Practice Test 1: AWS Certified Cloud Practitioner Practice Exam (1)

Question 1

What does AWS provide to deploy popular technologies - such as IBM MQ - on AWS with the least amount of effort and time?

• AWS Quick Start Reference Deployments
• AWS OpsWorks
• Amazon CloudWatch
• Amazon Aurora

Answer 1

AWS Quick Start reference deployments

Explanation

AWS Quick Start Reference Deployments outline the architectures for popular enterprise solutions on AWS and provide AWS CloudFormation templates to automate their deployment. Each Quick Start launches, configures, and runs the AWS compute, network, storage, and other services required to deploy a specific workload on AWS, using AWS best practices for security and availability.

Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices. These accelerators reduce hundreds of manual installation and configuration procedures into just a few steps, so you can build your production environment quickly and start using it immediately.

*The other options are incorrect:

“AWS OpsWorks” is incorrect. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.

“Amazon CloudWatch” is incorrect. Amazon CloudWatch is mainly used to monitor the utilization of your AWS resources.

“Amazon Aurora” is incorrect. Amazon Aurora is a database service.
*
References:
[https://aws.amazon.com/quickstart/]

Question 2

Which of the following must an IAM user provide to interact with AWS services using the AWS Command Line Interface (AWS CLI)?

• Secret Token
• Username and password
• Access keys
• User ID

Answer 2

Acces keys

Explanation:
Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests to AWS using the CLI or the SDK.

References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

Question 3

In the AWS Shared responsibility Model, which of the following are the responsibility of the customer? (Choose TWO)

• Disk disposal
• Controlling physical access to compute resources
• Setting password complexity rules
• Patching the Network infrastructure
• Configuring network access rules

Answer 3

Setting password complexity rules
Configuring network access rules

Explanation

The customer is responsible for securing their network by configuring Security Groups, Network Access control Lists (Network ACLs), and Routing Tables. The customer is also responsible for setting a password policy on their AWS account that specifies the complexity and mandatory rotation periods for their IAM users’ passwords.

The other options are incorrect:

“Disk disposal” is incorrect. Disk disposal ( Storage Device Decommissioning): When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.

“Controlling physical access to compute resources” is incorrect. AWS is responsible for controlling physical access to the data centers.

“Patching the Network infrastructure” is incorrect. Patching the underlying infrastructure is the responsibility of AWS. The customer is responsible for patching the Operating System of their EC2 instances and any software installed on these instances.

Question 4

You work as an on-premises MySQL DBA. The work of database configuration, backups, patching, and DR can be time-consuming and repetitive. Your company has decided to migrate to the AWS Cloud. Which of the following can help save time on database maintenance so you can focus on data architecture and performance?

• Amazon CloudWatch
• Amazon Redshift
• Amazon DynamoDB
• Amzon RDS

Answer 4

Amazon RDS

Explanation

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity while automating time-consuming administration tasks such as hardware provisioning, operating system maintenance, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.

Amazon RDS can be used to host Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server databases.

The other options are incorrect:

“Amazon Redshift” is incorrect. Amazon Redshift is not a MySQL database service. Amazon Redshift is a fully managed data warehouse service that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools.

“Amazon DynamoDB” is incorrect. Amazon DynamoDB is not a MySQL database service. Amazon DynamoDB is a fully managed NoSQL database service.

“Amazon CloudWatch” is incorrect. Amazon CloudWatch is not a database service. Amazon CloudWatch is a monitoring service that gives you complete visibility of your cloud resources and applications

Question 5

In order to implement best practices when dealing with a “Single Point of Failure,” you should attempt to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help? (Choose TWO)

• Amazon EC2
• Amazon Athena
• ECR
• ELB
• Auto Scaling

Answer 5

ELB
Auto Scaling

Explanation

You should attempt to build as much automation as possible in both detecting and reacting to failure. You can use services like ELB and Amazon Route53 to configure health checks and mask failure by only routing traffic to healthy endpoints. In addition, Auto Scaling can be configured to automatically replace unhealthy nodes. You can also replace unhealthy nodes using the Amazon EC2 auto-recovery feature or services such as AWS OpsWorks and AWS Elastic Beanstalk. It won’t be possible to predict every possible failure scenario on day one. Make sure you collect enough logs and metrics to understand normal system behavior. After you understand that, you will be able to set up alarms that trigger automated response or manual intervention.

The other options are incorrect:

ECR is incorrect. Amazon Elastic Container Registry (Amazon ECR) is a Docker container registry that allows developers to store, manage, and deploy Docker container images.

Amazon Athena is incorrect. Amazon Athena is an interactive query service that is mainly used to analyze data in Amazon S3 using standard SQL.

Amazon EC2 is incorrect. Amazon EC2 is a server-based compute service. Fault tolerance is not built-in, you have to architect for fault tolerance using the services we mentioned above.

Additional information:

Lambda is a serverless compute service. Serverless computing provides built-in fault tolerance. You don’t need to architect for this capability since the service provides it by default.

