Technology Flashcards

Question 1

Q

Which AWS service is primarily used for software version control?

AWS CodeCommit
AWS CodeStar
AWS Cloud9
AWS CodeDeploy

Answer

A

AWS CodeCommit

• AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem

Question 2

Q

Which AWS service can you use to install a third-party database?

Amazon RDS
Amazon DynamoDB
Amazon EC2
Amazon EMR

Answer

A

Amazon EC2

• All of these services are managed services except for Amazon EC2. EC2 is the only service in the list upon which you can manually install the database software of your choice

Question 3

Q

Identify the services that have a global (rather than regional) scope? (choose 2)

Amazon Route 53
Amazon S3
Amazon CloudFront
AWS Lambda
Amazon EC2

Answer

A

Amazon Route 53
Amazon CloudFront

Amazon Route 53 and Amazon CloudFront have a global scope
Amazon S3 uses a global namespace but buckets and objects are created within a region
AWS Lambda is a regional service

Question 4

Q

Which service can you use to provision a preconfigured server with little to no AWS experience?

Amazon Elastic Beanstalk
AWS Lambda
Amazon EC2
Amazon Lightsail

Answer

A

Amazon Lightsail

Lightsail provides preconfigured virtual private servers (instances) that include everything required to deploy and application or create a database
Deploying a server on Lightsail is extremely easy and does not require knowledge of how to configure VPCs, security groups, network ACLs etc.

Question 5

Q

Which AWS service allows you to connect to storage from on-premise servers using standard file protocols?

Amazon S3
Amazon EBS
Amazon Glacier
Amazon EFS

Answer

A

Amazon EFS

EFS filesystems are mounted using the NFS protocol (which is a file-level protocol)
Access to EFS file systems from on-premises servers can be enabled via Direct Connect or AWS VPN
You mount an EFS file system on your on-premises Linux server using the standard Linux mount command for mounting a file system via the NFSv4.1 protocol

Question 6

Q

Which AWS services are used for analytics? (choose 2)

Amazon RDS
Amazon ElastiCache
Amazon Athena
Amazon S3
Amazon EMR

Answer

A

Amazon Athena
Amazon EMR

Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instance
Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL

Question 7

Q

Which service can be used to track the CPU usage of an EC2 instance?

Amazon CloudTrail
Amazon CloudFront
Amazon CloudFormation
Amazon CloudWatch

Answer

A

Amazon CloudWatch

Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS
CloudWatch is for performance monitoring, whereas CloudTrail is for auditing

Question 8

Q

Which items can be configured from within the VPC management console? (choose 2)

Subnets
Regions
Load Balancing
Auto Scaling
Security Groups

Answer

A

Subnets
Security Groups

Regions are not configured, resources within regions are configured
Load balancing and auto scaling is configured from the EC2 console

Question 9

Q

Which service allows you to automatically expand and shrink your application in response to demand?

AWS ElastiCache
Amazon Elastic Load Balancing
AWS Auto Scaling
Amazon DynamoDB

Answer

A

AWS Auto Scaling

• Auto Scaling automatically responds to demand by adding or removing EC2 instances to ensure the right amount of compute capacity is available at any time

Question 10

Q

Which of the statements below is accurate regarding Amazon S3 buckets? (choose 2)

Bucket names must be unique regionally
Buckets are replicated globally
Bucket names must be unique globally
Buckets are region-specific
Buckets can contain other buckets

Answer

A

Bucket names must be unique globally
Buckets are region-specific

S3 uses a universal (global) namespace, which means bucket names must be unique globally. However, you create the buckets in a region and the data never leaves that region unless explicitly configured to do so through cross-region replication (CRR)
Objects within a bucket are replicated within a region across multiple AZs (except for the One-Zone IA class)
You cannot create nested buckets

Question 11

Q

Which AWS storage technology can be considered a “virtual hard disk in the cloud”?

Amazon Elastic File Storage (EFS) filesystem
Amazon Elastic Block Storage (EBS) volume
Amazon S3 object
Amazon Glacier archive

Answer

A

Amazon Elastic Block Storage (EBS) volume

• An EBS volume is a block storage device that is most similar to a virtual hard disk in the cloud as when attached to an instance it appears as a local disk that can have an operating system installed on or be formatted and used for any other local storage purpose

Question 12

Q

Which service records API activity on your account and delivers log files to an Amazon S3 bucket?

Amazon CloudWatch
Amazon S3 Event Notifications
Amazon CloudTrail
Amazon CloudWatch Logs

Answer

A

Amazon CloudTrail

AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket
CloudTrail is for auditing (CloudWatch is for performance monitoring)

Question 13

Q

Which services are integrated with KMS encryption? (choose 2)

Amazon RDS
Amazon EC2
Amazon EBS
Amazon SWF
AWS CloudFormation

Answer

A

Amazon RDS
Amazon EBS

• https://aws.amazon.com/kms/features/

Question 14

Q

The IAM service can be used to manage which objects? (choose 2)

Security groups
Access policies
Roles
Network ACLs
Key pairs

Answer

A

Access policies
Roles

Access policies are objects that you attach to entities and resources to define their permissions
Roles are created and then “assumed” by trusted entities and define a set of permissions for making AWS service requests
Security groups and network ACLs are used as instance-level and subnet-level firewalls respectively

Question 15

Q

A company plans to create a hybrid cloud architecture. What technology will allow them to create a hybrid cloud?

VPC Peering
Internet Gateway
Direct Connect
Elastic Network Interface

Answer

A

Direct Connect

• Direct Connect provides a low-latency, high bandwidth connection to connect customer on-premise environments with the AWS cloud which allows them to create a “hybrid” cloud architecture

Question 16

Q

Which service supports the resolution of public domain names to IP addresses or AWS resources?

Amazon Route 53
Amazon CloudFront
Amazon SNS
Hosted Zones

Answer

A

Amazon Route 53

• Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service

Question 17

Q

What can you use to quickly connect your office securely to your Amazon VPC?

Route Table
Internet Gateway
Direct Connect
AWS managed VPN

Answer

A

AWS managed VPN

An AWS managed VPN can be used to quickly connect from an office to an Amazon VPC
Direct Connect provides high-bandwidth, low-latency connectivity but takes weeks to months to setup (and is much more expensive)

Question 18

Q

Which service can be used for building and integrating loosely-coupled, distributed applications?

Amazon EBS
Amazon SNS
Amazon EFS
Amazon RDS

Answer

A

Amazon SNS

• Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud

Question 19

Q

Which type of Amazon Elastic Load Balancer operates at layer 7 of the OSI model?

Application Load Balancer
Network Load Balancer
Classic Load Balancer
F5 Load Balancer

Answer

A

Application Load Balancer

Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request
Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data
Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7

Question 20

Q

Which services can help to automate a company’s IT infrastructure? (choose 2)

Amazon CloudWatch Alarms
Amazon Route 53
AWS Lambda Scheduled Events
Virtual Private Cloud
Elastic Network Interface

Answer

A

Amazon CloudWatch Alarms
AWS Lambda Scheduled Events

Amazon CloudWatch Alarms – You can create a CloudWatch alarm that sends an Amazon Simple Notification Service (Amazon SNS) message when a particular metric goes beyond a specified threshold for a specified number of periods
AWS Lambda Scheduled events – These events allow you to create a Lambda function and direct AWS Lambda to execute it on a regular schedule

Question 21

Q

Which database service is a NoSQL type of database that is fully managed?

Amazon RDS
Amazon DynamoDB
Amazon RedShift
Amazon ElastiCache

Answer

A

Amazon DynamoDB

DynamoDB is Amazon’s fully managed non-relational database service
Amazon RDS is a relational (SQL) type of database
Amazon RedShift is a data warehouse that can be analyzed using SQL tools

Question 22

Q

Which storage service allows you to connect multiple EC2 instances concurrently using file-level protocols?

Amazon S3
Amazon EBS
Amazon EFS
Amazon Glacier

Answer

A

Amazon EFS

Amazon Elastic File System allows you to connect hundreds or thousands of EC2 instances concurrently and is accessed using the file-level NFS protocol
Amazon Elastic Block Storage provides block-level volumes to individual EC2 instances (cannot connect multiple instances to a single EBS volume)
Amazon S3 is an object storage system and Glacier is used for archiving S3 objects

Question 23

Q

What type of database supports complex queries and joins and is suitable for a transactional database deployment?

Amazon RDS
Amazon DynamoDB
Amazon RedShift
Amazon EMR

Answer

A

Amazon RDS

Amazon DynamoDB is a NoSQL database and does not support to complex queries and joins
Amazon RedShift is a data warehouse used for analytic not transactional databases
Amazon EMR is a Hadoop service that is not suitable for transactional databases

Question 24

Q

Which service allows you to run code as functions without needing to provision or manage servers?

Amazon EC2
Amazon CodeDeploy
AWS Lambda
Amazon EKS

Answer

A

AWS Lambda

AWS Lambda is a serverless computing technology that allows you to run code without provisioning or managing servers
AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to stand up or maintain your own Kubernetes control plane

Question 25

Q

What benefits does Amazon EC2 provide over using non-cloud servers? (choose 2)

Complete control of the hypervisor layer
Elastic web-scale computing
Inexpensive
Fault tolerance
High-availability with an SLA of 99.99%

Answer

A

Elastic web-scale computing
Inexpensive

Elastic Web-Scale computing– you can increase or decrease capacity within minutes not hours and commission one to thousands of instances simultaneously
Inexpensive – Amazon passes on the financial benefits of scale by charging very low rates and on a capacity consumed basis
Amazon EC2 does not provide any control of the hypervisor or underlying hardware infrastructure
EC2 offers a highly reliable environment where replacement instances can be rapidly and predictably commissioned with SLAs of 95% for each region

Question 26

Q

Which type of Elastic Load Balancer operates at the connection layer (layer 4) and supports IP addresses as targets?

Application Load Balancer
Network Load Balancer
Classic Load Balancer
ELBs do not support IP addresses as targets

Answer

A

Network Load Balancer

Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data
The NLB and ALB support IP addresses as targets but only the NLB operates at layer 4
Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request
Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7

Question 27

Q

Which of the following are features of Amazon CloudWatch? (choose 2)

Used to gain system-wide visibility into resource utilization
Records account activity and service events from most AWS services
Used for auditing of API calls
Can be accessed via API, command-line interface, AWS SDKs, and the AWS Management Console
Provides visibility into user activity by recording actions taken on your account

Answer

A

Used to gain system-wide visibility into resource utilization
Can be accessed via API, command-line interface, AWS SDKs, and the AWS Management Console

Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS
CloudWatch is for performance monitoring (CloudTrail is for auditing)
CloudTrail is for auditing (CloudWatch is for performance monitoring)
CloudTrail records account activity and service events from most AWS services

Question 28

Q

Amazon S3 bucket names must follow as set of rules. Which of the rules below apply to Amazon S3 bucket names? (choose 2)

Names must be unique across all of AWS
Names must be 3 to 63 characters in length
Names must contain uppercase letters
Names must be unique within a region
Names must be formatted as a DNS domain name

Answer

A

Names must be unique across all of AWS
Names must be 3 to 63 characters in length

• Bucket names must follow the following rules:
– Names must be unique across all of AWS
– Names must be 3 to 63 characters in length
– Names can only contain lowercase letters, numbers and hyphens
– Names cannot be formatted as an IP address

Question 29

Q

Which of the following statements are correct about Elastic Block Store (EBS) volumes? (choose 2)

Root EBS volumes are retained on termination by default
EBS volumes must be in the same AZ as the instances they are attached to
You can attach multiple EBS volumes to an instance
You can attach an EBS volume to multiple instances
EBS volumes cannot be backed up

Answer

A

EBS volumes must be in the same AZ as the instances they are attached to
You can attach multiple EBS volumes to an instance
- EBS volumes must be in the same AZ as the instances they are attached to
- You can attach multiple EBS volumes to an instance
- Root EBS volumes are deleted on termination by default
- You cannot attach an EBS volume to multiple instances
- EBS volumes can be backed up by taking a snapshot

Question 30

Q

Which statement below is incorrect in relation to Network ACLs?

Operate at the Availability Zone level
Support allow and deny rules
Stateless
Process rules in order

Answer

A

Operate at the Availability Zone level

Network ACLS operate at the subnet level
https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-networking/

Question 31

Q

What benefits are provided by Amazon CloudFront? (choose 2)

Allows you to register domain names
Built-in Distributed Denial of Service (DDoS) attack protection
Used to enable private subnet instances to access the Internet
Content is cached at Edge Locations for fast distribution to customers
Provides a worldwide distributed DNS service

Answer

A

Built-in Distributed Denial of Service (DDoS) attack protection
Content is cached at Edge Locations for fast distribution to customers

• Benefits include:
– Cache content at Edge Location for fast distribution to customers
– Built-in Distributed Denial of Service (DDoS) attack protection
– Integrates with many AWS services (S3, EC2, ELB, Route 53, Lambda)

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/content-delivery-and-dns-services/

Question 32

Q

Which service can be used to help you to migrate databases to AWS quickly and securely?

AWS KMS
AWS SMS
AWS DMS
AWS Migration Hub

Answer

A

AWS DMS

AWS Database Migration Service helps you migrate databases to AWS quickly and securely
AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS
AWS Key Management Service (KMS) is used for managing encryption keys
AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions

Question 33

Q

Which feature can you use to grant read/write access to an Amazon S3 bucket?

IAM Role
IAM Policy
IAM Group
IAM User

Answer

A

IAM Policy

IAM Policies are documents that define permissions and can be applied to users, groups and roles
IAM policies can be written to grant access to Amazon S3 buckets
IAM Roles are created and then “assumed” by trusted entities and define a set of permissions for making AWS service requests
IAM Groups are collections of users and have policies attached to them

Question 34

Q

Which AWS service is used to enable multi-factor authentication?

Amazon STS
AWS IAM
Amazon EC2
AWS KMS

Answer

A

AWS IAM

IAM is used to securely control individual and group access to AWS resources
The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users)
AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data
Amazon EC2 is used for running operating systems instances in the cloud

Question 35

Q

Which AWS service can be used to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PC?

Elastic Transcoder
Elastic Beanstalk
Elastic Load Balancer
Auto Scaling

Answer

A

Elastic Transcoder

Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or “transcode”) video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs
AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud

Question 36

Q

What method can you use to take a backup of an Amazon EC2 instance using AWS tools?

Take full and incremental file-level backups using the backup console
Take application-consistent backups using the EC2 API
Use Cross Region Replication (CRR) to copy the instance to another region
Take a snapshot to capture the point-in-time state of the instance

Answer

A

Take a snapshot to capture the point-in-time state of the instance

You can take snapshots of EC2 instances which creates a point-in-time copy of the instance. Snapshots are stored on S3
There is no backup console to take full and incremental backups
There is no way of taking application-consistent backups using any AWS tools
Cross Region Replication is used to replicate Amazon S3 buckets are across regions

Question 37

Q

Which AWS service allows you to use block-based volumes on-premise that are then asynchronously backed up to Amazon S3?

AWS Storage Gateway File Gateway
AWS Storage Gateway Volume Gateway
Amazon S3 Multi-Part upload
Amazon S3 Transfer Acceleration

Answer

A

AWS Storage Gateway Volume Gateway

• AWS Storage Gateway Volume Gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored mode
• AWS Storage Gateway Volume Gateway operates in 2 modes:
– Stored Volume mode – the entire dataset is stored on-site and is asynchronously backed up to S3 (EBS point-in-time snapshots). Snapshots are incremental and compressed
– Cached Volume mode – the entire dataset is stored on S3 and a cache of the most frequently accessed data is cached on-site

Question 38

Q

When instantiating compute resources, what are two techniques for using automated, repeatable processes that are fast and avoid human error? (choose 2)

Snapshotting
Bootstrapping
Fault tolerance
Infrastructure as code
Performance monitoring

Answer

A

Bootstrapping
Infrastructure as code

With infrastructure as code AWS assets are programmable, so you can apply techniques, practices, and tools from software development to make your whole infrastructure reusable, maintainable, extensible, and testable
With bootstrapping you can execute automated actions to modify default configurations. This includes scripts that install software or copy data to bring that resource to a particular state
Snapshotting is about saving data, not instantiating resources. Fault tolerance is a method of increasing the availability of your system when components fail. Performance monitoring has nothing to do with instantiating resources

Question 39

Q

Which AWS service can an organization use to automate operational tasks on EC2 instances using existing Chef cookbooks?

AWS OpsWorks
AWS Service Catalog
AWS Config
AWS CodeDeploy

Answer

A

AWS OpsWorks

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. With Chef, you use code templates, or cookbooks, to describe the desired configuration of instances or on-premises server
AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resource
AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers

Question 40

Q

Which AWS service can be used to process a large amount of data using the Hadoop framework?

Amazon Athena
Amazon Kinesis
AWS Glue
Amazon EMR

Answer

A

Amazon EMR

Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances
Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information
AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics
Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL

Question 41

Q

Which feature of Amazon Rekognition can assist with saving time?

Identification of objects in images and videos
Identification of the language of text in a document
Adds automatic speech recognitions (ASR) to applications
Provides on-demand access to compliance-related information

Answer

A

Identification of objects in images and videos

Amazon Rekognition makes it easy to add image and video analysis to your applications. You just provide an image or video to the Rekognition API, and the service can identify the objects, people, text, scenes, and activities, as well as detect any inappropriate content
Amazon Comprehend identifies the language of the text; extracts key phrases, places, people, brands, or events; understands how positive or negative the text is; analyzes text using tokenization and parts of speech; and automatically organizes a collection of text files by topic
Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for developers to add speech-to-text capability to their applications
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements

Question 42

Q

Which service provides visibility into user activity by recording actions taken on your account?

Amazon CloudWatch
Amazon CloudFormation
Amazon CloudTrail
Amazon CloudHSM

Answer

A

Amazon CloudTrail

CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket
CloudTrail is for auditing (CloudWatch is for performance monitoring)
CloudFormation is used for deploying infrastructure through code
CloudHSM is a hardware security module for generating, managing and storing encryption keys

Question 43

Q

Which of the facts below are accurate in relation to AWS Regions? (choose 2)

Each region consists of 2 or more availability zones
Each region consists of a collection of VPCs
Each region is designed to be completely isolated from the other Amazon Regions
Regions have direct, low-latency, high throughput and redundant network connections between each other
Regions are Content Delivery Network (CDN) endpoints for CloudFront

Answer

A

Each region consists of 2 or more availability zones
Each region is designed to be completely isolated from the other Amazon Regions

A region is not a collection of VPCs, it is composed of at least 2 AZs. VPCs exist within accounts on a per region basis
Availability Zones (not regions) have direct, low-latency, high throughput and redundant network connections between each other
Edge locations are (not regions) are Content Delivery Network (CDN) endpoints for CloudFront

Question 44

Q

Which AWS service provides elastic web-scale cloud computing allowing you to deploy operating system instances?

Amazon EBS
AWS Lambda
Amazon RDS
Amazon EC2

Answer

A

Amazon EC2

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-compute/

Question 45

Q

You need to ensure you have the right amount of compute available to service demand. Which AWS service can automatically scale the number of EC2 instances for your application?

Amazon Elastic Load Balancer
Amazon Elasticache
AWS Auto Scaling
AWS RedShift

Answer

A

AWS Auto Scaling

Auto Scaling automates the process of adding (scaling up) OR removing (scaling down) EC2 instances based on the traffic demand for your application
ELB automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses
Amazon Redshift is a fast, scalable data warehouse that makes it simple and cost-effective to analyze all your data across your data warehouse and data lake

Question 46

Q

Which types of AWS resource can be launched from a Golden Image? (choose 2)

Amazon DynamoDB tables
Amazon EC2 instances
AWS Lambda functions
Amazon RDS instances
Amazon S3 objects

Answer

A

Amazon EC2 instances
Amazon RDS instances

• Some resource types can be launched from a golden image. A golden image is a snapshot of a particular state for that resource. Examples are EC2 instances, RDS instances and EBS volumes

Question 47

Q

Using AWS terminology, which items can be created in an Amazon S3 bucket? (choose 2)

Folders
Files
Tables
Objects
Queues

Answer

A

Folders
Objects

You can create folders within buckets and can also upload objects
As S3 is an object store you create objects not files
Tables and queues cannot be created on S3

Question 48

Q

What are two ways of connecting to an Amazon VPC from an on-premise data center? (choose 2)

VPC Peering
Direct Connect
VPN CloudHub
Internet Gateway
VPC Router

Answer

A

Direct Connect
VPN CloudHub

You can connect from your on-premise data center to a VPC via Direct Connect or VPN CloudHub
AWS Direct Connect is a network service that provides an alternative to using the Internet to connect a customer’s on premise sites to AWS
If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CloudHub
Internet gateways and VPC routers are components of a VPC and are not used for connecting from external locations

Question 49

Q

Which of the below is Amazon’s proprietary RDS database?

