demand instance pricing. You have the flexibility to change families, OS types, and tenancies while benefitting from RI pricing when you use Convertible RIs.

In this scenario for a stable process that will run constantly on an ongoing basis RIs will be the most affordable solution.

CORRECT: “Reserved instances” is the correct answer.

INCORRECT: “Spot instances” is incorrect as the instance cannot be terminated.

INCORRECT: “On-demand instances” is incorrect as this would not be the most cost-effective option.

INCORRECT: “Flexible instances” is incorrect as there’s no such thing.

21
Q

Which IAM entity can be used for assigning permissions to AWS services?

IAM Role
IAM Access Key ID and Secret Access Key
IAM Policy
Security Token Service (STS)

A

With IAM Roles you can delegate permissions to resources for users and services without using permanent credentials (e.g. username and password). To do so you can create a role and assign an IAM policy to the role that has the permissions required.

CORRECT: “IAM Role” is the correct answer.

INCORRECT: “IAM Access Key ID and Secret Access Key” is incorrect. An access key ID and secret access key are assigned to IAM users and used for programmatic access using the API or CLI.

INCORRECT: “IAM Policy” is incorrect. An IAM policy is a policy document that is used to define permissions that can be applied to users, groups and roles. You don’t apply the policy to the service, you apply it to the role. The role is then used to assign permissions to the AWS service.

INCORRECT: “Security Token Service (STS)” is incorrect. This service is used for gaining temporary security credentials.

22
Q

Which service can be used to easily create multiple accounts?

AWS IAM
AWS Organizations
AWS CloudFormation
Amazon Connect”

A

AWS Organizations can be used for automating AWS account creation via the Organizations API.

CORRECT: “AWS Organizations” is the correct answer.

INCORRECT: “AWS IAM” is incorrect. You cannot use IAM for creating accounts.

INCORRECT: “AWS CloudFormation” is incorrect. You could theoretically use AWS CloudFormation to automate the account creation along with some scripting, but that is certainly not an easy way to reach this result.

INCORRECT: “Amazon Connect” is incorrect. Amazon Connect is a self-service, cloud-based contact center service that makes it easy for businesses to deliver better customer service at a lower cost.

23
Q

Which of the below AWS services supports automated backups as a default configuration?

Amazon S3
Amazon RDS
Amazon EC2
Amazon EBS

A

Amazon RDS automated backups allow point in time recovery to any point within the retention period down to a second. When automated backups are turned on for your DB Instance, Amazon RDS automatically performs a full daily snapshot of your data (during your preferred backup window) and captures transaction logs (as updates to your DB Instance are made). Automated backups are enabled by default and data is stored on S3 and is equal to the size of the DB

CORRECT: “Amazon RDS” is the correct answer.

INCORRECT: “Amazon S3” is incorrect. Amazon S3 objects are replicated across multiple facilities. You can also archive data onto Amazon Glacier and use versioning to maintain copies of older versions of objects

INCORRECT: “Amazon EC2” is incorrect. EC2 instances using EBS volumes can be backed up by creating a snapshot of the EBS volume.

INCORRECT: “Amazon EBS” is incorrect. EC2 instances using EBS volumes can be backed up by creating a snapshot of the EBS volume.

24
Q

How does the consolidated billing feature of AWS Organizations treat Reserved Instances that were purchased by another account in the organization?

  • Only the master account can benefit from the hourly cost benefit of the reserved instances
  • All accounts in the organization are treated as one account so any account can receive the hourly cost benefit
  • All accounts in the organization are treated as one account for volume discounts but not for reserved instances
  • AWS Organizations does not support any volume or reserved instance benefits across accounts, it is just a method of aggregating bills
A

For billing purposes, the consolidated billing feature of AWS Organizations treats all the accounts in the organization as one account. This means that all accounts in the organization can receive the hourly cost benefit of Reserved Instances that are purchased by any other account.

CORRECT: “All accounts in the organization are treated as one account so any account can receive the hourly cost benefit” is the correct answer.

INCORRECT: “Only the master account can benefit from the hourly cost benefit of the reserved instances” is incorrect as explained above.

INCORRECT: “All accounts in the organization are treated as one account for volume discounts but not for reserved instances” is incorrect as explained above..

INCORRECT: “AWS Organizations does not support any volume or reserved instance benefits across accounts, it is just a method of aggregating bills” is incorrect as explained above.

25
Q

To gain greater discounts, which services can be reserved? (Select TWO.)

Amazon RedShift
Amazon DynamoDB
Amazon S3
AWS Lambda
Amazon CloudWatch
A

Reservations provide you with greater discounts, up to 75%, by paying for capacity ahead of time. Some of the services you can reserve include: EC2, DynamoDB, ElastiCache, RDS, and RedShift.

CORRECT: “Amazon RedShift” is a correct answer.

CORRECT: “Amazon DynamoDB” is also a correct answer.

INCORRECT: “Amazon S3” is incorrect. You cannot reserve Amazon S3, you pay for what you use.

INCORRECT: “AWS Lambda” is incorrect. AWS Lambda is a service that provides functions and cannot be reserved.

INCORRECT: “Amazon CloudWatch” is incorrect. You cannot reserve Amazon CloudWatch which is a monitoring service.

26
Q

Under the AWS shared responsibility model, which of the following is an example of security in the AWS Cloud?

Managing edge locations
Physical security
Global infrastructure
Firewall configuration

A

Explanation
Firewall configuration is an example of “security in the cloud”. This is the customer’s responsibility, not an AWS responsibility.

CORRECT: “Firewall configuration” is the correct answer.

INCORRECT: “Managing edge locations” is incorrect. This is an example of “security of the cloud” and is an AWS responsibility.

INCORRECT: “Physical security” is incorrect. This is an example of “security of the cloud” and is an AWS responsibility.

INCORRECT: “Global infrastructure” is incorrect. This is an example of “security of the cloud” and is an AWS responsibility.

27
Q

Which statement best describes Amazon Route 53?

  • Amazon Route 53 is a service that enables routing within VPCs in an account
  • Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service
  • Amazon Route 53 enables hybrid cloud models by extending an organization’s on-premise networks into the AWS cloud
  • Amazon Route 53 is a service for distributing incoming connections between a fleet of registered EC2 instances
A

Explanation
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well.

CORRECT: “Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service” is the correct answer.

INCORRECT: “Amazon Route 53 is a service that enables routing within VPCs in an account” is incorrect. The VPC router performs routing within a VPC.

INCORRECT: “Amazon Route 53 enables hybrid cloud models by extending an organization’s on-premise networks into the AWS cloud” is incorrect. Direct Connect enables hybrid cloud models by extending an organization’s on-premise networks into the AWS cloud.

INCORRECT: “Amazon Route 53 is a service for distributing incoming connections between a fleet of registered EC2 instances” is incorrect. Auto Scaling is a service for distributing incoming connections between a fleet of registered EC2 instances.

28
Q

Which statement is true in relation to data stored within an AWS Region?

Data is always replicated to another region
Data is not replicated outside of a region unless you configure it
Data is automatically archived after 90 days
Data is always automatically replicated to at least one other availability zone

A

Explanation
Data stored within an AWS region is not replicated outside of that region automatically. It is up to customers of AWS to determine whether they want to replicate their data to other regions. You must always consider compliance and network latency when making this decision.

CORRECT: “Data is not replicated outside of a region unless you configure it” is the correct answer.

INCORRECT: “Data is always replicated to another region” is incorrect. Data is never replicated outside of a region unless you configure it.

INCORRECT: “Data is automatically archived after 90 days” is incorrect. Data is never automatically archived. You must configure data to be archived.

INCORRECT: “Data is always automatically replicated to at least one other availability zone

29
Q

When using Amazon RDS databases, which items are you charged for? (Select TWO.)

Outbound data transfer
Inbound data transfer
Multi AZ
Single AZ
Backup up to the DB size
A

Explanation
With Amazon RDS you are charged for the type and size of database, the uptime, any additional storage of backup (above the DB size), requests, deployment type (e.g. you pay for multi AZ), and data transfer outbound.

CORRECT: “Multi AZ” is a correct answer.

CORRECT: “Outbound data transfer” is also a correct answer.

INCORRECT: “Inbound data transfer” is incorrect as you do not pay for inbound data.

INCORRECT: “Single AZ” is incorrect as this is not something you pay an additional charge for.

INCORRECT: “Backup up to the DB size” is incorrect as you do not pay for backup storage up to the size of the database. You only pay for backup storage in excess of the database size.

30
Q

Which Compute service should be used for running a Linux operating system upon which you will install custom software?

Amazon ECS
Amazon EC2
Amazon EKS
AWS Lambda

A

Explanation
Amazon EC2 should be used when you need access to a full operating system instance that you can manage.

Amazon Elastic Container Service (ECS) and Amazon Elastic Container Service for Kubernetes (EKS) are used for running software containers, not full operating system instances.

AWS Lambda runs code as functions in response to events.

CORRECT: “Amazon EC2” is the correct answer.

INCORRECT: “Amazon ECS” is incorrect as explained above.

INCORRECT: “Amazon EKS” is incorrect as explained above.

INCORRECT: “AWS Lambda” is incorrect as explained above.

AWS Certified Cloud Practitioner (CCP) (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions