Practice Test 3 Study Flashcards

1
Q

Which of the following are components of an AWS Site-to-Site VPN (select two):
1. Customer gateway
2. AWS storage gateway
3. Virtual private gateway (VGW)
4. Internet gateway
5. Network Address Translation gateway

A

1 - Customer gateway
3 - Virtual private gateway (VGW)

AWS Site-to-Site VPN enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC).

A virtual private gateway (VGW) is the VPN concentrator on the Amazon side of the AWS Site-to-Site VPN connection. A customer gateway is a resource in AWS that provides information to AWS about your Customer gateway device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A customer is running a comparative study of pricing models of Amazon EFS and Amazon Elastic Block Store (Amazon EBS) that are used with the Amazon EC2 instances that host the application. Which of the following statements are correct regarding this use-case? (Select two)

  1. Amazon EBS Snapshot storage pricing is based on the amount of space your data consumes in Amazon EBS
  2. You will pay a fee each time you read from or write data stored on the Amazon EFS - Infrequent Access storage class
  3. Amazon EC2 data transfer charges will apply for all Amazon EBS direct APIs for Snapshots
  4. With AWS Backup, you pay only for the amount of Amazon EFS backup storage you use in a month, you need not to pay for restoring this data
  5. Amazon EBS Snapshots are stored incrementally, which means you are billed only for the change blocks stored
A

2 - You will pay a fee each time you read from or write data stored on the Amazon EFS - Infrequent Access storage class

5 - Amazon EBS Snapshots are stored incrementally, which means you are billed only for the change blocks stored

Amazon Elastic File System (Amazon EFS) - Infrequent Access storage class is cost-optimized for files accessed less frequently. Data stored on the Amazon Elastic File System (Amazon EFS) - Infrequent Access storage class costs less than Standard and you will pay a fee each time you read from or write to a file.

Amazon EBS Snapshots are a point in time copy of your block data. For the first snapshot of a volume, Amazon EBS saves a full copy of your data to Amazon S3. Amazon EBS Snapshots are stored incrementally, which means you are billed only for the changed blocks stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following statements are CORRECT regarding security groups and network access control lists (network ACL)? (Select two)

  1. A security group is stateful, that is, it automatically allows the return traffic
  2. A security group is stateless, that is, the return traffic must be explicitly allowed
  3. A network ACL is stateful, that is, it automatically allows the return traffic
  4. A network ACL contains a numbered list of rules and evaluates these rules in the increasing order while deciding whether to allow the traffic
  5. A security group contains a numbered list of rules and evaluates these rules in the increasing order while deciding whether to allow the traffic
A

1 - A security group is stateful, that is, it automatically allows the return traffic

4 - A network ACL contains a numbered list of rules and evaluates these rules in the increasing order while deciding whether to allow the traffic

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. Security groups act at the instance level, not at the subnet level. Security groups are stateful — if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. A security group evaluates all rules before deciding whether to allow traffic.

A network access control list (network ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets (i.e. it works at subnet level). A network access control list (network ACL) contains a numbered list of rules. A network access control list (network ACL) evaluates the rules in order, starting with the lowest numbered rule, to determine whether traffic is allowed in or out of any subnet associated with the network ACL. The highest number that you can use for a rule is 32766. AWS recommends that you start by creating rules in increments (for example, increments of 10 or 100) so that you can insert new rules where you need to later on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An organization maintains separate Amazon Virtual Private Clouds (Amazon VPC) for each of its departments. With expanding business, the organization now wants to connect all Amazon Virtual Private Clouds (Amazon VPC) for better departmental collaboration. Which AWS service will help the organization tackle the issue effectively?

  1. AWS Site-to-Site VPN
  2. AWS Direct Connect
  3. VPC peering connection
  4. AWS Transit Gateway
A

4 - AWS Transit Gateway

AWS Transit Gateway connects Amazon Virtual Private Clouds (Amazon VPC) and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once. As you expand globally, inter-Region peering connects AWS Transit Gateways using the AWS global network. Your data is automatically encrypted and never travels over the public internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Compared to the on-demand instance prices, what is the highest possible discount offered for reserved instances (RI)?

  1. 50
  2. 90
  3. 72
  4. 40
A

3 - 72

Reserved instances (RI) provide you with significant savings (up to 72%) on your Amazon Elastic Compute Cloud (Amazon EC2) costs compared to on-demand instance pricing. Reserved Instances (RI) are not physical instances, but rather a billing discount applied to the use of on-demand instances in your account. You can purchase a reserved instance (RI) for a one-year or three-year commitment, with the three-year commitment offering a bigger discount.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AWS Identity and Access Management (AWS IAM) policies are written as JSON documents. Which of the following are mandatory elements of an IAM policy?

  1. Effect, Action
  2. Effect, Sid
  3. Sid, Principal
  4. Action, Condition
A

1 - Effect, Action

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A research lab wants to optimize the caching capabilities for its scientific computations application running on Amazon Elastic Compute Cloud (Amazon EC2) instances. Which Amazon Elastic Compute Cloud (Amazon EC2) storage option is best suited for this use-case?

  1. Amazon S3
  2. Amazon EFS
  3. Amazon EBS
  4. Instance Store
A

4 - Instance Store

An Instance Store provides temporary block-level storage for your Amazon EC2 instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for the temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers. Instance storage is temporary, data is lost if instance experiences failure or is terminated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An IT company would like to move its IT resources (including any data and applications) from an AWS Region in the US to another AWS Region in Europe. Which of the following represents the correct solution for this use-case?

  1. The company should raise a ticket with AWS Support for this resource migration
  2. The company should just start creating new resources in the desitnation AWS Region and then migrate the relevant data and applications into this new AWS Region
  3. The company should use AWS Database Migration Service (AWS DMS) to more the resources (including any data and applications) from source AWS Region to destination AWS Region
  4. The company shoudl use AWS CloudFormation to move the resources (including any data and applications) from source AWS Region to destination AWS Region
A

2 - The company should just start creating new resources in the desitnation AWS Region and then migrate the relevant data and applications into this new AWS Region

There is no off-the-shelf solution or service that the company can use to facilitate this transition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A company is looking for a guided path to help deploy, configure, and secure its new workloads while ensuring that it is ready for on-going operations in the cloud. Which of the following AWS services/tools can be leveraged for this use case?

  1. AWS Shared Responsibility MOdel
  2. AWS Config
  3. AWS Trusted Advisor
  4. Cloud Foundations
A

4 - Cloud Foundations

Cloud Foundations provides a guided path to help customers deploy, configure, and secure their new workloads while ensuring they are ready for on-going operations in the cloud. Cloud Foundations helps customers navigate through the decisions they need to make through curated AWS Services, AWS Solutions, Partner Solutions, and Guidance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following statements are true about Cost Allocation Tags in AWS Billing? (Select two)

  1. For each resource, each tag key must be unique, and each tag key can have only one value
  2. For each resource, each tag key must be unique, but can have multiple values
  3. Tags help in orgainizing resources and are a mandatory configuration item to run reports
  4. You must activate both AWS generated tags and user-defined tags separately before they can appear in Cost Explorer or on a cost allocation report
  5. Only user-defined tags need to be activated before they can appear in Cost Explorer or on a cost allocation report
A

1 - For each resource, each tag key must be unique, and each tag key can have only one value

4 - You must activate both AWS generated tags and user-defined tags separately before they can appear in Cost Explorer or on a cost allocation report

A Cost Allocation Tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a value. For each resource, each tag key must be unique, and each tag key can have only one value. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level.

AWS provides two types of cost allocation tags, an AWS generated tags and user-defined tags. AWS defines, creates, and applies the AWS generated tags for you, and you define, create, and apply user-defined tags. You must activate both types of tags separately before they can appear in Cost Explorer or on a cost allocation report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is a perspective of the AWS Cloud Adoption Framework (AWS CAF)?

  1. Product
  2. Process
  3. Architecture
  4. Business
A

4 - Business

The AWS Cloud Adoption Framework (AWS CAF) leverages AWS experience and best practices to help you digitally transform and accelerate your business outcomes through innovative use of AWS. AWS CAF identifies specific organizational capabilities that underpin successful cloud transformations.

AWS CAF groups its capabilities in six perspectives: Business, People, Governance, Platform, Security, and Operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the six perspectives of Cloud Adoption Framework’s capabilities?

A
  • Business
  • People
  • Governance
  • Platform
  • Security
  • Operations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A cyber-security agency uses AWS Cloud and wants to carry out security assessments on its own AWS infrastructure without any prior approval from AWS. Which of the following describes/facilitates this practice?

  1. Penetration testing
  2. Amazon Inspector
  3. Network stress testing
  4. AWS Secrets Manager
A

1 - Penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Amazon CloudWatch billing metric data is stored in which AWS Region?

  1. In the AWS Region where the AWS resource is provisioned
  2. In the AWS Region where the AWS account is created
  3. US West (N. California) - us-west-1
  4. US East (N. Virginia) - us-east-1
A

4 - US East (N. Virginia) - us-east-1

ou can monitor your estimated AWS charges by using Amazon CloudWatch. Billing metric data is stored in the US East (N. Virginia) Region and represents worldwide charges. This data includes the estimated charges for every service in AWS that you use, in addition to the estimated overall total of your AWS charges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following statements is correct regarding the Amazon Elastic File System (Amazon EFS) storage service?

  1. EC2 instances can access files on an EFS file system across many AZs and VPCs but not across Regions
  2. EC2 instances can access files an on an EFS file system across many AZs but not across VPC and Regions
  3. EC2 instances can access files on an EFS file system across amny AZs, Regions and VPCs
  4. EC2 instances can access files on an EFS file system only in one AZ.
A

3 - EC2 instances can access files on an EFS file system across amny AZs, Regions and VPCs

Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability. Amazon EC2 instances can access your file system across AZs, regions, and VPCs, while on-premises servers can access using AWS Direct Connect or AWS VPN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A research group wants to provision an Amazon Elastic Compute Cloud (Amazon EC2) instance for a flexible application that can be interrupted. As a Cloud Practitioner, which of the following would you recommend as the MOST cost-optimal option?

  1. Dedicated Host
  2. On-Demand Instance
  3. Reserved Instance (RI)
  4. Spot Instance
A

4 - Spot Instance

A Spot Instance is an unused EC2 instance that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts (up to 90%), you can lower your Amazon EC2 costs significantly. Spot Instances are well-suited for data analysis, batch jobs, background processing, and other flexible tasks that can be interrupted. These can be terminated at short notice, so these are not suitable for critical workloads that need to run at a specific point in time.

17
Q

An e-commerce company uses AWS Cloud and would like to receive separate invoices for development and production environments. As a Cloud Practioner, which of the following solutions would you recommend for this use-case?

  1. Tag all resources in the AWS account as either development or production. Then use the tags to create separate invoices.
  2. Create separate AWS accounts for development and production environments to receive separate invoices
  3. Use AWS Cost Explorer to create separate invoices for development and production environments
  4. Use AWS Organizations to create separate invoices for development and production environments
A

2 - Create separate AWS accounts for development and production environments to receive separate invoices

Every AWS account provides its own invoice end of the month. You can get separate invoices for development and production environments by setting up separate AWS accounts for each environment.

18
Q

What is the primary benefit of deploying an Amazon Relational Database Service (Amazon RDS) database in a Read Replica configuration?

  1. Read Replica reduces database usage costs
  2. Read Replica protects the datagbase from a regional failure
  3. Read Replica improves database scalability
  4. Read Replica enhances database availability
A

3 - Read Replica improves database scalability

Read Replicas allow you to create read-only copies that are synchronized with your master database. Read Replicas are used for improved read performance. You can also place your read replica in a different AWS Region closer to your users for better performance. Read Replicas are an example of horizontal scaling of resources.

19
Q

An IT company has a hybrid cloud architecture and it wants to centralize the server logs for its Amazon Elastic Compute Cloud (Amazon EC2) instances and on-premises servers. Which of the following is the MOST effective for this use-case?

  1. Use AWS CloudTrail for the EC2 instance and Amazon CloudWatch logs for the on-premises servers
  2. Use Amazon CloudWatch Logs for the Amazon EC2 instance and AWS CloudTrail for the on-premises servers
  3. Use AWS Lambda to send log data from the Amazon EC2 instance as well as on-premises servers to Amazon CloudWatch Logs
  4. Use Amazon CloudWatch Logs for both the Amazon EC2 instance and the on-premises servers
A

4 - Use Amazon CloudWatch Logs for both the Amazon EC2 instance and the on-premises servers

You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources such as on-premises servers.

20
Q

Which of the following are correct statements regarding the AWS Shared Responsibility Model? (Select two)

  1. Configuration management is the responsibility of the customer
  2. AWS is responsible for security ‘of’ the Cloud
  3. AWS is responsible for training AWS and customer employees on AWS product and services
  4. For abstracted services like Amazon S3, AWS operates the infrastrucutre layer, the operating system and platforms
  5. For a service like Amazon EC2, that falls under Infrastructure as a Service (IaaS), AWS is responsible for maintaining guest operating system
A

2 - AWS is responsible for security ‘of’ the Cloud

4 - For abstracted services like Amazon S3, AWS operates the infrastrucutre layer, the operating system and platforms

AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

21
Q

Which AWS service can help you create data-driven business cases for transitioning your business from on-premises to AWS Cloud?

  1. AWS Trusted Advisor
  2. AWS Migration Evaluator
  3. AWS Budgets
  4. AWS Billing and Cost Management
A

2 - AWS Migration Evaluator

AWS Migration Evaluator (Formerly TSO Logic) is a complimentary service to create data-driven business cases for AWS Cloud planning and migration.

22
Q

A leading research firm needs to access information available in old patents and documents (such as PDFs, Text Files, Word documents, etc) present in its huge knowledge base. The firm is looking for a powerful search tool that can dig into these knowledge resources and return the most relevant files/documents. Which of the following is the correct service to address this requirement?

  1. Amazon Lex
  2. Amazon Comprehend
  3. Amazon Personalize
  4. Amazon Kendra
A

4 - Amazon Kendra

Amazon Kendra is an intelligent search service powered by machine learning. Kendra reimagines enterprise search for your websites and applications so your employees and customers can easily find the content they are looking for, even when it’s scattered across multiple locations and content repositories within your organization.

23
Q

Which of the following AWS services are regional in scope? (Select two)

  1. Amazon Rekognition
  2. AWS IAM
  3. AWS Web Application Firewall
  4. AWS Lambda
  5. AWS Cloud Front
A

1 - Amazon Rekognition

4 - AWS Lambda

24
Q

A financial services enterprise plans to enable Multi-Factor Authentication (MFA) for its employees. For ease of travel, they prefer not to use any physical devices to implement Multi-Factor Authentication (MFA). Which of the below options is best suited for this use case?

  1. Virtual MFA device
  2. Soft Token MFA device
  3. U2F security key
  4. Hardware MF device
A

1 - Virtual MFA device

A software app that runs on a phone or other device and emulates a physical device.

25
Q

Which AWS service will you use to privately connect your virtual private cloud (VPC) to Amazon Simple Storage Service (Amazon S3)?

  1. AWS Direct Connect
  2. Amazon API Gateway
  3. VPC Endpoint
  4. AWS Transit Gateway
A

3 - VPC Endpoint

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

26
Q

Which Amazon Simple Storage Service (Amazon S3) storage class offers the lowest availability?

  1. Amazon S3 Glacier Flexible Retrieval
  2. Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
  3. Amazon S3 Standard
  4. Amazon S3 Intelligent-Tiering
A

2 - Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) is for data that is accessed less frequently but requires rapid access when needed.

27
Q

Which AWS services support High Availability by default? (Select two)

  1. Amazon EFS
  2. Amazon Redshift
  3. Instance Store
  4. Amazon EBS
  5. Amazon DynamoDB
A

1 - Amazon EFS
5 - Amazon DynamoDB

28
Q

Which of the following AWS services have data encryption automatically enabled? (Select two)?

  1. Amazon EFS
  2. Amazon Redshift
  3. Amazon S3
  4. Amazon EBS
  5. Amazon Storage Gateway
A

3 - Amazon S3
5 - Amazon Storage Gateway

29
Q

Which of the following is correct regarding the AWS Shield Advanced pricing?