MariaDB
MySQL
DynamoDB
Aurora

Answer

A

Aurora

MariaDB and MySQL can be used on RDS but they are not Amazon proprietary
DynamoDB is an Amazon proprietary DB but it is not an RDS DB

Question 50

Q

A new user is unable to access any AWS services, what is the most likely explanation?

The user needs to login with a key pair
The services are currently unavailable
By default new users are created without access to any AWS services
The default limit for user logons has been reached

Answer

A

By default new users are created without access to any AWS services

By default new users are created with NO access to any AWS services – they can only login to the AWS console
https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/identity-and-access-management/

Question 51

Q

Which of the following services does Amazon Route 53 provide? (choose 2)

Domain registration
Route tables
Domain Name Service (DNS)
Auto Scaling
Load balancing

Answer

A

Domain registration
Domain Name Service (DNS)

Route 53 services include domain registration, DNS, health checking (availability monitoring) and traffic management
https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/content-delivery-and-dns-services/

Question 52

Q

Which file format is used to write AWS Identity and Access Management (IAM) policies?

DOC
XML
JBOD
JSON

Answer

A

JSON

• You manage access in AWS by creating policies and attaching them to IAM identities or AWS resources. A policy is an object in AWS that, when associated with an entity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents

Question 53

Q

An architect needs to compare the cost of deploying an on-premise web server and an EC2 instance on the AWS cloud. Which tool can be used to assist the architect?

AWS Cost Explorer
AWS Budgets
AWS TCO Calculator
AWS Simple Monthly Calculator

Answer

A

AWS TCO Calculator

The TCO calculator is a free tool provided by AWS that allows you to estimate the cost savings of using the AWS Cloud vs. using an on-premised data center
The AWS Cost Explorer is a free tool that allows you to view charts of your costs
The AWS Simple Monthly Calculator helps customers and prospects estimate their monthly AWS bill more efficiently
AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed

Question 54

Q

Which AWS service provides preconfigured virtual private servers (instances) that include everything required to deploy an application or create a database?

AWS CloudFormation
Amazon Lightsail
Amazon ECS
AWS Lambda

Answer

A

Amazon Lightsail

Lightsail includes everything you need to launch your project quickly – a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP
CloudFormation is used to deploy resources through code, as a service it does not include preconfigured servers
Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances

Question 55

Q

A Solutions Architect is launching a new EC2 instance that will be a web-server. Which EBS volume type provides a good balancer of price and performance and can be used as a system boot volume?

Cold HDD (sc1)
Throughput Optimized (st1)
General Purpose (gp2)
Provisioned IOPS (io1)

Answer

A

General Purpose (gp2)

General purpose SSD provides a good balance of price to performance, is suitable for most workloads and can be used as a system boot volume
Provisioned IOPS SSD is a high-performance volume type that is more expensive and should be used for apps that require the higher performance
Cold HDD cannot be used as a boot volume and is good for throughput oriented storage for infrequently accessed data
Throughput Optimized volumes are ideal for streaming workloads with fast throughput such as big data and data warehouses

Question 56

Q

Which Amazon S3 storage tier provides does not include a data retrieval fee and has an availability SLA of 99.99%?

S3 Standard
S3 Standard-IA
S3 One Zone-IA
Amazon Glacier

Answer

A

S3 Standard

All of the storage tiers listed include a data retrieval fee except for S3 Standard
Availability SLAs are: S3 Standard = 99.99%; S3 Standard-IA = 99.9%; S3 One Zone-IA = 99%; Amazon Glacier = no SLA

Question 57

Q

An organization would like to run managed desktops on the AWS cloud using the Windows 10 operating system. Which service can deliver these requirements?

Amazon EC2
Amazon Workspaces
Amazon SWF
Amazon does not provide desktop services

Answer

A

Amazon Workspaces

Amazon WorkSpaces is a managed desktop computing service running on the AWS cloud
WorkSpaces allows customers to easily provision cloud-based desktops that allow end-users to access documents and applications
WorkSpaces offers bundles that come with a Windows 7 or Windows 10 desktop experience, powered by Windows Server 2008 R2 and Windows Server 2016 respectively

Question 58

Q

What features does Amazon RDS provide to deliver scalability, availability and durability? (choose 2)

Multi-AZ
Read Replicas
DB mirroring
Clustering
Multi-Subnet

Answer

A

Multi-AZ
Read Replicas

Multi-AZ RDS creates a replica in another AZ and synchronously replicates to it (DR only)
Read replicas are used for read heavy DBs and replication is asynchronous
DB mirroring, multi-subnet and clustering are not options provided by RDS

Question 59

Q

An architect wants to find a tool for consistently deploying the same resources through a templated configuration. What AWS service can be used?

AWS Elastic Beanstalk
AWS CodeBuild
AWS CodeDeploy
AWS CloudFormation

Answer

A

AWS CloudFormation

AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts
AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy
AWS Elastic Beanstalk is the fastest and simplest way to get web applications up and running on AWS

Question 60

Q

Which AWS service can be used to host a static website?

Amazon S3
Amazon EBS
AWS Lambda
Amazon EFS

Answer

A

Amazon S3

Amazon S3 can be used to host static websites. It is not possible to use dynamic content. You can use a custom domain name if you configure the bucket name to match
https://digitalcloud.training/certification-training/aws-solutions-architect-associate/storage/amazon-s3/

Question 61

Q

What type of storage is provided by Amazon EBS?

Block
File
Object
Relational

Answer

A

Block

Amazon Elastic Block Storage (EBS) is block storage. This means you can mount the volume for operating systems and format and partition as if it is a local disk
File and object are other types of storage that you can use with AWS. File storage is provided by EFS and object storage is provided by Amazon S3
Relational is not a type of storage, it is typically used to describe a type of database such as RDS

Question 62

Q

What type of database is fully managed and can be scaled without incurring downtime?

Amazon RDS
Amazon S3
Amazon DynamoDB
Amazon ElastiCache

Answer

A

Amazon DynamoDB

DynamoDB is fully managed and can be scaled without incurring downtime
S3 is not a fully managed database, it is an object store
Both RDS and ElastiCache use EC2 instances and therefore scaling (vertically) requires downtime

Question 63

Q

Which of the following services allow root level access to the operating system? (choose 2)

Amazon ElastiCache
Amazon EC2
Amazon SQS
Amazon EMR
Amazon SWF

Answer

A

Amazon EC2
Amazon EMR

• In this list only EC2 and EMR allow root level access to the operating system

Question 64

Q

You need to implement a hosted queue for storing messages in transit between application servers. Which service should you use?

Amazon SWF
Amazon SNS
Amazon SQS
Amazon DynamoDB

Answer

A

Amazon SQS

Amazon Simple Queue Service (Amazon SQS) is a web service that gives you access to message queues that store messages waiting to be processed. SQS offers a reliable, highly-scalable, hosted queue for storing messages in transit between computers. SQS is used for distributed/decoupled application
Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps
Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications

Answer 65

A

Elastic IP

An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account
An Elastic IP is a public IP however in the AWS cloud an elastic IP is the construct used to assign a public IP to an EC2 instance
Static IP and dynamic IP are terms used to describe IP addresses (public or private) that are either statically defined or dynamically obtained (through DHCP)

Answer 66

A

Create an Auto Scaling group
Create a launch configuration

To setup Auto Scaling, two of the tasks that need to be performed are to create a launch configuration and an Auto Scaling group
Listeners, listener rules and target groups are associated with Elastic Load Balancing

Answer 67

A

AWS Lambda
Amazon S3

With Amazon S3 you don’t need to specify any capacity at any time, the service scales in both capacity and performance as required
AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume – there is no charge when your code is not running
With Amazon EC2 you need to select your instance sizes and number of instances
With RDS you need to select the instance size for the DB
With DynamoDB you need to specify the read/write capacity of the DB

Answer 68

A

Amazon SWF

Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks
Amazon Security Token Service (STS) is used for requesting temporary credentials
Amazon Simple Queue Service (SQS) is a message queue used for decoupling application components
Amazon Simple Notification Service (SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud

Answer 69

A

Simple
Latency

• Route 53 routing policies include Simple, Weighted, Latency based, Failover, Geo-location, Geo-Proximity, Multi-Value and Traffic Flow

Answer 70

A

Subnets
IP CIDR

Within the management console for VPC you can manage items such as subnets and the IP CIDR block for the VPC
The other answers are all items that can be managed within the EC2 management console

Answer 71

A

Amazon S3
Amazon EC2

Both Amazon EC2 and Amazon S3 are managed at a regional level. Note: Amazon S3 is a global namespace but you still create your buckets within a region
CloudFront, Route 52 and IAM and managed at a global level

Answer 72

A

File Gateway
Gateway Virtual Tape Library

The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud. It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. AWS Storage Gateway supports three storage interfaces: file, volume, and tape
File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3
The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes
Gateway Virtual Tape Library is used for backup with popular backup software

Answer 73

A

Virtual Private Gateway
Customer Gateway

Two of the components you need to connect to your VPC with a VPN connection are a virtual private gateway on the VPC side and a customer gateway on the on-premise network side
VPC routers are not part of the VPN configuration
NAT instances are not used for VPN, they are used by EC2 instances in private subnets to access the Internet
Direct Connect can be used to connect an on-premise network to the cloud however it is not part of the configuration of an Amazon Managed VPN connection

