Practice Test 1

Question 1

Which aspects of security on AWS are customer responsibilities? (Select TWO.)
A.Patching of storage systems
B.Availability of AWS regions
C.Setting up account password policies
D.Server Side encryption
E.Physical access controls

Answer 1

C.Setting up account password policies
D.Server Side encryption

Explanation

AWS are responsible for the “security of the cloud”. This includes protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

The customer is responsible for “security in the cloud”. Customer responsibility depends on the service consumed but includes aspects such as Identity and Access Management (includes password policies), encryption of data, protection of network traffic, and operating system, network and firewall configuration.

Question 2

A Cloud Practitioner needs to decide which Amazon S3 storage class to use for storing copies of backup data. The storage must provide rapid access when needed but resiliency can be low. Which storage class is most suitable?

A.Amazon S3 Standard
B.Amazon S3 Glacier Deep Archive
C.Amazon S3 Glacier
D.Amazon S3 One Zone-IA

Answer 2

D.Amazon S3 One Zone-IA

Explanation:
S3 One Zone-IA is for data that is accessed less frequently, but requires rapid access when needed. Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ and costs 20% less than S3 Standard-IA.
CORRECT: “Amazon S3 One Zone-IA” is the correct answer.

INCORRECT: “Amazon S3 Standard” is incorrect. This storage class provides higher durability and availability but costs more.

INCORRECT: “Amazon S3 Glacier Deep Archive” is incorrect. This storage class is used for archiving so data cannot be immediately accessed.

INCORRECT: “Amazon S3 Glacier” is incorrect. This storage class is used for archiving so data cannot be immediately accessed.

Question 3

When a customer deploys a database on Amazon RDS, what is the customer responsible for?

A,Managing automatic backups of the database
B.Controlling network access through security groups
C.Configuring Auto Scaling for high availability of instances
D.Patching the underlying operating system

Answer 3

B.Controlling network access through security groups

Explanation:
he Amazon Relational Database Service (RDS) is a managed service where AWS manage administration tasks including hardware provisioning, database setup, patching and backups. The customer is responsible for configuring security groups to control access to the database.

CORRECT: “Controlling network access through security groups” is the correct answer.

INCORRECT: “Patching the underlying operating system” is incorrect as this is taken care of by AWS.

INCORRECT: “Managing automatic backups of the database” is incorrect as this is taken care of by AWS.

INCORRECT: “Configuring Auto Scaling for high availability of instances” is incorrect as you cannot use Auto Scaling with RDS for availability of the database instances.

Question 4

Which service records API activity on your account and delivers log files to an Amazon S3 bucket?    
A.Amazon S3 Event Notifications
B.Amazon CloudWatch
C.AWS CloudTrail
D.Amazon CloudWatch Logs

Answer 4

C.AWS CloudTrail

Explanation:
AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is for auditing whereas CloudWatch is for performance monitoring.

CORRECT: “AWS CloudTrail” is the correct answer.

INCORRECT: “Amazon CloudWatch” is incorrect as this service performs performance monitoring, not API auditing.

INCORRECT: “Amazon S3 Event Notifications” is incorrect. S3 Event Notifications is a feature that notifies you when certain events happen in your S3 buckets, it does not record API activity at the account level.

INCORRECT: “Amazon CloudWatch Logs” is incorrect. Amazon CloudWatch Logs lets you monitor and troubleshoot your systems and applications using your existing system, application and custom log files

Question 5

Which benefit of the AWS Cloud eliminates the need for users to try estimating future infrastructure usage?
A.Elasticity of the AWS Cloud
B.Easy global deployments
C.Security of the AWS Cloud
D.Economies of scale

Answer 5

A.Elasticity of the AWS Cloud

Explanation:
Elasticity means that your infrastructure scales based on actual usage. When you have higher demand you use more infrastructure and pay more and when you have less demand you need less infrastructure and pay less. The benefits are you don’t need to guess about capacity and pay only for what you actually need.

CORRECT: “Elasticity of the AWS Cloud” is the correct answer.

INCORRECT: “Easy global deployments” is incorrect. It is easy to deploy many AWS resources globally but this benefit does not eliminate the need to estimate future usage.

INCORRECT: “Security of the AWS Cloud” is incorrect. The security of the AWS Cloud is important but does not eliminate the need to estimate future usage.

INCORRECT: “Economies of scale” is incorrect. This means you pay less for some resources because of the benefits of AWS’s scale. However, this benefit does not eliminate the need to estimate future usage.

Question 6

Which of the following is a method of backup available in the AWS cloud?
A.Amazon EBS Snapshots
B.Availability Zones
C.Amazon EFS File Systems
D.Amazon Route 53 Alias Record

Answer 6

A.Amazon EBS Snapshots

Explanation:
Amazon Elastic Block Store (EBS) is a block-based storage system that provides a “virtual hard disk in the cloud”. You can back up your EBS volumes using snapshots which are point-in-time copies of the data.

CORRECT: “Amazon EBS Snapshots” is the correct answer.

INCORRECT: “Availability Zones” is incorrect. Availability Zones are part of the AWS Global Infrastructure. AZs can be used for high availability and fault tolerance as you can architect your applications to be spread across them. However, they are not a backup solution.

INCORRECT: “Amazon EFS File Systems” is incorrect. The Amazon Elastic File System (EFS) provides file-based storage that you access using the NFS v2 protocol. This is storage service but not a backup service. You can backup EFS using the AWS Backup service or using EFS-to-EFS backup.

INCORRECT: “Amazon Route 53 Alias Record” is incorrect. Amazon Route 53 provides a DNS service and an Alias record is a type of record that can map a public domain name to an AWS service target.

Question 7

Which services are involved in reducing application latency and increasing performance for end users? (Select TWO.)
A.Amazon Workspaces
B.Amazon CloudFront
C.Amazon S3
D.Amazon ElastiCache
D.Amazon ECS

Answer 7

B.Amazon CloudFront
D.Amazon ElastiCache

Explanation

Amazon ElastiCache is an in-memory cache that can be placed in front of databases such as Amazon RDS to cache queries for better performance. Amazon CloudFront is a content delivery network (CDN) service that caches media such as videos and photos in locations around the world for lower latency and improved performance.

CORRECT: “Amazon ElastiCache” is a correct answer.

CORRECT: “Amazon CloudFront” is a correct answer.

INCORRECT: “Amazon ECS” is incorrect. This service is used for running Docker containers on AWS. Its function is not primarily to improve performance.

INCORRECT: “Amazon S3” is incorrect. Amazon S3 is an object-based storage system. To improve performance of access to objects globally you would use CloudFront to cache the objects.

INCORRECT: “Amazon Workspaces” is incorrect. This service is used for running managed desktops in the cloud.

Question 8

Which AWS service can an organization use to automate operational tasks on EC2 instances using existing Chef cookbooks?
A.AWS Config
B.AWS CodeDeploy
C.AWS OpsWork
D.AWS Service Catalog

Answer 8

C.AWS OpsWork

Explanation:
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. With Chef, you use code templates, or cookbooks, to describe the desired configuration of instances or on-premises server.

CORRECT: “AWS OpsWorks” is the correct answer.

INCORRECT: “AWS Service Catalog” is incorrect. AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS.

INCORRECT: “AWS Config” is incorrect. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resource.

INCORRECT: “AWS CodeDeploy” is incorrect. AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers.

Question 9

Which items can be configured from within the VPC management console? (Select TWO.)
A.Auto Scaling
B.Regions
C.Security Groups
D.Subnets
E.Load Balancing

Answer 9

C.Security Groups
D.Subnets

Explanation

Subnets and Security groups can be configured from within the VPC console.

CORRECT: “Subnets” is the correct answer.

