Practice Exams Questions

Question 1

What are the different gateway types suported by AWS Storage Gateway Service?

Answer 1

Tape Gateway, File Gateway, and Block Gateway

Question 2

Which AWS service helps with global application availability and performance using the AWS global network?

Answer 2

Global Accelerator

Question 3

Which AWS service can be used to store, manage, and deploy docker container images?

Answer 3

Amazon Elastic Container Registry (ECR)

Question 4

An org must use a hardware device for data encryption ops in the cloud. Which service to use?

Answer 4

AWS CloudHSM

Question 5

Secure Shell Access to EC2 instances without opening new ports or using public IP addresses?

Answer 5

Systems Manager Session Manager

wtf.

Question 6

Is server side encryption Customer or AWS respsonsibility? (Shared Responsibility Model)

Answer 6

Customer

Question 7

Shared Respsonsibility: Security and Compliance

Does AWS need to manage physical locations and infrastructure?

Answer 7

Yes

Question 8

is the service ‘AWS service quotas’ a part of the well-architected framework pillar?

Answer 8

Yes

This is a way of configuring limits for services from a single point.

Question 9

is AWS Trusted Advisor part of the well-architected framework pillar?

Answer 9

yes

Question 10

For windows based systesms, there is an AWS offering that gives a flexible, fully managed, scalable FS. What is it called?

Answer 10

FSx for Windows File Server

Question 11

Who is responsible for encrypting data in Amazon RDS? (Shared Respsonsibility Model)

Answer 11

The Customer

Question 12

Is it recommended to enable MFA for root?

Answer 12

Yes

Question 13

Are the root user access credentials the email address and password used to create the AWS account?

Answer 13

Yes

Question 14

Does the root account get IAM policies applied to it?

Answer 14

NO; root user accesses / permissions cannot be restricted.

Question 15

What is AWS partner network for?

Answer 15

identify the right services to build solutions on the AWS cloud.

Question 16

What is AWS service catalog?

Answer 16

allows orgs to create and manage catalogs of IT services that are approved for use on AWS. These services can include anything from virtual machine images, servers, software, and databases.

Question 17

How many AZ’s does a VPC span?

Answer 17

All the AZ’s in the region

Question 18

How many AZ’s does a VPC subnet span?

Answer 18

Only a single AZ in a given region.

Question 19

How many cases can be open under the developer support plan?

Answer 19

Only One Contact, but they may have Unlimited cases open

Question 20

Access Key and Secret Access are tied to which AWS Identity and access management entitY?

Answer 20

IAM user;

Access keys are not applied to roles, groups, or AWS Policies.

Question 21

Can cloudwatch and SNS be used together to notify staff about CPU utilization on a fleet of EC2 instances?

Answer 21

Yes.

Question 22

Most cost-effective support plan to get 24/7 phone based technical support?

Answer 22

Business

Question 23

What services does AWS Compute Optimizer evaluate?

Answer 23

It helps you identify the optimal resource configs for:
EC2 Instances
EC2 Auto Scaling Groups
EBS Volumes
Lambda Functions

Question 24

Elasticity, Availability, and Scalability are described in AWS Well-Architected Framework.

Answer 24

False

Question 25

Tool for reviewing your workloads against best practices for cost optimization, security, and performance improvement, then obtain ADVICE to architect them better.

Answer 25

Trusted Advisor

Question 26

IAM and Cloudfront are global in scope.

Answer 26

True

Question 27

AWS S3 is global in scope.

Answer 27

False;

This is a shitty trick question beause S3 is in the global namespace, but the individual buckets are regional.

Question 28

What is the primary benefit of deploying RDS in a Multi-AZ config?

Answer 28

It enhances Database Availability.

Question 29

Name the policy that describes prohibited uses of amazons services.

Answer 29

Acceptable Use Policy

Question 30

With Elastic Beanstalk, can you deploy code to AWS and have it handle the deployment on it’s own, while still having access to the underlying OS for further enhancements?

Answer 30

Yes.

works with:
Java
.Net
PHP
Node.js
Python
Ruby
Go
Docker

Uses servers like:
Apache
Nginx
Passenger
IIS

Question 31

Name 3 Services that can help to prevent a DDOS attack

Answer 31

1. Shield
2. WAF
3. Cloudfront with Route 53

Question 32

What is Athena?

