Practice Exam 4 Flashcards
With AWS services, you can use as many resources as you need, as well as use them when you need them. Which of the following terms can be applied to this concept?
(choose 2)
Fixed resources
Temporary resources
Disposable resources
Dedicated resources
Temporary resources
Disposable resources
Working in a traditional infrastructure environment means you have to deal with fixed resources, which is comparatively costly and labor-intensive. By contrast, AWS services are much more convenient; the services provide the ability to use as many resources as you need and dispose of them when you no longer need them. That’s why such resources are both temporary and disposable.
Which of the following is a shared control of the AWS shared responsibility model?
Firmware upgrades
Hardware maintenance
Security group configuration
Patch management
Patch management
Shared controls are elements of the shared responsibility model where both AWS and the customer have shared responsibilities within their own contexts. Patch management is a shared control, since AWS is responsible for patching and fixing flaws within the infrastructure, including managed services like RDS, but customers are responsible for patching their guest OS and applications.
When you pay a subscription fee to a hosting company to serve your website on an instance you manage, which cloud computing model are you using?
Function as a Service (FaaS)
Infrastructure as a Service (IaaS)
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
IaaS offers building blocks that can be rented. When you pay a web hosting fee, you’re using IaaS.
When you access your personal email through a web browser using an application like Gmail, which cloud computing model are you using?
Software as a Service (SaaS)
Infrastructure as a Service (IaaS)
Function as a Service (FaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
SaaS allows you to use a complete application on demand. When you access your personal email through a web browser, you’re using SaaS.
When you access tools provided to build a storefront application that runs on another company’s server, which cloud computing model are you using?
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Function as a Service (FaaS)
Software as a Service (SaaS)
Platform as a Service (PaaS)
PaaS is often used by developers to develop software using web-based tools.
Which types of deployments offer high availability?
(choose 2)
Multi-Region deployments
Single-Region deployments
Multi-AZ deployments
Single-AZ deployments
Multi-Region deployments
Multi-Region deployments provide high availability. Systems that are highly available are dependable enough to operate continuously without failure.
Multi-AZ deployments
A developer has developed a 3-tier web application that will be deployed directly on Amazon EC2. The developer is considering deploying the application to more than one Availability Zone. What advantages does this deployment approach offer?
(choose 3)
Enhances resiliency, allowing the application to recover from failure due to load
Increase in responsiveness when load balancing is used
Reduced operational costs because you’re spreading data transfer costs between Availability Zones
Improves the availability of the application
-Enhances resiliency, allowing the application to recover from failure due to load
Resilient/fault-tolerant systems recover quickly and minimize application downtime. If 1 instance fails, another instance in a different Availability Zone can handle the request.
-Increase in responsiveness when load balancing is used
If 1 Availability Zone is constrained, the instances in another Availability Zone can handle the traffic.
-Improves the availability of the application
If 1 Availability Zone is completely destroyed, you will still have a completely functional web application running in a different Availability Zone.
A company is considering migrating to the cloud. How does moving to the cloud reduce upfront costs?
By allowing you to pay upfront for software to lock in savings
By replacing large capital expenditures with lower variable costs spread over time
By allowing the provisioning of resources at a fixed price even during high peak times
By replacing large variable expenditures with lower capital investments
By replacing large capital expenditures with lower variable costs spread over time
The cloud allows you to trade capital expenses for variable expenses.
Which of the following is NOT part of the AWS Global infrastructure?
Security groups
Edge locations
Availability Zones
Regions
Security groups
Regions, AZs, and edge locations are part of the AWS Global Infrastructure.
Which of the following best describes a system that will remain operational even in the event of a component failure?
Elastic
Highly available
Fault tolerant
Scalable
Fault tolerant
A fault-tolerant system will remain operational even in the event of a component failure.
A solutions architect is designing a new web application to be highly available. There are regulatory requirements that require multiple EC2 instances to be provisioned in the same geographic location. Where should the EC2 instances be placed?
Multiple Availability Zones
Cluster placement group
Multiple subnets
Multiple Regions
Multiple Availability Zones
This solves the requirement for high availability and in the same geographic location.
Which of the below is correct when looking at Regions, Availability Zones, edge locations, and data centers?
(choose 2)
Data centers contain Availability Zones.
Edge locations contain Availability Zones.
Availability Zones contain data centers.
Regions contain Availability Zones.
Availability Zones contain data centers.
Regions contain Availability Zones.
Regions contain 2 or more Availability Zones, which are themselves made up of 1 or more data centers. Edge locations are a part of AWS’ content distribution network and are separate from Regions and AZs.
There are several options for interacting with resources in your AWS account. Which of the following are ways to interact with AWS services?
(choose 3)
CloudFormation
Software Development Kit (SDK)
Platform as a Service (PaaS)
AWS Command Line Interface (CLI)
AWS Management Console
-Software Development Kit (SDK)
SDKs allow you to access AWS services from popular programming languages like Java, Python, C#, and many more.
-AWS Command Line Interface (CLI)
While resources can be provisioned using the AWS CLI, the process is manual and becomes harder to reproduce without error the more resources you have.
-AWS Management Console
While resources can be provisioned using the AWS Management Console, the process is manual and becomes harder to reproduce without error the more resources you have.
A person new to the cloud is learning about the services that offer compute power. Which AWS services offer computing resources in the cloud?
