Q Gotten Wrong

Question 1

How are NACL rules evaluated?

Answer 1

From the lowest numbered rule to the highest. Once a match is found, it is applied immediately regardless of what higher numbered rules say

Question 2

When can you change the security group of an instance?

Answer 2

When it is in the running or stopped state

Question 3

What is S3 notifications?

Answer 3

A feature that enables you to receive notifications when certain events happen in your bucket

Question 4

Where should you store certification certificates?

Answer 4

AWS Artifact

Question 5

Where should you store SSL Certificates?

Answer 5

AWS Certificate Manager

Question 6

What service can provide temporary security credentials?

Answer 6

AWS Security Token Service (STS)

Question 7

What is Amazon MSK?

Answer 7

A service meant for applications that currently use or are going to use Apache Kafka for messaging

Question 8

What is the most efficient way to automate EC2 instance monitoring and maintenance when the instances report health check failures?

Answer 8

Create an Amazon Cloudwatch alarm that monitors an Amazon EC2 instance and automatically reboots the instance if a health check fails.

Question 9

What is a cron job?

Answer 9

It allows users to schedule a task or command to run automatically at a specified time and interval, without the need for user interaction.

Question 10

What is Amazon’s immutable and cryptographically verifiable database solution?

Answer 10

Amazon Quantum Ledger Database

Question 11

What is Amazon Neptune?

Answer 11

a fully managed graph database service offered by Amazon Web Services (AWS). It is designed to store and query highly connected data, such as social networking, recommendation engines, and knowledge graphs, using graph theory.

Question 12

What is Amazon AppFlow?

Answer 12

a fully managed service for easily automating the exchange of data between SaaS vendors and AWS services like Amazon S3. You can transfer up to 100 gibibytes per flow

Question 13

What is Amazon EKS?

Answer 13

Elastic Kubernetes Service is a fully managed service offered by Amazon Web Services (AWS) for deploying, scaling, and managing Kubernetes clusters. Kubernetes is an open-source container orchestration platform used for automating the deployment, scaling, and management of containerized applications.

Question 14

What can you append to a URL to review scripts used to bootstrap instances at runtime?

Answer 14

user-data/

Question 15

If you need synchronous data replication for a RDS database, what should you do?

Answer 15

RDS Multi-AZ

Question 16

Should OLAP workloads or OLTP workloads go in DynamoDB?

Answer 16

OLTP; OLAP workloads usually need a relational database

Question 17

What is AWS Step Functions?

Answer 17

Using AWS Step Functions, developers can create workflows that coordinate the execution of AWS Lambda functions, EC2 instances, Fargate containers, and other AWS services, as well as custom applications and services running on-premises or in other clouds.

Question 18

What is AWS Step Functions?

Answer 18

Using AWS Step Functions, developers can create workflows that coordinate the execution of AWS Lambda functions, EC2 instances, Fargate containers, and other AWS services, as well as custom applications and services running on-premises or in other clouds.

Question 19

If you want a low stress way to deploy and manage applications in the AWS Cloud, what should you use?

Answer 19

Elastic Beanstalk

Question 20

If you want a low stress way to deploy and manage applications in the AWS Cloud, what should you use?

Answer 20

Elastic Beanstalk

Question 21

When an auto-scaling group begins to scale in, what instance does it terminate first?

Answer 21

The instance launched from the oldest launch configuration

Question 22

What type of load balancer best handles very very high traffic and can maintain high throughput at low latency?

Answer 22

Network Load Balancer

Question 23

Can AWS Cost and Usage Reports automatically store updated reports in S3?

Answer 23

Yes

Question 24

If you need to stop instances that have been idle for long periods of time, what service should you use?

Answer 24

CloudWatch

Question 25

Can you delete the default security group? Can you change the group’s rules?

Answer 25

No, Yes

Question 26

What service can help ensure all your firewall rules across multiple accounts and regions are consistent?

Answer 26

AWS Firewall Manager

Question 27

Is each subnet associated with one security group?

Answer 27

No

Question 28

Must each subnet reside entirely within one AZ?

Answer 28

Yes

Question 29

How many subnets that you create get associated with the main route table for the VPC?

Answer 29

Every

Question 30

What is the best way you speed up the transfer of data to an S3 bucket?