CORRECT: “Security Groups” is the correct answer.

INCORRECT: “Regions” is incorrect. Regions are not configured, resources within regions are configured.

INCORRECT: “Load Balancing” is incorrect. Load balancing is configured from the EC2 console.

INCORRECT: “Auto Scaling” is incorrect. Auto scaling is configured from the EC2 console.

Question 10

Which service can be used to track the CPU usage of an EC2 instance?    
A.Amazon CloudWatch
B.Amazon CloudFront
C.Amazon CloudTrail
D.Amazon CloudFormation

Answer 10

A.Amazon CloudWatch

Explanation

Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring, whereas CloudTrail is for auditing

CORRECT: “Amazon CloudWatch” is the correct answer.

INCORRECT: “Amazon CloudTrail” is incorrect. AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket.

INCORRECT: “Amazon CloudFront” is incorrect. CloudFront is a content delivery network (CDN) that caches content.

INCORRECT: “Amazon CloudFormation” is incorrect. CloudFormation is used for automated provisioning of infrastructure.

Question 11

Which Amazon S3 storage classes should be used for storing data for long time periods when immediate access is not required at the LOWEST cost? (Select TWO.)

A.Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
B.Amazon S3 Standard
C.Amazon S3 Glacier Deep Archive
D.Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
D.Amazon S3 Glacier

Answer 11

C.Amazon S3 Glacier Deep Archive
D.Amazon S3 Glacier

Explanation:
Amazon S3 Glacier and Amazon S3 Glacier Deep Archive are suitable for archiving data for long time periods and both classes offer extremely low costs. With both of these storage classes you cannot access data immediately.
CORRECT: “Amazon S3 Glacier” is a correct answer.

CORRECT: “Amazon S3 Glacier Deep Archive” is also a correct answer.

INCORRECT: “Amazon S3 Standard-Infrequent Access (S3 Standard-IA)” is incorrect. This storage class is suited to data that requires immediate access infrequently.

INCORRECT: “Amazon S3 Standard” is incorrect as this is a more expensive storage class suitable for general needs.

INCORRECT: “Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)” is incorrect. This storage class is suited to data that requires lower resiliency.

Question 12

For which services does Amazon not charge customers? (Select TWO.)
A.Amazon SNS
B.AWS CloudFormation
C.Amazon S3
D.Amazon EBS
E.Amazon VPC

Answer 12

B.AWS CloudFormation
E.Amazon VPC

Explanation

Amazon VPC and CloudFormation are free of charge, however in the case of CloudFormation you pay for the resources it creates.

All other answers are chargeable services.

CORRECT: “Amazon VPC” is a correct answer.

CORRECT: “AWS CloudFormation” is also a correct answer.

INCORRECT: “Amazon EBS” is incorrect as this is a chargeable service.

INCORRECT: “Amazon S3” is incorrect as this is a chargeable service.

INCORRECT: “Amazon SNS” is incorrect as this is a chargeable service.

Question 13

A company stores copies of backups on Amazon S3 and requires rapid access but low resiliency. Which storage class is optimized for these requirements?
A.Amazon S3 Standard
B.Amazon S3 One Zone-Infrequent Access
C.Amazon S3 Glacier Deep Archive
D.Amazon S3 Glacier

Answer 13

B.Amazon S3 One Zone-Infrequent Access
Explanation:
S3 One Zone-IA is for data that is accessed less frequently, but requires rapid access when needed. Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ and costs 20% less than S3 Standard-IA.

S3 One Zone-IA is ideal for customers who want a lower-cost option for infrequently accessed data but do not require the availability and resilience of S3 Standard or S3 Standard-IA.

It’s a good choice for storing secondary backup copies of on-premises data or easily re-creatable data. You can also use it as cost-effective storage for data that is replicated from another AWS Region using S3 Cross-Region Replication.

CORRECT: “Amazon S3 One Zone-Infrequent Access” is the correct answer.

INCORRECT: “Amazon S3 Standard” is incorrect as this is a more resilient storage class and will cost more so it not optimized for these requirements.

INCORRECT: “Amazon S3 Glacier Deep Archive” is incorrect. This storage class is suited to archival and takes several hours to restore data.

INCORRECT: “Amazon S3 Glacier” is incorrect. This storage class is suited to archival and takes minutes to hours to restore data.

Question 14

Which types of pricing policies does AWS offer? (Select TWO.)
A.Global usage discount
B.Enterprise license agreement (ELA)
C.Save when you reserve
D.Pay-as-you-go
D.Non-peak hour discounts

Answer 14

C.Save when you reserve
D.Pay-as-you-go

Explanation:
Amazon pricing includes options for pay-as-you-go, save when you reserve and pay less by using more.

CORRECT: “Pay-as-you-go” is a correct answer.

CORRECT: “Save when you reserve” is also a correct answer.

INCORRECT: “Enterprise license agreement (ELA)” is incorrect. Amazon does not offer ELAs.

INCORRECT: “Non-peak hour discounts” is incorrect. Amazon does not offer non-peak hour discounts.

INCORRECT: “Global usage discounts” is incorrect. There are no global usage discounts.

Question 15

Which service can you use to provision a preconfigured server with little to no AWS experience?    
A.Amazon Lightsail
B.Amazon Elastic Beanstalk
C.AWS Lambda
D.Amazon EC2

Answer 15

A.Amazon Lightsail

Explanation:
Amazon LightSail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites, web applications, and databases in the cloud.

LightSail provides preconfigured virtual private servers (instances) that include everything required to deploy and application or create a database.

Deploying a server on LightSail is extremely easy and does not require knowledge of how to configure VPCs, security groups, network ACLs etc.

CORRECT: “Amazon LightSail” is the correct answer.

INCORRECT: “Amazon Elastic Beanstalk” is incorrect. AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. It is considered a PaaS service. However, you do still need to deploy within a VPC so more AWS expertise is required

INCORRECT: “AWS Lambda” is incorrect. AWS Lambda provides serverless functions not preconfigured servers.

INCORRECT: “Amazon EC2” is incorrect. Amazon EC2 also requires AWS expertise as it deploys within a VPC.

Question 16

Which AWS service allows you to connect to storage from on-premise servers using standard file protocols?

A.Amzon S3
B.Amazon EBS
C.Amazon Glacier
D.Amazon EFC

Answer 16

D.Amazon EFC

Explanation:
EFS is a fully-managed service that makes it easy to set up and scale file storage in the Amazon Cloud. EFS filesystems are mounted using the NFS protocol (which is a file-level protocol).

Access to EFS file systems from on-premises servers can be enabled via Direct Connect or AWS VPN.

You mount an EFS file system on your on-premises Linux server using the standard Linux mount command for mounting a file system via the NFSv4.1 or NFSv5 protocol.

CORRECT: “Amazon EFS” is the correct answer.

INCORRECT: “Amazon S3” is incorrect. Amazon S3 is an object-level not file-level storage system.

INCORRECT: “Amazon EBS” is incorrect. Amazon Elastic Block Storage (EBS) is block-level storage that can only be accessed by EC2 instances from the same AZ as the EBS volume.

INCORRECT: “Amazon Glacier” is incorrect. Amazon Glacier is an archiving solution that is accessed through S3.

Question 17

What advantages does deploying Amazon CloudFront provide? (Select TWO.)
A.Automated deployment of resources
B.Improved performance for end users
C.Provides serverless compute services
D.A private network link to the AWS cloud
E.Reduced latency

Answer 17

B.Improved performance for end users
E.Reduced latency

Explanation:
content at “edge locations” located around the world. This allows customers to access content more quickly and provides security against DDoS attacks. CloudFront can be used for data, videos, applications, and APIs.

CORRECT: “Reduced latency” is a correct answer.

CORRECT: “Improved performance for end users” is also a correct answer.

INCORRECT: “A private network link to the AWS cloud” is incorrect. A private network link to the AWS cloud can be provisioned using AWS Direct Connect or an IPSec VPN

INCORRECT: “Automated deployment of resources” is incorrect. Automated deployment of resources is performed using CloudFormation.

INCORRECT: “Provides serverless compute services” is incorrect. CloudFront is a CDN not a serverless compute service

Question 18

An AWS customer wishes to purchase unused Amazon EC2 capacity at a discounted rate. Which pricing plan should they choose?
A.Dedicated instances
B.Spot instances
C.On-demand Instances
D.Reserved instances

Answer 18

B.Spot instances

Explanation;
Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. Spot instances are best suited to workloads that can accept disruption as instances may be terminated if the capacity needs to be reclaimed by AWS.

CORRECT: “Spot Instances” is the correct answer.

INCORRECT: “Reserved Instances” is incorrect. Reserved instances do not leverage unused capacity, they are based on locking in for a fixed term of 1 or 3 years.

INCORRECT: “On-Demand Instances” is incorrect. There are no discounts for on-demand instances.

INCORRECT: “Dedicated Instances” is incorrect. Dedicated Instances are Amazon EC2 instances that run in a VPC on hardware that’s dedicated to a single customer

Question 19

Which AWS storage technology can be considered a “virtual hard disk in the cloud”?
A.Amazon S3 object
B.Amazon Elastic File Storage (EFS) filesystem
C.Amazon Glacier archive
D.Amazon Elastic Block Storage (EBS) volume

Answer 19

D.Amazon Elastic Block Storage (EBS) volume

Explanation

An EBS volume is a block storage device that is most similar to a virtual hard disk in the cloud as when attached to an instance it appears as a local disk that can have an operating system installed on or be formatted and used for any other local storage purpose.

CORRECT: “Amazon Elastic Block Storage (EBS) volume” is the correct answer.

INCORRECT: “Amazon Elastic File Storage (EFS) filesystem” is incorrect. An EFS filesystem is mounted over the NFS protocol which is a file-level protocol. Therefore, it is a network filesystem not a virtual hard disk and cannot have an operating system installed or be formatted and used as a locally attached disk.

INCORRECT: “Amazon S3 object” is incorrect. S3 is an object storage system and cannot be mounted and used as a virtual hard drive.

INCORRECT: “Amazon Glacier archive” is incorrect. Glacier is an archiving solution where you can archive your S3 objects at extremely low cost.

Question 20

What is the most cost-effective support plan that should be selected to provide at most a 1-hour response time for a production system failure?   
A.Developer
B.Basic
C.Business
D.Enterprise

Answer 20

C.Business

Explanation

The Business support plan provides < 1 hour response times for a production system failure.

CORRECT: “Business” is the correct answer.

INCORRECT: “Basic” is incorrect. Basic does not provide any technical support.

INCORRECT: “Developer” is incorrect. Developer provides business hours access via email.

INCORRECT: “Enterprise” is incorrect. Enterprise provides < 1 hour response times for a production system failure but is a more expensive.

Question 21

Under the AWS shared responsibility model what is the customer responsible for? (Select TWO.)
A.Configuration of security groups
B.Physical security of the data center
C.Patch management of infrastrucuture
D.Encryption of customer data
E.Replacement and disposal of disk drives

Answer 21

A.Configuration of security groups
D.Encryption of customer data

Explanation:
AWS are responsible for “Security of the Cloud” and customers are responsible for “Security in the Cloud”.

AWS are responsible for items such as the physical security of the DC, replacement of old disk drives, and patch management of the infrastructure

Customers are responsible for items such as configuring security groups, network ACLs, patching their operating systems and encrypting their data

CORRECT: “Configuration of security groups” is a correct answer.

CORRECT: “Encryption of customer data” is also a correct answer.

INCORRECT: “Physical security of the data center” is incorrect as this is an AWS responsibility.

INCORRECT: “Replacement and disposal of disk drives” is incorrect as this is an AWS responsibility.

INCORRECT: “Patch management of infrastructure” is incorrect as this is an AWS responsibility.

Question 22

A company recently setup an organization in AWS Organizations with one member account. Who pays for usage incurred by users in the AWS accounts?
A.The owner of the member account pays for all usage across accounts
B.The owner of the master account pays for all usage across accounts
D.The owner of the member account pays for usage within their account
E.The owner of the master account pays for usage in the master account only

Answer 22

B.The owner of the master account pays for all usage across accounts

Explanation:
You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a management account that pays the charges of all the member accounts.

Consolidated billing has the following benefits:

One bill – You get one bill for multiple accounts.

Easy tracking – You can track the charges across multiple accounts and download the combined cost and usage data.

Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts, Reserved Instance discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts.

No extra fee – Consolidated billing is offered at no additional cost.

CORRECT: “The owner of the master account pays for all usage across accounts” is the correct answer.

INCORRECT: “The owner of the member account pays for usage within their account” is incorrect. This is not true; the member account does not pay for any usage.

INCORRECT: “The owner of the member account pays for all usage across accounts” is incorrect. This is not true; the member account does not pay for any usage.

INCORRECT: “The owner of the master account pays for usage in the master account only” is incorrect. This is not true; the master account pays for all usage across accounts.

Question 23

Which feature of AWS allows you to deploy a new application for which the requirements may change over time?
A.Disposable resources
B.Fault tolerance
C.High availability
D.Elasticity

Answer 23

D.Elasticity

Explanation:
Elasticity allows you to deploy your application without worrying about whether it will need more or less resources in the future. With elasticity, the infrastructure can scale on-demand and you only pay for what you use.

CORRECT: “Elasticity” is the correct answer.

INCORRECT: “Fault tolerance” is incorrect. Fault tolerance is a mechanism used for ensuring the availability or recoverability of your application in the of a hardware or software fault.

INCORRECT: “Disposable resources” is incorrect. Disposable resources is an architectural principle in which servers and other components are treated as temporary resources and are replaced rather than updated

INCORRECT: “High availability” is incorrect. High availability is a mechanism used for ensuring the availability of your application and protecting against the failure of hardware or software components.

Question 24

Which AWS service is primarily used for software version control?    
A.AWS CodeCOmmit
B.AWS Cloud9
C.AWS CodeDeploy
D.AWS CodeStar

Answer 24

A.AWS CodeCOmmit

Explanation:
AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem.

CORRECT: “AWS CodeCommit” is the correct answer.

INCORRECT: “AWS CodeStar” is incorrect. AWS CodeStar enables you to quickly develop, build, and deploy applications on AWS. AWS CodeStar provides a unified user interface, enabling you to easily manage your software development activities in one place.

INCORRECT: “AWS Cloud9” is incorrect. AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser.

INCORRECT: “AWS CodeDeploy” is incorrect. AWS CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, or serverless Lambda functions.

Question 25

What is the scope of a VPC within a region?
A.At least 2 subnets per region
B.At least 2 data centers per region
C.Spans all Availbility Zones within the region
D.Spans all Availability Zones globally

Answer 25

C.Spans all Availbility Zones within the region

Explanation:
An Amazon Virtual Private Cloud (VPC) spans all availability zones within a region.

CORRECT: “Spans all Availability Zones within the region” is the correct answer.

INCORRECT: “Spans all Availability Zones globally” is incorrect. VPCs do not span regions, you create VPCs in each region.

INCORRECT: “At least 2 subnets per region” is incorrect. VPCs are not limited by subnets, subnets are created within AZs and you can have many subnets in an AZ

INCORRECT: “At least 2 data centers per region” is incorrect. An AZ uses one or more data centers. AWS does not publicize the details.

Question 26

Which AWS service can you use to install a third-party database?    
A.Amazon EC2
B.Amazon RDS
C.Amazon DynamoDB
D.Amazon EMR

Answer 26

A.Amazon EC2

Explanation:
On AWS you can either use a managed service such as Amazon RDS or install a database on Amazon EC2. There are limits to what database engines are supported on Amazon RDS so to install a third-party database you can use Amazon EC2 instead. You will then be responsible for managing the operating system and database.

CORRECT: “Amazon EC2” is the correct answer.

INCORRECT: “Amazon RDS” is incorrect as you cannot choose to use a third-party database on Amazon RDS. You must use one of the supported engines.

INCORRECT: “Amazon DynamoDB” is incorrect as you cannot use any other type of database engine on DynamoDB.

INCORRECT: “Amazon EMR” is incorrect as this uses the Hadoop framework and you cannot choose another database engine.

Question 27

Which service allows you to run code as functions without needing to provision or manage servers?
A.AWS CodeDeploy
B.Amazon EC2
C.AWS Lambda
D.Amazon EKS

Answer 27

C.AWS Lambda

Explanation:
AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you.

Lambda runs your code on high-availability compute infrastructure and performs all the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code and security patch deployment, and code monitoring and logging. All you need to do is supply the code.

CORRECT: “AWS Lambda” is the correct answer.

INCORRECT: “Amazon EC2” is incorrect. With Amazon EC2 you must manage the instance and operating system.

INCORRECT: “AWS CodeDeploy” is incorrect. AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers.

INCORRECT: “Amazon EKS” is incorrect. Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to stand up or maintain your own Kubernetes control plane

Question 28

Which architectural best practice aims to reduce the interdependencies between services?    
A.Loose Coupling
B.Removing Single Points of Failure
C.Automation
D.Services, Not Server

Answer 28

A.Loose Coupling

Explanation:
As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components

The concept of loose coupling includes “well-defined interfaces” which reduce interdependencies in a system by enabling interaction only through specific, technology-agnostic interfaces (e.g. RESTful APIs).

CORRECT: “Loose Coupling” is the correct answer.

INCORRECT: “Services, Not Servers” is incorrect. This best practice encourages the use of a wider variety of AWS services in your application architectures.

INCORRECT: “Removing Single Points of Failure” is incorrect. This best practice aims to increase system availability.

INCORRECT: “Automation” is incorrect. This best practice encourages the use of automation for efficiency and consistency.

Question 29

Which benefits can an organization achieve by deploying AWS Global Accelerator? (Select TWO.)
A.Reduces the cost of deploying services on AWS
B.Decreased latency to reach applications deployed on AWS
C.Improves the availability of application on AWS
D.It increases the durability of data stored on Amazon S3
D.It cathces content around the world to reduce latency

Answer 29

B.Decreased latency to reach applications deployed on AWS
C.Improves the availability of application on AWS

Explanation

AWS Global Accelerator is a service that improves the availability and performance of applications with local or global users.

It provides static IP addresses that act as a fixed entry point to application endpoints in a single or multiple AWS Regions, such as Application Load Balancers, Network Load Balancers or EC2 instances.

Uses the AWS global network to optimize the path from users to applications, improving the performance of TCP and UDP traffic.

CORRECT: “Improves the availability of applications on AWS” is a correct answer.

CORRECT: “Decreased latency to reach applications deployed on AWS” is also a correct answer.

INCORRECT: “Reduces the cost of deploying global services on AWS” is incorrect. Global Accelerator is not used for cost reduction.

INCORRECT: “It increases the durability of data stored on Amazon S3” is incorrect. Global Accelerator is not related to Amazon S3.

INCORRECT: “It caches content around the world to reduce latency” is incorrect. Do not confuse AWS Global Accelerator with Amazon CloudFront which does cache content.

Question 30

What benefits are provided by Amazon CloudFront? (Select TWO.)
A.used to enable private subnet instaces to access the internet
B.Content is cached at Edge Locations for fast distribution to customers
C.Allows you to register domain names
D.Provides a worldwide distributed DNS Service
E.Built-in Distributed Denial of Service (DDoS) attack protection

Answer 30

B.Content is cached at Edge Locations for fast distribution to customers
E.Built-in Distributed Denial of Service (DDoS) attack protection

CloudFront is a content delivery network (CDN) that allows you to store (cache) your content at “edge locations” located around the world. This allows customers to access content more quickly and provides security against DDoS attacks. CloudFront can be used for data, videos, applications, and APIs.

Benefits include:

– Cache content at Edge Location for fast distribution to customers.

– Built-in Distributed Denial of Service (DDoS) attack protection.

– Integrates with many AWS services (S3, EC2, ELB, Route 53, Lambda).

CORRECT: “Built-in Distributed Denial of Service (DDoS) attack protection” is a correct answer.

CORRECT: “Content is cached at Edge Locations for fast distribution to customers” is a correct answer.

INCORRECT: “Allows you to register domain names” is incorrect. Amazon Route 53 can be used for registering domain names.

INCORRECT: “Used to enable private subnet instances to access the Internet” is incorrect $

INCORRECT: “Provides a worldwide distributed DNS service” is incorrect. Amazon Route 53 provides a worldwide distributed DNS service.

Question 31

What advantages do you get from using the AWS cloud? (Select TWO.)
A.Stop guessing about capacity
B.Comply with all local security compliance programs
C.Trade capital expense for variable expense
D.Increased capital expenditure
E.Gain greater control of the infrastrcture

Answer 31

A.Stop guessing about capacity
C.Trade capital expense for variable expense

Explanation

The 6 advantages of cloud are:

1) Trade capital expense for variable expense
2) Benefit from massive economies of scale
3) Stop guessing about capacity
4) Increase speed and agility
5) Stop spending money running and maintaining data centers
6) Go global in minutes

You do not gain greater control of the infrastructure layer as AWS largely control this, and though AWS is compliant with lots of security compliance programs, not all programs in all local countries will be included

CORRECT: “Trade capital expense for variable expense” is a correct answer.

CORRECT: “Stop guessing about capacity” is a correct answer.

INCORRECT: “Increased capital expenditure” is incorrect as you should lower your capital expenditure by moving to the cloud.

INCORRECT: “Gain greater control of the infrastructure layer” is incorrect as you do not gain control of the infrastructure layer, you lose this control when moving from on-premises to the AWS cloud.

INCORRECT: “Comply with all local security compliance programs” is incorrect as AWS do not comply will all security compliance programs worldwide.

Question 32

Which feature can you use to grant read/write access to an Amazon S3 bucket?
A.IAM Policy
B.IAM User
C.IAM Role
D.IAm Group

Answer 32

A.IAM Policy

Explanation:
Identity and access management (IAM) Policies are documents that define permissions and can be applied to users, groups and roles. IAM policies can be written to grant access to Amazon S3 buckets.

CORRECT: “IAM Policy” is the correct answer.

INCORRECT: “IAM Role” is incorrect. IAM Roles are created and then “assumed” by trusted entities and define a set of permissions for making AWS service requests.

INCORRECT: “IAM Group” is incorrect. IAM Groups are collections of users and have policies attached to them.

INCORRECT: “IAM User” is incorrect. An IAM user is an entity that represents a person or service.

Question 33

Which feature of Amazon Rekognition can assist with saving time?
A.Identification of the language of text in a document
B.Adds automatic speeh recognition (ASR) to applications
C.Identification of objects in images and videos
D.Provides on-demand access to compliance-related information

Answer 33

C.Identification of objects in images and videos

Explanation:
Amazon Rekognition makes it easy to add image and video analysis to your applications. You just provide an image or video to the Rekognition API, and the service can identify the objects, people, text, scenes, and activities, as well as detect any inappropriate content.