(choose3)
Amazon Cognito
Amazon Simple Storage Service (S3)
AWS Lambda
AWS Elastic Beanstalk
Amazon Elastic Compute Cloud (EC2)
AWS Lambda
Lambda is a serverless compute service that lets you run code without managing servers.
AWS Elastic Beanstalk
Elastic Beanstalk allows you to deploy your web applications and web services to AWS. Although we covered Elastic Beanstalk in the “Deployment and Infrastructure Management Services” lesson, it is a compute service.
Amazon Elastic Compute Cloud (EC2)
EC2 allows you to rent and manage virtual servers in the cloud.
You have a mission-critical application that must be globally available at all times. Which deployment strategy should you follow?
Multi-Availability Zone
Deploy to all Availability Zones in your home region.
Multi-VPC in 2 AWS Regions
Multi-Region
Multi-Region
A multi-Region deployment will best ensure global availability. While it can be the most expensive, as well as complex to configure, multi-Regional architectures will ensure that even if all Availability Zones in a single Region fail due to a catastrophic event, your data will remain accessible.
In the AWS Global Infrastructure, what are edge locations responsible for?
Providing redundant backup to your AWS services
Hosting a content delivery network called CloudFront
Providing disaster recovery services
Providing independent power grids to Availability Zones
Hosting a content delivery network called CloudFront
Edge locations host a content delivery network called CloudFront.
Which of the following is a shared control of the AWS shared responsibility model?
EC2 instance application configuration
Identity and Access Management
Awareness and training
Data center security
Awareness and training
Shared controls are elements of the shared responsibility model where both AWS and the customer have shared responsibilities within their own contexts. Awareness and training is a shared control, since AWS trains AWS employees, but a customer must train their own employees.
Which pillar of the Well-Architected Framework encourages the use of CloudFormation?
Performance efficiency
Security
Operational excellence
Reliability
Operational excellence
Operational excellence focuses on creating applications that effectively support production workloads. Scripting operations as code is a part of this pillar, which includes the use of CloudFormation.
Which of the following are focuses of the cost optimization pillar of the Well-Architected Framework?
(choose3)
Utilize consumption-based pricing.
Measure overall efficiency.
Implement cloud financial management.
Pay for extra resources to cover demand.
Utilize consumption-based pricing.
Measure overall efficiency.
Implement cloud financial management.
This is a focus of the cost optimization pillar. This pillar focuses on delivering optimum and resilient solutions at the least cost to the user.
A small startup is configuring its AWS Cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group?
Resource groups
Tagging
AWS Organizations
AWS IAM
AWS IAM
IAM allows you to control access to your AWS services and resources.
As an AWS account administrator, you are in charge of creating AWS accounts and securing those accounts. What steps can you take?
(choose 2)
Create functional groups for each department and use a common password for each group.
Grant admin access to all users.
Create multi-factor authentication for the root account.
Store the root account credentials in SharePoint.
Add IP restrictions for all accounts.
-Create multi-factor authentication for the root account.
This will add an additional layer of security to the root account.
-Add IP restrictions for all accounts.
This would greatly limit who can access your environment and from where.
Which of the below are you responsible for managing when storing data in S3?
(choose 2)
Who has access to the storage hardware
Who has access to the S3 infrastructure software
Who has access to data you stored on the S3 service
Who has access to the S3 service
Who has access to the network hardware
Who has access to data you stored on the S3 service
Who has access to the S3 service
Under the Shared Responsibility Model for managed services, AWS takes responsibility for managing all the hardware (including access, patching, and other maintenance). When it comes to S3, the customer is responsible for all aspects of the data being stored on S3, and who has access to manage the S3 service for that account.
You would like to give an application running on one of your EC2 instances access to an S3 bucket. What is the best way to implement this?
Give the application a set of access keys
Use an IAM user for the application
Make the bucket public
Assign the instance an IAM role
Assign the instance an IAM role
The recommended method to assign permissions to apps running in EC2 is to use IAM roles.
Which of the following are programmatic access types enabling users to interact with AWS services?
(choose 3)
AWS CLI
AWS SDKs
API calls
Python
-AWS CLI
The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
-AWS SDKs
AWS SDKs allow IAM users to make programmatic API calls AWS services. The AWS SDKs consist of libraries and sample code for various programming languages and platforms (for example, Java, Ruby, .NET, iOS, and Android). The SDKs provide a convenient way to create programmatic access to IAM and AWS. For example, the SDKs take care of tasks such as cryptographically signing requests, managing errors, and retrying requests automatically.
-API calls
IAM users can make API calls for programmatic access to AWS services.
According to the Shared Responsibility Model, which of the following is AWS responsible for?
(choose 2)
Subnets
Network access control lists
Security groups
Amazon Virtual Private Cloud infrastructure
Elastic Cloud Compute (EC2) infrastructure
Amazon Virtual Private Cloud infrastructure
Elastic Cloud Compute (EC2) infrastructure
Protecting the infrastructure that runs all of the services in the AWS Cloud is the responsibility of AWS. Such services include EC2 infrastructure — the hardware compute platform for running EC2 instances and Amazon Virtual Private Cloud — or VPC, which enables customers to provision a logically isolated section of the AWS Cloud to launch their resources. The subnets, security groups, and network access control lists configured in the VPC are the responsibility of the customer.
Using CloudTrail to track user activity and API calls within your account is an example of which AWS Well-Architected Framework pillar?
Cost Optimization
Operational Excellence
Security
Reliability
Security
A design principle of the Security pillar is to track who did what and when. The Security pillar focuses on putting mechanisms in place to protect your systems and data.
