Final Exam Flashcards

1
Q

Which Service belong all to the AWS serverless Platform?

AWS Lambda, AWS Fargate, Amazon S3, Amazon EFS, Amazon DynamoDB, Amazon API Gateway, Amazon SNS, AWS Step FUnctions, Amazon EC2, Amazon Athena.

AWS Lambda, AWS Fargate, Amazon S3, Amazon EFS, Amazon DynamoDB, Amazon API Gateway, Amazon SNS, AWS Step Functions, Amazon Kinesis, Amazon Athena.

AWS Lambda, AWS Fargate, Amazon S3, Amazon EFS, Amazon Lightsail, Amazon API Gageway, Amazon SNS, Amazon Step Functions, Amazon Kinesis, Amazon Athena.

AWS Lambda, AWS Fargate, Amazon S3, Amazon RDS, DynamoDB, Amazon API Gateway, Amazon SNS, AWS Step Functions, Amazon Kinesis, Amazon Athena.

A

AWS Lambda, AWS Fargate, Amazon S3, Amazon EFS, Amazon DynamoDB, Amazon API Gateway, Amazon SNS, AWS Step Functions, Amazon Kinesis, Amazon Athena.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following services have Distributed Denial of Services DDoS attack mitigation features?

A. AWS KMS

B. Amazon Route 53

C. AWS Cloud trail

D. AWS WAF

A

B. Amazon Route 53

D. AWS WAF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Under the AWS shared responsibility model, who is responsible for Security and Compliance?

A. AWS is Responsible

B. The Customer is Responsible

C. AWS and the customer share responsibility

D. AWS is responsible for Security, and the customer is responsible for Compliance

A

C. AWS and the customer share responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which AWS sercice can you use to establish dedicated network connection between your on-premises applications and AWS resources?

A. AWS Snowball

B. AWS Storage Gateway

C. AWS Sheild

D. AWS Direct Connect

A

D. AWS Direct Connect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which if the following are advantages of Cloud Computing? Choose 2

A. Stop Worrying about Security

B. Trade capital expense for variable expense

C. Compliance with all local regulations

D. Benefit from massive economies of scale

A

B. Trade capital expense for variable expense

D. Benefit from massive economies of scale

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which AWS Calculator can be used to estimate the cost savings when using AWS Cloud instead of using on-premises or traditional hosting environments?

A. AWS Cost Explorer

B. AWS Budgets

C. AWS Total cost of ownership Calculator (TCO Calculator)

D. AWS Simple Monthly Calculator

A

C. AWS Total cost of ownership Calculator (TCO Calculator)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following are included in the Entreprise AWS Support plan?

A. A designated Technical Account Manager (TAM)

B. Code Development

C. Well-Architected Reviews, and Operations Reviews

D. Performing ststem administration tasks

A

A. A designated Technical Account Manager (TAM)

C. Well-Architected Reviews, and Operations Reviews

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is the Amazon EC2 pricing model that gives the highest discount?

A. No upfront reserved instances for a 3 year term

B. All upfront reserced instances for a 1 year term

C. Partial upfront reserved instances for a 1 year term

D. All upfront reserved instances for a 3 year term

A

D. All upfront reserved instances for a 3 year term

You get the best discount when you pay all upfront your reserved instances for a 3 year term

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following AWS services can be used to store and archive data for 5 years at the lowest cost?

A. Amazon S3 Glacier

B. Amazon S3

C. Amazon EFS

D. Amazon Snowball

A

A. Amazon S3 Glacier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which AWS service provides alerts and remediation guidance when AWS is experiencing events that may impact your AWS resources?

A. AWS Service Health Dashboard

B. AWS Personal Health Dashboard

C. AWS Cloudwatch

D. AWS X-Ray

A

B. AWS Personal Health Dashboard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Amazon Glacier

A

Amazon Glacier is an online file storage web service that provides storage for data archiving and backup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Amazon Relational Database Service (RDS)

A

Amazon Relational Database Service is a distributed relational database service by Amazon Web Services. It is a web service running “in the cloud” designed to simplify the setup, operation, and scaling of a relational database for use in applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AWS Snowball

A

Description: Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Amazon Redshift

A

Amazon Redshift is a data warehouse product which forms part of the larger cloud-computing platform Amazon Web Services. The name means to shift away from Oracle, red being an allusion to Oracle, whose corporate color is red and is informally referred to as “Big Red.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Amazon Elastic File System (EFS)

A

Amazon Elastic File System is a cloud storage service provided by Amazon Web Services designed to provide scalable, elastic, concurrent with some restrictions, and encrypted file storage for use with both AWS cloud services and on-premises resources. Wikipedia

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is ` advantage of the Amazon (RDS)

A. It Simplifies relational database administration tasks.

B. It provides 99.9999999% reliability and durability

C. It automatically scales databases for loads.

D. It enabled users to dynamically adjust CPU and RAM resources

A

A. It Simplifies relational database administration tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
A customer needs to run a MySQL database that easily scales. Which AWS service should they use? 
A.   Amazon Aurora
B.  Amazon Redshift
C.  Amazon DynamoDB
D. Amazon ElastiCache
A

A. Amazon Aurora

A.
B.
C.
D.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

AWS Cloudwatch

A

Monitoring service for your resources, and applications you run on AWS (Think Personal Trainer) Monitor CPU, Network, Disk, Status Check. you can write a script that will send it back to cloudwatch. See how many people were logged into wordpress site for example

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

AWS Config

A

Provides a detailed view of configuration from the past so you can see how they changed over time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

AWS Inspector

A

Security assessment service to improve compliance of applications deployed on AWS. Looks for vulnerabilities then gives a detailed report based on severity. Associated w/ EC2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

AWS Trusted Advisor

A

Think of the 5 icons, Helps reduce cost, increase performance, and improve security, advise on Fault Tolerance and service limits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

CloudTrail

A

Like a CCTV Records everything in the Environment so you can see if someone has created a new user or group or role you can see that info in S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

EC2

A

Virtual Server in the Cloud and it reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity both up and down as your computing requirements change.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Elastic Beanstalk

A

Provision load balancers, EC2 instances, Security groups etc at the click of a button. Deploy AWS Resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Cloudformation

