Practice Test 3 Flashcards

1
Q

Which of the following solutions can you use to connect your on-premises network with AWS Cloud (Select two).

AWS VPN
Internet Gateway
AWS Direct Connect
Amazon VPC
Route 53
A

AWS Direct Connect
AWS VPN - AWS Virtual Private Network (VPN)
solutions establish secure connections between on-premises networks, remote offices, client devices, and the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN. Together, they deliver a highly-available, managed, and elastic cloud VPN solution to protect your network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company is using a message broker service on its on-premises application and wants to move this messaging functionality to AWS Cloud. Which of the following AWS services is the right choice to move the existing functionality easily?

Kinesis
MQ
SNS
SQS

A

Amazon MQ - Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers on AWS. Amazon MQ reduces your operational responsibilities by managing the provisioning, setup, and maintenance of message brokers for you. Because Amazon MQ connects to your current applications with industry-standard APIs and protocols, you can easily migrate to AWS without having to rewrite code.

If you’re using messaging with existing applications, and want to move the messaging functionality to the cloud quickly and easily, AWS recommends you consider Amazon MQ. It supports industry-standard APIs and protocols so you can switch from any standards-based message broker to Amazon MQ without rewriting the messaging code in your applications. If you are building brand new applications in the cloud, AWS recommends you consider Amazon SQS and Amazon SNS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
Which of the following AWS services are global in scope? (Select two)
IAM
RDS
CloudFront
EC2
S3
A

AWS Identity and Access Management (IAM)
Amazon CloudFront
Most of the services that AWS offers are Region specific. But few services, by definition, need to be in a global scope because of the underlying service they offer. AWS IAM, Amazon CloudFront, Route 53 and WAF are some of the global services.

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Access Key ID and Secret Access Key are tied to which of the following AWS Identity and Access Management entities?

IAM user
AWS Policy
IAM Role
IAM Group

A

IAM User

Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). As a user name and password, you must use both the access key ID and secret access key together to authenticate your requests. Access Keys are secret, just like a password. You should never share them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A customer has created a VPC and a subnet within AWS Cloud. Which of the following statements is correct?

  • Both the VPC and the subnet span all of the Availability Zones in the Region
  • A VPC spans all of the Availability Zones in the Region whereas a subnet spans only one Availability Zone in the Region
  • Both the VPC and the subnet span only one Availability Zone in the Region
  • A subnet spans all of the Availability Zones in the Region whereas a VPC spans only one Availability Zone in the Region
A

A VPC spans all of the Availability Zones in the Region whereas a subnet spans only one Availability Zone in the Region

Amazon Virtual Private Cloud (Amazon VPC) is a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your IP address range, creation of subnets, and configuration of route tables and network gateways. A VPC spans all of the Availability Zones in the Region.

A subnet is a range of IP addresses within your VPC. A subnet spans only one Availability Zone in the Region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following statement is correct for a Security Group and a Network Access Control List?

  • Security Group acts as a firewall at the instance level whereas Network Access Control List acts as a firewall at the subnet level
  • Security Group acts as a firewall at the subnet level whereas Network Access Control List acts as a firewall at the instance level
  • Security Group acts as a firewall at the VPC level whereas Network Access Control List acts as a firewall at the AZ level
  • Security Group acts as a firewall at the AZ level whereas Network Access Control List acts as a firewall at the VPC level
A

Security Group acts as a firewall at the instance level whereas Network Access Control List acts as a firewall at the subnet level

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets (i.e. it works at subnet level).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is correct about AWS “Developer” Support plan?

  • Allows one contact to open unlimited cases
  • Allows one contact to open a limited number of cases per month
  • Allows unlimited contacts to open unlimited cases
  • Allows unlimited contacts to open a limited number of cases per month
A

Allows one contact to open unlimited cases
AWS Developer Support plan allows one primary contact to open unlimited cases.

Incorrect options:
Allows one contact to open a limited number of cases per month - As mentioned earlier, the AWS Developer Support plan allows one primary contact to open unlimited cases. So this option is incorrect.

Allows unlimited contacts to open unlimited cases - This is supported by AWS “Business” and “Enterprise” Support plans. So this is incorrect for AWS “Developer” Support plan.

Allows unlimited contacts to open a limited number of cases per month - This is a made-up option and has been added as a distractor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A startup is looking for 24x7 phone based technical support for his AWS account. Which of the following is the MOST cost-effective AWS support plan for this use-case?

Developer
Basic
Business
Enterprise

A

Business - AWS recommends Business Support if you have production workloads on AWS and want 24x7 phone, email and chat access to technical support and architectural guidance in the context of your specific use-cases. Enterprise Support plan also provides 24x7 phone, email and chat access to technical support however it’s much costlier than Business Support plan. Developer plan does not provide 24x7 phone based technical support. Therefore Business Support plan is the correct option for the given use-case.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the different gateway types supported by AWS Storage Gateway service?
Object Gateway, File Gateway and Block Gateway
Tape Gateway, Object Gateway and Volume Gateway
Tape Gateway, File Gateway and Volume Gateway
Tape Gateway, File Gateway and Block Gateway

A

Tape Gateway, File Gateway and Volume Gateway

AWS Storage Gateway is a hybrid cloud storage service that connects your existing on-premises environments with the AWS Cloud. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. These include moving tape backups to the cloud, reducing on-premises storage with cloud-backed file shares, providing low latency access to data in AWS for on-premises applications, as well as various migration, archiving, processing, and disaster recovery use cases.

AWS Storage Gateway service provides three different types of gateways – Tape Gateway, File Gateway, and Volume Gateway – that seamlessly connect on-premises applications to cloud storage, caching data locally for low-latency access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly