Technology Flashcards

36% of Exam

1
Q

Which AWS service is primarily used for software version control?

  1. AWS CodeCommit
  2. AWS CodeStar
  3. AWS Cloud9
  4. AWS CodeDeploy
A
  1. AWS CodeCommit

• AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which AWS service can you use to install a third-party database?

  1. Amazon RDS
  2. Amazon DynamoDB
  3. Amazon EC2
  4. Amazon EMR
A
  1. Amazon EC2

• All of these services are managed services except for Amazon EC2. EC2 is the only service in the list upon which you can manually install the database software of your choice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Identify the services that have a global (rather than regional) scope? (choose 2)

  1. Amazon Route 53
  2. Amazon S3
  3. Amazon CloudFront
  4. AWS Lambda
  5. Amazon EC2
A
  1. Amazon Route 53
  2. Amazon CloudFront
  • Amazon Route 53 and Amazon CloudFront have a global scope
  • Amazon S3 uses a global namespace but buckets and objects are created within a region
  • AWS Lambda is a regional service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which service can you use to provision a preconfigured server with little to no AWS experience?

  1. Amazon Elastic Beanstalk
  2. AWS Lambda
  3. Amazon EC2
  4. Amazon Lightsail
A
  1. Amazon Lightsail
  • Lightsail provides preconfigured virtual private servers (instances) that include everything required to deploy and application or create a database
  • Deploying a server on Lightsail is extremely easy and does not require knowledge of how to configure VPCs, security groups, network ACLs etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which AWS service allows you to connect to storage from on-premise servers using standard file protocols?

  1. Amazon S3
  2. Amazon EBS
  3. Amazon Glacier
  4. Amazon EFS
A
  1. Amazon EFS
  • EFS filesystems are mounted using the NFS protocol (which is a file-level protocol)
  • Access to EFS file systems from on-premises servers can be enabled via Direct Connect or AWS VPN
  • You mount an EFS file system on your on-premises Linux server using the standard Linux mount command for mounting a file system via the NFSv4.1 protocol
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which AWS services are used for analytics? (choose 2)

  1. Amazon RDS
  2. Amazon ElastiCache
  3. Amazon Athena
  4. Amazon S3
  5. Amazon EMR
A
  1. Amazon Athena
  2. Amazon EMR
  • Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instance
  • Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which service can be used to track the CPU usage of an EC2 instance?

  1. Amazon CloudTrail
  2. Amazon CloudFront
  3. Amazon CloudFormation
  4. Amazon CloudWatch
A
  1. Amazon CloudWatch
  • Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS
  • CloudWatch is for performance monitoring, whereas CloudTrail is for auditing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which items can be configured from within the VPC management console? (choose 2)

  1. Subnets
  2. Regions
  3. Load Balancing
  4. Auto Scaling
  5. Security Groups
A
  1. Subnets
  2. Security Groups
  • Regions are not configured, resources within regions are configured
  • Load balancing and auto scaling is configured from the EC2 console
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which service allows you to automatically expand and shrink your application in response to demand?

  1. AWS ElastiCache
  2. Amazon Elastic Load Balancing
  3. AWS Auto Scaling
  4. Amazon DynamoDB
A
  1. AWS Auto Scaling

• Auto Scaling automatically responds to demand by adding or removing EC2 instances to ensure the right amount of compute capacity is available at any time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the statements below is accurate regarding Amazon S3 buckets? (choose 2)

  1. Bucket names must be unique regionally
  2. Buckets are replicated globally
  3. Bucket names must be unique globally
  4. Buckets are region-specific
  5. Buckets can contain other buckets
A
  1. Bucket names must be unique globally
  2. Buckets are region-specific
  • S3 uses a universal (global) namespace, which means bucket names must be unique globally. However, you create the buckets in a region and the data never leaves that region unless explicitly configured to do so through cross-region replication (CRR)
  • Objects within a bucket are replicated within a region across multiple AZs (except for the One-Zone IA class)
  • You cannot create nested buckets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which AWS storage technology can be considered a “virtual hard disk in the cloud”?

  1. Amazon Elastic File Storage (EFS) filesystem
  2. Amazon Elastic Block Storage (EBS) volume
  3. Amazon S3 object
  4. Amazon Glacier archive
A
  1. Amazon Elastic Block Storage (EBS) volume

• An EBS volume is a block storage device that is most similar to a virtual hard disk in the cloud as when attached to an instance it appears as a local disk that can have an operating system installed on or be formatted and used for any other local storage purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which service records API activity on your account and delivers log files to an Amazon S3 bucket?

  1. Amazon CloudWatch
  2. Amazon S3 Event Notifications
  3. Amazon CloudTrail
  4. Amazon CloudWatch Logs
A
  1. Amazon CloudTrail
  • AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket
  • CloudTrail is for auditing (CloudWatch is for performance monitoring)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which services are integrated with KMS encryption? (choose 2)

  1. Amazon RDS
  2. Amazon EC2
  3. Amazon EBS
  4. Amazon SWF
  5. AWS CloudFormation
A
  1. Amazon RDS
  2. Amazon EBS

• https://aws.amazon.com/kms/features/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The IAM service can be used to manage which objects? (choose 2)

  1. Security groups
  2. Access policies
  3. Roles
  4. Network ACLs
  5. Key pairs
A
  1. Access policies
  2. Roles
  • Access policies are objects that you attach to entities and resources to define their permissions
  • Roles are created and then “assumed” by trusted entities and define a set of permissions for making AWS service requests
  • Security groups and network ACLs are used as instance-level and subnet-level firewalls respectively
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A company plans to create a hybrid cloud architecture. What technology will allow them to create a hybrid cloud?

  1. VPC Peering
  2. Internet Gateway
  3. Direct Connect
  4. Elastic Network Interface
A
  1. Direct Connect

• Direct Connect provides a low-latency, high bandwidth connection to connect customer on-premise environments with the AWS cloud which allows them to create a “hybrid” cloud architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which service supports the resolution of public domain names to IP addresses or AWS resources?

  1. Amazon Route 53
  2. Amazon CloudFront
  3. Amazon SNS
  4. Hosted Zones
A
  1. Amazon Route 53

• Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What can you use to quickly connect your office securely to your Amazon VPC?

  1. Route Table
  2. Internet Gateway
  3. Direct Connect
  4. AWS managed VPN
A
  1. AWS managed VPN
  • An AWS managed VPN can be used to quickly connect from an office to an Amazon VPC
  • Direct Connect provides high-bandwidth, low-latency connectivity but takes weeks to months to setup (and is much more expensive)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which service can be used for building and integrating loosely-coupled, distributed applications?

  1. Amazon EBS
  2. Amazon SNS
  3. Amazon EFS
  4. Amazon RDS
A
  1. Amazon SNS

• Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which type of Amazon Elastic Load Balancer operates at layer 7 of the OSI model?

  1. Application Load Balancer
  2. Network Load Balancer
  3. Classic Load Balancer
  4. F5 Load Balancer
A
  1. Application Load Balancer
  • Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request
  • Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data
  • Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which services can help to automate a company’s IT infrastructure? (choose 2)

  1. Amazon CloudWatch Alarms
  2. Amazon Route 53
  3. AWS Lambda Scheduled Events
  4. Virtual Private Cloud
  5. Elastic Network Interface
A
  1. Amazon CloudWatch Alarms
  2. AWS Lambda Scheduled Events
  • Amazon CloudWatch Alarms – You can create a CloudWatch alarm that sends an Amazon Simple Notification Service (Amazon SNS) message when a particular metric goes beyond a specified threshold for a specified number of periods
  • AWS Lambda Scheduled events – These events allow you to create a Lambda function and direct AWS Lambda to execute it on a regular schedule
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which database service is a NoSQL type of database that is fully managed?

  1. Amazon RDS
  2. Amazon DynamoDB
  3. Amazon RedShift
  4. Amazon ElastiCache
A
  1. Amazon DynamoDB
  • DynamoDB is Amazon’s fully managed non-relational database service
  • Amazon RDS is a relational (SQL) type of database
  • Amazon RedShift is a data warehouse that can be analyzed using SQL tools
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which storage service allows you to connect multiple EC2 instances concurrently using file-level protocols?

  1. Amazon S3
  2. Amazon EBS
  3. Amazon EFS
  4. Amazon Glacier
A
  1. Amazon EFS
  • Amazon Elastic File System allows you to connect hundreds or thousands of EC2 instances concurrently and is accessed using the file-level NFS protocol
  • Amazon Elastic Block Storage provides block-level volumes to individual EC2 instances (cannot connect multiple instances to a single EBS volume)
  • Amazon S3 is an object storage system and Glacier is used for archiving S3 objects
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What type of database supports complex queries and joins and is suitable for a transactional database deployment?

  1. Amazon RDS
  2. Amazon DynamoDB
  3. Amazon RedShift
  4. Amazon EMR
A
  1. Amazon RDS
  • Amazon DynamoDB is a NoSQL database and does not support to complex queries and joins
  • Amazon RedShift is a data warehouse used for analytic not transactional databases
  • Amazon EMR is a Hadoop service that is not suitable for transactional databases
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which service allows you to run code as functions without needing to provision or manage servers?

