Random questions Flashcards

Question 1

Q

Which of the following allows you to Watch a single metric over a time period that you specify, and perform one or more actions based on the value of the metric relative to a given threshold over a number of time periods.

a. Amazon Managed Grafana
b. Amazon CloudTrail
c. Amazon Cloudwatch
d. Amazon Redshift

Answer

A

Ans C

Amazon Managed Grafana does allow for you to watch metrics in a dashboard, but cloudwatch
allows you to set given thresholds for selected metrics and have an alert message your or do something when the alert triggers.

Question 2

Q

Which of the following is not a design principles for operational excellence in the cloud according to the well architected framework pillars:

a. Perform operations as code
b. Make frequent, small, reversible changes
c. Refine operations procedures frequently
d. Anticipate and adopt new, more efficient hardware and software offerings
e. Learn from all operational failures

Answer

A

Answer d is actually one of the six design principles for sustainability in the cloud

Question 3

Q

Which one of the following is not a feature or benefit
of the AWS budgets?

a. monitor your aggregate utilization and coverage metrics for your Reserved Instances (RIs) or Savings Plans
b. enable simple-to-complex cost and usage tracking
c. set up optional notifications that warn you if you exceed, or are forecasted to exceed, your budgeted amount for cost or usage
d. Allows you to share the budgets by using a url link provided

Answer

A

Ans: d
This is actually something you can do with cost explorer

Question 4

Q

Which one of the following is not a feature or benefit
of the AWS pricing calculator?

a. Allows you to share the estimates by using a url link provided
b. Allows you to compare actual vs. budgeted use
c. You can use it to model your solutions before building them
d. Allows you to view prices of AWS services
e. It is a web-based planning tool

Answer

A

Ans. b
this is actually something you can do with AWS budgets

Question 5

Q

Which one of the following is not included in the business
support plan?

a. Response time for Production system down: < 1 hour
b. access to a technical account manager with expertise in all AWS services
c. Response time for System impaired: < 12 hours
d. All TrustedAdvisor checks

Answer

A

Ans. b
Only the enterprise level support plans have access to a TAM.

Question 6

Q

Which one of the following is not a pillar of the Well architected
architecture?

a. cost optimization
b. sustainability
c. Reliability
d. monitoring and reporting

Answer

A

Ans. d

Pillar 1: Operational Excellence
Pillar 2: Security
Pillar 3: Reliability
Pillar 4: Performance Efficiency
Pillar 5: Cost Optimization
Pillar 6: Sustainability

Question 7

Q

Which are the three elements of the AWS global infrastructure?

a. Availability Zones
b. Edge Locations
C. Regions
d. Hybrid locations

Answer

A

A, B and C
Availability Zones - discrete data centers each with their own power, servers, networking
Edge Locations - points of presence, located in various cities around the world. Cloudfront leverages these edge locations
Regions - physical geographical locations

Question 8

Q

Which of the following are categories of recommedations
provided by AWS trusted Advisor? (choose three)

a. cost optimization
b. fault tolerance
c. performance
d. least privilege access
e. high availability

Answer

A

Ans. a, b and c

Know the categories of trusted advisor

Cost optimization
Performance
Security
Fault tolerance
Service limits

Question 9

Q

Which of the following are categories of AWS Trusted Advisor? (Choose two.)
A. Fault Tolerance
B. Instance Usage
C. Infrastructure
D. Performance
E. Storage Capacity

Answer

A

AD
Like your customized cloud expert, AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: cost optimization, performance, security, fault tolerance and service limits.

Question 10

Q

AWS CAF groups its capabilities in six perspectives, which of the following is a perspective (choose three)

a. Business
b. People
c. cost
d. Governance
e. regions

Answer

A

A, b, and d

AWS CAF groups its capabilities in six perspectives: Business, People, Governance, Platform, Security, and Operations.

Question 11

Q

Which one of the following is a set of capabilities that functionally related stakeholders own or manage in the cloud transformation journey?

A. AWS Config
B. AWS CAF
C. AWS Well architected framework
D. AWS Organizations
E. AWS pillars of excellence

Answer

A

B
AWS CAF groups its capabilities in six perspectives: Business, People, Governance, Platform, Security, and Operations. Each perspective comprises a set of capabilities that functionally related stakeholders own or manage in the cloud transformation journey.

Question 12

Q

True or False
You would use the AWS CAF to identify and prioritize transformation opportunities, evaluate and improve your cloud readiness, and iteratively evolve your transformation roadmap.

Answer

A

True
The AWS Cloud Adoption Framework (AWS CAF) leverages AWS experience and best practices to help you digitally transform and accelerate your business outcomes through innovative use of AWS.

Question 13

Q

Which of the follow AWS CAF perspectives serves as a bridge between technology and business, accelerating the cloud journey to help organizations more rapidly evolve to a culture of continuous growth, learning, and where change becomes business-as-normal, with focus on culture, organizational structure, leadership, and workforce.

A. Business
B. People
C. Governance
D. Platform
E. Operations

Answer

A

B People
The People perspective serves as a bridge between technology and business, accelerating the cloud journey to help organizations more rapidly evolve to a culture of continuous growth, learning, and where change becomes business-as-normal, with focus on culture, organizational structure, leadership, and workforce. Common stakeholders include CIO, COO, CTO, cloud director, and cross-functional and enterprise-wide leaders.

Question 14

Q

Which one of the follow AWS CAF perspective helps you orchestrate your cloud initiatives while maximizing organizational benefits and minimizing transformation-related risks.

A. Business
B. People
C. Governance
D. Platform
E. Operations
F. Security

Answer

A

C
The Governance perspective helps you orchestrate your cloud initiatives while maximizing organizational benefits and minimizing transformation-related risks. Common stakeholders include chief transformation officer, CIO, CTO, CFO, chief data officer (CDO), and chief risk officer (CRO).