A

AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS and third-party resources, and provision and manage them in an orderly and predictable fashion. Think of Creating a template that can be launched quickly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

AWS Tags

A

Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment. This is useful when you have many resources of the same type—you can quickly identify a specific resource based on the tags that you’ve assigned to it. (data about data)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
Which of the following components of the AWS Global Infrastructure consists of one of the more discrete data centers interconnected through low latency links?
A. Availability Zone   
B. Edge Location
C. Region
D. Private Networking
A

A. Availability Zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following is a shared control between the customer and AWS?
A. Providing a key for Amazon S3 Client Side encryption
B. Configuration of an Amazon EC2 instance
C. Environmental controls of physical AWS data centers
D. Awareness and Training

A

D. Awareness and Training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q
How many Availability Zones should compute resources be provisioned across to achieve high availability?
A. A minimum of 1
B. A minimum of 2
C. A minimum of 3
D. A minimum of 4 or more
A

B. A minimum of 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

You need to stream data in real-time for a dashboard application. Which AWS service would you use?

AWS Kinesis
AWS CloudWatch
AWS CloudTrail
Amazon RedShift

A

AWS Kinesis

Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. https://aws.amazon.com/kinesis/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

AWS CloudWatch

A

CloudWatch collects data, but the intent is not to collect real-time data for streaming. https://aws.amazon.com/cloudwatch/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A travel company has an application that serves customers worldwide. Which AWS service can speed up delivery of content to this widespread customer base?

CodeDeploy
OpsWorks
CloudFront
S3

A

CloudFront

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. https://aws.amazon.com/cloudfront/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

CodeDeploy

A

CodeDeploy can not be used to deliver content to customers worldwide. AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers. https://aws.amazon.com/codedeploy/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A new application rolled out by the development team is going to require load balancing of HTTP and HTTPS traffic. Which Load Balancer is best suited for this type of traffic?

HTTP Load Balancer
Classic Load Balancer
Network Load Balancer
Application Load Balancer

A

Application Load Balancer

Application Load Balancer is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers. https://aws.amazon.com/elasticloadbalancing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Network Load Balancer

A

Network Load Balancer is best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic where extreme performance is required. https://aws.amazon.com/elasticloadbalancing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Your design team has recommended the need to distribute incoming traffic across multiple EC2 instances and also across multiple availability zones. Which AWS service can accomplish this?

CloudFormation
Elastic Load Balancer
Auto Scaling Group
CloudFront

A

Elastic Load Balancer

Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault-tolerant. https://aws.amazon.com/elasticloadbalancing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Auto Scaling Group

A

The Auto Scaling Group creates and manages scaling out and scaling in the EC2 instances, but it does not handle the distribution of traffic to those instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

A colleague tells you about a service that uses machine learning to discover and protect sensitive data stored in S3 Buckets. Which AWS service does this?

Macie
Rekognition
Cognito
Inspector

A

Macie

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. https://aws.amazon.com/macie/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Rekognition

A

Amazon Rekognition makes it easy to add image and video analysis to your applications using proven, highly scalable, deep learning technology that requires no machine learning expertise to use. With Amazon Rekognition, you can identify objects, people, text, scenes, and activities in images and videos, as well as to detect any inappropriate content. Amazon Rekognition also provides highly accurate facial analysis and facial search capabilities that you can use to detect, analyze, and compare faces for a wide variety of user verification, people counting, and public safety use cases. https://aws.amazon.com/rekognition/?blog-cards.sort-by=item.additionalFields.createdDate&blog-cards.sort-order=desc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A developer is trying to programmatically retrieve information from an EC2 instance such as public keys, ip address, and instance id. From where can this information be retrieved?

CloudWatch Logs
Instance Snapshot
Instance userdata
Instance metadata

A

Instance metadata

This type of data is stored in Instance metadata.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

CloudWatch Logs

A

You can use CloudWatch Logs to monitor applications and systems using log data. For example, CloudWatch Logs can track the number of errors that occur in your application logs and send you a notification whenever the rate of errors exceeds a threshold you specify.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Your company hosts gaming applications online and would like to deliver these apps to a worldwide audience. Which AWS Service would enable delivery to users worldwide and greatly improve response times?

Elasticache
DynamoDB
CloudFormation
CloudFront

A

CloudFront

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Elasticache

A

Amazon ElastiCache allows you to seamlessly set up, run, and scale popular open-Source compatible in-memory data stores in the cloud. Build data-intensive apps or boost the performance of your existing databases by retrieving data from high throughput and low latency in-memory data stores. It is not for delivery. https://aws.amazon.com/elasticache/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which storage service can provide very high durability storage for Objects?

DynamoDB
Amazon Aurora
RDS MySQL
Amazon S3

A

Amazon S3

S3 provides high durability storage of objects. https://aws.amazon.com/s3/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

DynamoDB

A

DynamoDB is a NoSQL database. It is ideal for storing key-value pairs.

https://aws.amazon.com/dynamodb/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

A company is migrating to the AWS Cloud. They need to set up DNS in the cloud. Which service is a highly available and scalable cloud DNS service in AWS?

CloudFront
Route 53
Amazon Macie
Amazon VPC

A

Route 53

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect. Amazon Route 53 is fully compliant with IPv6 as well. https://aws.amazon.com/route53/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Amazon VPC

A

DNS will certainly interact with resources in your VPC, but VPC itself does not provide DNS services. https://aws.amazon.com/vpc/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Several S3 Buckets have been deleted, and a few EC2 instances have been terminated. Which AWS service can you use to determine who took these actions?

AWS Inspector
Trusted Advisor
AWS CloudWatch
AWS CloudTrail

A

AWS CloudTrail

CloudTrail provides the event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

AWS CloudWatch

A

CloudWatch provides events and alarms, and could potentially be set up to be triggered when an EC2 instance is terminated, but will not provide detailed information over who and when the action was taken.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

A software company is looking for a tool to automate their deployments from end to end. Which AWS service can provide this continuous delivery functionality?

CodePipeline
CodeBuild
CodeCommit
CodeDeploy

A

CodePipeline

AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This enables you to rapidly and reliably deliver features and updates. https://aws.amazon.com/codepipeline/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

CodeDeploy

A

AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers. https://aws.amazon.com/codedeploy/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

A financial company needs to migrate large amounts of data, at a petabyte-scale, to AWS. Which AWS service can perform this type of migration?