  1. Amazon EC2
  2. Amazon CodeDeploy
  3. AWS Lambda
  4. Amazon EKS
A
  1. AWS Lambda
  • AWS Lambda is a serverless computing technology that allows you to run code without provisioning or managing servers
  • AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
  • Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on AWS without needing to stand up or maintain your own Kubernetes control plane
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What benefits does Amazon EC2 provide over using non-cloud servers? (choose 2)

  1. Complete control of the hypervisor layer
  2. Elastic web-scale computing
  3. Inexpensive
  4. Fault tolerance
  5. High-availability with an SLA of 99.99%
A
  1. Elastic web-scale computing
  2. Inexpensive
  • Elastic Web-Scale computing– you can increase or decrease capacity within minutes not hours and commission one to thousands of instances simultaneously
  • Inexpensive – Amazon passes on the financial benefits of scale by charging very low rates and on a capacity consumed basis
  • Amazon EC2 does not provide any control of the hypervisor or underlying hardware infrastructure
  • EC2 offers a highly reliable environment where replacement instances can be rapidly and predictably commissioned with SLAs of 95% for each region
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which type of Elastic Load Balancer operates at the connection layer (layer 4) and supports IP addresses as targets?

  1. Application Load Balancer
  2. Network Load Balancer
  3. Classic Load Balancer
  4. ELBs do not support IP addresses as targets
A
  1. Network Load Balancer
  • Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data
  • The NLB and ALB support IP addresses as targets but only the NLB operates at layer 4
  • Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request
  • Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following are features of Amazon CloudWatch? (choose 2)

  1. Used to gain system-wide visibility into resource utilization
  2. Records account activity and service events from most AWS services
  3. Used for auditing of API calls
  4. Can be accessed via API, command-line interface, AWS SDKs, and the AWS Management Console
  5. Provides visibility into user activity by recording actions taken on your account
A
  1. Used to gain system-wide visibility into resource utilization
  2. Can be accessed via API, command-line interface, AWS SDKs, and the AWS Management Console
  • Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS
  • CloudWatch is for performance monitoring (CloudTrail is for auditing)
  • CloudTrail is for auditing (CloudWatch is for performance monitoring)
  • CloudTrail records account activity and service events from most AWS services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Amazon S3 bucket names must follow as set of rules. Which of the rules below apply to Amazon S3 bucket names? (choose 2)

  1. Names must be unique across all of AWS
  2. Names must be 3 to 63 characters in length
  3. Names must contain uppercase letters
  4. Names must be unique within a region
  5. Names must be formatted as a DNS domain name
A
  1. Names must be unique across all of AWS
  2. Names must be 3 to 63 characters in length

• Bucket names must follow the following rules:
– Names must be unique across all of AWS
– Names must be 3 to 63 characters in length
– Names can only contain lowercase letters, numbers and hyphens
– Names cannot be formatted as an IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which of the following statements are correct about Elastic Block Store (EBS) volumes? (choose 2)

  1. Root EBS volumes are retained on termination by default
  2. EBS volumes must be in the same AZ as the instances they are attached to
  3. You can attach multiple EBS volumes to an instance
  4. You can attach an EBS volume to multiple instances
  5. EBS volumes cannot be backed up
A
  1. EBS volumes must be in the same AZ as the instances they are attached to
  2. You can attach multiple EBS volumes to an instance
    • EBS volumes must be in the same AZ as the instances they are attached to
    • You can attach multiple EBS volumes to an instance
    • Root EBS volumes are deleted on termination by default
    • You cannot attach an EBS volume to multiple instances
    • EBS volumes can be backed up by taking a snapshot
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which statement below is incorrect in relation to Network ACLs?

  1. Operate at the Availability Zone level
  2. Support allow and deny rules
  3. Stateless
  4. Process rules in order
A
  1. Operate at the Availability Zone level
  • Network ACLS operate at the subnet level
  • https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-networking/
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What benefits are provided by Amazon CloudFront? (choose 2)

  1. Allows you to register domain names
  2. Built-in Distributed Denial of Service (DDoS) attack protection
  3. Used to enable private subnet instances to access the Internet
  4. Content is cached at Edge Locations for fast distribution to customers
  5. Provides a worldwide distributed DNS service
A
  1. Built-in Distributed Denial of Service (DDoS) attack protection
  2. Content is cached at Edge Locations for fast distribution to customers

• Benefits include:
– Cache content at Edge Location for fast distribution to customers
– Built-in Distributed Denial of Service (DDoS) attack protection
– Integrates with many AWS services (S3, EC2, ELB, Route 53, Lambda)

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/content-delivery-and-dns-services/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which service can be used to help you to migrate databases to AWS quickly and securely?

  1. AWS KMS
  2. AWS SMS
  3. AWS DMS
  4. AWS Migration Hub
A
  1. AWS DMS
  • AWS Database Migration Service helps you migrate databases to AWS quickly and securely
  • AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS
  • AWS Key Management Service (KMS) is used for managing encryption keys
  • AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which feature can you use to grant read/write access to an Amazon S3 bucket?

  1. IAM Role
  2. IAM Policy
  3. IAM Group
  4. IAM User
A
  1. IAM Policy
  • IAM Policies are documents that define permissions and can be applied to users, groups and roles
  • IAM policies can be written to grant access to Amazon S3 buckets
  • IAM Roles are created and then “assumed” by trusted entities and define a set of permissions for making AWS service requests
  • IAM Groups are collections of users and have policies attached to them
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which AWS service is used to enable multi-factor authentication?

  1. Amazon STS
  2. AWS IAM
  3. Amazon EC2
  4. AWS KMS
A
  1. AWS IAM
  • IAM is used to securely control individual and group access to AWS resources
  • The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users)
  • AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data
  • Amazon EC2 is used for running operating systems instances in the cloud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which AWS service can be used to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PC?

  1. Elastic Transcoder
  2. Elastic Beanstalk
  3. Elastic Load Balancer
  4. Auto Scaling
A
  1. Elastic Transcoder
  • Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or “transcode”) video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs
  • AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What method can you use to take a backup of an Amazon EC2 instance using AWS tools?

  1. Take full and incremental file-level backups using the backup console
  2. Take application-consistent backups using the EC2 API
  3. Use Cross Region Replication (CRR) to copy the instance to another region
  4. Take a snapshot to capture the point-in-time state of the instance
A
  1. Take a snapshot to capture the point-in-time state of the instance
  • You can take snapshots of EC2 instances which creates a point-in-time copy of the instance. Snapshots are stored on S3
  • There is no backup console to take full and incremental backups
  • There is no way of taking application-consistent backups using any AWS tools
  • Cross Region Replication is used to replicate Amazon S3 buckets are across regions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which AWS service allows you to use block-based volumes on-premise that are then asynchronously backed up to Amazon S3?

  1. AWS Storage Gateway File Gateway
  2. AWS Storage Gateway Volume Gateway
  3. Amazon S3 Multi-Part upload
  4. Amazon S3 Transfer Acceleration
A
  1. AWS Storage Gateway Volume Gateway

• AWS Storage Gateway Volume Gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored mode
• AWS Storage Gateway Volume Gateway operates in 2 modes:
– Stored Volume mode – the entire dataset is stored on-site and is asynchronously backed up to S3 (EBS point-in-time snapshots). Snapshots are incremental and compressed
– Cached Volume mode – the entire dataset is stored on S3 and a cache of the most frequently accessed data is cached on-site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

When instantiating compute resources, what are two techniques for using automated, repeatable processes that are fast and avoid human error? (choose 2)

  1. Snapshotting
  2. Bootstrapping
  3. Fault tolerance
  4. Infrastructure as code
  5. Performance monitoring
A
  1. Bootstrapping
  2. Infrastructure as code
  • With infrastructure as code AWS assets are programmable, so you can apply techniques, practices, and tools from software development to make your whole infrastructure reusable, maintainable, extensible, and testable
  • With bootstrapping you can execute automated actions to modify default configurations. This includes scripts that install software or copy data to bring that resource to a particular state
  • Snapshotting is about saving data, not instantiating resources. Fault tolerance is a method of increasing the availability of your system when components fail. Performance monitoring has nothing to do with instantiating resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which AWS service can an organization use to automate operational tasks on EC2 instances using existing Chef cookbooks?

  1. AWS OpsWorks
  2. AWS Service Catalog
  3. AWS Config
  4. AWS CodeDeploy
A
  1. AWS OpsWorks
  • AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. With Chef, you use code templates, or cookbooks, to describe the desired configuration of instances or on-premises server
  • AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS
  • AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resource
  • AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which AWS service can be used to process a large amount of data using the Hadoop framework?

  1. Amazon Athena
  2. Amazon Kinesis
  3. AWS Glue
  4. Amazon EMR
A
  1. Amazon EMR
  • Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances
  • Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information
  • AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics
  • Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which feature of Amazon Rekognition can assist with saving time?

  1. Identification of objects in images and videos
  2. Identification of the language of text in a document
  3. Adds automatic speech recognitions (ASR) to applications
  4. Provides on-demand access to compliance-related information
A
  1. Identification of objects in images and videos
  • Amazon Rekognition makes it easy to add image and video analysis to your applications. You just provide an image or video to the Rekognition API, and the service can identify the objects, people, text, scenes, and activities, as well as detect any inappropriate content
  • Amazon Comprehend identifies the language of the text; extracts key phrases, places, people, brands, or events; understands how positive or negative the text is; analyzes text using tokenization and parts of speech; and automatically organizes a collection of text files by topic
  • Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for developers to add speech-to-text capability to their applications
  • AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Which service provides visibility into user activity by recording actions taken on your account?

  1. Amazon CloudWatch
  2. Amazon CloudFormation
  3. Amazon CloudTrail
  4. Amazon CloudHSM
A
  1. Amazon CloudTrail
  • CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket
  • CloudTrail is for auditing (CloudWatch is for performance monitoring)
  • CloudFormation is used for deploying infrastructure through code
  • CloudHSM is a hardware security module for generating, managing and storing encryption keys
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which of the facts below are accurate in relation to AWS Regions? (choose 2)

  1. Each region consists of 2 or more availability zones
  2. Each region consists of a collection of VPCs
  3. Each region is designed to be completely isolated from the other Amazon Regions
  4. Regions have direct, low-latency, high throughput and redundant network connections between each other
  5. Regions are Content Delivery Network (CDN) endpoints for CloudFront
A
  1. Each region consists of 2 or more availability zones
  2. Each region is designed to be completely isolated from the other Amazon Regions
  • A region is not a collection of VPCs, it is composed of at least 2 AZs. VPCs exist within accounts on a per region basis
  • Availability Zones (not regions) have direct, low-latency, high throughput and redundant network connections between each other
  • Edge locations are (not regions) are Content Delivery Network (CDN) endpoints for CloudFront
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which AWS service provides elastic web-scale cloud computing allowing you to deploy operating system instances?

  1. Amazon EBS
  2. AWS Lambda
  3. Amazon RDS
  4. Amazon EC2
A
  1. Amazon EC2

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-compute/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

You need to ensure you have the right amount of compute available to service demand. Which AWS service can automatically scale the number of EC2 instances for your application?

  1. Amazon Elastic Load Balancer
  2. Amazon Elasticache
  3. AWS Auto Scaling
  4. AWS RedShift
A
  1. AWS Auto Scaling
  • Auto Scaling automates the process of adding (scaling up) OR removing (scaling down) EC2 instances based on the traffic demand for your application
  • ELB automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses
  • Amazon Redshift is a fast, scalable data warehouse that makes it simple and cost-effective to analyze all your data across your data warehouse and data lake
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which types of AWS resource can be launched from a Golden Image? (choose 2)

  1. Amazon DynamoDB tables
  2. Amazon EC2 instances
  3. AWS Lambda functions
  4. Amazon RDS instances
  5. Amazon S3 objects
A
  1. Amazon EC2 instances
  2. Amazon RDS instances

• Some resource types can be launched from a golden image. A golden image is a snapshot of a particular state for that resource. Examples are EC2 instances, RDS instances and EBS volumes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Using AWS terminology, which items can be created in an Amazon S3 bucket? (choose 2)

  1. Folders
  2. Files
  3. Tables
  4. Objects
  5. Queues
A
  1. Folders
  2. Objects
  • You can create folders within buckets and can also upload objects
  • As S3 is an object store you create objects not files
  • Tables and queues cannot be created on S3
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What are two ways of connecting to an Amazon VPC from an on-premise data center? (choose 2)

  1. VPC Peering
  2. Direct Connect
  3. VPN CloudHub
  4. Internet Gateway
  5. VPC Router
A
  1. Direct Connect
  2. VPN CloudHub
  • You can connect from your on-premise data center to a VPC via Direct Connect or VPN CloudHub
  • AWS Direct Connect is a network service that provides an alternative to using the Internet to connect a customer’s on premise sites to AWS
  • If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CloudHub
  • Internet gateways and VPC routers are components of a VPC and are not used for connecting from external locations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which of the below is Amazon’s proprietary RDS database?

  1. MariaDB
  2. MySQL
  3. DynamoDB
  4. Aurora
A
  1. Aurora
  • MariaDB and MySQL can be used on RDS but they are not Amazon proprietary
  • DynamoDB is an Amazon proprietary DB but it is not an RDS DB
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

A new user is unable to access any AWS services, what is the most likely explanation?

  1. The user needs to login with a key pair
  2. The services are currently unavailable
  3. By default new users are created without access to any AWS services
  4. The default limit for user logons has been reached
A
  1. By default new users are created without access to any AWS services
  • By default new users are created with NO access to any AWS services – they can only login to the AWS console
  • https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/identity-and-access-management/
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which of the following services does Amazon Route 53 provide? (choose 2)

  1. Domain registration
  2. Route tables
  3. Domain Name Service (DNS)
  4. Auto Scaling
  5. Load balancing
A
  1. Domain registration
  2. Domain Name Service (DNS)
  • Route 53 services include domain registration, DNS, health checking (availability monitoring) and traffic management
  • https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/content-delivery-and-dns-services/
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Which file format is used to write AWS Identity and Access Management (IAM) policies?

  1. DOC
  2. XML
  3. JBOD
  4. JSON
A
  1. JSON

• You manage access in AWS by creating policies and attaching them to IAM identities or AWS resources. A policy is an object in AWS that, when associated with an entity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

An architect needs to compare the cost of deploying an on-premise web server and an EC2 instance on the AWS cloud. Which tool can be used to assist the architect?

  1. AWS Cost Explorer
  2. AWS Budgets
  3. AWS TCO Calculator
  4. AWS Simple Monthly Calculator
A
  1. AWS TCO Calculator
  • The TCO calculator is a free tool provided by AWS that allows you to estimate the cost savings of using the AWS Cloud vs. using an on-premised data center
  • The AWS Cost Explorer is a free tool that allows you to view charts of your costs
  • The AWS Simple Monthly Calculator helps customers and prospects estimate their monthly AWS bill more efficiently
  • AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which AWS service provides preconfigured virtual private servers (instances) that include everything required to deploy an application or create a database?

  1. AWS CloudFormation
  2. Amazon Lightsail
  3. Amazon ECS
  4. AWS Lambda
A
  1. Amazon Lightsail
  • Lightsail includes everything you need to launch your project quickly – a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP
  • CloudFormation is used to deploy resources through code, as a service it does not include preconfigured servers
  • Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

A Solutions Architect is launching a new EC2 instance that will be a web-server. Which EBS volume type provides a good balancer of price and performance and can be used as a system boot volume?

  1. Cold HDD (sc1)
  2. Throughput Optimized (st1)
  3. General Purpose (gp2)
  4. Provisioned IOPS (io1)
A
  1. General Purpose (gp2)
  • General purpose SSD provides a good balance of price to performance, is suitable for most workloads and can be used as a system boot volume
  • Provisioned IOPS SSD is a high-performance volume type that is more expensive and should be used for apps that require the higher performance
  • Cold HDD cannot be used as a boot volume and is good for throughput oriented storage for infrequently accessed data
  • Throughput Optimized volumes are ideal for streaming workloads with fast throughput such as big data and data warehouses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Which Amazon S3 storage tier provides does not include a data retrieval fee and has an availability SLA of 99.99%?

  1. S3 Standard
  2. S3 Standard-IA
  3. S3 One Zone-IA
  4. Amazon Glacier
A
  1. S3 Standard
  • All of the storage tiers listed include a data retrieval fee except for S3 Standard
  • Availability SLAs are: S3 Standard = 99.99%; S3 Standard-IA = 99.9%; S3 One Zone-IA = 99%; Amazon Glacier = no SLA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

An organization would like to run managed desktops on the AWS cloud using the Windows 10 operating system. Which service can deliver these requirements?

  1. Amazon EC2
  2. Amazon Workspaces
  3. Amazon SWF
  4. Amazon does not provide desktop services
A
  1. Amazon Workspaces
  • Amazon WorkSpaces is a managed desktop computing service running on the AWS cloud
  • WorkSpaces allows customers to easily provision cloud-based desktops that allow end-users to access documents and applications
  • WorkSpaces offers bundles that come with a Windows 7 or Windows 10 desktop experience, powered by Windows Server 2008 R2 and Windows Server 2016 respectively
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What features does Amazon RDS provide to deliver scalability, availability and durability? (choose 2)

  1. Multi-AZ
  2. Read Replicas
  3. DB mirroring
  4. Clustering
  5. Multi-Subnet
A
  1. Multi-AZ
  2. Read Replicas
  • Multi-AZ RDS creates a replica in another AZ and synchronously replicates to it (DR only)
  • Read replicas are used for read heavy DBs and replication is asynchronous
  • DB mirroring, multi-subnet and clustering are not options provided by RDS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

An architect wants to find a tool for consistently deploying the same resources through a templated configuration. What AWS service can be used?

  1. AWS Elastic Beanstalk
  2. AWS CodeBuild
  3. AWS CodeDeploy
  4. AWS CloudFormation
A
  1. AWS CloudFormation
  • AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts
  • AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
  • AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy
  • AWS Elastic Beanstalk is the fastest and simplest way to get web applications up and running on AWS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Which AWS service can be used to host a static website?

  1. Amazon S3
  2. Amazon EBS
  3. AWS Lambda
  4. Amazon EFS
A
  1. Amazon S3
  • Amazon S3 can be used to host static websites. It is not possible to use dynamic content. You can use a custom domain name if you configure the bucket name to match
  • https://digitalcloud.training/certification-training/aws-solutions-architect-associate/storage/amazon-s3/
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What type of storage is provided by Amazon EBS?

  1. Block
  2. File
  3. Object
  4. Relational
A
  1. Block
  • Amazon Elastic Block Storage (EBS) is block storage. This means you can mount the volume for operating systems and format and partition as if it is a local disk
  • File and object are other types of storage that you can use with AWS. File storage is provided by EFS and object storage is provided by Amazon S3
  • Relational is not a type of storage, it is typically used to describe a type of database such as RDS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What type of database is fully managed and can be scaled without incurring downtime?

