Practice Exam 4 Flashcards
With AWS services, you can use as many resources as you need, as well as use them when you need them. Which of the following terms can be applied to this concept?
(choose 2)
Fixed resources
Temporary resources
Disposable resources
Dedicated resources
Temporary resources
Disposable resources
Working in a traditional infrastructure environment means you have to deal with fixed resources, which is comparatively costly and labor-intensive. By contrast, AWS services are much more convenient; the services provide the ability to use as many resources as you need and dispose of them when you no longer need them. That’s why such resources are both temporary and disposable.
Which of the following is a shared control of the AWS shared responsibility model?
Firmware upgrades
Hardware maintenance
Security group configuration
Patch management
Patch management
Shared controls are elements of the shared responsibility model where both AWS and the customer have shared responsibilities within their own contexts. Patch management is a shared control, since AWS is responsible for patching and fixing flaws within the infrastructure, including managed services like RDS, but customers are responsible for patching their guest OS and applications.
When you pay a subscription fee to a hosting company to serve your website on an instance you manage, which cloud computing model are you using?
Function as a Service (FaaS)
Infrastructure as a Service (IaaS)
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
IaaS offers building blocks that can be rented. When you pay a web hosting fee, you’re using IaaS.
When you access your personal email through a web browser using an application like Gmail, which cloud computing model are you using?
Software as a Service (SaaS)
Infrastructure as a Service (IaaS)
Function as a Service (FaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
SaaS allows you to use a complete application on demand. When you access your personal email through a web browser, you’re using SaaS.
When you access tools provided to build a storefront application that runs on another company’s server, which cloud computing model are you using?
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Function as a Service (FaaS)
Software as a Service (SaaS)
Platform as a Service (PaaS)
PaaS is often used by developers to develop software using web-based tools.
Which types of deployments offer high availability?
(choose 2)
Multi-Region deployments
Single-Region deployments
Multi-AZ deployments
Single-AZ deployments
Multi-Region deployments
Multi-Region deployments provide high availability. Systems that are highly available are dependable enough to operate continuously without failure.
Multi-AZ deployments
A developer has developed a 3-tier web application that will be deployed directly on Amazon EC2. The developer is considering deploying the application to more than one Availability Zone. What advantages does this deployment approach offer?
(choose 3)
Enhances resiliency, allowing the application to recover from failure due to load
Increase in responsiveness when load balancing is used
Reduced operational costs because you’re spreading data transfer costs between Availability Zones
Improves the availability of the application
-Enhances resiliency, allowing the application to recover from failure due to load
Resilient/fault-tolerant systems recover quickly and minimize application downtime. If 1 instance fails, another instance in a different Availability Zone can handle the request.
-Increase in responsiveness when load balancing is used
If 1 Availability Zone is constrained, the instances in another Availability Zone can handle the traffic.
-Improves the availability of the application
If 1 Availability Zone is completely destroyed, you will still have a completely functional web application running in a different Availability Zone.
A company is considering migrating to the cloud. How does moving to the cloud reduce upfront costs?
By allowing you to pay upfront for software to lock in savings
By replacing large capital expenditures with lower variable costs spread over time
By allowing the provisioning of resources at a fixed price even during high peak times
By replacing large variable expenditures with lower capital investments
By replacing large capital expenditures with lower variable costs spread over time
The cloud allows you to trade capital expenses for variable expenses.
Which of the following is NOT part of the AWS Global infrastructure?
Security groups
Edge locations
Availability Zones
Regions
Security groups
Regions, AZs, and edge locations are part of the AWS Global Infrastructure.
Which of the following best describes a system that will remain operational even in the event of a component failure?
Elastic
Highly available
Fault tolerant
Scalable
Fault tolerant
A fault-tolerant system will remain operational even in the event of a component failure.
A solutions architect is designing a new web application to be highly available. There are regulatory requirements that require multiple EC2 instances to be provisioned in the same geographic location. Where should the EC2 instances be placed?
Multiple Availability Zones
Cluster placement group
Multiple subnets
Multiple Regions
Multiple Availability Zones
This solves the requirement for high availability and in the same geographic location.
Which of the below is correct when looking at Regions, Availability Zones, edge locations, and data centers?
(choose 2)
Data centers contain Availability Zones.
Edge locations contain Availability Zones.
Availability Zones contain data centers.
Regions contain Availability Zones.
Availability Zones contain data centers.
Regions contain Availability Zones.
Regions contain 2 or more Availability Zones, which are themselves made up of 1 or more data centers. Edge locations are a part of AWS’ content distribution network and are separate from Regions and AZs.
There are several options for interacting with resources in your AWS account. Which of the following are ways to interact with AWS services?
(choose 3)
CloudFormation
Software Development Kit (SDK)
Platform as a Service (PaaS)
AWS Command Line Interface (CLI)
AWS Management Console
-Software Development Kit (SDK)
SDKs allow you to access AWS services from popular programming languages like Java, Python, C#, and many more.
-AWS Command Line Interface (CLI)
While resources can be provisioned using the AWS CLI, the process is manual and becomes harder to reproduce without error the more resources you have.
-AWS Management Console
While resources can be provisioned using the AWS Management Console, the process is manual and becomes harder to reproduce without error the more resources you have.
A person new to the cloud is learning about the services that offer compute power. Which AWS services offer computing resources in the cloud?
(choose3)
Amazon Cognito
Amazon Simple Storage Service (S3)
AWS Lambda
AWS Elastic Beanstalk
Amazon Elastic Compute Cloud (EC2)
AWS Lambda
Lambda is a serverless compute service that lets you run code without managing servers.
AWS Elastic Beanstalk
Elastic Beanstalk allows you to deploy your web applications and web services to AWS. Although we covered Elastic Beanstalk in the “Deployment and Infrastructure Management Services” lesson, it is a compute service.
Amazon Elastic Compute Cloud (EC2)
EC2 allows you to rent and manage virtual servers in the cloud.
You have a mission-critical application that must be globally available at all times. Which deployment strategy should you follow?
Multi-Availability Zone
Deploy to all Availability Zones in your home region.
Multi-VPC in 2 AWS Regions
Multi-Region
Multi-Region
A multi-Region deployment will best ensure global availability. While it can be the most expensive, as well as complex to configure, multi-Regional architectures will ensure that even if all Availability Zones in a single Region fail due to a catastrophic event, your data will remain accessible.
In the AWS Global Infrastructure, what are edge locations responsible for?
Providing redundant backup to your AWS services
Hosting a content delivery network called CloudFront
Providing disaster recovery services
Providing independent power grids to Availability Zones
Hosting a content delivery network called CloudFront
Edge locations host a content delivery network called CloudFront.
Which of the following is a shared control of the AWS shared responsibility model?
EC2 instance application configuration
Identity and Access Management
Awareness and training
Data center security
Awareness and training
Shared controls are elements of the shared responsibility model where both AWS and the customer have shared responsibilities within their own contexts. Awareness and training is a shared control, since AWS trains AWS employees, but a customer must train their own employees.
Which pillar of the Well-Architected Framework encourages the use of CloudFormation?
Performance efficiency
Security
Operational excellence
Reliability
Operational excellence
Operational excellence focuses on creating applications that effectively support production workloads. Scripting operations as code is a part of this pillar, which includes the use of CloudFormation.
Which of the following are focuses of the cost optimization pillar of the Well-Architected Framework?
(choose3)
Utilize consumption-based pricing.
Measure overall efficiency.
Implement cloud financial management.
Pay for extra resources to cover demand.
Utilize consumption-based pricing.
Measure overall efficiency.
Implement cloud financial management.
This is a focus of the cost optimization pillar. This pillar focuses on delivering optimum and resilient solutions at the least cost to the user.
A small startup is configuring its AWS Cloud environment. Which AWS service will allow grouping these users together and applying permissions to them as a group?
Resource groups
Tagging
AWS Organizations
AWS IAM
AWS IAM
IAM allows you to control access to your AWS services and resources.
As an AWS account administrator, you are in charge of creating AWS accounts and securing those accounts. What steps can you take?
(choose 2)
Create functional groups for each department and use a common password for each group.
