Practice Exam 6 Flashcards
Which of the following compute services is ideal if you need to run a simple website or a simple e-commerce application?
Lambda
Elastic Beanstalk
Lightsail
EC2
Lightsail
Lightsail is ideal for simple websites or simple e-commerce applications.
Users need to access AWS resources from the Command Line Interface. Which IAM option can be used for authentication?
IAM group
IAM policy
IAM role
Access keys
Access keys
You must provide your AWS access keys to make programmatic calls to AWS or to use the AWS Command Line Interface or AWS Tools for PowerShell.
Which defines one or more discrete data centers with redundant power, networking, and connectivity?
AWS Local Zones
Region
Edge location
Availability Zone
Availability Zone
An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. AZs are physically separated by a meaningful distance, many kilometers, from any other AZ, although all are within 100 km (60 miles) of each other.
When would you use the Reserved Instance pricing model?
(Choose 2)
Your application has steady state usage
Your application has unpredictable workloads
Your application requires a capacity reservation
Ability to bid on the lowest compute price possible
-Your application has steady state usage
Reserved Instances are a great way of reducing costs on long running applications with steady state usage. Even if the money is not available to make upfront payments, using Reserved Instances over longer periods can still be useful for cost savings.
-Your application requires a capacity reservation
Amazon EC2 Reserved Instances (RI) can provide a capacity reservation, offering additional confidence in your ability to launch the number of instances you have reserved when you need them.
Which following statement is true of newly created security groups with their default rules?
New security groups block outbound traffic and allow all incoming traffic.
New security groups allow both incoming and outbound traffic.
New security groups block both incoming and outbound traffic.
New security groups allow only outbound traffic and block all incoming traffic.
New security groups allow only outbound traffic and block all incoming traffic.
By default, new security groups start with only an outbound rule to allow all traffic to leave the instances. You must add rules to enable any inbound traffic.
Which of the following describes a subnet accurately?
The Amazon VPC side of a VPN connection.
A segment of a VPC’s IP address range where you can place groups of isolated resources.
A logically isolated virtual network in the AWS cloud.
The Amazon VPC side of a connection to the public Internet.
A segment of a VPC’s IP address range where you can place groups of isolated resources.
A virtual private cloud, or VPC, is the virtual network you create in your AWS account. When you create a VPC, you split it into smaller network segments by specifying a range of IP addresses. These segments are referred to as subnets, and this is where you launch your AWS resources.
Which of the following are part of the AWS storage services category?
(Choose 3)
Amazon RDS
Amazon S3
Amazon EFS
Amazon Redshift
Storage Gateway
Amazon S3
Amazon EFS
Storage Gateway
Are storage services.
The AWS Global Infrastructure comprises Regions, Availability Zones, and edge locations, and there is a different number of each infrastructure element. Select the option that shows the correct order from greatest to least.
Number of Availability Zones > Number of Edge Locations > Number of Regions
Number of Availability Zones > Number of Regions > Number of Edge Locations
Number of Regions > Number of Availability Zones > Number of Edge Locations
Number of Edge Locations > Number of Availability Zones > Number of Regions
Number of Edge Locations > Number of Availability Zones > Number of Regions
The number of edge locations is greater than the number of Availability Zones, which is greater than the number of Regions. Regions contain Availability Zones, therefore there will always be more AZs than Regions.
Your application needs fully managed storage for objects. Which of the following options should you choose?
EBS
S3
RDS
EC2
S3
S3 is fully managed storage for objects. EBS provides virtual hard disks in the cloud and is block-based, not object-based. EC2 is a compute service, and RDS is a database service.
Which of the following statements are true of Amazon Aurora?
(Choose 2)
It uses the AWS Management Console, AWS CLI commands, and API operations to handle routine database tasks.
It is part of the Amazon DynamoDB service.
It can deliver up to three times the throughput of MySQL.
It is compatible with the MySQL and PostgreSQL database engines.
-It uses the AWS Management Console, AWS CLI commands, and API operations to handle routine database tasks.
You can handle routine database tasks on it using either the AWS Management Console, AWS CLI commands, or API operations.
-It is compatible with the MySQL and PostgreSQL database engines.
Amazon Aurora is compatible with MySQL and PostgreSQL.
