Exam1

Question 1

Which of the following is used to control network traffic in AWS? (Choose TWO)

Answer 1

Network Access Control Lists (ACLs)
Security Groups

Question 2

A company has an AWS Enterprise Support plan. They want quick and efficient guidance with their billing and account inquiries. Which of the following should the company use?

Answer 2

AWS Support Concierge

Question 3

A company is concerned that they are spending money on underutilized compute resources in AWS. Which AWS feature will help ensure that their applications are automatically adding/removing EC2 compute capacity to closely match the required demand?

Answer 3

AWS Auto Scaling

Question 4

What are the benefits of having infrastructure hosted in AWS? (Choose TWO)

Answer 4

All of the physical security and most of the data/network security are taken care of for you

Increasing speed and agility

Question 5

Which of the following are examples of AWS-Managed Services, where AWS is responsible for the operational and maintenance burdens of running the service? (Choose TWO)

Answer 5

Amazon DynamoDB
Amazon Elastic MapReduce

Other managed services include: AWS Lambda, Amazon RDS, Amazon Redshift, Amazon CloudFront, and several other services.

Question 6

Which of the following is NOT correct regarding Amazon EC2 On-demand instances?

Answer 6

You have to pay a start-up fee when launching a new instance for the first time

no startup or termination fees for EC2

Question 7

A company is planning to host an educational website on AWS. Their video courses will be streamed all around the world. Which of the following AWS services will help achieve high transfer speeds?

Answer 7

Amazon CloudFront

Question 8

Which of the below options are related to the reliability of AWS? (Choose TWO)

Answer 8

Automatically provisioning new resources to meet demand
Ability to recover quickly from failures

Question 9

In the AWS Shared responsibility Model, which of the following are the responsibility of the customer? (Choose TWO)

Answer 9

Setting password complexity rules
Configuring network access rules

Question 10

What does the AWS Personal Health Dashboard provide? (Choose TWO)

Answer 10

• Personalized view of AWS service health
  Recommendations for Cost Optimization

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

Question 11

Which service is used to ensure that messages between software components are not lost if one or more components fail?

Answer 11

Amazon SQS

Question 12

A company has decided to migrate its Oracle database to AWS. Which AWS service can help achieve this without negatively impacting the functionality of the source database?

Answer 12

AWS Database Migration Service

Question 13

What is the advantage of the AWS-recommended practice of “decoupling” applications?
*

Answer 13

Reduces inter-dependencies so that failures do not impact other components of the application

Question 14

What does AWS Snowball provide?

Answer 14

Secure transfer of large amounts of data into and out of the AWS Cloud
Built-in computing capabilities that allow customers to process data locally

   With AWS Snowball, you have the choice of two devices, Snowball Edge Compute Optimized with more computing capabilities, suited for higher performance workloads, or Snowball Edge Storage Optimized with more storage, which is suited for large-scale data migrations and capacity-oriented workloads.

Question 15

Which of the following must an IAM user provide to interact with AWS services using the AWS Command Line Interface (AWS CLI)?

Answer 15

Access keys

Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests to AWS using the CLI or the SDK.

Question 16

What is the AWS service that provides a virtual network dedicated to your AWS account?

Answer 16

Amazon VPC

Question 17

AWS allows users to manage their resources using a web based user interface. What is the name of this interface?

Answer 17

AWS Management Console

Question 18

You have AWS Basic support, and you have discovered that some AWS resources are being used maliciously, and those resources could potentially compromise your data. What should you do?

Answer 18

Contact the AWS Abuse team

Question 19

Hundreds of thousands of DDoS attacks are recorded every month worldwide. What service does AWS provide to help protect AWS Customers from these attacks? (Choose TWO)

Answer 19

AWS WAF
AWS Shield

Question 20

Which of the following is not a benefit of Amazon S3? (Choose TWO)

Answer 20

Amazon S3 can be scaled manually to store and retrieve any amount of data from anywhere

Amazon S3 can run any type of application or backend system

Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere – web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It’s a simple storage service that offers highly available, and infinitely scalable data storage infrastructure at very low costs. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry. S3 provides comprehensive security and compliance capabilities that meet even the most stringent regulatory requirements. It gives customers flexibility in the way they manage data for cost optimization, access control, and compliance. S3 provides query-in-place functionality, allowing you to run powerful analytics directly on your data at rest in S3. And Amazon S3 is the most supported cloud storage service available, with integration from the largest community of third-party solutions, systems integrator partners, and other AWS services.