Grant admin access to all users.
Create multi-factor authentication for the root account.
Store the root account credentials in SharePoint.
Add IP restrictions for all accounts.
-Create multi-factor authentication for the root account.
This will add an additional layer of security to the root account.
-Add IP restrictions for all accounts.
This would greatly limit who can access your environment and from where.
Which of the below are you responsible for managing when storing data in S3?
(choose 2)
Who has access to the storage hardware
Who has access to the S3 infrastructure software
Who has access to data you stored on the S3 service
Who has access to the S3 service
Who has access to the network hardware
Who has access to data you stored on the S3 service
Who has access to the S3 service
Under the Shared Responsibility Model for managed services, AWS takes responsibility for managing all the hardware (including access, patching, and other maintenance). When it comes to S3, the customer is responsible for all aspects of the data being stored on S3, and who has access to manage the S3 service for that account.
You would like to give an application running on one of your EC2 instances access to an S3 bucket. What is the best way to implement this?
Give the application a set of access keys
Use an IAM user for the application
Make the bucket public
Assign the instance an IAM role
Assign the instance an IAM role
The recommended method to assign permissions to apps running in EC2 is to use IAM roles.
Which of the following are programmatic access types enabling users to interact with AWS services?
(choose 3)
AWS CLI
AWS SDKs
API calls
Python
-AWS CLI
The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
-AWS SDKs
AWS SDKs allow IAM users to make programmatic API calls AWS services. The AWS SDKs consist of libraries and sample code for various programming languages and platforms (for example, Java, Ruby, .NET, iOS, and Android). The SDKs provide a convenient way to create programmatic access to IAM and AWS. For example, the SDKs take care of tasks such as cryptographically signing requests, managing errors, and retrying requests automatically.
-API calls
IAM users can make API calls for programmatic access to AWS services.
According to the Shared Responsibility Model, which of the following is AWS responsible for?
(choose 2)
Subnets
Network access control lists
Security groups
Amazon Virtual Private Cloud infrastructure
Elastic Cloud Compute (EC2) infrastructure
Amazon Virtual Private Cloud infrastructure
Elastic Cloud Compute (EC2) infrastructure
Protecting the infrastructure that runs all of the services in the AWS Cloud is the responsibility of AWS. Such services include EC2 infrastructure — the hardware compute platform for running EC2 instances and Amazon Virtual Private Cloud — or VPC, which enables customers to provision a logically isolated section of the AWS Cloud to launch their resources. The subnets, security groups, and network access control lists configured in the VPC are the responsibility of the customer.
Using CloudTrail to track user activity and API calls within your account is an example of which AWS Well-Architected Framework pillar?
Cost Optimization
Operational Excellence
Security
Reliability
Security
A design principle of the Security pillar is to track who did what and when. The Security pillar focuses on putting mechanisms in place to protect your systems and data.
How can a customer meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated hardware in the cloud?
Identity and Access Management
CloudHSM
DynamoDB
Secrets Manager
CloudHSM
CloudHSM allows customers to meet compliance requirements for data security by using dedicated hardware.
Which of the following are components of the security pillar of the AWS Well-Architected Framework?
(choose 3)
Ensure security at all application layers
Encrypt data at rest and in transit
Customer service
Technical account management
CloudTrail
-Ensure security at all application layers
The security pillar focuses on putting mechanisms in place that help protect your systems and data. Ensuring security at all application layers is a component of the security pillar.
-Encrypt data at rest and in transit
The security pillar focuses on putting mechanisms in place that help protect your systems and data. Encrypting data at rest and in transit is a component of the security pillar.
-CloudTrail
What is the recommended way to give your applications running in EC2 permission to other AWS resources?
Create an IAM user with appropriate permissions and assign it to the instance.
Create an IAM role with appropriate permissions and assign it to the instance.
Create an IAM group with appropriate permissions and assign it to the instance.
Create a root access key and use it in the application.
Create an IAM role with appropriate permissions and assign it to the instance.
You should use IAM roles wherever possible to enable applications running on EC2 instances to access other AWS resources. This is the most secure method to do so.
