Practice Test Questions Flashcards

Question 1

Q

Which cloud computing model offers fundamental building blocks that can be rented?

Answer

A

Infrastructure as a Service (IaaS)

IaaS offers building blocks that can be rented. EC2 is an example of IaaS.

Question 2

Q

Which cloud computing model if often used by developers to develop software using web-based tools?

Answer

A

Platform as a Service (PaaS)

Question 3

Q

What deployment model allows companies to migrate and extend their on-premises VMware vSphere-based environments to AWS Cloud using Amazon EC2?

Answer

A

Hybrid deployments connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud.

VMware Cloud on AWS is an example of a hybrid deployment, since it involves the on-premises environments of VMware and the cloud-based services of AWS.

Question 4

Q

A telecommunications company wants to develop a business case for moving its IT applications and infrastructure to AWS. The company’s leadership understands the agility value of the cloud, but the finance group is not interested in shifting capital expense to operating expense due to the company’s tax structure. What business case would satisfy everyone at the company?

Answer

A

Suggest that the company make Reserved Instance purchases and capitalize them.

Many companies capitalize Reserved Instance purchases, especially those with 3-year terms.

Question 5

Q

A distinct location within a geographic area designed to provide high availability to a specific geography is called a ___________.

Answer

A

A Region is a distinct location within a geographic area designed to provide high availability to a specific geography. Regions are a key concept in AWS’ Global Infrastructure — each is made up of 1 or more isolated (within that Region) Availability Zones. There are often multiple AWS Regions on each continent, such as North America.

Question 6

Q

What is the most efficient way for a customer to continuously monitor CloudTrail event logs, Amazon VPC Flow Logs, and DNS logs looking for unauthorized behavior?

Answer

A

GuardDuty is an intelligent threat detection system that uncovers unauthorized behavior.

note: While a CloudWatch alarm can be created to monitor logs, like VPC Flow Logs, it is not the most efficient way.

Question 7

Q

Which security service provides enhanced protections and 24/7 access to AWS experts for a fee when issues arise?

Answer

A

AWS Shield Advanced

AWS Shield Advanced provides enhanced protections and 24/7 access to AWS experts for a fee.

Question 8

Q

In Identity and Access Management (IAM), which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS?

Answer

A

Principal

A principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.

Question 9

Q

You have a read-heavy application workload resulting in I/O-intensive Amazon RDS database queries. Which service is most suitable to improve performance?

Answer

A

ElastiCache

You can use ElastiCache to store the results of often-used queries, and this will allow quicker retrieval of this data.

Question 10

Q

What allows you to access AWS services from popular programming languages like Java, Python, and C#?

Answer

A

Software development kits

Software development kits (or SDKs) provide everything you need to develop and manage applications in AWS, including the programming language of your choice.

Question 11

Q

What AWS services gives you a personalized view of the performance and availability of the AWS services underlying your AWS resources, alerting you and providing remediation guidance when AWS is experiencing events that may affect you?

Answer

A

AWS Personal Health Dashboard

AWS Personal Health Dashboard gives you a personalized view of the performance and availability of the AWS services underlying your AWS resources.

Question 12

Q

What can help recommend changes to your environment based on some AWS best practices?

Answer

A

Trusted Advisor

Question 13

Q

Which services can host a MariaDB database?

Answer

A

RDS

RDS supports several popular database engines: Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server.

EC2

For complete control of a database, you can install the database software directly on an EC2 instance.

Question 14

Q

What is a relational database compatible with MySQL and PostgreSQL that was created by AWS?

Question 15

Q

A company would like to implement a hybrid storage model where they connect on-premises data storage to storage in the AWS Cloud in order to move their backups to the cloud. What is the best and most efficient way to achieve this?

Answer

A

Storage Gateway

Storage Gateway is a hybrid storage service that allows you to connect on-premises and cloud data.

note: While Direct Connect supports a hybrid model, it’s not the best and most efficient solution.

Question 16

Q

How does S3 Transfer Acceleration help you get your data into S3 quicker?

Answer

A

By using AWS’ network of edge locations to upload to a location closest to you before taking the most optimal path within AWS’ network

S3 Transfer Acceleration uses AWS’ network of edge locations to ingest data, and then uses the most optimal path within its own network to reach S3. Although compression and splitting data up before upload can also help speed things up, these are not offered by Transfer Acceleration. AWS does not let you send in data on your own disks, and although Snowball does let you send data in without going across the internet, it is only useful when working with massive amounts of data.

Question 17

Q

A company would like to automate the configuration of its servers and deploy code to servers in the cloud and on-premises. Which service meets the requirement?

Answer

A

OpsWorks

OpsWorks allows you to use Chef or Puppet to automate the configuration of your servers and deploy code on-premises or the cloud.

Question 18

Q

A healthcare agency needs to store certain patient information for up to 10 years. To save cost, they want to archive this data to cheaper storage. The data needs to be retrieved within 12 hours. Which is the cheapest option?

Answer

A

Glacier Deep Archive

Glacier Deep Archive meets the requirement and is the cheapest option.

Question 19

Q

You have a short-term computing task to complete. It is essential that this task run uninterrupted from start to finish. Which is the best EC2 option for this task?

Answer

A

On-Demand Instance

No commitment
No upfront costs
highly flexible
suitable for short term projects

Question 20

Q

In the AWS Global Infrastructure, which components are physically separated and connected through low-latency links, enabling fault tolerance and high availability?

Answer

A

Availability Zones

Availability Zones (AZs) are connected among themselves in a single Region. They are physically separated, connected through low-latency links, fault tolerant, and allow high availability.

Question 21

Q

What can you use to resolve the connection between your on-premises VPN and your AWS virtual private cloud?

Answer

A

An Amazon VPC Site-to-Site VPN connection can link your data center (or network) to your Amazon Virtual Private Cloud (VPC). A customer gateway is an anchor on your side of that connection. It can be a physical or software appliance. The anchor on the AWS side of the VPN connection is called a virtual private gateway.

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.tutorialsdojo.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.

This service can also help you create a hybrid cloud architecture using the Amazon Route 53 Resolver, which provides recursive DNS for your Amazon VPC and on-premises networks over AWS Direct Connect or a VPN solution.

Question 22

Q

Which service is the most suitable one to use to store the results of I/O-intensive SQL database queries to improve application performance?

Answer

A

Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, run, and scale popular open source compatible in-memory data stores. With this service, you can build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores.

Question 23

Q

Which service is capable of inspecting your AWS environment and making recommendations to lower expenditures, improve system performance and reliability, and close security gaps?

Answer

A

AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. It inspects your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps.

Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally.

Question 24

Q

What Amazon EC2 instance purchasing option can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses?

Answer

A

An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses.

Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses, including Microsoft Windows Server, Microsoft SQL Server, SUSE Linux Enterprise Server, Red Hat Enterprise Linux, or other software licenses that are bound to VMs, sockets, or physical cores, subject to your license terms.

Question 25

Q

Which type of Elastic Load Balancer supports path-based routing, host-based routing, and bi-directional communication channels using WebSockets?

Answer

A

Application Load Balancer – This is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers. Operating at the individual request level (Layer 7), Application Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request.

Question 26

Q

________ describes the ability to scale computing resources out or in easily, while only paying for the resources used.

Answer

A

Elasticity

Question 27

Q

What service allows you to connect a private cloud to a public cloud?

Answer

A

Direct Connect

Direct Connect is a dedicated physical network connection from your on-premises data center to AWS.

Question 28

Q

A company on the Business Support plan currently runs all their applications in a single Region. They have made the decision to expand to multiple Regions. What is the process to start deploying their applications to the new Regions?

Answer

A

Just start deploying the applications to the new Regions.

You are free to deploy your applications to new Regions. Don’t forget: CloudFormation can make the process of provisioning resources easier and repeatable.

Question 29

Q

A system’s ability to grow to accommodate an increase in demands is an example of which cloud concept?

Answer

A

Scalability

Scalability is the concept that describes a measurement of a system’s ability to grow to accommodate an increase in demand. Successful, growing, systems often see an increase in demand over time. A system that is scalable can adapt to meet this new level of demand.

Question 30

Q

________ is AWS’ managed DDoS protection service

Answer

A

AWS Shield

AWS Shield is AWS’ managed DDoS protection service at Layer 4.