  1. Amazon RDS
  2. Amazon S3
  3. Amazon DynamoDB
  4. Amazon ElastiCache
A
  1. Amazon DynamoDB
  • DynamoDB is fully managed and can be scaled without incurring downtime
  • S3 is not a fully managed database, it is an object store
  • Both RDS and ElastiCache use EC2 instances and therefore scaling (vertically) requires downtime
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Which of the following services allow root level access to the operating system? (choose 2)

  1. Amazon ElastiCache
  2. Amazon EC2
  3. Amazon SQS
  4. Amazon EMR
  5. Amazon SWF
A
  1. Amazon EC2
  2. Amazon EMR

• In this list only EC2 and EMR allow root level access to the operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

You need to implement a hosted queue for storing messages in transit between application servers. Which service should you use?

  1. Amazon SWF
  2. Amazon SNS
  3. Amazon SQS
  4. Amazon DynamoDB
A
  1. Amazon SQS
  • Amazon Simple Queue Service (Amazon SQS) is a web service that gives you access to message queues that store messages waiting to be processed. SQS offers a reliable, highly-scalable, hosted queue for storing messages in transit between computers. SQS is used for distributed/decoupled application
  • Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps
  • Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Which AWS network element allows you to assign a static IPv4 address to an EC2 instance?

  1. Public IP
  2. Elastic IP
  3. Static IP
  4. Dynamic IP
A
  1. Elastic IP
  • An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account
  • An Elastic IP is a public IP however in the AWS cloud an elastic IP is the construct used to assign a public IP to an EC2 instance
  • Static IP and dynamic IP are terms used to describe IP addresses (public or private) that are either statically defined or dynamically obtained (through DHCP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

An architect is creating a scalable application using AWS Auto Scaling. What needs to be created to enable a working configuration? (choose 2)

  1. Create a listener
  2. Create an Auto Scaling group
  3. Create a launch configuration
  4. Create a target group
  5. Create a listener rule
A
  1. Create an Auto Scaling group
  2. Create a launch configuration
  • To setup Auto Scaling, two of the tasks that need to be performed are to create a launch configuration and an Auto Scaling group
  • Listeners, listener rules and target groups are associated with Elastic Load Balancing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

A Solutions Architect is designing an application stack that will be highly elastic. What AWS services can be used that don’t require you to make any capacity decisions upfront? (choose 2)

  1. AWS Lambda
  2. Amazon EC2
  3. Amazon S3
  4. Amazon RDS
  5. DynamoDB
A
  1. AWS Lambda
  2. Amazon S3
  • With Amazon S3 you don’t need to specify any capacity at any time, the service scales in both capacity and performance as required
  • AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume – there is no charge when your code is not running
  • With Amazon EC2 you need to select your instance sizes and number of instances
  • With RDS you need to select the instance size for the DB
  • With DynamoDB you need to specify the read/write capacity of the DB
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Which AWS service can assist with coordinating tasks across distributed application components?

  1. Amazon STS
  2. Amazon SQS
  3. Amazon SWF
  4. Amazon SNS
A
  1. Amazon SWF
  • Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks
  • Amazon Security Token Service (STS) is used for requesting temporary credentials
  • Amazon Simple Queue Service (SQS) is a message queue used for decoupling application components
  • Amazon Simple Notification Service (SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What kinds of routing policies are available in Amazon Route 53? (choose 2)

  1. Simple
  2. Failback
  3. Fault tolerant
  4. Latency
  5. Shortest Path First
A
  1. Simple
  2. Latency

• Route 53 routing policies include Simple, Weighted, Latency based, Failover, Geo-location, Geo-Proximity, Multi-Value and Traffic Flow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What components can be managed in the Virtual Private Cloud (VPC) management console? (choose 2)

  1. Subnets
  2. Elastic Load Balancers
  3. Auto Scaling
  4. IP CIDR
  5. Snapshots
A
  1. Subnets
  2. IP CIDR
  • Within the management console for VPC you can manage items such as subnets and the IP CIDR block for the VPC
  • The other answers are all items that can be managed within the EC2 management console
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Which services are managed at a regional (rather than global) level? (choose 2)

  1. Amazon CloudFront
  2. Amazon Route 53
  3. Amazon S3
  4. Amazon EC2
  5. AWS IAM
A
  1. Amazon S3
  2. Amazon EC2
  • Both Amazon EC2 and Amazon S3 are managed at a regional level. Note: Amazon S3 is a global namespace but you still create your buckets within a region
  • CloudFront, Route 52 and IAM and managed at a global level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

What are the names of two types of AWS Storage Gateway? (choose 2)

  1. S3 Gateway
  2. File Gateway
  3. Block Gateway
  4. Gateway Virtual Tape Library
  5. Cached Gateway
A
  1. File Gateway
  2. Gateway Virtual Tape Library
  • The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud. It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. AWS Storage Gateway supports three storage interfaces: file, volume, and tape
  • File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3
  • The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes
  • Gateway Virtual Tape Library is used for backup with popular backup software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

To connect an on-premises network to an Amazon VPC using an Amazon Managed VPN connection, which components are required? (choose 2)

  1. VPC Router
  2. Virtual Private Gateway
  3. NAT Instance
  4. Direct Connect
  5. Customer Gateway
A
  1. Virtual Private Gateway
  2. Customer Gateway
  • Two of the components you need to connect to your VPC with a VPN connection are a virtual private gateway on the VPC side and a customer gateway on the on-premise network side
  • VPC routers are not part of the VPN configuration
  • NAT instances are not used for VPN, they are used by EC2 instances in private subnets to access the Internet
  • Direct Connect can be used to connect an on-premise network to the cloud however it is not part of the configuration of an Amazon Managed VPN connection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Which AWS service can be used to run Docker containers?

  1. AWS Lambda
  2. Amazon ECR
  3. Amazon ECS
  4. Amazon AMI
A
  1. Amazon ECS
  • Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances
  • AWS Lambda is a serverless technology that lets you run code in response to events as functions
  • Amazon Elastic Container Registry (ECR) is a fully-managedDocker container registry that makes it easy for developers to store, manage, and deploy Docker container images
  • Amazon Machine Images (AMI) store configuration information for Amazon EC2 instances
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

How can you apply metadata to an EC2 instance that categorizes it according to its purpose, owner or environment?

  1. Labels
  2. Tags
  3. Hostname
  4. Stickers
A
  1. Tags

• A tag is a label that you assign to an AWS resource. Each tag consists of akey and an optional value, both of which you define. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Which tool can be used to create and manage a selection of AWS services that are approved for use on AWS?

  1. AWS Service Catalog
  2. AWS OpsWorks
  3. Amazon Cloud Directory
  4. AWS Organizations
A
  1. AWS Service Catalog
  • AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures
  • AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet
  • Amazon Cloud Directory enables you to build flexible cloud-native directories for organizing hierarchies of data along multiple dimensions
  • AWS Organizations offers policy-based management for multiple AWS accounts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Which database engines are supported by Amazon RDS? (choose 2)

  1. DynamoDB
  2. SQL Server
  3. ElastiCache
  4. Aurora
  5. MongoDB
A
  1. SQL Server
  2. Aurora
  • RDS supports the following engines: SQL Server, Oracle, MySQL Server, PostgreSQL, Aurora, MariaDB
  • DynamoDB is Amazon’s NoSQL database
  • MongoDB is a No SQL database
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

What categories of Amazon Machine Image (AMI) are available? (choose 2)

  1. Community AMIs
  2. Enterprise AMIs
  3. AWS Marketplace AMIs
  4. Shared AMIs
  5. Partner AMIs
A
  1. Community AMIs
  2. AWS Marketplace AMIs

• AMIs come in three main categories:
– Community AMIs– free to use, generally you just select the operating system you want
– AWS Marketplace AMIs– pay to use, generally come packaged with additional, licensed software
– My AMIs– AMIs that you create yourself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

Which statements are true about Amazon EBS volumes? (choose 2)

  1. You can attach EBS volumes to multiple instances
  2. EBS volumes must be in the same AZ as the instances they are attached to
  3. You can attach multiple EBS volumes to an instance
  4. EBS volume data is ephemeral and is lost when an instance is stopped
  5. EBS volumes are object storage
A
  1. EBS volumes must be in the same AZ as the instances they are attached to
  2. You can attach multiple EBS volumes to an instance
  • You cannot attach an EBS volume to multiple instances (use Elastic File Store instead)
  • EBS volume data persists independently of the life of the instance
  • EBS volumes are block storage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

What is required to enable an EC2 instance in a public subnet to access the Internet? (choose 2)

  1. A public IP address
  2. A NAT Gateway
  3. A NAT Instance
  4. A VPN connection
  5. A route to an Internet Gateway
A
  1. A public IP address
  2. A route to an Internet Gateway
  • A public subnet is a subnet that is configured to assign public IP addresses to instances and which has a route to an Internet Gateway (which is created at the VPC level) configured in the route table
  • NAT instances and NAT gateways are used by EC2 instances in private subnets (without public IPs) to access the Internet
  • A VPN connection is used to establish a secure connection between the AWS cloud and an on-premise data center or other cloud location. They are not used to access the Internet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

What types of origins are supported by Amazon CloudFront? (choose 2)

  1. EBS volume
  2. S3 object
  3. Elastic Load Balancer
  4. EC2 instance
  5. Elastic File System
A
  1. Elastic Load Balancer
  2. EC2 instance

• An origin is the origin of the files that the CDN will distribute. Origins can be either an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53 – can also be external (non-AWS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

Which feature enables fast, easy, and secure transfers of files over long distances between a client and an Amazon S3 bucket?

  1. S3 Static Websites
  2. S3 Copy
  3. Multipart Upload
  4. S3 Transfer Acceleration
A
  1. S3 Transfer Acceleration
  • Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket. S3 Transfer Acceleration leverages Amazon CloudFront’s globally distributed AWS Edge Locations
  • With S3 copy you can create a copy of objects up to 5GB in size in a single atomic operation
  • Multipart upload can be used to speed up uploads to S3
  • S3 can also be used to host static websites
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

How is data protected by default in Amazon S3?

  1. Buckets are replicated across all regions
  2. Objects are redundantly stored on multiple devices across multiple facilities within a region
  3. Objects are redundantly stored on multiple devices across multiple facilities across all regions
  4. Objects are copied across at least two Availability Zones per region
A
  1. Objects are redundantly stored on multiple devices across multiple facilities within a region
  • Amazon S3 provides a highly durable storage infrastructure designed for mission-critical and primary data storage. Objects are redundantly stored on multiple devices across multiple facilities in an Amazon S3 region
  • Amazon does not specify how data is replicated across AZs, the use the term facilities instead
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Which data consistency models are available with Amazon S3? (choose 2)

  1. Eventual consistency for PUTS of new objects
  2. Read after write consistency for PUTS of new objects
  3. Eventual consistency for overwrite PUTS and DELETES
  4. Read after write consistency for overwrites PUTS and DELETES
  5. Accelerated consistency for all PUTS and DELETES
A
  1. Read after write consistency for PUTS of new objects
  2. Eventual consistency for overwrite PUTS and DELETES

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-storage/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Which Amazon EC2 Reserved Instance type enables you to match your capacity reservation to predictable recurring dates and times?

  1. Standard RI
  2. Convertible RI
  3. Scheduled RI
  4. Customized RI
A
  1. Scheduled RI
  • With RIs, you can choose the type that best fits your applications needs.
  • Standard RIs: These provide the most significant discount (up to 75% off On-Demand) and are best suited for steady-state usage
  • Convertible RIs: These provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. Like Standard RIs, Convertible RIs are best suited for steady-state usage
  • Scheduled RIs: These are available to launch within the time windows you reserve. This option allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Which Amazon RDS database engines support AWS RDS Read Replicas? (choose 2)

  1. Oracle
  2. MySQL
  3. PostgreSQL
  4. Microsoft SQL Server
  5. DynamoDB
A
  1. MySQL
  2. PostgreSQL
  • Read replicas are available for MySQL, PostgreSQL, MariaDB and Aurora (not SQL Server or Oracle)
  • DynamoDB is not a type of RDS database and does not support read replicas
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Which Amazon RDS feature enables disaster recovery by creating a replica in another Availability Zone and synchronously replicating data to it?

  1. Read Replica
  2. Multi-AZ
  3. DB mirroring
  4. Log shipping
A
  1. Multi-AZ
  • Multi-AZ RDS creates a replica in another AZ and synchronously replicates to it (DR only)
  • Read replicas are used for read-heavy DBs and replication is asynchronous
  • DB mirroring and log shipping are not Amazon RDS features, they are methods of replicating data using native database technologies (rather than AWS technology)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Which AWS service can be used to ensure the persistence of in-flight transactions independently of any single application component?

  1. AWS CloudFormation
  2. Amazon DynamoDB
  3. AWS ElastiCache
  4. Amazon SQS
A
  1. Amazon SQS
  • Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications
  • SQS eliminates the complexity and overhead associated with managing and operating message oriented middleware, and empowers developers to focus on differentiating work
  • In-flight messages are messages that have been picked up by a consumer but not yet deleted from the queue
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Which of the below AWS services supports automated backups as a default configuration?

  1. Amazon S3
  2. Amazon RDS
  3. Amazon EC2
  4. Amazon EBS
A
  1. Amazon RDS
  • RDS automated backups allow point in time recovery to any point within the retention period down to a second. When automated backups are turned on for your DB Instance, Amazon RDS automatically performs a full daily snapshot of your data (during your preferred backup window) and captures transaction logs (as updates to your DB Instance are made). Automated backups are enabled by default and data is stored on S3 and is equal to the size of the DB
  • EC2 instances using EBS volumes can be backed up by creating a snapshot of the EBS volume
  • Amazon S3 objects are replicated across multiple facilities. You can also archive data onto Amazon Glacier and use versioning to maintain copies of older versions of objects
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

How can you ensure that the EBS volumes attached to an EC2 instance are still available after the instance is terminated?

  1. EBS volumes automatically persist after the EC2 instance is terminated
  2. EBS volumes are always deleted when an EC2 instance is terminated
  3. Ensure the “DeleteOnTermination” attribute of the EBS volume is set to false while launching the instance
  4. Take a snapshot of the EBS volume
A
  1. Ensure the “DeleteOnTermination” attribute of the EBS volume is set to false while launching the instance
  • Root EBS volumes are deleted on termination by default
  • Extra non-boot volumes are not deleted on termination by default
  • The behavior can be changed by altering the “DeleteOnTermination” attribute
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Which EC2 tenancy model gives you visibility and control over how instances are placed on a server?

  1. Dedicated Instances
  2. Dedicated Hosts
  3. Dedicated Tenancy
  4. Dedicated EC2
A
  1. Dedicated Hosts
  • A Dedicated Host is also a physical server that’s dedicated for your use. With a Dedicated Host, you have visibility and control over how instances are placed on the server
  • Dedicated Instances are Amazon EC2 instances that run in a virtual private cloud (VPC) on hardware that’s dedicated to a single customer
  • Dedicated tenancy ensures all EC2 instances that are launched in a VPC run on hardware that’s dedicated to a single customer
  • Dedicated EC2 is not an available tenancy model
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

What is the best way to apply an organizational system to EC2 instances so they can be identified by descriptors such as purpose or department?

  1. Use descriptive hostnames
  2. Organize the instances into separate subnets
  3. Apply tags
  4. Use the instance meta-data
A
  1. Apply tags
  • To help you manage your instances, images, and other Amazon EC2 resources, you can optionally assign your own metadata to each resource in the form of A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value, both of which you define. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment
  • Using descriptive hostnames or organizing instances into separate subnets is a messy way to try and organize resources and lacks the power and flexibility of tagging
  • Storing information in instance meta-data is possible but you need to retrieve the information, tags enable you to do this more easily
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Which service can be used to create sophisticated, interactive graph applications?

  1. Amazon RedShift
  2. Amazon Neptune
  3. AWS X-Ray
  4. Amazon Athena
A
  1. Amazon Neptune
  • Amazon Neptune is a fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. With Amazon Neptune, you can create sophisticated, interactive graph applications that can query billions of relationships in milliseconds
  • Amazon Redshift is a fast, scalable data warehouse that makes it simple and cost-effective to analyze all your data across your data warehouse and data lake
  • AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture
  • Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL
94
Q

Which of the below is a fully managed Amazon search service based on open source software?

  1. Amazon Elastic Beanstalk
  2. AWS OpsWorks
  3. Amazon CloudSearch
  4. Amazon Elasticsearch
A
  1. Amazon Elasticsearch
  • Amazon Elasticsearch Service, is a fully managed service that makes it easy for you to deploy, secure, operate, and scale Elasticsearch to search, analyze, and visualize data in real-time. Elasticsearch is based on open source software
  • Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application
  • AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet
  • AWS Elastic Beanstalk is the fastest and simplest way to get web applications up and running on AWS. Developers simply upload their application code and the service automatically handles all the details such as resource provisioning, load balancing, auto-scaling, and monitoring
95
Q

Which AWS database service provides a fully managed data warehouse that can be analyzed using SQL tools and business intelligence tools?

  1. Amazon RDS
  2. Amazon DynamoDB
  3. Amazon RedShift
  4. Amazon ElastiCache
A
  1. Amazon RedShift
  • RedShift is a fully managed data warehouse service designed to handle petabytes of data for analysis. Data can be analyzed with standard SQL tools and business intelligence tools. RedShift allows you to run complex analytic queries against petabytes of structured data
  • RDS is Amazon’s transactional relational database
  • DynamoDB is Amazon’s non-relational database service
  • ElastiCache is a data caching service that is used to help improve the speed/performance of web applications running on AWS
96
Q

Which AWS service lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments?