Answer 74

A

Amazon ECS

Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances
AWS Lambda is a serverless technology that lets you run code in response to events as functions
Amazon Elastic Container Registry (ECR) is a fully-managedDocker container registry that makes it easy for developers to store, manage, and deploy Docker container images
Amazon Machine Images (AMI) store configuration information for Amazon EC2 instances

Answer 75

A

Tags

• A tag is a label that you assign to an AWS resource. Each tag consists of akey and an optional value, both of which you define. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment

Answer 76

A

AWS Service Catalog

AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet
Amazon Cloud Directory enables you to build flexible cloud-native directories for organizing hierarchies of data along multiple dimensions
AWS Organizations offers policy-based management for multiple AWS accounts

Answer 77

A

SQL Server
Aurora

RDS supports the following engines: SQL Server, Oracle, MySQL Server, PostgreSQL, Aurora, MariaDB
DynamoDB is Amazon’s NoSQL database
MongoDB is a No SQL database

Answer 78

A

Community AMIs
AWS Marketplace AMIs

• AMIs come in three main categories:
– Community AMIs– free to use, generally you just select the operating system you want
– AWS Marketplace AMIs– pay to use, generally come packaged with additional, licensed software
– My AMIs– AMIs that you create yourself

Answer 79

A

EBS volumes must be in the same AZ as the instances they are attached to
You can attach multiple EBS volumes to an instance

You cannot attach an EBS volume to multiple instances (use Elastic File Store instead)
EBS volume data persists independently of the life of the instance
EBS volumes are block storage

Answer 80

A

A public IP address
A route to an Internet Gateway

A public subnet is a subnet that is configured to assign public IP addresses to instances and which has a route to an Internet Gateway (which is created at the VPC level) configured in the route table
NAT instances and NAT gateways are used by EC2 instances in private subnets (without public IPs) to access the Internet
A VPN connection is used to establish a secure connection between the AWS cloud and an on-premise data center or other cloud location. They are not used to access the Internet

Answer 81

A

Elastic Load Balancer
EC2 instance

• An origin is the origin of the files that the CDN will distribute. Origins can be either an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53 – can also be external (non-AWS)

Answer 82

A

S3 Transfer Acceleration

Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket. S3 Transfer Acceleration leverages Amazon CloudFront’s globally distributed AWS Edge Locations
With S3 copy you can create a copy of objects up to 5GB in size in a single atomic operation
Multipart upload can be used to speed up uploads to S3
S3 can also be used to host static websites

Answer 83

A

Objects are redundantly stored on multiple devices across multiple facilities within a region

Amazon S3 provides a highly durable storage infrastructure designed for mission-critical and primary data storage. Objects are redundantly stored on multiple devices across multiple facilities in an Amazon S3 region
Amazon does not specify how data is replicated across AZs, the use the term facilities instead

Answer 84

A

Read after write consistency for PUTS of new objects
Eventual consistency for overwrite PUTS and DELETES

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-storage/

Answer 85

A

Scheduled RI

With RIs, you can choose the type that best fits your applications needs.
Standard RIs: These provide the most significant discount (up to 75% off On-Demand) and are best suited for steady-state usage
Convertible RIs: These provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. Like Standard RIs, Convertible RIs are best suited for steady-state usage
Scheduled RIs: These are available to launch within the time windows you reserve. This option allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month

Answer 86

A

MySQL
PostgreSQL

Read replicas are available for MySQL, PostgreSQL, MariaDB and Aurora (not SQL Server or Oracle)
DynamoDB is not a type of RDS database and does not support read replicas

Answer 87

A

Multi-AZ

Multi-AZ RDS creates a replica in another AZ and synchronously replicates to it (DR only)
Read replicas are used for read-heavy DBs and replication is asynchronous
DB mirroring and log shipping are not Amazon RDS features, they are methods of replicating data using native database technologies (rather than AWS technology)

Answer 88

A

Amazon SQS

Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications
SQS eliminates the complexity and overhead associated with managing and operating message oriented middleware, and empowers developers to focus on differentiating work
In-flight messages are messages that have been picked up by a consumer but not yet deleted from the queue

Answer 89

A

Amazon RDS

RDS automated backups allow point in time recovery to any point within the retention period down to a second. When automated backups are turned on for your DB Instance, Amazon RDS automatically performs a full daily snapshot of your data (during your preferred backup window) and captures transaction logs (as updates to your DB Instance are made). Automated backups are enabled by default and data is stored on S3 and is equal to the size of the DB
EC2 instances using EBS volumes can be backed up by creating a snapshot of the EBS volume
Amazon S3 objects are replicated across multiple facilities. You can also archive data onto Amazon Glacier and use versioning to maintain copies of older versions of objects

Answer 90

A

Ensure the “DeleteOnTermination” attribute of the EBS volume is set to false while launching the instance

Root EBS volumes are deleted on termination by default
Extra non-boot volumes are not deleted on termination by default
The behavior can be changed by altering the “DeleteOnTermination” attribute

Answer 91

A

Dedicated Hosts

A Dedicated Host is also a physical server that’s dedicated for your use. With a Dedicated Host, you have visibility and control over how instances are placed on the server
Dedicated Instances are Amazon EC2 instances that run in a virtual private cloud (VPC) on hardware that’s dedicated to a single customer
Dedicated tenancy ensures all EC2 instances that are launched in a VPC run on hardware that’s dedicated to a single customer
Dedicated EC2 is not an available tenancy model

Answer 92

A

Apply tags

To help you manage your instances, images, and other Amazon EC2 resources, you can optionally assign your own metadata to each resource in the form of A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value, both of which you define. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment
Using descriptive hostnames or organizing instances into separate subnets is a messy way to try and organize resources and lacks the power and flexibility of tagging
Storing information in instance meta-data is possible but you need to retrieve the information, tags enable you to do this more easily

Answer 93

A

Amazon Neptune

Amazon Neptune is a fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. With Amazon Neptune, you can create sophisticated, interactive graph applications that can query billions of relationships in milliseconds
Amazon Redshift is a fast, scalable data warehouse that makes it simple and cost-effective to analyze all your data across your data warehouse and data lake
AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture
Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL

Answer 94

A

Amazon Elasticsearch

Amazon Elasticsearch Service, is a fully managed service that makes it easy for you to deploy, secure, operate, and scale Elasticsearch to search, analyze, and visualize data in real-time. Elasticsearch is based on open source software
Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet
AWS Elastic Beanstalk is the fastest and simplest way to get web applications up and running on AWS. Developers simply upload their application code and the service automatically handles all the details such as resource provisioning, load balancing, auto-scaling, and monitoring

Answer 95

A

Amazon RedShift

RedShift is a fully managed data warehouse service designed to handle petabytes of data for analysis. Data can be analyzed with standard SQL tools and business intelligence tools. RedShift allows you to run complex analytic queries against petabytes of structured data
RDS is Amazon’s transactional relational database
DynamoDB is Amazon’s non-relational database service
ElastiCache is a data caching service that is used to help improve the speed/performance of web applications running on AWS

Answer 96

A

AWS OpsWorks

OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments
OpsWorks is an automation platform that transforms infrastructure into code
Automates how applications are configured, deployed and managed

Answer 97

A

Increased reliability (predictable performance)
Increased bandwidth (predictable bandwidth)

• AWS Direct Connect is a network service that provides an alternative to using the Internet to connect customers’ on premise sites to AWS
• Data is transmitted through a private network connection between AWS and a customer’s datacenter or corporate network
• Benefits:
– Reduce cost when using large volumes of traffic
– Increase reliability (predictable performance)
– Increase bandwidth (predictable bandwidth)
– Decrease latency
• Direct Connect is not fast to implement as it can take weeks to months to setup (use VPN for fast deployment times)
• Direct Connect is more expensive than VPN
• Direct Connect uses private network connections, it does not use redundant paths over the Internet

Answer 98

A

Kinesis Video Streams
Kinesis Data Firehose

• Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information
• There are four types of Kinesis service:
– Kinesis Video Streams makes it easy to securely stream video from connected devices to AWS for analytics, machine learning (ML), and other processing
– Kinesis Data Streams enables you to build custom applications that process or analyze streaming data for specialized needs
– Kinesis Data Firehose is the easiest way to load streaming data into data stores and analytics tools
– Kinesis Data Analytics is the easiest way to process and analyze real-time, streaming data
• The other options presented are bogus

Answer 99

A

AMI

An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You must specify a source AMI when you launch an instance. You can launch multiple instances from a single AMI when you need multiple instances with the same configuration. You can use different AMIs to launch instances when you need instances with different configurations
EBS is the Elastic Block Store
ARN is the Amazon Resource Name which uniquely identifies AWS resources

Answer 100

A

Use Amazon DLM

You can use Amazon Data Lifecycle Manager (Amazon DLM) to automate the creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes
S3 lifecycle policies apply to data in S3 buckets only, not to EBS volumes
You could write a script but this is not the best method when you have an AWS feature available that performs the exact functions you need
CloudFormation is typically used for deploying and updating resource configurations rather than for performing operational activities

Answer 101

A

Amazon DynamoDB

Amazon Dynamo DB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Push button scaling means that you can scale the DB at any time without incurring downtime
All other databases are based on EC2 instances and therefore you must increase the instance size to scale which will incur downtime

Answer 102

A

AWS CloudTrail

AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is for auditing (CloudWatch is for performance monitoring). CloudTrail is about logging and saves a history of API calls for your AWS account. Provides visibility into user activity by recording actions taken on your account. API history enables security analysis, resource change tracking, and compliance auditing
Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring (CloudTrail is for auditing). Used to collect and track metrics, collect and monitor log files, and set alarms
Amazon Identity and Access Management is an identity service that provide authentication and authorization services
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud

Answer 103

A

AWS Trusted Advisor

Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment. Trusted Advisor provides real time guidance to help you provision your resources following best practices. Advisor will advise you on Cost Optimization, Performance, Security, and Fault Tolerance
Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS
AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you
Amazon Identity and Access Management is an identity service that provide authentication and authorization services

