Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS CLF-C01 > Quiz Questions > Flashcards

Quiz Questions Flashcards

1
Q

Amazon Web Services

What is cloud computing?

A

On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Amazon Web Services

What does it mean to be ‘serverless’?

A

You cannot see or access the underlying infrastructure.

You don’t need to maintain the servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Amazon Web Services

What is another name for on-premises deployment?

  1. Private cloud deployment
  2. Cloud-based application
  3. Hybrid deployment
  4. AWS Cloud
A

Private cloud deployment.

The other response options are incorrect because:

  • Cloud-based applications are fully deployed in the cloud and do not have any parts that run on premises.
  • A hybrid deployment connects infrastructure and applications between cloud-based resources and existing resources that are not in the cloud, such as on-premises resources. However, a hybrid deployment is not equivalent to an on-premises deployment because it involves resources that are located in the cloud.
  • The AWS Cloud offers three cloud deployment models: cloud, hybrid, and on-premises. This response option is incorrect because the AWS Cloud is not equivalent to only an on-premises deployment.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Amazon Web Services

What are the three cloud deployment models offered by AWS Cloud?

A
  1. Cloud
  2. Hybrid
  3. On-premises
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Amazon Web Services

What is a hybrid deployment?

A

A hybrid deployment connects infrastructure and applications between cloud-based resources and existing resources that are not in the cloud, such as on-premises resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Amazon Web Services

How does the scale of cloud computing help you to save costs?

A

The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.

Customers can benefit from massive economies of scale in cloud computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Compute in the Cloud

What does EC2 Stand for?

A

Amazon Elastic Compute Cloud (Amazon EC2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Compute in the Cloud

Name the 5 EC2 Instance Families / Types

A
  1. General purpose
  2. Compute optimised
  3. Memory optimised
  4. Accelerated computing
  5. Storage optimised
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Compute in the Cloud

You want to use an Amazon EC2 instance for a batch processing workload.

What would be the best Amazon EC2 instance type to use?

A

Compute Optimized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Compute in the Cloud

You want to use an Amazon EC2 instance for game or application streaming.

What would be the best Amazon EC2 instance type to use?

A

Accelerated Computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Compute in the Cloud

You want to use an Amazon EC2 instance for a high-performance database or processing large amounts of data.

What would be the best Amazon EC2 instance type to use?

A

Memory Optimized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Compute in the Cloud

You want to use an Amazon EC2 instance for read and write access to large datasets

What would be the best Amazon EC2 instance type to use?

A

Storage Optimized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Compute in the Cloud

Name the 5 Amazon EC2 pricing Models

A
  1. On-Demand Instances
  2. Amazon EC Savings Plans
  3. Reserved Instances
  4. Spot Instances
  5. Dedicated Hosts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Compute in the Cloud

What is the most expensive EC2 Pricing model?

A

Dedicated Hosts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Compute in the Cloud

What are the 2 contract length options for Amazon EC2 Reserved Instances?

  1. 1 year
  2. 2 years
  3. 3 years
  4. 4 years
  5. 5 years
A

1 and 3 years

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Compute in the Cloud

You have a workload that will run for a total of 6 months and can withstand interruptions.

What would be the most cost-efficient Amazon EC2 purchasing option?

  1. Reserved Instance
  2. Spot Instance
  3. Dedicated Instance
  4. On-Demand Instance
A

Spot Instance

The other response options are incorrect because:

  • Reserved Instances require a contract length of either 1 year or 3 years. The workload in this scenario will only be running for 6 months.
  • Dedicated Instances run in a virtual private cloud (VPC) on hardware that is dedicated to a single customer. They have a higher cost than the other response options, which run on shared hardware.
  • On-Demand Instances fulfill the requirements of running for only 6 months and withstanding interruptions. However, a Spot Instance would be the best choice because it does not require a minimum contract length, is able to withstand interruptions, and costs less than an On-Demand Instance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Compute in the Cloud

You require dedicated servers with Amazon EC2 instance capacity.

What would be the best Amazon EC2 purchasing option?