Question 31

Q

_________ refers to the Identity and Access Management (IAM) resource objects that AWS uses for authentication.

Answer

A

Entities

IAM entities are the users (IAM users and federated users) and roles that are created and used for authentication.

Question 32

Q

You are using your corporate directory to grant your users access to AWS services. What is this called?

Answer

A

Federated access

Federated access is when you use an external directory, such as your corporate one, to grant users in that directory access to AWS resources.

Question 33

Q

A company has a large number of S3 buckets and needs to manage and automate tasks on these buckets at one time. Which AWS feature can do this?

Answer

A

Resource groups

You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time. This guide shows you how to create and manage AWS resource groups.

Question 34

Q

__________ compute services is ideal if you need to run a simple website or a simple e-commerce application.

Answer

A

Lightsail is ideal for simple websites or simple e-commerce applications.

Question 35

Q

You’ve been tasked with assessing your AWS infrastructure in terms of cost optimization. Which of the following AWS services would help with this task?

Answer

A

Trusted Advisor

AWS Trusted Advisor is an online tool that provides you with real-time guidance to help you provision your resources following AWS best practices.

Question 36

Q

Using Infrastructure as Code (IaC) is related to which cloud concept?

Answer

A

Automation

Infrastructure as Code is a key implementation of automation in cloud - using Infrastructure as Code allows you to quickly and easily deploy and manage your environment without reliance on humans to complete all the tasks.

Question 37

Q

The load on your application fluctuates by day of the week. Wednesdays have the most traffic, and Saturdays have the least traffic. Which AWS service allows you to ensure you have the correct amount of compute capacity while also optimizing on a cost basis?

Answer

A

Auto Scaling

Auto Scaling allows you to add or remove EC2 instances based on conditions you specify. Auto Scaling events can be scheduled to meet predictable changes in the load on your application.

Question 38

Q

A company has developed a popular online multiplayer gaming application. How can the company enhance its players’ online experience and improve overall application availability and reduce in-game latency?

Answer

A

Global Accelerator

Global Accelerator can improve the experience by routing player traffic along with the private AWS global network to the fastest instance of your application. Player traffic is not negatively impacted by internet congestion and local outages.

Question 39

Q

With which AWS service, coupled with EC2, can you implement elasticity by adding and removing instances as needed?

Answer

A

Auto Scaling

Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance.

Question 40

Q

A customer provisioned an on-demand EC2 instance using a Linux AMI. The instance ran for 10 hours, 3 minutes, and 7 seconds before the user terminated it. How much time will the customer be billed for?

Answer

A

10 hours, 3 minutes, and 7 seconds

You are billed down to the second for an EC2 instance.

Question 41

Q

When you pay a subscription fee to a hosting company to serve your website on an instance you manage, which cloud computing model are you using?

Answer

A

Infrastructure as a Service (IaaS)

IaaS offers building blocks that can be rented. When you pay a web hosting fee, you’re using IaaS.

Question 42

Q

When you access tools provided to build a storefront application that runs on another company’s server, which cloud computing model are you using?

Answer

A

Platform as a Service (PaaS)

PaaS is often used by developers to develop software using web-based tools.

Question 43

Q

You would like to give an application running on one of your EC2 instances access to an S3 bucket. What is the best way to implement this?

Answer

A

Assign the instance an IAM role

The recommended method to assign permissions to apps running in EC2 is to use IAM roles.

Question 44

Q

For which services is DDoS protection via AWS Shield Advanced supported?

Answer

A

CloudFront
Route 53
Elastic Load Balancing

Question 45

Q

Which AWS service allows the deployment of resources in code templates, otherwise known as Infrastructure as Code?

Answer

A

CloudFormation

CloudFormation allows you to provision AWS resources using Infrastructure as Code (IaC)

Question 46

Q

A gaming company is using the AWS Developer Tools suite to develop, build, and deploy their applications. Which AWS service can be used to trace user requests from end to end through the application?

Answer

A

AWS X-Ray

AWS X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application’s underlying components. You can use X-Ray to analyze from simple three-tier applications to complex microservices applications consisting of thousands of services.

