Practice Exam 2

Question 1

A company can provision a new EC2 instance at the click of a button, which reduces the time to make those resources available to their development team from weeks to just minutes. Which benefit of cloud computing does this demonstrate?

Trade capital expense for variable expense.

Stop spending money running and maintaining data centers.

Increase speed and agility.

Go global in minutes.

Answer 1

Increase speed and agility.

The cloud gives you increased speed and agility. All the services you have access to help you innovate faster, giving you speed to market.

Question 2

Which of the following are load balancer types offered by AWS?

(Choose 3)

Web

Original

Classic

Application

Network

Database

Service

Answer 2

Classic
Classic is a valid load balancer type AWS offers.

Application
Application is a valid load balancer type AWS offers.

Network
Network is a valid load balancer type AWS offers.

Question 3

Your company is migrating to the AWS Cloud. For servers, your company has existing server-bound software licenses they would like to continue to use. Which EC2 purchasing option allows this?

Reserved

Dedicated Host

On-Demand

Spot

Answer 3

Dedicated Host

The Dedicated Host option will allow for reuse of these hardware-bound licenses

Question 4

Which of the following can be specified as an origin when creating a CloudFront distribution?

(Choose 3)

An S3 bucket

An RDS instance

An elastic load balancer

A domain name

Answer 4

An S3 bucket
An elastic load balancer
A domain name

A CloudFront origin can be an S3 bucket, an elastic load balancer, or a valid domain name.

Question 5

During disaster recovery exercises, you need to re-route traffic from EC2 instances to instances in another Region. With which service can you do this?

AWS Auto Scaling

Route 53

VPC Peering

CloudFront

Answer 5

Route 53

Route 53 can be used for disaster recovery by simply shifting traffic to the new Region. Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to internet applications by translating names (like www.example.com) into the numeric IP addresses (like 192.0.2.1) that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well.

Question 6

Which AWS service would enable you to view the spending distribution in 1 of your AWS accounts?

Billing Advisor

AWS Cost Explorer

AWS Spending Explorer

AWS Organizations

Answer 6

AWS Cost Explorer

Cost Explorer allows you to visualize and forecast your costs and usage over time.

Question 7

Which of the following are best practices when it comes to securing your AWS account?

(Choose 5)

Activate MFA on the root account

Use groups to assign permissions

Apply an IAM password policy

Store your root account keys on your application for easy access.

Delete your root account password.

Delete your root access keys.

Create individual IAM users

Answer 7

Activate MFA on the root account
The root account has full control and access within an individual AWS account; therefore, it should be protected with MFA.

Use groups to assign permissions
Creating individual IAM users, using groups to assign them permissions, and creating a strong password policy are all key components of securing your AWS account.

Apply an IAM password policy
Creating individual IAM users, using groups to assign them permissions, and creating a strong password policy are all key components of securing your AWS account.

Delete your root access keys.
Creating individual IAM users, using groups to assign them permissions, and creating a strong password policy are all key components of securing your AWS account. The root user should only be used in emergencies, and therefore there should be no need to have root access keys which allow the root user programmatic access - any programmatic access should use something other than the root account. It is not possible to delete the root password, and this should be securely, safely stored and not used in any applications!

Create individual IAM users
Creating individual IAM users, using groups to assign them permissions, and creating a strong password policy are all key components of securing your AWS account.

Question 8

You are reviewing the AWS Shared Responsibility model to present an overview to management on what your company is responsible for in AWS. Which option is a customer responsibility?

Customer data

Availability Zones

Networking

Edge locations

Answer 8

Customer data

Customers are responsible for the storage and securing of their own data.

Question 9

Which of the following are pillars found in the AWS Well-Architected Framework?

(Choose 2)

Encrypting data at rest

Cost Optimization

Performance Optimization

Operational Excellence

Deploying to multiple Availability Zones

Answer 9

Cost Optimization
The Cost Optimization pillar focuses on building resilient systems at the least cost.

Operational Excellence
The Operational Excellence pillar focuses on building applications that effectively support your workloads.

Question 10

You are trying out AWS on a trial basis and need to deploy an application without having to configure servers. Which AWS service can you use?

CloudFormation

ECS

Auto Scaling

Elastic Beanstalk

Answer 10

Elastic Beanstalk

Elastic Beanstalk allows you to deploy your web applications and web services to AWS

Question 11

A company is using Trusted Advisor to ensure they are following AWS best practices. What real-time guidance does Trusted Advisor provide?

(Choose 3)

Low utilization on EC2 instances

Exposed access keys

Upcoming user interface changes to the console

Amazon services down

S3 bucket permissions for public access

Answer 11

Low utilization on EC2 instances
Trusted Advisor checks this for all customers. FYI: This was found in the “AWS Trusted Advisor best practice checklist” documentation linked from within the lesson.

Exposed access keys
Trusted Advisor checks this for Enterprise and Business Support customers.

S3 bucket permissions for public access
Trusted Advisor checks this for all customers.

Question 12

The CTO of a software company has requested an executive summary detailing the advantages of a potential move to the AWS Cloud. What can you say is an advantage of an RDS database over a traditional database?

AWS maintains the underlying OS and performs software patching on the database.

It is much easier to convert to a NoSQL database.

It is 5 times faster than traditional databases.

There is much greater access for DBAs.

Answer 12

AWS maintains the underlying OS and performs software patching on the database.

RDS is a managed service that makes it easy to launch and manage relational databases. RDS does provide a lot of value, like automated backups and software patching, and frees you up to focus on your applications.

Question 13

Which of the following tools provides a view of the performance and availability of your AWS services based on your requirements?

AWS Systems Manager

AWS Trusted Advisor

AWS Service Health Dashboard

AWS Personal Health Dashboard

Answer 13

AWS Personal Health Dashboard

AWS Personal Health Dashboard focuses on the performance and availability of your AWS services so you can respond accordingly.

Question 14

Which of the following is AWS’ managed database service that is compatible with MySQL?

MariaDB

DynamoDB

PostgreSQL

Aurora

Answer 14

Aurora

Aurora is AWS’ managed database service that is up to 5x faster than a traditional MySQL database.

Question 15

A company has made the decision to migrate its internal on-premises data center to the cloud. Who can help the company plan and conduct the migration?

(Choose 2)

AWS Support

Marketplace

Consulting partner from the AWS Partner Network (APN)

AWS Infrastructure Event Management

Answer 15

Consulting partner from the AWS Partner Network (APN)
Consulting partners offer professional services.

AWS Infrastructure Event Management
Infrastructure Event Management offers architecture guidance and operational support during the preparation and execution of planned events, such as shopping holidays, product launches, and migrations.

Question 16

When AWS uses tape media to perform backups in their data centers, who would be responsible for their safe and secure disposal?

Customer

AWS

Third Parties

Shared Responsibility

Answer 16

AWS

Since this relates to physical media located within an AWS data center, it is the responsibility of AWS.

Question 17

A developer would like to access AWS services from application code. How can a developer achieve this?

Software Development Kit (SDK)

CodePipeline

CodeBuild

CodeCommit

Answer 17

Software Development Kit (SDK)

SDKs allow you to access AWS services from popular programming languages like Java, Python, C#, and many more.

Question 18

A company is considering moving their critical applications and databases to the cloud. They want to ensure their data never becomes corrupted or lost due to a system malfunction. A system that reliably stores data without loss is considered to be what?

Agile

Durable

Highly available

Elastic

Answer 18

Durable

A system that stores data without loss is a durable one. Durability is all about long-term data protection. This means your data will remain intact without corruption.

Question 19

A small company has purchased a new system which they want to deploy in the AWS Cloud but does not have anyone with the required AWS skill set to perform the deployment. Which service can help with this?

AWS Partner Network (APN) Consulting Partners

AWS Partner Network (APN) Technology Partners

Trusted Advisor

AWS Support

Answer 19

AWS Partner Network (APN) Consulting Partners

APN Consulting Partners include professional services organizations like system integrators, strategic consultancies, agencies, managed service providers (MSPs), and value-added resellers. In this case, we would engage a Consulting Partner to help us deploy a new system to the AWS Cloud.

Question 20

Your company has decided to use Amazon WorkSpaces. They can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes. What type of solution is this?

IaaS

DaaS

SaaS

PaaS

Answer 20

DaaS

Amazon WorkSpaces provides a Desktop as a Service (DaaS) solution.

Question 21

A company is considering moving its data and applications to the cloud. What are some of the benefits of moving to the cloud?

(Choose 2)

Operate production workloads that are more highly available, fault tolerant, and scalable.

Gain access to AWS Support, a team of dedicated AWS experts, to help with custom software development.

Provision exactly the right type and size of computing resources you need.

Shift the responsibility of security to AWS.

Have direct control over servers.

Answer 21

Operate production workloads that are more highly available, fault tolerant, and scalable.
The AWS global infrastructure, which includes Availability Zones, offers the ability to operate production workloads that are more highly available, fault tolerant, and scalable than a single data center solution.

Provision exactly the right type and size of computing resources you need.
You’re able to stop guessing capacity. You can access as much or as little capacity as you need, and scale up and down as required.

Question 22

Which of the following engines are classified as relational databases on AWS?

(Choose 2)

Redshift

Aurora

DynamoDB

MariaDB

Answer 22

Aurora
Aurora is a type of RDS engine on AWS.

MariaDB
MariaDB is a type of RDS engine on AWS.

Question 23

You need to allow IPv4 resources in a private subnet to connect to services outside your VPC, but you can’t allow external services to initiate a connection with those private IPv4 resources. Which of the following must be present to enable this access?

Route tables

NAT gateway

Security groups

Network access control lists

Answer 23

NAT gateway

A NAT gateway is required to allow resources in a private subnet to access the internet.

Question 24

A company would like to reduce operational overhead when operating AWS infrastructure. Which service can help them do this?

Technology partner from the AWS Partner Network (APN)

Managed Services

Consulting partner from the AWS Partner Network (APN)

Professional Services

Answer 24

Managed Services

Managed Services helps you efficiently operate your AWS infrastructure and reduces operational risks and overhead.

Question 25

A company needs to use a load balancer that can serve traffic at the TCP and UDP layers. Additionally, it needs to handle millions of requests per second at very low latencies. Which load balancer should they use?

TCP Load Balancer

Application Load Balancer

Classic Load Balancer

Network Load Balancer

Answer 25

Network Load Balancer

Network Load Balancer is best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Transport Layer Security (TLS) traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies.

Question 26

A company is using CloudTrail to simplify operational analysis and troubleshooting. When tracking user activity, which content fields does CloudTrail track when a user accesses the AWS Management Console?

(Choose 2)

Resource tag

Username

Region

Previous state of the affected resource

Availability Zone

Answer 26

Username
CloudTrail allows you to track the username.

Region
CloudTrail tracks the AWS Region that the request was made to, such as us-east-1.

Question 27

Which are focuses of the security pillar of the Well-Architected Framework?

(Choose 2)

Track who did what and when.

Perform tasks manually.

Only encrypt data in transit.

Assign only the least privilege required.

Answer 27

Track who did what and when.
This is a focus of the security pillar. This pillar focuses on putting mechanisms in place that help protect your systems and data.

Assign only the least privilege required.
This is a focus of the security pillar. This pillar focuses on putting mechanisms in place that help protect your systems and data.

Question 28

Which of the following languages can be used to author CloudFormation templates?

(Choose 2)

YAML

CAMEL

Python

JSON

Answer 28

YAML
JSON

CloudFormation supports both JavaScript Object Notation (JSON) and YAML Ain’t Markup Language (aka, YAML) for authoring CloudFormation templates.

Question 29

Your company is considering migrating its data center to the cloud. Which of the following is an advantage of the AWS Cloud over an on-premises data center?

Replace upfront operational expenses with low variable operational expenses.

Replace upfront capital expenses with low variable costs.

Replace low variable costs with upfront capital expenses.

Maintain physical access to the new data center but share responsibility with AWS.

Answer 29

Replace upfront capital expenses with low variable costs.

All the hardware purchased upfront for a data center will be replaced by resources that are variable in nature with low upfront costs.

Question 30

A company has multiple AWS accounts across many departments. They are considering using Organizations to group all their accounts under 1 master payer account. What are the benefits of using Organizations?

(Choose 3)

The IAM integration allows for IAM users to be deleted automatically when an account is closed.

They can automatically be alerted when new accounts are set up.

They can easily add new accounts or create new accounts.

They can receive 1 bill for all their AWS accounts.

They can reduce costs by sharing resources across accounts.

Answer 30

They can easily add new accounts or create new accounts.
Account governance is a benefit of AWS Organizations. You have a quick and automated way to create accounts or invite existing accounts.

They can receive 1 bill for all their AWS accounts.
Consolidated billing is a benefit of AWS Organizations. The advantage of consolidated billing is that you receive 1 bill for multiple accounts.

They can reduce costs by sharing resources across accounts.
Cost savings is a benefit of AWS Organizations. You’ll receive volume discounts since usage is combined across accounts.

Question 31

You have been tasked with creating identical, repeatable infrastructure for your customers. Which service will you use?

CloudFront

CloudWatch

AWS Config

CloudFormation

Answer 31

CloudFormation

CloudFormation provides the ability to provision a repeatedly deployable environment for your customers.

Question 32

A developer deployed an application that consisted of 1 Lambda function, a DynamoDB table, and a firewall using Web Application Firewall (WAF) via the AWS Command Line Interface (CLI). When attempting to access the application’s resources via the AWS Management Console, the developer cannot find the Lambda function or DynamoDB table. What could be the problem?

The default rules in WAF prevent everyone on the internet from accessing the application unless specifically granted.

The developer probably forgot to assign the appropriate IAM access permissions to themselves before closing the CLI.

The developer is probably in a different Region from where the resources were initially deployed.

The developer probably forgot to issue the “save” command when using the CLI.

Answer 32

The developer is probably in a different Region from where the resources were initially deployed.

Resources that aren’t global are typically deployed to a specific Region. Since Regions are isolated and resources aren’t automatically replicated across them, the developer needs to switch to the correct Region in order to find the resources.

Question 33

When considering common cloud computing models, which model is Amazon Elastic Compute Cloud (AWS EC2) an example of?

FaaS (Function as a Service)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Software as a Service (SaaS)

Answer 33

Infrastructure as a Service (IaaS)

IaaS includes the fundamental building blocks that can be rented from AWS. AWS manages the infrastructure and provides you a virtual machine that you can use however you’d like to meet your business requirements.

Question 34

According to the AWS Shared Responsibility Model, which of the following is the customer responsible for?

(Choose 3)

Amazon VPC service infrastructure

Subnets

Virtual Private Clouds (VPCs)

Security groups

Answer 34

Subnets
Virtual Private Clouds (VPCs)
Security groups

AWS is responsible for protecting the infrastructure that runs its services. Such services include Amazon VPC, which enables a customer to provision a logically isolated section of the AWS Cloud. This section is simply referred to as a Virtual Private Cloud, or VPC. So, while AWS is responsible for the software (Amazon VPC), the customer is responsible for the virtual network created with that software (VPC), as well as whatever goes in it. This includes subnets (each of which consist of a range of IP addresses) and security groups (each of which acts as a virtual firewall to control inbound and outbound traffic).

Question 35

A company wants to block network traffic from accessing an EC2 instance. What’s the best way to protect the EC2 instance from unwanted traffic?

Macie

IAM group

Security group

Trusted Advisor

Answer 35

Security group

The security group acts as a virtual firewall to protect the EC2 instance.

Question 36

Which benefit of cloud computing is demonstrated when you don’t have to plan ahead of time how much capacity you will need to run your applications?

Elasticity

Agility

Durability

High availability

Answer 36

Elasticity

With elasticity, you do not have to plan ahead of time how much capacity you need. You can provision only what you need, and then grow and shrink based on demand.

Question 37

Which of the following allows you to restrict access to an entire S3 bucket?

Bucket policies

Access policies

Access control lists

Bucket control lists

Answer 37

Bucket policies

Bucket policies allow you to control access to entire buckets.

Question 38

Which AWS service can provide a Desktop as a Service (DaaS) solution?

Amazon WorkSpaces

AWS Systems Manager

EC2

Elastic Beanstalk

Answer 38

Amazon WorkSpaces

Amazon WorkSpaces is a managed, secure Desktop-as-a-Service (DaaS) solution. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe.

Question 39

A company has signed a 3-year contract with a school district to develop a Teacher Absence Management application. Which type of EC2 instance would be best for application development on this project?

Standard Reserved Instances

On-Demand Instances

Spot Instances

Scheduled Reserved Instances

Answer 39

Standard Reserved Instances

Standard Reserved Instances provide you with a significant discount (up to 72%) compared to On-Demand Instance pricing and can be purchased for a 1-year or 3-year term.

Question 40

A popular company that sells products online just experienced a distributed denial-of-service (DDoS) attack that consumed all available bandwidth on their network and didn’t allow legitimate requests to be processed. Which AWS services can the company integrate and combine going forward to prevent future attacks?

(Choose 4)

CloudFront

Route 53

AWS Shield

GuardDuty

Web Application Firewall (WAF)

Answer 40

CloudFront
DDoS protection via Shield Advanced is supported on several services, including CloudFront.

Route 53
DDoS protection via Shield Advanced is supported on several services, including Route 53.

AWS Shield
Shield is a managed Distributed Denial of Service (DDoS) protection service. Shield Standard provides free protection against common and frequently occurring attacks. Shield Advanced provides enhanced protections and 24/7 access to AWS experts for a fee.

Web Application Firewall (WAF)
There is a rule type in WAF called a “rate-based” rule that protects you from web-layer DDoS attacks, brute-force login attempts, and bots. (Note: This requires very detailed knowledge of WAF and will probably not be on the exam, but it’s good to know just in case.)

Question 41

What is the maximum number of objects you can store in S3 per AWS account?

Unlimited

65,536

262,144

1,048,576

Answer 41

Unlimited

You can store an essentially unlimited number of objects in S3 - either in a single bucket or across multiple in your account.

Question 42

Which statement below is one of the 6 advantages of cloud computing?

Benefit from minor economies of scale.

Trade variable expense for capital expense.

Easily guess capacity.

Benefit from increased speed and agility.

Answer 42

Benefit from increased speed and agility.

In a cloud computing environment, new IT resources are only a click away, which means you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization since the cost and time it takes to experiment and develop is significantly lower.

Question 43

A developer needs to provide version control for multiple Python source code files. Which service will provide source control for the files?

CodeCommit

CodeDeploy

CodeBuild

S3

Answer 43

CodeCommit

CodeCommit is a source control system for private Git repositories.

Question 44

Select all the TRUE statements regarding the AWS Shared Responsibility Model. (Choose 3).

Customers are responsible for security “in” the cloud.

The customer is responsible for managing the underlying EC2 instance hypervisor.

AWS is responsible for managing EC2 client firewalls.

AWS manages the hardware and AWS Global Infrastructure.

AWS is responsible for security “of” the cloud.

Answer 44

Customers are responsible for security “in” the cloud.
Customers are responsible for security “in” the cloud while AWS is responsible for security “of” the cloud.

AWS manages the hardware and AWS Global Infrastructure.
AWS does manage its own hardware and AWS Global Infrastructure. Some hardware can be dedicated to a specific AWS user such as dedicated instances.

AWS is responsible for security “of” the cloud.
AWS is responsible for security “of” the cloud, while customers are responsible for security “in” the cloud.

Question 45

Which of the following acts like built-in firewalls per instance for your virtual servers?

Network access control lists

Availability Zones

Route tables

Security groups

Answer 45

Security groups

Security groups act like built-in firewalls for your virtual servers — the rules you create define what is allowed to talk to your instances and how. Although network access control lists can be used to block or deny traffic, these operate at the subnet level (covering all instances in the subnet with the same ruleset), not per instance as the question specifies. Route tables tell traffic where it should go next to reach its destination, and an Availability Zone is a collection of data centers — which isn’t relevant in this question.

Question 46

A small software company is starting to work with the AWS Cloud. Which service will allow them to find, test, buy, and deploy software that runs on AWS?

Organizations

Service Catalog

ElastiCache

AWS Marketplace

Answer 46

AWS Marketplace

Marketplace is a digital catalog of prebuilt solutions you can purchase or license. You may also use it to sell solutions to others.

Question 47

A user has created several IAM users in their account to perform administrative and general tasks. How can the user monitor and track the IP address of the users performing activities in their account?

CloudWatch

OpsWorks

CloudTrail

Managed Services

Answer 47

CloudTrail

CloudTrail tracks user activity (along with the user’s IP address) and API calls within your account.

Question 48

Which of the following database migrations are classified as heterogeneous?

(Choose 2)

Oracle to Amazon RDS for Oracle

MySQL to Amazon Aurora MySQL

Microsoft SQL Server to Amazon Aurora PostgreSQL

Oracle to Amazon Aurora PostgreSQL

Answer 48

Microsoft SQL Server to Amazon Aurora PostgreSQL
In heterogeneous database migrations, the source and target databases tend to be different in schema structure, data type, and database code. SQL Server and PostgreSQL are not the same.

