JFD's AWS Practitioner Certification Flashcards
In the S3 Intelligent-Tiering storage class, Amazon S3 moves objects between a frequent access tier and an infrequent access tier. Which storage classes are used for these tiers? (Select TWO.)
- S3 Glacier Deep Archive
- S3 Standard-IA
- S3 Glacier
- S3 One Zone-IA
- S3 Standard
- S3 Standard
- S3 Standard-IA
In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects’ access patterns. If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If you access an object in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard.
Which service is used to quickly deploy and scale applications on AWS?
- AWS Snowball
- AWS Elastic Beanstalk
- Amazon CloudFront
- AWS Outposts
- AWS Elastic Beanstalk.
You upload your application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.
The other response options are incorrect because:
- AWS Outposts is a service that enables you to run infrastructure in a hybrid cloud approach.
- Amazon CloudFront is a content delivery service.
- AWS Snowball is a device that enables you to transfer large amounts of data into and out of AWS.
You want Amazon S3 to monitor your objects’ access patterns. Which storage class should you use?
- S3 One Zone-IA
- S3 Glacier
- S3 Standard-IA
- S3 Intelligent-Tiering
S3 Intelligent-Tiering.
In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects’ access patterns. If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If you access an object in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard.
Which pillar of the AWS Well-Architected Framework focuses on using computing resources in ways that meet system requirements?
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
Performance Efficiency.
The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.
The other responses are incorrect because:
- The Operational Excellence pillar includes the ability to run workloads effectively, gain insights into their operations, and continuously improve supporting processes to deliver business value.
- The Security pillar focuses on protecting data, systems, and assets. It also focuses on using cloud technologies to improve the security of your workloads.
- The Reliability pillar focuses on the ability of a workload to consistently and correctly perform its intended functions
Which service enables you to consolidate and manage multiple AWS accounts from a central location?
- AWS Identity and Access Management (IAM)
- AWS Artifact
- AWS Organizations
- AWS Key Management Service (AWS KMS)
AWS Organizations.
In AWS Organizations, you can centrally control permissions for the accounts in your organization by using service control policies (SCPs). Additionally, you can use the consolidated billing feature in AWS Organizations to combine usage and receive a single bill for multiple AWS accounts.
The other response options are incorrect because:
- AWS Identity and Access Management (IAM) is a service that you can use to manage access to AWS services and resources.
- AWS Artifact is a service that enables you to access AWS security and compliance reports and special online agreements.
- AWS Key Management Service (AWS KMS) enables you to create, manage, and use cryptographic keys.
Which migration strategy involves changing how an application is architected and developed, typically by using cloud-native features?
- Repurchasing
- Rehosting
- Replatforming
- Refactoring
Refactoring.
The other response options are incorrect because:
- Repurchasing involves replacing an existing application with a cloud-based version, such as software found in AWS Marketplace.
- Rehosting involves moving an application to the cloud with little to no modifications to the application itself. It is also known as “lift and shift.”
- Replatforming involves selectively optimizing aspects of an application to achieve benefits in the cloud without changing the core architecture of the application. It is also known as “lift, tinker, and shift.”
Which AWS Trusted Advisor category includes checks for your service limits and overutilized instances?
- Cost Optimization
- Security
- Fault Tolerance
- Performance
Performance.
In this category, AWS Trusted Advisor also helps improve the performance of your services by providing recommendations for how to take advantage of provisioned throughput.
The other response options are incorrect because:
- The Security category includes checks that help you to review your permissions and identify which AWS security features to enable.
- The Cost Optimization category includes checks for unused or idle resources that could be eliminated and provide cost savings.
- The Fault Tolerance category includes checks to help you improve your applications’ availability and redundancy
Which Support plans include access to all AWS Trusted Advisor checks? (Select TWO.)
- AWS Free Tier
- Enterprise
- Developer
- Business
- Basic
- Enterprise
- Business
The other response options are incorrect because:
- The Basic and Developer Support plans provide access to a limited selection of AWS Trusted Advisor checks.
- The AWS Free Tier is not a Support plan. It is a program that consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials.
Which service enables you to review details for user activities and API calls that have occurred within your AWS environment?
- Amazon Inspector
- Amazon CloudWatch
- AWS Trusted Advisor
- AWS CloudTrail
AWS CloudTrail.
With CloudTrail, you can view a complete history of user activity and API calls for your applications and resources.
Events are typically updated in CloudTrail within 15 minutes after an API call was made. You can filter events by specifying the time and date that an API call occurred, the user who requested the action, the type of resource that was involved in the API call, and more.
The other response options are incorrect because:
- Amazon CloudWatch is a service that provides data that you can use to monitor your applications, optimize resource utilization, and respond to system-wide performance changes.
- Amazon Inspector is a service that checks applications for security vulnerabilities and deviations from security best practices.
- AWS Trusted Advisor is an online tool that inspects your AWS environment and provides real-time guidance in accordance with AWS best practices.
Which service enables you to build the workflows that are required for human review of machine learning predictions?
