Revisit Domain 1: Cloud Concepts

Question 1

A multi-national company has just moved its infrastructure from its on-premises data center to AWS Cloud. As part of the shared responsibility model, AWS is responsible for which of the following?

• Configuring customer applications
• Physical and Environmental controls
• Patching guest OS
• Service and Communications Protection or Zone Security

Answer 1

• Physical and Environmental controls

As part of the shared responsibility model, Physical and Environmental controls are part of the inherited controls and hence these are the responsibility of AWS.

Question 2

A multi-national corporation wants to get expert professional advice on migrating to AWS and managing their applications on AWS Cloud. Which of the following entities would you recommend for this engagement?

• APN Consulting Partner
• AWS Trusted Advisor
• Concierge Support Team
• APN Technology Partner

Answer 2

APN Consulting Partner

The AWS Partner Network (APN) is the global partner program for technology and consulting businesses that leverage Amazon Web Services to build solutions and services for customers.

APN Consulting Partners are professional services firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their migration to AWS cloud.

Question 3

Which of the following are the advantages of cloud computing? (Select three)

• Benefit from massive economies of scale
• Trade variable expense for capital expense
• Trade capital expense for variable expense
• Go global in minutes and deploy apps in multiple regions around the world
• Allocate a few month of planning for your infrastructure capacity needs
• Spend money on building and maintaining data centers

Answer 3

• Benefit from massive economies of scale
• Trade capital expense for variable expense
• Go global in minutes and deploy applications in multiple regions around the world with just a few clicks

Question 4

Which of the following is a benefit of using AWS managed services such as Amazon Relational Database Service (Amazon RDS)?

• There is no need to optimize db instance type and size
• The customer needs to patch the underlying OS
• The perf of AWS managed Amazon RDS instance is better than a cutomer-managed db instance
• The customer needs to manage DB backups

Answer 4

The performance of AWS managed Amazon Relational Database Service (Amazon RDS) instance is better than a customer-managed database instance

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and backups.

Question 5

Which of the following is CORRECT regarding removing an AWS account from AWS Organizations?

• Raise a support ticket with AWS Support to remove the account
• The AWS account can be removed from AWS Systems Manager
• The AWS account must not have any Service Control Policies (SCPs) attached to it. Only then it can be removed from AWS organizations
• The AWS account must be able to operate as a standalone account. Only then it can be removed from AWS organizations

Answer 5

The AWS account must be able to operate as a standalone account. Only then it can be removed from AWS organizations

You can remove an account from your organization only if the account has the information that is required for it to operate as a standalone account. For each account that you want to make standalone, you must accept the AWS Customer Agreement, choose a support plan, provide and verify the required contact information, and provide a current payment method. AWS uses the payment method to charge for any billable (not AWS Free Tier) AWS activity that occurs while the account isn’t attached to an organization.

Question 6

Internet Gateway

Answer 6

An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic and to perform network address translation (NAT) for instances. Internet Gateway cannot be used to privately connect on-premises data center to AWS Cloud

Question 7

Which of the following statements are CORRECT regarding the AWS VPC service? (Select two)

• A Security Group can have allow rules only
• A Network Address Translation gateway (NAT gateway) is managed by AWS
• A Security Group can have both allow and deny rules
• A Network Address Translation instance (NAT instance) is managed by AWS
• A network access control list (network ACL) can have allow rules only

Answer 7

A Security Group can have allow rules only

A Network Address Translation gateway (NAT gateway) is managed by AWS

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. Security groups act at the instance level, not at the subnet level. You can specify allow rules, but not deny rules. You can specify separate rules for inbound and outbound traffic.

Question 8

AWS Security Groups (v. AWS ACLs)

Answer 8

Function: Act as a virtual firewall for your Amazon EC2 instances to control inbound and outbound traffic.
Level of Control: Operate at the instance level (associated with EC2 instances).
Rules:
- Allow rules only (no deny rules).
- Default is to deny all inbound traffic; allow specific inbound traffic based on rules.
- Outbound rules are allowed by default.