CORRECT: “Identification of objects in images and videos” is the correct answer.

INCORRECT: “Identification of the language of text in a document” is incorrect. Amazon Comprehend identifies the language of the text; extracts key phrases, places, people, brands, or events; understands how positive or negative the text is; analyzes text using tokenization and parts of speech; and automatically organizes a collection of text files by topic.

INCORRECT: “Adds automatic speech recognitions (ASR) to applications” is incorrect. Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for developers to add speech-to-text capability to their applications

INCORRECT: “Provides on-demand access to compliance-related information” is incorrect. AWS Artifact is a resource for compliance-related information. It provides on-demand access to AWS’ security and compliance reports and select online agreements

Question 34

How does AWS assist organisations’ with their capacity requirements?
A.You dont own the infrastrcture
B.With AWS you dont pay for data centers
C.With AWS you only pay for what you use
D.You dont need to guess your capacity needs

Answer 34

D.You dont need to guess your capacity needs

Explanation:
All of these statements are true; however, the question is specifically asking how AWS can assist with capacity requirements.

i.e. how does AWS enable organizations to ensure they don’t over or under-provision their resources.

The ability to scale on demand is the key advantage that can help them here as they can deploy what they know they need today and scale it as they need to tomorrow.

Question 35

Which AWS service is used to enable multi-factor authentication?
A.Amazon EC2
B.Amazon STS
C.AWS KMS
D.AWS IAM

Answer 35

D.AWS IAM

Explanation:
The identity and access management service (IAM) is used to securely control individual and group access to AWS resources. IAM can also be used to manage multi-factor authentication (MFA). With MFA you add an additional factor of authentication such Google Authenticator device. This is “something you have” and is used with your password “something you know”.

CORRECT: “AWS IAM” is the correct answer.

INCORRECT: “Amazon STS” is incorrect. The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users).

INCORRECT: “Amazon EC2” is incorrect. Amazon EC2 is used for running operating systems instances in the cloud.

INCORRECT: “AWS KMS” is incorrect. AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.

Question 36

Which AWS service can be used to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PC?
A.Elastic Transcoder
B.Elastic Load Balancer
C.Elastic Beanstalk
D.Autoscaling

Answer 36

A.Elastic Transcoder

Explanation:
Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or “transcode”) video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs.

CORRECT: “Elastic Transcoder” is the correct answer.

INCORRECT: “Elastic Beanstalk” is incorrect. AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud.

INCORRECT: “Elastic Load Balancer” is incorrect. ELB is used to distribute incoming connections to EC2 instances

INCORRECT: “Auto Scaling” is incorrect. Auto Scaling is used to automatically ensure the right number of EC2 instances are available to service current load.

Question 37

Which of the following is a principle of good AWS Cloud architecture design?
A>Implement monolithic design
B.Implement single points of failure
C.Implement loose coupling
D.Implement vertical scaling

Answer 37

C.Implement loose coupling

Explanation:
As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components.

This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components.

CORRECT: “Implement loose coupling” is the correct answer.

INCORRECT: “Implement single points of failure” is incorrect. Single points of failure should be eliminated where possible to avoid system/application outages.

INCORRECT: “Implement monolithic design” is incorrect. Monolithic design is when multiple components are tightly coupled and this increases the impact of a system failure.

INCORRECT: “Implement vertical scaling” is incorrect. Vertical scaling means adding resources such as CPU and memory to an existing application or instance. Where possible horizontal scaling should be used with loose coupling.

Question 38

Which AWS service can be used to generate encryption keys that can be used to encrypt data? (Select TWO.)
A.AWS Certificate Manager
B.AWS CloudHSM
C.AWS Secrets Manager
D.Amazon Macie
E.AWS Key management Service (AWS KMS)

Answer 38

B.AWS CloudHSM

Explanation:
Both AWS KMS and AWS CloudHSM can be used to generate data encryption keys. You use what are called customer master keys (CMKs) to create data encryption keys. The data encryption keys can then be used to actually encrypt the data.

CORRECT: “AWS Key Management Service (AWS KMS)” is a correct answer.

CORRECT: “AWS CIoudHSM” is also a correct answer.

INCORRECT: “Amazon Macie” is incorrect. Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS

INCORRECT: “AWS Certificate Manager” is incorrect. AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

INCORRECT: “AWS Secrets Manager” is incorrect. AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

Question 39

Which pricing model should you use for EC2 instances that will be used in a lab environment for several hours on a weekend and must run uninterrupted?    
A.On-Demand
B.Dedicated Instance
C>Reserved
D.Spot

Answer 39

A.On-Demand

Explanation:
On-Demand is the best choice for this situation as it is the most economical option that will ensure no interruptions. Use on-demand for ad-hoc use cases where you need to run an instance for a short period of time.

CORRECT: “On-Demand” is the correct answer.

INCORRECT: “Reserved” is incorrect. Reserved instances are good for long-term, static requirements as you must lock-in for 1 or 3 years in return for a decent discount.

INCORRECT: “Spot” is incorrect. Spot instances are good for short term requirements as they can be very economical. However, you may find that the instance is terminated if AWS need to capacity back.

INCORRECT: “Dedicated Instance” is incorrect. Dedicated instances are EC2 instances that run on hardware dedicated to a single customer.

Question 40

Under the shared responsibility model, what are examples of shared controls? (Select TWO.)
A.Patch management
B.Service Communications Protection
C.Configuration management
D.Storage system patching
E.Physical and environmental

Answer 40

C.Configuration management

Explanation:
Shared Controls– Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives

Patch Management– AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications

Configuration Management– AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.

CORRECT: “Patch management” is a correct answer.

CORRECT: “Configuration management” is also a correct answer.

INCORRECT: “Storage system patching” is incorrect. Storage system patching is an AWS responsibility.

INCORRECT: “Physical and environmental” is incorrect. Physical and Environmental controls is an example of an inherited control (a customer fully inherits from AWS).

INCORRECT: “Service and Communications Protection” is incorrect. Service and Communications Protection is an example of a customer specific control.

Question 41

Which storage service allows you to connect multiple EC2 instances concurrently using file-level protocols?    
A.Amazon Glacier
B.Amazon EFS
C.Amazon EBS
D.Amazon S3

Answer 41

B.Amazon EFS

Explanation;
Amazon Elastic File System allows you to connect hundreds or thousands of EC2 instances concurrently and is accessed using the file-level NFS protocol.

CORRECT: “Amazon EFS” is the correct answer.

INCORRECT: “Amazon S3” is incorrect. Amazon S3 is an object storage system.

INCORRECT: “Amazon EBS” is incorrect. Amazon Elastic Block Storage provides block-level volumes to individual EC2 instances (cannot connect multiple instances to a single EBS volume)

INCORRECT: “Amazon Glacier” is incorrect. Glacier is used for archiving S3 objects.

Question 42

What are two ways that moving to an AWS cloud can benefit an organization? (Select TWO.)
A.Gain greater control of data center security
B.Switch to a CAPEX model
C.Depreciate assets over a longer timeframe
D.Increase speed and agility
E.Stop guessing bout capacity

Answer 42

D.Increase speed and agility
E.Stop guessing bout capacity

Explanation:
Increase speed and agility:

In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower

Stop guessing about capacity:

Eliminate guessing on your infrastructure capacity needs. When you make a capacity decision prior to deploying an application, you often end up either sitting on expensive idle resources or dealing with limited capacity. With cloud computing, these problems go away. You can access as much or as little capacity as you need, and scale up and down as required with only a few minutes’ notice

CORRECT: “Increase speed and agility” is a correct answer.