Developers in your company need to interact with AWS from the Command Line Interface. Which security item will you need to provide to the developers?
Root password
Access key
Login ID
Security token
Access key
When working with AWS from the CLI, you need to provide an access key and secret access key.
How is data defined when it is moving from one location to another?
On the move
In traffic
In flight (or in transit)
At rest
In flight (or in transit)
Data in flight (or in transit) describes data that is moving from one location to another.
You are currently running an application in a production environment, but you want to ensure that it is free of vulnerabilities. Which of the following AWS services would you need to use?
AWS Trusted Inspector
Amazon Inspector
AWS Web Application Firewall (WAF)
AWS Shield
Amazon Inspector
You will need to turn to Amazon Inspector for security assessment. Not only does it identify vulnerabilities in your application, it will also spot deviations from security best practices. AWS Shield and WAF protect the application from attacks that exploit vulnerabilities, rather than identify them. Trusted Advisor only provides recommendations on how to improve security.
You are storing sensitive employee information in an S3 bucket. What can you use to give bucket access only to authorized personnel?
Bucket policy
Access keys
Login and password
Network access control list (NACL)
Bucket policy
S3 bucket policies allow you to grant permissions to your S3 resources.
A development team wants to gain full observability into the health of their applications and instances in order to provide the best service level to users of their applications. Which services can help them monitor the health of their applications and instances?
Elastic Load Balancing
CloudTrail
Simple Notification Service (SNS)
Elastic Beanstalk
Route 53
-Elastic Load Balancing
Load balancers monitor the health of EC2 instances and route the traffic to only instances that are in a healthy state.
-Elastic Beanstalk
Elastic Beanstalk monitors application health via a health dashboard.
-Route 53
Route 53 can be used to configure DNS health checks to route traffic to healthy endpoints or to monitor the health of your applications.
A software company is looking for a tool to automate their deployments from end to end. Which AWS service can provide this continuous delivery functionality?
CodePipeline
CodeDeploy
CodeCommit
CodeBuild
CodePipeline
CodePipeline automates the software release process.
A gaming company is using the AWS Developer Tools suite to develop, build, and deploy their applications. Which AWS service can be used to trace user requests from end to end through the application?
CloudWatch
AWS X-Ray
AWS Inspector
CloudTrail
AWS X-Ray
AWS X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application’s underlying components. You can use X-Ray to analyze from simple three-tier applications to complex microservices applications consisting of thousands of services.
Which of the following is NOT a compute service?
Elastic Block Store
Elastic Beanstalk
EC2
Lambda
Elastic Block Store
Elastic Block Store is a storage service - all others are compute services.
Which of the following AWS services can assist you with cost optimization?
AWS Inspector
AWS Shield
AWS Trusted Advisor
AWS WAF
AWS Trusted Advisor
Trusted Advisor can assist you with the cost optimization of your AWS environment.
You have a project that will require 90 hours of computing time. There is no deadline, and the work can be stopped and restarted without adverse effect. Which of the following computing options offers the most cost-effective solution?
On-Demand Instances
Custom Instances
Spot Instances
Reserved Instances
Spot Instances
Spot Instances are usually the most cost-effective solution for workloads that can be interrupted. On-Demand and Reserved Instances are both more expensive in this use case, and Custom Instances do not exist.
A company wants to build a customer identity graph to provide a single unified view of customers and prospects by linking identifiers like website browsing history, preferences, and more. Which database product allows the customer to store and navigate billions of interconnected relationships?
DocumentDB
DynamoDB
Neptune
Aurora
Neptune
Neptune is a fully managed graph database that supports highly connected datasets.
You have infrequently accessed data in S3 buckets that you want to transfer to Glacier. What can you use in AWS to do this?
S3 Lifecycle policy
Cross-origin resource sharing (CORS)
Bucket policy
Database Migration Service
S3 Lifecycle policy
You can add rules in an S3 Lifecycle configuration to tell Amazon S3 to transition objects to another Amazon S3 storage class. For example: When you know objects are infrequently accessed, you might transition them to the S3 Standard-IA storage class. You might want to archive objects that you don’t need to access in real time to the S3 Glacier storage class.
