Scenarios Flashcards
A company wants to migrate a critical application to AWS. The application has a short runtime. The application is invoked by changes in data or by shifts in system state. The company needs a compute solution that maximizes operational efficiency and minimizes the cost of running the application.
Which AWS solution should the company use to meet these requirements?
Lambda
A company plans to create a data lake that uses Amazon S3.
Which factor will have the MOST effect on cost?
The selection of S3 storage tiers
Which AWS service or feature can a company use to determine which business unit is using specific AWS resources?
Cost allocation tags
A company wants to migrate its workloads to AWS, but it lacks expertise in AWS Cloud computing.
Which AWS service or feature will help the company with its migration?
AWS Consulting Partners
A company wants to monitor for misconfigured security groups that are allowing unrestricted access to specific ports.
Which AWS service will meet this requirement?
AWS Trusted Advisor
A network engineer needs to build a hybrid cloud architecture connecting on-premises networks to the AWS Cloud using AWS Direct Connect. The company has a few VPCs in a single AWS Region and expects to increase the number of VPCs to hundreds over time.
Which AWS service or feature should the engineer use to simplify and scale this connectivity as the VPCs increase in number?
AWS Transit Gateway
A developer needs to maintain a development environment infrastructure and a production environment infrastructure in a repeatable fashion.
Which AWS service should the developer use to meet these requirements?
AWS CloudFormation
A user wants to review all Amazon S3 buckets with ACLs and S3 bucket policies in the S3 console.
Which AWS service or resource will meet this requirement?
Access Analyzer for S3
A company wants to access S3 data stored across multiple regions. What service to use?
S3 Multi-Region Access Points
I want to Route the traffic in my public subnet to internet. What should be in my Route table?
Destination will be 0.0.0.0/0 and ::/0 and target internet gateway ID which is attached to the VPC
I want to Route the traffic in my private subnet to internet. What should be in my Route table?
Destination will be 0.0.0.0/0 and target NAT gateway/NAT Instance which is attached to the VPC
Which responsibility belongs to AWS when a company hosts its databases on Amazon EC2 instances?
A. Database backups
B. Database software patches
C. Operating system patches
D. Operating system installations
D. Operating system installations
A developer has been hired by a large company and needs AWS credentials.
Which are security best practices that should be followed? (Choose two.)
A. Grant the developer access to only the AWS resources needed to perform the job.
B. Share the AWS account root user credentials with the developer.
C. Add the developer to the administrator’s group in AWS IAM.
D. Configure a password policy that ensures the developer’s password cannot be changed.
E. Ensure the account password policy requires a minimum length.
A and E
A user wants to allow applications running on an Amazon EC2 instance to make calls to other AWS services. The access granted must be secure.
Which AWS service or feature should be used?
A. Security groups
B. AWS Firewall Manager
C. IAM roles
D. IAM user SSH keys
A
A company has an uninterruptible application that runs on Amazon EC2 instances. The application constantly processes a backlog of files in an Amazon Simple Queue Service (Amazon SQS) queue. This usage is expected to continue to grow for years.
What is the MOST cost-effective EC2 instance purchasing model to meet these requirements?
A. Spot Instances
B. On-Demand Instances
C. Savings Plans
D. Dedicated Hosts
A
Worker tiers of a decoupled application are typically fault-tolerant. So, it is a prime candidate for running on interruptible capacity. Amazon SQS running on Spot Instances allows for more robust, cost-optimized application
Question text clearly indicates multiple EC2 instances for an application - Not a single instance so in a distributed nature there is a chance of implementing High availability
A company needs to perform data processing once a week that typically takes about 5 hours to complete.
Which AWS service should the company use for this workload?
A. AWS Lambda
B. Amazon EC2
C. AWS CodeDeploy
D. AWS Wavelength
B.
AWS Lambda max runtime is 15 mins
A company wants to design a centralized storage system to manage the configuration data and passwords for its critical business applications.
Which AWS service or capability will meet these requirements MOST cost-effectively?
A. AWS Systems Manager Parameter Store
B. AWS Secrets Manager
C. AWS Config
D. Amazon S3
A
A company plans to deploy containers on AWS. The company wants full control of the compute resources that host the containers. Which AWS service will meet these requirements?
A. Amazon Elastic Kubernetes Service (Amazon EKS)
B. AWS Fargate
C. Amazon EC2
D. Amazon Elastic Container Service (Amazon ECS)
C
Which option is a shared responsibility between AWS and its customers under the AWS shared responsibility model?
A. Configuration of Amazon EC2 instance operating systems
B. Application file system server-side encryption
C. Patch management
D. Security of the physical infrastructure
C
Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Choose two.)
A. Observability
B. Incident and problem management
C. Incident response
D. Infrastructure protection
E. Availability and continuity
C and D
B and E are under Operations in CAF
A company plans to migrate to the AWS Cloud. The company wants to use the AWS Cloud Adoption Framework (AWS CAF) to define and track business outcomes as part of its cloud transformation journey.
Which AWS CAF governance perspective capability will meet these requirements?
A. Benefits management
B. Risk management
C. Application portfolio management
D. Cloud financial management
A
A company needs to continuously run an experimental workload on an Amazon EC2 instance and stop the instance after 12 hours.
Which instance purchasing option will meet this requirement MOST cost-effectively?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Dedicated Instances
A
A company has an application with robust hardware requirements. The application must be accessed by students who are using lightweight, low-cost laptops.
Which AWS service will help the company deploy the application without investing in backend infrastructure or high-end client hardware?
A. Amazon AppStream 2.0
B. AWS AppSync
C. Amazon WorkLink
D. AWS Elastic Beanstalk
A. Desktop streaming service
A company plans to migrate to the AWS Cloud. The company is gathering information about its on-premises infrastructure and requires information such as the hostname, IP address, and MAC address.
Which AWS service will meet these requirements?
A. AWS DataSync
B. AWS Application Migration Service
C. AWS Application Discovery Service
D. AWS Database Migration Service (AWS DMS)
C
Which action will help increase security in the AWS Cloud?