  1. AWS Elastic Beanstalk
  2. AWS CloudFormation
  3. AWS Systems Manager
  4. AWS OpsWorks
A
  1. AWS OpsWorks
  • OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments
  • OpsWorks is an automation platform that transforms infrastructure into code
  • Automates how applications are configured, deployed and managed
97
Q

Which of the following statements are correct about the benefits of AWS Direct Connect? (choose 2)

  1. Quick to implement
  2. Increased reliability (predictable performance)
  3. Lower cost than a VPN
  4. Increased bandwidth (predictable bandwidth)
  5. Uses redundant paths across the Internet
A
  1. Increased reliability (predictable performance)
  2. Increased bandwidth (predictable bandwidth)

• AWS Direct Connect is a network service that provides an alternative to using the Internet to connect customers’ on premise sites to AWS
• Data is transmitted through a private network connection between AWS and a customer’s datacenter or corporate network
• Benefits:
– Reduce cost when using large volumes of traffic
– Increase reliability (predictable performance)
– Increase bandwidth (predictable bandwidth)
– Decrease latency
• Direct Connect is not fast to implement as it can take weeks to months to setup (use VPN for fast deployment times)
• Direct Connect is more expensive than VPN
• Direct Connect uses private network connections, it does not use redundant paths over the Internet

98
Q

Which types of Amazon Kinesis services are available? (choose 2)

  1. Kinesis Video Streams
  2. Kinesis Encrypted Streams
  3. Kinesis Data Firehose
  4. Kinesis Shard Streams
  5. Kinesis Splunk Streams
A
  1. Kinesis Video Streams
  2. Kinesis Data Firehose

• Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information
• There are four types of Kinesis service:
– Kinesis Video Streams makes it easy to securely stream video from connected devices to AWS for analytics, machine learning (ML), and other processing
– Kinesis Data Streams enables you to build custom applications that process or analyze streaming data for specialized needs
– Kinesis Data Firehose is the easiest way to load streaming data into data stores and analytics tools
– Kinesis Data Analytics is the easiest way to process and analyze real-time, streaming data
• The other options presented are bogus

99
Q

Where is the information stored that defines an EC2 instance such as the template for the root volume, launch permissions and block device mappings?

  1. EFS
  2. EBS
  3. AMI
  4. ARN
A
  1. AMI
  • An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You must specify a source AMI when you launch an instance. You can launch multiple instances from a single AMI when you need multiple instances with the same configuration. You can use different AMIs to launch instances when you need instances with different configurations
  • EBS is the Elastic Block Store
  • ARN is the Amazon Resource Name which uniquely identifies AWS resources
100
Q

What is the best way for an organization to automate the creation, retention, and deletion of EBS snapshots?

  1. Use S3 lifecycle policies
  2. Create a script
  3. Create a CloudFormation template
  4. Use Amazon DLM
A
  1. Use Amazon DLM
  • You can use Amazon Data Lifecycle Manager (Amazon DLM) to automate the creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes
  • S3 lifecycle policies apply to data in S3 buckets only, not to EBS volumes
  • You could write a script but this is not the best method when you have an AWS feature available that performs the exact functions you need
  • CloudFormation is typically used for deploying and updating resource configurations rather than for performing operational activities
101
Q

Which database allows you to scale at the push of a button without incurring any downtime?

  1. Amazon RDS
  2. Amazon EMR
  3. Amazon DynamoDB
  4. Amazon RedShift
A
  1. Amazon DynamoDB
  • Amazon Dynamo DB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Push button scaling means that you can scale the DB at any time without incurring downtime
  • All other databases are based on EC2 instances and therefore you must increase the instance size to scale which will incur downtime
102
Q

Which service can an organization use to track API activity within their account?

  1. AWS CloudTrail
  2. Amazon CloudWatch
  3. Amazon IAM
  4. Amazon CloudHSM
A
  1. AWS CloudTrail
  • AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is for auditing (CloudWatch is for performance monitoring). CloudTrail is about logging and saves a history of API calls for your AWS account. Provides visibility into user activity by recording actions taken on your account. API history enables security analysis, resource change tracking, and compliance auditing
  • Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring (CloudTrail is for auditing). Used to collect and track metrics, collect and monitor log files, and set alarms
  • Amazon Identity and Access Management is an identity service that provide authentication and authorization services
  • AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud
103
Q

What tool provides real time guidance to help you provision your resources following best practices in the areas of cost optimization, performance, security and fault tolerance?

  1. AWS Inspector
  2. AWS Trusted Advisor
  3. AWS Personal Health Dashboard
  4. Amazon IAM
A
  1. AWS Trusted Advisor
  • Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment. Trusted Advisor provides real time guidance to help you provision your resources following best practices. Advisor will advise you on Cost Optimization, Performance, Security, and Fault Tolerance
  • Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS
  • AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you
  • Amazon Identity and Access Management is an identity service that provide authentication and authorization services
104
Q

What is the best way for an organization to transfer hundreds of terabytes of data from their on-premise data center into Amazon S3 with limited bandwidth available?

  1. Use S3 Transfer Acceleration
  2. Apply compression before uploading
  3. Use AWS Snowball
  4. Use Amazon CloudFront
A
  1. Use AWS Snowball
  • Snowball is a petabyte-scale data transport solution that uses devices designed to be secure to transfer large amounts of data into and out of the AWS Cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns
  • Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. However, for these volumes of data Snowball is a better choice
105
Q

When launching an EC2 instance, where can you specify configuration tasks and scripts to run after the instance starts?

  1. Metadata
  2. User data
  3. Run command
  4. AWS config
A
  1. User data
  • When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts
  • You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives
  • User data is limited to 16KB
  • Instance metadata is available at http://169.254.169.254/latest/meta-data
  • The Instance Metadata Query tool allows you to query the instance metadata without having to type out the full URI or category names
  • AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources
106
Q

Which Amazon RDS feature can reduce the burden on a database that is experiencing heavy read traffic?

  1. Multi AZ
  2. Read Replicas
  3. Log Shipping
  4. Global Tables
A
  1. Read Replicas
  • Read replicas are used for read-heavy DBs and replication is asynchronous. Read replicas are for workload sharing and offloading. Read replicas provide read-only access to the DB
  • Multi-AZ RDS creates a replica in another AZ and synchronously replicates to it (DR only)
  • Log shipping is not an RDS feature
  • Global Tables is a feature of DynamoDB
107
Q

Which AWS service does API Gateway integrate with to enable users from around the world to achieve the lowest possible latency for API requests and responses?

  1. AWS Direct Connect
  2. Amazon S3 Transfer Acceleration
  3. Amazon CloudFront
  4. AWS Lambda
A
  1. Amazon CloudFront
  • CloudFront is used as the public endpoint for API Gateway. Provides reduced latency and distributed denial of service protection through the use of CloudFront
  • AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS
  • Amazon S3 Transfer Acceleration is a bucket-level feature that enables faster data transfers to and from Amazon S3
  • AWS Lambda lets you run code without provisioning or managing servers
108
Q

Which service provides the ability to simply upload applications and have AWS handle the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring?

  1. Amazon EC2
  2. Amazon Elastic Beanstalk
  3. AWS Auto Scaling
  4. AWS OpsWorks
A
  1. Amazon Elastic Beanstalk
  • AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Developers upload applications and Elastic Beanstalk handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. Considered a Platform as a Service (PaaS) solution. Supports Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker web applications
  • Amazon EC2 is an IaaS solution that provides unmanaged instances that you can deploy with a variety of operating systems
  • AWS Auto Scaling provides elasticity for your applications by automatically launching or terminating EC2 instances according to application load or schedules you define
  • AWS OpsWorks provides a managed service for Chef and Puppet
109
Q

What advantages do NAT Gateways have over NAT Instances? (choose 2)

  1. Can be assigned to security groups
  2. Can be used as a bastion host
  3. Managed for you by AWS
  4. Highly available within each AZ
  5. Can be scaled up manually
A
  1. Managed for you by AWS
  2. Highly available within each AZ
  • NAT gateways are managed for you by AWS. NAT gateways are highly available in each AZ into which they are deployed. They are not associated with any security groups and can scale automatically up to 45Gbps
  • NAT instances are managed by They must be scaled manually and do not provide HA. NAT Instances can be used as bastion hosts and can be assigned to security groups
110
Q

What speeds is AWS Direct Connect offered at by AWS? (choose 2)

  1. 50 Mbps
  2. 100 Mbps
  3. 1 Gbps
  4. 10 Gbps
  5. 100 Gbps
A
  1. 1 Gbps
  2. 10 Gbps
  • AWS Direct Connect is a network service that provides an alternative to using the Internet to connect a customer’s on premise sites to AWS. Data is transmitted through a private network connection between AWS and a customer’s data center or corporate network
  • Available in 1Gbps and 10Gbps
  • Speeds of 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, and 500Mbps can be purchased through AWS Direct Connect Partners
111
Q

Which AWS service is known as a “serverless” service and runs code as functions triggered by events?

  1. Amazon ECS
  2. AWS Lambda
  3. Amazon CodeDeploy
  4. Amazon Cognito
A
  1. AWS Lambda
  • AWS Lambda lets you run code as functions without provisioning or managing servers. Lambda-based applications (also referred to as serverless applications) are composed of functions triggered by events. With serverless computing, your application still runs on servers, but all the server management is done by AWS
  • Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances
  • AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
  • Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily
112
Q

Which AWS service is used for decoupling applications components using a message queue?