   Amazon S3 stores any number of objects, but each object does have a size limitation. Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes.

Question 21

Which service provides DNS in the AWS cloud?

Answer 21

Route 53

Question 22

As part of the Enterprise support plan, who is the primary point of contact for ongoing support needs?

Answer 22

Technical Account Manager (TAM)

Question 23

Which of the below is a best-practice when designing solutions on AWS?

Answer 23

Automate wherever possible to make architectural experimentation easier

1- Stop guessing your capacity needs: Eliminate guessing about your infrastructure capacity needs. When you make a capacity decision before you deploy a system, you might end up sitting on expensive idle resources or dealing with the performance implications of limited capacity. With cloud computing, these problems can go away. You can use as much or as little capacity as you need, and scale up and down automatically.
2- Test systems at production scale: In the cloud, you can create a production-scale test environment on demand, complete your testing, and then decommission the resources. Because you only pay for the test environment when it’s running, you can simulate your live environment for a fraction of the cost of testing on premises.
3- Automate to make architectural experimentation easier: Automation allows you to create and replicate your systems at low cost and avoid the expense of manual effort. You can track changes to your automation, audit the impact, and revert to previous parameters when necessary.
4- Allow for evolutionary architectures: Allow for evolutionary architectures. In a traditional environment, architectural decisions are often implemented as static, one-time events, with a few major versions of a system during its lifetime. As a business and its context continue to change, these initial decisions might hinder the system’s ability to deliver changing business requirements. In the cloud, the capability to automate and test on demand lowers the risk of impact from design changes. This allows systems to evolve over time so that businesses can take advantage of innovations as a standard practice.
5- Drive architectures using data: In the cloud you can collect data on how your architectural choices affect the behavior of your workload. This lets you make fact-based decisions on how to improve your workload. Your cloud infrastructure is code, so you can use that data to inform your architecture choices and improvements over time.
6- Improve through game days: Test how your architecture and processes perform by regularly scheduling game days to simulate events in production. This will help you understand where improvements can be made and can help develop organizational experience in dealing with events.

Question 24

You want to run a questionnaire application for only one day (without interruption), which Amazon EC2 purchase option should you use?

Answer 24

• On-demand instances

Question 25

Which of the following can be described as a global content delivery network (CDN) service?

Answer 25

Amazon CloudFront

Question 26

In order to implement best practices when dealing with a “Single Point of Failure,” you should attempt to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help? (Choose TWO)
*

Answer 26

Auto Scaling*
ELB

Question 27

What does the “Principle of Least Privilege” refer to

Answer 27

You should grant your users only the permissions they need when they need them and nothing more

Question 28

What is the AWS feature that provides an additional level of security above the default authentication mechanism of usernames and passwords?

Answer 28

AWS MFA
(Correct)

Question 29

What is the AWS database service that allows you to upload data structured in key-value format?

Answer 29

Amazon DynamoDB

Question 30

What does AWS provide to deploy popular technologies - such as IBM MQ - on AWS with the least amount of effort and time?

Answer 30

AWS Quick Start reference deployments

Question 31

Which S3 storage class is best for data with unpredictable access patterns?

Answer 31

Amazon S3 Intelligent-Tiering

Question 32

A company has moved to AWS recently. Which of the following AWS Services will help ensure that they have the proper security settings? (Choose TWO)

Answer 32

AWS Trusted Advisor
(Correct)
*
Amazon Inspector

Question 33

Which statement is true regarding the AWS Shared Responsibility Model?

Answer 33

Responsibilities vary depending on the services used

Question 34

A company is introducing a new product to their customers, and is expecting a surge in traffic to their web application. As part of their Enterprise Support plan, which of the following provides the company with architectural and scaling guidance?

Answer 34

Infrastructure Event Management

Question 35

You have set up consolidated billing for several AWS accounts. One of the accounts has purchased a number of reserved instances for 3 years. Which of the following is true regarding this scenario?

Answer 35

All accounts can receive the hourly cost benefit of the Reserved Instances

Question 36

Which of the following is an example of horizontal scaling in the AWS Cloud?

Answer 36

Adding more EC2 instances of the same size to handle an increase in traffic

Question 37

Which of the following services allows customers to manage their agreements with AWS?

Answer 37

AWS Artifact

Question 38

A global company with a large number of AWS accounts is seeking a way in which they can centrally manage billing and security policies across all accounts. Which AWS Service will assist them in meeting these goals?
*

Answer 38

AWS Organizations

AWS Organizations has five main benefits:
1) Centrally manage access polices across multiple AWS accounts.
2) Automate AWS account creation and management.
3) Control access to AWS services.
4) Consolidate billing across multiple AWS accounts.
5) Configure AWS services across multiple accounts.

Question 39

You have deployed your application on multiple Amazon EC2 instances. Your customers complain that sometimes they can’t reach your application. Which AWS service allows you to monitor the performance of your EC2 instances to assist in troubleshooting these issues?

Answer 39

Amazon CloudWatch

Question 40

According to the AWS Acceptable Use Policy, which of the following statements is true regarding penetration testing of EC2 instances?

Answer 40

Penetration testing can be performed by the customer on their own instances without prior authorization from AWS

      AWS customers are welcome to carry out security assessments and penetration tests against their AWS infrastructure without prior approval for 8 services: 1- Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers. 2- Amazon RDS. 3- Amazon CloudFront. 4- Amazon Aurora. 5- Amazon API Gateways. 6- AWS Lambda and Lambda Edge functions. 7- Amazon Lightsail resources. 8- Amazon Elastic Beanstalk environments.

Question 41

An organization has a large number of technical employees who operate their AWS Cloud infrastructure. What does AWS provide to help organize them into teams and then assign the appropriate permissions for each team?

Answer 41

IAM Groups

Question 42

A Japanese company hosts their applications on Amazon EC2 instances in the Tokyo Region. The company has opened new branches in the United States, and the US users are complaining of high latency. What can the company do to reduce latency for the users in the US while minimizing costs?

Answer 42

Deploying new Amazon EC2 instances in a Region located in the US
(Correct)

Question 43

What does Amazon CloudFront use to distribute content to global users with low latency?
*

Answer 43

• AWS Edge Locations

Question 44

What do you gain from setting up consolidated billing for five different AWS accounts under another master account?

Answer 44

Each AWS account gets volume discounts

Question 45

A startup company is operating on limited funds and is extremely concerned about cost overruns. Which of the below options can be used to notify the company when their monthly AWS bill exceeds $2000? (Choose TWO)
*

Answer 45

Configure the AWS Budgets Service to alert the company when the threshold is exceeded
(Correct)
Setup a CloudWatch billing alarm that triggers an SNS notification when the threshold is exceeded
(Correct)

Question 46

Your company is developing a critical web application in AWS, and the security of the application is a top priority. Which of the following AWS services will provide infrastructure security optimization recommendations?

Answer 46

AWS Trusted Advisor
(Correct)

Question 47

Your company has a data store application that requires access to a NoSQL database. Which AWS database offering would meet this requirement?

Answer 47

Amazon DynamoDB

Question 48

The identification process of an online financial services company requires that new users must complete an online interview with their security team. The completed recorded interviews are only required in the event of a legal issue or a regulatory compliance breach. What is the most cost-effective service to store the recorded videos?
*

Answer 48

• Amazon S3 Glacier Deep Archive

Question 49

The principle “design for failure and nothing will fail” is very important when designing your AWS Cloud architecture. Which of the following would help adhere to this principle? (Choose TWO)

Answer 49

Elastic Load Balancing
*
Availability Zones

“Vertical Scaling” is incorrect. A “vertically scalable” system is constrained to running its processes on only one computer; in such systems, the only way to increase performance is to add more resources into one computer in the form of faster (or more) CPUs, memory, or storage. Vertical scaling may improve performance, but not fault-tolerance; because if this “one computer” fails, the whole system will fail.