A. Enable programmatic access for all IAM users.
B. Use IAM users instead of IAM roles to delegate permissions.
C. Rotate access keys on a reoccurring basis.
D. Use inline policies instead of customer managed policies.
C
Which actions are examples of a company’s effort to rightsize its AWS resources to control cloud costs? (Choose two.)
A. Switch from Amazon RDS to Amazon DynamoDB to accommodate NoSQL datasets.
B. Base the selection of Amazon EC2 instance types on past utilization patterns.
C. Use Amazon S3 Lifecycle policies to move objects that users access infrequently to lower-cost storage tiers.
D. Use Multi-AZ deployments for Amazon RDS.
E. Replace existing Amazon EC2 instances with AWS Elastic Beanstalk.
B, C
A company is building an application that requires the ability to send, store, and receive messages between application components. The company has another requirement to process messages in first-in, first-out (FIFO) order.
Which AWS service should the company use?
A. AWS Step Functions
B. Amazon Simple Notification Service (Amazon SNS)
C. Amazon Kinesis Data Streams
D. Amazon Simple Queue Service (Amazon SQS)
D
A company has a fleet of cargo ships. The cargo ships have sensors that collect data at sea, where there is intermittent or no internet connectivity. The company needs to collect, format, and process the data at sea and move the data to AWS later.
Which AWS service should the company use to meet these requirements?
A. AWS IoT Core
B. Amazon Lightsail
C. AWS Storage Gateway
D. AWS Snowball Edge
D
A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in the AWS Cloud.
Which service should be used to deploy the application?
A. AWS CloudFormation
B. AWS Elastic Beanstalk
C. Amazon EC2
D. AWS OpsWorks
B
A company wants to create Amazon QuickSight dashboards every week by using its billing data.
Which AWS feature or tool can the company use to meet these requirements?
A. AWS Budgets
B. AWS Cost Explorer
C. AWS Cost and Usage Report
D. AWS Cost Anomaly Detection
C
A company is planning to move data backups to the AWS Cloud. The company needs to replace on-premises storage with storage that is cloud-based but locally cached.
Which AWS service meets these requirements?
A. AWS Storage Gateway
B. AWS Snowcone
C. AWS Backup
D. Amazon Elastic File System (Amazon EFS)
A
Which AWS services or features provide high availability and low latency by enabling failover across different AWS Regions? (Choose two.)
A. Amazon Route 53
B. Network Load Balancer
C. Amazon S3 Transfer Acceleration
D. AWS Global Accelerator
E. Application Load Balancer
A and D
A company wants to migrate its PostgreSQL database to AWS. The company does not use the database frequently.
Which AWS service or resource will meet these requirements with the LEAST management overhead?
A. PostgreSQL on Amazon EC2
B. Amazon RDS for PostgreSQL
C. Amazon Aurora PostgreSQL-Compatible Edition
D. Amazon Aurora Serverless
D
A company is using Amazon DynamoDB for its application database.
Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.)
A. Classify data.
B. Configure access permissions.
C. Manage encryption options.
D. Provide public endpoints to store and retrieve data.
E. Manage the infrastructure layer and the operating system.
D, E
A company that has AWS Enterprise Support is launching a new version of a popular product in 2 months. The company expects a large increase in traffic to its website. The website is hosted on Amazon EC2 instances.
Which action should the company take to assess its readiness to scale for this launch?
A. Replace the EC2 instances with AWS Lambda functions.
B. Use AWS Infrastructure Event Management (IEM) support.
C. Submit a request on AWS Marketplace to monitor the event.
D. Review the coverage reports in the AWS Cost Management console.
B
A company often does not use all of its current Amazon EC2 capacity to run stateless workloads. The company wants to optimize its EC2 costs.
Which EC2 instance type will meet these requirements?
A. Spot Instances
B. Dedicated Instances
C. Reserved Instances
D. On-Demand Instances
A
Stateless workloads do not store any past information and start like a blank slate
A company has a physical tape library to store data backups. The tape library is running out of space. The company needs to extend the tape library’s capacity to the AWS Cloud.
Which AWS service should the company use to meet this requirement?
A. Amazon Elastic File System (Amazon EFS)
B. Amazon Elastic Block Store (Amazon EBS)
C. Amazon S3
D. AWS Storage Gateway
D
What is a benefit of using AWS serverless computing?
A. Application deployment and management are not required.
B. Application security will be fully managed by AWS.
C. Monitoring and logging are not needed.
D. Management of infrastructure is offloaded to AWS.
D
A company plans to run a compute-intensive workload that uses graphics processing units (GPUs).
Which Amazon EC2 instance type should the company use?
A. Accelerated computing
B. Compute optimized
C. Storage optimized
D. General purpose
A
Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Choose two.)
A. Observability
B. Incident and problem management
C. Incident response
D. Infrastructure protection
E. Availability and continuity
C,D
Which of the following statements is the MOST accurate when describing AWS Elastic Beanstalk?
A) IaaS and allows to deploy and scale web applications
B) PaaS and allows to deploy and scale web applications
C) IaaS and model and provision resources for the application
D) PaaS and model and provision resources for the application
B
A brand-new startup would like to remove its need to manage the underlying infrastructure and focus on the deployment and management of its applications. Which type of cloud computing does this refer to?
A) IaaS
B)PaaS
C)IaC
D) SaaS
B) PaaS removes the need to manage underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications
A company would like to move its infrastructure to AWS Cloud. Which of the following should be included in the Total Cost of Ownership (TCO) estimate? (Select TWO)
A) Electronic Quipment at Office
B) Power/Cooling
C) Application Advertising
D) Server Administration
E) Number of end-users
B, D
Which of the following AWS Identity and Access Management (AWS IAM) Security Tools allows you to review permissions granted to an IAM user?
