Technology Flashcards
36% of Exam
Which AWS service is primarily used for software version control?
- AWS CodeCommit
- AWS CodeStar
- AWS Cloud9
- AWS CodeDeploy
- AWS CodeCommit
• AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem
Which AWS service can you use to install a third-party database?
- Amazon RDS
- Amazon DynamoDB
- Amazon EC2
- Amazon EMR
- Amazon EC2
• All of these services are managed services except for Amazon EC2. EC2 is the only service in the list upon which you can manually install the database software of your choice
Identify the services that have a global (rather than regional) scope? (choose 2)
- Amazon Route 53
- Amazon S3
- Amazon CloudFront
- AWS Lambda
- Amazon EC2
- Amazon Route 53
- Amazon CloudFront
- Amazon Route 53 and Amazon CloudFront have a global scope
- Amazon S3 uses a global namespace but buckets and objects are created within a region
- AWS Lambda is a regional service
Which service can you use to provision a preconfigured server with little to no AWS experience?
- Amazon Elastic Beanstalk
- AWS Lambda
- Amazon EC2
- Amazon Lightsail
- Amazon Lightsail
- Lightsail provides preconfigured virtual private servers (instances) that include everything required to deploy and application or create a database
- Deploying a server on Lightsail is extremely easy and does not require knowledge of how to configure VPCs, security groups, network ACLs etc.
Which AWS service allows you to connect to storage from on-premise servers using standard file protocols?
- Amazon S3
- Amazon EBS
- Amazon Glacier
- Amazon EFS
- Amazon EFS
- EFS filesystems are mounted using the NFS protocol (which is a file-level protocol)
- Access to EFS file systems from on-premises servers can be enabled via Direct Connect or AWS VPN
- You mount an EFS file system on your on-premises Linux server using the standard Linux mount command for mounting a file system via the NFSv4.1 protocol
Which AWS services are used for analytics? (choose 2)
- Amazon RDS
- Amazon ElastiCache
- Amazon Athena
- Amazon S3
- Amazon EMR
- Amazon Athena
- Amazon EMR
- Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instance
- Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL
Which service can be used to track the CPU usage of an EC2 instance?
- Amazon CloudTrail
- Amazon CloudFront
- Amazon CloudFormation
- Amazon CloudWatch
- Amazon CloudWatch
- Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS
- CloudWatch is for performance monitoring, whereas CloudTrail is for auditing
Which items can be configured from within the VPC management console? (choose 2)
- Subnets
- Regions
- Load Balancing
- Auto Scaling
- Security Groups
- Subnets
- Security Groups
- Regions are not configured, resources within regions are configured
- Load balancing and auto scaling is configured from the EC2 console
Which service allows you to automatically expand and shrink your application in response to demand?
- AWS ElastiCache
- Amazon Elastic Load Balancing
- AWS Auto Scaling
- Amazon DynamoDB
- AWS Auto Scaling
• Auto Scaling automatically responds to demand by adding or removing EC2 instances to ensure the right amount of compute capacity is available at any time
Which of the statements below is accurate regarding Amazon S3 buckets? (choose 2)
- Bucket names must be unique regionally
- Buckets are replicated globally
- Bucket names must be unique globally
- Buckets are region-specific
- Buckets can contain other buckets
- Bucket names must be unique globally
- Buckets are region-specific
- S3 uses a universal (global) namespace, which means bucket names must be unique globally. However, you create the buckets in a region and the data never leaves that region unless explicitly configured to do so through cross-region replication (CRR)
- Objects within a bucket are replicated within a region across multiple AZs (except for the One-Zone IA class)
- You cannot create nested buckets
Which AWS storage technology can be considered a “virtual hard disk in the cloud”?
- Amazon Elastic File Storage (EFS) filesystem
- Amazon Elastic Block Storage (EBS) volume
- Amazon S3 object
- Amazon Glacier archive
- Amazon Elastic Block Storage (EBS) volume
• An EBS volume is a block storage device that is most similar to a virtual hard disk in the cloud as when attached to an instance it appears as a local disk that can have an operating system installed on or be formatted and used for any other local storage purpose
Which service records API activity on your account and delivers log files to an Amazon S3 bucket?
- Amazon CloudWatch
- Amazon S3 Event Notifications
- Amazon CloudTrail
- Amazon CloudWatch Logs
- Amazon CloudTrail
- AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket
- CloudTrail is for auditing (CloudWatch is for performance monitoring)
Which services are integrated with KMS encryption? (choose 2)
- Amazon RDS
- Amazon EC2
- Amazon EBS
- Amazon SWF
- AWS CloudFormation
- Amazon RDS
- Amazon EBS
• https://aws.amazon.com/kms/features/
The IAM service can be used to manage which objects? (choose 2)
- Security groups
- Access policies
- Roles
- Network ACLs
- Key pairs
- Access policies
- Roles
- Access policies are objects that you attach to entities and resources to define their permissions
- Roles are created and then “assumed” by trusted entities and define a set of permissions for making AWS service requests
- Security groups and network ACLs are used as instance-level and subnet-level firewalls respectively
A company plans to create a hybrid cloud architecture. What technology will allow them to create a hybrid cloud?