Question 15

Q

Which ONE of the following AWS CAF perspectives helps ensure that your cloud services are delivered at a level that meets the needs of your business.

A. Business
B. People
C. Governance
D. Platform
E. Operations
F. Security

Answer

A

E
The Operations perspective helps ensure that your cloud services are delivered at a level that meets the needs of your business. Common stakeholders include infrastructure and operations leaders, site reliability engineers, and information technology service managers.

Question 16

Q

A company is planning to run a global marketing application in the AWS Cloud. The application will feature videos that can be viewed by users. The company must ensure that all users can view these videos with low latency.
Which AWS service should the company use to meet this requirement?
A. AWS Auto Scaling
B. Amazon Kinesis Video Streams
C. Elastic Load Balancing
D. Amazon CloudFront

Answer

A

D
Cloudfront used edge locations to ensure content is cached in locations close to the users to help with low latency

Question 17

Q

Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from infrastructure or service disruptions and dynamically acquire computing resources to meet demand?
A. Security
B. Reliability
C. Performance efficiency
D. Cost optimization

Answer

A

B
The reliability pillar focuses on workloads performing their intended functions and how to recover quickly from failure to meet demands. Key topics include distributed system design, recovery planning, and adapting to changing requirements.

Question 18

Q

Which of the following are benefits of migrating to the AWS Cloud? (Choose two.)
A. Operational resilience
B. Discounts for products on Amazon.com
C. Business agility
D. Business excellence
E. Increased staff retention

Answer

A

A and C
There are several benefits to migrating to the AWS Cloud, including:

A. Operational resilience: The AWS Cloud is designed to be highly available and scalable, which can help organizations improve their operational resilience and reduce the impact of failures or disruptions.

C. Business agility: Migrating to the AWS Cloud can help organizations to increase their business agility by allowing them to quickly and easily deploy new applications and services, scale their infrastructure up or down as needed, and experiment with new technologies.

Question 19

Q

A company is planning to replace its physical on-premises compute servers with AWS serverless compute services. The company wants to be able to take advantage of advanced technologies quickly after the migration.
Which pillar of the AWS Well-Architected Framework does this plan represent?
A. Security
B. Performance efficiency
C. Operational excellence
D. Reliability

Answer

A

B
Design Principles
There are five design principles for performance efficiency in the cloud:

Democratize advanced technologies
Go global in minutes
#####Use serverless architectures#####
Experiment more often
Consider mechanical sympathy

The performance efficiency pillar focuses on structured and streamlined allocation of IT and computing resources. Key topics include selecting resource types and sizes optimized for workload requirements, monitoring performance, and maintaining efficiency as business needs evolve.

Question 20

Q

A large company has multiple departments. Each department has its own AWS account. Each department has purchased Amazon EC2 Reserved Instances.
Some departments do not use all the Reserved Instances that they purchased, and other departments need more Reserved Instances than they purchased.
The company needs to manage the AWS accounts for all the departments so that the departments can share the Reserved Instances.
Which AWS FEATURE should the company use to meet these requirements?
A. AWS Systems Manager
B. Cost Explorer
C. AWS Trusted Advisor
D. AWS Organizations

Answer

A

D organinzations - used to manage multiple accounts.
Centrally manage billing and costs
Organizations provides you with a single consolidated bill. In addition, you can view usage from resources across accounts and track costs using AWS Cost Explorer, and optimize your usage of compute resources using AWS Compute Optimizer.

Question 21

Q

Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.)
A. ׀*׀¡2 Reserved Instances
B. EC2 Amazon Machine Images (AMIs)
C. Amazon Elastic Block Store (Amazon EBS) snapshots
D. AWS Shield
E. Amazon GuardDuty

Answer

A

B and C
You can back up Amazon EC2 instances used by your workload as Amazon Machine Images (AMIs). The AMI is created from snapshots of your instance’s root volume and any other EBS volumes attached to your instance. You can use this AMI to launch a restored version of the EC2 instance

Question 22

Q

TRUE or FALSE
If you have a Basic Support and Developer Support plan, you can use the Trusted Advisor console to access checks in the following security category:

Amazon EBS Public Snapshots

Amazon RDS Public Snapshots

Amazon S3 Bucket Permissions

IAM Use

MFA on Root Account

Security Groups – Specific Ports Unrestricted

Answer

A

TRUE
If you have a Basic Support and Developer Support plan, you can use the Trusted Advisor console to access all checks in the Service limits category and ALL the following checks in the security category mentioned.

Amazon EBS Public Snapshots

Amazon RDS Public Snapshots

Amazon S3 Bucket Permissions

IAM Use

MFA on Root Account

Security Groups – Specific Ports Unrestricted

Question 23

Q

A company is migrating to the AWS Cloud instead of running its infrastructure on premises.
Which of the following are advantages of this migration? (Choose two.)
A. Elimination of the need to perform security auditing
B. Increased global reach and agility
C. Ability to deploy globally in minutes
D. Elimination of the cost of IT staff members
E. Redundancy by default for all compute services

Answer

A

B and C

he six advantages of cloud computing are:
* Trade upfront expense for variable expense.
* Benefit from massive economies of scale.
* Stop guessing capacity.
* Increase speed and agility. Yes B
* Stop spending money running and maintaining data centers.
* Go global in minutes. YES C

Question 24

Q

A user is comparing purchase options for an application that runs on Amazon EC2 and Amazon RDS. The application cannot sustain any interruption. The application experiences a predictable amount of usage, including some seasonal spikes that last only a few weeks at a time. It is not possible to modify the application.
Which purchase option meets these requirements MOST cost-effectively?
A. Review the AWS Marketplace and buy Partial Upfront Reserved Instances to cover the predicted and seasonal load.
B. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to run on Spot Instances.
C. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to run at an On-Demand rate.
D. Buy Reserved Instances to cover all potential usage that results from the seasonal usage.