Oracle to Amazon Aurora PostgreSQL
In heterogeneous database migrations, the source and target databases tend to be different in schema structure, data type, and database code. Oracle and Amazon Aurora PostgreSQL are not the same.

Question 49

Which security concept confirms that users are who they say they are, by presenting an identity (username) and providing a verification (password)?

Authentication

Principle of least privilege

Authorization

Root user

Answer 49

Authentication

Authentication defines the “who” in regard to access. Authentication is where you present your identity (username) and provide verification (password).

Question 50

You just had a Data Analyst join the company, and you have been tasked with creating a new IAM user accordingly. Although the user has received all the necessary credentials, she realized that she cannot perform any Amazon RDS actions on the Clients table. Which of the following are possible solutions to this issue?

(Choose 2)

Add the user to the group that has the necessary permission policy.

Double-check the credentials you sent to the user.

Create an identity-based policy.

Create a ticket for the Help Desk to resolve the issue.

Supply the password necessary to log into the AWS Console.

Answer 50

Add the user to the group that has the necessary permission policy.
Create an identity-based policy.

By default, an IAM user can’t access anything in the AWS account. So, the inability to perform the RDS actions on the Clients table is not a technical or password issue. To grant access, you would need to create an identity-based policy. However, if there is a group in the account with the permission policy that will grant such access, you can add the user to that group instead.

Question 51

An independent developer needs help with monitoring service limits to ensure they don’t exceed free-tier usage on their account. Which services will help them monitor service limits?

(Choose 2)

Trusted Advisor

Config

Inspector

CloudWatch

GuardDuty

Answer 51

Trusted Advisor
Trusted Advisor has a service limit dashboard that helps you monitor service limits.

CloudWatch
CloudWatch Alarms can be used to determine the percentage of utilization versus the limit.

Question 52

You suspect that 1 of the AWS services your company is using has gone down. How can you check on the status of this service?

AWS Personal Health Dashboard

AWS Trusted Advisor

Amazon Inspector

AWS Organizations

Answer 52

AWS Personal Health Dashboard

AWS Personal Health Dashboard provides alerts and guidance for AWS events that might affect your environment.

Question 53

Deploying your EC2 instances across multiple AZs will help address which cloud concept?

Elasticity

High availability

Scalability

Automation

Answer 53

High availability

Having resources across multiple AZs is 1 way to design for high availability - the concept that your services in the cloud should be designed to tolerate failures in the underlying cloud infrastructure. AWS allows you to do this by providing Availability Zones - each 1 is independent from the others, and a failure in 1 should not impact the others. Therefore, if you deploy your application in 2 instances in 2 AZs, and 1 of the AZs fails, you will still have 1 instance running your application. Automation relates to simplifying common repeated tasks and removing the human element. Although scalability and elasticity (the ability to increase resources according to needs and the ability to go up and down in resources as needed) look like they might fit, as we are talking specifically about multiple AZs in the question, high availability is the more correct answer.

Question 54

You have many database backups you need to store for an indefinite amount of time. If the backups are ever needed, they just need to be retrieved within 6 hours. What is the lowest cost solution for this scenario?

Amazon Glacier Flexible Retrieval

Amazon S3

Amazon S3 Standard-IA

Amazon EFS

Answer 54

Amazon Glacier Flexible Retrieval

Amazon Glacier Flexible Retrieval (formerly Amazon S3 Glacier) provides the lowest cost option for long-term storage and is perfectly suited for this scenario. The backups would not need to be retrieved quickly, so Glacier Flexible Retrieval is the best option.

Question 55

You are a Systems Administrator who has just started adding IAM users to your company’s AWS account. However, you worry that the users will not create passwords strong enough to prevent unauthorized access. What is the most reliable way to ensure that users are using strong passwords?

Apply an IAM password policy to ensure users create appropriately strong passwords.

Ask for the password of each user and create a much stronger one by yourself.

Speak with each IAM user individually about the importance of creating strong passwords.

Hold an AWS webinar to stress the importance of creating strong passwords.

Answer 55

Apply an IAM password policy to ensure users create appropriately strong passwords.

Use Identity and Access Management (IAM) to apply an IAM password policy. While awareness and training are critical to developing good security practices, the most reliable option is to use an IAM password policy, which won’t allow users to use lower-strength passwords.