Question 47

Q

A development team has created a large amount of CloudFormation templates in the JSON format. Which AWS database would be best suited for storing these documents?

Answer

A

Amazon DocumentDB

Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads. As a document database, Amazon DocumentDB makes it easy to store, query, and index JSON data.

Question 48

Q

Amazon DocumentDB

Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads. As a document database, Amazon DocumentDB makes it easy to store, query, and index JSON data.

Answer

A

Elastic Beanstalk monitors application health via a health dashboard.

Route 53 can be used to configure DNS health checks to route traffic to healthy endpoints or to monitor the health of your applications.

Elastic Load Balancing

Load balancers monitor the health of EC2 instances and route the traffic to only instances that are in a healthy state.

Question 49

Q

A company ingests data to S3 using Kinesis. What is the easiest way for the company to run ad hoc SQL queries against the data in S3 without the need to manage servers?

Answer

A

Use Athena.

Athena allows the company to query data in S3 using standard SQL.

Question 50

Q

A customer wants to run an application on a local version of an EC2 instance in a disconnected environment. Which Snow Family device supports this?

Answer

A

Snowball Edge

Snowball Edge offers on-board storage and compute power that can handle local processing and edge-computing workloads in disconnected environments and handles transferring data between your local environment and AWS. Snowball Edge supports S3, EC2, Lambda, and IoT Greengrass.

Question 51

Q

You have decided to use the AWS Cost and Usage Report to track your EC2 Reserved Instance costs. Which AWS service can be used to store AWS Cost and Usage report files?

Answer

A

An S3 bucket you own

You can use Cost and Usage Reports to publish your AWS billing reports to an S3 bucket you own. AWS updates the report in your bucket once a day in comma-separated value (CSV) format. You can view the reports using spreadsheet software or access them from an application using the Amazon S3 API.

Question 52

Q

Scientists would like to analyze terabytes of scientific data from a rover that landed on Mars. Which service will help them find trends and understand the vast amount of data using Hadoop?

Answer

A

Elastic MapReduce (EMR)

EMR helps you process large amounts of data using big data frameworks like Hadoop.

Question 53

Q

You need to track your AWS costs on a detailed level. Which tool will allow you to do this?

Answer

A

Cost Allocation Tags

A tag is a label that you or AWS assign to an AWS resource. Each tag consists of a key and a value. Tagged resources can appear on the Cost Explorer or on a cost allocation report.

Question 54

Q

How can a customer meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated hardware in the cloud?

Answer

A

CloudHSM

CloudHSM allows customers to meet compliance requirements for data security by using dedicated hardware.

Question 55

Q

Which pillar of the Well-Architected Framework encourages the use of CloudFormation?

Answer

A

Operational excellence

Operational excellence focuses on creating applications that effectively support production workloads. Scripting operations as code is a part of this pillar, which includes the use of CloudFormation.

Question 56

Q

A company wants to ensure all AWS accounts in their environment conform to company-wide policies. Which services can help?

Answer

A

Control Tower

Control Tower helps you ensure your accounts conform to company-wide policies. Control Tower actually sits on top of Organizations.

Organizations

Organizations allows you to centrally manage multiple AWS accounts under 1 umbrella. You can allocate resources and apply policies across accounts.

Question 57

Q

A customer has an on-premises 5-gigabyte Oracle database that needs to be migrated to AWS and converted to Aurora. The customer requires minimal downtime to the database. Which service is the best option for migration and conversion?

Answer

A

Database Migration Service

DMS supports homogeneous migrations like Oracle to Oracle and heterogeneous migrations like Oracle to Aurora, with minimal downtime.

Question 58

Q

__________ is basically a metrics and logs repository.

Answer

A

Amazon CloudWatch

An AWS service, such as Amazon EC2, puts metrics and monitoring logs into Cloudwatch, and you can view statistics based on those metrics. If you put your own custom metrics into the service, you can retrieve statistics on these metrics as well. You can use metrics to calculate statistics and then present the data graphically in the CloudWatch console. You can configure alarm actions to stop, start, or terminate an Amazon EC2 instance when certain criteria are met, for example. In addition, you can create alarms that initiate Amazon EC2 Auto Scaling and Amazon Simple Notification Service (Amazon SNS) actions on your behalf, and more.