Question 6

You have AWS Basic support, and you have discovered that some AWS resources are being used maliciously, and those resources could potentially compromise your data. What should you do?

• Contact the AWS Security Tream
• Contact the AWS Concierge Team
• Contact the AWS Customer Service Team
• Contact the AWS Abuse Team

Answer 6

Contact the AWS Abuse Team

Explanation

The AWS Abuse team can assist you when AWS resources are being used to engage in the following types of abusive behavior:

I. Spam: You are receiving unwanted emails from an AWS-owned IP address, or AWS resources are being used to spam websites or forums.

II. Port scanning: Your logs show that one or more AWS-owned IP addresses are sending packets to multiple ports on your server, and you believe this is an attempt to discover unsecured ports.

III. Denial of service attacks (DOS): Your logs show that one or more AWS-owned IP addresses are being used to flood ports on your resources with packets, and you believe this is an attempt to overwhelm or crash your server or software running on your server.

IV. Intrusion attempts: Your logs show that one or more AWS-owned IP addresses are being used to attempt to log in to your resources.

V. Hosting objectionable or copyrighted content: You have evidence that AWS resources are being used to host or distribute illegal content or distribute copyrighted content without the consent of the copyright holder.

VI. Distributing malware: You have evidence that AWS resources are being used to distribute software that was knowingly created to compromise or cause harm to computers or machines on which it is installed.

Note: Anyone can report abuse of AWS resources, not just AWS customers.

The other options are incorrect:

“Contact the AWS Security team” is incorrect. The AWS Security team is responsible for the security of services offered by AWS.

“Contact the AWS Concierge team” is incorrect. The AWS Concierge team can assist you with the issues that are related to your billing and account management.

“Contact the AWS Customer Service team” is incorrect. The AWS Customer Service team is at the forefront of this transformational technology assisting a global list of customers that are taking advantage of a growing set of services and features to run their mission-critical applications. The team helps AWS customers understand what Cloud Computing is all about, and whether it can be useful for their business needs.

Question 7

Adjusting compute capacity dynamically to reduce cost is an implementation of which AWS cloud best practice?

• Build Security in every layer
• Parallelize tasks
• Adopt monolithic architecture
• Implement elasticity

Answer 7

Implement elasticity

Explanation

In the traditional data center-based model of IT, once infrastructure is deployed, it typically runs whether it is needed or not, and all the capacity is paid for, regardless of how much it gets used. In the cloud, resources are elastic, meaning they can instantly grow ( to maintain performance) or shrink ( to reduce costs).

The other options are incorrect.

“Adopt monolithic architecture” is incorrect. AWS recommends adopting microservices architecture, not monolithic architecture. With monolithic architectures, application components are tightly coupled and run as a single service. With a microservices architecture, an application is built as loosely coupled components.

Benefits of microservices architecture include:

1- Microservices allow each service to be independently scaled to meet demand for the application feature it supports.

2- Teams are empowered to work more independently and more quickly.

3- Microservices enable continuous integration and continuous delivery, making it easy to try out new ideas and to roll back if something doesn’t work.

4- Service independence increases an application’s resistance to failure. In a monolithic architecture, if a single component fails, it can cause the entire application to fail. With microservices, applications handle total service failure by degrading functionality and not crashing the entire application.

“Parallelize tasks” is incorrect. An example of parallelization is when you use a load balancer to distribute the incoming requests across multiple asynchronous instances or when you use the AWS multipart upload to upload large objects in parts. Adjusting capacity up or down based on demand defines the AWS Cloud elasticity not the parallelization.

“Build Security in every layer” is incorrect. This option is related to security.

Question 8

Under the shared responsibility model, which of the following is the responsibility of AWS?

• Client-side encryption
• Filtering traffic with Security Groups
• Configuring infrastructure devices
• Server-side encryption

Answer 8

Configuring infrastructure devices

Explanation

Under the shared responsibility model, AWS is responsible for the hardware and software that run AWS services. This includes patching the infrastructure software and configuring infrastructure devices. As a customer, you are responsible for implementing best practices for data encryption, patching guest operating system and applications, identity and access management, and network & firewall configurations.

The other options are incorrect.

“Filtering traffic with Security Groups” is incorrect. The AWS Customer is responsible for all network and firewall configurations, including the configuration of Security Groups, Network Access Control Lists (Network ACLs), and Routing tables.

“Client-side encryption” and “Server-side encryption” are incorrect. According to the AWS Shared Responsibility Model, AWS Customers are responsible for Client-side encryption and Server-side encryption. However, for some AWS fully managed services such as Amazon DynamoDB, server-side encryption is automatically done by AWS. Amazon DynamoDB transparently encrypts and decrypts all tables when they are written to disk. There is no option to enable or disable Server-side encryption.

Additional information:

AWS offers a lot of services and features that help AWS customers protect their data in the cloud. Customers can protect their data by encrypting it in transit and at rest. They can use CloudTrail to log API and user activity, including who, what, and from where calls were made. They can also use the AWS Identity and Access Management (IAM) to control who can access or edit their data.