Question 50

One of the most important AWS best-practices to follow is the cloud architecture principle of elasticity. How does this principle improve your architecture’s design?

Answer 50

By automatically provisioning the required AWS resources based on changes in demand

Question 51

Under the shared responsibility model, which of the following is the responsibility of AWS?

Answer 51

Configuring infrastructure devices

Question 52

Which of the following does NOT belong to the AWS Cloud Computing models?

Answer 52

Networking as a Service (NaaS)

Question 53

You have noticed that several critical Amazon EC2 instances have been terminated. Which of the following AWS services would help you determine who took this action?

Answer 53

AWS CloudTrail

Question 54

You work as an on-premises MySQL DBA. The work of database configuration, backups, patching, and DR can be time-consuming and repetitive. Your company has decided to migrate to the AWS Cloud. Which of the following can help save time on database maintenance so you can focus on data architecture and performance?

Answer 54

Amazon RDS

Amazon RDS can be used to host Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server databases.

Question 55

Skipped
A company has developed an eCommerce web application in AWS. What should they do to ensure that the application has the highest level of availability?

Answer 55

• Deploy the application across multiple Regions and Availability Zones

Question 56

How can you view the distribution of AWS spending in one of your AWS accounts?

Answer 56

By using AWS Cost Explorer

Question 57

What should you do in order to keep the data on EBS volumes safe? (Choose TWO)

Answer 57

Create EBS snapshots
Ensure that EBS data is encrypted at rest

Question 58

Which service provides object-level storage in AWS?

Answer 58

Amazon S3

Question 59

Select TWO examples of the AWS shared controls.

Answer 59

Patch Management
*
Configuration Management

Question 60

Which of the following helps a customer view the Amazon EC2 billing activity for the past month?

Answer 60

AWS Cost & Usage Reports

Question 61

Adjusting compute capacity dynamically to reduce cost is an implementation of which AWS cloud best practice?

Answer 61

Implement elasticity

Question 62

You are working on a project that involves creating thumbnails of millions of images. Consistent uptime is not an issue, and continuous processing is not required. Which EC2 buying option would be the most cost-effective?

Answer 62

Spot Instances

Question 63

What is the AWS service that enables AWS architects to manage infrastructure as code?

Answer 63

AWS CloudFormation

Question 64

An organization has decided to purchase an Amazon EC2 Reserved Instance (RI) for three years in order to reduce costs. It is possible that the application workloads could change during the reservation period.
What is the EC2 Reserved Instance (RI) type that will allow the company to exchange the purchased reserved instance for another reserved instance with higher computing power if they need to?

Answer 64

Convertible RI
When your needs change, you can exchange your Convertible Reserved Instances and continue to benefit from the reservation’s pricing discount. With Convertible RIs, you can exchange one or more Reserved Instances for another Reserved Instance with a different configuration, including instance family, operating system, and tenancy. There are no limits to how many times you perform an exchange, as long as the new Convertible Reserved Instance is of an equal or higher value than the original Convertible Reserved Instances that you are exchanging.

“Standard RIs” is incorrect. You cannot exchange Standard Reserved Instances, but you can modify them. You can modify attributes such as the Availability Zone, instance size (within the same instance family), and scope of your Reserved Instance (regional or zonal). Standard RIs provide the most significant discount (up to 72% off On-Demand) and are best suited for steady-state usage.

Question 65

A company is deploying a new two-tier web application in AWS. Where should the most frequently accessed data be stored so that the application’s response time is optimal?
*

Answer 65

• Amazon ElastiCache
  Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases.

Question 66

A developer is planning to build a two-tier web application that has a MySQL database layer. Which of the following AWS database services would provide automated backups for the application?

Answer 66

Amazon Aurora
Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud. Amazon Aurora combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases. It delivers up to five times the throughput of standard MySQL and up to three times the throughput of standard PostgreSQL. Amazon Aurora is designed to be compatible with MySQL and with PostgreSQL, so that existing applications and tools can run without requiring modification. It is available through Amazon Relational Database Service (RDS), freeing you from time-consuming administrative tasks such as provisioning, patching, backup, recovery, failure detection, and repair.