Question 59

Q

_______ is an automated security assessment service?

Answer

A

Amazon Inspector

Question 60

Q

_______ is a repository for compliance rules.

Answer

A

AWS Config

Question 61

Q

________ is a senior customer service agent who is assigned to your account when you subscribe to an Enterprise or qualified Reseller Support plan.

Answer

A

AWS Concierge

Question 62

Q

________ a software that lets you run local compute, messaging, data caching, sync, and ML inference capabilities on connected devices in a secure way.

Answer

A

AWS IoT Greengrass

Question 63

Q

Which AWS Cloud Adoption Framework perspective enables you to orchestrate your cloud initiatives, increasing organizational advantages and lowering risks associated with the transition?

Answer

A

Governance Perspective

Question 64

Q

Which AWS Cloud Adoption Framework perspective assists in ensuring that your cloud services are offered at a level that satisfies your company’s requirements.

Answer

A

Operations Perspective

Answer 64

A

Platform Perspective

Answer 65

A

AWS IAM Access Analyzer

offers the following features:

– Identify resources in your organization and accounts that are shared with an external entity.

– Validates IAM policies against policy grammar and best practices.

– Generates IAM policies based on access activity in your AWS CloudTrail logs.

Answer 66

A

CloudEndure Disaster Recovery is a tool that minimizes downtime and data loss by providing fast, reliable recovery of physical, virtual, and cloud-based servers into AWS Cloud. You can also use CloudEndure Disaster Recovery to protect your most critical SQL databases thanks to the continuous replication of your machines into a low-cost staging area in your target AWS account and preferred Region.

In the case of a disaster, CloudEndure Disaster Recovery can automatically launch your machines in their fully provisioned state in minutes.

Answer 67

A

AWS Security Hub is a service that helps customers to improve their security posture on AWS by providing a comprehensive view of security and compliance across their AWS accounts. It aggregates security findings from various AWS services and third-party tools and presents them in a single dashboard. Doing so makes it easier for customers to identify and prioritize security issues and take corrective actions. Moreover, it offers automated compliance checks against industry standards and best practices such as PCI DSS, HIPAA, and CIS AWS Foundations Benchmark. With AWS Security Hub, customers can automate security and compliance checks, eliminate manual processes, and increase the efficiency of their security operations.

Answer 68

A

AWS Control Tower is for customers who want to create or manage their multi-account AWS environment with best practices. It offers prescriptive guidance to govern your AWS environment at scale. It gives you control over your environment without sacrificing the speed and agility AWS provides for builders.

AWS Control Tower offers the easiest way to set up and govern a secure, multi-account AWS environment. It establishes a landing zone that is based on best-practices blueprints and enables governance using guardrails you can choose from a pre-packaged list. The landing zone is a well-architected, multi-account baseline that follows AWS best practices. Guardrails implement governance rules for security, compliance, and operations.

Answer 69

A

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. When you set permissions with IAM policies, grant only the permissions required to perform a task, this practice is known as granting the least privilege. You can apply least-privilege permissions in IAM by defining the actions that can be taken on specific resources under specific conditions.

Answer 70

A

AWS Glue orchestrates your ETL (extract, transform, and load) activities to build data warehouses and data lakes and generate output streams using other AWS services. AWS Glue uses API activities to modify your data, generate runtime logs, save your job logic, and generate notifications to assist you in monitoring your task runs. The AWS Glue console binds these services together into a managed application, allowing you to focus on generating and monitoring your ETL work. The console manages administrative and job development tasks for you. You provide AWS Glue with credentials and other properties to access your data sources and write to your data targets.

Answer 71

A

Amazon Athena

While Athena can be used to query data stored in S3, it does not provide a full-fledged ETL solution for extracting, transforming, and loading data into a data warehouse or data lake.

Answer 72

A

Amazon RDS
Amazon EC2

Amazon Web Services offers you the flexibility to run Microsoft SQL Server for as much or as little time as you need and select from a number of versions and editions. SQL Server on Amazon EC2 and Amazon EBS gives you complete control over every setting, just like when it’s installed on-premises.

Amazon RDS is a managed service that takes care of all the maintenance, backups, and patching for you.

Answer 73

A

Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This feature makes it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads.

You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas can also be promoted when needed to become standalone DB instances. Read replicas are available in Amazon RDS for MySQL, MariaDB, Oracle, and PostgreSQL as well as Amazon Aurora.

Answer 74

A

AWS Snowball Edge is a data migration and edge computing device that comes in two options. Snowball Edge Storage Optimized provides both block storage and Amazon S3-compatible object storage and 24 vCPUs. It is well suited for local storage and large-scale data transfer. Snowball Edge Compute Optimized provides 52 vCPUs, block and object storage, and an optional GPU for use cases such as advanced machine learning and full-motion video analysis in disconnected environments. Customers can use these two options for data collection, machine learning and processing, and storage in environments with intermittent connectivity (such as manufacturing, industrial, and transportation) or in extremely remote locations (such as military or maritime operations) before shipping it back to AWS. These devices may also be rack mounted and clustered together to build larger, temporary installations.

Snowball Edge supports specific Amazon EC2 instance types as well as AWS Lambda functions, so customers may develop and test in AWS and then deploy applications on devices in remote locations to collect, pre-process, and return the data. Common use cases include data migration, data transport, image collation, IoT sensor stream capture, and machine learning.

Answer 75

A

Instance store
provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.

An instance store consists of one or more instance store volumes exposed as block devices. The size of an instance store, as well as the number of devices available, varies by instance type.

Since the disk is physically attached to the instance, disk read and writes are faster than EBS volumes or EFS systems which are virtually attached.

Answer 76

A

AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. Your applications connect to the service through a virtual machine or hardware gateway appliance using standard storage protocols, such as NFS, SMB, and iSCSI. The gateway connects to AWS storage services, such as Amazon S3, Amazon S3 Glacier, Amazon S3 Glacier Deep Archive, Amazon EBS, and AWS Backup, providing storage for files, volumes, snapshots, and virtual tapes in AWS.

AWS Snowball Edge is incorrect because this is just an edge computing and data transfer device provided by the AWS Snowball service. It has onboard storage and compute power that provides select AWS services for use in edge locations. Since it is stated in the scenario that no migration will be done, this is not the best solution to go for.

Answer 77

A

General Purpose SSD
Recommended for most workloads; Can be used as system boot volumes; Best for development and test environments

Answer 78

A

for critical business applications that require sustained IOPS performance; Best used for large database workloads

Answer 79

A

for streaming workloads requiring consistent, fast throughput at a low price, big data, data warehouses, and log processing. It cannot be a boot volume

Answer 80

A

for throughput-oriented storage for large volumes of data that are infrequently accessed or in scenarios where the lowest storage cost is important. It cannot be a boot volume

Answer 81

A

AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from the most widely used commercial and open-source databases.

AWS Database Migration Service supports homogeneous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle or Microsoft SQL Server to Amazon Aurora. With AWS Database Migration Service, you can continuously replicate your data with high availability and consolidate databases into a petabyte-scale data warehouse by streaming data to Amazon Redshift and Amazon S3.

Answer 82

A

Amazon EMR is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. It utilizes a hosted Apache Hadoop framework running on the web-scale infrastructure of Amazon EC2 and Amazon S3. Amazon EMR lets you focus on crunching or analyzing your data without having to worry about time-consuming set-up, management, or tuning of Hadoop clusters or the compute capacity upon which they sit.

Answer 83

A

AMIs provide the information required to launch an Amazon EC2 instance, which is a virtual server in the AWS Cloud. A golden AMI is an AMI that contains the latest security patches, software, configuration, and software agents that you need to install for logging, security maintenance, and performance monitoring.

An AMI includes the following:

– One or more EBS snapshots, or, for instance-store-backed AMIs, a template for the root volume of the instance (for example, an operating system, an application server, and applications).

– Launch permissions that control which AWS accounts can use the AMI to launch instances.

– A block device mapping that specifies the volumes to attach to the instance when it’s launched.

Answer 84

A

Amazon Aurora is a relational database engine that combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. It is designed to transparently handle the loss of up to two copies of data without affecting database write availability and up to three copies without affecting read availability. Amazon Aurora storage is also self-healing. Data blocks and disks are continuously scanned for errors and repaired automatically.