Database Migration Service
API Gateway
AWS Data Pipeline
AWS Snowball

A

AWS Snowball

Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. https://aws.amazon.com/getting-started/projects/migrate-petabyte-scale-data/services-costs/#:~:text=Description%3A%20Snowball%20is%20a%20petabyte,transfer%20times%2C%20and%20security%20concerns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Database Migration Service

A

It would not be practical to use this service for such a large migration. Additionally, it has not been specified that this data is all contained within a database. https://aws.amazon.com/dms/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

You have been tasked with developing a plan to move applications to AWS and use AWS services to house code, build, and deploy these applications. Which AWS service will allow you to host Git-based repositories?

AWS CodeDeploy
GitHub
AWS CodeBuild
AWS CodeCommit

A

AWS CodeCommit

AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools. https://aws.amazon.com/codecommit/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

AWS CodeDeploy

A

CodeDeploy does not house git repositories. AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers. https://aws.amazon.com/codedeploy/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

You have infrequently accessed data in S3 buckets that you want to transfer to Glacier. What can you use in AWS to do this?

Cross Origin Resource Sharing (CORS)
Database Migration Service
Bucket Policy
S3 Lifecycle Policy

A

S3 Lifecycle Policy

You can add rules in an S3 Lifecycle configuration to tell Amazon S3 to transition objects to another Amazon S3 storage class. For example:

When you know that objects are infrequently accessed, you might transition them to the S3 Standard-IA storage class.

You might want to archive objects that you don’t need to access in real time to the S3 Glacier storage class. https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-transition-general-considerations.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Database Migration Service

A

AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases. https://aws.amazon.com/dms/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

In order to improve fault tolerance, you would like to begin using services that provide fault tolerance. Which AWS services provide automatic replication across Availability Zones? (Choose 2)

S3
EC2
DynamoDb
VPC

A

DynamoDb- DynamoDB provides this replication.

S3- S3 provides this replication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Several EC2 instances in a public subnet need internet access. Which will you configure as one step in granting internet access?

NAT Gateway
VPC Peering
Internet Gateway
API Gateway

A

Internet Gateway

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

API Gateway

A

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. APIs act as the “front door” for applications to access data, business logic, or functionality from your backend services. Using API Gateway, you can create RESTful APIs and WebSocket APIs that enable real-time two-way communication applications. API Gateway supports containerized and serverless workloads, as well as web applications. https://aws.amazon.com/api-gateway/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

A company needs to use a Load Balancer which can serve traffic at the TCP, and UDP layers. Additionally, it needs to handle millions of requests per second at very low latencies. Which Load Balancer should they use?

TCP Load Balancer
Classic Load Balancer
Application Load Balancer
Network Load Balancer

A

Network Load Balancer

Network Load Balancer is best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies. https://aws.amazon.com/elasticloadbalancing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

You have been tasked with going into the AWS company account and getting information on saving money, improving system performance and reliability, and closing security gaps. Which tool can you use to get this information?

AWS Inspector
AWS Trusted Advisor
AWS Cost and Usage Report
CloudWatch

A

AWS Trusted Advisor

AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. Trusted Advisor helps optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits. https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

63
Q

A development team has created a large amount of CloudFormation templates in the JSON format. Which AWS database can store these documents?

Amazon RedShift
DynamoDB
Amazon Aurora
AWS MySQL

A

DynamoDB -
The latest Amazon DynamoDB update added support for JSON data, making it easy to store JSON documents in a DynamoDB table while preserving their complex and possibly nested shape. Now, the AWS SDK for .NET has added native JSON support, so you can use raw JSON data when working with DynamoDB. This is especially helpful if your application needs to consume or produce JSON (for instance, if your application is talking to a client-side component that uses JSON to send and receive data), as you no longer need to manually parse or compose this data. https://aws.amazon.com/blogs/developer/dynamodb-json-support/

64
Q

Your company utilizes DNS and wants to migrate DNS and management of DNS to the cloud. Which AWS service would you use?

Route 53
CloudFormation
CloudFront
Application Load Balancers

A

Route 53

Amazon Route 53 provides highly available and scalable Domain Name System (DNS) services, domain name registration, and health-checking web services. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like example.com into the numeric IP addresses, such as 192.0.2.1, that computers use to connect. https://aws.amazon.com/route53/

65
Q

You are trying out AWS on a trial basis and need to deploy an application without having to configure servers. Which AWS service can you use?

Elastic Beanstalk
Auto Scaling
ECS
CloudFormation

A

Elastic Beanstalk

AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. https://aws.amazon.com/elasticbeanstalk/

66
Q

AWS Trusted Advisor provide checks in 5 different categories. Which item is not one of those checks?

Fault Tolerance
Cost Optimization
Security
Elasticity

A

Elasticity

Although this is a valued concept in AWS, it is not one of the 5 checks provided in Trusted Advisor.

67
Q

Upon venturing into using the AWS Cloud, your company decides to follow the 5 pillars of the AWS Well Architected Framework. Which items are pillars of the Well Architected Framework? (Choose 2)

Ease of Use
Elasticity
Reliability
Operational Excellence
Scalability
A

Operational Excellence

The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to improve supporting processes and procedures continually. https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

Reliability

The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

68
Q

You suspect that one of the AWS services your company is using has gone down. How can you check on the status of this service?

AWS Organizations
AWS Personal Health Dashboard
AWS Trusted Advisor
Amazon Inspector

A

AWS Personal Health Dashboard

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

The dashboard displays relevant and timely information to help you manage events in progress, and provides proactive notifications to help you plan for scheduled activities. With Personal Health Dashboard, alerts are triggered by changes in the health of AWS resources, giving you event visibility and guidance to help quickly diagnose and resolve issues. https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

69
Q

Your company has decided to use Amazon WorkSpaces. They can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes. What type of solution is this?

DaaS
PaaS
IaaS
SaaS

A

DaaS

Amazon WorkSpaces provides a Desktop as a Service (DaaS) solution. https://aws.amazon.com/workspaces/?workspaces-blogs.sort-by=item.additionalFields.createdDate&workspaces-blogs.sort-order=desc

70
Q

PaaS

A

A good example of PaaS is AWS Elastic Beanstalk. Platforms as a Service remove the need for organizations to manage the underlying infrastructure (usually hardware and operating systems) and allow you to focus on the deployment and management of your applications.

71
Q

A video production company uploads large video files to S3 buckets using multipart upload. To which AWS Cloud best practice does this adhere?

Decouple your components
Implement Elasticity
Design for Failure
Think Parallel

A

Think Parallel

Multipart uploads use multi-threading to upload large files to S3 buckets in parallel (the parts of the file are uploaded in parallel). Reference: Architecting in the Cloud.

72
Q

Which statement below is one of the 6 advantages of cloud computing?

Easily guess capacity.
Trade variable expense for capital expense.
Benefit from increased speed and agility.
Benefit from minor economies of scale.

A

Benefit from increased speed and agility.

Increase speed and agility – In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization since the cost and time it takes to experiment and develop is significantly lower.

https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

73
Q

Your company has decided to migrate entirely to the AWS Cloud. Which answers are a part of the 6 advantages of cloud computing?

Benefit from minor economies of scale.
Go global in minutes.
Trade variable expense for capital expense.
Stop spending money running and maintaining data centers.

A

Go global in minutes

Go global in minutes – Easily deploy your application in multiple regions around the world with just a few clicks. This means you can provide lower latency and a better experience for your customers at a minimal cost. https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

Stop spending money running and maintaining data centers

Stop spending money running and maintaining data centers – Focus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on your own customers, rather than on the heavy lifting of racking, stacking, and powering servers. https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

74
Q

Which of the following can you use as a web-based interface to view processes in AWS?

AWS API
AWS Management Console
AWS SDK
AWS CLI

A

AWS Management Console -

AWS Management Console is a web application for managing Amazon Web Services.

75
Q

Your company is moving to the AWS Cloud and is reviewing the shared responsibility model. Which item is entirely the responsibility of AWS?

Implementing IAM Groups
Patching of the guest OS
Storing CloudFormation Templates in another region for Disaster Recovery.
Physical and Environmental Controls

A

Physical and Environmental Controls

AWS is responsible for protecting the physical infrastructure and environmental controls that run all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

76
Q

An on-premises application requires a consistent, high-speed connection to the AWS Cloud environment that is better than an internet-based connection. Which AWS service can provide this connection?

AWS VPN
STS
VPC Peering
Direct Connect

A

Direct Connect

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. https://aws.amazon.com/directconnect/

77
Q

The CFO of a software company had requested an Executive Summary detailing the advantages of a potential move to the AWS Cloud. What can you say is an advantage of an RDS database over a traditional database?

AWS maintains the underlying OS and performs software patching on the database.
It is much easier to convert to a NoSQL database.
It is 5 times faster than traditional databases.
There is much greater access for DBAs.

A

AWS maintains the underlying OS and performs software patching on the database.

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security, and the compatibility they need. https://aws.amazon.com/rds/

78
Q

Your company would like to begin using auto-scaling to add servers when CPU utilization reaches a certain threshold (say 70%). Which service can you use to trigger actions when CPU utilization crosses the threshold?

Simple Notification Service
EC2 Logs
Elastic Load Balancers
CloudWatch Alarms

A

CloudWatch Alarms

A CloudWatch alarm can be set up to monitor CPU utilization and trigger further action. Further action could be an Auto Scaling Group adding another EC2 instance and/or using SNS to notify team members of the occurrence.

79
Q

A retail company has EC2 On-Demand instances running to serve customer transactions. There is a set pattern of traffic where demand is high at two points in the day, but the instances sit idle for much of the day. What is a good way to optimize these resources?

Use an Elastic Load Balancer to scale out and in based on demand.
Use an Auto Scaling Group to scale out and in based on demand.
Use reserved instances instead of on-demand instances.
Write a script to stop instances when demand is low.

A

Use an Auto Scaling Group to scale out and in based on demand.

The Auto Scaling Group can be used to scale out and scale in the instances as the demand dictates. This will save money and avoid having instances sitting idle for long periods of time.

AWS Auto Scaling monitors your applications and automatically adjusts your capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it’s easy to set up application scaling for multiple resources across multiple services in minutes. https://aws.amazon.com/autoscaling/

80
Q

An application that experiences highly variable traffic throughout the day has been configured in AWS. The capacity configured to serve this application adjusts to demands throughout the day. Which AWS principle does this describe?

Durability
Elasticity
Viscosity
High Availability

A

Elasticity

The ability to acquire resources as you need them and release resources when you no longer need them. In the cloud, you want to do this automatically. https://wa.aws.amazon.com/wat.concept.elasticity.en.html

81
Q

ou have recently started using AWS and now need to launch a large number of instances in your VPC. You learn that this number exceeds the service limits for instances in a VPC. What can you do?

There is nothing that can be done. Redesign based on a smaller number of instances.

Use Auto Scaling and the service limit can be exceeded.

Upgrade your support plan to increase this service limit.

Contact AWS and request a service limit increase.

A

Contact AWS and request a service limit increase.

Use the Limits page in the Amazon EC2 console to request an increase in the limits for resources provided by Amazon EC2 or Amazon VPC on a per-Region basis.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html

82
Q

Which statement is true regarding the AWS Global Infrastructure?

Edge Locations contain Regions

Each AWS Region consists of multiple, isolated, and physically separate AZ’s within a geographic area.

Each AWS Availability Zone contains multiple regions.

Availability Zones contain Edge Locations

A

Each AWS Region consists of multiple, isolated, and physically separate AZ’s within a geographic area.

AWS has the concept of a Region, which is a physical location around the world where we cluster data centers. We call each group of logical data centers an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate AZ’s within a geographic area. Unlike other cloud providers, who often define a region as a single data center, the multiple AZ design of every AWS Region offers advantages for customers. Each AZ has independent power, cooling, and physical security and is connected via redundant, ultra-low-latency networks. AWS customers focused on high availability can design their applications to run in multiple AZ’s to achieve even greater fault-tolerance. AWS infrastructure Regions meet the highest levels of security, compliance, and data protection.

Reference: Regions

83
Q

What are the three cloud computing models?