Question 56

You want to use an AWS service that enables you to notify select Tech Support members in your company (via email) of any cloud-related issues to attend to. Which of the following services will accomplish that?

Simple Workflow Service

Simple Notification Service

Simple Email Service

Simple Queue Service

Answer 56

Simple Notification Service

With Simple Notification Service, or Amazon SNS, you can create and appropriately name a topic to which you publish your messages. Then, the select Tech Support members can subscribe to that topic to receive these messages as email notifications.

Question 57

A company is considering establishing a dedicated network connection from their on-premises data center to their AWS Cloud environment. They want a private connection that provides a more consistent network experience than the internet. Which cloud type gives access to the cloud from on-premises infrastructure?

Multi-cloud

Private cloud

Hybrid cloud

Public cloud

Answer 57

Hybrid cloud

With the hybrid cloud, some resources run in the cloud while others run on-premises. This means resources run in the AWS Cloud and your internal data center.

Question 58

Which of the following data archival services is extremely inexpensive but can have a multi-hour data-retrieval window?

S3 Standard-IA

S3 One Zone-IA

Glacier

S3-IZA

S3 Standard

Answer 58

Glacier

Glacier offers extremely inexpensive data archival, but requires a 3- to 5-hour data-retrieval window for standard retrievals - though this time can be reduced for a price.

Question 59

A huge department store sells products online and in-person. Most of their customers use credit cards instead of cash when making purchases. For security purposes, the credit card data must be encrypted at rest. Which services allow the department store to generate and store the encryption key used to secure the credit card numbers?

(Choose 2)

CloudHSM

Identity and Access Management (IAM)

Macie

Key Management Service (KMS)

Secrets Manager

Answer 59

CloudHSM
CloudHSM is a hardware security module (HSM) used to generate and store encryption keys.

Key Management Service (KMS)
KMS allows you to generate and store encryption keys.

Question 60

Microsoft has announced a new patch for its operating system. For a platform-as-a-service solution, who would be responsible for applying the patch?

AWS

The customer for Spot instances only.

Either can apply this patch.

Customer

Answer 60

AWS

The platform-as-a-service model removes the need for organizations to manage the underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications.

Question 61

A company would like to add a support chatbot to the help page on their website. Which service will allow the users to build a conversational interface using voice and text?

Polly

Rekognition

Translate

Lex

Answer 61

Lex

Lex helps you build conversational interfaces like chatbots.

Question 62

Which of the below are TRUE when running a database in an EC2 instance?

(Choose 3)

The customer is responsible for updating the guest operating system.

AWS is responsible for managing access to the database.

AWS is responsible for updating the database software.

The customer is responsible for managing access to the database.

The customer is responsible for updating the database software.

AWS is responsible for updating the guest operating system.

Answer 62

The customer is responsible for updating the guest operating system.
As it is an EC2 instance, the customer is responsible for guest OS patching.

The customer is responsible for managing access to the database.
In this case, as the database is being run in an EC2 instance, all aspects of database updates and access is the responsibility of the customer.

The customer is responsible for updating the database software.
Under the Shared Responsibility Model, AWS takes responsibility for managing all the hardware (including access, patching, and other maintenance) and software required to deliver the service — which in this case is the EC2 instance. Anything to do with the instance itself is the responsibility of the customer.

Question 63

A company is rearchitecting its monolithic application using a microservices architecture. Which design principle for cloud architecture should the company consider?

Build interdependent systems.

Implement loose coupling.

Manually monitor systems for failure.

Implement tight coupling.

Answer 63

Implement loose coupling.

Loose coupling helps reduce the risk of cascading failures between components.

Question 64

Upon attempting to create an additional S3 bucket, you realize you have reached your S3 bucket limit in your AWS account. You anticipate creating even more S3 buckets in the future for your photos and documents. Which of the following is the quickest solution?

Delete the S3 buckets you barely use.

Consolidate files into half of the S3 buckets and delete the empty ones.

Simply create the S3 bucket; AWS will automatically override the bucket limit.

Submit a service limit increase.

Answer 64

Submit a service limit increase.

The key word here is “quickest,” and the fastest option is to request a service limit increase at the AWS Support Center.

Question 65

Which storage service can provide very high durability storage for objects?

RDS MySQL

Amazon S3

DynamoDB

Amazon Aurora

Answer 65

Amazon S3

S3 provides high durability storage of objects.