A) iAM Policies
B) iAM Access Advisor
C) iAM credentails report
D) MFA
B) IAM Access advisor shows the service permissions granted to a user and when those services were last accessed. You can use this information to revise your policies
Credentials report lists all IAM users in your account and the status of their various credentials, including passwords, access keys, and multi-factor authentication (MFA) devices
Which AWS serverless service allows you to prepare data for analytics?
A) AWS EMR
B) AWS Athena
C) AWS Glue
D) AWS Redshift
C.AWS Glue - Amazon Athena is used for analytics and not to prepare data for analytics
A start-up would like to quickly deploy a popular technology on AWS. As a Cloud Practitioner, which AWS tool would you use for this task?
A) AWS Whitepapers
B) AWS Partnet solutions (formely Quick Starts)
C) AWS CodeDeploy
D) AWS Forums
B) Partnet solutions - Automated reference deployments built by Amazon Web Services (AWS) solutions architects and AWS Partners
Which of the following criteria are used to calculate the charge for Amazon EBS Volumes? (Select Two)
A) Data Type
B) Provisioned IOPS
C) Volume Type
D) Data transfer IN
E) Type of EC2 instance to which its attached
B, C
The fundamental charges for EBS volumes are the volume type (based on performance), the storage volume in GB per month provisioned, the number of IOPS provisioned per month, the storage consumed by snapshots, and outbound data transfer
A start-up would like to monitor its cost on the AWS Cloud and would like to choose an optimal Savings Plan. As a Cloud Practitioner, which AWS service would you use?
A) AWS Cost Explorer
B) AWS Pricing Calculator
C) AWS Cost and Usage Report
D) AWS Budgets
A - Customers can receive Savings Plan recommendations
A company wants to monitor its workload performance. The company wants to ensure that the cloud services are delivered at a level that meets its business needs.
Which AWS Cloud Adoption Framework (AWS CAF) perspective will meet these requirements?
A. Business
B. Governance
C. Platform
D. Operations
D. The Operations perspective helps ensure that your cloud services are delivered at a level that meets the needs of your business
A company wants to migrate its applications to the AWS Cloud. The company plans to identify and prioritize any business transformation opportunities and evaluate its AWS Cloud readiness.
Which AWS service or tool should the company use to meet these requirements?
A. AWS Cloud Adoption Framework (AWS CAF)
B. AWS Managed Services (AMS)
C. AWS Well-Architected Framework
D. AWS Migration Hub
A
What is a benefit of using AWS serverless computing?
A. Application deployment and management are not required.
B. Application security will be fully managed by AWS.
C. Monitoring and logging are not needed.
D. Management of infrastructure is offloaded to AWS.
D
Which task can a company perform by using security groups in the AWS Cloud?
A. Allow access to an Amazon EC2 instance through only a specific port.
B. Deny access to malicious IP addresses at a subnet level.
C. Protect data that is cached by Amazon CloudFront.
D. Apply a stateless firewall to an Amazon EC2 instance.
A
A company needs to run a pre-installed third-party firewall on an Amazon EC2 instance.
Which AWS service or feature can provide this solution?
A. Network ACLs
B. Security groups
C. AWS Marketplace
D. AWS Trusted Advisor
C
An ecommerce company wants to use Amazon EC2 Auto Scaling to add and remove EC2 instances based on CPU utilization.
Which AWS service or feature can initiate an Amazon EC2 Auto Scaling action to achieve this goal?
A. Amazon Simple Queue Service (Amazon SQS)
B. Amazon Simple Notification Service (Amazon SNS)
C. AWS Systems Manager
D. Amazon CloudWatch alarm
D
A company is migrating to the AWS Cloud. The company wants to understand and identify potential security misconfigurations or unexpected behaviors. The company wants to prioritize any protective controls it might need.
Which AWS Cloud Adoption Framework (AWS CAF) security perspective capability will meet these requirements?
A. Identity and access management
B. Threat detection
C. Platform engineering
D. Availability and continuity management
B
Which AWS services are supported by Savings Plans? (Choose two.)
A. Amazon EC2
B. Amazon RDS
C. Amazon SageMaker
D. Amazon Redshift
E. Amazon DynamoDB
A,C
Compute Savings - EC2, Fargate and Lambda
EC2 Savings - EC2
Sagemaker Savings - Sagemaker
Which AWS service or tool can provide rightsizing recommendations for Amazon EC2 resources at no additional cost?
A. AWS Well-Architected Tool
B. Amazon CloudWatch
C. AWS Cost Explorer
D. Amazon S3 analytics
C
A company wants a web application to interact with various AWS services.
Which AWS service or resource will meet this requirement?
A. AWS CloudShell
B. AWS Marketplace
C. AWS Management Console
D. AWS CLI
C
Which task requires a user to sign in as the AWS account root user?
A. The deletion of IAM users
B. The deletion of an AWS account
C. The creation of an organization in AWS Organizations
D. The deletion of Amazon EC2 instances
B
When a user wants to utilize their existing per-socket, per-core, or per-virtual machine software licenses for a Microsoft Windows server running on AWS, which Amazon EC2 instance type is required?
A. Spot Instances
B. Dedicated Instances
C. Dedicated Hosts
D. Reserved Instances
C
A company wants to integrate natural language processing (NLP) into business intelligence (BI) dashboards. The company wants to ask questions and receive answers with relevant visualizations.
Which AWS service or tool will meet these requirements?
A. Amazon Macie
B. Amazon Rekognition
C. Amazon QuickSight Q
D. Amazon Lex
C. Amazon QuickSight Q uses natural language processing to answer your business questions quickly
Which Amazon S3 feature or storage class uses the AWS backbone network and edge locations to reduce latencies from the end user to Amazon S3?
A. S3 Cross-Region Replication
B. S3 Transfer Acceleration
C. S3 Event Notifications
D. S3 Standard-Infrequent Access (S3 Standard-IA)
B
When running applications in the AWS Cloud, which common tasks can AWS manage on behalf of their customers? (Select TWO.)
A. Patching database software
B. Taking a backup of a database
C. Application source code auditing
D. Creating a database schema
E. Application security testing
A, B
Which of the following AWS services are compute services? (Select TWO.)
