Revision 1

Question 1

easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.
imply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring.
can access the underlying resources at any time.

Answer 1

AWS Elastic Beanstalk

Question 2

To gain greater discounts, which services can be reserved?

Answer 2

-EC2
-Amazon DynamoDB
-Amazon RedShift
-RDS
-ElastiCache
-OpenSearch Service,

Question 3

-Serverless
-Fully managed NoSQL database
-Supports key-value and document data models.
-Replicates the data across multiple availability zones (AZs)

Answer 3

DynamoDB

Question 4

attached to a VPC and allows inbound traffic from the internet to access the VPC. It is also used as a target in route tables for outbound internet traffic.

Answer 4

Internet gateway

Question 5

Generate reports that break down AWS Cloud compute costs by duration, resource, or tags

Answer 5

AWS Cost & Usage Report.

Question 6

Used for querying data in Amazon S3 using SQL.

Answer 6

Amazon Athena

Question 7

connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once.

Answer 7

AWS Transit Gateway

Question 8

Estimate a monthly bill for the AWS Cloud resources that will be used

Answer 8

Pricing Calculator

Question 9

Types of flow logs

Answer 9

-VPC Flow Logs
-Subnet Flow Logs
-Elastic Network Interface FLow logsELastic

Help to troubleshoot connectivity issues

Question 10

automated vulnerability management service that continually scans Amazon Elastic Compute Cloud (EC2), AWS Lambda functions, and container workloads for software vulnerabilities and unintended network exposure.

Answer 10

Amazon Inspector

Question 11

enables you to easily generate and use your own encryption keys on the AWS Cloud.

helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module

Answer 11

AWS CloudHSM

Question 12

is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.

Answer 12

AWS Storage Gateway

Question 13

lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.

Answer 13

Amazon Cognito.

Question 14

Key pairs are used for authenticating to

Answer 14

EC2 instances.

Question 15

-Estimate savings when comparing the AWS Cloud to an on-premises environment

Answer 15

AWS Total Cost of Ownership (TCO) Calculator

Question 16

AWS-managed service can be used to process vast amounts of data using a hosted Hadoop framework?

Answer 16

-Amazon EMR Elastic Map Reduce

Question 17

software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted.

Answer 17

Software as a Service (SaaS)

Question 18

AWS Trusted Advisor offers a rich set of best practice checks and recommendations across five categories:

Answer 18

-cost optimization
-security
-fault tolerance
-performance
-service limits

Question 19

plan provides access to architectural and operational reviews, as well as 24/7 access to Cloud Support Engineers through email, online chat, and phone

Answer 19

enterprise

Question 20

-NoSQL database that supports document data structures.
-Fully managed
-Flexible schema that allows for the data model to evolve
-MongoDB
-Automatically replicates six copies of your data across 3 availability zones to offer a 99.99% availability.

Answer 20

Amazon DocumentDB

Question 21

A VGW is used for IPSec VPN connections to access a VPC

Answer 21

Virtual Private Gateway

Question 22

group of protocols that are used together to set up encrypted connections between devices. It helps keep data sent over public networks secure.

Answer 22

IPSec

Question 23

intelligent threat detection service

Answer 23

Amazon GuardDuty

Question 24

is an Extract, Transform, and Load (ETL) service.

Answer 24

AWS Glue

Question 25

you visibility and control of your infrastructure on AWS. provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.

Answer 25

AWS Systems Manager

Question 26

Controls traffic to and from an EC2

Answer 26

Security Group
-Allow only
-IP or other security groups
-stateful: return traffic automatically allowed
-evaluate rules before deciding if allow
-must be specified at launch or associated

Question 27

configuration management service that provides managed instances of Chef and Puppet

Answer 27

AWS OpsWorks

Question 28

Firewall that controls traffic from and to a subnet

Answer 28

NACL Network ACL
-Allow / Deny
-IP addresses
-stateless: return traffic must explicit allow
-process rules in numbered order when deciding weather to allow
-auto applied to all instances in subnet

Question 29

makes it easy to analyze, investigate, and quickly identify the root cause of security findings or suspicious activities.

Answer 29

Amazon Detective

Question 30

scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloud.

Answer 30

-Amazon QuickSight

Question 31

fully managed non-persistent application and desktop streaming service.

Answer 31

AppStream 2.0

Question 32

is a cloud computing model where a third-party provider delivers hardware and software tools to users over the internet. Usually, these tools are needed for application development.

Answer 32

Platform as a Service (PaaS)

Question 33

Which AWS services can be used as infrastructure automation tools?

Answer 33

-AWS OpsWorks
-AWS CloudFormation

Question 34

type of cloud-computing service that allows you to execute code in response to events

Answer 34

Function as a Service (FaaS)

Question 35

Seamless omnichannel experience through a single unified contact center for voice, chat, and task management.