  1. Reserved Instance
  2. Spot Instance
  3. Dedicated Instance
  4. On-Demand Instance
A

Dedicated Hosts

The other response options are incorrect because the run on shared servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Compute in the Cloud

Name 3 types of Reservered Instances

A
  1. Standard Reserved
  2. Convertible Reserved
  3. Scheduled Reserved
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Compute in the Cloud

Which AWS service provides the functionality to scale automatically?

A

Amazon EC2 Auto Scaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Compute in the Cloud

What is elasticity?

A

The ability to acquire resources as you need them and release resources when you no longer need them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Compute in the Cloud

Which process is an example of Elastic Load Balancing?

  1. Ensuring that no single Amazon EC2 instance has to carry the full workload on its own
  2. Removing unneeded Amazon EC2 instances when demand is low
  3. Adding a second Amazon EC2 instance during an online store’s popular sale
  4. Automatically adjusting the number of Amazon EC2 instances to meet demand
A

Ensuring that no single Amazon EC2 instance has to carry the full workload on its own

Elastic Load Balancing is the AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances. This helps to ensure that no single resource becomes overutilized.

The other response options are all examples of Auto Scaling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Compute in the Cloud

You want to deploy and manage containerized applications. Which service should you use?

  1. AWS Lambda
  2. Amazon Simple Notification Service (Amazon SNS)
  3. Amazon Simple Queue Service (Amazon SQS)
  4. Amazon Elastic Kubernetes Service (Amazon EKS)
A

Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon EKS is a fully managed Kubernetes service. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale.

The other response options are incorrect because:

  • AWS Lambda is a service that lets you run code without provisioning or managing servers.
  • Amazon Simple Queue Service (Amazon SQS) is a service that enables you to send, store, and receive messages between software components through a queue.
  • Amazon Simple Notification Service (Amazon SNS) is a publish/subscribe service. Using Amazon SNS topics, a publisher publishes messages to subscribers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Compute in the Cloud

You want to send, store and receive messages between software components through a queue. Which service should you use?

A

Amazon Simple Queue Service (Amazon SQS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Compute in the Cloud

You want to publish messages to subscribers. Which service should you use?

A

Amazon Simple Notification Service (Amazon SNS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Global Infrastructure and Reliability

Which statement is TRUE for the AWS global infrastructure?

  1. A Region consists of a single Availability Zone.
  2. An Availability Zone consists of two or more Regions.
  3. A Region consists of two or more Availability Zones.
  4. An Availability Zone consists of a single Region.
A

A Region consists of two or more Availability Zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Global Infrastructure and Reliability

Which factors should be considered when selecting a Region?

(hint: select 2)

  1. Compliance with data governance and legal requirements
  2. Access to the AWS Command Line Interface (AWS CLI)
  3. Access to 24/7 technical support
  4. Ability to assign custom permissions to different users
  5. Proximity to your customers
A
  • Compliance with data governance and legal requirements
  • Proximity to your customers

Two other factors to consider when selecting a Region are pricing and the services that are available in a Region

The other response options are incorrect because:

  • The level of support that you choose is not determined by Region. AWS Support plans are explored later in this course.
  • Assigning custom permissions to different users is a feature that is possible in all AWS Regions.
  • The AWS Command Line Interface (AWS CLI) is available in all AWS Regions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Global Infrastructure and Reliability

Which statement best describes Amazon CloudFront?

  1. A service that enables you to run infrastructure in a hybrid cloud approach
  2. A serverless compute engine for containers
  3. A service that enables you to send and receive messages between software components through a queue
  4. A global content delivery service
A

A global content delivery service

Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.

The other response options are incorrect because:

  • AWS Outposts is a service that enables you to run infrastructure in a hybrid cloud approach.
  • AWS Fargate is a serverless compute engine for containers.
  • Amazon Simple Queue Service (Amazon SQS) is a service that enables you to send, store, and receive messages between software components through a queue.
28
Q

Global Infrastructure and Reliability

Which site does Amazon CloudFront use to cache copies of content for faster delivery to users at any location?