Answer 30

Use Transfer Acceleration

Question 31

How many security groups can be attached to an EC2 instance?

Answer 31

5

Question 32

What is Amazon Macie?

Answer 32

a fully managed data security and data privacy service that utilizes machine learning and pattern matching

Question 33

What service can help store data in a secure manner and analyze said data and send alerts depending on whether the data is improperly stored?

Answer 33

Amazon Macie

Question 34

if you want to identify the root cause of potential security issues, what should you use?

Answer 34

Amazon Detective

Question 35

Can you modify or delete the * All Traffic Deny rule in NACL’S?

Answer 35

No

Question 36

What is the best way to grant permissions to AWS services?

Answer 36

Create an IAM Role that you attach

Question 37

Can you change the rules on the default network ACL?

Answer 37

Yes

Question 38

if you need multiple versions of a launch template or configuration, which service should you use?

Answer 38

launch templates

Question 39

if you need multiple versions of a launch template or configuration, which service should you use?

Answer 39

launch templates

Question 40

Do private IP addresses need to be globally unique?

Answer 40

No

Question 41

What step can you take with your database to configure high-availability and ensure minimal downtime?

Answer 41

Enable Multi-AZ failover

Question 42

Your EC2 workloads need low-latency network performance, high network throughput, and a tightly-coupled node-to-node communication. What’s the best measure you can do to ensure this throughput?

Answer 42

Launch your instances in a cluster placement group

Question 43

It’s important that each request is processed only 1 time, should you use SQS FIFO or SQS Standard?

Answer 43

SQS FIFO

Question 44

What is the SQS FIFO batch limit?

Answer 44

3000

Question 45

What is the SQS FIFO batch limit?

Answer 45

3000

Question 46

If high-speed querying is very important, what database should you use?

Answer 46

DynamoDB

Question 47

How long is the default Auto Scaling Group cooldown?

Answer 47

5 minutes

Question 48

What is AWS Athena?

Answer 48

a serverless query service provided by Amazon Web Services (AWS). It allows you to analyze and query data that is stored in Amazon S3 using SQL (Structured Query Language), without the need to manage any infrastructure or servers.

Question 49

Can AWS Redshift hold session state data?

Answer 49

No

Question 50

Should you assign roles or hard code credentials in to give access to resources?

Answer 50

assign roles

Question 51

Which AWS service allows you to kick off the collection of metrics and generate recommendations for incorrectly sized EC2 instances?

Answer 51

AWS Compute Optimizer

Question 52

How can you communicate with DynamoDB or S3 without traversing the internet or leaving the Amazon Network?

Answer 52

Use VPC endpoints

Question 53

You need to ensure that your RDS database can only be accessed using the profile credentials specific to your EC2 instances (via an authentication token). How can you achieve this?

Answer 53

Using IAM database authentication

Question 54

You need to ensure that your RDS database can only be accessed using the profile credentials specific to your EC2 instances (via an authentication token). How can you achieve this?

Answer 54

Using IAM database authentication

Question 55

You have been asked to implement a Cloud Security Posture Management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation. Which AWS service would meet this requirement?

Answer 55

AWS Security Hub

Question 56

What is AWS’s Cloud Security Posture Management service?

Answer 56

AWS Security Hub

Question 57

What is port 22 for?

Answer 57

Port 22 is typically used for the Secure Shell (SSH) protocol, which is a network protocol used for secure remote access to a computer system.

Question 58

What is port 88 for?

Answer 58

Port 88 is a network authentication protocol that provides secure communication between clients and servers.

Question 59

What is 443 for?

Answer 59

Port 443 is typically used for HTTPS (Hypertext Transfer Protocol Secure)

Question 60

How can you provide temporary access to the public for your S3 buckets?

Answer 60

Presigned URL’s with expiration dates

Question 61

You want to have a centralized method of storing AWS CloudTrail logs for all accounts and alert on any notifications regarding compliance violations with AWS services in the member accounts. What solution would be the best fit for this scenario?

Answer 61

AWS Control Tower that utilizes SNS Notifications

Question 62

What is AWS Service Catalog?

Answer 62

IT administrators can select which AWS services, third-party applications, and IT services they want to make available to their users, define the configuration options for each service, and then publish the catalog to their users.

Question 63

What is AWS Control Tower?

Answer 63

allows you to implement account governance and compliance enforcement for an AWS organization.

Question 64

If you need to attach a volume to multiple instances, what should you use?

Answer 64

Amazon EBS Multi-Attach

Question 65

Can Lambda be used to automatically handle bursts in traffic?

Answer 65

Yes as Lambda can be invoked many times simultaneously

Question 66

What is CloudFront Origin Access Indentity?

Answer 66

This is used for authentication internally between S3 and CloudFront

Question 67

You need to provide access to hundreds of private files served by your CloudFront distribution. What should you use?

Answer 67

CloudFront signed cookies

Question 68

If you need a fixed IP address, what should you create?

Answer 68

An elastic IP Address

Question 69

If you need to store and retireve objects in Amazon S3 using industry standard-file protocols such as Network File System and Server Message Block, what service should you use?

Answer 69

AWS File Gateway

Question 70

Does SQS scale automatically?

Answer 70

Yes

Question 71

What AWS service would you recommend to use for MongoDB?

Answer 71

Amazon DocumentDB

Question 72

What EBS Volume type gives you the highest performance in terms of IOPS?

Answer 72

EBS Provisioned IOPS SSD (io2 Block Express)

Question 73

What EBS Volume type gives you the highest performance in terms of IOPS?

Answer 73

EBS Provisioned IOPS SSD (io2 Block Express)

Question 74

If you need a database that allows constant updates to schemas without any downtime or performance issues, what database should you use?

Answer 74

DynamoDB

Question 75

What is a Cassandra compatible AWS database?

Answer 75

Amazon Keyspaces

Question 76

Is Aurora Serverless a cost effective solution?

Answer 76

Yes

Question 77

Is Lambda a cost effective solution?

Answer 77

Yes

Question 78

Can Macie scan images for vulnerabilties?

Answer 78

No

Question 79

Must an S3 bucket name always be the same as the domain name if you are hosting a static website?

Answer 79

Yes

Question 80

You need a service that support RabbitMQ or Apache ActiveMQ, what should you use?

Answer 80

Amazon MQ

Question 81

What does AWS Batch Manager do?

Answer 81

Nothing, it isnt a service (AWS Batch is but not Batch Manager)

Question 82

What can Amazon X-Ray do?

Answer 82

identify and diagnose issues with your applications, such as latency, errors, or other performance bottlenecks.

Question 83

What can Amazon X-Ray do?

Answer 83

identify and diagnose issues with your applications, such as latency, errors, or other performance bottlenecks.

Question 84

Can Lambda help provision architecture?

Answer 84

No

Question 84

Can Lambda help provision architecture?

Answer 84

No

Question 85

What is Amazon Pinpoint?

Answer 85

allows users to easily engage millions of customers via different communication channels. The service also offers the ability to leverage machine learning models to better understand customer interactions for future engagements

Question 86

What is DynamoDB streams?

Answer 86

a feature of Amazon Web Services (AWS) DynamoDB that provides a time-ordered sequence of item-level changes made to a DynamoDB table.

Question 87

If you need a gateway able to interface with iSCSI, what should you use?

Answer 87

Volume Gateway

Question 88

Can you assign a static IP address to an application load balancer?

Answer 88

No

Question 89

Can you assign a static IP address to a network load balancer?

Answer 89

Yes

Question 90

What happens when the primary database in Aurora fails?

Answer 90

Aurora automatically fails over by either promoting an existing Aurora Replica to the new primary instance or creating a new primary instance.

Question 91

What is the best way to automatically back up EBS volumes?

Answer 91

Use Amazon Data Lifecycle Manager to automate the creation of EBS snapshots.

Question 92

From least expensive to most expensive, list the AWS Support Service Teirs

Answer 92

Developer, Business, Enterprise

Question 93

What is the most cost effective EBS volume for sequential I/O operations?

Answer 93

Cold HDD

Question 94

If you want to use Apache Kafka with AWS, what service should you utilize?

Answer 94

Amazon MSK

Question 95

What is Amazon Lex?

Answer 95

allows you to build conversational interfaces in your applications using natural-language models.