Stateful: If you allow incoming traffic on a specific port, the response is automatically allowed, regardless of outbound rules.
Association: Can be associated with multiple instances, and an instance can belong to multiple security groups.

Question 9

AWS Network Access Control Lists (v. AWS Security Groups)

Answer 9

Function: Serve as a firewall for controlling traffic in and out of a subnet within your VPC.
Level of Control: Operate at the subnet level (associated with subnets).
Rules:
- Both allow and deny rules are supported.
- Rules are evaluated in numerical order (lower numbers first).
- Default is to allow all inbound and outbound traffic unless explicitly denied.

Stateless: Rules apply to both incoming and outgoing traffic independently; if you allow incoming traffic, you must also explicitly allow outgoing responses.
Association: Each subnet can be associated with one ACL, and all resources in that subnet share the ACL.

Question 10

Which type of cloud computing does Amazon Elastic Compute Cloud (EC2) represent?

• IaaS
• SaaS
• NaaS
• PaaS

Answer 10

• IaaS

EC2 gives you full control over managing the underlying OS, virtual network configurations, storage, data and applications. So EC2 is an example of an IaaS service.

Question 11

Which option is a common stakeholder role for the AWS Cloud Adoption Framework (AWS CAF) platform perspective? (Select two)

• Code Monkey (Engineer)
• CDO
• CPO
• CIO
• CTO

Answer 11

• Engineer
• CTO

The platform perspective focuses on accelerating the delivery of your cloud workloads via an enterprise-grade, scalable, hybrid cloud environment. It comprises seven capabilities shown in the following figure. Common stakeholders include Chief Technology Officer (CTO), technology leaders, architects, and engineers.

Question 12

A financial services company wants to ensure that its AWS account activity meets the governance, compliance and auditing norms. As a Cloud Practitioner, which AWS service would you recommend for this use-case?

• AWS Trusted Advisor
• AWS Config
• Amazon CloudWatch
• AWS CloudTrail

Answer 12

AWS CloudTrail

You can use CloudTrail to log, monitor and retain account activity related to actions across your AWS infrastructure. CloudTrail provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

Question 13

AWS Cloud Adoption Framework
6 Perspectives

Answer 13

Business Capabilities:
- Business
- People
- Governance

Technical Capabilities
- Platform
- Security
- Operations

Question 14

AWS Cloud Adoption Framework
Business Perspective

Answer 14

The Business Perspective ensures that IT aligns with business needs and that IT investments link to key business results.

Use the Business Perspective to create a strong business case for cloud adoption and prioritize cloud adoption initiatives. Ensure that your business strategies and goals align with your IT strategies and goals.

Common roles in the Business Perspective include:

Business managers
Finance managers
Budget owners
Strategy stakeholders

Question 15

AWS Cloud Adoption Framework
People Perspective

Answer 15

The People Perspective supports development of an organization-wide change management strategy for successful cloud adoption.

Use the People Perspective to evaluate organizational structures and roles, new skill and process requirements, and identify gaps. This helps prioritize training, staffing, and organizational changes.

Common roles in the People Perspective include:

Human resources
Staffing
People managers

Question 16

AWS Cloud Adoption Framework
Governance Perspective

Answer 16

The Governance Perspective focuses on the skills and processes to align IT strategy with business strategy. This ensures that you maximize the business value and minimize risks.

Use the Governance Perspective to understand how to update the staff skills and processes necessary to ensure business governance in the cloud. Manage and measure cloud investments to evaluate business outcomes.

Common roles in the Governance Perspective include:

Chief Information Officer (CIO)
Program managers
Enterprise architects
Business analysts
Portfolio managers

Question 17

AWS Cloud Adoption Framework
Platform Perspective

Answer 17

The Platform Perspective includes principles and patterns for implementing new solutions on the cloud, and migrating on-premises workloads to the cloud.