CORRECT: “Increase speed and agility” is also a correct answer.

INCORRECT: “Switch to a CAPEX model” is incorrect. Cloud is based on an operational expenditure (OPEX) model, not a capital expenditure (CAPEX) model.

INCORRECT: “Depreciate assets over a longer timeframe” is incorrect. Cloud does not provide the ability to depreciate assets over a longer timeframe as you generally do not own the assets.

INCORRECT: “Gain greater control of data center security” is incorrect. Though the AWS cloud does provide significant security standards for the data center, you do not get more control as this is an AWS responsibility.

Question 43

A company plans to deploy a global commercial application on Amazon EC2 instances. The deployment solution should be designed with the highest redundancy and fault tolerance.

Based on this situation, how should the EC2 instances be deployed?
A. Across multiple Availability Zones in two AWS regions
B.In a single Availability Zone in one AWS region
C.In a single Availability Zone in two AWS Regions
D.Across multiple Availability Zones in one AWS region

Answer 43

A. Across multiple Availability Zones in two AWS regions

Explanation:
For maximum redundancy and fault tolerance the application should be deployed in multiple AWS Regions and multiple Availability Zones within each of those regions. This architecture may use Elastic Load Balancers and Amazon Route 53 records to direct traffic to instances. Alternatively, it could use AWS Global Accelerator.

CORRECT: “Across multiple Availability Zones in two AWS Regions” is the correct answer.

INCORRECT: “In a single Availability Zone in one AWS Region” is incorrect as this does not represent the highest redundancy and fault tolerance.

INCORRECT: “In a single Availability Zone in two AWS Regions” is incorrect as this does not represent the highest redundancy and fault tolerance.

INCORRECT: “Across multiple Availability Zones in one AWS Region” is incorrect as this does not represent the highest redundancy and fault tolerance.

Question 44

AWS Trusted Advisor provides real-time guidance on what characteristics of an AWS account? (Select TWO.)
A.Security best practices
B.Application configuration
C.Cost Optimization
D.Network utilization

Answer 44

A.Security best practices
C.Cost optimization

Explanation:
AWS Trusted Advisor provides real-time guidance to help customers provision resources following AWS best practices. The service offers guidance for cost optimization, performance, security, fault tolerance, and service limits.

CORRECT: “Security best practices” is a correct answer.

CORRECT: “Cost optimization” is also a correct answer.

INCORRECT: “Application performance” is incorrect as Trusted Advisor offers advice on AWS resources, not on applications.

INCORRECT: “Network utilization” is incorrect. CloudWatch should be used for gaining insights into metrics relating to network utilization.

INCORRECT: “Application configuration” is incorrect as Trusted Advisor offers advice on AWS resources, not on applications.

Question 45

Which of the following statements is correct in relation to consolidated billing? (Select TWO.)
A.Only available to Enterprise customers
B.Volume pricing discounts cannot be applied to resources
C.The paying account is independent and cannot access resource of other accounts
D.Used to consolidate billing across organizations
E.One bill is provider per AWS organization

Answer 45

C.The paying account is independent and cannot access resource of other accounts
E.One bill is provider per AWS organization

Explanation:
AWS organizations allow you to consolidate multiple AWS accounts into an organization that you create and centrally manage. Each paying account is an independent entity and is not able to access resources of other accounts in the Organization. The billing is performed centrally on the root account in the AWS Organization.

CORRECT: “The paying account is independent and cannot access resources of other accounts” is a correct answer.

CORRECT: “One bill is provided per AWS organization” is also a correct answer.

INCORRECT: “Used to consolidate billing across organizations” is incorrect. AWS Organizations allows you to consolidate billing across accounts within an organization but not across organizations.

INCORRECT: “Volume pricing discounts cannot be applied to resources” is incorrect. This is not true, volume pricing discounts can be applied to resources and this is a key advantage.

INCORRECT: “Only available to Enterprise customers” is incorrect. This is not true, consolidated billing is available to all customers.

Question 46

What method can you use to take a backup of an Amazon EC2 instance using AWS tools?
A.Take full and incremental file-level backups using the backup console
B.Take application-consistent backups using the EC2 API
C.Use Cross Region Replication (GRR) to copy the instance to another region
D.Take a snapshot to capture the point-in-time state of the instance

Answer 46

D.Take a snapshot to capture the point-in-time state of the instance

Explanation:
You can take snapshots of EC2 instances which creates a point-in-time copy of the instance. Snapshots are stored on S3. If you make periodic snapshots of a volume, the snapshots are incremental, which means that only the blocks on the device that have changed after your last snapshot are saved in the new snapshot.

CORRECT: “Take a snapshot to capture the point-in-time state of the instance” is the correct answer.

INCORRECT: “Take full and incremental file-level backups using the backup console” is incorrect. There is no backup console that can take full and incremental backups

INCORRECT: “Take application-consistent backups using the EC2 API” is incorrect. There is no way of taking application-consistent backups using any AWS tools

INCORRECT: “Use Cross Region Replication (CRR) to copy the instance to another region” is incorrect. Cross Region Replication is used to replicate Amazon S3 buckets are across regions

Question 47

Which service allows you to automatically expand and shrink your application in response to demand?    
A.Amazon EC2 Auto Scaling
B.Amazon DynamoDB
C.Amazon Elastic Load Balancing
D.AWS ElastiCache

Answer 47

A.Amazon EC2 Auto Scaling

Explanation:
Amazon EC2 Auto Scaling automatically responds to demand by adding or removing EC2 instances to ensure the right amount of compute capacity is available at any time. This can help to automatically adjust the number of instances based on the load on your application.

CORRECT: “Amazon EC2 Auto Scaling” is the correct answer.

INCORRECT: “AWS ElastiCache” is incorrect. AWS ElastiCache provides in-memory cache and database services

INCORRECT: “Amazon Elastic Load Balancing” is incorrect. Amazon ELB distributes incoming requests to EC2 instances. It can be used in conjunction with Auto Scaling

INCORRECT: “Amazon DynamoDB” is incorrect. DynamoDB is a non-relational (NoSQL)

Question 48

`What benefits does Amazon EC2 provide over using non-cloud servers? (Select TWO.)
A>High-availability with an SLA of 99.999%
B.Inexpensive
C.Fault tolerance
D.Elastic web-scale computing
D.COmplete control of the hypervisor layer

Answer 48

B.Inexpensive
D.Elastic web-scale computing

Explanation

Elastic Web-Scale computing– you can increase or decrease capacity within minutes not hours and commission one to thousands of instances simultaneously.

Inexpensive – Amazon passes on the financial benefits of scale by charging very low rates and on a capacity consumed basis.

CORRECT: “Elastic web-scale computing” is a correct answer.

CORRECT: “Inexpensive” is also a correct answer.

INCORRECT: “Fault tolerance” is incorrect. Amazon does not offer fault tolerance for EC2, you need to design this into your application stack (and assume things will fail)

INCORRECT: “High-availability with an SLA of 99.999%” is incorrect. AWS provide an SLA for EC2 that states that services will be available within each AWS region with a Monthly Uptime Percentage of at least 99.99%

INCORRECT: “Complete control of the hypervisor layer” is incorrect. Amazon EC2 does not provide any control of the hypervisor or underlying hardware infrastructure.w

Question 49

What is the most cost-effective EC2 pricing option to use for a non-critical overnight workload?    
A.Spot
B.Reserved Instance
C.Dedicated Host
D.On-demand

Answer 49

A.Spot
Explanation:
Spot instances are good for short term requirements as they can be very economical. However, sometimes AWS may terminate your instance when the they need the capacity back. This is a good option for non-critical workloads that can be terminated without loss of data.

CORRECT: “Spot” is the correct answer.

INCORRECT: “On-Demand” is incorrect. On-Demand is not the most economical option

INCORRECT: “Reserved Instance” is incorrect. Reserved instances are good for long-term, static requirements as you must lock-in for 1 or 3 years in return for a decent discount

INCORRECT: “Dedicated Host” is incorrect. Dedicated hosts provide a full server dedicated to a single customer and is therefore expensive

Question 50

The AWS global infrastructure is composed of? (Select TWO.)
A.Availability Zones
B.Fault Zones
C.Clusters
D.IP Subnets
E.Regions

Answer 50

A.Availability Zones
E.Regions

Explanation;
The AWS Global infrastructure is built around Regions and Availability Zones (AZs). A Region is a physical location in the world where AWS have multiple AZs. AZs consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities

CORRECT: “Regions” is a correct answer.

CORRECT: “Availability Zones” is also a correct answer.

INCORRECT: “Clusters” is incorrect as this is not part of the AWS global infrastructure.

INCORRECT: “Fault Zones” is incorrect as this is not part of the AWS global infrastructure.

INCORRECT: “IP subnets” is incorrect as this is not part of the AWS global infrastructure.

Question 51

Which service can be used to help you to migrate databases to AWS quickly and securely?
A.AWS DataSync
B.AWS Key management Services (KMS)
C.AWS Database Migration Services (DMS)
D.AWS Server Migration Services (SMS)

Answer 51

C.AWS Database Migration Services (DMS)

Explanation:
AWS Database Migration Service is used to migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate data to and from most widely used commercial and open-source databases.

CORRECT: “AWS Database Migration Service (DMS)” is the correct answer.

INCORRECT: “AWS Server Management Service (SMS)” is incorrect. AWS Server Migration Service (SMS) is used to migrate virtual machines not databases

INCORRECT: “AWS Key Management Service (KMS)” is incorrect. AWS Key Management Service (KMS) is used for managing encryption keys.

INCORRECT: “AWS DataSync” is incorrect. This service is used for migrating data from network attached storage (NAS) devices to AWS. It is not used for databases.

Question 52

How can an organization compare the cost of running applications in an on-premise or colocation environment against the AWS cloud?    
A.AWS Budgets
B.TCO Calculator
C.AWS Cost Explorer
D.AWS Simple Monthly Calculator

Answer 52

B.TCO Calculator

Explanation:
The TCO calculator is a free tool provided by AWS that allows you to estimate the cost savings of using the AWS Cloud vs. using an on-premised data center.

The TCO calculator can compare the cost of your applications in an on-premises or traditional hosting environment to AWS. You describe your on-premises or hosting environment configuration to produce a detailed cost comparison with AWS.

CORRECT: “TCO Calculator” is the correct answer.

INCORRECT: “AWS Budgets” is incorrect. AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.

INCORRECT: “AWS Simple Monthly Calculator” is incorrect. The AWS Simple Monthly Calculator helps customers and prospects estimate their monthly AWS bill more efficiently

INCORRECT: “AWS Cost Explorer” is incorrect. The AWS Cost Explorer is a free tool that allows you to view charts of your costs. You can view cost data for the past 13 months and forecast how much you are likely to spend over the next three months.

Question 53

Which AWS support plan should you use if you need a response time of < 15 minutes for a business-critical system failure?
A.Enterprise
B.Business
C>Developer
D.Basic

Answer 53

A.Enterprise

Explanation:
Only the Enterprise plan provides a response time of < 15 minutes for the failure of a business-critical system.

Both Business and Enterprise offer < 1 hour response time for the failure of a production system.

CORRECT: “Enterprise” is the correct answer.

INCORRECT: “Business” is incorrect as described above.

INCORRECT: “Basic” is incorrect as described above.

INCORRECT: “Developer” is incorrect as described above.

Question 54

A company would like to maximize their potential volume and reserved instance discounts across multiple accounts and also apply service control policies on member accounts. What can they use gain these benefits?    
A>AWS Budgets
B/.AWS IAM
C.AWS organizations
D.AWS Cost explorer

Answer 54

C.AWS organizations

Explanation:
AWS Organizations enables you to create groups of AWS accounts and then centrally manage policies across those accounts. AWS Organizations provides consolidated billing in both feature sets, which allows you set up a single payment method in the organization’s master account and still receive an invoice for individual activity in each member account. Volume pricing discounts can be applied to resources.

CORRECT: “AWS Organizations” is the correct answer.

INCORRECT: “AWS Budgets” is incorrect. AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.

INCORRECT: “AWS Cost Explorer” is incorrect. The AWS Cost Explorer is a free tool that allows you to view charts of your costs

INCORRECT: “AWS IAM” is incorrect. AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely

Question 55

Which service can be used for building and integrating loosely-coupled, distributed applications?    
A.Amazon RDS
B.Amazon EBS
C.AMazon SNS
D.Amazon EFs

Answer 55

C.AMazon SNS

Explanation:
Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud. Amazon SNS is used for building and integrating loosely-coupled, distributed applications.

NOTE: Sometimes AWS will expand abbreviations in answers and other times, like with this question, you just get the abbreviation. Therefore, there’s no workaround, you have to know your abbreviations!

CORRECT: “Amazon SNS” is the correct answer.

INCORRECT: “Amazon EBS” is incorrect. Amazon Elastic Block Storage (EBS) provides storage volumes for EC2 instances.

INCORRECT: “Amazon EFS” is incorrect. Amazon Elastic File System (EFS) provides an NFS filesystem for usage by EC2 instances.

INCORRECT: “Amazon RDS” is incorrect. Amazon Relational Database Service (RDS) provides a managed relational database service.

Question 56

Which tool enables you to visualize your usage patterns over time and to identify your underlying cost drivers?
A.AWS Simple Monthly Calculator
B.AWS Budgets
C.AWS Cost Explorer
D.Total Cost of Ownership (TCO) Calculator

Answer 56

C.AWS Cost Explorer

Explanation:
The AWS Cost Explorer is a free tool that allows you to view charts of your costs. You can view cost data for the past 13 months and forecast how much you are likely to spend over the next three months. Cost Explorer can be used to discover patterns in how much you spend on AWS resources over time and to identify cost problem area.

CORRECT: “AWS Cost Explorer” is the correct answer.

INCORRECT: “AWS Simple Monthly Calculator” is incorrect. The AWS Simple Monthly Calculator helps customers and prospects estimate their monthly AWS bill more efficiently

INCORRECT: “Total Cost of Ownership (TCO) Calculator” is incorrect. The TCO calculator is a free tool provided by AWS that allows you to estimate the cost savings of using the AWS Cloud vs. using an on-premised data center.

INCORRECT: “AWS Budgets” is incorrect. AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.

Question 57

Which AWS services can be used to connect the AWS Cloud and on-premises resources? (Select TWO.)
A.AWS Direct Connect
B.Amazon CloudHSM
C.Amzon Connect
D.AWS Managed VPN
E.AWS Managed Services

Answer 57

A.AWS Direct Connect
D.AWS Managed VPN

An AWS Managed VPN is a virtual private network connection over the public Internet. This creates an encrypted link between the on-premises network and your AWS VPC. Another way to achieve this outcome is to provision an AWS Direct Connection which connects on-premises networks to AWS using private network links.

CORRECT: “AWS Managed VPN” is a correct answer.

CORRECT: “AWS Direct Connect” is also a correct answer.

INCORRECT: “Amazon Connect” is incorrect. Amazon Connect is an easy to use omnichannel cloud contact center that helps companies provide superior customer service at a lower cost.

INCORRECT: “Amazon CloudHSM” is incorrect. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

INCORRECT: “AWS Managed Services” is incorrect. This is a managed service for lowering operational overhead and risk.