  1. AWS Shield Advanced is a free service for the AWS Business Support plan
  2. AWS Shield Advanced offers protection against higher fees that could result from a DDoS attack
  3. AWS Shield Advanced is a free service for AWS Enterprise Support plan
  4. AWS Shield Advanced is a free service for all AWS Support plans
A

2 - AWS Shield Advanced offers protection against higher fees that could result from a DDoS attack

AWS Shield Advanced offers some cost protection against spikes in your AWS bill that could result from a DDoS attack. This cost protection is provided for your Elastic Load Balancing load balancers, Amazon CloudFront distributions, Amazon Route 53 hosted zones, Amazon Elastic Compute Cloud instances, and your AWS Global Accelerator accelerators.

AWS Shield Advanced is a paid service for all customers, irrespective of the Support pl

30
Q

An AWS user is trying to launch an Amazon Elastic Compute Cloud (Amazon EC2) instance in a given region. What is the region-specific constraint that the Amazon Machine Image (AMI) must meet so that it can be used for this Amazon Elastic Compute Cloud (Amazon EC2) instance?

  1. You can use an AMI from a different region, but it degrades the performance of the Amazon EC2 instance
  2. Ana AMI is a global entity, so the region is not applicable
  3. You must use AMI from teh same region that of the Amazon EC2 instance. The region of the AMI has no bearing on the performance of the Amazon EC2 instance.
  4. You should use an AMI from the same region, as it improves the performance of the Amazon EC2 instance
A

3 - You must use AMI from teh same region that of the Amazon EC2 instance. The region of the AMI has no bearing on the performance of the Amazon EC2 instance.

An Amazon Machine Image (AMI) provides the information required to launch an instance. You must specify an Amazon Machine Image (AMI) when you launch an instance. You can launch multiple instances from a single AMI when you need multiple instances with the same configuration.

The Amazon Machine Image (AMI) must be in the same region as that of the Amazon EC2 instance to be launched. If the Amazon Machine Image (AMI) exists in a different region, you can copy that Amazon Machine Image (AMI) to the region where you want to launch the EC2 instance. The region of Amazon Machine Image (AMI) has no bearing on the performance of the Amazon EC2 instance.

31
Q

A financial services company must meet compliance requirements that mandate storing multiple copies of data in geographically distant locations. As the company uses Amazon Simple Storage Service (Amazon S3) as its main storage service, which of the following represents the MOST resource-efficient solution for this use-case?

  1. Run a daily job on Amazon EC2 instance to copy objects into another region
  2. For every new object, trigger an AWS Lambda function to write data into a bucket in another AWS Region
  3. Use S3 same-region replication (S3 SRR) to replicate data between distant AWS Regions
  4. Use S3 cross-region replication (S3 CRR) to replicate data between distant AWS Regions
A

4 - Use S3 cross-region replication (S3 CRR) to replicate data between distant AWS Regions

Although Amazon S3 stores your data across multiple geographically distant Availability Zones by default, compliance requirements might dictate that you store data at even greater distances. S3 cross-region replication (S3 CRR) allows you to replicate data between distant AWS Regions to satisfy these requirements.

32
Q

Which AWS service can be used to automate code deployment to Amazon Elastic Compute Cloud (Amazon EC2) instances as well as on-premises instances?

  1. AWS CodePipeline
  2. AWS CodeDeploy
  3. AWS CodeCommit
  4. AWS CloudFormation
A

2 - AWS CodeDeploy

AWS CodeDeploy is a service that automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises.

33
Q

An IT company is on a cost-optimization spree and wants to identify all Amazon Elastic Compute Cloud (Amazon EC2) instances that are under-utilized. Which AWS services can be used off-the-shelf to address this use-case without needing any manual configurations? (Select two)

  1. AWS Trusted Advisor
  2. Amazon CloudWatch
  3. AWS Cost Explorer
  4. AWS Budgets
  5. ASW Cost & Usage Report (AWS CUR)
A

1 - AWS Trusted Advisor

3 - AWS Cost Explorer

AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. AWS Cost Explorer includes a default report that helps you visualize the costs and usage associated with your top five cost-accruing AWS services, and gives you a detailed breakdown of all services in the table view. The reports let you adjust the time range to view historical data going back up to twelve months to gain an understanding of your cost trends.