Answer 32

Interactive query service that lets you analyze data in S3 using standard SQL. It’s serverless too, so there is no infra, and you just pay for the queries you run.

Question 33

Is inbound and outbound data charged for moving data between regions?

Answer 33

No, only outbound data is charged.

Question 34

Explain the difference between a secutiry group and a NACL.

Answer 34

A secutiry group acts as a firewall at the instance level, where a NACL acts as a firewall at the subnet level.

Question 35

Provide two options for connecting on-prem networks with AWS Cloud.

Answer 35

Direct Connect and AWS VPN

Question 36

Can you use internet gateway to connect on-prem network with AWS Cloud?

Answer 36

No

Question 37

What is Amazon EMR?

Answer 37

Used for big data platform . Great for processing huge data using open source tools like HADOOP, or spark on AWS.

Used to be called Elastic Map Reduce

Question 38

Which Support package includes concierge support team, as well as a response time of about one hour if systems go down

Answer 38

Enterprise.

Question 39

Which support plan gives access to a technical account manager?

Answer 39

Enterprise.

Question 40

What does AWS inspector do?

Answer 40

It’s an automated security assessment service that checks apps for:
- exposure
- vulnerabilities
- deviations from best practices

Question 41

AWS Managed RDS Instances are optimized for what?

Answer 41

One of the following:
- Memory
- Performance
- I/O

This means that the AWS managed versions are more performant than customer managed DB’s.

Question 42

What is the highest possible discount for spot instances?

Answer 42

90%

Question 43

Which services support reservations to optimize costs?

Answer 43

• DynamoDB
• EC2 Instances
• RDS
• Elasticache
• Redshift

Question 44

What are advantages of cloud over on site infra?

Answer 44

• Eliminate guessin on infra capacity
• Trade capital expense for variable expense

Question 45

Which support plan provides architectural guidance contextual to your specific use-cases?

Answer 45

Business

I assume enterprise does as well. I suppose it was wrong because it wasn’t the cheapest option to do so.

Question 46

How to handle requirements to encrypt data prior to sending it to AWS S3 buckets?

Answer 46

Enable client-side encryption using AWS encryption SDK.

Question 47

What’s a great way to audit AWS ACCOUNT activity?

Answer 47

Cloudtrail gives you information that is happening at the account levle, so admin, and potentially service configs actions and what not

Question 48

Give two good means of getting assistance for migrating data and applications to cloud.

Answer 48

• AWS professional services
• Use the AWS Partner Network to get a custom solution built

Question 49

For a VPC, can security groups contain DENY rules?

Answer 49

No

Question 50

For a VPC, does AWS or the customer manage the NAT gateway?

Answer 50

AWS

Question 51

HOw can a company have control over creating it’s own encryption keys?

Answer 51

Customer Managed CMK

Question 52

Which support plan gives access to infra event management for an additional fee?

Answer 52

Business

Question 53

What is something that is a shared responsibility of both the customer AND AWS?

Answer 53

Configuration Management:
AWS must maintain the configuration, but the customer is the one who defines it. Therefore it’s the responsibility of both parties.

Question 54

Can you remove an AWS account from an organization if it cannot operate as a stand-alone account?

Answer 54

No. It must be able to function as a stand alone.

Question 55

Which services does Shield Advanced protect?

Answer 55

• Route 53
• Global Accelerator
• EC2
• ELB
• Cloudfront

Question 56

Which service can be used to review HIPAA compliance and governance-related documents?

Answer 56

Arfitact

Question 57

Which services support VPC endpoint gateway for private connection from a VPC?

Answer 57

• S3
• DynamoDB

These are the only two

Question 58

Which support plan gives access to onlne training with self-paced labs?

Answer 58

Enterprise.

Question 59

Which support plans give access to guidance, configuration and troubleshooting of AWS Interop with THIRD-PARTY software?

Answer 59

Business and Enterprise.

Question 60

How many AZs are in a Region?

Answer 60

Two or more.

Question 61

How many discrete centers are in a given AZ?

Answer 61

One or more.

Question 62

Which support plas gives access to only 7 core checks from the Trusted Advisor best practice checks?

Answer 62

• Basic
• Developer

Question 63

Change management tooling:

Answer 63

• Cloudtrail
• Config
• Cloudwatch

My understanding of this is that because it will show you which changes have been made, when, and by whom.