Answer 104

A

Use AWS Snowball

Snowball is a petabyte-scale data transport solution that uses devices designed to be secure to transfer large amounts of data into and out of the AWS Cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns
Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. However, for these volumes of data Snowball is a better choice

Answer 105

A

User data

When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts
You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives
User data is limited to 16KB
Instance metadata is available at http://169.254.169.254/latest/meta-data
The Instance Metadata Query tool allows you to query the instance metadata without having to type out the full URI or category names
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources

Answer 106

A

Read Replicas

Read replicas are used for read-heavy DBs and replication is asynchronous. Read replicas are for workload sharing and offloading. Read replicas provide read-only access to the DB
Multi-AZ RDS creates a replica in another AZ and synchronously replicates to it (DR only)
Log shipping is not an RDS feature
Global Tables is a feature of DynamoDB

Answer 107

A

Amazon CloudFront

CloudFront is used as the public endpoint for API Gateway. Provides reduced latency and distributed denial of service protection through the use of CloudFront
AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS
Amazon S3 Transfer Acceleration is a bucket-level feature that enables faster data transfers to and from Amazon S3
AWS Lambda lets you run code without provisioning or managing servers

Answer 108

A

Amazon Elastic Beanstalk

AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Developers upload applications and Elastic Beanstalk handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. Considered a Platform as a Service (PaaS) solution. Supports Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker web applications
Amazon EC2 is an IaaS solution that provides unmanaged instances that you can deploy with a variety of operating systems
AWS Auto Scaling provides elasticity for your applications by automatically launching or terminating EC2 instances according to application load or schedules you define
AWS OpsWorks provides a managed service for Chef and Puppet

Answer 109

A

Managed for you by AWS
Highly available within each AZ

NAT gateways are managed for you by AWS. NAT gateways are highly available in each AZ into which they are deployed. They are not associated with any security groups and can scale automatically up to 45Gbps
NAT instances are managed by They must be scaled manually and do not provide HA. NAT Instances can be used as bastion hosts and can be assigned to security groups

Answer 110

A

1 Gbps
10 Gbps

AWS Direct Connect is a network service that provides an alternative to using the Internet to connect a customer’s on premise sites to AWS. Data is transmitted through a private network connection between AWS and a customer’s data center or corporate network
Available in 1Gbps and 10Gbps
Speeds of 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, and 500Mbps can be purchased through AWS Direct Connect Partners

Answer 111

A

AWS Lambda

AWS Lambda lets you run code as functions without provisioning or managing servers. Lambda-based applications (also referred to as serverless applications) are composed of functions triggered by events. With serverless computing, your application still runs on servers, but all the server management is done by AWS
Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances
AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily

Answer 112

A

Amazon SQS

Amazon Simple Queue Service (Amazon SQS) is a web service that gives you access to message queuesthat store messages waiting to be processed. SQS offers a reliable, highly-scalable, hosted queue for storing messages in transit between computers. SQS is used for distributed/decoupled applications
Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud
Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components
Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information

Answer 113

A

From the AWS CLI
Using the REST API

Glacier provides a management console. You can use the console to create and delete vaults. However, all other interactions with Glacier require that you use the AWS Command Line Interface (CLI) or write code
For example, to upload data, such as photos, videos, and other documents, you must either use the AWS CLI or write code to make requests, using either the REST API directly or by using the AWS SDKs

Answer 114

A

Amazon Elastic Transcoder

Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or “transcode”) video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs
AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics
Amazon Rekognition makes it easy to add image and video analysis to your applications
Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text

Answer 115

A

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service

The VPC router performs routing within a VPC
Direct Connect enables hybrid cloud models by extending an organization’s on-premise networks into the AWS cloud
Auto Scaling is a service for distributing incoming connections between a fleet of registered EC2 instances

Answer 116

A

Application Load Balancer (ALB)

ALB is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers. Operating at the individual request level (Layer 7), Application Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request
NLB is best suited for load balancing of TCP traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies
CLB provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. Classic Load Balancer is intended for applications that were built within the EC2-Classic network
AWS Auto Scaling is not a type of ELB

Answer 117

A

Amazon RedShift

Amazon Redshift extends data warehouse queries to your data lake, with no loading required. You can run analytic queries against petabytes of data stored locally in Redshift, and directly against exabytes of data stored in Amazon S3
Amazon RDS is not a data warehouse and cannot query data in S3 at rest
AWS Lambda runs code as functions and is not a data warehouse
Amazon Elastic Map Reduce (EMR) provides a managed Hadoop service and cannot query data in S3 at rest

Answer 118

A

Peering Connections

A peering connection enables you to route traffic via private IP addresses between two peered VPCs
VPC endpoints enable private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies
A VPG is the Amazon side of a VPN connection
Network Address Translation (NAT) is used to translate IP addresses when routing between subnets that do not have a fully routable address space

Answer 119

A

Amazon DynamoDB
Amazon SWF

Stateless components include DynamoDB which is often used for storing session state to maintain a stateless architecture and SWF which can be used for a multi-step workflow
Databases such as RDS are considered stateful
Load balancing with session affinity can be used for horizontal scaling of stateful components
Amazon EBS is not a shared storage service so is not ideal for stateless architectures (use S3 or EFS instead)

Answer 120

A

Docker

Docker allows you to package a piece of software in a Docker image, which is a standardized unit for software development, containing everything the software needs to run: code, runtime, system tools, system libraries, etc.
The other options are automation and orchestration tools

Answer 121

A

Key
Value

• Amazon S3 objects consist of:
– Key (name of the object)
– Value (data made up of a sequence of bytes)
– Version ID (used for versioning)
– Metadata (data about the data that is stored)

Answer 122

A

Provisioned IOPS SSD

Provisioned IOPS SSD volumes support up to 32,000 IOPS whereas General Purpose SSD only supports up to 10,000 per volume
Throughput Optimized HDD supports up to 500 IOPS and Cold HDD supports up to 250 IOPS per volume

Answer 123

A

Alias

The Alias record is a Route 53 specific record type. Alias records are used to map resource record sets in your hosted zone to Amazon Elastic Load Balancing load balancers, Amazon CloudFront distributions, AWS Elastic Beanstalk environments, or Amazon S3 buckets that are configured as websites. An Alias record can be used for resolving apex / naked domain names (e.g. example.com rather than sub.example.com)
A CNAME record can’t be used for resolving apex / naked domain name
An A record is a simple address record and an AAAA record is used for IPv6

Answer 124

A

EBS volume
Instance Store

The only storage options for a root volume that can be booted from are EBS volumes and Instance Stores
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html

Answer 125

A

Amazon S3
Amazon DynamoDB

An event source is an AWS service or developer-created application that produces events that trigger an AWS Lambda function to run. Amazon S3 and DynamoDB are supported event sources for AWS Lambda
https://docs.aws.amazon.com/lambda/latest/dg/invoking-lambda-function.html

Answer 126

A

Weighted

Similar to simple but you can specify a weight per IP address. You create records that have the same name and type and assign each record a relative weight. Numerical value that favors one IP over another and must total 100
Failover provides failover to a secondary IP address and is used for active-passive configurations
With latency based AWS maintains a database of latency from different parts of the world, focusses on improving performance by routing to the region with the lowest latency
Geo-location Caters to different users in different countries and different languages. Contains users within a particular geography and offers them a customized version of the workload based on their specific needs. Geolocation can be used for localizing content and presenting some or all of your website in the language of your users

Answer 127

A

Multiple Availability Zones

Multi AZ provides a mechanism to failover the RDS database to another synchronously replicated copy in the event of the failure of an AZ
There is no option for multiple region failover of Amazon RDS
Read replicas are used for offloading read traffic from a primary database but cannot be used for writing and cannot be used to failover the primary database
There is no such thing as write replicas

Answer 128

A

AWS Cognito

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0
AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud
AWS Artifact is your go-to, central resource for compliance-related information that matters to you
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud

Answer 129

A

Amazon Comprehend

Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text. The service identifies the language of the text; extracts key phrases, places, people, brands, or events; understands how positive or negative the text is; analyzes text using tokenization and parts of speech; and automatically organizes a collection of text files by topic
Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for developers to add speech-to-text capability to their applications
Amazon Rekognition makes it easy to add image and video analysis to your applications
Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale

Answer 130

A

ARN

Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls
An application programming interface (API) is a set of subroutine definitions, communication protocols, and tools for building software
An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud
Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects

Answer 131

A

Instance store volumes are ephemeral whereas EBS volumes are persistent storage

EBS-backed means the root volume is an EBS volume and storage is persistent. Instance store-backed means the root volume is an instance store volume and storage is not persistent
Both EBS and Instance store volumes are block-based storage devices
EBS volumes can be used with all EC2 instance types whereas Instance store volumes are more limited in compatibility

Answer 132

A

Amazon EC2

Amazon EC2 should be used when you need access to a full operating system instance
Amazon Elastic Container Service (ECS) and Amazon Elastic Container Service for Kubernetes (EKS) are used for running software containers, not full operating system instances
AWS Lambda runs code as functions in response to events

Answer 133

A

VPC with a Single Public Subnet
VPC with Public and Private Subnets and Hardware VPN Access

• The options available in the VPC Wizard are:
– VPC with a Single Public Subnet
– VPC with Public and Private Subnets
– VPC with Public and Private Subnets and Hardware VPN Access
– VPC with a Private Subnet Only and Hardware VPN Access

Answer 134

A

Gateway Virtual Tape Library

The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud. The Gateway Virtual Tape Library can be used with popular backup software such as NetBackup, Backup Exec and Veeam. Uses a virtual media changer and tape drives
There is no such thing as a Backup Gateway in the AWS products
File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3
The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes

Answer 135

A

Multiple AZs within a region

• AWS Auto Scaling is configured within the EC2 console and can launch instances within a VPC across multiple AZs. It cannot launch resources into another region

Answer 136

A

Domain registration
Traffic flow

Route 53 features include domain registration, DNS, traffic flow, health checking, and failover
Route 53 does not support DHCP, routing or caching

