Questions gotten wrong Flashcards
Which tasks are the customer’s responsibility according to the AWS shared responsibility model? (Select TWO.)
- Patch the OS that AWS Lambda functions use.
- Install patches on Amazon RDS DB instances
- Control physical access to the data center that contains a customer’s VPC
- Configure IAM users according to the principle of least privilege
- Configure an Amazon S3 bucket to allow public access.
- Configure IAM users according to the principle of least privilege
AWS provides AWS Identity and Access Management (IAM) as a service. The customer defines IAM users and the access policies that apply to those users. - Configure an Amazon S3 bucket to allow public access.
The customer determines access permissions to S3 buckets that the customer owns.
A company wants to establish a consistent and private connection from the company’s on-prem data center to the AWS Cloud
Which AWS service will meet theses requirements?
AWS Direct Connect
Direct Connect links your internal network to a Direct Connect location through a standard Ethernet fiber-optic cable. One end of the cable connects to your router. The other end of the cable connects to a Direct Connect router. AWS Direct Connect is consistent and private because your company is the only user of the cable.
A company has an on-prem Linux-based server with an Oracle DB that runs on it. The company wants to migrate the DB server to run on an Amazon EC2 instance in AWS.
Which service should the company use to complete this migration?
AWS Application Migration Service (AWS MGN)
AWS MGN is an automated lift-and-shift solution. This solution can migrate physical servers and any databases or applications that run on them to EC2 instances in AWS.
Which statement best describes security groups?
- They are stateful and deny all inbound traffic by default.
- They are stateful and allow all inbound traffic by default.
- They are stateless and deny all inbound traffic by default
- They are stateless and allow all inbound traffic by default.
They are stateful and deny all inbound traffic by default.
Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance.
By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs.
Which statement or statements are TRUE about Amazon EBS volumes and Amazon EFS file systems?
- EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones.
- EBS volumes store data across multiple Availability Zones. Amazon EFS file systems store data within a single Availability Zone.
- EBS volumes and Amazon EFS file systems both store data within a single Availability Zone.
- EBS volumes and Amazon EFS file systems both store data across multiple Availability Zones.
- EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones.