Practice Test 2 Study

Question 1

The engineering team at an IT company wants to monitor the CPU utilization for its fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances and send an email to the administrator if the utilization exceeds 80%. As a Cloud Practitioner, which AWS services would you recommend to build this solution? (Select two)

1. Amazon Simple Notfication System (SNS)
2. Amazon Simple Queue Service (SQS)
3. Amazon CloudWatch
4. AWS Lambda
5. AWS CloudTrail

Answer 1

1- Amazon Simple Notification Service (SNS)
3- Amazon CloudWatch

Question 2

A startup is looking for 24x7 phone based technical support for its AWS account. Which of the following is the MOST cost-effective AWS support plan for this use-case?

1. AWS Developer Support
2. AWS Business Support
3. AWS Enterprise Support
4. AWS Enterprise On-Ramp Support

Answer 2

4- AWS Enterprise On-Ramp Support

You should use the AWS Business Support plan if you have production workloads on AWS and want 24x7 phone, email and chat access to technical support and architectural guidance in the context of your specific use-cases. AWS Business Support plan is the MOST cost-effective option for the given use-case.

Question 3

A company is using a message broker service on its on-premises application and wants to move this messaging functionality to AWS Cloud. Which of the following AWS services is the right choice to move the existing functionality easily?

1. Amazon MQ
2. Amazon Simple Queue Service (SQS)
3. Amazon Kinesis Data Streams
4. Amazon Simple Notification Service (SNS)

Answer 3

1- Amazon MQ (Message Queue)

Question 4

A company’s flagship application runs on a fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances. As per the new policies, the system administrators are looking for the best way to provide secure shell access to Amazon Elastic Compute Cloud (Amazon EC2) instances without opening new ports or using public IP addresses.

Which tool/service will help you achieve this requirement?

1. AWS Systems Manager Session Manager
2. Amazon Elastic Compute Cloud (Amazon EC2) Instance Connect
3. Amazon Inspector
4. Amazon Route 53

Answer 4

1- AWS Systems Manager Session Manager

AWS Systems Manager Session Manager is a fully-managed service that provides you with an interactive browser-based shell and CLI experience. It helps provide secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, and manage SSH keys. AWS Systems Manager Session Manager helps to enable compliance with corporate policies that require controlled access to instances, increase security and auditability of access to the instances while providing simplicity and cross-platform instance access to end-users.

Question 5

Which of the following statement is correct for a Security Group and a Network Access Control List (Network ACL)?

1. Security Group acts as a firewall at the instance level whereas Network Acces Control List (Network ACL) acts as a firewall at the subnet level
2. Security Group acts as a firewall at the subnet level whereas Network Access Control List (Network ACL) acts as a firewall at the instance level
3. Security Group acts as a firewall at the VPC level whereas Network Access Control List (Network ACL) acts as a firewall at the Availability Zone (AZ) level
4. Security Group acts as a firewall at the Availability Zone (AZ) level whereas Network Access Control List (Network ACL) acts as a firewall at the VPC level

Answer 5

1. Security Group acts as a firewall at the instance level whereas Network Access Control List (Network ACL) acts as a firewall at the subnet level

• A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.
• Each subnet in your VPC must be associated with a network ACL

Question 6

AWS Compute Optimizer delivers recommendations for which of the following AWS resources? (Select two)

1. Amazon EC2 instances, Amazon EFS
2. Amazon EFS, AWS Lambda functions
3. Amazon EC2 instances, Amazon EC2 Auto Scaling groups
4. AWS Lambda functions, Amazon S3
5. Amazon EBS, AWS Lambda functions

Answer 6

3- Amazon EC2, Amazon EC2 Auto Scaling groups
5- Amazon EBS, AWS Lambda functions

Question 7

Which Amazon Elastic Compute Cloud (Amazon EC2) pricing model is the most cost-effective and flexible with no requirement for a long term resource commitment or upfront payment but still guarantees that instance would not be interrupted?

1. Reserved Instance (RI)
2. Spot Instance
3. Dedicated Host
4. On-demand Instance

Answer 7

4- On-demand instance

An On-Demand Instance is an instance that you use on-demand. You have full control over its lifecycle — you decide when to launch, stop, hibernate, start, reboot, or terminate it. There is no long-term commitment required when you purchase On-Demand Instances. There is no upfront payment and you pay only for the seconds that your On-Demand Instances are running. The price per second for running an On-Demand Instance is fixed. On-demand instances cannot be interrupted.

Question 8

What is the primary benefit of deploying an Amazon RDS Multi-AZ database with one standby?

1. Amazon RDS Multi-AZ enhances database availability
2. Amazon RDS Multi-AZ reduces database usage costs
3. Amazon RDS Multi-AZ protects the database from a regional failure
4. Amazon RDS Multi-AZ improves database performance for read-heavy workloads

Answer 8

1- Amazon RDS Multi-AZ enhances database availability

NOT protecting from a regional failure

Question 9

A gaming company is looking at a technology/service that can deliver a consistent low-latency gameplay to ensure a great user experience for end-users in various locations.

Which AWS technology/service will provide the necessary low-latency access to the end-users?

1. AWS Direct Connect
2. AWS Wavelength
3. AWS Edge Locations
4. AWS Local Zones

Answer 9

4- AWS Local Zones

AWS Local Zones allow you to use select AWS services, like compute and storage services, closer to more end-users, providing them very low latency access to the applications running locally.

(An AWS Edge location is a site that CloudFront uses to cache copies of the content for faster delivery to users at any location.)

Question 10

An IT company wants to run a log backup process every Monday at 2 AM. The usual runtime of the process is 5 minutes. As a Cloud Practitioner, which AWS services would you recommend to build a serverless solution for this use-case? (Select two)

1. AWS Lambda
2. Amazon Eventbridge
3. AWS Step Function
4. AWS Systems Manager
5. Amazon EC2

Answer 10

1- AWS Lambda
2- Amazon Eventbridge

Amazon EventBridge is a serverless service that provides real-time access to changes in data in AWS services, your own applications, and software as a service (SaaS) applications without writing code.

Question 11

An e-commerce company wants to store data from a recommendation engine in a database. As a Cloud Practioner, which AWS service would you recommend to provide this functionality with the LEAST operational overhead for any scale?

1. Amazon S3
2. Amazon RDS
3. Amazon DynamoDB
4. Amazon Neptune

Answer 11

3- Amazon DynamoDB

Amazon Neptune is a fully managed database service built for the cloud that makes it easier to build and run graph applications. It’s not the right fit to store recommendation results with the LEAST operational overhead for any scale.

Question 12

What are the different gateway types supported by AWS Storage Gateway service?

1. Object Gateway, File Gateway and Block Gateway
2. Tape Gateway, File Gateway and Block Gateway
3. Tape Gateway, Object Gateway and Volume Gateway
4. Tape Gateway, File Gateway and Volume Gateway

Answer 12

4- Tape Gateway, File Gateway, Volume Gateway

AWS Storage Gateway service provides three different types of gateways – Tape Gateway, File Gateway, and Volume Gateway – that seamlessly connect on-premises applications to cloud storage, caching data locally for low-latency access.

Question 13

As per the AWS Shared Responsibility Model, which of the following is a responsibility of AWS from a security and compliance point of view?

• Customer Data
• IAM
• Server-side Encryption (SSE)
• Edge Location Management

Answer 13

Edge location management

AWS is responsible for security “of” the cloud. This covers their global infrastructure elements including Regions, Availability Zones (AZ), and Edge Locations.

Question 14

Which of the following solutions can you use to connect your on-premises network with AWS Cloud (Select two)?

1. AWS Direct Connect
2. Amazon VPC
3. AWS VPN
4. Amazon Route 53
5. Internet Gateway

Answer 14

1- AWS Direct Connect
3- AWS Virtual Private Network (VPN)

AWS Virtual Private Network (VPN) solutions establish secure connections between on-premises networks, remote offices, client devices, and the AWS global network.

Question 15

Which of the following statements are correct about the AWS root user account? (Select two)

1. Root user access creds are the email address and password used to create the AWS account
2. Root user access password cannot be changed once it’s set
3. Root user account gets unrestricted permissions when the account is created, but these can be restricted using IAM policies
4. Root user creds should only be shared with managers requiring administrative responsibilities to complete their jobs
5. It is highly recommended to enable MFA for root user account

Answer 15

1- Root user access credentials are the email address and password used to create the AWS account
5- It is highly recommended to enable MFA for root user account

Question 16

Which of the following is correct about AWS Developer Support plan:

1. Allows unlimited contacts to open a limited number of cases per month
2. Allows one contact to open a limited number of cases per month
3. Allows unilimited contacts to open unlimited cases
4. Allows one contact to open unlimited cases

Answer 16

4- Allows one contact to open unlimited cases

Question 17

A customer has created a VPC and a subnet within AWS Cloud. Which of the following statements is correct?

1. An Amazon VPC spans all of the AZs in the Region whereas a subnet spans only one AZ in the Region
2. A subnet spans all of the AZs in the Region whereas an Amazon VPC spans only one AZ in the Region
3. Both the Amazon VPC and the subnet span all of the AZs in the Region
4. Both the Amazon VPC and the subnet span only one AZ in the Region

Answer 17

1. An Amazon VPC spans all of the AZs in the Region whereas a subnet spans only one AZ in the Region

An Amazon Virtual Private Cloud (Amazon VPC) spans all of the Availability Zones (AZ) in the Region.

A subnet is a range of IP addresses within your Amazon Virtual Private Cloud (Amazon VPC). A subnet spans only one Availability Zone (AZ) in the Region.

Question 18

A social media company wants to protect its web application from common web exploits such as SQL injection and cross-site scripting. Which of the following AWS services can be used to address this use-case?

1. AWS CloudWatch
2. Amazon GuardDuty
3. AWS Web Application Firewall (AWS WAF)
4. Amazon Inspector

Answer 18

3- AWS Web Application Firewall (AWS WAF)

AWS Web Application Firewall (AWS WAF) gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns such as SQL injection or cross-site scripting. You can also use rate-based rules to mitigate the Web layer DDoS attack.