Answer 137

A

Amazon EFS

EFS is a fully-managed service that makes it easy to set up and scale file storage in the Amazon Cloud. EFS uses the NFSv4.1 protocol. Can concurrently connect 1 to 1000s of EC2 instances, from multiple AZs
EBS volumes can only be attached to a single EC2 instance at a time and are block devices (not NFS)
Amazon S3 is an object store and is connected to using a RESTful protocol over HTTP
Amazon Instance Store is a type of ephemeral block-based volume that can be attached to a single EC2 instance at a time

Answer 138

A

AWS Trusted Advisor

Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment. Trusted Advisor provides real time guidance to help you provision your resources following best practices
Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS
AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you
The AWS Simple Monthly Calculator helps you to estimate the cost of using AWS services

Answer 139

A

Application performance
Operational health

Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch performs performance monitoring and can monitor custom metrics generated by applications and the operational health of your AWS resources
Amazon CloudTrail monitors API access
Infrastructure and data center monitoring is not accessible to AWS customers

Answer 140

A

Listener

A listener is a process that checks for connection requests, using the protocol and port that you configure. The rules that you define for a listener determine how the load balancer routes requests to the targets in one or more target groups
Each listener has a default rule, and you can optionally define additional rules. Each rule consists of a priority, one or more actions, an optional host condition, and an optional path condition
Each rule action has a type, an order, and information required to perform the action. The following are the supported action types
There are two types of rule conditions: host and path. Each rule can have up to one host condition and up to one path condition

Answer 141

A

Memcached
Redis

ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. The in-memory caching provided by ElastiCache can be used to significantly improve latency and throughput for many read-heavy application workloads or compute-intensive workloads
Only the Memcached and Redis database engines can be used with ElastiCache, the others in the list are all in-memory databases but are not supported

• https://digitalcloud.training/certification-training/aws-solutions-architect-associate/database/amazon-elasticache/

Answer 142

A

Amazon RedShift

A data warehouse is a specialized type of relational database, optimized for analysis and reporting of large amounts of data. It can be used to combine transactional data from disparate sources making them available for analysis and decision-making. Amazon Redshift is a managed data warehouse service that is designed to operate at less than a tenth the cost of traditional solutions
Amazon Redshift achieves efficient storage and optimum query performance through a combination of massively parallel processing (MPP), columnar data storage, and targeted data compression encoding schemes. RedShift is particularly suited to analytic and reporting workloads against very large data sets
Amazon RDS (and Aurora, which is an RDS DB), is a relational, transactional DB not a data warehouse
Amazon DynamoDB is a NoSQL DB used for transactional systems also

Answer 143

A

CNAME

Both CNAME records and Alias records can be used to map a domain name to a target domain name. However, only a CNAME record can be used to map to a target domain external to AWS.
Alias records are used to map resource record sets in your hosted zone to Amazon Elastic Load Balancing load balancers, Amazon CloudFront distributions, AWS Elastic Beanstalk environments, or Amazon S3 buckets that are configured as websites
An NS record is a Name Server record an identifies DNS servers
An SPF record is a Sender Policy Framework record and identifies the mail servers that are allowed to send mail for a domain

Answer 144

A

Cross-region replication

• CRR is an Amazon S3 feature that automatically replicates data across AWS Regions. With CRR, every object uploaded to an S3 bucket is automatically replicated to a destination bucket in a different AWS Region that you choose. CRR is configured at the S3 bucket level. Versioning must be enabled for both the source and destination buckets

Answer 145

A

AWS Migration Hub

AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions. Using Migration Hub allows you to choose the AWS and partner migration tools that best fit your needs, while providing visibility into the status of migrations across your portfolio of applications. This includes AWS Database Migration Service, AWS Server Migration Service, and partner migration tools
AWS Database Migration Service helps you migrate databases to AWS quickly and securely
AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS
With AWS Batch, you simply package the code for your batch jobs, specify their dependencies, and submit your batch job using the AWS Management Console, CLIs, or SDK

Answer 146

A

AWS Config

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet
AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS
AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment

Answer 147

A

CloudWatch with detailed monitoring

Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring (CloudTrail is for auditing). Used to collect and track metrics, collect and monitor log files, and set alarms. Basic monitoring collects metrics every 5 minutes whereas detailed monitoring collects metrics every 1 minute
AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is for auditing (CloudWatch is for performance monitoring). CloudTrail is about logging and saves a history of API calls for your AWS account

Answer 148

A

AWS Device Farm

AWS Device Farm is an app testing service that lets you test and interact with your Android, iOS, and web apps on many devices at once, or reproduce issues on a device in real time
AWS AppSync makes it easy to build data-driven mobile and browser-based apps that deliver responsive, collaborative experiences by keeping the data updated when devices are connected, enabling the app to use local data when offline, and synchronizing the data when the devices reconnect
AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources

Answer 149

A

Events

• AWS Lambda lets you run code as functions without provisioning or managing server. Lambda-based applications (also referred to as serverless applications) are composed of functions triggered by events

Answer 150

A

RTMP distribution

An RTMP distribution is used to distribute streaming media files using Adobe Flash Media Server’s RTMP protocol
Of the answers listed, only web distribution and RTMP distribution are actually types of distribution

Answer 151

A

Subnet
Endpoints

You can have configured subnets and endpoints within the VPC section of AWS management console
EBS volumes and ELB must be configured in the EC2 section of the AWS management console
DNS records must be configured in Amazon Route 53

• https://digitalcloud.training/certification-training/aws-solutions-architect-associate/networking-and-content-delivery/amazon-vpc/

Answer 152

A

Relational database

Relation databases such as Structured Query Language (SQL) databases hold data in a structured format. Examples are Amazon RDS and Microsoft SQL Server
File systems, email systems and non-relational databases hold data in an “unstructured” format. This means that though there is some structure to it, the data cannot be easily searched using standard data processing algorithms or structured queries. Unstructured data is more human-friendly than machine-friendly

Answer 153

A

Root EBS volumes are deleted by default
Non-root EBS volumes are retained by default

The root EBS device is the volume the OS boots from. Root EBS volumes are deleted on termination by default.
Extra non-boot volumes are not deleted on termination by default

Answer 154

A

You can transfer domains to Route 53 if the Top Level Domain (TLD) is supported
You can transfer Route 53 hosted domains to another account

You can transfer domains to Route 53 only if the Top Level Domain (TLD) is supported
You can transfer a domain from Route 53 to another registrar by contacting AWS support, you cannot do it through the console
You can transfer a domain to another account in AWS however it does not migrate the hosted zone by default (optional)

Answer 155

A

You can connect to all AZs within the VPC of the local region
You can connect to public services in remote regions

With Direct Connect you have a private connection to a specific region. You can access all resources within the local region over a private virtual interface (VIF). You can also connect to the public services in other regions using a public VIF and IPSec
You can connect to private VPCs in other regions too, though for that you need a Direct Connect Gateway

Answer 156

A

AWS IoT Core

AWS IoT Core is a managed cloud service that lets connected devices easily and securely interact with cloud applications and other devices. AWS IoT Core can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely
AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud
Amazon WorkSpaces is a managed, secure cloud desktop service
AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS

Answer 157

A

AWS Glue

AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics
Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances
Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL
AWS Lambda is a serverless application that runs code as functions in response to events

Answer 158

A

Data is synchronously replicated across 3 facilities in a region

• Amazon DynamoDB stores three geographically distributed replicas of each table to enable high availability and data durability. Data is synchronously replicated across 3 facilities (AZs) in a region

Answer 159

A

Amazon S3

Amazon S3 is an object-based storage system that stores objects that are comprised of key, value pairs
Amazon DynamoDB stores items, not objects, based on key, value pairs
Amazon EBS is a block-based storage system
Amazon EFS is a file-based storage system

Answer 160

A

AWS Personal Health Dashboard

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you
Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment
Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service

Answer 161

A

AWS Lambda
Amazon API Gateway

AWS Lambda and Amazon API Gateway are both app-facing components of the AWS Serverless infrastructure
Amazon DynamoDB and EFS are database and storage services of the serverless infrastructure
AWS Step Functions is an orchestration service

Answer 162

A

Both non-root and root if launched from an encrypted AMI

You can encrypt non-root volumes at launch time. Root volumes (boot volumes) can only be encrypted if you create the instance from an encrypted AMI
https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/

Answer 163

A

Amazon SageMaker

Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. Amazon SageMaker removes all the barriers that typically slow down developers who want to use machine learning
Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text
Amazon Rekognition makes it easy to add image and video analysis to your applications
Amazon MQ is a managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud

Answer 164

A

EC2 Container Registry

• The EC2 container registry (ECR) is a managed AWS Docker registry service for storing, managing and deploying Docker images

Answer 165

A

ELB nodes have public IP addresses
ELB nodes route traffic to the private IP addresses of EC2 instances

• ELBs can be configured as public facing or internal only. Public facing load balancers have public IP addresses and require an Internet Gateway to function. The public facing ELBs route traffic to the private IP addresses of EC2 instances

Answer 166

A

Amazon SNS

Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud. SNS can be used to send automated or manual notifications to email, mobile (SMS), SQS, and HTTP endpoints
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications
Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential step
Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails

Answer 167

A

Object Lifecycle Management

Object lifecycle management can be used with objects so that they are stored cost effectively throughout their lifecycle. Objects can be transitioned to another storage class or expired
All other options are bogus and do not exist

Answer 168

A

By implementing a Multi-Master configuration

Amazon Aurora Multi-Master is a new feature of the Aurora MySQL-compatible edition that adds the ability to scale out write performance across multiple Availability Zones, allowing applications to direct read/write workloads to multiple instances in a database cluster and operate with higher availability
Multi-AZ is not a feature that you can configure with Aurora but data is replicated 6 ways, across 3 AZs by default
Read replicas and cross-region read replicas would not assist with scaling write performance as they only scale read performance

Answer 169

A

Compress large attribute values
Store large attributes as objects in Amazon S3

If an application needs to store more data in an item than the DynamoDB size limit permits, you can try compressing one or more large attributes, or you can store them as an object in Amazon Simple Storage Service (Amazon S3) and store the Amazon S3 object identifier in your DynamoDB item
You cannot store anything in AWS Lambda, it is a service that provides processes (functions) for executing code
You cannot use ElastiCache to cache the large objects as it is not designed for this purpose

Answer 170

A

Using Route 53 health checks

Amazon Route 53 health checks monitor the health and performance of your web applications, web servers, and other resources
None of the other options provide a solution that can check the health and performance of an application

Answer 171

A

Layer 4 & 7

Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7
Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request
Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data

Answer 172

A

Cluster
Spread

• Placement groups are a logical grouping of instances in one of the following configurations:
– A cluster placement group is a logical grouping of instances within a single Availability Zone. Cluster placement groups are recommended for applications that benefit from low network latency, high network throughput, or both, and if the majority of the network traffic is between the instances in the group
– A spread placement group is a group of instances that are each placed on distinct underlying hardware. Spread placement groups are recommended for applications that have a small number of critical instances that should be kept separate from each other

Answer 173

A

AWS Elastic Beanstalk

AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Developers upload applications and Elastic Beanstalk handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring
AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositiories
AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
Amazon Elastic Container Service is a managed service for running Docker containers

Answer 174

A

Amazon CloudWatch Logs

You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources
You can then retrieve the associated log data from CloudWatch Logs
Amazon CloudTrail is used for recording a history of API actions taken on your account.
Amazon Kinesis is a set of services used for collecting, processing and analyzing streaming data

Answer 175

A

Point-in-time recovery

• You can restore a DB instance to a specific point in time with a granularity of 5 minutes. RDS uses transaction logs which it uploads to Amazon S3 to do this

Answer 176

A

Whenever EC2 is included you need to use Auto Scaling to automatically scale the number of instances which only leaves 2 potential answers. EBS volumes can only be mounted to a single instance and so data cannot be shared therefore that rules out the other potential answer. Therefore EC2 with Auto Scaling and an ELB sitting in front is the correct solution
DynamoDB can be used for storing session state for stateless web applications but is not necessary for the answer

Answer 177

A

Amazon DynamoDB Accelerator (DAX)

Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second
DAX does all the heavy lifting required to add in-memory acceleration to your DynamoDB tables, without requiring developers to manage cache invalidation, data population, or cluster management

Answer 178

A

Amazon CloudFormation

AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. Think of CloudFormation as deploying infrastructure as code
Elastic Beanstalk is more focussed on deploying applications on EC2 (PaaS)
AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
Jenkins deploys infrastructure as code but is not an AWS service

Answer 179

A

You can register domain names via Amazon Route 53
Amazon Route 53 supports Alias and CNAME records

• Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service
• Route 53 offers the following functions:
– Domain name registry
– DNS resolution
– Health checking of resources
• Health checks verify Internet connected resources are reachable, available and functional
• Routing policies include Simple, Weighted, Latency-based, Failover and Geo-Location
• Many record types are supported including Alias and CNAME
• Internal elastic load balancing is performed by the Amazon ELB
• It does not support connecting on-premises data centers to the cloud – this is done by Direct Connect

Answer 180

A

Amazon S3
Amazon DynamoDB

Both S3 and DynamoDB automatically scale as demand dictates. In the case of DynamoDB you can either configure the on-demand or provisioned capacity mode. With on-demand capacity mode DynamoDB automatically adjusts the read and write throughput for you
EC2 cannot scale automatically. You need to use Auto Scaling to scale the number of EC2 instances deployed
EBS and RDS do not scale automatically. You must intervene to adjust volume sizes and database instance types to scale these resources

Answer 181

A

Virtual Private Server
Managed MySQL database

Amazon Lightsail provides an easy, low cost way to consume cloud services without needing the skill set for using VPC resources. The product set includes virtual private servers (instances), managed MySQL databases, HA storage, and load balancing
You can connect to other AWS services such as S3, DynamoDB, and CloudFront, however these are not part of the Lightsail product range

Answer 182

A

General Purpose SSD

AWS suggest that the General Purpose SSD is used for the boot volume of most workloads
Provisioned IOPS SSD is for high performance applications that require sustained IOPS
Throughput Optimized HDD is for streaming workloads with fast throughput requirements
Cold HDD is the lowest cost HDD and is for infrequently accessed data

Answer 183

A

The account has reached its On-Demand instance limit for the region

You are limited to running up to a total of 20 On-Demand instances across the instance family, purchasing 20 Reserved Instances, and requesting Spot Instances per your dynamic Spot limit per region
If a user did not have permissions to launch an instance then it would not launch at all, rather than launching and then terminating
If the AZ did not have capacity, or the AMI was deleted the instance would not launch

Answer 184

A

Deploy a bastion host in a public subnet

When you have an EC2 instance in a private subnet you cannot add a public elastic IP address to it or update security group rules to allow connectivity. Instead you must deploy a bastion host server into a public subnet and use that to jump across from the public subnet to the private subnet
A NAT Gateway is used to allow instances in a private subnet to access the Internet, it cannot be used for proxying inbound connections

Answer 185

A

Memory utilization

•	The AWS/EC2 namespace includes the following instance metrics:
	– CPUUtilization
	– DiskReadOps
	– DiskWriteOps
	– DiskReadBytes
	– DiskWriteBytes
	– NetworkIn
	– NetworkOut
	– NetworkPacketsIn
	– NetworkPacketsOut

Answer 186

A

Security group rules configured to allow HTTP/HTTPS
A public IP address assigned to the instance

To connect to a web page on a web server you use the HTTP/HTTPS protocol. You therefore need to ensure the instance’s security group allows these protocols in an inbound rule
A public IP address assigned to an instance in a public subnet is required in order to be able to directly access the instance from the Internet. There also needs to be an Internet Gateway attached to the VPC and an entry in the route table for the subnet that points to it
A private IP address will always be assigned to instances in EC2, but these do not enable access from the Internet
An established VPN connection is not required, connections will come through an Internet Gateway to a public subnet

Answer 187

A

AWS DMS

AWS DMS is used for migrating databases into or within AWS
All other options are valid services that are used for transferring large amounts of data into Amazon S3

Answer 188

A

AWS Lambda

AWS Lambda is aserverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. The code you run on AWS Lambda is called a “Lambda function”
Amazon ECS and EKS are both used for running software containers such as Docker containers
AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositiories

Answer 189

A

PaaS

Both Elastic Beanstalk and RDS are services that are managed at the platform level meaning you don’t need to manage the infrastructure level yourself. Therefore, tasks like OS management and patching are performed for you
IaaS is a model where the underlying hardware platform and hypervisor are managed for you and you are delivered tools and interfaces for working with operating system instances
SaaS is a model where the whole stack is managed for you right up to the application and you are delivered working software that you can customize and populate with data
Hybrid is a type of cloud delivery model in which you consume both public and private cloud and connect the two together

Answer 190

A

Simple scaling
Step scaling

With AWS Auto Scaling the scaling policies include: simple, scheduled, dynamic, and step scaling
The other options are bogus and do not exist
https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/elastic-load-balancing-and-auto-scaling/
https://digitalcloud.training/certification-training/aws-solutions-architect-associate/compute/aws-auto-scaling/

Answer 191

A

Network Load Balancer (NLB)

NLBs process traffic at the TCP level (layer 4)
ALBs process traffic at the HTTP,HTTPS level (layer 7)
CLBs process traffic at the TCP, SSL, HTTP and HTTPS levels (layer 4 & 7)

Answer 192

A

Using cross-region replication

Cross-region replication(CRR) enables automatic, asynchronous copying of objects across buckets in different AWS Regions. Buckets configured for cross-region replication can be owned by the same AWS account or by different account
Multi-master replication is not something you can do with Amazon S3 (Amazon Aurora has this feature)
Lifecycle actions cannot be configured to move to another storage class in a different region

Answer 193

A

Deploy applications in regions closest to the end-users
Use Amazon CloudFront to cache content closer to end-users

To reduce latency, which corresponds with the distance over which network communications travel, you should aim to host your applications closer to your end-users. This means deploying them in the closest regions
Deploying in multiple AZs may create resiliency but won’t change latency much as AZs are geographically close to each other
S3 Transfer Acceleration is used to improve upload speeds for S3 objects and does not affect application performance
CloudFormation is used for deploying resources through code (“infrastructure as code”)
Using a larger instance type for your application may improve application performance but will not reduce latency

Answer 194

A

Amazon RDS

Amazon RDS is a relational database of the SQL type and can be used for complex queries and joins
All other options listed are NoSQL types of database which are not suitable for complex queries and joins

Answer 195

A

Resource groups

Resource groups make it easy to group resources using the tags that are assigned to them. You can group resources that share one or more tags
The other options are bogus and do not exist

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-billing-and-pricing/

Answer 196

A

Provisioned IOPS SSD

Provisioned IOPS SSD supports up to 50 IOPS per GiB with up to 32,000 IOPS per volume
General purpose SSD supports 3 IOPS per GiB and can burst up to 3000 IOPS (volumes > 334GB), and a maximum of 10,000 per volume
The HDD options provide much lower IOPS per volume (500, 250)

Answer 197

A

Create a snapshot of the volume

All you need to do is create a snapshot as EBS snapshots are stored on S3
Writing a custom script could work but would not be the easiest method
You cannot apply S3 lifecycle actions to EBS volumes
Amazon Kinesis is used for processing streaming data, not data in EBS volumes

Answer 198

A

Amazon EFS

The Amazon Elastic File System (EFS) storage service can be accessed using the NFSv4 protocol
Amazon EBS and Instance store are both block-based storage systems (not file-based like EFS)
Amazon S3 is an object-based storage system and is accessed by HTTP/HTTPS

Answer 199

A

AWS CloudFormation

AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts
AWS Elastic Beanstalk is the fastest and simplest way to get web applications up and running on AWS. It is more of a PaaS service and is focused on web applications not infrastructure
Auto Scaling automates the process of adding (scaling up) OR removing (scaling down) EC2 instances based on the traffic demand for your application
Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud

Answer 200

A

Application Load Balancer (ALB)

Application load balancers allow you to use content-based routing to direct traffic to instances based on the host field or URL path of the HTTP header
No other type of load balancer supports path-based routing

Answer 201

A

Changes to an Amazon S3 bucket
Messages added to an Amazon SQS queue

Lambda functions can be invoked in response to events. These events include objects being created or deleted in an Amazon S3 bucket or messages being added to an SQS queue
A list of possible event sources is included in the reference link below

• https://docs.aws.amazon.com/lambda/latest/dg/invoking-lambda-function.html#supported-event-source-s3

Answer 202

A

Layer 7

The AWS Web Application Firewall operates up to the application layer (layer 7). You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application
https://aws.amazon.com/waf/

Answer 203

A

User name and password

You can log into the AWS console using a user name and password
You cannot log in to the AWS console using a key pair, access key & secret ID or certificate

Answer 204

A

Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users
Enables you to attach IAM permission policies to more than one user at a time

Groups are collections of users and have policies attached to them
A group is not an identity and cannot be identified as a principal in an IAM policy
Use groups to assign permissions to users
Use the principal of least privilege when assigning permissions
You cannot nest groups (groups within groups)

Answer 205

A

Amazon S3
Amazon DynamoDB

Kinesis Data Streams enables you to build custom applications that process or analyze streaming data for specialized needs. Producers continually push data to Kinesis Data Streams and Consumers process the data in real time. Consumers can store their results using an AWS service such as Amazon DynamoDB, Amazon Redshift, or Amazon S3
https://digitalcloud.training/certification-training/aws-solutions-architect-associate/analytics/amazon-kinesis/

Answer 206

A

AD Connector

AD Connector is a directory gateway for redirecting directory requests to your on-premise Active Directory. AD Connector eliminates the need for directory synchronization and the cost and complexity of hosting a federation infrastructure. Connects your existing on-premise AD to AWS
Simple AD is an inexpensive Active Directory-compatible service with common directory features. It is a standalone, fully managed directory in the AWS cloud. It does not connect your on-premise AD to AWS
IAM connector does not exist
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol, operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. It is not an AWS service

Answer 207

A

Application Load Balancer (ALB)

ALBs process traffic at the HTTP,HTTPS level (layer 7)
NLBs process traffic at the TCP level (layer 4)
CLBs process traffic at the TCP, SSL, HTTP and HTTPS levels (layer 4 & 7)

Answer 208

A

Amazon EKS

Amazon Elastic Container Service for Kubernetes (EKS) is a managedKubernetes service that makes it easy for you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane
Amazon Elastic Container Service (ECS) is used for running Docker containers but is not a managed Kubernetes service
Amazon EC2 is used for running operating system instances, not containers (though you could build your own Docker/Kubernetes implementation on an EC2 instance)
Amazon Elastic Block Store (EBS) provides block storage volumes

Answer 209

A

A Customer Gateway

A customer gateway is a physical device or software application on your side of the VPN connection
A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection
NAT devices and firewalls are not required for an AWS managed VPN

Answer 210

A

Across Availability Zones
• An AZ spans one or more data centers and each AZ is physically isolated from other AZs and connected by high speed networking. If you want to deploy a highly available application you should spread your instances across AZs and they will be resilient to the failure of a single DC
• Subnets are created within AZs. Therefore, if you deploy resources into multiple subnets within an AZ and a data center fails, you may lose all of your instances
• You could deploy your instances across separate regions but this is not necessary to create a highly available application and introduces complexity and cost. For example you may need multiple ELBs (one per region), complex name resolution and potential data transfer charges

Answer 211

A

HTTP
HTTPS

The Classic Load Balancer (CLB) supports health checks on HTTP, TCP, HTTPS and SSL
The Application Load Balancer (ALB) only supports health checks on HTTP and HTTPS

Answer 212

A

User Data

When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts
You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives
User data is data that is supplied by the user at instance launch in the form of a script
User data is limited to 16KB
User data and meta data are not encrypted

Answer 213

A

Create a VPC peering connection

A VPC peering connection helps you to facilitate the transfer of data. For example, if you have more than one AWS account, you can peer the VPCs across those accounts to create a file sharing network. You can also use a VPC peering connection to allow other VPCs to access resources you have in one of your VPCs
An internal ELB will not help you to transfer data between accounts
You cannot peer subnets
Configuring matching CIDR address ranges will not mean you can route between accounts. Also, you cannot peer with an account with a matching (or overlapping) address range

Answer 214

A

200

A HTTP 200 codes indicates a successful upload
A HTTP 300 code indicates a redirection
A HTTP 400 code indicates a client error
A HTTP 500 code indicates a server error

Answer 215

A

The identity of the API caller
The request parameters

• AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is about logging and saves a history of API calls for your AWS account
• CloudTrail records account activity and service events from most AWS services and logs the following records:
– The identity of the API caller
– The time of the API call
– The source IP address of the API caller
– The request parameters
– The response elements returned by the AWS service
• All other options are metrics that can be recorded using CloudWatch

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/monitoring-and-logging-services/

Answer 216

A

Amazon DynamoDB

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Push button scaling means that you can scale the DB at any time without incurring downtime. DynamoDB is schema-less
All other options are SQL type of databases and therefore have a schema. They also rely on EC2 instances so cannot be scaled dynamically without incurring downtime (you have to change instance types)

Answer 217

A

Within an Availability Zone
Cross-Availability Zone

Read replicas are used for offloading read traffic from the primary RDS database. You can configure read replicas to be within an AZ, across AZs, and across regions
You cannot specify the subnet or data center to deploy a read replica in

Answer 218

A

Scaling Policy

Scaling policies determine when, if, and how the ASG scales and shrinks (on-demand/dynamic scaling, cyclic/scheduled scaling)
Scaling Plans define the triggers and when instances should be provisioned/de-provisioned
A launch configuration is the template used to create new EC2 instances and includes parameters such as instance family, instance type, AMI, key pair and security groups
An IAM policy is not used to control Auto Scaling

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/elastic-load-balancing-and-auto-scaling/

Answer 219

A

Expedited

You can use the expedited access to retrieve data within 1-5 minutes
Standard takes 3-5 hours
The other options are bogus and do not exist

Answer 220

A

Stored volume mode
• The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes
– Stored Volume mode – the entire dataset is stored on-site and is asynchronously backed up to S3 (EBS point-in-time snapshots). Snapshots are incremental and compressed
– Cached Volume mode – the entire dataset is stored on S3 and a cache of the most frequently accessed data is cached on-site
• A file gateway is not a mode but a different type of AWS Storage Gateway that provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3
• Virtual Tape Library is not a mode but a gateway that is preconfigured with a media changer and tape drives

Answer 221

A

Amazon RedShift

Amazon Redshift is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and existing Business Intelligence (BI) tools. RedShift is a SQL based data warehouse used for analyticsapplications
Amazon RDS is a transactional DB, not an analytics DB
Amazon DynamoDB is a NoSQL type of database and is not suited to analytics using SQL queries
Amazon S3 is an object storage solution not a database

Answer 222

A

AWS Step Functions

AWS Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. AWS Step Functions lets you build visual workflows that enable fast translation of business requirements into technical requirements
Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps. SWF is not a visual workflow tool
Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service
Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails

• https://aws.amazon.com/step-functions/

Answer 223

A

Amazon SWF

Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks
Amazon Security Token Service (STS) is used for requesting temporary credentials
Amazon Simple Queue Service (SQS) is a message queue used for decoupling application components
Amazon Simple Notification Service (SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud
SNS supports notifications over multiple transports including HTTP/HTTPS, Email/Email-JSON, SQS and SMS

Answer 224

A

VMware vSphere VMs
Hyper-V VMs

• AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS. AWS SMS allows you to automate, schedule, and track incremental replications of live server volumes, making it easier for you to coordinate large-scale server migrations. Currently, you can migrate virtual machines from VMware vSphere and Windows Hyper-V to AWS using AWS Server Migration Service

Answer 225

A

Amazon Elasticsearch Service

For operational analytics such as application monitoring, log analytics and clickstream analytics,Amazon Elasticsearch Service allows you to search, explore, filter, aggregate, and visualize your data in near real-time
For big data processing using the Spark and Hadoop frameworks,Amazon EMR provides a managed service that makes it easy, fast, and cost-effective to process vast amounts data
For interactive analysis,Amazon Athena makes it easy to analyze data directly in S3 and Glacier using standard SQL queries
For dashboards and visualizations,Amazon QuickSight provides you a fast, cloud-powered business analytics service, that that makes it easy to build stunning visualizations and rich dashboards that can be accessed from any browser or mobile device

• https://aws.amazon.com/big-data/datalakes-and-analytics/

Answer 226

A

A Virtual Private Gateway

A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection
A customer gateway is a physical device or software application on your side of the VPN connection
NAT devices and firewalls are not required for an AWS managed VPN

Answer 227

A

On Amazon S3

Snapshots capture a point-in-time state of an instance. Snapshots are stored on S3
https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-storage/

Answer 228

A

Classic Load Balancer (CLB)

CLBs process traffic at the TCP, SSL, HTTP and HTTPS levels (layer 4 & 7)
ALBs process traffic at the HTTP,HTTPS level (layer 7)
NLBs process traffic at the TCP level (layer 4)

Answer 229

A

Amazon CloudWatch Logs
Splunk

Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. Used to collect and track metrics, collect and monitor log files, and set alarms
Options for storing logs include CloudWatch Logs, Amazon S3 by using a custom script, and a centralized logging system such as Splunk

Answer 230

A

The most recent snapshot only

• if you make periodic snapshots of a volume, the snapshots are incremental, which means that only the blocks on the device that have changed after your last snapshot are saved in the new snapshot. Even though snapshots are saved incrementally, the snapshot deletion process is designed so that you need to retain only the most recent snapshot in order to restore the volume

Answer 231

A

DynamoDB Table
CloudWatch

The Amazon S3 notification feature enables you to receive notifications when certain events happen in your bucket
Notifications can be sent to: SNS Topics, SWS Queues, and Lambda functions

Answer 232

A

Amazon Glacier

• Only Amazon Glacier has a minimum storage duration charge of 90 days. Standard-IA and One Zone-IA both have a minimum storage duration charge of 30 days

Brainscape's Knowledge GenomeTM

Technology Flashcards

36% of Exam

Brainscape's Knowledge Genome^TM