Amazon Aurora is fully managed by Amazon Relational Database Service (RDS), which automates time-consuming administration tasks like hardware provisioning, database setup, patching, and backups.

It also features a distributed, fault-tolerant, self-healing storage system that auto-scales up to 64TB per database instance. It delivers high performance and availability with up to 15 low-latency read replicas, point-in-time recovery, continuous backup to Amazon S3, and replication across three Availability Zones (AZs).

Answer 85

A

A Global service means that it covers all of the AWS Regions across the globe

IAM
STS
Route 53
CloudFront
WAF.

Answer 86

A

a Zonal service can only exist in one Availability Zone.

examples are EC2 Instance and EBS Volumes

Take note that although EBS Volumes are considered a zonal service, the EBS snapshots are considered regional since it is not tied to a specific Availability Zone.

Answer 87

A

Amazon EC2 is considered IaaS because you have total control over what could be done within the instances. You are borrowing the server infrastructure of AWS to fulfill your business needs, and you are charged at a rate for this service.

Answer 88

A

The cheapest support plan that offers technical support with an unlimited amount of cases that can be opened is the Developer support plan. Additionally, it provides you access to the 7 core Trusted Advisor checks and the Personal Health Dashboard, where you get a personalized view of the health of AWS services, and alerts when your resources are impacted.

Answer 89

A

AWS Certificate Manager (ACM) handles the complexity of creating, storing, and renewing public SSL/TLS X.509 certificates and keys that protect your AWS websites and applications. You can provide certificates for supported AWS services either by issuing them directly with ACM or by importing third-party certificates into the ACM management system. ACM certificates can secure multiple domain names and multiple names within a domain.

ACM is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

You can use IAM as a certificate manager only when you must support HTTPS connections in a region not supported by ACM. IAM securely encrypts your private keys and stores the encrypted version in IAM SSL certificate storage. IAM supports deploying server certificates in all Regions, but you must obtain your certificate from an external provider for use with AWS.

Answer 90

A

Amazon WorkSpaces is a managed, secure Desktop-as-a-Service (DaaS) solution where you provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe.

For both Windows and Amazon Linux WorkSpaces, each WorkSpace is associated with a virtual private cloud (VPC), and a directory to store and manage information for your WorkSpaces and users. Directories are managed through the AWS Directory Service, which offers the following options: Simple AD, AD Connector, or AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD.

Answer 91

A

AWS Cloud9

Answer 92

A

Cost Optimization focuses on avoiding un-needed costs. Key topics include understanding and controlling where money is being spent, selecting the most appropriate and right number of resource types, analyzing spending over time, and scaling to meet business needs without overspending.

Answer 93

A

Performance Efficiency

Answer 94

A

Operational Excellence

Answer 95

A

Reliability

Answer 96

A

Static asset caching – speed up the delivery of your static content to viewers across the globe.

Live & on-demand video streaming – multiple options for streaming your media – both pre-recorded files and live events at sustained, high throughput required for 4K delivery to global viewers.

Security – integrates seamlessly with AWS Shield for Layer 3/4 DDoS mitigation and AWS WAF for Layer 7 protection.

Customizable content delivery with Lambda@Edge – run your code across AWS locations globally, allowing you to respond to your end-users at the lowest latency and allowing you to personalize content.

Dynamic content & API acceleration – secure and accelerate your WebSocket traffic as well as API calls.

Software distribution – scales automatically as globally-distributed clients download software updates.

Answer 97

A

Amazon AppStream 2.0 is a fully managed application streaming service that provides users with instant access to their desktop applications from anywhere. AppStream 2.0 manages the AWS resources required to host and run your applications, scales automatically, and provides access to your users on demand. AppStream 2.0 provides users access to the applications they need on the device of their choice, with a responsive, fluid user experience that is indistinguishable from natively installed applications.

Amazon AppStream 2.0 provides the following advantages:

– Access desktop applications securely from any supported device

– Secure applications and data

– Consistent, scalable performance

– Integrate with your IT environment

– Choose the fleet type that meets your needs

Answer 98

A

With Amazon S3, you pay only for the storage you use, with no minimum fee. Prices are based on the location of your Amazon S3 bucket. When you begin to estimate the cost of Amazon S3, consider the following:

Storage – Costs vary with the number and size of objects stored in your Amazon S3 buckets as well as the type of storage.

Requests – The number and type of requests. GET requests incur charges at different rates than other requests, such as PUT and COPY requests.

Data transfer – The amount of data transferred out of the Amazon S3 region.

Given these pricing parameters, data transferred into Amazon S3 are not charged by AWS. The action of uploading objects, therefore, should not incur data transfer costs

Answer 99

A

AWS Cost Anomaly Detection helps you detect and alert on any abnormal or sudden spend increases in your AWS account. This is possible by using machine learning to understand your spend patterns and trigger alert as they seem abnormal. It also allows you to segment your spend by different dimensions (AWS Services, Linked Accounts, Cost Allocation Tags, and Cost Categories). This segmentation allows Cost Anomaly Detection to detect more granular anomalies and customize alerting preferences.

Using AWS Cost Anomaly Detection has the following advantages:

– Receive individual alerts in aggregated reports via email or Amazon SNS topic.

– Use machine learning methods to evaluate your spending patterns in order to reduce false positive alerts.

– Investigate and identify the root cause of the anomaly, such as the AWS account, service, Region, or usage type that is causing the cost increase.

– Define how your costs will be calculated. Select whether to analyze all of your AWS services individually or by member accounts, cost allocation tags, or cost categories.

The detection of anomalies is based on data from Cost Explorer, which has a latency of up to 24 hours. Any monitor requires at least 10 days of historical usage data to detect anomalies.

Answer 100

A

AWS Savings Plan is a flexible pricing model that saves up to 72 percent on Amazon EC2, AWS Fargate, and AWS Lambda usage. Savings Plans provides you lower prices for your Amazon EC2 usage, Fargate, and Lambda in exchange for a commitment to a consistent usage amount (measured in $/hour) for a one or three-year term.

Savings Plans Types:

– Compute Savings Plans provide the most flexibility and prices of up to 66 percent off on-Demand rates. These plans automatically apply to your EC2 instance usage, regardless of instance family, instance sizes, region, operating system, or tenancy.

– EC2 Instance Savings Plans provide savings up to 72 percent off On-Demand, in exchange for a commitment to a specific instance family in a chosen AWS Region.

Answer 101

A

The OAI is a virtual user identity that will be used to give your CloudFront distribution permission to fetch a private object from your origin server.

You can restrict access to content that you serve from Amazon S3 buckets by configuring this to your services:

Create a special CloudFront user called an origin access identity (OAI) and associate it with your distribution.
Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users. Make sure that users can’t use a direct URL to the S3 bucket to access a file there.
After the S3 and CloudFront configuration, your users can only access your files through CloudFront and not directly from the S3 bucket.

Answer 102

A

AWS Transit Gateway connects VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once.

Without a central hub, the network complexity increases with scale. You must maintain routing tables within each VPC and connect to each onsite location using separate network gateways. But if you use a centralized hub, your network is more streamlined and scalable. AWS Transit Gateway routes all traffic to and from each VPC or VPN, and you have one place to manage and monitor it all.

Answer 103

A

available for
EC2
Amazon Relational Database Service (Amazon RDS),
Amazon ElastiCache,
Amazon Redshift,
Amazon DynamoDB.

Answer 104

A

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

AWS Artifact is incorrect because this simply acts as a central resource for compliance-related information. It provides on-demand access to AWS’ security and compliance reports and select online agreements. It does not, however, monitor the compliance status of your AWS resources and alerts you when there are deviations from your set guidelines.

Answer 105

A

AWS offers services that integrate application deployment and management across on-premises and cloud environments for a robust hybrid architecture. Below are the following services that you can use to manage or deploy applications to your servers running on-premises:

OpsWorks – AWS OpsWorks is a configuration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef and Puppet.

CodeDeploy – AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier to rapidly release new features, avoids downtime during application deployment, and handles the complexity of updating applications.

Brainscape's Knowledge GenomeTM

Practice Test Questions Flashcards

Brainscape's Knowledge Genome^TM