Which of the following enables you to interact with AWS services using only textual commands?
Amazon API Gateway
AWS SDK
AWS CLI
AWS Management Console
AWS CLI
‘CLI’ stands for ‘Command Line Interface’, which is the open source tool used for executing tasks in AWS by typing and entering textual commands.
Which of the following best describes Availability Zones (AZs)?
Two zones containing compute resources that are designed to automatically maintain synchronized copies of each other’s data
Restricted areas designed specifically for the creation of virtual private clouds (VPCs) that span AZs
A content distribution network used to deliver content to users
Distinct locations from within an AWS Region that are engineered to be isolated from failures
Distinct locations from within an AWS Region that are engineered to be isolated from failures
Availability Zones are distinct locations from within an AWS Region that are engineered to be isolated from failures. Each Region is made up of 1 or more AZs. Availability Zones host almost every AWS service, including EC2 instances, S3 buckets, and much more. Some services will maintain copies of your data between Availability Zones, but this is dependent on the individual service (for example, S3 can store data in multiple AZs, whereas an EC2 instance is tied to a single AZ).
Enabling Amazon GuardDuty automatically grants the service permission to analyze continuous metadata streams from which of the following data sources?
(Choose 3)
VPC Flow Logs
AWS CloudTrail logs
Amazon S3 buckets
DNS query logs
-VPC Flow Logs
VPC Flow Logs captures information about the IP traffic going to and from Amazon EC2 network interfaces in your VPC. When you enable GuardDuty, it immediately starts analyzing your VPC Flow Logs data. It consumes VPC Flow Logs events directly from the VPC Flow Logs feature through an independent and duplicative stream of flow logs.
-AWS CloudTrail logs
AWS CloudTrail provides you with a history of AWS API calls for your account, including API calls made using the AWS Management Console, AWS SDKs, command-line tools, and higher-level AWS services. CloudTrail also allows you to identify which users and accounts called AWS APIs for services that support CloudTrail, the source IP address that the calls were made from, and when the calls occurred. When you enable GuardDuty, it immediately starts analyzing your CloudTrail event logs. It consumes CloudTrail management and S3 data events directly from CloudTrail.
-DNS query logs
This option only works if you use AWS DNS resolvers for your EC2 instances. GuardDuty will be able to access and process your request and response DNS logs through the internal DNS resolvers. When you enable GuardDuty, it will immediately start analyzing DNS logs through an independent data stream.
You are working with IAM and need to attach policies to users, groups, and roles. Which of the following will you be attaching these policies to?
Resources
Principals
Entities
Identities
Identities
Identities are the IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles.
You need to set up a virtual firewall for your EC2 instance. Which would you use?
Subnet
Network ACL
IAM policy
Security group
Security group
A security group acts as a virtual firewall for your instance to protect your EC2 instance by controlling inbound and outbound traffic.
Which of the following does Amazon ensure will happen when paying for AWS on an as-needed basis?
(Choose 3)
Spending less money in the long term
Enabling the full elasticity of business operations
Reducing procurement complexity
Redirecting focus to innovation and invention
Spending more money in the long term
-Enabling the full elasticity of business operations
Amazon provides certain benefits when you pay for services on an as-needed basis for your business. You can spend more time innovating and inventing, which consequently enables your business to be fully elastic.
-Reducing procurement complexity
Amazon provides certain benefits when you pay for services on an as-needed basis for your business. You can spend more time innovating and inventing, which consequently reduces the complexity of procurement.
-Redirecting focus to innovation and invention
Amazon provides certain benefits when you pay for services on an as-needed basis for your business, so you can spend more time innovating and inventing.
Which term refers to the Identity and Access Management (IAM) resource objects that AWS uses for authentication?
Resources
Identities
Principal
Entities
Entities
IAM entities are the users (IAM users and federated users) and roles that are created and used for authentication.
An auditor is conducting an audit of your IT operations for compliance. The auditor requests visibility to logs of event history across your AWS-based employee expense system infrastructure. Which AWS service will record and provide you the information you need?