Answer

A

C
C is the correct answer, the question explicitly mentioned that “The application cannot sustain any interruption” of which Spot Instances are ideal for workloads with flexible start and end times, or that can withstand interruptions. Ideally we want pricing that doesn’t allow interruption in this case it will be On-Demand.

Question 25

Q

Where can I get more exam questions

Answer

A

https://www.examtopics.com/exams/amazon/aws-certified-cloud-practitioner/

Question 26

Q

When we mention AWS global content delivery network which service
are we talking about?

A. Region
B. Edge Location
C. Local Zone
D. Availability Zone

Answer

A

Ans. B

this is cloudfront

Question 27

Q

A company wants to migrate a critical application to AWS. The application has a short runtime. The application is invoked by changes in data or by shifts in system state. The company needs a compute solution that maximizes operational efficiency and minimizes the cost of running the application.
Which AWS solution should the company use to meet these requirements?
A. Amazon EC2 On-Demand Instances
B. AWS Lambda
C. Amazon EC2 Reserved Instances
D. Amazon EC2 Spot Instances

Answer

A

b
From: https://aws.amazon.com/lambda/

Run code without provisioning or managing infrastructure. Simply write and upload code as a .zip file or container image.
Automatically respond to code execution requests at any scale, from a dozen events per day to hundreds of thousands per second.
Save costs by paying only for the compute time you use—by per-millisecond—instead of provisioning infrastructure upfront for peak capacity.

Question 28

Q

Which AWS service or feature allows users to connect with and deploy AWS services programmatically?
A. AWS Management Console
B. AWS Cloud9
C. AWS CodePipeline
D. AWS software development kits (SDKs)

Question 29

Q

A company plans to create a data lake that uses Amazon S3.
Which factor will have the MOST effect on cost?
A. The selection of S3 storage tiers
B. Charges to transfer existing data into Amazon S3
C. The addition of S3 bucket policies
D. S3 ingest fees for each request

Answer

A

A
The most “effect” on cost. Transferring the data is going to be a set cost. There’s not really multiple options to effect the price of transferring. Which storage tier they pick out of all the options can largely effect the final cost.

Question 30

Q

Which AWS service or feature can a company use to determine which business unit is using specific AWS resources?
A. Cost allocation tags
B. Key pairs
C. Amazon Inspector
D. AWS Trusted Advisor

Answer

A

Cost allocation tags
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html

A tag is a label given to aws resources , each have key and values, each resources and key must be unique and each key have only one value .

Question 31

Q

TRUE or FALSE
You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report, to make it easier for you to categorize and track your AWS costs.

Question 32

Q

Which AWS hybrid storage service enables a user’s on-premises applications to seamlessly use AWS Cloud storage.

a. Internet Gateway
b. AWS Storage Gateway
c. S3 Standard IA
d. S3 Standard

Answer

A

B
AWS Storage Gateway

Question 33

Q

A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in an Amazon VPC.

Which service should be used to deploy the application?

a. AWS Lambda
b. AWS EBS
c. AWS Elastic Beanstalk
d. AWS code deploy

Answer

A

C
AWS Elastic Beanstalk

Question 34

Q

A Service Control Policy (SCP) is used to manage the maximum available permissions and is associated with which of the following?

Service control policies (SCPs) manage permissions for which of the following?

a. Availability Zone
b. Regions
c. Organizational Unit
d. IAM

Answer

A

C
AWS SCP is a collection of permissions that can be applied at the root level of an AWS account or an Organizational Unit (OU) within an AWS Organization. These policies serve as guardrails for the accounts in the member account or OU, limiting the actions that users, groups, or roles within the account can take.

Question 35

Q

What can be used to allow an application running on an Amazon EC2 instance to securely store data in an Amazon S3 bucket without using long-term credentials?

a. groups
b. group policy
c. AWS config
d. roles

Answer

A

D
AWS IAM Role

Question 36

Q

Which AWS service should a Cloud Practitioner use to automate conﬁguration management using Puppet?

a. AWS OpsWork
b. AWS config
c. AWS shield
d. AWS automat

Answer

A

A
AWS OpsWorks is a configuration management service that helps you configure and operate applications in a cloud enterprise by using Puppet or Chef. AWS OpsWorks Stacks and AWS OpsWorks for Chef Automate let you use Chef cookbooks and solutions for configuration management, while OpsWorks for Puppet Enterprise lets you configure a Puppet Enterprise master server in AWS. Puppet offers a set of tools for enforcing the desired state of your infrastructure, and automating on-demand tasks.

Question 37

Q

Which Amazon EC2 pricing model should be avoided if a workload cannot accept interruption if capacity becomes temporarily unavailable?

a. spot instances
b. on-demand instances
c. RDS
d. EC2 standard IA

Answer

A

A
spot instances

Question 38

Q

Which AWS-managed service can be used to process vast amounts of data using a hosted Hadoop framework?

a. AWS Redshift
b. AWS Gateway
c. Amazon RDS
d. Amazon EMR

Answer

A

D
Amazon EMR; Amazon Elastic Map Reduce (EMR) is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. EMR utilizes a hosted Hadoop framework running on Amazon EC2 and Amazon S3.

Question 39

Q

Which AWS Service that enables you to continually monitor your resources for adherence to best practices?

a. Amazon GuardDuty
b. AWS Artifact
c. Amazon Inspector
d. AWS config

Answer

A

D
AWS config
AWS Config is a config tool that helps you assess, audit, and evaluate the configurations and relationships of your resources.
You can use the service to automate the evaluation and remediation of recorded configurations against desired configurations. You also can review changes in configurations and relationships between AWS resources and dive into the history of a resource configuration.