Question 58

Under the AWS shared responsibility model, what are the customer’s responsibilities? (Select TWO.)
A.Physical and environmental security
B.Storage device decomissioning
C.Security of data in transit
D.Physical network devices including firewalls
E.Data integrity authentication

Answer 58

C.Security of data in transit
E.Data integrity authentication

Explanation;
Under the AWS shared responsibility model, AWS are responsible for security “of” the cloud and customers are responsible for security “in” the cloud. Securing data in transit and ensuring the integrity of data are customer responsibilities. Customers are always responsible for managing data including encryption.

CORRECT: “Security of data in transit” is a correct answer.

CORRECT: “Data integrity authentication” is also a correct answer.

INCORRECT: “Physical and environmental security” is incorrect as this is security “of” the cloud and therefore the responsibility of AWS.

INCORRECT: “Physical network devices including firewalls” is incorrect as this is security “of” the cloud and therefore the responsibility of AWS.

INCORRECT: “Storage device decommissioning” is incorrect as this is security “of” the cloud and therefore the responsibility of AWS.

Question 59

Which of the following types of recommendation does AWS Trusted Advisor provide? (Select TWO.)
A.Serverless architecture
B.Performance
C.Access Auditing
D.Replatforming
E.Cost optimization

Answer 59

B.Performance
E.Cost optimization

Explanation:
AWS Trusted Advisor provides real-time guidance to help customers provision resources following AWS best practices. The service offers guidance for cost optimization, performance, security, fault tolerance, and service limits.

CORRECT: “Cost optimization” is a correct answer.

CORRECT: “Performance” is also a correct answer.

INCORRECT: “Access auditing” is incorrect. You should use AWS CloudTrail for auditing.

INCORRECT: “Serverless architecture” is incorrect. Trusted Advisor does not offer advice on using serverless architectures.

INCORRECT: “Replatforming” is incorrect. Trusted Advisor does not offer advice on replatforming applications.

Question 60

Which service supports the resolution of public domain names to IP addresses or AWS resources?   
A.Amazon Route 53
B.Hosted Zones
C.Amazon CloudFront
D.Amazon SNS

Answer 60

A.Amazon Route 53

Explanation:
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service using hosted zones. It can also be used for domain registration, health checks, and traffic flow.

CORRECT: “Amazon Route 53” is the correct answer.

INCORRECT: “Amazon CloudFront” is incorrect. CloudFront is a content delivery network (CDN) that allows you to store (cache) your content at “edge locations” located around the world

INCORRECT: “Amazon SNS” is incorrect. Simple Notification Service is used to send notifications over multiple transport protocols.

INCORRECT: “Hosted Zones” is incorrect. A hosted zone is a collection of records for a specified domain in Route 53.

Question 61

When storing sensitive company data in Amazon S3, which security best practices should customers follow?
A.Enable S3 server side encryption on the S3 Bucket
B.Enable Cross-Region replication on the S3 bucket
C.Enable requester pays to reduce costs
D.Enable AWS WAF to restrict access to the bucket

Answer 61

A.Enable S3 server side encryption on the S3 Bucket

Explanation:
AWS recommend enabling encryption of data at rest. One of the options for encrypting data in S3 is to enable server-side encryption on the S3 bucket. With Server-side encryption, Amazon S3 encrypts objects before saving them to disks in the AWS data centers and then decrypts the objects when they are downloaded.

CORRECT: “Enable S3 server-side encryption on the S3 bucket” is the correct answer.

INCORRECT: “Enable cross-Region replication on the S3 bucket” is incorrect. This can help with adding additional redundancy for data but encrypting sensitive data is a better answer.

INCORRECT: “Enable requester pays to reduce costs” is incorrect. This is not a security best practice.

INCORRECT: “Enable AWS WAF to restrict access to the bucket” is incorrect. You cannot use AWS WAF to restrict access to an Amazon S3 bucket.

Question 62

What can you use to quickly connect your office securely to your Amazon VPC?    
A.AWS managed VPN
B.Route Table
C.Internet Gateway
D.Direct Connect

Answer 62

A.AWS managed VPN

Explanation:
An AWS managed VPN can be used to quickly connect from an office to an Amazon VPC. An Amazon VPC provides the option of creating an IPsec VPN connection between remote customer networks and their Amazon VPC over the internet, as shown in the following figure. Consider taking this approach when you want to take advantage of an AWS managed VPN endpoint that includes automated multi–data center redundancy and failover built into the AWS side of the VPN connection

CORRECT: “AWS managed VPN” is the correct answer.

INCORRECT: “Route Table” is incorrect. A Route Table is part of a VPC and is used to control how traffic is routed within the VPC.

INCORRECT: “Internet Gateway” is incorrect. An Internet Gateway is used to connect a public subnet to the Internet.

INCORRECT: “Direct Connect” is incorrect. AWS Direct Connect provides high-bandwidth, low-latency connectivity but takes weeks to months to setup (and is much more expensive).

Question 63

What considerations are there when choosing which region to use? (Select TWO.)
A.Available compute capacity
B.Data sovereignity
C.Prcing in local currency
D.Available storage capacity
E.Latency

Answer 63

B.Data sovereignity
E.Latency

Explanation:
You may choose a region to reduce latency, minimize costs, or address regulatory requirements.

Latency is the delay caused mostly by distance. This means you should choose to create your buckets in Regions that are closer (physically) to your users.

Some countries or industries have regulations that mandate data must not leave a jurisdiction or country border. In this case you simply select an AWS Region accordingly.

CORRECT: “Data sovereignty” is a correct answer.

CORRECT: “Latency” is also a correct answer.

INCORRECT: “Available storage capacity” is incorrect. Available capacity is generally not a concern as AWS has a large pool of resources and does not disclose the available capacity in each region.

INCORRECT: “Pricing in local currency” is incorrect. Pricing for AWS services is in USD

INCORRECT: “Available compute capacity” is incorrect. Available capacity is generally not a concern as AWS has a large pool of resources and does not disclose the available capacity in each region.

Question 64

A company recently took up an Enterprise-level AWS Support plan and has a question relating to their AWS account. Who is the primary point of contact they should direct the question to?
A.AWS PArtner Network (APN) partner
B.AWSS Concierge Support team
C.AWS Solutions Architect
D.Cloud Support Associates

Answer 64

B.AWS Concierge Support team

Explanation>:
Customers on an Enterprise-level AWS Support plan should contact the AWS Concierge Support team for assistance related to their AWS account. The excerpt below from the support plans overview table shows that only enterprise plans can use the concierge support team:

CORRECT: “AWS Concierge Support team” is the correct answer.

INCORRECT: “Cloud Support Associates” is incorrect. This team can be used by customers on the Developer plan for technical support in business hours by email.

INCORRECT: “AWS Solutions Architect” is incorrect. Solutions Architects are not provided for account questions.

INCORRECT: “AWS Partner Network (APN) partner” is incorrect. The APN is a global partner program for technology and consulting businesses who leverage Amazon Web Services to build solutions and services for customers.

Question 65

What strategy can assist with allocating metadata to AWS resources for cost tracking and visibility?
A.Access Control
B.Tagging
C.Labeling
D.Categorizing

Answer 65

B.Tagging

Explanation:
AWS allows customers to assign metadata to their AWS resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources. AWS Cost Explorer and detailed billing reports support the ability to break down AWS costs by tag.

The other options are incorrect as they are not methods of adding metadata to an AWS resource.

CORRECT: “Tagging” is the correct answer.

INCORRECT: “Labelling” is incorrect as explained above.

INCORRECT: “Access Control” is incorrect as explained above.

INCORRECT: “Categorizing” is incorrect as explained above.