  1. Region
  2. Availability Zone
  3. Edge Location
  4. Origin
A

Edge Location

The other response options are incorrect because:

  • A Region is a separate geographical location with multiple locations that are isolated from each other.
  • An Availability Zone is a fully isolated portion of the AWS global infrastructure.
  • An origin is the server from which CloudFront gets your files. Examples of CloudFront origins include Amazon Simple Storage Service (Amazon S3) buckets and web servers. Note: Amazon S3 is explored later in this course.
29
Q

Global Infrastructure and Reliability

Which action can you perform with AWS Outposts?

  1. Automate actions for AWS services and applications through scripts.
  2. Access wizards and automated workflows to perform tasks in AWS services.
  3. Develop AWS applications in supported programming languages.
  4. Extend AWS infrastructure and services to your on-premises data center.
A

Extend AWS infrastructure and services to your on-premises data center

The other response options are incorrect because:

  • The AWS Command Line Interface (AWS CLI) is used to automate actions for AWS services and applications through scripts.
  • The AWS Management Console includes wizards and workflows that you can use to complete tasks in AWS services.
  • Software development kits (SDKs) enable you to develop AWS applications in supported programming languages.
30
Q

Networking

Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers’ personal information.

How should the developer configure the VPC according to best practices

  1. Place the Amazon EC2 instances in a private subnet and the Amazon RDS database instances in a public subnet.
  2. Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.
  3. Place the Amazon EC2 instances and the Amazon RDS database instances in a public subnet.
  4. Place the Amazon EC2 instances and the Amazon RDS database instances in a private subnet.
A

Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.

A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private.

Public subnets contain resources that need to be accessible by the public, such as an online store’s website.

Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.

31
Q

Networking

Which component can be used to establish a private dedicated connection between your company’s data center and AWS?

  1. Private Subnet
  2. DNS
  3. AWS Direct Connect
  4. Virtual private gateway
A

AWS Direct Connect

The other response options are incorrect because:

  • A private subnet is a section of a VPC in which you can group resources that should be accessed only through your private network. Although it is private, it is not used for establishing a connection between a data center and AWS.
  • DNS stands for Domain Name System, which is a directory used for matching domain names to IP addresses.
  • A virtual private gateway enables you to create a VPN connection between your VPC and a private network, such as your company’s data center. Although this connection is private and encrypted, it travels through the public internet, not through a dedicated connection.
32
Q

Networking

Which statement best describes security groups?

  1. They are stateful and deny all inbound traffic by default.
  2. They are stateful and allow all inbound traffic by default.
  3. They are stateless and deny all inbound traffic by default.
  4. They are stateless and allow all inbound traffic by default.
A

They are stateful and deny all inbound traffic by default

Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance.

By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs.

33
Q

Networking

Which component is used to connect a VPC to the internet?

  1. Public subnet
  2. Edge location
  3. Security group
  4. Internet gateway
A

Internet Gateway

The other response options are incorrect because:

  • A public subnet is a section of a VPC that contains public-facing resources.
  • An edge location is a site that Amazon CloudFront uses to store cached copies of your content for faster delivery to customers.
  • A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.
34
Q

Networking

Which service is used to manage the DNS records for domain names?

  1. Amazon Virtual Private Cloud
  2. AWS Direct Connect
  3. Amazon CloudFront
  4. Amazon Route 53
A

Amazon Route 53

Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that host in AWS.

Another feature of Route 53 is the ability to manage the DNS records for domain names. You can transfer DNS records for existing domain names managed by other domain registrars. You can also register new domain names directly in Route 53.

The other response options are incorrect because:

  • Amazon Virtual Private Cloud (Amazon VPC) is a service that enables you to provision an isolated section of the AWS Cloud. In this isolated section, you can launch resources in a virtual network that you define.
  • AWS Direct Connect is a service that enables you to establish a dedicated private connection between your data center and VPC.
  • Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world.
35
Q

Storage and Databases

When considering Instance Stores and Amazon EBS volumes, for which product is the following statement TRUE:

When stopping or terminating an EC2 instance, data is deleted

A

Instance Stores

36
Q

Storage and Databases

When considering Instance Stores and Amazon EBS volumes, for which product is the following statement TRUE:

When stopping or terminating an EC2 instance, data remains available

A

Amazon EBS Volumes

37
Q

Storage and Databases

When considering Instance Stores and Amazon EBS volumes:

Which is best for data that requires retention?