A. AWS CloudTrail
B. AWS Batch
C. Amazon EFS
D. Amazon Inspector
E. AWS Elastic Beanstalk
A,E
Which AWS service provides a managed software version control system?
A. Amazon CodeDeploy
B. AWS CodePipeline
C. AWS CodeCommit
D. AWS DataSync
C
An individual IAM user must be granted access to an Amazon S3 bucket using a bucket policy. Which element in the S3 bucket policy should be updated to define the user account for which access will be granted?
A. Action
B. Condition
C. Resource
D. Principal
D.
Effect : Allow/Deny
Principal : User
Action : API
Resource : ARN of resources
A company is building a serverless workflow that coordinates multiple AWS services into a reliable application. They want a visual workflow that can track the status of each step in the application.
Which AWS service would facilitate creating this kind of workflow?
A. SNS
B. Lambda
C. Step Functions
D. SQS
C. AWS Step Functions provides workflow orchestration.
A company runs a batch job on an Amazon EC2 instance and it takes 6 hours to complete. The workload is expected to double in volume each month with a proportional increase in processing time.
What is the most efficient cloud architecture to address the growing workload?
A. Run the batch job on a larger Amazon EC2 instance type with more CPU
B. Change the Amazon EC2 volume type to a Provisioned IOPS SSD volume
C. Run the batch workload in parallel across multiple Amazon EC2 instances
D. Run the application on a bare metal Amazon EC2 instance
C.
INCORRECT: “Change the Amazon EC2 volume type to a Provisioned IOPS SSD volume” is incorrect. This will improve the underlying performance of the EBS volume but does not assist with processing (more CPU is needed, i.e. by spreading across instances).
INCORRECT: “Run the application on a bare metal Amazon EC2 instance” is incorrect. Bare metal instances are used for workloads that require access to the hardware feature set (such as Intel VT-x), for applications that need to run in non-virtualized environments for licensing or support requirements, or for customers who wish to use their own hypervisor.
A media company wants to find and subscribe to third-party data sources to enrich their existing datasets with new insights.
Which AWS service would be the best fit for this requirement?
A. AWS Glue
B. AWS Data Pipeline
C. AWS Redshift
D. AWS Data Exchange
D. AWS Data Exchange is the correct answer because this service allows customers to find, subscribe to, and use third-party data in the cloud. Companies can subscribe to a diverse selection of data products provided by various data providers. The media company in this scenario can enrich their existing datasets through AWS Data Exchange by easily finding and subscribing to third-party data sources.
A company must provide access to AWS resources for their employees. Which security practices should they follow? (Select TWO.)
A. Create IAM policies based on least privilege principles
B. Disable password policies and management console access
C. Enable multi-factor authentication for users
D. Create IAM users in different AWS Regions
E. Create IAM Roles and apply them to IAM groups
A,C
INCORRECT: “Create IAM Roles and apply them to IAM groups” is incorrect. You cannot apply roles to groups, you apply policies to groups.
A company is deploying a new workload and software licensing requirements dictate that the workload must be run on a specific, physical server.
Which Amazon EC2 instance deployment option should be used?
A. Dedicated Instances
B. Dedicated Hosts
C. Spot Instances
D. Reserved Instances
B
An Amazon Virtual Private Cloud (VPC) can include multiple:
A. AWS Regions
B. Edge locations
C. Availability Zones
D. Internet gateways
C.
INCORRECT: “Internet gateways” is incorrect. You can only attach one Internet gateway to each VPC.
What is the best practice for managing AWS IAM access keys?
A. There is no need to manage access keys
B. Customers should rotate access keys regularly
C. AWS rotate access keys on a schedule
D. Never use access keys, always use IAM roles
B.
INCORRECT: “AWS rotate access keys on a schedule” is incorrect. AWS do not rotate your access keys.
Which of the following are valid best practices for using the AWS Identity and Access Management (IAM) service? (Select TWO.)
A. Embed access keys in application code
B. Use inline policies instead of customer managed policies
C. Grant maximum privileges to IAM users
D. Create individual IAM users
E. Use groups to assign permissions to IAM users
D,E
INCORRECT: “Embed access keys in application code” is incorrect. This is not a best practice; you should always try and avoid embedding any secret credentials and access keys in application code. Instead, it is preferable to use IAM roles to delegate permission to applications.
A Cloud Practitioner requires a simple method to identify if unrestricted access to resources has been allowed by security groups. Which service can the Cloud Practitioner use?
A. Amazon CloudWatch
B. AWS Trusted Advisor
C. VPC Flow Logs
D. AWS CloudTrail
B
A new e-commerce company is looking for an AWS service to send transactional emails, such as order confirmations and password resets, to their customers.
Which AWS service would be most appropriate for this task?
A. SES (simple email service)
B. SNS
C. SQS
D. EC2
A. Amazon SES is specifically designed to help users send transactional emails, marketing messages, and other types of content to their customers.
INCORRECT: “Amazon Simple Notification Service (Amazon SNS)” is incorrect. While Amazon SNS can send notifications via email, it is primarily designed to send messages to a distributed set of recipients and is not optimized for transactional emails.
What can be used to allow an application running on an Amazon EC2 instance to securely store data in an Amazon S3 bucket without using long-term credentials?
A. AWS iAM Role
B. AWS iAM Access keys
C. Amazon Connect
D. AWS Systems Manager
A.
An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.
Also, a role does not have standard long-term credentials such as a password or access keys associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session.
Which AWS dashboard displays relevant and timely information to help users manage events in progress, and provides proactive notifications to help plan for scheduled activities?
A. AWS Personal Health Dashboard
B. AWS Service Health Dashboard
C. AWS Trusted Advisor dashboard
D. Amazon CloudWatch dashboard
A
Which of the following is an advantage for a company running workloads in the AWS Cloud vs on-premises? (Select TWO.)