You have been tasked to create an S3 bucket for storing templates. A team member has forwarded you the templates, which are used for creating multiple different AWS resources such as S3 buckets, EC2 instances, and VPCs. Which service uses these templates to create AWS resources?
EC2
Elastic Beanstalk
OpsWorks
CloudFormation
CloudFormation
CloudFormation allows you to provision AWS resources using Infrastructure as Code (IaC) and reusable templates.
A customer wants to run an application on a local version of an EC2 instance in a disconnected environment. Which Snow Family device supports this?
Snowmobile
Snowball Edge
Snowcone
Snowball
Snowball Edge
Snowball Edge offers on-board storage and compute power that can handle local processing and edge-computing workloads in disconnected environments and handles transferring data between your local environment and AWS. Snowball Edge supports S3, EC2, Lambda, and IoT Greengrass.
Which AWS service allows the deployment of resources in code templates, otherwise known as Infrastructure as Code?
Systems Manager
OpsWorks
Elastic Beanstalk
CloudFormation
CloudFormation
CloudFormation allows you to provision AWS resources using Infrastructure as Code (IaC).
Several EC2 instances in a public subnet need internet access. Which will you configure as 1 step in granting internet access?
Internet gateway
NAT gateway
API Gateway
VPC peering
Internet gateway
An internet gateway allows public traffic to the internet from a VPC.
Scientists would like to analyze terabytes of scientific data from a rover that landed on Mars. Which service will help them find trends and understand the vast amount of data using Hadoop?
Kinesis
Data Pipeline
SageMaker
Elastic MapReduce (EMR)
Elastic MapReduce (EMR)
EMR helps you process large amounts of data using big data frameworks like Hadoop.
A development team has created a large amount of CloudFormation templates in the JSON format. Which AWS database would be best suited for storing these documents?
Amazon RedShift
Amazon DocumentDB
Amazon Aurora
AWS MySQL
Amazon DocumentDB
Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads. As a document database, Amazon DocumentDB makes it easy to store, query, and index JSON data.
A company is looking to lower its total cost of ownership (TCO) by moving the file system used for its business-critical, Linux-based applications to a managed file system in the cloud. Which service meets their needs?
Storage Gateway
Elastic Block Store (EBS)
Elastic File System (EFS)
FSx
Elastic File System (EFS)
EFS is a fully managed file system that provides elastic file storage for a broad range of Linux-based applications.
You need to store a collection of objects that can also be accessed from a different AWS Region. Which service should you use to do this?
DynamoDB
Fargate
S3
EBS
S3
S3 allows you to access objects from anywhere in the world - as long as the appropriate permissions are set!
You need to set up a data warehouse on AWS for financial/actuary data. Which AWS service will you use?
DynamoDB
ElastiCache
Redshift
RDS
Redshift
Redshift is a scalable data warehouse solution.
Which of the following best describes EBS?
A virtual hard disk in the cloud
A NoSQL database service
A virtual server instance
A managed database service
A virtual hard disk in the cloud
An EBS volume is best described as a virtual hard disk in the cloud - storage that, for all intents and purposes, appears to be directly attached to your instance. These are used by the virtual server instances in the cloud, which are known as EC2 instances.
Which of the following are AWS compute services?
(choose 2)
RDS
Lambda
EC2
SQS
Lambda
EC2
EC2 and Lambda are AWS compute services.
You need to run your code, but you don’t want to worry about provisioning or managing servers. Which of the following AWS services would you choose?
Lambda
Fargate
EC2
Storage Gateway
Lambda
Lambda is a serverless technology that allows you to run your code without provisioning a computing infrastructure.
A travel company has an application that serves customers worldwide. Which AWS service can speed up delivery of content to this widespread customer base?
S3
CloudFront
CodeDeploy
OpsWorks
CloudFront
CloudFront is a CDN that delivers data and applications globally with low latency.
A developer has created an application that will allow viewers of a popular TV show to vote for their favorite contestants. They expect to have 50 million viewers all voting at the same time at the end of each performance. When designing the system, they want to keep the voting and tallying functionality as separate standalone components. Which service will promote loose coupling between the 2 components using asynchronous integration?