- Amazon Augmented AI
- Amazon Lex
- Amazon Aurora
- Amazon Textract
Amazon Augmented AI.
Amazon Augmented AI (Amazon A2I) provides built-in human review workflows for common machine learning use cases, such as content moderation and text extraction from documents. With Amazon A2I, you can also create your own workflows for machine learning models built on Amazon SageMaker or any other tools.
The other response options are incorrect because:
- Amazon Textract is a machine learning service that automatically extracts text and data from scanned documents.
- Amazon Lex is a service that enables you to build conversational interfaces using voice and text.
- Amazon Aurora is an enterprise-class relational database.
Which Perspective of the AWS Cloud Adoption Framework focuses on recovering IT workloads to meet the requirements of your business stakeholders?
- Governance Perspective
- Operations Perspective
- Business Perspective
- People Perspective
Operations Perspective.
The Operations Perspective of the AWS Cloud Adoption Framework also includes principles for operating in the cloud by using agile best practices.
The other response options are incorrect because:
- The Business Perspective helps you to move from a model that separates business and IT strategies into a business model that integrates IT strategy.
- The People Perspective helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies.
- The Governance Perspective helps you understand how to update the staff skills and organizational processes that are necessary to ensure business governance in the cloud.
Which statement best describes Amazon GuardDuty?
- A service that lets you monitor network requests that come into your web applications
- A service that checks applications for security vulnerabilities and deviations from security best practices
- A service that helps protect your applications against distributed denial-of-service (DDoS) attacks
- A service that provides intelligent threat detection for your AWS infrastructure and resources
A service that provides intelligent threat detection for your AWS infrastructure and resources.
AWS GuardDuty identifies threats by continually monitoring the network activity and account behavior within your AWS environment.
The other response options are incorrect because:
- A service that helps protect your applications against distributed denial-of-service (DDoS) attacks - This response option describes AWS Shield.
- A service that checks applications for security vulnerabilities and deviations from security best practices - This response option describes Amazon Inspector.
- A service that lets you monitor network requests that come into your web applications - This response option describes AWS WAF.
Which service is used to transfer up to 100 PB of data to AWS?
- AWS Snowmobile
- Amazon Neptune
- AWS DeepRacer
- Amazon CloudFront
AWS Snowmobile.
AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi-trailer truck.
The other response options are incorrect because:
- Amazon Neptune is a graph database service. You can use Amazon Neptune to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.
- Amazon CloudFront is a content delivery service.
- AWS DeepRacer is an autonomous 1/18 scale race car that you can use to test reinforcement learning models.
You are running an Amazon EC2 instance and want to store data in an attached resource. Your data is temporary and will not be kept long term. Which resource should you use?
- Subnet
- Amazon S3 bucket
- Instance store
- Amazon Elastic Block Store (Amazon EBS) volume
instance store.
Instance stores are ideal for temporary data that does not need to be kept long term.
When an Amazon EC2 instance is stopped or terminated, all the data that has been written to the attached instance store is deleted.
The other response options are incorrect because:
- Amazon EBS volumes are ideal for data that needs to be retained. When an Amazon EC2 instance is stopped or terminated, all of the data on the attached EBS volume is still available.
- Amazon S3 buckets cannot be attached to Amazon EC2 instances.
- A subnet is a section of a virtual private cloud (VPC) in which you can group resources based on security or operational needs.
When is the developer support plan valid (24×7, business hours…)
The developer support plan only offers support during business hours.
Remember that if production systems are being run and support is needed on a 24/7 basis, you will need to select either the business or enterprise support plans.
What EC2 pricing model allows you to bid on availability capacity?
- Temporary instances
- Spot instances
- Reserved instances
- On-demand instances
Spot instances
They permit you to bid on pricing of EC2 resources so that you can take advantage of lower pricing during periods of low overall AWS utilization
_____ is the ability of AWS to grow as demand increases.
- Availability
- Reliability
- Elasticity
- Scalability
Scalability
It is the ability of your infrastructure to grow on demand
What two protocols are commonly permitted in security groups in order to permit remote administration of systems? (Choose two.)
- RDP
- ICMP
- SFTP
- SSH
- RDP
- SSH
Both Remote Desktop Protocol and the Secure Shell are often permitted in security groups to enable remote administration of AWS systems
Which of the following is not an element of good security design principles?
- Security in depth
- Automation
- Root account usage
- Traceability
Root account usage
The root account should be used as sparingly as possible
As part of the Shared Responsibility model, which of these would you, as the customer, be responsible for?
- Compliance testing against the physical hardware
- Configuring a software firewall in the operating system
- Testing Marketplace images
- Encrypting keying information stored in AWS
Configuring a software firewall in the operating system
Securing your operating systems in EC2 is your responsibility
What are two security advantages of working with AWS? (Choose two.)
- You can use MFA.
- AWS handles security of your compute resources.
- You retain complete control and ownership of your data resources in a region.
- AWS performs periodic penetration testing against your operating systems.
- You can use MFA.