PlatForm as a Service (PaaS)
Hardware as a Service (HaaS)
Infrastructure as a Service (IaaS)
Software as a Service (SaaS)

A

Infrastructure as a Service (IaaS)

IaaS is one of the three cloud computing models.
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/types-of-cloud-computing.html

Software as a Service (SaaS)

SaaS is one of the three cloud computing models.
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/types-of-cloud-computing.html

PlatForm as a Service (PaaS)

PaaS is one of the three cloud computing models.
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/types-of-cloud-computing.html

84
Q

When configuring an Application Load Balancer, what step will you take to ensure a highly available architecture?

Set up cross-region Load Balancing.
Set up multiple Edge Locations for your load balancer.
Set up more than one ALB.
Configure the Load Balancer to serve traffic to multiple Availability Zones.

A

Configure the Load Balancer to serve traffic to multiple Availability Zones.

You would set up the load balancer to deliver traffic across multiple availability zones. https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html

85
Q

A fantasy sports company needs to run an application for the length of a football season (5 months). They will run the application on an EC2 instance and there can be no interruption. Which purchasing option best suits this use case?

On-Demand
Spot
Dedicated
Reserved

A

On-Demand

This is not a long enough term to make reserved instances the better option. Plus, the application can’t be interrupted, which rules out spot instances.

86
Q

You are managing the company’s AWS account. The current support plan is Basic, but you would like to begin using Infrastructure Event Management. What support plan (that already includes Infrastructure Event Management without an additional fee) should you upgrade to?

  1. Upgrade to the Business plan. No other steps are necessary.
  2. Do nothing. It is included in the Basic plan.
  3. Upgrade to Developer plan.
  4. Upgrade to Enterprise plan.
A

Upgrade to Enterprise plan.

AWS Infrastructure Event Management is a structured program available to Enterprise support customers (and Business Support customers for an additional fee) that helps you plan for large-scale events, such as product or application launches, infrastructure migrations, and marketing events.

With Infrastructure Event Management, you get strategic planning assistance before your event, as well as real-time support during these moments that matter most for your business.

https://aws.amazon.com/premiumsupport/programs/iem/#:~:text=AWS%20Infrastructure%20Event%20Management%20is,infrastructure%20migrations%2C%20and%20marketing%20events.

87
Q

You need to track your AWS costs on a detailed level. Which tool will allow you to do this?

AWS Organizations
AWS CloudTrail
Cost Allocation Tags
AWS CloudWatch

A

Cost Allocation Tags

A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a value. For each resource, each tag key must be unique, and each tag key can have only one value. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report to make it easier for you to categorize and track your AWS costs. AWS provides two types of cost allocation tags, an AWS generated tags and user-defined tags. AWS defines, creates, and applies the AWS generated tags for you, and you define, create, and apply user-defined tags. You must activate both types of tags separately before they can appear in Cost Explorer or on a cost allocation report. https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html

88
Q

A company has signed a 3-year contract with a School District to develop a Teacher Absence Management application. Which type of EC2 instance would be best for application development on this project?

Standard Reserved Instances
Spot Instances
Scheduled Reserved Instances
On-Demand Instances

A

Standard Reserved Instances

Standard Reserved Instances provide you with a significant discount (up to 72%) compared to On-Demand Instance pricing and can be purchased for a 1-year or 3-year term. Customers have the flexibility to change the Availability Zone, the instance size, and networking type of their Standard Reserved Instances. https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/#:~:text=Standard%20Reserved%20Instances%20provide%20you,of%20their%20Standard%20Reserved%20Instances.

89
Q

A company has multiple AWS accounts across multiple regions. Which AWS service can be used to manage these accounts and provide consolidated billing?

Identity and Access Management
AWS Organizations
Trusted Advisor
CloudFormation

A

AWS Organizations

AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Whether you are a growing startup or a large enterprise, Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts. https://aws.amazon.com/organizations/

90
Q

Trusted Advisor

A

AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. Trusted Advisor checks help optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits. Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally. https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

91
Q

Which S3 storage class is the best value for long-term archive?

Glacier
S3 Intelligent-Tiering
S3 Standard Infrequent-Access
S3 Standard

A

Glacier

Glacier is a low-cost storage option for Data Archiving. It can take several hours to retrieve the data, but if this is acceptable, it is the best value for long-term storage of data. https://aws.amazon.com/s3/storage-classes/

92
Q

You work for a financial company that has several mission-critical workloads. Which AWS Support Plan should you use?

Enterprise
Developer
Business
Basic

A

Enterprise

Recommended if you have business and/or mission critical workloads in AWS. https://aws.amazon.com/premiumsupport/plans/

93
Q

Your company is considering migrating its data center to the cloud. What are the advantages of the AWS cloud over an on-premises data center?

  1. Replace low variable costs with upfront capital expenses.
  2. Replace upfront operational expenses with low variable operational expenses.
  3. Replace upfront capital expenses with low variable costs.
  4. Maintain physical access to the new data center, but share responsibility with AWS.
A

Replace upfront capital expenses with low variable costs.

All the hardware purchased upfront for a data center will be replaced by resources which are variable in nature with low upfront costs. https://d1.awsstatic.com/whitepapers/introduction-to-aws-cloud-economics-final.pdf

94
Q

You have a web application that needs to run for a short period of time (a couple days). It is alright if there are interruptions in the application. Which EC2 instance type would be best for this use case?

Reserved
Dedicated Instance
Spot
On_Demand

A

Spot

Spot Instances are a great choice for this use case. Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. You can use Spot Instances for various stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, CI/CD, web servers, high-performance computing (HPC), and other test & development workloads. The key phrase in this question is, “It is alright if there are interruptions in the application”. If the application could not accept interruptions, then the best option would be on-demand.

95
Q

You have many database backups that you need to store for an indefinite amount of time. If the backups are ever needed, they just need to be retrieved within 6 hours. What is the lowest cost solution for this scenario?

Amazon S3 Standard-IA
Amazon EFS
Amazon Glacier
Amazon S3

A

Amazon Glacier

Amazon Glacier provides the lowest cost option for long-term storage and is perfectly suited for this scenario. The backups would not need to be retrieved quickly, so Glacier is the best option. https://aws.amazon.com/glacier/

96
Q

A small startup is configuring its AWS cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group?