Question 64

This service gives you the ability to produce alerts when reservation utilization falls below a set threshold.

Answer 64

Budgets

Question 65

At what layer does WAF function?

Answer 65

Layer 7 only (http / https)

Question 66

EC2 is an Infrastructure as a service?

Answer 66

Yes.

Question 67

Does AWS cloudtrail logs have encryption enabled by default?

Answer 67

yes.

Question 68

Does AWS S3 have encryption enabled by default?

Answer 68

no.

Question 69

Do cloud apps trade variable expense for capital expense?

Answer 69

No, they trade Capital Expense (physica stuff, energy costs) for variable expense (utilization costs)

Question 70

True or False: A Site-to-Site contains a Customer Gateway, and a Virtual Private Gateway?

Answer 70

True!

A site to site vpn has the following:
- Virtual Private Gateway
- Transit Gateway
- Customer Gateway
- Customer Gateway Device

Question 71

What is a powerful search tool from AWS that can provide search multiple scattered and huge repositories of text information for specific terms?

Answer 71

AWS Kendra

ML service that can search enormous quantities of text information.

Question 72

How long for Snowball to move Terabytes of data?

Answer 72

about a week

Question 73

Which AWS Support plan provides general architecture guidance on how services can be used for various use-cases, workloads, or applications?

Answer 73

Developer

Question 74

How to receive detailed reports that break down a companies AWS costs by the hour in an S3 Bucket?

Answer 74

AWS Cost and Usage Reports

This is the most comprehensive cost and usage data available to the customer.

Question 75

True or False: EC2 Instances can access files on an EFS file system across many availability zones, regions, and VPC’s?

Answer 75

True.

Question 76

Amazon Rekognition is capable of quickly resizing images

Answer 76

False

Rekognition can identify:
- objects
- people
- text
- scenes
- activities
- facial analysis and search

Question 77

Is AWS WAF a regional scoped service?

Answer 77

NO, it is a global scope.

Question 78

For collaborative working environments between VPCs, would it be better to use VPC Peering or AWS Transit Gateway?

Answer 78

Transit Gateway

This arranges various VPC’s on a start topology, so a central hub is respsonible when routing between, so complex VPC relationship management is not needed.

Question 79

Which AWS support plan guarantees a response time of 15 minutes when business critical systems are down?

Answer 79

Enterprise.

Question 80

What are the types of Budgets?

Answer 80

Usage Budget
Reservation Budget
Cost Budget
Savings Plan Budget

Question 81

When an application and it’s data needs migrating to regions that are in a different country, how to approach this?

Answer 81

Create resources, migrate data, then applications.

Question 82

True or false: You must activate AWS Generated Tags and User Defined Tags separately before they can appear in Cost Explorer or a cost allocation report

Answer 82

True

Question 83

True or False: a tag key must be unique, and each tag key can have only one value

Answer 83

True

Question 84

Does a Security Group Automatically allow return traffic?

Answer 84

Yes, this is considered stateful

Question 85

NACL (Network Access Control Lists) automatically allow return traffic?

Answer 85

No, responses to allowed inbound traffic are subjec to outbound rules. Outbound traffic may be denied.

This is considered stateless.

Question 86

Which AWS Services support high availability by default?

Answer 86

• DynamoDB
• EFS

There could be more, i didn’t see a comprehensive list.

Question 87

Maintaining infrastructure as code is covered under the well-architected framework. Which pillar?

Answer 87

• Operational Excellence

Question 88

Billing data is stored where always?

Answer 88

US East 1 – north virginia

Question 89

How is EFS Chargeed?

Answer 89

You pay a fee when you read or write - Infrequent Access Storage Class

Question 90

How is EBS Charged?

Answer 90

They are stored incrementally so you are only billed ffor the changed blocks which were stored.

Question 91

How to connect a VPC direct to S3?

Answer 91

VPC Endpoint Gateway

Question 92

Trusted advisor provides best practice recommendations for which categories?

Answer 92

Cost Optimization and Service Limits

Question 93

Which two services would be used to really dial in cost vs utilization (under utilization specifically)?

Answer 93

Trusted Advisor and Cost Explorer

Question 94

Which two services automatically have data encryption enabled?

Answer 94

Storage Gateway and S3 Glacier

Question 95

What are the mandatory elements of an IAM Policy?

Answer 95

Effect, Action

these are defined in JSON