A. Higher acquisition costs to support elastic workloads
B. Lower overall utilization of server and storage systems
C. Increased productivity for application development teams
D. Increased time to market for new application features
E. Less staff time is required to launch new workloads
C,E
A corporation with multiple departments each having their own AWS accounts wants to implement a solution to customize billing data to match their specific showback or chargeback business logic. They wish to group accounts with similar financial owners and generate a distinct Cost and Usage Report (CUR) for each group.
Which AWS service should they use to meet these requirements?
A. AWS Cost Explorer
B. AWS Billing and Cost Management
C. AWS Budgets
D. AWS Billing Conductor
D.
INCORRECT: “AWS Billing and Cost Management” is incorrect. This answer is incorrect because, while it is a tool to track your AWS usage and expenditures, it doesn’t offer the specialized functionalities for creating billing groups and defining custom billing parameters as provided by AWS Billing Conductor.
Which AWS services facilitate building secure and scalable mobile and web applications, offering features such as real-time updates and offline functionalities? (Select TWO.)
A. AWS Amplify
B. AWS Lambda
C. AWS Appsync
D. Amazon API Gateway
E. AWS CodeDeploy
A, C
AWS AppSync and AWS Amplify are the correct answers as both services facilitate the building of secure and scalable mobile and web applications. AWS AppSync enables the creation of flexible APIs, including options for real-time updates and offline functionalities. AWS Amplify is a set of tools and services that can be used to build scalable full-stack apps powered by AWS, also supporting real-time functionalities and offline operations
What is a benefit of moving an on-premises database to Amazon Relational Database Service (RDS)?
A. You can scale vertically without downtime
B. There is no database administration required
C. There is no need to manage operating systems
D. You can run any database engine
C.
INCORRECT: “You can scale vertically without downtime” is incorrect. You cannot scale vertically without downtime. When scaling with RDS you must change the instance type, and this requires a short period of downtime while the instances’ operating system reboots.
Which IAM entity can be used for assigning permissions to AWS services?
A. IAM Access key ID and secret key
B. STS
C. IAM Policy
D. IAM Role
D.
INCORRECT: “IAM Policy” is incorrect. An IAM policy is a policy document that is used to define permissions that can be applied to users, groups and roles. You don’t apply the policy to the service, you apply it to the role. The role is then used to assign permissions to the AWS service.
Under the AWS shared responsibility model, which actions are the responsibility of AWS? (Select TWO.)
A. Scanning AWS service endpoints for vulnerabilities
B. Enabling encryption on an Amazon S3 bucket
C. Configuring security group rules
D. Encrypting traffic on the AWS backbone between global and regional AWS facilities
E. Enforcing application access restrictions
A,D
A company requires a single service which can manage their backup and restore requirements, their data lakes, and archives all in one place.
Which AWS service is suitable for all these use cases?
A. S3
B. EBS
C. EFS
D. FSx for Lustre
A.
Amazon S3 is the only service out of the answers which can be used for backup and restore, data lakes and archival solutions. Because S3 is an object storage service, there are lots of different use cases.
Which IAM entity is associated with an access key ID and secret access key?
A. IAM Group
B. IAM User
C. IAM Policy
D. IAM Role
B.
An access key ID and secret access key are used to sign programmatic requests to AWS. They are associated with an IAM user.
You cannot associate an access key ID and secret access key with an IAM Group, Role or Policy.
A company currently uses a Security Assertion Markup Language (SAML) based application to log in to third-party business applications and would like to have this hosted in AWS using managed services.
Which AWS service will meet this requirement?
A. AWS CLI
B. AWS SSO
C. AWS IAM
D. Amazon Cognito
D.
INCORRECT: “AWS Single Sign-On” is incorrect. AWS Single Sign-On (AWS SSO) is where you create, or connect, your workforce identities in AWS once and manage access centrally across your AWS organization and doesn’t use SAML.
Which AWS tools can be used for automation? (Select TWO.)
A. EFS
B. CloudFormation
C. Lambda
D. Elastic Bean Stalk
E. Elastic Load Balancing
B, D
INCORRECT: “AWS Lambda” is incorrect. AWS Lambda is a compute service, not an automation service.
Which AWS service supports an in-memory data structure store, compatible with Redis, that delivers sub-millisecond latency for use cases such as caching, session stores, and real-time analytics?
A. Redshift
B. RDS
C. Amazon MemoryDB
D. DynamoDB
C.
Amazon MemoryDB for Redis is the correct answer because it is a Redis-compatible, in-memory database service built on Redis architecture, which offers sub-millisecond latency, fulfilling the requirements mentioned in the question.
Which AWS service or feature can be used to restrict the individual API actions that users and roles in each member account can access?
A. Amazon Macie
B. AWS Shield
C. AWS Organization
D. AWS IAM
C.
AWS Organizations offers Service control policies (SCPs) which are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions (API actions) for all accounts in your organization. SCPs help you to ensure your accounts stay within your organization’s access control guidelines. SCPs are available only in an organization that has all features enabled.
INCORRECT: “AWS IAM” is incorrect. AWS IAM is used for assigning permissions but SCPs in AWS Organizations are used to control which API actions are allowed in an account. You need to be granted permission in IAM and have the API allowed to be able to use the API successfully.
How can a user block a suspicious IP address from connecting to an Amazon EC2 instance?
A. Block the IP on the outbound rule of a security group
B. Block the IP on the inbound rule of a security group and network ACL
C. Block the IP on the outbound rule of a security group and network ACL
D. Block the IP on the inbound rule of a network ACL
D.
There is only Allow Rule in Security Groups
A company needs to optimize costs and resource usage through monitoring of operational health for all resources running on AWS.
Which AWS service will meet these requirements?
A. Amazon CloudWatch
B. AWS Control Tower
C. AWS CloudTrail
D. AWS Config
A.
INCORRECT: “AWS Control Tower” is incorrect. AWS Control Tower is a service that is intended for organizations with multiple accounts and teams who are looking for the easiest way to set up their new multi-account AWS environment and govern at scale
A company has a mission critical Linux-based application. The application must run every Monday from 6 AM until 10pm. As the application is critical, it cannot be interrupted.
Which Amazon EC2 instance purchasing option meets these requirements MOST cost-effectively?
A. Spot Instances
B. Regional Reserved Instances
C. Dedicated Hosts
D. On-Demand Capacity Reservation with Savings Plan
D.
INCORRECT: “Regional Reserved Instances” is incorrect because it does not give you the guaranteed capacity availability that On Demand Capacity reservations have, therefore it is wrong.
Which Amazon EC2 pricing model is the most cost-effective for an always-up, right-sized database server running a project that will last 1 year?
A. Convertible Reserved Instances
B. On-Demand Instances
C. Spot Instances
D. Standard Reserved Instances
D.
INCORRECT: “Convertible Reserved Instances” is incorrect. You have the flexibility to change families, OS types, and tenancies while benefitting from RI pricing when you use Convertible RIs. However, this is not required for a right-sized server.
A company has been using an AWS managed IAM policy for granting permissions to users but needs to add some permissions.
How can this be achieved?
A. Edit the AWS managed policy
B. Create a custom IAM policy
C. Create a Service Control Policy
D. Create a rule in AWS WAF
B.
INCORRECT: “Edit the AWS managed policy” is incorrect. You cannot edit AWS managed policies.
An IT company has deployed its infrastructure on the AWS cloud. There must be a database that supports reads with a latency of under a millisecond for critical applications.
Which AWS service will meet this requirement?
A. AWS Glue
B. AWS RDS
C. AWS EMR
D. Amazon ElastiCache
D.
Amazon ElastiCache s is a blazing fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications. Built on open-source Redis or Memcached, ElastiCache works seamlessly with Redis or Memcached without any code changes.
INCORRECT: Amazon RDS”” is incorrect. Whilst RDS is a database solution, it cannot handle single millisecond queries.
Which AWS service helps you deploy application configuration changes with features like validation checks and timely deployment while avoiding the need to write additional code or restart application services?
A. AWS CodeStar
B. AWS CodeCommit
C. AWS CloudFormation
D. AWS AppConfig
D.
AWS AppConfig is the correct answer because it allows users to deploy application configuration changes quickly and reliably without needing to write additional code or restart services. It supports validation checks to ensure configuration data is syntactically and semantically correct before deployment, avoiding potential outages.
INCORRECT: “AWS CloudFormation” is incorrect because, even though it allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications, it doesn’t specialize in deploying application configurations with validation checks as described in the scenario.
Which of the following AWS services support VPC Endpoint Gateway for a private connection from a VPC? (Select two)
A. Amazon Elastic Compute Cloud (Amazon EC2)
B. Amazon Simple Queue Service (SQS)
C. Amazon Simple Notification Service (SNS)
D. Amazon Simple Storage Service (Amazon S3)
E. Amazon DynamoDB
D, E
A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
There are two types of VPC endpoints: interface endpoints and gateway endpoints.
With a gateway endpoint, you can access Amazon S3 or DynamoDB from your VPC
However, gateway endpoints do not allow access from on-premises networks, from peered VPCs in other AWS Regions, or through a transit gateway. For those scenarios, you must use an interface endpoint, which is available for an additional cost
Which AWS services can be used to decouple components of a microservices based application on AWS Cloud? (Select two)
A. Amazon EC2
B. AWS Lambda
C. AWS Step Functions
D. SNS
E. SQS
D, E
AWS Web Application Firewall (WAF) offers protection from common web exploits at which layer?
A. Layer 3
B. Layer 4
C. Layer 7
A. Layer 4 and 7
C
Which AWS Support plan provides architectural guidance contextual to your specific use-cases?
A. Business
B. Developer
C. Enterprise-On Ramp
D. Enterprise
A
For enterprise - This plan supports architectural guidance contextual to your application.
A Project Manager, working on AWS for the first time, is confused about how credits are used in AWS. There are two credits available in the manager’s account. Credit one is for $100, expires July 2022, and can be used for either Amazon S3 or Amazon EC2. Credit two is for $50, expires December 2022, and can be used only for Amazon EC2. The manager’s AWS account has incurred two charges: $1000 for Amazon EC2 and $500 for Amazon S3.
What will be the outcome on the overall bill once the credits are used? (Select two)
A. Credit one is applied, which expires in July, to the Amazon EC2 charge which leaves you with a $900 Amazon EC2 charge and a $500 Amazon S3 charge
B. Credit one is applied, which expires in July, to Amazon S3 usage which leaves you with a $1000 Amazon EC2 charge and a $400 Amazon S3 charge
C. Then, credit two is applied to the remaining $900 of Amazon EC2 usage
D. Only one credit can be used in one billing cycle and the customer has a choice to choose from the available ones
E. Then, credit two is applied to $500 for Amazon S3 usage
A, C
Credits are applied in the following order:
Soonest expiring
Least number of applicable products
Oldest credit
A research group wants to use EC2 instances to run a scientific computation application that has a fault tolerant architecture. The application needs high-performance hardware disks that provide fast I/O performance. As a Cloud Practitioner, which of the following storage options would you recommend as the MOST cost-effective solution?
A. Amazon Elastic File System (Amazon EFS)
B. Amazon Elastic Block Store (EBS)
C. S3
D. Instance Store
D
Which AWS services can be used to facilitate organizational change management, part of the Reliability pillar of AWS Well-Architected Framework? (Select three)
A. AWS Config
B. Trusted Advisor
C. AWS CloudTrail
D. Amazon Inspector
E. AWS CloudWatch
F. Amazon GuardDuty
A,C,E
There are three best practice areas for Reliability in the cloud - Foundations, Change Management, Failure Management. Being aware of how change affects a system (change management) allows you to plan proactively, and monitoring allows you to quickly identify trends that could lead to capacity issues or SLA breaches.
Which of the following is CORRECT regarding removing an AWS account from AWS Organizations?