- You retain complete control and ownership of your data resources in a region.
What two security measures are recommended for your root user account with AWS? (Choose two.)
- Delete the access keys.
- Use MFA.
- Use the root user account for administration exclusively.
- Clone the root user account for redundancy.
- Delete the access keys.
- Use MFA.
It is recommended to delete the root user access keys and to use MFA on the account.
Your security team wants information from you on the specifics that are permitted and prohibited against your AWS infrastructure. Where can you find this information?
- Trusted Advisor
- CloudWatch
- AUP
- IAM
- AUP
The AWS Acceptable Use Policy (along with other agreements governing the use of AWS) can be found on the AWS website. If you have any questions about how your use case aligns with AWS policies, consult a legal advisor. AWS Support cannot provide legal advice regarding your use of Amazon Web Services
Which of the following two data flows would be least likely to incur AWS charges? (Choose two.)
- Flows outbound from your services
- Flows inbound to your services
- Outbound flows between services
- Flows outbound from S3
- Flows inbound to your services
- Outbound flows between services
Neither inbound flows to your services not outbound flows between services incur charges
____ is the fully managed configuration management service in AWS.
- CloudTrail
- OpsWorks
- CloudFormation
- CloudWatch
- OpsWorks
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments
What component allows you to connect privately from your Virtual Private Cloud (VPC) to services you need?
- VPC endpoint
- Direct Connect
- VPN
- CloudFront
- VPC endpoint
A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an Internet gateway, a NAT device, a VPN connection, or an AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network
____ permits you to use a private connection from your facility to AWS.
- ClassicLink
- Direct Connect
- VPC peering
- VPC endpoint
- Direct Connect
AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your data center, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections
Which is not a typical service or tool associated with HA in AWS?
- Auto Scaling
- ELB
- CloudWatch
- CloudTrail
- CloudTrail
Of all of these AWS tools and services, CloudTrail is the least directly tied to high availability in AWS. Remember that CloudTrail is a tool that allows you to closely monitor the API calls that permit clients to configure and interact with AWS
Where should firewalling be accomplished in a web hosting design in AWS?
- At the perimeter
- At the core
- At all design layers
- For all access layer functions
- At all design layers
Thanks to the robust capabilities of firewalling in AWS web hosting designs, this security measure can be implemented at all layers of the design
Why might you create many different accounts for one of your AWS engineers?
- To follow the concept of least privilege
- To reduce the resources required by IAM
- To provide back doors into the system
- To ensure that you can log activity
- To follow the concept of least privilege
The least privilege concept is desired because you should have users with accounts that provide just the right level of control potential over the infrastructure. This can minimize security risks and the likelihood of costly errors
What identity in IAM is very similar to a user account but has no credentials associated with it?
- Group
- Role
- Proxy user
- Principle
- Role
A role is a powerful alternative to a specific user account. A role is often perfect for use in a scenario where one service must access another service.
Why is automation so easily accommodated in AWS?
- CloudTrail provides automation templates for you.
- Multiple regions facilitate code deployment.
- Physical systems host the EC2 instances you work with daily.
- All actions can be implemented through API calls.
- All actions can be implemented through API calls.
The use of APIs for everything in AWS provides ease of automation, among other benefits
How many discrete data centers are located in an AZ in the AWS global infrastructure?
- At least one
- At least two
- At least three
- At least four
- At least one
There is at least one discrete data center in an Availability Zone (AZ). Some AZs have more than one
Which is not a major category of the AWS discussion forums?
- AWS Security Alerts
- Amazon Web Services
- German Forums
- AWS Startups
- AWS Security Alerts
There is no forum for AWS Security Alerts. There are, however, many different language forums and many forums for development-related topics.
Which would not be considered a major benefit of IaaS?
- Eliminating security concerns
- Reducing CapEx
- Increasing speed and agility
- Leveraging AWS expertise
- Eliminating security concerns
Even when you engage in Infrastructure as a Service (IaaS)with AWS, you are still responsible for aspects of securing the infrastructure.
Which of the following are cost calculators available in AWS? (Choose two.)
- TCO Calculator
- AWS Fee Estimator
- AWS Cost Comparison Calculator
- AWS Simple Monthly Calculator
- TCO Calculator
- AWS Simple Monthly Calculator
Two very popular cost calculators for AWS are TCO Calculator and AWS Simply Monthly Calculator.
Why does AWS guarantee your exchange rate with AWS Billing and Cost Management?
- To ensure that any refund uses the same exchange rate as the original transaction
- To save you costs
- To minimize the number of transactions in the system
- To optimize your costs for resources
- To ensure that any refund uses the same exchange rate as the original transaction
Which of the following is associated with an Elastic Network Interface for providing security?
- IGW
- NACL
- Security group
- Subnet
- Security group
Security groups can help control security of EC2 instances. These groups consist of rules for access. Security groups are associated with ENIs.
What component does the Budgets tool in AWS use for visualization?
- Cost Explorer
- Excel
- Tableau
- AWS GraphSage
- Cost Explorer