Practice Exam 3 Flashcards
Which AWS service can you use to connect your AWS Cloud with an on-premises data center?
IAM
VPC peering
Internet Gateway
Virtual private gateway
Virtual private gateway
A virtual private gateway is a logical, fully redundant distributed edge routing function that sits at the edge of your VPC. As it is capable of terminating VPN connections from your on-premises or customer environments, the VPG is the VPN concentrator on the Amazon side of the Site-to-Site VPN connection.
Which of the following are characteristics of Regions?
choose 3
They contain only the resources and services specifically deployed to them.
They are fully independent and isolated.
They are dependent and shared.
They are grouped in geographic locations.
-They contain only the resources and services specifically deployed to them.
Regions are isolated, and resources that are uploaded are not automatically replicated across them.
-They are fully independent and isolated.
Regions are fully independent and isolated. If one Region is impacted, the others will not be.
-They are grouped in geographic locations.
AWS logically groups its Regions into geographic locations.
A company is considering the cloud deployment models when planning a new application. Which deployment model allows the company to fully stop spending money running and maintaining data centers?
Infrastructure as a Service (IaaS)
Private cloud
Hybrid cloud
Public cloud
Public cloud
With the public cloud, all resources run in the cloud. Don’t forget: This is the AWS Cloud.
A company has an application with user bases in both Australia and Canada. The company has deployed their application to servers currently provisioned in the Canada (Central) Region. Unfortunately, Australian users are experiencing high latency and slow download times. How can the company reduce latency?
Set up Direct Connect for users in Australia.
Use S3 Transfer Acceleration to speed up delivery of static content to users in Australia.
Provision resources across Availability Zones in the Canada (Central) Region to handle the demand.
Provision resources to the Asia Pacific (Sydney) Region in Australia.
Provision resources to the Asia Pacific (Sydney) Region in Australia.
A multi-Region deployment solves the issue by deploying the application closest to the user base.
Under the shared responsibility model, for which of the following does AWS NOT assume responsibility?
Customer data
Hypervisors
Physical security of AWS facilities
Networking
Customer data
Customers are responsible for their own customer data in the cloud. AWS manages the networking, hypervisor configuration, and physical security.
You would like to set up a loosely coupled architecture. Which service would allow you to send and receive messages and store them if they are not consumed immediately?
AWS SQS
AWS SES
AWS S3
Amazon DynamoDB
AWS SQS
SQS is a message queuing service that allows you to build loosely coupled systems.
Which of the following is an AWS global service?
IAM
EC2
VPC
Amazon RDS
IAM
Identity and Access Management is a global service.
The Chief Marketing Officer of the hotel chain you work for would like to develop a solution to enable voice recognition capabilities in rooms, so customers can request services without picking up the phone. Competitors have already begun rolling out these technologies in an attempt to improve their customers’ experience. Which benefit of the AWS Cloud would you most emphasize to the CMO in your business case for creating an AWS-based solution that allows you to innovate more quickly and deliver your applications faster, as a response to your competitors?
Agility
Cost savings
Deploy globally in minutes
Elasticity
Agility
The AWS Cloud provides instant access to new technologies. Companies can move with agility to satisfy new business requirements and meet competitive demands. There is a very low barrier of entry for innovation. If a solution is not meeting expectations, services can be instantly de-provisioned. The other 3 options will also prove to be benefits of deploying in the AWS Cloud, but the use case emphasizes the need to move quickly against competitive threats.
Which of the following is an AWS global service?
VPC
EC2
RDS
CloudFront
CloudFront
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds, all within a developer-friendly environment
What defines long-term data protection?
Agility
Elasticity
Durability
High availability
Durability
Durability is all about long-term data protection. This means your data will remain intact without corruption.
You have an Application Load Balancer for routing traffic from developers to the EC2 instance that contains a web application being put into operation. To prepare for the application going live for public use, you add an Auto Scaling group and a second Application Load Balancer to route web traffic from customers to the EC2 instance. The addition is an example of which of the following?
Scalability
Reliability
Elasticity
Durability
Scalability
This is an example of scalability, which means systems are expected to grow over time with no drop in performance.
Your company has decided to migrate entirely to the AWS Cloud. Which answers are a part of the 6 advantages of cloud computing?
choose 2
Stop spending money running and maintaining data centers.
Benefit from minor economies of scale.
Trade variable expense for capital expense.
Go global in minutes
Stop spending money running and maintaining data centers.
Focus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on your own customers rather than on the heavy lifting of racking, stacking, and powering servers.
Go global in minutes
Easily deploy your application in multiple regions around the world with just a few clicks. This means you can provide lower latency and a better experience for your customers at a minimal cost.
Which type of user is created when you initially sign up for an AWS account?
Full access user
Limited access user
Root user
Administrator user
Root user
The root user is created when you initially sign up for your account.
Which of the following is correct regarding the number of Regions, Availability Zones, edge locations, and data centers?
There are more Availability Zones than edge locations.
There are more Availability Zones than Regions.
The number of Availability Zones is the same as the number of Regions.
There are more Regions than Availability Zones.
There are more Availability Zones than Regions.
Regions contain 2 or more Availability Zones, which are themselves made up of 1 or more data centers. This means there will always be more AZs than Regions. Edge locations are separate from AZs and Regions, and there are more Edge Locations than Regions and Availability Zones.