- VPC Peering
- Internet Gateway
- Direct Connect
- Elastic Network Interface
- Direct Connect
• Direct Connect provides a low-latency, high bandwidth connection to connect customer on-premise environments with the AWS cloud which allows them to create a “hybrid” cloud architecture
Which service supports the resolution of public domain names to IP addresses or AWS resources?
- Amazon Route 53
- Amazon CloudFront
- Amazon SNS
- Hosted Zones
- Amazon Route 53
• Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service
What can you use to quickly connect your office securely to your Amazon VPC?
- Route Table
- Internet Gateway
- Direct Connect
- AWS managed VPN
- AWS managed VPN
- An AWS managed VPN can be used to quickly connect from an office to an Amazon VPC
- Direct Connect provides high-bandwidth, low-latency connectivity but takes weeks to months to setup (and is much more expensive)
Which service can be used for building and integrating loosely-coupled, distributed applications?
- Amazon EBS
- Amazon SNS
- Amazon EFS
- Amazon RDS
- Amazon SNS
• Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud
Which type of Amazon Elastic Load Balancer operates at layer 7 of the OSI model?
- Application Load Balancer
- Network Load Balancer
- Classic Load Balancer
- F5 Load Balancer
- Application Load Balancer
- Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request
- Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data
- Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7
Which services can help to automate a company’s IT infrastructure? (choose 2)
- Amazon CloudWatch Alarms
- Amazon Route 53
- AWS Lambda Scheduled Events
- Virtual Private Cloud
- Elastic Network Interface
- Amazon CloudWatch Alarms
- AWS Lambda Scheduled Events
- Amazon CloudWatch Alarms – You can create a CloudWatch alarm that sends an Amazon Simple Notification Service (Amazon SNS) message when a particular metric goes beyond a specified threshold for a specified number of periods
- AWS Lambda Scheduled events – These events allow you to create a Lambda function and direct AWS Lambda to execute it on a regular schedule
Which database service is a NoSQL type of database that is fully managed?
- Amazon RDS
- Amazon DynamoDB
- Amazon RedShift
- Amazon ElastiCache
- Amazon DynamoDB
- DynamoDB is Amazon’s fully managed non-relational database service
- Amazon RDS is a relational (SQL) type of database
- Amazon RedShift is a data warehouse that can be analyzed using SQL tools
Which storage service allows you to connect multiple EC2 instances concurrently using file-level protocols?
- Amazon S3
- Amazon EBS
- Amazon EFS
- Amazon Glacier
- Amazon EFS
- Amazon Elastic File System allows you to connect hundreds or thousands of EC2 instances concurrently and is accessed using the file-level NFS protocol
- Amazon Elastic Block Storage provides block-level volumes to individual EC2 instances (cannot connect multiple instances to a single EBS volume)
- Amazon S3 is an object storage system and Glacier is used for archiving S3 objects
What type of database supports complex queries and joins and is suitable for a transactional database deployment?
- Amazon RDS
- Amazon DynamoDB
- Amazon RedShift
- Amazon EMR
- Amazon RDS
- Amazon DynamoDB is a NoSQL database and does not support to complex queries and joins
- Amazon RedShift is a data warehouse used for analytic not transactional databases
- Amazon EMR is a Hadoop service that is not suitable for transactional databases
Which service allows you to run code as functions without needing to provision or manage servers?
- Amazon EC2
- Amazon CodeDeploy
- AWS Lambda
- Amazon EKS
- AWS Lambda
- AWS Lambda is a serverless computing technology that allows you to run code without provisioning or managing servers
- AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
- Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to stand up or maintain your own Kubernetes control plane
What benefits does Amazon EC2 provide over using non-cloud servers? (choose 2)
- Complete control of the hypervisor layer
- Elastic web-scale computing
- Inexpensive
- Fault tolerance
- High-availability with an SLA of 99.99%
- Elastic web-scale computing
- Inexpensive
- Elastic Web-Scale computing– you can increase or decrease capacity within minutes not hours and commission one to thousands of instances simultaneously
- Inexpensive – Amazon passes on the financial benefits of scale by charging very low rates and on a capacity consumed basis
- Amazon EC2 does not provide any control of the hypervisor or underlying hardware infrastructure
- EC2 offers a highly reliable environment where replacement instances can be rapidly and predictably commissioned with SLAs of 95% for each region
Which type of Elastic Load Balancer operates at the connection layer (layer 4) and supports IP addresses as targets?