Identity and Access Management (IAM)
Simple Email Service (SES)
Simple Queue Service (SQS)
Simple Notification Service (SNS)
Simple Queue Service (SQS)
You need an AWS Support plan for your production workloads, but want to keep costs to a minimum. Which of the following plans should you choose?
Enterprise
Basic
Business
Developer
Business
The Business Support plan is specifically designed for production workloads in AWS.
Which of the following are criteria affecting your billing for RDS?
(choose 3)
Data transferred in
Standard monitoring services
Number of requests
Running duration of the RDS instances
Additional storage
Number of requests
Running duration of the RDS instances
Additional storage
RDS runs on EC2 instances, so much like an EC2 instance, you are charged based on how long the RDS instances are running, how much storage they have provisioned, and the requests they’re processing.
What is the most cost-effective AWS Support Plan if you want the full set of Trusted Advisor checks?
Developer
Business
Enterprise
Basic
Business
The Business plan is the cheapest plan that will still provide the full set of Trusted Advisor checks.
Which of the following statements are true regarding AWS Reserved Instances? (Choose 3.)
Reserved Instances act as a discount on new or existing On-Demand Instances.
Reserved Instances are available in all up-front, partial up-front, or no upfront payments.
Convertible Reserved Instances can be exchanged for another Convertible Reserved Instance with different length contract terms.
Reserved Instances usually have contract terms of one to three years. The longer the term, the higher the savings.
-Reserved Instances act as a discount on new or existing On-Demand Instances.
Reserved Instances act as a discount on new or existing On-Demand Instances. The discount is applied when you launch an instance with the required specifications.
-Reserved Instances are available in all up-front, partial up-front, or no upfront payments.
Reserved Instances are available in all up-front (AURI), partial up-front (PURI), or no upfront payments (NURI). The more you pay up-front, the higher the savings.
-Reserved Instances usually have contract terms of one to three years. The longer the term, the higher the savings.
Reserved Instances usually have contract terms of one to three years. Standard RIs provide the biggest discount for a designated instance type over a long-term contract. Convertible RIs provide a smaller discount but let you change the instance type.
You need to track your AWS costs on a detailed level. Which tool will allow you to do this?
AWS CloudTrail
AWS Organizations
Cost Allocation Tags
CloudWatch
AWS CloudTrail
AWS CloudTrail can provide auditing on all activity in your account, but it will not provide billing information.
Which S3 storage class is the best value for long-term archive?
S3 Standard
S3 Standard Infrequent-Access
Glacier
S3 Intelligent-Tiering
Glacier
Glacier is a low-cost storage option for data archiving. It can take several hours to retrieve the data, but if this is acceptable, it is the best value for long-term storage of data.
Which of the following are support levels offered by AWS?
Developer
Business
Basic
Start-up
Individual
Developer
Business
Basic
AWS Support currently has five levels (1 free and 4 paid). The Basic plan is the free entitlement for all AWS Customers. The four paid support plans in order of ascending cost are Developer, Business, Enterprise On-Ramp and Enterprise. Start-up and Individual do not exist as Support Plans
You have decided to use the AWS Cost and Usage Report to track your EC2 Reserved Instance costs. Which AWS service can be used to store AWS Cost and Usage report files?
Trusted Advisor
CloudWatch
An AWS-owned S3 bucket
An S3 bucket you own
An S3 bucket you own
You can use Cost and Usage Reports to publish your AWS billing reports to an S3 bucket you own. AWS updates the report in your bucket once a day in comma-separated value (CSV) format. You can view the reports using spreadsheet software or access them from an application using the Amazon S3 API.
A company would like to call AWS support to open cases when issues arise. What’s the minimum support plan they need to subscribe to in order to have telephone access?
Enterprise
Business Support
Developer Support
Basic support
Business Support
Business Support is the minimum plan that provides access to support via telephone.
Which of the following AWS Support levels offers 24x7 support via phone or chat?
Developer
Basic
Business
Individual
Business
The Business and Enterprise support plans, the two most expensive plans, offer 24 X 7 support via phone or chat.
