Practice Exam Answer Explanations

Question 1

Loose Coupling

Answer 1

• Loose Coupling helps reduce the risk of cascading failures between components.
• Loosely coupled components are connected but not dependent on each other.

Question 2

IaC

Answer 2

Infrastructure as Code (IaC) is a key implementation of automation in cloud – using Infrastructure as Code allows you to deploy and manage your environment without reliance on humans to complete all the tasks quickly and easily.

Question 3

Application Code

Answer 3

Application code is a form of programmatic access. Programmatic access provides access to your AWS resources through an application or tool like the CLI.

Question 4

AWS CLI

Answer 4

The AWS CLI allows you to access your AWS account through a terminal or command window.

Question 5

AWS Management Console

Answer 5

The AWS Management Console allows you to access your AWS account and manage applications running in your account from a web browser.

Question 6

AWS Person Health Dashboard

Answer 6

AWS Personal Health Dashboard provides alerts and guidance for AWS events that might affect your environment.

Question 7

Shared Controls

Answer 7

Shared controls are elements of the shared responsibility model where both AWS and the customer have shared responsibilities within their own contexts. Patch management is a shared control, since AWS is responsible for patching and fixing flaws within the infrastructure, including managed services like RDS, but customers are responsible for patching their guest OS and applications.

Question 8

Amazon WorkSpaces

Answer 8

Amazon WorkSpaces is a managed, secure Desktop-as-a-Service (DaaS) solution. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe.

Question 9

Amazon Inspector

Answer 9

You will need to turn to Amazon Inspector for security assessment. Not only does it identify vulnerabilities in your application, it will also spot deviations from security best practices. AWS Shield and WAF protect the application from attacks that exploit vulnerabilities, rather than identify them. Trusted Advisor only provides recommendations on how to improve security.

Question 10

Authentication

Answer 10

Authentication defines the “who” in regard to access. Authentication is where you present your identity (username) and provide verification (password).

Question 11

Access Keys

Answer 11

Access keys provide programmatic access to AWS and should not be embedded in code or shared with other users.

Question 12

Root User

Answer 12

• You should not use the root user for daily tasks.

- You should enable multi-factor authentication (MFA) for the root user and other administrative users.

Question 13

Least Privilege

Answer 13

You should only grant the least privilege needed to perform a task.

Question 14

SSH Client

Answer 14

An SSH client is a program that allows establishing a secure connection from your local laptop to an EC2 instance.

Question 15

Key Pair

Answer 15

A key pair, consisting of a private key and a public key, is a set of security credentials you use to prove your identity when connecting to an instance. Amazon EC2 stores the public key. You store the private key locally typically as a pem file.

Question 16

S3 Glacier

Answer 16

Glacier offers extremely inexpensive data archival but requires a 3- to 5-hour data-retrieval window for standard retrievals – though this time can be reduced for a price.

Question 17

CloudFront

Answer 17

CloudFront is a CDN that delivers data and applications globally with low latency.

Question 18

EBS

Answer 18

EBS volumes are “virtual hard disks” for your EC2 instance.

Question 19

Athena

Answer 19

Athena allows the company to query data in S3 using standard SQL.

Question 20

ElastiCache

Answer 20

ElastiCache is an in-memory cache service used to improve database performance. This means that it saves your most common queries for quicker data retrieval rather than retrieving directly from your database. As a result, it is classified as an AWS database service.

Question 21

Edge Locations

Answer 21

Edge locations consist of over 200+ points of presence around the world that provide fast entry into Amazon’s global network. Because of how widespread they are, users can connect to their nearest edge location and have their traffic sent through amazon’s fast global network to reach the resources it needs sooner. This is how CloudFront’s caching mechanism works. There are far less Availability Zones and Regions than edge locations, which is why CloudFront does not use them for caching content.

Question 22

Types of Access to AWS

Answer 22

The two types of access are AWS Management Console access and programmatic access. Programmatic access is available via the AWS API, the CLI and the SDKs – and an IAM user can use all these methods.

Question 23

RedShift

Answer 23

Redshift is a scalable data warehouse solution that supports querying, reporting, analytics and business intelligence. It can be used when you need to consolidate multiple data sources for reporting and don’t require real-time transaction processing (Insert, update, and delete).