Question 40

Q

Which of the following is a security serivce that provides protection
against a type of attack that floods network traffic to you
application

a. Amazon Macie
b. Amazon Shield
c. Amazon GuardDuty
d. Amazon Inspector

Answer

A

Ans. B
Amazon Shield provides protection against DDoS threats
enables on-going threat detection
you keep it running
there is two - shield and advanced shield

Question 41

Q

Which of the following security services utilizies machine
learning to analyze data stored in amazon S3, and provides
alerts if it detects anything unusual?

A. Amazon Inspector
b. Amazon CloudWatch
c. Amazon Macie
d. Amazon Shield

Answer

A

Ans. C
it uses ML to analyzed data stored in S3
provides dashboards that show how data is stored and accessed
allows you to have alerts

Question 42

Q

The service proves a network reachability and host assessment,
which type is it?

A. Amazon Cloudwatch
b. Amazon Service Catalog
c. Amazon inspector
d. Amazon GuardDuty

Answer

A

ans. C
Amazon inspector is charged by instance per assessment
two types of rules packages network reachability and host assessment.
Amazon Inspector is a vulnerability management service that continuously scans your AWS workloads for software vulnerabilities and unintended network exposure. Amazon Inspector automatically discovers and scans running Amazon EC2 instances, container images in Amazon Elastic Container Registry (Amazon ECR), and AWS Lambda functions for known software vulnerabilities and unintended network exposure.

Question 43

Q

If you would like to use pre-defined solutions in AWS which two
would you choose?

a. AWS service catalog
b. AWS cloudformation
c. AWS marketplace
d. AWS config

Answer

A

Ans. a and c

aws service catalog - targetd to serve as an organization
service catalog in the cloud. Can include single server
image to multi tier custom applications
enables organizations to leverage services that meet
compliance
supports a lifecyle for services released in the catalog.

AWS marketplace - third party solutions for any aws
customer to run. SaaS solutions, cloud formation solutions.
provides different license types.
charges appear on your AWS bill - they will be an additional
charge.

Question 44

Q

Which aws developer service is like GIT?

a. aws codecommit
b. aws code build
c. aws codepipeline
d. aws codedeploy
e. aws codestar

Answer

A

Ans: a
Securely host highly scalable private Git repositories and collaborate on code
AWS CodeCommit is a secure, highly scalable, fully managed source control service that hosts private Git repositories.
codecommit is a utility git for repositories
you can control access with IAM policies
serves as an alternative to git hub

Question 45

Q

Which of the following would you use if you needed a way
to manage the deployment of your customer applications?

a. aws CodeCommit
b. aws code build
c. aws codepipeline
d. aws CodeDeploy
e. aws codestar

Answer

A

Ans: D
AWS CodeDeploy is a managed deployement service for
deploying your custom applications
Deploys to amazon ec2, fargate, lambda and on-premise

Question 46

Q

Which of the following provides the capabilites to
automate building, testing and deploying your custom appliccation
in AWS?

a. aws CodeCommit
b. aws code build
c. aws codepipeline
d. aws CodeDeploy
e. aws codestar

Answer

A

ans: C
AWS codepipeline is a fully managed continous deliver service
on AWS
provides the capabilites to automate building, testing
and deploying
integrate with other developer tools as well as Github

AWS CodeStar is a workflow tool, that creates a complete
continous delivery toolchain for custom applications.
you only far charged for the other services uses.

Question 47

Q

They want to ensure your departments follow best practice
and are compliant. Which service tool should they use
so they can create compliant services that the department could use ?

a. AWS Marketplace
b. AWS service catalog
c. AWS Inspector
d. AWS CodeStar

Answer

A

B
Service catalogs

Question 48

Q

They want to ensure your departments follow best practice
and are compliant. Which service should tool should they use to
so they can create compliant servies that the department could use ?

a. AWS Marketplace
b. AWS service catalog
c. AWS Inspector
d. AWS CodeStar

Answer

A

Ans. AWS service catalog
it is ‘just for use’ for your organization

Question 49

Q

Your company deals with sensitive information. You have
put reasonable policies in place to store this data in
S3. Which of the following aws services should you use
to ensure this?

a. Amazon Macie
b. Amazon Inspector
c. Amazon GuardDuty
d. Amazon Artifact

Answer

A

ans. A
Amazon Macie
gives your the ability to find sensitive data and monitor it
for anomalies, then alert you if it sees access control issues.

Question 50

Q

If you are working with your data science team to move their processing work to the cloud, what service would enable them to continue to process data with Apache HBase without having to handle the configuration of the underlying instances?

a. Amazon Sagemaker

b. AWS Glue

c. Amazon DynamoDB

d. Amazon EMR

Answer

A

ans. D
Amazon EMR

Question 51

Q

Jerry wants to create a custom application where users sign-in with their Google account. He wants each signed-in user to have access to an S3 bucket. What service would enable this functionality?

a. Amazon Cognito

a. AWS SSO

b. Amazon Guard Duty

c. Active Directory

Answer

A

ans. A
Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple.

The two main components of Amazon Cognito are user pools and identity pools.

Question 52

Q

Amazon Inspector automatically discovers and scans which of the following (choose two)?
a. Amazon EC2 instances
b. container images in Amazon Elastic Container Registry (Amazon ECR)
c. AWS S3
d. AWS RDS

Answer

A

Answers A and B

Question 53

Q

Amazon Inspector automatically discovers and scans which of the following (choose two)?
a. container images in Amazon Elastic Container Registry (Amazon ECR)
b. AWS elastic beanstalk images
c. AWS S3
d. AWS Lambda functions

Answer

A

A and D

When activated, Amazon Inspector automatically discovers all eligible resources and begins continuous scans of those resources. Amazon Inspector scans for software vulnerabilities and unintended network exposure. Amazon Inspector also runs scans in response to events, such as the installation of a new application or patch.