  1. Amazon SWF
  2. Amazon SNS
  3. Amazon Kinesis
  4. Amazon SQS
A
  1. Amazon SQS
  • Amazon Simple Queue Service (Amazon SQS) is a web service that gives you access to message queuesthat store messages waiting to be processed. SQS offers a reliable, highly-scalable, hosted queue for storing messages in transit between computers. SQS is used for distributed/decoupled applications
  • Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud
  • Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components
  • Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information
113
Q

Which of the below are valid options for interacting with Amazon Glacier archives? (choose 2)

  1. Directly through the management console
  2. From the AWS CLI
  3. Using S3 Multipart Upload
  4. Using the REST API
  5. Through IAM
A
  1. From the AWS CLI
  2. Using the REST API
  • Glacier provides a management console. You can use the console to create and delete vaults. However, all other interactions with Glacier require that you use the AWS Command Line Interface (CLI) or write code
  • For example, to upload data, such as photos, videos, and other documents, you must either use the AWS CLI or write code to make requests, using either the REST API directly or by using the AWS SDKs
114
Q

Which service provides a way to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs?

  1. Amazon Elastic Transcoder
  2. AWS Glue
  3. Amazon Rekognition
  4. Amazon Comprehend
A
  1. Amazon Elastic Transcoder
  • Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or “transcode”) video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs
  • AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics
  • Amazon Rekognition makes it easy to add image and video analysis to your applications
  • Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text
115
Q

Which statement best describes Amazon Route 53?

  1. Amazon Route 53 is a service that enables routing within VPCs in an account
  2. Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service
  3. Amazon Route 53 enables hybrid cloud models by extending an organization’s on-premise networks into the AWS cloud
  4. Amazon Route 53 is a service for distributing incoming connections between a fleet of registered EC2 instances
A
  1. Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service
  • The VPC router performs routing within a VPC
  • Direct Connect enables hybrid cloud models by extending an organization’s on-premise networks into the AWS cloud
  • Auto Scaling is a service for distributing incoming connections between a fleet of registered EC2 instances
116
Q

Which type of AWS Elastic Load Balancer should be used if you want to route traffic to targets based on the content of the request such as DNS name or URL path?

  1. Application Load Balancer (ALB)
  2. Network Load Balancer (NLB)
  3. Classic Load Balancer (CLB)
  4. AWS Auto Scaling
A
  1. Application Load Balancer (ALB)
  • ALB is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers. Operating at the individual request level (Layer 7), Application Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request
  • NLB is best suited for load balancing of TCP traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies
  • CLB provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. Classic Load Balancer is intended for applications that were built within the EC2-Classic network
  • AWS Auto Scaling is not a type of ELB
117
Q

Which data warehouse service can be used to query data in an Amazon S3 data lake without loading the data?

  1. Amazon RDS
  2. AWS Lambda
  3. Amazon RedShift
  4. Amazon EMR
A
  1. Amazon RedShift
  • Amazon Redshift extends data warehouse queries to your data lake, with no loading required. You can run analytic queries against petabytes of data stored locally in Redshift, and directly against exabytes of data stored in Amazon S3
  • Amazon RDS is not a data warehouse and cannot query data in S3 at rest
  • AWS Lambda runs code as functions and is not a data warehouse
  • Amazon Elastic Map Reduce (EMR) provides a managed Hadoop service and cannot query data in S3 at rest
118
Q

Which feature allows customers to route traffic via private IP addresses between two VPCs?

  1. Endpoints
  2. Network Address Translation
  3. Virtual Private Gateway
  4. Peering Connections
A
  1. Peering Connections
  • A peering connection enables you to route traffic via private IP addresses between two peered VPCs
  • VPC endpoints enable private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies
  • A VPG is the Amazon side of a VPN connection
  • Network Address Translation (NAT) is used to translate IP addresses when routing between subnets that do not have a fully routable address space
119
Q

Which AWS services can be used to create a “stateless” application? (choose 2)

  1. Amazon DynamoDB
  2. Amazon RDS
  3. Amazon SWF
  4. Load balancing with session affinity
  5. Amazon EBS
A
  1. Amazon DynamoDB
  2. Amazon SWF
  • Stateless components include DynamoDB which is often used for storing session state to maintain a stateless architecture and SWF which can be used for a multi-step workflow
  • Databases such as RDS are considered stateful
  • Load balancing with session affinity can be used for horizontal scaling of stateful components
  • Amazon EBS is not a shared storage service so is not ideal for stateless architectures (use S3 or EFS instead)
120
Q

Which open-source technology allows you to build and deploy distributed applications inside of software containers?

  1. Docker
  2. Jenkins
  3. Puppet
  4. Chef
A
  1. Docker
  • Docker allows you to package a piece of software in a Docker image, which is a standardized unit for software development, containing everything the software needs to run: code, runtime, system tools, system libraries, etc.
  • The other options are automation and orchestration tools
121
Q

What do Amazon S3 objects consist of? (choose 2)

  1. Key
  2. Userdata
  3. Value
  4. ARN
  5. AMI
A
  1. Key
  2. Value

• Amazon S3 objects consist of:
– Key (name of the object)
– Value (data made up of a sequence of bytes)
– Version ID (used for versioning)
– Metadata (data about the data that is stored)

122
Q

Which type of EBS volume should you choose for an application that requires 12,000 IOPS from a single volume?

  1. General Purpose SSD
  2. Provisioned IOPS SSD
  3. Throughput Optimized HDD
  4. Cold HDD
A
  1. Provisioned IOPS SSD
  • Provisioned IOPS SSD volumes support up to 32,000 IOPS whereas General Purpose SSD only supports up to 10,000 per volume
  • Throughput Optimized HDD supports up to 500 IOPS and Cold HDD supports up to 250 IOPS per volume
123
Q

Which type of Amazon Route 53 record set should be used to map a zone apex record to an Amazon Elastic Load Balancer?

  1. A
  2. AAAA
  3. CNAME
  4. Alias
A
  1. Alias
  • The Alias record is a Route 53 specific record type. Alias records are used to map resource record sets in your hosted zone to Amazon Elastic Load Balancing load balancers, Amazon CloudFront distributions, AWS Elastic Beanstalk environments, or Amazon S3 buckets that are configured as websites. An Alias record can be used for resolving apex / naked domain names (e.g. example.com rather than sub.example.com)
  • A CNAME record can’t be used for resolving apex / naked domain name
  • An A record is a simple address record and an AAAA record is used for IPv6
124
Q

Which types of root storage devices are available for Amazon EC2 instances? (choose 2)

  1. EFS file system
  2. EBS volume
  3. S3 Bucket
  4. Instance Store
  5. RAM
A
  1. EBS volume
  2. Instance Store
  • The only storage options for a root volume that can be booted from are EBS volumes and Instance Stores
  • https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html
125
Q

Which of the following are supported event sources for AWS Lambda? (choose 2)

  1. Amazon S3
  2. Amazon EC2
  3. Amazon DynamoDB
  4. Amazon RedShift
  5. AWS Direct Connect
A
  1. Amazon S3
  2. Amazon DynamoDB
  • An event source is an AWS service or developer-created application that produces events that trigger an AWS Lambda function to run. Amazon S3 and DynamoDB are supported event sources for AWS Lambda
  • https://docs.aws.amazon.com/lambda/latest/dg/invoking-lambda-function.html
126
Q

Which type of Amazon Route 53 routing policy allows you to specify a numerical value per IP address, totaling 100, that favors addresses with higher values?

  1. Latency based
  2. Failover
  3. Weighted
  4. Geo-location
A
  1. Weighted
  • Similar to simple but you can specify a weight per IP address. You create records that have the same name and type and assign each record a relative weight. Numerical value that favors one IP over another and must total 100
  • Failover provides failover to a secondary IP address and is used for active-passive configurations
  • With latency based AWS maintains a database of latency from different parts of the world, focusses on improving performance by routing to the region with the lowest latency
  • Geo-location Caters to different users in different countries and different languages. Contains users within a particular geography and offers them a customized version of the workload based on their specific needs. Geolocation can be used for localizing content and presenting some or all of your website in the language of your users
127
Q

Which Amazon RDS deployment type is best used to enable fault tolerance in the event of the failure of an availability zone?

  1. Multiple Availability Zones
  2. Multiple Regions
  3. Read Replicas
  4. Write Replicas
A
  1. Multiple Availability Zones
  • Multi AZ provides a mechanism to failover the RDS database to another synchronously replicated copy in the event of the failure of an AZ
  • There is no option for multiple region failover of Amazon RDS
  • Read replicas are used for offloading read traffic from a primary database but cannot be used for writing and cannot be used to failover the primary database
  • There is no such thing as write replicas
128
Q

Which AWS service lets you add user sign up, sign-in and access control to web and mobile apps?

  1. AWS Directory Service
  2. AWS Cognito
  3. AWS Artifact
  4. AWS CloudHSM
A
  1. AWS Cognito
  • Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0
  • AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud
  • AWS Artifact is your go-to, central resource for compliance-related information that matters to you
  • AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud
129
Q

Which AWS service is a Natural Language Processing (NLP) service that uses machine learning to find insights and relationships in text?

  1. Amazon Transcribe
  2. Amazon Comprehend
  3. Amazon Rekognition
  4. Amazon Sagemaker
A
  1. Amazon Comprehend
  • Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text. The service identifies the language of the text; extracts key phrases, places, people, brands, or events; understands how positive or negative the text is; analyzes text using tokenization and parts of speech; and automatically organizes a collection of text files by topic
  • Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for developers to add speech-to-text capability to their applications
  • Amazon Rekognition makes it easy to add image and video analysis to your applications
  • Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale
130
Q

Which Amazon namespace is used to uniquely identify AWS resources?

  1. AMI
  2. API
  3. ARN
  4. ACL
A
  1. ARN
  • Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls
  • An application programming interface (API) is a set of subroutine definitions, communication protocols, and tools for building software
  • An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud
  • Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects
131
Q

What is the difference between an EBS volume and an Instance store?