- Application Load Balancer
- Network Load Balancer
- Classic Load Balancer
- ELBs do not support IP addresses as targets
- Network Load Balancer
- Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data
- The NLB and ALB support IP addresses as targets but only the NLB operates at layer 4
- Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request
- Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7
Which of the following are features of Amazon CloudWatch? (choose 2)
- Used to gain system-wide visibility into resource utilization
- Records account activity and service events from most AWS services
- Used for auditing of API calls
- Can be accessed via API, command-line interface, AWS SDKs, and the AWS Management Console
- Provides visibility into user activity by recording actions taken on your account
- Used to gain system-wide visibility into resource utilization
- Can be accessed via API, command-line interface, AWS SDKs, and the AWS Management Console
- Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS
- CloudWatch is for performance monitoring (CloudTrail is for auditing)
- CloudTrail is for auditing (CloudWatch is for performance monitoring)
- CloudTrail records account activity and service events from most AWS services
Amazon S3 bucket names must follow as set of rules. Which of the rules below apply to Amazon S3 bucket names? (choose 2)
- Names must be unique across all of AWS
- Names must be 3 to 63 characters in length
- Names must contain uppercase letters
- Names must be unique within a region
- Names must be formatted as a DNS domain name
- Names must be unique across all of AWS
- Names must be 3 to 63 characters in length
• Bucket names must follow the following rules:
– Names must be unique across all of AWS
– Names must be 3 to 63 characters in length
– Names can only contain lowercase letters, numbers and hyphens
– Names cannot be formatted as an IP address
Which of the following statements are correct about Elastic Block Store (EBS) volumes? (choose 2)
- Root EBS volumes are retained on termination by default
- EBS volumes must be in the same AZ as the instances they are attached to
- You can attach multiple EBS volumes to an instance
- You can attach an EBS volume to multiple instances
- EBS volumes cannot be backed up
- EBS volumes must be in the same AZ as the instances they are attached to
- You can attach multiple EBS volumes to an instance
- EBS volumes must be in the same AZ as the instances they are attached to
- You can attach multiple EBS volumes to an instance
- Root EBS volumes are deleted on termination by default
- You cannot attach an EBS volume to multiple instances
- EBS volumes can be backed up by taking a snapshot
Which statement below is incorrect in relation to Network ACLs?
- Operate at the Availability Zone level
- Support allow and deny rules
- Stateless
- Process rules in order
- Operate at the Availability Zone level
- Network ACLS operate at the subnet level
- https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-networking/
What benefits are provided by Amazon CloudFront? (choose 2)
- Allows you to register domain names
- Built-in Distributed Denial of Service (DDoS) attack protection
- Used to enable private subnet instances to access the Internet
- Content is cached at Edge Locations for fast distribution to customers
- Provides a worldwide distributed DNS service
- Built-in Distributed Denial of Service (DDoS) attack protection
- Content is cached at Edge Locations for fast distribution to customers
• Benefits include:
– Cache content at Edge Location for fast distribution to customers
– Built-in Distributed Denial of Service (DDoS) attack protection
– Integrates with many AWS services (S3, EC2, ELB, Route 53, Lambda)
• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/content-delivery-and-dns-services/
Which service can be used to help you to migrate databases to AWS quickly and securely?
- AWS KMS
- AWS SMS
- AWS DMS
- AWS Migration Hub
- AWS DMS
- AWS Database Migration Service helps you migrate databases to AWS quickly and securely
- AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS
- AWS Key Management Service (KMS) is used for managing encryption keys
- AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions
Which feature can you use to grant read/write access to an Amazon S3 bucket?
- IAM Role
- IAM Policy
- IAM Group
- IAM User
- IAM Policy
- IAM Policies are documents that define permissions and can be applied to users, groups and roles
- IAM policies can be written to grant access to Amazon S3 buckets
- IAM Roles are created and then “assumed” by trusted entities and define a set of permissions for making AWS service requests
- IAM Groups are collections of users and have policies attached to them
Which AWS service is used to enable multi-factor authentication?
- Amazon STS
- AWS IAM
- Amazon EC2
- AWS KMS
- AWS IAM
- IAM is used to securely control individual and group access to AWS resources
- The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users)
- AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data
- Amazon EC2 is used for running operating systems instances in the cloud
Which AWS service can be used to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PC?
- Elastic Transcoder
- Elastic Beanstalk
- Elastic Load Balancer
- Auto Scaling
- Elastic Transcoder
- Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or “transcode”) video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs
- AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud
What method can you use to take a backup of an Amazon EC2 instance using AWS tools?
- Take full and incremental file-level backups using the backup console
- Take application-consistent backups using the EC2 API
- Use Cross Region Replication (CRR) to copy the instance to another region
- Take a snapshot to capture the point-in-time state of the instance
- Take a snapshot to capture the point-in-time state of the instance
- You can take snapshots of EC2 instances which creates a point-in-time copy of the instance. Snapshots are stored on S3
- There is no backup console to take full and incremental backups
- There is no way of taking application-consistent backups using any AWS tools
- Cross Region Replication is used to replicate Amazon S3 buckets are across regions
Which AWS service allows you to use block-based volumes on-premise that are then asynchronously backed up to Amazon S3?