Question 54

Q

Which of the following services enables serverless querying of data stored within Amazon S3 using standard SQL queries?

A. Amazon Quicksight
B. Amazon Athena
C. Amazon CloudTrail
D. Amazon CloudSearch

Answer

A

B
Amazon Athena

Question 55

Q

Which one of the following services would you use for Managed search service for custom applications?

A. Amazon CloudSearch
B. Amazon Athena
C. Amazon CloudTrail
D. Amazon Quicksight

Answer

A

A
Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application.
Amazon CloudSearch supports 34 languages and popular search features such as highlighting, autocomplete, and geospatial search.

Question 56

Q

Which on of the following is a Data workflow orchestration service that supports
multiple AWS services providing extract, transform, and
load (ETL) capabilities?

A. Amazon CloudSearch
B. Amazon Data Pipeline
C. Amazon EMR
D. Amazon Quicksight

Answer

A

B
AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals. With AWS Data Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to AWS services such as Amazon S3, Amazon RDS, Amazon DynamoDB, and Amazon EMR.

Question 57

Q

Which AWS services can you transfer the results of ETL when using AWS Data Pipeline? (Pick two)

a. Amazon S3
b. Amazon EC2
c. Amazon RDS
d. Amazon Containers

Answer

A

A and C
With AWS Data Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to AWS services such as Amazon S3, Amazon RDS, Amazon DynamoDB, and Amazon EMR.

Question 58

Q

Which AWS services can you transfer the results of ETL when using AWS Data Pipeline?

a. Amazon EMR
b. Amazon EC2
c. Amazon Lambda
d. Amazon DynamoDB

Answer

A

a d With AWS Data Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to AWS services such as Amazon S3, Amazon RDS, Amazon DynamoDB, and Amazon EMR..

AWS Data Pipeline allows you to take advantage of a variety of features such as scheduling, dependency tracking, and error handling. You can use activities and preconditions that AWS provides and/or write your own custom ones. This means that you can configure an AWS Data Pipeline to take actions like run Amazon EMR jobs, execute SQL queries directly against databases, or execute custom applications running on Amazon EC2 or in your own datacenter.

Question 59

Q

Which of the following AWS tools and services allows you to run SQL queries ? (Pick two)

a. AWS Data Pipeline
b. AWS Athena
c. Amazon CloudSearch
d. Amazon Translate

Answer

A

A and B
AWS Data Pipeline create pipelines for a number of more complex use cases, such as regularly processing your log files, archiving data to Amazon S3, or running periodic SQL queries.
AWS Athena is a SQL service to pull that data out of S3 and push it into a relational structure. It’s great for inspecting buckets, transforming data through ETL processes, or cleaning data to send to services like Hadoop.
Amazon Athena is an interactive query service that makes it easy to analyze data directly in Amazon Simple Storage Service (Amazon S3) using standard SQL. With a few actions in the AWS Management Console, you can point Athena at your data stored in Amazon S3 and begin using standard SQL to run ad-hoc queries and get results in seconds.

Question 60

Q

Which one of the following is a compliance service in AWS that is a Fully-managed service that continually monitors your AWS account and resources for potential malicious behavior and anomalies?

a. Amazon CloudTrail
b. Amazon Artifact
c. Amazon GuardDuty
d. Amazon config

Answer

A

C
GuardDuty is more tilted towards indications of actual compromise .
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3

Question 61

Q

Which of the following is AWS GuardDuty used for?

a. performs functions such as examining every single query on your application
b. protects web applications from DDoS attacks
c. monitor and analyze all activities for your Amazon Web Services account
d. Detects sensitive information and personal information and provides alerts to users

Answer

A

A and C
GuardDuty =This tool of AWS is from AWS basically to detect threats. Guardduty reads the logs throughout AWS and keeps the users posted in case of threats. AWS Guardduty is the best complete application protection service because of the coverage and the complete scope it can provide. No other service can.

Amazon Macie = Detects sensitive information and personal information and provides alerts to users.

Amazon Shield = Service from AWS that protects web applications from DDoS attacks.

Question 62

Q

Which of the following service does this describe?
Continuously monitor your AWS accounts, instances, serverless and container workloads, users, databases, and storage for potential threats.

a. Amazon GuardDuty
b. Amazon Inspector
c. Amazon Shield
d. Amazon detective

Answer

A

A
Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
the different workload and resource types that you can continuously monitor for threats using Amazon GuardDuty. The items outlined are: Amazon S3, databases, container workloads, instance workloads, accounts and users, and serverless.

Question 63

Q

Which of the 7 Rs in the Migration strategy does this use case describe: Enhanced modernization or upgrade of the application/service underlaying components such as OS and Databases.

a. replatform
b. rehost
c. rebuild
d. refactor

Answer

A

A
Replatform: Enhanced modernization or upgrade of the application/service underlaying components such as OS and Databases.

Question 64

Q

Which of the 7 Rs in the Migration strategy does this use case describe: Do nothing and keep running the application in the current location.

a. replatform
b. rehost
c. retain
d. refactor

Answer

A

Retain: Do nothing and keep running the application in the current location.

Answer 63

A

D
Refactor / Re-architect: Modernization of the application by applying changes to the code base in order to support a modernization pattern and/or changing its architecture (e.g., containerization, serverless)

Answer 64

A

B
Rehost: Rapid migration of servers and applications without architectural, technology or functionality changes.