AWS CloudWatch Logs
AWS Compliance Manager
AWS Systems Manager
AWS CloudTrail
AWS CloudTrail
AWS CloudTrail provides visibility to API call activity for AWS infrastructure and other services. AWS Cloudwatch Logs might be part of a centralized logging solution, but all API event information will come from CloudTrail. AWS Systems Manager can process EC2 logs only, and AWS Compliance Manager is not a service offered by AWS.
Which of the following are characteristics of Availability Zones (AZs)?
(Choose 3)
Physically separated
Data centers housed in the same facility
Fault tolerant
Connected through low-latency links
-Physically separated
AZs are physically separated.
-Fault tolerant
AZs are fault tolerant.
-Connected through low-latency links
AZs are connected to each other through low-latency links.
Which of the following are characteristics of cloud computing?
(Choose 3)
Cloud charges are capital expenditures.
Pay-as-you-go pricing
No extra skills or training are required.
Services are delivered via the internet.
On-demand delivery
-Pay-as-you-go pricing
The on-demand delivery via the internet of services with pay-as-you-go pricing characterizes cloud computing.
-Services are delivered via the internet.
The on-demand delivery via the internet of services with pay-as-you-go pricing characterizes cloud computing. Services incurred from a cloud services provider are operating expenses, not capital expenses. Capital expenditure (CapEX) is less common with the cloud, in favor of operational expenditure (OpEx). Skills and training for personnel are required to leverage cloud computing.
-On-demand delivery
The on-demand delivery via the internet of services with pay-as-you-go pricing characterizes cloud computing.
A company on the Business Support plan currently runs all their applications in a single Region. They have made the decision to expand to multiple Regions. What is the process to start deploying their applications to the new Regions?
Reach out to their Technical Account Manager (TAM) for assistance.
Open an account and billing support case with AWS Support.
Just start deploying the applications to the new Regions.
Copy the existing Availability Zone group to the new Regions.
Just start deploying the applications to the new Regions.
You are free to deploy your applications to new Regions. Don’t forget: CloudFormation can make the process of provisioning resources easier and repeatable.
Which of the following is AWS’ managed DDoS protection service?
Security groups
AWS Shield
AWS WAF
Access control lists
AWS Shield
AWS Shield is AWS’ managed DDoS protection service at Layer 4.
Adding resources to your application as user demand grows is an example of which cloud concept?
Automation
Scalability
Elasticity
High availability
Scalability
Scalability is the concept that, as cloud has essentially limitless capacity, it allows you to expand out as needed - as detailed in the question.
Which of the following AWS Support levels offers the assistance of a Technical Account Manager?
Business
Premium
Enterprise
Developer
Enterprise
Only Enterprise (the highest level of AWS Support plans) offers the services of a Technical Account Manager.
Your Development team uses 4 On-Demand EC2 instances. Your QA team has 5 Reserved Instances, only 3 of which are being used. Assuming all AWS accounts are under a single AWS Organization, how will the Development team’s instances be billed?
The Dev team will be billed for 2 instances at On-Demand prices and 2 instances at the Reserved Instance price.
The pricing for the Reserved Instances will shift from QA to Dev.
All the Dev team’s instances will be billed at the On-Demand rate.
All the Dev team’s instances will be billed at the Reserved Instance rate.
The Dev team will be billed for 2 instances at On-Demand prices and 2 instances at the Reserved Instance price.
Since the QA team has 5 Reserved Instances and only 3 are being used, that means 2 of the Reserved Instances are free. Since both teams belong to the same AWS Organization, the pricing for the 2 unused instances would be applied to 2 of the 4 Dev On-Demand instances.
Which of the following are AWS Security, Identity, and Compliance services?
(Choose 3)
AWS Security Hub
AWS Secrets Manager
AWS Key Management Service (KMS)
AWS Trusted Advisor
AWS Organizations
-AWS Security Hub
AWS Security Hub is part of the Security, Identity, and Compliance services. It provides you with a comprehensive view of your security state within AWS and your compliance with security standards and best practices.
-AWS Secrets Manager
AWS Secrets Manager is part of the Security, Identity, and Compliance services. It is a secrets management service that helps you protect access to your applications, services, and IT resources.
-AWS Key Management Service (KMS)
AWS Key Management Service is part of the Security, Identity, and Compliance services. It is a managed service that enables you to easily create and control the keys used for cryptographic operations.