- AWS Storage Gateway File Gateway
- AWS Storage Gateway Volume Gateway
- Amazon S3 Multi-Part upload
- Amazon S3 Transfer Acceleration
- AWS Storage Gateway Volume Gateway
• AWS Storage Gateway Volume Gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored mode
• AWS Storage Gateway Volume Gateway operates in 2 modes:
– Stored Volume mode – the entire dataset is stored on-site and is asynchronously backed up to S3 (EBS point-in-time snapshots). Snapshots are incremental and compressed
– Cached Volume mode – the entire dataset is stored on S3 and a cache of the most frequently accessed data is cached on-site
When instantiating compute resources, what are two techniques for using automated, repeatable processes that are fast and avoid human error? (choose 2)
- Snapshotting
- Bootstrapping
- Fault tolerance
- Infrastructure as code
- Performance monitoring
- Bootstrapping
- Infrastructure as code
- With infrastructure as code AWS assets are programmable, so you can apply techniques, practices, and tools from software development to make your whole infrastructure reusable, maintainable, extensible, and testable
- With bootstrapping you can execute automated actions to modify default configurations. This includes scripts that install software or copy data to bring that resource to a particular state
- Snapshotting is about saving data, not instantiating resources. Fault tolerance is a method of increasing the availability of your system when components fail. Performance monitoring has nothing to do with instantiating resources
Which AWS service can an organization use to automate operational tasks on EC2 instances using existing Chef cookbooks?
- AWS OpsWorks
- AWS Service Catalog
- AWS Config
- AWS CodeDeploy
- AWS OpsWorks
- AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. With Chef, you use code templates, or cookbooks, to describe the desired configuration of instances or on-premises server
- AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS
- AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resource
- AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
Which AWS service can be used to process a large amount of data using the Hadoop framework?
- Amazon Athena
- Amazon Kinesis
- AWS Glue
- Amazon EMR
- Amazon EMR
- Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances
- Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information
- AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics
- Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL
Which feature of Amazon Rekognition can assist with saving time?
- Identification of objects in images and videos
- Identification of the language of text in a document
- Adds automatic speech recognitions (ASR) to applications
- Provides on-demand access to compliance-related information
- Identification of objects in images and videos
- Amazon Rekognition makes it easy to add image and video analysis to your applications. You just provide an image or video to the Rekognition API, and the service can identify the objects, people, text, scenes, and activities, as well as detect any inappropriate content
- Amazon Comprehend identifies the language of the text; extracts key phrases, places, people, brands, or events; understands how positive or negative the text is; analyzes text using tokenization and parts of speech; and automatically organizes a collection of text files by topic
- Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for developers to add speech-to-text capability to their applications
- AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements
Which service provides visibility into user activity by recording actions taken on your account?
- Amazon CloudWatch
- Amazon CloudFormation
- Amazon CloudTrail
- Amazon CloudHSM
- Amazon CloudTrail
- CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket
- CloudTrail is for auditing (CloudWatch is for performance monitoring)
- CloudFormation is used for deploying infrastructure through code
- CloudHSM is a hardware security module for generating, managing and storing encryption keys
Which of the facts below are accurate in relation to AWS Regions? (choose 2)
- Each region consists of 2 or more availability zones
- Each region consists of a collection of VPCs
- Each region is designed to be completely isolated from the other Amazon Regions
- Regions have direct, low-latency, high throughput and redundant network connections between each other
- Regions are Content Delivery Network (CDN) endpoints for CloudFront
- Each region consists of 2 or more availability zones
- Each region is designed to be completely isolated from the other Amazon Regions
- A region is not a collection of VPCs, it is composed of at least 2 AZs. VPCs exist within accounts on a per region basis
- Availability Zones (not regions) have direct, low-latency, high throughput and redundant network connections between each other
- Edge locations are (not regions) are Content Delivery Network (CDN) endpoints for CloudFront
Which AWS service provides elastic web-scale cloud computing allowing you to deploy operating system instances?
- Amazon EBS
- AWS Lambda
- Amazon RDS
- Amazon EC2
- Amazon EC2
• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-compute/
You need to ensure you have the right amount of compute available to service demand. Which AWS service can automatically scale the number of EC2 instances for your application?
- Amazon Elastic Load Balancer
- Amazon Elasticache
- AWS Auto Scaling
- AWS RedShift
- AWS Auto Scaling
- Auto Scaling automates the process of adding (scaling up) OR removing (scaling down) EC2 instances based on the traffic demand for your application
- ELB automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses
- Amazon Redshift is a fast, scalable data warehouse that makes it simple and cost-effective to analyze all your data across your data warehouse and data lake
Which types of AWS resource can be launched from a Golden Image? (choose 2)
- Amazon DynamoDB tables
- Amazon EC2 instances
- AWS Lambda functions
- Amazon RDS instances
- Amazon S3 objects
- Amazon EC2 instances
- Amazon RDS instances
• Some resource types can be launched from a golden image. A golden image is a snapshot of a particular state for that resource. Examples are EC2 instances, RDS instances and EBS volumes
Using AWS terminology, which items can be created in an Amazon S3 bucket? (choose 2)
- Folders
- Files
- Tables
- Objects
- Queues
- Folders
- Objects
- You can create folders within buckets and can also upload objects
- As S3 is an object store you create objects not files
- Tables and queues cannot be created on S3
What are two ways of connecting to an Amazon VPC from an on-premise data center? (choose 2)
- VPC Peering
- Direct Connect
- VPN CloudHub
- Internet Gateway
- VPC Router
- Direct Connect
- VPN CloudHub
- You can connect from your on-premise data center to a VPC via Direct Connect or VPN CloudHub
- AWS Direct Connect is a network service that provides an alternative to using the Internet to connect a customer’s on premise sites to AWS
- If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CloudHub
- Internet gateways and VPC routers are components of a VPC and are not used for connecting from external locations
Which of the below is Amazon’s proprietary RDS database?