A

Amazon EBS Volumes

38
Q

Storage and Databases

When considering Instance Stores and Amazon EBS volumes:
Which is best for temporary data that is not kept long term?

A

Instance Stores

39
Q

Storage and Databases

Amazon S3
You want to store data that is infrequently accessed but must be immediately available when needed.

Which Amazon S3 storage class should you use?

A

Amazon S3 Standard-IA

40
Q

Storage and Databases

What are the scenarios in which you should use Amazon Relational Database Service (Amazon RDS)?

(hint: Select 2)

  1. Running a serverless database
  2. Using SQL to organize data
  3. Storing data in a key-value database
  4. Scaling up to 10 trillion requests per day
  5. Storing data in an Amazon Aurora database
A
  • Using SQL to organize data
  • Storing data in an Amazon Aurora database

The other three response options are scenarios in which you should use Amazon DynamoDB.

41
Q

Storage and Databases

Which Amazon S3 storage classes are optimized for archival data?

(hint: Select 2)

  1. Amazon S3 Standard
  2. Amazon S3 Glacier Flexible Retrieval
  3. Amazon S3 Intelligent-Tiering
  4. Amazon S3 Standard-IA
  5. Amazon S3 Glacier Deep Archive
A
  • Amazon S3 Glacier Flexible Retrieval
  • Amazon S3 Glacier Deep Archive

Objects stored in the Amazon S3 Glacier Flexible Retrieval storage class can be retrieved within a few minutes to a few hours. By comparison, objects that are stored in the Amazon S3 Glacier Deep Archive storage class can be retrieved within 12 hours.

The other response options are incorrect because:

  • Amazon S3 Standard is a storage class that is ideal for frequently accessed data, not archival data.
  • Amazon S3 Intelligent-Tiering monitors access patterns of objects and automatically moves them between the Amazon S3 Standard and Amazon S3 Standard-IA storage classes. It is not designed for archival data.
  • Amazon S3 Standard-IA is ideal for data that is infrequently accessed but requires high availability when needed.
42
Q

Storage and Databases

Which point is TRUE about Amazon EBS volumes and Amazon EFS file systems

  1. EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones
  2. EBS volumes store data across multiple Availability Zones. Amazon EFS file systems store data within a single Availability Zone.
  3. EBS volumes and Amazon EFS file systems both store data within a single Availability Zone.
  4. EBS volumes and Amazon EFS file systems both store data across multiple Availability Zones.
A

EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones

An EBS volume must be located in the same Availability Zone as the Amazon EC2 instance to which it is attached.

Data in an Amazon EFS file system can be accessed concurrently from all the Availability Zones in the Region where the file system is located

43
Q

Storage and Databases

You want to store data in an object storage service. Which AWS service is best for this type of storage?

  1. Amazon Managed Blockchain
  2. Amazon Elastic File System (Amazon EFS)
  3. Amazon Elastic Block Store (Amazon EBS)
  4. Amazon Simple Storage Service (Amazon S3)
A

Amazon Simple Storage Service (Amazon S3).

The other response options are incorrect because:

  • Amazon Managed Blockchain is a service that you can use to create and manage blockchain networks with open-source frameworks. Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority.
  • Amazon Elastic File System (Amazon EFS) is a scalable file system used with AWS Cloud services and on-premises resources. It does not store data as object storage.
  • Amazon Elastic Block Store (Amazon EBS) is a service that provides block-level storage volumes that you can use with Amazon EC2 instances.
44
Q

Storage and Databases

Which statement best describes Amazon DynamoDB?

  1. A service that enables you to run relational databases in the AWS Cloud
  2. A serverless key-value database service
  3. A service that you can use to migrate relational databases, nonrelational databases, and other types of data stores
  4. An enterprise-class relational database
A

A serverless key-value database service

Amazon DynamoDB is a key-value database service. It is serverless, which means that you do not have to provision, patch, or manage servers.

The other response options are incorrect because:

  • A service that enables you to run relational databases in the AWS Cloud describes Amazon Relational Database Service (Amazon RDS).
  • A service that you can use to migrate relational databases, nonrelational databases, and other types of data stores describes AWS Database Migration Service (AWS DMS).
  • An enterprise-class relational database describes Amazon Aurora.
45
Q

Storage and Databases

Which service is used to query and analyze data across a data warehouse?