Use a variety of architectural models to understand and communicate the structure of IT systems and their relationships. Describe the architecture of the target state environment in detail.

Common roles in the Platform Perspective include:

Chief Technology Officer (CTO)
IT managers
Solutions architects

Question 18

AWS Cloud Adoption Framework
Security Perspective

Answer 18

The Security Perspective ensures that the organization meets security objectives for visibility, auditability, control, and agility.

Use the AWS CAF to structure the selection and implementation of security controls that meet the organization’s needs.

Common roles in the Security Perspective include:

Chief Information Security Officer (CISO)
IT security managers
IT security analysts

Question 19

AWS Cloud Adoption Framework
Operations Perspective

Answer 19

The Operations Perspective helps you to enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders.

Define how day-to-day, quarter-to-quarter, and year-to-year business is conducted. Align with and support the operations of the business. The AWS CAF helps these stakeholders define current operating procedures and identify the process changes and training needed to implement successful cloud adoption.

Common roles in the Operations Perspective include:

IT operations managers
IT support managers

Question 20

AWS Migration Strategies
6 Types

Answer 20

Rehosting
Replatforming
Refactoring/re-architecting
Repurchasing
Retaining
Retiring

Question 21

AWS Migration Strategies
Rehosting

Answer 21

Rehosting also known as “lift-and-shift” involves moving applications without changes.

In the scenario of a large legacy migration, in which the company is looking to implement its migration and scale quickly to meet a business case, the majority of applications are rehosted.

Question 22

AWS Migration Strategies
Replatforming

Answer 22

Replatforming, also known as “lift, tinker, and shift,” involves making a few cloud optimizations to realize a tangible benefit. Optimization is achieved without changing the core architecture of the application.

Question 23

AWS Migration Strategies
Refactoring

Answer 23

Refactoring (also known as re-architecting) involves reimagining how an application is architected and developed by using cloud-native features. Refactoring is driven by a strong business need to add features, scale, or performance that would otherwise be difficult to achieve in the application’s existing environment.

Question 24

AWS Migration Strategies
Repurchasing

Answer 24

Repurchasing involves moving from a traditional license to a software-as-a-service model.

For example, a business might choose to implement the repurchasing strategy by migrating from a customer relationship management (CRM) system to Salesforce.com

Question 25

AWS Migration Strategies
Retaining

Answer 25

Retaining consists of keeping applications that are critical for the business in the source environment. This might include applications that require major refactoring before they can be migrated, or, work that can be postponed until a later time.

Question 26

AWS Migration Strategies
Retiring

Answer 26

Retiring is the process of removing applications that are no longer needed.

Question 27

AWS Well-Architected Framework

Answer 27

Operational excellence
Security
Reliability
Performance efficiency
Cost optimization
Sustainability

Question 28

Advantages of AWS Cloud

Answer 28

Trade upfront expense for variable expense.
Benefit from massive economies of scale.
Stop guessing capacity.
Increase speed and agility.
Stop spending money running and maintaining data centers.
Go global in minutes.

Question 29

The AWS Cloud Adoption Framework (AWS CAF) recommends four iterative and incremental cloud transformation phases. Which cloud transformation journey phase of the AWS Cloud Adoption Framework (AWS CAF) focuses on demonstrating how the cloud will help accelerate your business outcomes?

Answer 29

Envision

The Envision phase of the AWS Cloud Adoption Framework (AWS CAF) focuses on demonstrating how the cloud will help accelerate your business outcomes.

Question 30

Which of the following AWS services is essential for implementing security of resources in AWS Cloud?

Answer 30

AWS IAM

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM enables security best practices by allowing you to grant unique security credentials to users and groups to specify which AWS service APIs and resources they can access. These features make IAM an important service for the overall security of AWS resources in your account. IAM is secure by default; users have no access to AWS resources until permissions are explicitly granted.