Question 24

SDKs

Answer 24

Software development kits (or SDKs) provide everything you need to develop and manage applications in AWS, including the programming language of your choice.

Question 25

Organizations

Answer 25

Organizations allows you to centrally manage multiple AWS accounts under 1 umbrella. You can allocate resources and apply policies across accounts.

Question 26

Control Tower

Answer 26

Control tower helps you ensure your accounts conform to company-wide policies. Control Tower actually sits on top of Organizations.

Question 27

AWS Basic Support

Answer 27

The AWS Support Basic tier is the free support given to all AWS accounts. All accounts receive billing support, because every customer needs an avenue to lodge disputes or make requests around their billing.

Question 28

AWS Business Support

Answer 28

Business Support is the minimum plan that provides access to support via telephone.

Question 29

AWS Enterprise Support

Answer 29

Only the Enterprise Support plan provides a designated Technical Account Manager (TAM) for your AWS account.

Question 30

Standard Reserved Instance

Answer 30

Standard Reserved Instances provide you with a significant discount (up to 72%) compared to On-Demand Instance pricing and can be purchased for a 1-year or 3-year term.

Question 31

CloudFront

Answer 31

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds, all within a developer-friendly environment.

Question 32

APN Consulting Partners

Answer 32

APN Consulting Partners include professional services organizations like system integrators, strategic consultancies, agencies, managed service providers (MSPs), and value-added resellers. In this case, we would engage a Consulting Partner to help us deploy out new system to the AWS Cloud.

Question 33

Highly Available System

Answer 33

A highly available system is always online – without the need for human intervention. Although fault tolerance is closely related to high availability, fault tolerance usually implies a degradation of service without human intervention, unlike high availability which is like-for-like.

Question 34

Regional Deployment

Answer 34

You are free to deploy your applications to new Regions. Don’t forget: CloudFormation can make the process of provisioning resources easier and repeatable.

Question 35

Systems Manager

Answer 35

Systems Manager allows you to manage RDS instances. You can even use it to auto-patch and run commands on multiple EC2 instances.

Question 36

Authentication

Answer 36

Authentication identifies who is accessing the system and passes that information to the authorization process, which in turn determines what permissions the user has in AWS.

Question 37

Config

Answer 37

Config specifically focuses on listing the resources in your AWS account and presenting their configuration change history.

Question 38

Aurora

Answer 38

Aurora is a relational database compatible with MySQL and PostgreSQL that was created by AWS.

Question 39

RedShift

Answer 39

Redshift allows you to run complex analytic queries against petabytes of structured data, using sophisticated query optimization, columnar storage on high-performance local disks, and massively parallel query execution.

Question 40

Elastic MapReduce (EMR)

Answer 40

Elastic MapReduce (EMR) helps you process large amounts of data using big data frameworks like Hadoop.

Question 41

Reserved Instance

Answer 41

• Reserved Instances are a great way of reducing costs on long running applications with predictable workloads. Even if the money is not available to make upfront payments, using Reserved Instances over longer periods can still be useful for cost savings.
• Reserved Instances have 3 main pricing models: Standard, Convertible and Scheduled. Each model is targeted with a specific use case and benefits from its own level of discounted price.

Question 42

AWS Support Levels

Answer 42

AWS Support has 4 levels. Basic is their free entitlement for all AWS Customers. The 3 paid support plans in order of ascending cost are Developer, Business and Enterprise.

Question 43

EC2 On-Demand

Answer 43

EC2 On-Demand is best for applications with short-term, spiky, or unpredictable workloads.

Question 44

SNS

Answer 44

SNS allows you to send emails and text messages from your distributed applications.

Question 45

SES

Answer 45

SES is an email service that can send HTML formatted messages from applications.

Question 46

Dedicated Hosts

Answer 46

Dedicated Hosts allow you to use your existing per-socket, per-core or per-VM software licenses to help maintain license compliance. This is similar to Dedicated Instances, but Dedicated Hosts provide more restrictive control over the server.

Question 47

Dedicated Instances

Answer 47

Dedicated Instances ensure your instance will run on a dedicated physical server due to licensing restrictions that don’t allow for software to run on a shared tenancy model.

Question 48

Elastic File System (EFS)

Answer 48

Amazon Elastic File System (EFS) is an elastic file system for Linux-based workloads.