Answer 65

A

C
Retire: Decommission the application without migrating or modernizing.

Answer 66

A

A
Relocate: Rapid migration of servers and applications to vmware cloud on AWS.

Answer 67

A

D
Repurchase: Purchase, configure or customize a COTS (Commercial Of The Shelf) or SaaS (Software as a Service) product.

Answer 68

A

A
Refactor - this is when you replace some systems with containers, microsystems, use devops, perform code refactoring, use managed services databases

Answer 69

A

A, B and D

Answer 70

A

A and B

Large Number of Rules in an EC2 Security Group
Description
Checks each Amazon Elastic Compute Cloud (Amazon EC2) security group for an excessive number of rules.

If a security group has a large number of rules, performance can be degraded.

Amazon EBS under-provisioned volumes
Description
Checks the Amazon Elastic Block Store (Amazon EBS) volumes that were running at any time during the lookback period. This check alerts you if any EBS volumes were under-provisioned for your workloads. Consistent high utilization can indicate optimized, steady performance, but can also indicate that an application does not have enough resources.

Answer 71

A

FALSE

In the CloudFront console, you can set alarms to notify you by Amazon Simple Notification Service (Amazon SNS) based on specific CloudFront metrics.

BUT it is CloudWatch that does the alarms, you watch a single metric over a time period that you specify. If the metric exceeds a given threshold, a notification is sent to an Amazon SNS topic or AWS Auto Scaling policy. CloudWatch alarms do not invoke actions when a metric is in a particular state. Rather the state must have changed and been maintained for a specified number of periods.

Answer 72

A

C, D and E

The developer plan only has Business hours** web access to Cloud Support Associates

Business and all Enterprise plans offer 24/7 phone, web, and chat access to Cloud Support Engineers

Answer 73

A

C
The business support plan provides a response time of less than 1 hour if a production system has a service interruption. The developer plan does not any production support response.

Answer 74

A

FALSE
To be able to start using AWS Service Control Policies you need to enable AWS Organizations first in the AWS Console

Answer 75

A

A
Tools like AWS CloudTrail and the service last accessed data in IAM are good ways to determine whether a specific AWS Service that you wish to block is being used in your target AWS account.

Answer 76

A

a, b,c,d, and e

All of the plans get this dashboard

Answer 77

A

D and E

AWS Infrastructure Event Management (IEM) offers architecture and scaling guidance and operational support during the preparation and execution of planned events, such as shopping holidays, product launches, and migrations. For these events, AWS Infrastructure Event Management will help you assess operational readiness, identify and mitigate risks, and execute your event confidently with AWS experts by your side. The program is included in the Enterprise Support plan and is available to Business Support customers for an additional fee.

Answer 78

A

F
sustainability

Answer 79

A

D
performance efficiency

Answer 80

A

ans A

Operational Excellence

Answer 81

A

b
Reliability

Answer 82

A

E
cost optimization

Answer 83

A

AWS config - Continually monitor AWS resources and provides
conformance packs for specific compliance standards
The AWS Config service assesses how well your resource configurations comply with internal practices, industry guidelines, and regulations.

Answer 84

A

D

Amazon GuardDuty
Provides intelligent threat detection.
configure GuardDuty to meet your security and compliance objectives.

Answer 85

A

B
RDS Protection in Amazon GuardDuty analyzes and profiles RDS login activity for potential access threats to your Amazon Aurora databases (Amazon Aurora MySQL-Compatible Edition and Aurora PostgreSQL-Compatible Edition). This feature allows you to identify potentially suspicious login behavior. RDS Protection doesn’t require additional infrastructure; it is designed so as not to affect the performance of your database instances.

Answer 86

A

C
AWS Artifact

Answer 87

A

A
AWS well architected framework
The AWS Well-Architected Framework describes key concepts, design
principles, and architectural best practices for designing and running
workloads in the cloud. These principles are covered through six
different pillars.

Answer 88

A

Global
Does not require region selection
“S3 does not require region selection.” Also, you will notice that all the regions are greyed out and you actually can’t change the region.

Answer 89

A

B
According to AWS:
What is an AWS artifact?
AWS Artifact is a web service that enables you to download AWS security and compliance documents such as ISO certifications and SOC reports. User Guide.

Answer 90

A

B
To access the AWS Support Center, sign in with either of the following steps:

Use your AWS account root user credentials

-or-

Use your AWS Identity and Access Management (IAM) user credentials with access permissions for AWS Support plans. For more information, see Manage access for AWS Support plans.

This is a tricky on because if root granted access permissions to a IAM user then they too can access support plans and change them.

Answer 91

A

To efficiently handle concurrent requests from different users, the company can use a combination of Amazon Simple Queue Service (Amazon SQS) and AWS Lambda, which is option A.

Answer 92

A

C
Pay-as-you-go model
The AWS Cloud pricing model differs from traditional on-premises storage pricing in that it is based on a pay-as-you-go model with no upfront cost commitments. This means that customers only pay for the resources they consume and can easily scale up or down as needed.

Answer 93

A

B
service control policies are a feature of AWS organizations that allow the customer to define and enforce rules.

Answer 94

A

C. AWS Service Catalog
Apply access controls
Scale and control permissions so you can manage resource access in multi-account AWS environments.

How it works
AWS Service Catalog lets you centrally manage deployed IT services, applications, resources, and metadata to achieve consistent governance of your infrastructure as code (IaC) templates. With AWS Service Catalog, you can meet your compliance requirements while making sure your customers can quickly deploy the approved IT services they need.

Answer 95

A

A
Reserved instances are ideal for steady and predictable usage. They can help you save significantly on your Amazon EC2 costs compared to on-demand instance pricing because in exchange for your commitment to pay for all the hours in a one-year or three-year term, the hourly rate is lowered significantly.

Answer 96

A

A and D
They evaluate each network packet independently and don’t track the state of the traffic flow. Therefore, any changes to the traffic flow require explicit rules for each direction of traffic.

They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic: AWS Network ACLs process the rules in sequential order starting with the lowest numbered rule to the highest numbered rule to decide whether to allow traffic or not

Answer 97

A

D
Loosely coupled is correct. In the cloud practitioner course states that in a microservices approach, application components are loosely coupled. In this case, if a single component fails, the other components continue to work because they are communicating with each other. The loose coupling prevents the entire application from failing.

Answer 98

A

B
Security groups act as a virtual firewall for the associated instances and control inbound and outbound traffic at the protocol and port level. By configuring the security group to allow only the necessary traffic from the corporate network to the RDS instance, the company can limit access to the instance.

AWS WAF is a web application firewall that lets you monitor the HTTP(S) requests that are forwarded to your protected web application resources. You can protect the following resource types:
Amazon CloudFront distribution
Amazon API Gateway REST API
Application Load Balancer

AWS AppSync GraphQL API
Amazon Cognito user pool

Answer 99

A

b - is what S3 will do for you
c - is what Aurora will do for you

Answer 100

A

a - EBS costs more than s3.

s3 has different cost plans
s3 is the right option to store backups

Answer 101

A

C
Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk.

Answer 102

A

B
a Transit Gateway will allow you to access those services with a simpler network configuration.
AWS Transit Gateway routes all traffic to and from each VPC or VPN, and you have one place to manage and monitor it all. It is a HUB like feature.

Answer 103

A

B
Both Cost Explorer and Cost and Usage reports are for same purpose. The main difference is Cost Explorer gives graphically representation.

Answer 104

A

B
Amazon AppStream 2.0 is a fully managed non-persistent desktop and application service for remotely accessing your work.

Amazon AppStream 2.0 is a fully managed, secure application streaming service that lets you stream desktop applications to users without rewriting applications. AppStream 2.0 provides users with instant access to the applications that they need with a responsive, fluid user experience on the device of their choice.

Answer 105

A

A
The key here is ‘eliminate the need to provision container HOSTS’. ECS is an orchestrator management too. you still need to create ec2 hosts for the docker containers with ECS.

AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). AWS Fargate makes it easy to focus on building your applications. Fargate eliminates the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design.

Answer 106

A

B

AWS IAM Access Analyzer helps identify resources in your organization and accounts that are shared with an external entity. IAM Access Analyzer validates IAM policies against policy grammar and best practices. IAM Access Analyzer generates IAM policies based on access activity in your AWS CloudTrail logs.

AWS IAM Access Analyzer helps identify any unintended access to AWS resources. It checks policies for resources such as Amazon S3 buckets and IAM roles to ensure that only authorized users and services have access to them. It offers actionable recommendations to help users set secure and functional policies.

Answer 107

A

AWS Snowball Edge is a petabyte-scale data transfer and edge computing device that can be used to move large amounts of data in and out of AWS, as well as perform local processing and data storage. Snowball Edge can be used in environments where there is intermittent or no internet connectivity to collect, format, and process data at sea and then move the data to AWS when a connection is available.

Answer 108

A

C. Amazon Neptune is a fast, reliable, fully managed graph database service that enables you to build and run applications that work with highly connected datasets. Neptune uses a distributed, fault-tolerant architecture that is designed to provide high availability and durability. Data is automatically replicated across multiple Availability Zones, which helps ensure that the database remains available even in the event of a failure.

D. Amazon DocumentDB (with MongoDB compatibility) is a fully managed document database service that is designed to be compatible with MongoDB workloads. DocumentDB uses a distributed, fault-tolerant architecture that is designed to provide high availability and durability. Data is automatically replicated across multiple Availability Zones, which helps ensure that the database remains available even in the event of a failure.

Answer 109

A

C and D

Amazon Aurora automatically maintains six copies of your data across three Availability Zones (AZs) and will automatically attempt to recover your database in a healthy AZ with no data loss.

By default AWS DynamoDB is a multi-AZ enabled service which means that your data is by default replicated across 3 data centers (minimum of 2 AZs)

EBS are replicated within the same AZ but not across AZ.

Amazon Redshift allows users to replicate their data across numerous regions by extracting data from their tables using the unload command and then loading the data in the target tables via Amazon S3. So, there is a process that has to be done it doesn’t occur by default.

Answer 110

A

B
Tagging the objects in the S3 bucket can help the user restrict access to the objects by implementing resource-level permissions. The user can create a policy that allows access to objects only if they have specific tags. This way, the user can ensure that only authorized users can access the objects that require compliance obligations.

if just ‘ACL’ was an option that that could be correct, be network ACLs is a virtual firewall on the subnet level. D is NOT correct in fact: Starting in April 2023, Amazon S3 will change the default settings for S3 Block Public Access and Object Ownership (ACLs disabled) for all new S3 buckets.

Suppose that an object contains protected health information (PHI) data. You might tag the object using the following key-value pair.

PHI=True

Answer 111

A

d. AWS Data Pipeline

AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals. With AWS Data Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to AWS services such as Amazon S3, Amazon RDS, Amazon DynamoDB, and Amazon EMR.

AWS Data Pipeline helps you easily create complex data processing workloads that are fault tolerant, repeatable, and highly available. You don’t have to worry about ensuring resource availability, managing inter-task dependencies, retrying transient failures or timeouts in individual tasks, or creating a failure notification system. AWS Data Pipeline also allows you to move and process data that was previously locked up in on-premises data silos.

Answer 112

A

a.
Create an IAM account with permissions only for the system he needs to access

Answer 113

A

d. Amazon EMR

Answer 114

A

c. AWS DataSync

Answer 115

A

b.
Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization

and a sixth is sustainability

Answer 116

A

a.
Pilot Light

Answer 117

A

c. AWS DataSync

Answer 118

A

The AWS service that the company should use to meet these requirements is C. AWS Outposts.

AWS Outposts is a fully-managed service that extends AWS infrastructure, services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility for a truly consistent hybrid experience. With AWS Outposts, the company can run AWS services locally, including compute, storage, database, and analytics, while seamlessly connecting to AWS services in the cloud.

LAMBDA Does not offer low latency?
AWS IoT Greengrass (option A) is a service that enables you to run AWS Lambda functions and keep device data in sync with the cloud, even when the devices are offline.

Answer 119

A

The answer is C - Transit Gateway. The more complicated topology is the more likely Transit Gateway will be the answer.

Answer 120

A

The AWS service that should be used to perform sentiment analysis on customer service email messages is Amazon Comprehend. Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text. It can be used to perform sentiment analysis, entity recognition, topic modeling, and language detection.

Amazon Textract is a service that is used for extracting text and data from scanned documents, but it is not used for sentiment analysis.

Amazon Translate is a service that is used for translating text from one language to another, but it is not used for sentiment analysis.

Amazon Rekognition is a service that is used for image and video analysis, such as object and scene detection, facial analysis, and celebrity recognition, but it is not used for sentiment analysis of text.

Answer 121

A

B
“You can also use AWS WAF to block or allow requests based on conditions that you specify, such as the IP addresses that requests originate from or values in the requests.”
Values in the requests can match sql injections

Answer 122

A

C. AWS Trusted Advisor
How many service limits does AWS trusted advisor support?

One of the easiest ways to do this is via AWS Trusted Advisor’s Service Limit Dashboard, which currently covers 39 limits across 10 services. With the recent launch of Trusted Advisor metrics in Amazon CloudWatch, Business and Enterprise support customers can create customizable alarms for individual service limits.

NOTE: there is another service - Quota Monitor for AWS to does this too , Monitor resource usage and send notifications when approaching quotas by leveraging trusted avisor and service quotas.

Answer 123

A

D and E
The AWS services that offer gateway VPC endpoints that can be used to avoid sending traffic over the internet are:

D. Amazon S3
E. Amazon DynamoDB

Amazon S3 and Amazon DynamoDB both offer gateway VPC endpoints that allow you to access the services over a private network connection within your VPC, without the need to go over the internet. This can help improve security, reduce latency, and lower data transfer costs.

Amazon SNS, Amazon SQS, and AWS CodeBuild do not offer gateway VPC endpoints. However, you can still use these services securely within your VPC by using VPC endpoints for AWS services or by setting up a VPC peering connection.

Answer 124

A

B may be true … but you can have it automatically patch.
By default, your Amazon WorkSpaces are configured to install software updates. Amazon Linux and Ubuntu WorkSpaces will be updated to install the latest security and software patches, and Amazon WorkSpaces with Windows have Windows Updates turned on. You can customize these settings, or use an alternative patch management approach. Updates are installed at 2am each Sunday.

Answer 125

A

b
The review of architectures must be done in a consistent manner, with a blame-free approach that encourages diving deep. It should be a lightweight process (hours not days) that is a conversation and not an audit. The purpose of reviewing an architecture is to identify any critical issues that might need addressing or areas that could be improved. The outcome of the review is a set of actions that should improve the experience of a customer using the workload.

Answer 126

A

d VPC peering is free and if vpc’s are in the same az then free.

Answer 127

A

A and D
A. Use Amazon EC2 Instance Connect: This is a browser-based SSH connection method that allows you to connect to your EC2 instances using AWS Identity and Access Management (IAM) credentials, without the need to manage SSH keys. You can use Instance Connect to connect to an instance using the EC2 console, AWS CLI, or SDKs.

D. Use AWS Systems Manager Session Manager: This is a fully-managed, secure, and auditable way to access your instances using the AWS Systems Manager console or AWS CLI. With Session Manager, you can tunnel your SSH (Secure Shell) and SCP (Secure Copy) connections to your instances, without requiring inbound connections or the use of bastion hosts or VPNs.

Answer 128

A

c
AWS CloudTrail enables auditing, security monitoring, and operational troubleshooting. CloudTrail records user activity and API calls across AWS services as events. CloudTrail events help you answer the question of “Who did what, where, and when?”

Answer 129

A

A and D
CloudTrail records two types CloudTrail of events:

Management events that capture control plane actions on resources, such as creating or deleting Amazon Simple Storage Service (S3) buckets.
Data events that capture data plane actions within a resource, such as reading or writing an Amazon S3 object.

Answer 130

A

the action types of an Amazon CloudWatch alarm are limited. You can send a message to an SNS topic, perform some EC2 actions such as stopping, terminating, rebooting, or recovering an EC2 instance, or scale an EC2 Auto Scaling group. Or you can use some Systems Manager features, such as creating OpsItems in Systems Manager Ops Center or incidents in AWS Systems Manager Incident Manager. Currently, CloudWatch alarm actions are only limited to these.

Answer 131

A

FALSE

You can validate the integrity of CloudTrail log files stored in your S3 bucket and detect whether the log files were unchanged, modified, or deleted since CloudTrail delivered them to your S3 bucket.

Answer 132

A

Rehosting is also called lift-and-shift.

It is a process of moving applications without making any changes to them.

This is a like for like migration

Answer 133

A

D
Repurchasing is a process of changing business type.

It moves your application to a software-as-a-service (SaaS) model from a traditional model.

Brainscape's Knowledge GenomeTM

Random questions Flashcards

Brainscape's Knowledge Genome^TM