AWS IAM
AWS Organizations
Tagging
Resource Groups

A

AWS IAM

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. https://aws.amazon.com/iam/

97
Q

Resource Groups

A

This is for resources, not users. You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time.

98
Q

You are creating a few IAM policies. This is the first time you have worked with IAM policies. Which tool can you use to test IAM policies?

Amazon GuardDuty
IAM Policy Simulator
Amazon Inspector
CloudWatch

A

IAM Policy Simulator

With the IAM policy simulator, you can test and troubleshoot identity-based policies, IAM permissions boundaries, Organizations service control policies, and resource-based policies. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html

99
Q

Amazon Inspector

A

AWS Inspector actually examines your applications and looks for security vulnerabilities, but it can not examine individual policies. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by levels of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API. https://aws.amazon.com/inspector/

100
Q

You are storing sensitive employee information in an S3 Bucket. What can you use to give bucket access only to authorized personnel?

Login and password
Access Keys
Network Access Control List
Bucket Policy

A

Bucket Policy

S3 bucket policies specify what actions are allowed or denied for which principals on the bucket that the bucket policy is attached to (e.g., allow user Alice to PUT but not DELETE objects in the bucket).

101
Q

Access Keys

A

Access Keys are used for programmatic access to AWS, but not for controlling S3 bucket access. You must provide your AWS access keys to make programmatic calls to AWS or to use the AWS Command Line Interface or AWS Tools for PowerShell. https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html

102
Q

Your company has recently migrated large amounts of data to the AWS cloud in S3 buckets. But it is necessary to discover and protect the sensitive data in these buckets. Which AWS service can do that?

GuardDuty
CloudTrail
Amazon Macie
AWS Inspector

A

Amazon Macie

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. https://aws.amazon.com/macie/

103
Q

GuardDuty

A

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads.

104
Q

After configuring your VPC and all of the resources within it, you want to add an extra layer of security at the subnet level. Which will you use to add this security?

Network ACL
Security Group
Private IP Address
IAM

A

Network ACL

A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups to add an additional layer of security to your VPC. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

105
Q

IAM

A

IAM

With IAM, you can configure security in your AWS account using IAM policies, but this is not done at the subnet level.

106
Q

Which AWS service provides central governance and management across multiple AWS accounts?

AWS Systems Manager
CloudFormation
AWS Organizations
Identity and Access Management

A

AWS Organizations

AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Whether you are a growing startup or a large enterprise, AWS Organizations helps you to centrally manage billing, control access, compliance, and security, and share resources across your AWS accounts.

Using AWS Organizations, you can automate account creation, create groups of accounts to reflect your business needs, and apply policies for these groups for governance. You can also simplify billing by setting up a single payment method for all of your AWS accounts. Through integrations with other AWS services, you can use Organizations to define central configurations and resource sharing across accounts in your organization. AWS Organizations is available to all AWS customers at no additional charge. https://aws.amazon.com/organizations/

107
Q

In Identity and Access Management, which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS?

Entity
Principal
Resource
Identity

A

Principal

A Principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.

108
Q

Identity

A

Identity

Identities are the IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles.

109
Q

You need to set up a virtual firewall for your EC2 instance. Which would you use?

IAM Policy
Security Group
Network ACL
Subnet

A

Security Group

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.

110
Q

Which policy will provide information on performing penetration testing on your EC2 instances?

AWS Customer Agreement
IAM Policy
Customer Service Policy for Penetration Testing
JSON Policy

A

Customer Service Policy for Penetration Testing

AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for Amazon EC2 instances, NAT Gateways, Elastic Load Balancers, and other 7 services. Reference: Penetration Testing.

111
Q

JSON Policy

A

Most IAM policies are stored in AWS as JSON documents. No relation to penetration testing on EC2 instances.

112
Q

Configuring user permissions so that users can access only the resources they need to do their job follows what principle?

IAM Principle
Principle of Least Privilege
Principle of Minimum Permissions
Principle of Organizations

A

Principle of Least Privilege

When you create IAM policies, follow the standard security advice of granting the least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do, and then craft policies that allow them to perform only those tasks.

113
Q

IAM Principle

A

While IAM does exist, the IAM Principle does not.

114
Q

Your organization is multi-national and uses multiple AWS regions. Which AWS service can be used to route users to the nearest datacenter to reduce latency?

AWS IAM
AWS VPC
AWS Organizations
AWS Route 53

A

AWS Route 53

Amazon Route 53 effectively connects user requests to infrastructure running in AWS – such as Amazon EC2 instances, Elastic Load Balancing load balancers, or Amazon S3 buckets – and can also be used to route users to infrastructure outside of AWS. You can use Amazon Route 53 to configure DNS health checks to route traffic to healthy endpoints or to independently monitor the health of your application and its endpoints. Amazon Route 53 Traffic Flow makes it easy for you to manage traffic globally through a variety of routing types, including Latency Based Routing, Geo DNS, Geoproximity, and Weighted Round Robin—all of which can be combined with DNS Failover to enable a variety of low-latency, fault-tolerant architectures. Using Amazon Route 53 Traffic Flow’s simple visual editor, you can easily manage how your end-users are routed to your application’s endpoints—whether in a single AWS region or distributed around the globe. Amazon Route 53 also offers Domain Name Registration – you can purchase and manage domain names such as example.com, and Amazon Route 53 will automatically configure DNS settings for your domains.

115
Q

Which AWS service can be used to detect and prevent Distributed Denial of Service attacks against services hosted on AWS?

Amazon GuardDuty
AWS WAF
AWS Inspector
AWS Shield

A

AWS Shield

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield - Standard and Advanced.

116
Q

A company is configuring IAM for its new AWS account. There are 5 departments with between 5 to 10 users in each department. How can they efficiently apply access permissions for each of these departments and simplify management of these users?

Create an IAM role defining the permissions needed. Create an IAM group and attach the policy to the group. Add the department’s members to the group.

Create an IAM group for each department. Add the department’s members to the group.

Create a policies defining the permissions needed. Attach the policies to all users in each department.

Create policies for each department that define the permissions needed. Create an IAM group for each department and attach the policy to each group. Add each department’s members to their respective IAM group.

A

Create policies for each department that define the permissions needed. Create an IAM group for each department and attach the policy to each group. Add each department’s members to their respective IAM group.

By creating an IAM group, all like users can be managed all at one time. Once the permissions are defined within the policy, it can be attached to the IAM group, allowing them access to the resources/services stated within the policy.

117
Q

A software development team has requested IAM access to be able to work with AWS from the CLI. What will you provide these developers?

Username and password
Root user credentials
Security Token
Access Keys

A

Access Keys

Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API.

118
Q

AWS uses the shared responsibility model. For security, which of the following are the responsibilities of AWS? (Choose 3)

Disk disposal 
Configure Security Groups
User password rules
Physically securing compute resources
Network patching
A

Disk disposal- Disk disposal is one of AWS’s responsibilities, as it is connected to the infrastructure, which AWS handles.

Network patching- Network patching is one of AWS’s responsibilities, as it is connected to the infrastructure that AWS handles.

Physically securing compute resources-
AWS is in charge of physically securing compute resources, as it is part of the infrastructure that runs all of the services offered in the AWS Cloud.

119
Q

You are concerned about access to your top-secret application by stolen passwords. What additional layer of security can you add for logging in to AWS Management Console, in addition to user passwords?

Multi-Factor Authentication
Secret Access Keys
AWS Voice Recognition
AWS Transcribe

A

Multi-Factor Authentication

AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password. With MFA enabled, when a user signs in to an AWS Management Console, they will be prompted for their user name and password (the first factor—what they know), as well as for an authentication code from their AWS MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.

120
Q

What does AWS use to reduce latency to end users all around the world? (Select Two)

A. Regions 
B. VPC's
C. Edge Locations
D. Subnets
E. AWS Data Pipeline
A

A. Regions

C. Edge Locations

121
Q

What is a Subnet?

A

A segment of a VPC’s IP address range where you can place groups of isolated resources.

122
Q

What is Amazon Data Pipeline?

A

Data Pipeline is a web service that helps you to reliably process and move data between different AWS compute and storage services, as well as on-premises data sources.

123
Q

Which of the following are shared controls according to the AWS shared responsibility model? (choose 2)

A. Management of the guest operating system
B. Patch Management
C. Maintenece of physical Devices
D. Configuration Management
E. Configuration of the AWS-Provided Firewall

A

B. Patch Management - AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications

D. Configuration Management- AWS maintains maintains the configuration of of its infrastructure devices but a customer is responsible for configuring their own guest operating systems, databases, and applications

124
Q

What does Amazon RDS manage on your behalf? (Select 2)

A.  The relational schema
B.  Database settings
C.  Backups
D.  Software patching
E. Database access
A

C. Backups
D. Software patching

Amazon RDS manages the work involved in setting up a relational database: from provisioning the infrastructure capacity you request to installing the database software. Once your database is up and running, Amazon RDS automates common administrative tasks such as performing backups and patching the software that powers your database. With optional Multi-AZ deployments, Amazon RDS also manages synchronous data replication across Availability Zones with auto failover.

125
Q

Which of the following is a type of AWS reserved instance offering? (Choose 2)

A. Spot
B. Convertible
C. Elastic
D. Long
E. Scheduled
A

B. Convertible

E. Scheduled

126
Q

You would like to set up a loosely coupled architecture. Which service would allow you to send and receive messages, but most importantly, store messages if they are not consumed immediately?

A. AWS SES
B. AWS CloudSearch
C. AWS S3
D. AWS SQS

A

AWS SQS

Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

127
Q

AWS SES

A

SES is an email service, not a message queueing service. Amazon Simple Email Service (SES) is a cost-effective, flexible, and scalable email service that enables developers to send mail from within any application. You can configure Amazon SES quickly to support several email use cases, including transactional, marketing, or mass email communications.

128
Q
After creating an EC2 instance to host an application, the traffic to the site far exceeds what was expected. You decide to move to a larger instance type. What AWS principle does this represent?
A.   Durability
B.  Horizontal Scaling 
C. Elasticity
D. Vertical Scaling
A

D. Vertical Scaling

Vertical Scaling is increasing the size and computing power of a single instance or node without increasing the number of nodes or instances.

129
Q

Elasticity

A

Elasticity is the ability to acquire resources as you need them and release resources when you no longer need them. Think of auto-scaling and adding and removing instances as needed.

130
Q

When configuring an Application Load Balancer, what step will you take to ensure a highly available architecture?

A. Configure the Load Balancer to serve traffic to multiple Availability Zones.
B. Set up cross-region Load Balancing.
C. Set up more than one ALB.
D. Set up multiple Edge Locations for your load balancer.

A

A. Configure the Load Balancer to serve traffic to multiple Availability Zones.

You would set up the load balancer to deliver traffic across multiple availability zones.

A.
B.
C.
D.

131
Q

Your company has decided to migrate entirely to the AWS Cloud. Which answers are a part of the 6 advantages of cloud computing?
A. Trade variable expense for capital expense
B. Stop spending money running and maintaining data centers
C. Go global in minutes
D. Benefit from minor economies of scale.

A

B. Stop spending money running and maintaining data centers

Stop spending money running and maintaining data centers – Focus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on your own customers, rather than on the heavy lifting of racking, stacking, and powering servers.

C. Go global in minutes

Go global in minutes – Easily deploy your application in multiple regions around the world with just a few clicks. This means you can provide lower latency and a better experience for your customers at a minimal cost.

132
Q

Which AWS service can you use to connect your AWS cloud with an on-premises data center?

A. Virtual Private Gateway
B. Internet Gateway
C. VPC Peering
D. IAM

A

A. Virtual Private Gateway

A virtual private gateway is a logical, fully redundant distributed edge routing function that sits at the edge of your VPC. As it is capable of terminating VPN connections from your on-prem or customer environments, the VPG is the VPN concentrator on the Amazon side of the Site-to-Site VPN connection.

133
Q

In Identity and Access Management, which term refers to the IAM resource objects that AWS uses for authentication?

A. Resource
B. Identity
C. Entities
D. Principal

A

Entities

IAM entities are the users (IAM users and federated users) and roles that are created and used for authentication.

A.
B.
C.
D.

134
Q

A new application needs temporary access to resources in AWS. How can this best be achieved?

A. Create an IAM Policy and attach it to the application.

B. Add the application to a group that has the
appropriate permissions.

C. Store access key in an S3 Bucket and give the application access to the bucket.

D. Create an IAM Role and have the application assume the role.

A

D. Create an IAM Role and have the application assume the role.

Use an IAM role to manage temporary credentials for applications that run on an EC2 instance. When you use a role, you don’t have to distribute long-term credentials (such as a user name and password or access keys) to an EC2 instance. Instead, the role supplies temporary permissions that applications can use when they make calls to other AWS resources. When you launch an EC2 instance, you specify an IAM role to associate with the instance. Applications that run on the instance can then use the role-supplied temporary credentials to sign API requests.

135
Q

You need to set up a virtual firewall for your EC2 instance. Which would you use?

A. Subnet
B. IAM Policy
C. Security Group
D. Network ACL

A

A. Security Group

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.

136
Q

A developer is trying to programmatically retrieve information from an EC2 instance such as public keys, ip address, and instance id. From where can this information be retrieved?

A. Instance Snapshot
B. CloudWatch Logs
C. Instance metadata
D. Instance userdata

A

Instance metadata

This type of data is stored in Instance metadata.

137
Q

CloudWatch Logs

A

You can use CloudWatch Logs to monitor applications and systems using log data. For example, CloudWatch Logs can track the number of errors that occur in your application logs and send you a notification whenever the rate of errors exceeds a threshold you specify.

138
Q

You have been tasked with developing a plan to move applications to AWS and use AWS services to house code, build, and deploy these applications. Which AWS service will allow you to host Git-based repositories?

A. AWS CodeBuild
B. AWS CodeCommit
C. GitHub
D. AWS CodeDeploy

A

B. AWS CodeCommit

AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.

139
Q

AWS CodeCommit

A

AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.

140
Q

AWS CodeBuild

A

CodeBuild allows you to build applications from code stored in repositories, but CodeBuild itself will not host the code. AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.

141
Q

SQS

A

Amazon SQS is a message queue service used by distributed applications to exchange messages through a polling model, and can be used to decouple sending and receiving components. Amazon SQS also provides extremely high message durability, ensuring that messages are not lost if your software systems fail.

142
Q

You have a read-heavy application workload resulting in I/O-intensive Amazon RDS database queries. Which service is most suitable to improve performance?

A. DynamoDB
B. DAX
C. ElastiCache
D. RedShift

A

C. You can use ElastiCache to store the results of often-used queries, and this will allow quicker retrieval of this data.

143
Q

There have been some questionable activities in your AWS account. You need to review your event history, such as actions taken from the Management Console and the CLI. Which service records this type of information?

Amazon CloudWatch
IAM
AWS CloudTrail
AWS Config

A

A. AWS CloudTrail

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides the event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. In addition, you can use CloudTrail to detect unusual activity in your AWS accounts. These capabilities help simplify operational analysis and troubleshooting.

144
Q

Your company is migrating its services to the AWS cloud. The DevOps team has heard about infrastructure as code, and wants to investigate this concept. Which AWS service would they investigate?

A. CodeCommit
B. Elastic Beanstalk
C. AWS Lambda
D. AWS CloudFormation

A

D. AWS CloudFormation

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS.

145
Q

A company needs to use a Load Balancer which can serve traffic at the TCP, and UDP layers. Additionally, it needs to handle millions of requests per second at very low latencies. Which Load Balancer should they use?

A. Application Load Balancer
B. Network Load Balancer
C. TCP Load Balancer
D. Classic Load Balancer

A

B. Network Load Balancer

Network Load Balancer is best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies.

146
Q

A software development team has begun using the AWS Developer Tools Suite. Which service will enable creating, managing, and working with software development projects on AWS?

A. AWS CodeStar
B. AWS CodeDeploy
C. AWS CodeCommit
D. AWS CodeBuild

A

A. AWS CodeStar

AWS CodeStar is a cloud-based service for creating, managing, and working with software development projects on AWS. You can quickly develop, build, and deploy applications on AWS with an AWS CodeStar project.

147
Q

AWS CodeBuild

A

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers.

148
Q

A company wants to deploy applications entirely on a serverless platform. Which AWS service can they use to build their applications without worrying about managing servers?

A. AWS Lambda
B. EC2
C. Elasticache
D. CloudFormation

A

A. AWS Lambda

AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume.

149
Q

You work for a financial company that has several mission-critical workloads. Which AWS Support Plan should you use?

A. Enterprise
B. Basic
C. Developer
D. Business

A

A. Enterprise

Recommended if you have business and/or mission critical workloads in AWS.

150
Q

You have used on-demand instances for a month, but have met unexpected costs with this choice. Which EC2 option provides up to 90% discount on on-demand instances while taking advantage of AWS unused EC2 capacity?

A. Virtual Instances
B. Dedicated Host
C. Reserved Instances
D. Spot Instances

A

D. Spot Instances

Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices.

A.
B.
C.
D.

151
Q

Your company has entered into a 3-year contract with a government agency. Your best option for EC2 is reserved instances. Which AWS feature would you use to track your reserved instance usage?

Trusted Advisor
AWS CloudTrail
AWS Organizations
AWS Cost and Usage Report

A

AWS Cost and Usage Report

The AWS Cost & Usage Report contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, and reservations (e.g., Amazon EC2 Reserved Instances (RIs)

152
Q

You need to visualize, understand, identify trends for future charges, and manage your AWS costs and usage over time. Which AWS tool would you use?

A. Trusted Advisor
B. AWS Cost Explorer
C. AWS Cost and Usage Report
D. Amazon CloudWatch

A

B. AWS Cost Explorer

AWS Cost Explorer lets you visualize, understand, and manage your AWS costs and usage over time. You can analyze your cost and usage data at a high level (e.g., total costs and usage across all accounts in your organization) or for highly specific requests.

153
Q

Vertical Scaling

A

Vertical Scaling is increasing the size and computing power of a single instance or node without increasing the number of nodes or instances.

154
Q

Elasticity

A

Elasticity is the ability to acquire resources as you need them and release resources when you no longer need them. Think of auto-scaling and adding and removing instances as needed.