A. The AWS account must not have any Service Control Policies (SCPs) attached to it. Only then it can be removed from AWS organizations
B. The AWS account must be able to operate as a standalone account. Only then it can be removed from AWS organizations
C. Raise a support ticket with AWS Support to remove the account
D. The AWS account can be removed from AWS Systems Manager
B
Which option is a common stakeholder role for the AWS Cloud Adoption Framework (AWS CAF) platform perspective? (Select two)
A. CTO
B. CIO
C. CPO
D. Engineer
E. CDO
A,D
According to the AWS Cloud Adoption Framework (AWS CAF), what are two tasks that a company should perform when planning to migrate to the AWS Cloud and aiming to become more responsive to customer inquiries and feedback as part of their organizational transformation? (Select two)
A. Organize your teams around products and value streams
B. Leverage legacy infrastructure for cost efficiencies
C. Create new analytical insights with existing products and services
D. Leverage agile methods to rapidly iterate and evolve
E. Organize your teams around bureaucratic design principles
B,D
The DevOps team at an IT company is moving 500 GB of data from an EC2 instance to an S3 bucket in the same region. Which of the following scenario captures the correct charges for this data transfer?
A. The company would only be charged for the outbound data transfer from EC2 instance
B. The company would not be charged for this data transfer
C. The company would only be charged for the inbound data transfer into the S3 bucket
D. The company would be charged for both the outbound data transfer from EC2 instance as well as the inbound data transfer into the S3 bucket
B
In most cases, there is no charge for inbound data transfer or data transfer between other AWS services within the same region
A startup wants to migrate its data and applications from the on-premises data center to AWS Cloud. Which of the following options can be used by the startup to help with this migration? (Select two)
A. Raise a support ticket with AWS Support for further assistance
B. Leverage AWS Professional Services to accelerate the infrastructure migration
C. Utilize AWS Partner Network (APN) to build a custom solution for this infrastructure migration
D. Consult moderators on AWS Developer Forums
E. Use AWS Trusted Advisor to automate the infrastructure migration
B,C
A company is looking for a guided path to help deploy, configure, and secure its new workloads while ensuring that it is ready for on-going operations in the cloud. Which of the following AWS services/tools can be leveraged for this use case?
A. AWS Trusted Advisor
B. AWS Config
C. Cloud Foundations
D. AWS Shared Responsibility Model
C.
Cloud Foundations provides a guided path to help customers deploy, configure, and secure their new workloads while ensuring they are ready for on-going operations in the cloud
A customer is running a comparative study of pricing models of Amazon EFS and Amazon Elastic Block Store (Amazon EBS) that are used with the Amazon EC2 instances that host the application. Which of the following statements are correct regarding this use-case? (Select two)
A. Amazon Elastic Compute Cloud (Amazon EC2) data transfer charges will apply for all Amazon Elastic Block Store (Amazon EBS) direct APIs for Snapshots
B. Amazon Elastic Block Store (Amazon EBS) Snapshot storage pricing is based on the amount of space your data consumes in Amazon Elastic Block Store (Amazon EBS)
C. You will pay a fee each time you read from or write data stored on the Amazon Elastic File System (Amazon EFS) - Infrequent Access storage class
D. Amazon Elastic Block Store (Amazon EBS) Snapshots are stored incrementally, which means you are billed only for the changed blocks stored
E. With AWS Backup, you pay only for the amount of Amazon Elastic File System (Amazon EFS) backup storage you use in a month, you need not pay for restoring this data
C,D
A company is looking for a guided path to help deploy, configure, and secure its new workloads while ensuring that it is ready for on-going operations in the cloud. Which of the following AWS services/tools can be leveraged for this use case?
A. AWS Shared Responsibility Model
B. AWS Config
C. AWS Trusted Advisor
D. Cloud Foundations
D.
Cloud Foundations provides a guided path to help customers deploy, configure, and secure their new workloads while ensuring they are ready for on-going operations in the cloud. Cloud Foundations helps customers navigate through the decisions they need to make through curated AWS Services, AWS Solutions, Partner Solutions, and Guidance.
A customer is running a comparative study of pricing models of Amazon EFS and Amazon Elastic Block Store (Amazon EBS) that are used with the Amazon EC2 instances that host the application. Which of the following statements are correct regarding this use-case? (Select two)
A. With AWS Backup, you pay only for the amount of Amazon Elastic File System (Amazon EFS) backup storage you use in a month, you need not pay for restoring this data
B. Amazon Elastic Block Store (Amazon EBS) Snapshot storage pricing is based on the amount of space your data consumes in Amazon Elastic Block Store (Amazon EBS)
C. You will pay a fee each time you read from or write data stored on the Amazon Elastic File System (Amazon EFS) - Infrequent Access storage class
D. Amazon Elastic Block Store (Amazon EBS) Snapshots are stored incrementally, which means you are billed only for the changed blocks stored
E. Amazon Elastic Compute Cloud (Amazon EC2) data transfer charges will apply for all Amazon Elastic Block Store (Amazon EBS) direct APIs for Snapshots
C,D
INCORRECT : Amazon Elastic Compute Cloud (Amazon EC2) data transfer charges will apply for all Amazon Elastic Block Store (Amazon EBS) direct APIs for Snapshots - When using Amazon EBS direct APIs for Snapshots, additional Amazon EC2 data transfer charges will apply only when you use external or cross-region data transfers.
An IT company would like to move its IT resources (including any data and applications) from an AWS Region in the US to another AWS Region in Europe. Which of the following represents the correct solution for this use-case?
A. The company should use AWS CloudFormation to move the resources (including any data and applications) from source AWS Region to destination AWS Region
B. The company should just start creating new resources in the destination AWS Region and then migrate the relevant data and applications into this new AWS Region
C. The company should use AWS Database Migration Service (AWS DMS) to move the resources (including any data and applications) from source AWS Region to destination AWS Region
D. The company should raise a ticket with AWS Support for this resource migration
B.
The company needs to create resources in the new AWS Region and then move the relevant data and applications into the new AWS Region. There is no off-the-shelf solution or service that the company can use to facilitate this transition.