  1. Amazon Redshift
  2. Amazon Neptune
  3. Amazon DocumentDB
  4. Amazon ElastiCache
A

Amazon Redshift

Amazon Redshift is a data warehousing service that you can use for big data analytics. Use Amazon Redshift to collect data from many sources and help you understand relationships and trends across your data.

The other response options are incorrect because:

  • Amazon Neptune is a graph database service. You can use Amazon Neptune to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.
  • Amazon DocumentDB is a document database service that supports MongoDB workloads.
  • Amazon ElastiCache is a service that adds caching layers on top of your databases to help improve the read times of common requests.
46
Q

Security

Which tasks are the responsibility of customers?

(hint: select 2)

  1. Maintaining network infrastructure
  2. Patching software on Amazon EC2 instances
  3. Implementing physical security controls at data centers
  4. Setting permissions for Amazon S3 objects
  5. Maintaining servers that run Amazon EC2 instances
A
  • Patching software on Amazon EC2 instances
  • Setting permissions for Amazon S3 objects

The other three response options are tasks that are the responsibility of AWS.

47
Q

Security

You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to?

(hint: select 2)

  1. IAM users
  2. IAM groups
  3. An individual member account
  4. IAM roles
  5. An organizational unit (OU)
A
  • An individual member account
  • An organizational unit (OU)

In AWS Organizations, you can apply service control policies (SCPs) to the organization root, an individual member account, or an OU. An SCP affects all IAM users, groups, and roles within an account, including the AWS account root user.

You can apply IAM policies to IAM users, groups, or roles. You cannot apply an IAM policy to the AWS account root user.

48
Q

Security

Which tasks can you complete in AWS Artifact?

(hint: select 2)

  1. Access AWS compliance reports on-demand
  2. Consolidate and manage multiple AWS accounts within a central location
  3. Create users to enable people and applications to interact with AWS services and resources
  4. Set permissions for accounts by configuring service control policies (SCPs)
  5. Review, accept, and manage agreements with AWS
A
  • Access AWS compliance reports on-demand
  • Review, accept and manage agreements with AWS

The other response options are incorrect because:

  • Consolidate and manage multiple AWS accounts within a central location- This task can be completed in AWS Organizations.
  • Create users to enable people and applications to interact with AWS services and resources- This task can be completed in AWS Identity and Access Management (IAM).
  • Set permissions for accounts by configuring service control policies (SCPs)- This task can be completed in AWS Organizations.
49
Q

Security

Which statement best describes an IAM policy?

  1. An authentication process that provides an extra layer of protection for your AWS account
  2. A document that grants or denies permissions to AWS services and resources
  3. An identity that you can assume to gain temporary access to permissions
  4. The identity that is established when you first create an AWS account
A
  • A document that grants or denies permissions to AWS services and resources

The other response options are incorrect because:
* Multi-factor authentication (MFA) is an authentication process that provides an extra layer of protection for your AWS account.
* An IAM role is an identity that you can assume to gain temporary access to permissions.
* The root user identity is the identity that is established when you first create an AWS account.

50
Q

Security

An employee requires temporary access to create several Amazon S3 buckets. Which option would be the best choice for this task?

  1. AWS account root user
  2. IAM group
  3. IAM role
  4. Service control policy (SCP)
A

IAM role

An IAM role is an identity that you can assume to gain temporary access to permissions. When someone assumes an IAM role, they abandon all permissions that they had under a previous role and assume the permissions of the new role. IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily instead of long-term.

The other response options are incorrect because:
* The AWS account root user is established when you first create an AWS account. As a best practice, do not use the root user for everyday tasks.
* Although you can attach IAM policies to an IAM group, this would not be the best choice for this scenario because the employee only needs to be granted temporary permissions.
* Service control policies (SCPs) enable you to centrally control permissions for the accounts in your organization. An SCP is not the best choice for granting temporary permissions to an individual employee.

51
Q

Security

What statement best describes the principle of least privilege?