- MariaDB
- MySQL
- DynamoDB
- Aurora
- Aurora
- MariaDB and MySQL can be used on RDS but they are not Amazon proprietary
- DynamoDB is an Amazon proprietary DB but it is not an RDS DB
A new user is unable to access any AWS services, what is the most likely explanation?
- The user needs to login with a key pair
- The services are currently unavailable
- By default new users are created without access to any AWS services
- The default limit for user logons has been reached
- By default new users are created without access to any AWS services
- By default new users are created with NO access to any AWS services – they can only login to the AWS console
- https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/identity-and-access-management/
Which of the following services does Amazon Route 53 provide? (choose 2)
- Domain registration
- Route tables
- Domain Name Service (DNS)
- Auto Scaling
- Load balancing
- Domain registration
- Domain Name Service (DNS)
- Route 53 services include domain registration, DNS, health checking (availability monitoring) and traffic management
- https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/content-delivery-and-dns-services/
Which file format is used to write AWS Identity and Access Management (IAM) policies?
- DOC
- XML
- JBOD
- JSON
- JSON
• You manage access in AWS by creating policies and attaching them to IAM identities or AWS resources. A policy is an object in AWS that, when associated with an entity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents
An architect needs to compare the cost of deploying an on-premise web server and an EC2 instance on the AWS cloud. Which tool can be used to assist the architect?
- AWS Cost Explorer
- AWS Budgets
- AWS TCO Calculator
- AWS Simple Monthly Calculator
- AWS TCO Calculator
- The TCO calculator is a free tool provided by AWS that allows you to estimate the cost savings of using the AWS Cloud vs. using an on-premised data center
- The AWS Cost Explorer is a free tool that allows you to view charts of your costs
- The AWS Simple Monthly Calculator helps customers and prospects estimate their monthly AWS bill more efficiently
- AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed
Which AWS service provides preconfigured virtual private servers (instances) that include everything required to deploy an application or create a database?
- AWS CloudFormation
- Amazon Lightsail
- Amazon ECS
- AWS Lambda
- Amazon Lightsail
- Lightsail includes everything you need to launch your project quickly – a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP
- CloudFormation is used to deploy resources through code, as a service it does not include preconfigured servers
- Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances
A Solutions Architect is launching a new EC2 instance that will be a web-server. Which EBS volume type provides a good balancer of price and performance and can be used as a system boot volume?
- Cold HDD (sc1)
- Throughput Optimized (st1)
- General Purpose (gp2)
- Provisioned IOPS (io1)
- General Purpose (gp2)
- General purpose SSD provides a good balance of price to performance, is suitable for most workloads and can be used as a system boot volume
- Provisioned IOPS SSD is a high-performance volume type that is more expensive and should be used for apps that require the higher performance
- Cold HDD cannot be used as a boot volume and is good for throughput oriented storage for infrequently accessed data
- Throughput Optimized volumes are ideal for streaming workloads with fast throughput such as big data and data warehouses
Which Amazon S3 storage tier provides does not include a data retrieval fee and has an availability SLA of 99.99%?
- S3 Standard
- S3 Standard-IA
- S3 One Zone-IA
- Amazon Glacier
- S3 Standard
- All of the storage tiers listed include a data retrieval fee except for S3 Standard
- Availability SLAs are: S3 Standard = 99.99%; S3 Standard-IA = 99.9%; S3 One Zone-IA = 99%; Amazon Glacier = no SLA
An organization would like to run managed desktops on the AWS cloud using the Windows 10 operating system. Which service can deliver these requirements?
- Amazon EC2
- Amazon Workspaces
- Amazon SWF
- Amazon does not provide desktop services
- Amazon Workspaces
- Amazon WorkSpaces is a managed desktop computing service running on the AWS cloud
- WorkSpaces allows customers to easily provision cloud-based desktops that allow end-users to access documents and applications
- WorkSpaces offers bundles that come with a Windows 7 or Windows 10 desktop experience, powered by Windows Server 2008 R2 and Windows Server 2016 respectively
What features does Amazon RDS provide to deliver scalability, availability and durability? (choose 2)
- Multi-AZ
- Read Replicas
- DB mirroring
- Clustering
- Multi-Subnet
- Multi-AZ
- Read Replicas
- Multi-AZ RDS creates a replica in another AZ and synchronously replicates to it (DR only)
- Read replicas are used for read heavy DBs and replication is asynchronous
- DB mirroring, multi-subnet and clustering are not options provided by RDS
An architect wants to find a tool for consistently deploying the same resources through a templated configuration. What AWS service can be used?
- AWS Elastic Beanstalk
- AWS CodeBuild
- AWS CodeDeploy
- AWS CloudFormation
- AWS CloudFormation
- AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts
- AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
- AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy
- AWS Elastic Beanstalk is the fastest and simplest way to get web applications up and running on AWS
Which AWS service can be used to host a static website?
- Amazon S3
- Amazon EBS
- AWS Lambda
- Amazon EFS
- Amazon S3
- Amazon S3 can be used to host static websites. It is not possible to use dynamic content. You can use a custom domain name if you configure the bucket name to match
- https://digitalcloud.training/certification-training/aws-solutions-architect-associate/storage/amazon-s3/
What type of storage is provided by Amazon EBS?
- Block
- File
- Object
- Relational
- Block
- Amazon Elastic Block Storage (EBS) is block storage. This means you can mount the volume for operating systems and format and partition as if it is a local disk
- File and object are other types of storage that you can use with AWS. File storage is provided by EFS and object storage is provided by Amazon S3
- Relational is not a type of storage, it is typically used to describe a type of database such as RDS
What type of database is fully managed and can be scaled without incurring downtime?
- Amazon RDS
- Amazon S3
- Amazon DynamoDB
- Amazon ElastiCache
- Amazon DynamoDB
- DynamoDB is fully managed and can be scaled without incurring downtime
- S3 is not a fully managed database, it is an object store
- Both RDS and ElastiCache use EC2 instances and therefore scaling (vertically) requires downtime
Which of the following services allow root level access to the operating system? (choose 2)
- Amazon ElastiCache
- Amazon EC2
- Amazon SQS
- Amazon EMR
- Amazon SWF
- Amazon EC2
- Amazon EMR
• In this list only EC2 and EMR allow root level access to the operating system
You need to implement a hosted queue for storing messages in transit between application servers. Which service should you use?
- Amazon SWF
- Amazon SNS
- Amazon SQS
- Amazon DynamoDB
- Amazon SQS
- Amazon Simple Queue Service (Amazon SQS) is a web service that gives you access to message queues that store messages waiting to be processed. SQS offers a reliable, highly-scalable, hosted queue for storing messages in transit between computers. SQS is used for distributed/decoupled application
- Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps
- Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications
Which AWS network element allows you to assign a static IPv4 address to an EC2 instance?
- Public IP
- Elastic IP
- Static IP
- Dynamic IP
- Elastic IP
- An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account
- An Elastic IP is a public IP however in the AWS cloud an elastic IP is the construct used to assign a public IP to an EC2 instance
- Static IP and dynamic IP are terms used to describe IP addresses (public or private) that are either statically defined or dynamically obtained (through DHCP)
An architect is creating a scalable application using AWS Auto Scaling. What needs to be created to enable a working configuration? (choose 2)
- Create a listener
- Create an Auto Scaling group
- Create a launch configuration
- Create a target group
- Create a listener rule
- Create an Auto Scaling group
- Create a launch configuration
- To setup Auto Scaling, two of the tasks that need to be performed are to create a launch configuration and an Auto Scaling group
- Listeners, listener rules and target groups are associated with Elastic Load Balancing
A Solutions Architect is designing an application stack that will be highly elastic. What AWS services can be used that don’t require you to make any capacity decisions upfront? (choose 2)
- AWS Lambda
- Amazon EC2
- Amazon S3
- Amazon RDS
- DynamoDB
- AWS Lambda
- Amazon S3
- With Amazon S3 you don’t need to specify any capacity at any time, the service scales in both capacity and performance as required
- AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume – there is no charge when your code is not running
- With Amazon EC2 you need to select your instance sizes and number of instances
- With RDS you need to select the instance size for the DB
- With DynamoDB you need to specify the read/write capacity of the DB
Which AWS service can assist with coordinating tasks across distributed application components?
- Amazon STS
- Amazon SQS
- Amazon SWF
- Amazon SNS
- Amazon SWF
- Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks
- Amazon Security Token Service (STS) is used for requesting temporary credentials
- Amazon Simple Queue Service (SQS) is a message queue used for decoupling application components
- Amazon Simple Notification Service (SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud
What kinds of routing policies are available in Amazon Route 53? (choose 2)
- Simple
- Failback
- Fault tolerant
- Latency
- Shortest Path First
- Simple
- Latency
• Route 53 routing policies include Simple, Weighted, Latency based, Failover, Geo-location, Geo-Proximity, Multi-Value and Traffic Flow
What components can be managed in the Virtual Private Cloud (VPC) management console? (choose 2)
- Subnets
- Elastic Load Balancers
- Auto Scaling
- IP CIDR
- Snapshots
- Subnets
- IP CIDR
- Within the management console for VPC you can manage items such as subnets and the IP CIDR block for the VPC
- The other answers are all items that can be managed within the EC2 management console
Which services are managed at a regional (rather than global) level? (choose 2)
- Amazon CloudFront
- Amazon Route 53
- Amazon S3
- Amazon EC2
- AWS IAM
- Amazon S3
- Amazon EC2
- Both Amazon EC2 and Amazon S3 are managed at a regional level. Note: Amazon S3 is a global namespace but you still create your buckets within a region
- CloudFront, Route 52 and IAM and managed at a global level
What are the names of two types of AWS Storage Gateway? (choose 2)
- S3 Gateway
- File Gateway
- Block Gateway
- Gateway Virtual Tape Library
- Cached Gateway
- File Gateway
- Gateway Virtual Tape Library
- The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud. It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. AWS Storage Gateway supports three storage interfaces: file, volume, and tape
- File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3
- The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes
- Gateway Virtual Tape Library is used for backup with popular backup software
To connect an on-premises network to an Amazon VPC using an Amazon Managed VPN connection, which components are required? (choose 2)
- VPC Router
- Virtual Private Gateway
- NAT Instance
- Direct Connect
- Customer Gateway
- Virtual Private Gateway
- Customer Gateway
- Two of the components you need to connect to your VPC with a VPN connection are a virtual private gateway on the VPC side and a customer gateway on the on-premise network side
- VPC routers are not part of the VPN configuration
- NAT instances are not used for VPN, they are used by EC2 instances in private subnets to access the Internet
- Direct Connect can be used to connect an on-premise network to the cloud however it is not part of the configuration of an Amazon Managed VPN connection
Which AWS service can be used to run Docker containers?
- AWS Lambda
- Amazon ECR
- Amazon ECS
- Amazon AMI
- Amazon ECS
- Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances
- AWS Lambda is a serverless technology that lets you run code in response to events as functions
- Amazon Elastic Container Registry (ECR) is a fully-managedDocker container registry that makes it easy for developers to store, manage, and deploy Docker container images
- Amazon Machine Images (AMI) store configuration information for Amazon EC2 instances
How can you apply metadata to an EC2 instance that categorizes it according to its purpose, owner or environment?
- Labels
- Tags
- Hostname
- Stickers
- Tags
• A tag is a label that you assign to an AWS resource. Each tag consists of akey and an optional value, both of which you define. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment
Which tool can be used to create and manage a selection of AWS services that are approved for use on AWS?
- AWS Service Catalog
- AWS OpsWorks
- Amazon Cloud Directory
- AWS Organizations
- AWS Service Catalog
- AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures
- AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet
- Amazon Cloud Directory enables you to build flexible cloud-native directories for organizing hierarchies of data along multiple dimensions
- AWS Organizations offers policy-based management for multiple AWS accounts
Which database engines are supported by Amazon RDS? (choose 2)
- DynamoDB
- SQL Server
- ElastiCache
- Aurora
- MongoDB
- SQL Server
- Aurora
- RDS supports the following engines: SQL Server, Oracle, MySQL Server, PostgreSQL, Aurora, MariaDB
- DynamoDB is Amazon’s NoSQL database
- MongoDB is a No SQL database
What categories of Amazon Machine Image (AMI) are available? (choose 2)
- Community AMIs
- Enterprise AMIs
- AWS Marketplace AMIs
- Shared AMIs
- Partner AMIs
- Community AMIs
- AWS Marketplace AMIs
• AMIs come in three main categories:
– Community AMIs– free to use, generally you just select the operating system you want
– AWS Marketplace AMIs– pay to use, generally come packaged with additional, licensed software
– My AMIs– AMIs that you create yourself
Which statements are true about Amazon EBS volumes? (choose 2)
- You can attach EBS volumes to multiple instances
- EBS volumes must be in the same AZ as the instances they are attached to
- You can attach multiple EBS volumes to an instance
- EBS volume data is ephemeral and is lost when an instance is stopped
- EBS volumes are object storage
- EBS volumes must be in the same AZ as the instances they are attached to
- You can attach multiple EBS volumes to an instance
- You cannot attach an EBS volume to multiple instances (use Elastic File Store instead)
- EBS volume data persists independently of the life of the instance
- EBS volumes are block storage
What is required to enable an EC2 instance in a public subnet to access the Internet? (choose 2)
- A public IP address
- A NAT Gateway
- A NAT Instance
- A VPN connection
- A route to an Internet Gateway
- A public IP address
- A route to an Internet Gateway
- A public subnet is a subnet that is configured to assign public IP addresses to instances and which has a route to an Internet Gateway (which is created at the VPC level) configured in the route table
- NAT instances and NAT gateways are used by EC2 instances in private subnets (without public IPs) to access the Internet
- A VPN connection is used to establish a secure connection between the AWS cloud and an on-premise data center or other cloud location. They are not used to access the Internet
What types of origins are supported by Amazon CloudFront? (choose 2)
- EBS volume
- S3 object
- Elastic Load Balancer
- EC2 instance
- Elastic File System
- Elastic Load Balancer
- EC2 instance
• An origin is the origin of the files that the CDN will distribute. Origins can be either an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53 – can also be external (non-AWS)
Which feature enables fast, easy, and secure transfers of files over long distances between a client and an Amazon S3 bucket?
- S3 Static Websites
- S3 Copy
- Multipart Upload
- S3 Transfer Acceleration
- S3 Transfer Acceleration
- Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket. S3 Transfer Acceleration leverages Amazon CloudFront’s globally distributed AWS Edge Locations
- With S3 copy you can create a copy of objects up to 5GB in size in a single atomic operation
- Multipart upload can be used to speed up uploads to S3
- S3 can also be used to host static websites
How is data protected by default in Amazon S3?
- Buckets are replicated across all regions
- Objects are redundantly stored on multiple devices across multiple facilities within a region
- Objects are redundantly stored on multiple devices across multiple facilities across all regions
- Objects are copied across at least two Availability Zones per region
- Objects are redundantly stored on multiple devices across multiple facilities within a region
- Amazon S3 provides a highly durable storage infrastructure designed for mission-critical and primary data storage. Objects are redundantly stored on multiple devices across multiple facilities in an Amazon S3 region
- Amazon does not specify how data is replicated across AZs, the use the term facilities instead
Which data consistency models are available with Amazon S3? (choose 2)
- Eventual consistency for PUTS of new objects
- Read after write consistency for PUTS of new objects
- Eventual consistency for overwrite PUTS and DELETES
- Read after write consistency for overwrites PUTS and DELETES
- Accelerated consistency for all PUTS and DELETES
- Read after write consistency for PUTS of new objects
- Eventual consistency for overwrite PUTS and DELETES
• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-storage/
Which Amazon EC2 Reserved Instance type enables you to match your capacity reservation to predictable recurring dates and times?
- Standard RI
- Convertible RI
- Scheduled RI
- Customized RI
- Scheduled RI
- With RIs, you can choose the type that best fits your applications needs.
- Standard RIs: These provide the most significant discount (up to 75% off On-Demand) and are best suited for steady-state usage
- Convertible RIs: These provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. Like Standard RIs, Convertible RIs are best suited for steady-state usage
- Scheduled RIs: These are available to launch within the time windows you reserve. This option allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month
Which Amazon RDS database engines support AWS RDS Read Replicas? (choose 2)
- Oracle
- MySQL
- PostgreSQL
- Microsoft SQL Server
- DynamoDB
- MySQL
- PostgreSQL
- Read replicas are available for MySQL, PostgreSQL, MariaDB and Aurora (not SQL Server or Oracle)
- DynamoDB is not a type of RDS database and does not support read replicas
Which Amazon RDS feature enables disaster recovery by creating a replica in another Availability Zone and synchronously replicating data to it?
- Read Replica
- Multi-AZ
- DB mirroring
- Log shipping
- Multi-AZ
- Multi-AZ RDS creates a replica in another AZ and synchronously replicates to it (DR only)
- Read replicas are used for read-heavy DBs and replication is asynchronous
- DB mirroring and log shipping are not Amazon RDS features, they are methods of replicating data using native database technologies (rather than AWS technology)
Which AWS service can be used to ensure the persistence of in-flight transactions independently of any single application component?
- AWS CloudFormation
- Amazon DynamoDB
- AWS ElastiCache
- Amazon SQS
- Amazon SQS
- Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications
- SQS eliminates the complexity and overhead associated with managing and operating message oriented middleware, and empowers developers to focus on differentiating work
- In-flight messages are messages that have been picked up by a consumer but not yet deleted from the queue
Which of the below AWS services supports automated backups as a default configuration?
- Amazon S3
- Amazon RDS
- Amazon EC2
- Amazon EBS
- Amazon RDS
- RDS automated backups allow point in time recovery to any point within the retention period down to a second. When automated backups are turned on for your DB Instance, Amazon RDS automatically performs a full daily snapshot of your data (during your preferred backup window) and captures transaction logs (as updates to your DB Instance are made). Automated backups are enabled by default and data is stored on S3 and is equal to the size of the DB
- EC2 instances using EBS volumes can be backed up by creating a snapshot of the EBS volume
- Amazon S3 objects are replicated across multiple facilities. You can also archive data onto Amazon Glacier and use versioning to maintain copies of older versions of objects
How can you ensure that the EBS volumes attached to an EC2 instance are still available after the instance is terminated?
- EBS volumes automatically persist after the EC2 instance is terminated
- EBS volumes are always deleted when an EC2 instance is terminated
- Ensure the “DeleteOnTermination” attribute of the EBS volume is set to false while launching the instance
- Take a snapshot of the EBS volume
- Ensure the “DeleteOnTermination” attribute of the EBS volume is set to false while launching the instance
- Root EBS volumes are deleted on termination by default
- Extra non-boot volumes are not deleted on termination by default
- The behavior can be changed by altering the “DeleteOnTermination” attribute
Which EC2 tenancy model gives you visibility and control over how instances are placed on a server?
- Dedicated Instances
- Dedicated Hosts
- Dedicated Tenancy
- Dedicated EC2
- Dedicated Hosts
- A Dedicated Host is also a physical server that’s dedicated for your use. With a Dedicated Host, you have visibility and control over how instances are placed on the server
- Dedicated Instances are Amazon EC2 instances that run in a virtual private cloud (VPC) on hardware that’s dedicated to a single customer
- Dedicated tenancy ensures all EC2 instances that are launched in a VPC run on hardware that’s dedicated to a single customer
- Dedicated EC2 is not an available tenancy model
What is the best way to apply an organizational system to EC2 instances so they can be identified by descriptors such as purpose or department?
- Use descriptive hostnames
- Organize the instances into separate subnets
- Apply tags
- Use the instance meta-data
- Apply tags
- To help you manage your instances, images, and other Amazon EC2 resources, you can optionally assign your own metadata to each resource in the form of A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value, both of which you define. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment
- Using descriptive hostnames or organizing instances into separate subnets is a messy way to try and organize resources and lacks the power and flexibility of tagging
- Storing information in instance meta-data is possible but you need to retrieve the information, tags enable you to do this more easily