Which statement is true regarding the AWS Global Infrastructure?
Availability Zones contain edge locations.
Each AWS Region consists of multiple, isolated, and physically separate AZs within a geographic area.
Each AWS Availability Zone contains multiple Regions.
Edge locations contain Regions
Each AWS Region consists of multiple, isolated, and physically separate AZs within a geographic area.
AWS has the concept of a Region, which is a physical location around the world where we cluster data centers. We call each group of logical data centers an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate AZs within a geographic area. Unlike other cloud providers, that often define a region as a single data center, the multiple-AZ design of every AWS Region offers advantages for customers. Each AZ has independent power, cooling, and physical security and is connected via redundant, ultra-low-latency networks. AWS customers focused on high availability can design their applications to run in multiple AZs to achieve even greater fault tolerance. AWS infrastructure Regions meet the highest levels of security, compliance, and data protection.
Which of the following statements about AWS Regions is true?
choose 2
Regions are generally specific geographical areas.
Regions are automatically fully synchronized to contain the same data globally
Regions are made up of Availability Zones.
Regions are user-defined constructs.
-Regions are generally specific geographical areas.
A Region is a geographical area divided into Availability Zones. Each Region contains at least 2 publicly accessible Availability Zones.
-Regions are made up of Availability Zones.
A Region is a geographical area divided into Availability Zones. Each Region contains at least 2 publicly accessible Availability Zones.
What are the ways a user can access resources in their AWS account?
Application code
API Gateway
AWS Command Line Interface (CLI)
AWS Management Console
Application code
Application code is a form of programmatic access. Programmatic access provides access to your AWS resources through an application or a tool like the CLI.
AWS Command Line Interface (CLI)
The AWS CLI allows you to access your AWS account through a terminal or command window.
AWS Management Console
The AWS Management Console allows you to access your AWS account and manage applications running in your account from a web browser.
A customer has set up an Amazon S3 bucket and wants to limit access to specific users. What is the most efficient way to do so?
Bucket access policy
AmazonS3FullAccess managed policy
IAM role assumed by the user
IAM user policy
Bucket access policy
You can add a bucket access policy directly to an Amazon S3 bucket to grant IAM users access permissions for the bucket and the objects in it.
Which policy will provide information on performing penetration testing on your EC2 instances?
JSON policy
IAM policy
Customer Service Policy for Penetration Testing
AWS Customer Agreement
Customer Service Policy for Penetration Testing
AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for Amazon EC2 instances, NAT gateways, elastic load balancers, and 7 other services.
Under the shared responsibility model, which of the following is the customer’s responsibility when using Amazon RDS?
Taking database backups
Using AWS encryption solutions to protect data
Collecting monitoring data to debug failures
Managing infrastructure security in RDS
Creating and managing database users
Taking database backups
You are responsible for managing backups of your data.
Using AWS encryption solutions to protect data
You are responsible for protecting your data.
Collecting monitoring data to debug failures
You are responsible for collecting monitoring data from all the parts of your AWS solutions so you can more easily identify issues.
Creating and managing database users
You are responsible for managing access to your databases.
Which of the following are focuses of the reliability pillar of the Well-Architected Framework?
choose 2
Scale vertically for resilience.
Implement recovery procedures without testing.
Reduce idle resources.
Recover from failure automatically.
Reduce idle resources.
Recover from failure automatically
This is a focus of the reliability pillar. This pillar focuses on designing systems that work consistently and recover quickly.
A customer is managing multiple AWS accounts using AWS Organizations. What can the customer use to restrict the same permissions across all AWS accounts managed under AWS Organizations using minimal effort?
Service control policies
S3 bucket policy
IAM organization policy
IAM user policy
Service control policies
AWS Organizations provides central governance and management for multiple accounts. Organization service control policies (SCPs) allow you to create permissions guardrails that apply to all accounts within a given organization.
Which service might you use to provide Distributed Denial of Service (DDoS) protection to your applications running on AWS?
AWS WAF
AWS Inspector
AWS Shield
DynamoDB
AWS Shield
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.
A customer has multiple IAM users that need the same access permissions. How can the customer provide the same access permissions to all the users quickly and efficiently?
By creating a policy and assigning it to each user
By assigning a preconfigured AWS managed policy to each user
By assigning users to an EC2 security group
By assigning users to an IAM group that has the needed permissions.
By assigning users to an IAM group that has the needed permissions.
IAM groups allow a set of users to have the same access permissions.
Which AWS service provides central governance and management across multiple AWS accounts?
Identity and Access Management
CloudFormation
AWS Systems Manager
AWS Organizations
AWS Organizations
AWS Organizations allows you to centrally manage multiple AWS accounts under one umbrella
Where is the best place to store your root user access key so your application can use it to make requests to AWS?
It needs to be coded directly into your application.
Nowhere — you should not use the root user access keys for this.
It should be configured as a parameter and held in the Key Management Store (KMS).
In the .aws file in your application.
Nowhere — you should not use the root user access keys for this.
It is not recommended to use the root user account or access keys for any reason, as these grant full unrestricted access to the entire account. Recommended practice is to follow the concept of “least privilege” and create am IAM user or role with just enough access to do what is needed and nothing more, and use those keys as required.