  1. Adding an IAM user into at least one IAM group
  2. Checking a packet’s permissions against an access control list
  3. Granting only the permissions that are needed to perform specific tasks
  4. Performing a denial of service attack that originates from at least one device
A

Granting only the permissions that are needed to perform specific tasks

When you grant permissions by following the principle of least privilege, you prevent users or roles from having more permissions than needed to perform specific job tasks. For example, cashiers in the coffee shop should be given access to the cash register system. As a best practice, grant IAM users and roles a minimum set of permissions and then grant additional permissions as needed.

52
Q

Security

Which service helps protect your applications against distributed denial-of-service (DDoS) attacks?

  1. Amazon GuardDuty
  2. Amazon Inspector
  3. AWS Artifact
  4. AWS Shield
A

AWS Shield

As network traffic comes into your applications, AWS Shield uses a variety of analysis techniques to detect potential DDoS attacks in real time and automatically mitigates them.

The other response options are incorrect because:
* Amazon GuardDuty is a service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.
* Amazon Inspector checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions.
* AWS Artifact is a service that provides on-demand access to AWS security and compliance reports and select online agreements.

53
Q

Security

Which task can AWS Key Management Service (AWS KMS) perform?

  1. Configure multi-factor authentication (MFA)
  2. Update the AWS account root user password
  3. Create cryptographic keys
  4. Assign permissions to users and groups
A

Create cryptographic keys

AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

The other response options are incorrect because:
* You can configure multi-factor authentication (MFA) in AWS Identity and Access Management (IAM).
* You can update the AWS account root user password in the AWS Management Console.
* You can assign permissions to users and groups in AWS Identity and Access Management (IAM).

54
Q

Monitoring and Analytics

What is Amazon CloudWatch?

A

A web service that enables you to monitor and manage various metrics and configure alarms based on the data from those metrics.

55
Q

Monitoring and Analytics

What is Amazon CloudTrail?

A

Records API calls for your account, providing a complete history of user activity and API calls for your applications and resources.

56
Q

Monitoring and Analytics

What is AWS Trusted Advisor?

A

A web service that inspects your AWS environment against 5 categories and best practices and provides recommended actions.

57
Q

Monitoring and Analytics

Which tasks can you perform using AWS CloudTrail?

(hint: select 2)

  1. Monitor your AWS infrastructure and resources in real time
  2. Track user activities and API requests throughout your AWS infrastructure
  3. View metrics and graphs to monitor the performance of resources
  4. Filter logs to assist with operational analysis and troubleshooting
  5. Configure automatic actions and alerts in response to metrics
A
  • Track user activities and API requests throughout your AWS infrastructure
  • Filter logs to assist with operational analysis and troubleshooting

The other response options are tasks that you can perform in Amazon CloudWatch.

58
Q

Monitoring and Analytics

Which tasks can you perform using AWS CloudWatch?

(hint: select 2)

  1. Monitor you resources’ utilization and performance
  2. Receive real-time guidance for improving your AWS environment
  3. Compare your infrastructure to AWS best practices in five categories
  4. Access metrics from a single dasboard
  5. Automatically detect unusual account activity
A
  • Monitor your resources’ utilization and performance
  • Access metrics from a single dashboard

The other response options are incorrect because:

  • Receiving real-time recommendations for improving your AWS environment can be performed by AWS Trusted Advisor.
  • Comparing your infrastructure to AWS best practices in five categories can be performed by AWS Trusted Advisor.
  • Automatically detecting unusual account activity can be performed by AWS CloudTrail.
59
Q

Monitoring and Analytics

Which service enables you to review the security of your Amazon S3 buckets by checking for open access permissions?

  1. Amazon CloudWatch
  2. AWS CloudTrail
  3. AWS Trusted Advisor
  4. Amazon GuardDuty
A

AWS Trusted Advisor

AWS Trusted Advisor is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. The inspection includes security checks, such as Amazon S3 buckets with open access permissions.

The other response options are incorrect because:

  • Amazon CloudWatch is a web service that enables you to monitor and manage various metrics for the resources that run your applications.
  • AWS CloudTrail is a web service that enables you to review details for user activities and API calls that have occurred within your AWS environment.
  • Amazon GuardDuty is a service that provides intelligent threat detection for your AWS environment and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.
60
Q

Monitoring and Analytics

Which categories are included in the AWS Trusted Advisor dashboard?