Answer 35

Amazon Connect

Question 36

Elastic Load Balancers can only serve targets in a single Region

Answer 36

True

Question 37

used to capture network traffic information,

Answer 37

VPC Flow Logs

Question 38

used to deploy infrastructure from templates,

Answer 38

CloudFormation

Question 39

WAF can be used to protect on-premises resources if they are deployed behind an

Answer 39

Application Load Balancer (ALB)

Question 40

creating a low-latency private connection to an on-premises data center but it cannot be used to extend the VPC.

Answer 40

Direct Connect

Question 41

-Extend your VPC into the on-premises data center
-Fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any data center, co-location space, or on-premises facility for a truly consistent hybrid experience.

Answer 41

AWS Outposts

Question 42

Allows instance to connec to the internet while remaining private/
-AWS managed

Answer 42

NAT Gateway

-customer managed : NAT instance

Question 43

content delivery network (CDN) that caches content around the world for lower latency access.
-improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery).
-good fit for HTTP use cases

Answer 43

Amazon CloudFront

Question 44

manage the maximum available permissions for AWS Organizations
Applied to account or OU

Answer 44

Service Control Policy (SCP)

Organizational Units or Accounts

Question 45

AWS Well-Architected
Under the operational excellence pillar the following best practices

Answer 45

-Perform operations as code
-Make frequent, small, reversible changes
-Refine operations procedures frequently
-Anticipate failure
-Learn from all operational failures

Question 46

Beanstalk is a platform service that leverages the automation capabilities of

Answer 46

CloudFormation

Question 47

-CloudFormation templates that automate the deployment and a guide that discusses the architecture and provides step-by-step deployment instructions.
-Acelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately.

Answer 47

AWS Quick Starts

Question 48

A service that is intended for organizations with multiple accounts and teams who are looking for the easiest way to set up their new multi-account AWS environment and govern at scale

Answer 48

AWS Control Tower

Question 49

collections of users and have policies attached to them.

Answer 49

IAM Group
place the users in the group and then create an IAM policy with the correct permissions and attach it to the group.

Question 50

each NACL can be applied to one or more subnets, but each subnet is required to be associated with one—and only one—NACL

Answer 50

true

Question 51

capture information about inbound and outbound IP traffic on network interfaces in a VPC?

Answer 51

VPC Flow Logs

Question 52

AWS Storage Gateway types of gateways

Answer 52

Tape Gateway
Amazon S3 File Gateway
Amazon FSx File Gateway,
Volume Gateway

Question 53

serverless event bus that makes it easier to build event-driven applications at scale using events generated from your applications.

Answer 53

Amazon EventBridge

Question 54

type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis

Answer 54

Infrastructure as a Service (IaaS)

Question 55

Enables access to your application by leveraging the same Edge Locations as CloudFront and routing connections across the AWS global network.
improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions.
-good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or VoIP, as well as for HTTP use cases that require static IP addresses or deterministic, fast regional failover.

Answer 55

AWS Global Accelerator

Question 56

Each tag consists of a key and a value. For each resource, each tag key must be unique, and each tag key can have only one value.

Answer 56

Add department-specific tags to each resource

Question 57

This service is also involved with creating and managing encryption keys but does not use dedicated hardware.

Answer 57

AWS Key Management Service (AWS KMS)

Question 58

Amazon EC2 Auto Scaling Policies Types

Answer 58

-Scheduled scaling
-Predictive scaling
-Target tracking scaling:(ASG keep in target)
-Step scaling:Launch resources in response to demand (waiting time)

Question 59

set of rules, called routes, that determine where network traffic from your subnet or gateway is directed.

Answer 59

VPC Route Table

Question 60

fully managed ledger database that provides transparent, immutable, and cryptographically verifiable transactions

Answer 60

Amazon Quantum Ledger Database (QLDB)

Question 61

-Relational database that is compatible with MySQL and PostgreSQL
-Scale up to 128 TB
-Can deploy replicas for read scaling within and across Regions.
-Offers automated backups.

Answer 61

Amazon Aurora

Question 62

blazing fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications.

Answer 62

Amazon ElastiCache

Question 63

This service is used for optimizing the network topology of interconnected VPCs and on-premises networks.

Answer 63

AWS Transit Gateway

Question 64

threat detection and continuous security monitoring for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.

Answer 64

Amazon GuardDuty

Question 65

outbound internet access for instances running in a private subnet.

Answer 65

NAT gateway

Question 66

Enable billing alerts to monitor actual AWS costs compared to estimated costs

Answer 66

Amazon CloudWatch.

Question 67

is used for managing EC2 instances such as installing patches and software.

Answer 67

Systems Manager