Incorrect option:
The company should use AWS CloudFormation to move the resources (including any data and applications) from source AWS Region to destination AWS Region - AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. AWS CloudFormation cannot help with moving data and applications into another Region.
Which budget types can be created under AWS Budgets (Select three)?
A. Software Budget
B. Hardware Budget
C. Resource Budget
D. Reservation Budget
E. Cost Budget
F. Usage Budget
D,E,F
AWS Budgets - Cost budget, Usage budget, Reservation budget and Savings Plans budget
Which of the following statements are true about Cost Allocation Tags in AWS Billing? (Select two)
A. Tags help in organizing resources and are a mandatory configuration item to run reports
B. For each resource, each tag key must be unique, but can have multiple values
C. For each resource, each tag key must be unique, and each tag key can have only one value
D. You must activate both AWS generated tags and user-defined tags separately before they can appear in Cost Explorer or on a cost allocation report
E. Only user-defined tags need to be activated before they can appear in Cost Explorer or on a cost allocation report
C,D
AWS Identity and Access Management (AWS IAM) policies are written as JSON documents. Which of the following are mandatory elements of an IAM policy?
A. Sid, Principal
B. Action, Condition
C. Effect, Sid
D. Effect, Action
D.
Sid (Optional) – Include an optional statement ID to differentiate between your statements.
Effect – Use Allow or Deny to indicate whether the policy allows or denies access.
Principal (Required in only some circumstances) – If you create a resource-based policy, you must indicate the account, user, role, or federated user to which you would like to allow or deny access. If you are creating an IAM permissions policy to attach to a user or role, you cannot include this element. The principal is implied as that user or role.
Action – Include a list of actions that the policy allows or denies.
Resource (Required in only some circumstances) – If you create an IAM permissions policy, you must specify a list of resources to which the actions apply. If you create a resource-based policy, this element is optional. If you do not include this element, then the resource to which the action applies is the resource to which the policy is attached.
Condition (Optional) – Specify the circumstances under which the policy grants permission.
Which of the following AWS services have data encryption automatically enabled? (Select two)?
A. AWS EBS
B. Amazon Redshift
C. Amazon S3
D. AWS EFS
E. AWS Storage Gateway
C,E
Which of the following statements is correct regarding the Amazon Elastic File System (Amazon EFS) storage service?
A. EC2 instances can access files on an Amazon Elastic File System (Amazon EFS) file system only in one Availability Zone (AZ)
B. EC2 instances can access files on an Amazon Elastic File System (Amazon EFS) file system across many Availability Zones (AZ) but not across VPCs and Regions
C. EC2 instances can access files on an Amazon Elastic File System (Amazon EFS) file system across many Availability Zones (AZ) and VPCs but not across Regions
D. EC2 instances can access files on an Amazon Elastic File System (Amazon EFS) file system across many Availability Zones (AZ), Regions and VPCs
D.
Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability. Amazon EC2 instances can access your file system across AZs, regions, and VPCs, while on-premises servers can access using AWS Direct Connect or AWS VPN.
Amazon CloudWatch billing metric data is stored in which AWS Region?
A. In the AWS Region where the AWS account is created
B. In the AWS Region where the AWS resource is provisioned
C. US West (N. California) - us-west-1
D. US East (N. Virginia) - us-east-1
D.
Which AWS services support High Availability by default? (Select two)
A. Amazon Elastic File System (Amazon EFS)
B. Amazon DynamoDB
C. Amazon Redshift
D. Amazon Elastic Block Store (Amazon EBS)
E. Instance Store
A,B
DynamoDB - It’s a fully managed, multi-Region, multi-master, durable database with built-in security, backup and restore, and in-memory caching for internet-scale application
EFS - It is a regional service storing data within and across multiple Availability Zones (AZ) for high availability and durability. It is built to scale on-demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth
A research lab wants to optimize the caching capabilities for its scientific computations application running on Amazon Elastic Compute Cloud (Amazon EC2) instances. Which Amazon Elastic Compute Cloud (Amazon EC2) storage option is best suited for this use-case?
A. S3
B. EFS
C. EBS
D. Instance Store
D.
An IT company has a hybrid cloud architecture and it wants to centralize the server logs for its Amazon Elastic Compute Cloud (Amazon EC2) instances and on-premises servers. Which of the following is the MOST effective for this use-case?
A. Use Amazon CloudWatch Logs for both the Amazon Elastic Compute Cloud (Amazon EC2) instance and the on-premises servers
B. Use AWS Lambda to send log data from Amazon Elastic Compute Cloud (Amazon EC2) instance as well as on-premises servers to Amazon CloudWatch Logs
C. Use Amazon CloudWatch Logs for the Amazon Elastic Compute Cloud (Amazon EC2) instance and AWS CloudTrail for the on-premises servers
D. Use AWS CloudTrail for the Amazon Elastic Compute Cloud (Amazon EC2) instance and Amazon CloudWatch Logs for the on-premises servers
A.
You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources such as on-premises servers.
Amazon CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service. You can then easily view them, search them for specific error codes or patterns, filter them based on specific fields, or archive them securely for future analysis.
Which of the following are benefits of the AWS Web Application Firewall (AWS WAF)? (Select two)
A. AWS Web Application Firewall (AWS WAF) offers protection against all known infrastructure (Layer 3 and 4) attacks
B. AWS Web Application Firewall (AWS WAF) offers dedicated support from the DDoS Response Team (DRT) and advanced reporting
C. AWS Web Application Firewall (AWS WAF) can check for the presence of SQL code that is likely to be malicious (known as SQL injection)
D. AWS Web Application Firewall (AWS WAF) can block all requests except the ones that you allow
E. AWS Web Application Firewall (AWS WAF) lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon Route 53
C,D
INCORRECT : AWS Web Application Firewall (AWS WAF) lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon Route 53 - AWS Web Application Firewall (AWS WAF) is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon API Gateway API, Amazon CloudFront or an Application Load Balancer. It does not cover Amazon Route 53, which is a Domain Name System (DNS) web service.