(hint: there are 5 - CPSFS)

Can People Secure Fast Services?

A

The 5 categories are:
* Cost optimization
* Performance
* Security
* Fault Tolerance
* Service Limits

61
Q

Pricing and Support

The AWS Free Tier includes offers that are available to new AWS customers for a certain period of time following their AWS sign-up date. What is the duration of this period?

A

12 Months

The AWS Free Tier consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials.

62
Q

Priing and Support

Which action can you perform with consolidated billing?

  1. Review how much cost your predicted AWS usage will incur by the end of the month.
  2. Create an estimate for the cost of your use cases on AWS.
  3. Combine usage across accounts to receive volume pricing discounts.
  4. Visualize and manage your AWS costs and usage over time.
A

Combine usage across accounts to receive volume pricing discounts.

The other response options are incorrect because:

  • Review how much cost your predicted AWS usage will incur by the end of the month - You can perform this action in AWS Budgets.
  • Create an estimate for the cost of your use cases on AWS - You can perform this action in AWS Pricing Calculator.
  • Visualize and manage your AWS costs and usage over time - You can perform this action in AWS Cost Explorer.
63
Q

Pricing and Support

Which pricing tool is used to visualize, understand, and manage your AWS costs and usage over time?

  1. AWS Pricing Calculator
  2. AWS Budgets
  3. AWS Cost Explorer
  4. AWS Free Tier
A

AWS Cost Explorer

AWS Cost Explorer includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level.

The other response options are incorrect because:

  • AWS Pricing Calculator enables you to create an estimate for the cost of your use cases on AWS.
  • AWS Budgets enables you to create budgets to plan your service usage, service costs, and instance reservations. In AWS Budgets, you can also set custom alerts when your usage exceeds (or is forecasted to exceed) the budgeted amount.
  • The AWS Free Tier is a program that consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials.
64
Q

Pricing and Support

Which pricing tool enables you to receive alerts when your service usage exceeds a threshold that you have defined?

  1. Billing dashboard in the AWS Management Console
  2. AWS Budgets
  3. AWS Free Tier
  4. AWS Cost Explorer
A

AWS Budgets

In AWS Budgets, you can set custom alerts that will notify you when your service usage exceeds (or is forecasted to exceed) the amount that you have budgeted.

Your budget can be based on costs or usage. For example, you can set an alert that will notify you when you have incurred $100.00 of costs in Amazon EC2 or 500,000 requests in AWS Lambda.

The other response options are incorrect because:

  • From the billing dashboard in the AWS Management Console, you can view details on your AWS bill, such as service costs by Region, month to date spend, and more. However, you cannot set alerts from the billing dashboard.
  • The AWS Free Tier is a program that consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials.
  • AWS Cost Explorer is a tool that enables you to visualize, understand, and manage your AWS costs and usage over time.
65
Q

Pricing and Support

Your company wants to receive support from an AWS Technical Account Manager (TAM). Which support plan should you choose?

  1. Developer
  2. Enterprise
  3. Basic
  4. Business
A

Enterprise

A Technical Account Manager (TAM) is available only to AWS customers with the Enterprise On-Ramp and Enterprise Support plans. A TAM provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications.

66
Q

Pricing and Support

Which service or resource is used to find third-party software that runs on AWS?

  1. AWS Marketplace
  2. AWS Free Tier
  3. AWS Support
  4. Billing dashboard in the AWS Management Console
A

AWS Marketplace

AWS Marketplace is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS.

The other response options are incorrect because:

  • The AWS Free Tier consists of offers that allow customers to use AWS services without incurring costs. These offers are related to AWS services, not third-party software that can be used on AWS.
  • AWS Support is a resource that can answer questions about best practices, assist with troubleshooting issues, help you to identify ways to optimize your use of AWS services, and so on.
  • You can use the billing dashboard in the AWS Management Console to view details such as service costs by Region, the top services being used by your account, and forecasted billing costs. From the billing dashboard, you can also access other AWS billing tools, such as AWS Cost Explorer, AWS Budgets, and AWS Budgets Reports.

AWS CLF-C01 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions