Exam style Questions

Question 1

How does Direct Connect Work?

Answer 1

Direct Connect is a dedicated network connection between your on-premises network and AWS VPC via a private connection. (not over the public internet)

Question 2

What is Site-to-Site VPN

connecting two sites

Answer 2

Site-to-Site VPN connects two sites (on-prem and AWS VPC) with a secure encrypted tunnel (VPN) over the public internet.

Connects 1 on-prem network to 1 AWS VPC

Question 3

What are the 3 main components of a Site-to-Site VPN connection?

Answer 3

Customer Gateway (CGW): Your on-premises router or software.

Virtual Private Gateway (VGW): AWS endpoint for one VPC.

Transit Gateway: Centralized hub connecting multiple VPCs and networks.

Question 4

How does Database Migration service work?

Answer 4

AWS DMS can be used to migrate data from an on-premises database to a database in AWS. However, AWS DMS does not migrate the actual server to an EC2 instance.

Question 5

A company has an on-premises Linux-based server with an Oracle database that runs on it. The company wants to migrate the database server to run on an Amazon EC2 instance in AWS.

Which service should the company use to complete the migration?

Answer 5

Application Migration Service is an automated lift-and-shift solution. This solution can migrate physical servers and any databases or applications that run on them to EC2 instances in AWS.

Question 6

How does AWS charge for AWS Lambda usage once the free tier has been exceeded? (Select TWO.)

Answer 6

Charged based on the runtime of the code

and

number of requests for your Lambda functions.

Question 7

What is Polly?

Answer 7

Text to speech service

Question 8

What is Transit Gateway?

Transit as data passing, Gateway a door connecting many netw + VPC

Answer 8

Hub that connects multiple VPCs and on-premises networks.

Question 9

What is the VPC Peering?

Answer 9

Direct, low-latency communication between two VPCs.

Question 10

What’s included in the basic support plan

Answer 10

Cost: Free for all AWS customers.

Features:
- Access to AWS documentation and whitepapers.
- Limited AWS Trusted Advisor core checks (e.g., service limits, security, fault tolerance and cost optimisation).
- AWS Personal Health Dashboard for service health updates.

Question 11

What’s included in the Developer support plan

Answer 11

Features:
- 24/7 Access to Cloud Support Engineers
- Response time: <24 hours for general support issues.
- Access to some AWS Trusted Advisor core checks (service limits, security, cost optimisation and fault tolerance)
- Access to the Personal Health Dashboard

Question 12

What’s included in the Business support plan

Answer 12

Features:
- 24/7 support via phone, chat, and email for production workloads.
Response time:
- <1 hour for urgent issues.
- <12 hours for non-urgent issues.
- Full AWS Trusted Advisor access with all checks
- Limited support for third-party software running on AWS.

Question 13

What’s included in the Enterprise support plan

Answer 13

Features:
- 24/7 access to senior AWS engineers.
- <15 minutes response time for critical issues.
- Dedicated Technical Account Manager (TAM) for proactive guidance.
- Full AWS Trusted Advisor access and AWS Infrastructure Event Management.
- Consultative architectural reviews and optimization planning.
- Support for third-party software and custom solutions.

Question 14

What are the 6 pillars of the Well-Architected Framework

CROPSS

Answer 14

CROPSS

C: Cost Optimization
R: Reliability
O: Operational Excellence
P: Performance Efficiency
S: Security
S: Sustainability

Question 15

Summarise Cost Optimisation?

Answer 15

Focuses on managing your cloud spend efficiently by choosing the right pricing models and scaling resources as needed.

It involves right-sizing your infrastructure to eliminate waste and tracking costs to avoid overspending.

Question 16

Summarise Reliability

Answer 16

systems can recover from failures and continue to operate at the desired performance level.

This includes using fault tolerance, redundancy, and monitoring to proactively detect and respond to issues.

Question 17

Summarise Operational Excellence

Answer 17

• automating operational processes
• monitoring systems for performance
• continuously improving operations.
• making frequent, small changes
• Infrastructure as code

Question 18

Summarise Performance efficiency

Answer 18

Ensures cloud resources are used effectively to meet evolving demands.

This includes selecting the right resources, scaling workloads dynamically, and continuously optimizing for performance.

Question 19

Summarise Security

Answer 19

Focuses on protecting systems, data, and assets from potential threats through robust identity management, encryption, and regular monitoring.

It ensures secure configurations and compliance with industry standards and regulations.

Question 20

Summarise Sustainability

Answer 20

Aims to reduce environmental impact by optimizing resource usage and minimizing carbon emissions.

Question 21

What is a report that can break down cloud costs by product, by company defined tags ans by hour, day and month?

Answer 21

AWS Cost and Usage Report (CUR)

Question 22

What does Xray do ?

Answer 22

It provides a complete view of requests as they travel through your application good for debugging and generates a map of your application’s architecture, showing how different services interact with each other.

Question 23

Differences between AWS Inspector and AWS GuardDuty?

Answer 23

AWS Inspector = Automated security assessments on EC2 and containerised applications (vulnerabilities, misconfigurations).

AWS GuardDuty = Continuous threat detection service for malicious or unauthorised behaviour.

Monitors AWS CloudTrail logs, VPC flow logs, and DNS logs for suspicious activity.

Question 24

What are Outposts

Answer 24

Outposts provide a hybrid solution by placing AWS infrastructure (like compute and storage) on the customer’s on-prem data centers.

Customers can run AWS services like EC2, EBS, and RDS on these Outposts, allowing for seamless integration between on-prem and AWS cloud environments.

Question 25

What are local zones?

Answer 25

Local Zones are extensions of AWS Regions, providing localized access to AWS compute, storage, and networking services in select metropolitan areas.

Question 26

What is direct connect?

Answer 26

A dedicated private connection from your on-premises data center to AWS.

• a physical connection between your on-premises network and AWS, bypassing the public internet.

Question 27

What is Transit Gateway

Answer 27

A hub to connect multiple VPCs within AWS to your on-premises network.

Question 28

What does the “Effect” in an S3 bucket policy specify?

Effect = Outcome (allow or deny)

Answer 28

Whether access is allowed or denied

Question 29

Which action would you use to allow users to upload objects to an S3 bucket?

Answer 29

s3:PutObject

Question 30

In an S3 bucket policy, how is the resource typically defined?

Answer 30

By the Amazon Resource Name (ARN) of the bucket or object

Question 31

What does the “Principal” element in an S3 bucket policy define?

Answer 31

The entity (e.g., IAM user or account) the policy applies to

Question 32

What is the purpose of the “Condition” element in an S3 bucket policy?

“Conditions = When, Where, and How”

Answer 32

Conditions are rules or filters that specify when or under what circumstances a policy is applied.
- When: The condition specifies when a request should be allowed or denied (e.g., time of day, request origin).
- Where: It can specify where the request is coming from (e.g., a particular IP address or VPC).
- How: It can dictate how the request should be made (e.g., encrypted connections, MFA authentication).

Question 33

What are the 6 perspectives of the Cloud Adoption Framework (CAF)?

“Big People Govern Platforms, Secure Operations.”

Answer 33

• Business: Ensure cloud adoption drives value for the business by improving processes, reducing costs, and creating new opportunities.
• People: Build and empower the right teams with the skills and culture necessary to succeed in a cloud environment.
• Governance: Managing risk and ensuring compliance with policies.
• Platform: Designing and building the cloud environment.
• Security: Protecting data and applications from threats.
• Operations: Managing and optimizing cloud resources.

Question 34

What is the Business Perspective in CAF, and who are the stakeholders?

Answer 34

• Purpose: Aligns IT investments to business needs and outcomes.
• Stakeholders: CEO, CFO, COO, CIO, CTO

Question 35

What is the People Perspective in CAF, and who are the stakeholders?

Answer 35

• Purpose: Focuses on workforce, leadership, and continuous learning culture.
• Stakeholders: CIO, COO, Cloud Director, enterprise-wide leaders

Question 36

What is the Governance Perspective in CAF, and who are the stakeholders?

Answer 36

• Purpose: Orchestrates cloud initiatives.
• Stakeholders: Chief Transformation Officer, Risk Officer, CIO, CFO

Question 37

What is the Platform Perspective in CAF, and who are the stakeholders?

Answer 37

• Purpose: Ensures scalable, enterprise-grade platforms for cloud-native solutions.
• Stakeholders: CTO, architects, tech leads, engineers

Question 38

What is the Security Perspective in CAF, and who are the stakeholders?

Answer 38

• Purpose: Ensures data confidentiality, integrity, and availability.
• Stakeholders: CSO, audit leads, security architects, engineers

Question 39

What is the Operations Perspective in CAF, and who are the stakeholders?

Answer 39

• Purpose: Ensures cloud services meet delivery needs.
• Stakeholders: SREs, IT managers, infrastructure teams

Question 40

What are the serverless servers in AWS?

Answer 40

AWS Lambda
AWS Fargate
Amazon Aurora Serverless
Amazon DynamoDB
Amazon S3
Amazon API Gateway
Amazon EventBridge
AWS Step Functions
Amazon SNS (Simple Notification Service)
Amazon SQS (Simple Queue Service)
Amazon Kinesis Data Streams
Amazon Kinesis Firehose

Question 41

What is the Systems Manager ?

Answer 41

• Manage EC2 instances and on-premises servers from a centralized platform.
• Automate tasks like patching, updates, and configuration management.
• Securely access and control instances without traditional login methods.
• Store and retrieve application settings securely.

Question 42

What is the difference between AWS Partner Network (APN) Technology vs Consulting Partner?

Answer 42

• Consulting Partners: Offer professional services to implement and manage AWS solutions.
• Technology Partners: Provide software products and tools that integrate with AWS services.

Question 43

Which AWS service providers automated backups of data by default?

Answer 43

Many AWS services like RDS, DynamoDB, and Aurora offer automated backups by default, others, such as EBS and EC2, require configuration for automation.

Question 44

What is AppStream ?

Answer 44

Amazon AppStream 2.0 enables organizations to stream applications securely to users, so users can access application without installing it on their device

Question 45

What are the 6 trusted advisor categories?

“Cloud Practices Secure Fast Scalable Solutions.”

Answer 45

Cost Optimization
Provides - recommendations to help reduce costs (e.g., identifying underutilized instances, recommending Reserved Instances).

Performance
- Suggests improvements to enhance performance (e.g., instance type changes).

Security
- Offers advice on improving security (e.g., reviewing open security groups, checking IAM permissions).

• Fault Tolerance
  Helps ensure your environment is resilient by recommending actions like multi-AZ deployments.

Service Limits
- Alerts when your resources are approaching service limits, helping you avoid service disruptions.

Sustainability
- No information provided here, but would focus on practices to reduce environmental impact.

Question 46

How does an Elastic load balancer work?

Answer 46

ELB distributes traffic evenly across all healthy targets in each of the specified AZs.

Traffic between AZs is encrypted by default

Question 47

What is AWS Kinesis Data ?

Answer 47

Amazon Kinesis Data is a suite of managed services within AWS designed for real-time data streaming, ingestion, and processing at scale. It allows you to collect, process, and analyze streaming data in real time, enabling quick insights and actions.

Question 48

What is server-side encryption

Answer 48

Data is encrypted by the server after it is uploaded and before it is stored. Data is proctected while stored (At rest)

Question 49

What is client-side encryption

Answer 49

Data is encrypted by the client before it is uploaded to the server.

Data is protected during transfer using TLS/SSL (in transit)

Question 50

Which Pillar of the Well Architected Framework focuses on using computing resources efficiently to meet system requirements.

Answer 50

Performance efficiency

(Right-sizing resources to match workload requirements.)

Question 51

What Pillar focuses on Continuous improvement, monitoring and automation ?

Answer 51

Operational Excellence

Question 52

What pillar focuses on recovering from failures and maintaining availability

Answer 52

Reliability

Question 53

What Pillar focuses on avoiding unnecessary costs

Answer 53

Cost Optimization

Question 54

What is Control Tower?

Answer 54

A centralised account management app. You can create multiple AWS accounts within an organisation and govern it at scale.

You can automate setup, and apply governance and security policies across multiple accounts.

Question 55

What instance type is best for steady state workloads?

Answer 55

Reserved Instance?

Question 56

What do VPC flow logs show?

Answer 56

VPC Flow Logs provide detailed information about the network traffic going to and from network interfaces in your Amazon Virtual Private Cloud (VPC). They capture information about IP traffic and are valuable for monitoring and troubleshooting network performance and security issues.

Question 57

What does Xray do and how is it different to Trusted Advisor?

Answer 57

X-Ray focuses on tracing requests and debugging application performance in a distributed system, often at the application level.

Trusted Advisor provides best practice recommendations for optimizing your AWS environment across various dimensions like cost, security, and performance.

Question 58

What is Comprehend?

Answer 58

Comprehend is a specialized NLP service for analyzing and extracting insights from text data.
it helps you to comprehend insight from text data

Question 59

What is Sagemaker

Answer 59

SageMaker is a general-purpose machine learning platform for building, training, and deploying ML models,

Question 60

What is the Minimum credential for AWS CLI?

Answer 60

Access keys

Question 61

What are local zones?

Answer 61

AWS Local Zones are extensions of an AWS Region that place compute, storage, and other AWS services closer to users to reduce latency

Question 62

DIfference between CodeStar and Cloud9?

Answer 62

CodeStar is a development platform where you can manage the entire software development lifecycle (SDLC). It integrates various AWS developer tools (e.g., CodeCommit, CodeBuild, CodeDeploy, CodePipeline) for continuous integration and continuous delivery (CI/CD).

Cloud9 is a cloud-based integrated development environment (IDE) that allows developers to write, run, and debug code directly from the browser.

Question 63

What is AppSync?

Answer 63

AppSync is designed to simplify the development of GraphQL-based APIs, especially for real-time, serverless, and offline-capable applications, while integrating with various AWS data services.

Question 64

What is security hub ?

Answer 64

Security Hub shows findings from AWS services like Amazon GuardDuty, Amazon Inspector, AWS IAM Access Analyzer, AWS Firewall Manager, and others, as well as from third-party security tools.

Question 65

What are the ways to connect an on-premises network to an Amazon VPC (Virtual Private Cloud)?

Answer 65

Site-to-Site VPN - secure and encrypted connection between an on-premises network and an AWS VPC over the public internet

Direct Connect - dedicated connection between your on-premises network and AWS VPC via a private connection.

Transit Gateway - Connect multiple VPCs, on-prem networks via VPN Or Direct Connect

VPC Peering - Allows two VPCs to communicate with each other over private IP addresses.

Question 66

What tool enables customers without an AWS account to estimate costs for almost all services

Answer 66

Simple Monthly Calculator (now replaced by the AWS Pricing Calculator)

Question 67

What service helps to deploy, scale, and manage third-party virtual appliances like firewalls, intrusion detection/prevention systems (IDS/IPS)

Answer 67

Gateway Load Balancer (GWLB)

Question 68

How can a company consolidate billing with another company ?

Answer 68

The management account invites the other company’s AWS account(s) to join the organization.

Once accepted, Consolidated billing is automatically enabled in AWS Organizations.

Question 69

IAM Role vs Group vs Policy?

Answer 69

A Role is A set of permissions you can assign to entities (users, services, or applications) temporarily. Allows trusted entities to perform specific tasks without long-term credentials.

A Group is a collection of users with shared permissions.

A Policy is document (JSON) defining allow/deny permissions for AWS resources. Attached to Users, Groups, or Roles and controls who can do what on which resources.

Question 70

What does Device Farm do?

Answer 70

AWS Device Farm is a service that allows you to test your mobile and web applications across a wide range of real devices and browsers in the cloud.

Question 71

What is Storage Gateway?

Answer 71

AWS Storage Gateway is a hybrid cloud storage service that provides seamless integration between on-premises environments and AWS cloud storage.

Question 72

What service enables ultra-low-latency applications by bringing AWS compute and storage services closer to end-users through telecommunication providers’ 5G networks.

Answer 72

AWS Wavelength

Question 73

What is a Trusted Advisor feature exclusively for Business and Enterprise users?

Answer 73

AWS Support API

Question 74

VPC vs VPN?

Answer 74

VPC is a virtual network in the cloud, a container for your resources (like EC2 instances)
whereas VPN is a secure connection that links a network (such as an on-premises network) to another network (like a VPC)

Question 75

What Service supports the analysis, investigation and identifications of the root cause of security events and suspicious activity

Answer 75

Dectective

Question 76

AWS Detective vs Inspector

Answer 76

AWS Detective focuses on security investigations and helps with incident response by analyzing and visualizing logs, while AWS Inspector is about automated security assessments, scanning for vulnerabilities and misconfigurations in your resources.

Question 77

Which managed AWS Service assists with the creation, testing and management of Amazon EC2 images?

Answer 77

EC2 Image Builder