  1. EBS volumes are object storage devices whereas Instance store volume are block based
  2. Instance store volumes are ephemeral whereas EBS volumes are persistent storage
  3. Instance store volumes can be used with all EC2 instance types whereas EBS cannot
  4. EBS volumes are file-level storage devices whereas Instance store volumes are object-based
A
  1. Instance store volumes are ephemeral whereas EBS volumes are persistent storage
  • EBS-backed means the root volume is an EBS volume and storage is persistent. Instance store-backed means the root volume is an instance store volume and storage is not persistent
  • Both EBS and Instance store volumes are block-based storage devices
  • EBS volumes can be used with all EC2 instance types whereas Instance store volumes are more limited in compatibility
132
Q

Which Compute service should be used for running a Linux operating system upon which you will install custom software?

  1. Amazon ECS
  2. Amazon EC2
  3. AWS Lambda
  4. Amazon EKS
A
  1. Amazon EC2
  • Amazon EC2 should be used when you need access to a full operating system instance
  • Amazon Elastic Container Service (ECS) and Amazon Elastic Container Service for Kubernetes (EKS) are used for running software containers, not full operating system instances
  • AWS Lambda runs code as functions in response to events
133
Q

Which of the below are valid options within the VPC Wizard? (choose 2)

  1. VPC with Two Public Subnets
  2. VPC with Private Subnets
  3. VPC with a Single Public Subnet
  4. VPC with Public and Private Subnets and Hardware VPN Access
  5. VPC with a Private Subnet Only and Software VPN Access
A
  1. VPC with a Single Public Subnet
  2. VPC with Public and Private Subnets and Hardware VPN Access

• The options available in the VPC Wizard are:
– VPC with a Single Public Subnet
– VPC with Public and Private Subnets
– VPC with Public and Private Subnets and Hardware VPN Access
– VPC with a Private Subnet Only and Hardware VPN Access

134
Q

Which type of AWS Storage Gateway can be used to backup data with popular backup software?

  1. File Gateway
  2. Volume Gateway
  3. Gateway Virtual Tape Library
  4. Backup Gateway
A
  1. Gateway Virtual Tape Library
  • The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud. The Gateway Virtual Tape Library can be used with popular backup software such as NetBackup, Backup Exec and Veeam. Uses a virtual media changer and tape drives
  • There is no such thing as a Backup Gateway in the AWS products
  • File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3
  • The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes
135
Q

Where can resources be launched when configuring AWS Auto Scaling?

  1. Multiple AZs and multiple regions
  2. Multiple AZs within a region
  3. A single subnet
  4. Multiple VPCs
A
  1. Multiple AZs within a region

• AWS Auto Scaling is configured within the EC2 console and can launch instances within a VPC across multiple AZs. It cannot launch resources into another region

136
Q

In addition to DNS services, what other services does Amazon Route 53 provide? (choose 2)

  1. DHCP
  2. Domain registration
  3. Routing
  4. Traffic flow
  5. Caching
A
  1. Domain registration
  2. Traffic flow
  • Route 53 features include domain registration, DNS, traffic flow, health checking, and failover
  • Route 53 does not support DHCP, routing or caching
137
Q

Which storage type can be mounted using the NFS protocol to many EC2 instances simultaneously?

  1. Amazon EBS
  2. Amazon Instance Store
  3. Amazon S3
  4. Amazon EFS
A
  1. Amazon EFS
  • EFS is a fully-managed service that makes it easy to set up and scale file storage in the Amazon Cloud. EFS uses the NFSv4.1 protocol. Can concurrently connect 1 to 1000s of EC2 instances, from multiple AZs
  • EBS volumes can only be attached to a single EC2 instance at a time and are block devices (not NFS)
  • Amazon S3 is an object store and is connected to using a RESTful protocol over HTTP
  • Amazon Instance Store is a type of ephemeral block-based volume that can be attached to a single EC2 instance at a time
138
Q

Which tool can be used to provide real time guidance on provisioning resources following AWS best practices?

  1. AWS Personal Health Dashboard
  2. AWS Simple Monthly Calculator
  3. AWS Trusted Advisor
  4. AWS Inspector
A
  1. AWS Trusted Advisor
  • Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment. Trusted Advisor provides real time guidance to help you provision your resources following best practices
  • Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS
  • AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you
  • The AWS Simple Monthly Calculator helps you to estimate the cost of using AWS services
139
Q

What types of monitoring can Amazon CloudWatch be used for? (choose 2)

  1. Application performance
  2. API access
  3. Operational health
  4. Infrastructure
  5. Data center
A
  1. Application performance
  2. Operational health
  • Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch performs performance monitoring and can monitor custom metrics generated by applications and the operational health of your AWS resources
  • Amazon CloudTrail monitors API access
  • Infrastructure and data center monitoring is not accessible to AWS customers
140
Q

When using an Elastic Load Balancer, which process checks for connections requests, using a configured protocol and port?

  1. Rule
  2. Listener
  3. Action
  4. Condition
A
  1. Listener
  • A listener is a process that checks for connection requests, using the protocol and port that you configure. The rules that you define for a listener determine how the load balancer routes requests to the targets in one or more target groups
  • Each listener has a default rule, and you can optionally define additional rules. Each rule consists of a priority, one or more actions, an optional host condition, and an optional path condition
  • Each rule action has a type, an order, and information required to perform the action. The following are the supported action types
  • There are two types of rule conditions: host and path. Each rule can have up to one host condition and up to one path condition
141
Q

Which two types of database engine can be used with Amazon ElastiCache? (choose 2)

  1. Memcached
  2. HANA
  3. Redis
  4. MongoDB
  5. MemSQL
A
  1. Memcached
  2. Redis
  • ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. The in-memory caching provided by ElastiCache can be used to significantly improve latency and throughput for many read-heavy application workloads or compute-intensive workloads
  • Only the Memcached and Redis database engines can be used with ElastiCache, the others in the list are all in-memory databases but are not supported

• https://digitalcloud.training/certification-training/aws-solutions-architect-associate/database/amazon-elasticache/

142
Q

Which AWS service is a data warehouse that uses columnar data storage and is suited to analytic and reporting workloads against very large data sets?

  1. Amazon RDS
  2. Amazon RedShift
  3. Amazon DynamoDB
  4. Amazon Aurora
A
  1. Amazon RedShift
  • A data warehouse is a specialized type of relational database, optimized for analysis and reporting of large amounts of data. It can be used to combine transactional data from disparate sources making them available for analysis and decision-making. Amazon Redshift is a managed data warehouse service that is designed to operate at less than a tenth the cost of traditional solutions
  • Amazon Redshift achieves efficient storage and optimum query performance through a combination of massively parallel processing (MPP), columnar data storage, and targeted data compression encoding schemes. RedShift is particularly suited to analytic and reporting workloads against very large data sets
  • Amazon RDS (and Aurora, which is an RDS DB), is a relational, transactional DB not a data warehouse
  • Amazon DynamoDB is a NoSQL DB used for transactional systems also
143
Q

You need to resolve a domain name to a target domain name for a record that is hosted externally to AWS. Which record type can you configure in Route 53?

  1. Alias
  2. NS
  3. CNAME
  4. SPF
A
  1. CNAME
  • Both CNAME records and Alias records can be used to map a domain name to a target domain name. However, only a CNAME record can be used to map to a target domain external to AWS.
  • Alias records are used to map resource record sets in your hosted zone to Amazon Elastic Load Balancing load balancers, Amazon CloudFront distributions, AWS Elastic Beanstalk environments, or Amazon S3 buckets that are configured as websites
  • An NS record is a Name Server record an identifies DNS servers
  • An SPF record is a Sender Policy Framework record and identifies the mail servers that are allowed to send mail for a domain
144
Q

Using Amazon S3 what method can be used to automatically copy objects from one region to another?

  1. Cross-region synchronization
  2. Cross-zone replication
  3. Cross-region replication
  4. Cross-account replication
A
  1. Cross-region replication

• CRR is an Amazon S3 feature that automatically replicates data across AWS Regions. With CRR, every object uploaded to an S3 bucket is automatically replicated to a destination bucket in a different AWS Region that you choose. CRR is configured at the S3 bucket level. Versioning must be enabled for both the source and destination buckets

145
Q

Which AWS service provides a single location to track the progress of application migrations across multiple AWS and partner solutions?

  1. AWS Database Migration Service
  2. AWS Server Migration Service
  3. AWS Migration Hub
  4. AWS Batch
A
  1. AWS Migration Hub
  • AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions. Using Migration Hub allows you to choose the AWS and partner migration tools that best fit your needs, while providing visibility into the status of migrations across your portfolio of applications. This includes AWS Database Migration Service, AWS Server Migration Service, and partner migration tools
  • AWS Database Migration Service helps you migrate databases to AWS quickly and securely
  • AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS
  • With AWS Batch, you simply package the code for your batch jobs, specify their dependencies, and submit your batch job using the AWS Management Console, CLIs, or SDK
146
Q

Which AWS service allows you to automate the evaluation of recorded configurations against desired configuration?

  1. AWS OpsWorks
  2. AWS Service Catalog
  3. AWS CloudFormation
  4. AWS Config
A
  1. AWS Config
  • AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations
  • AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet
  • AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS
  • AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment
147
Q

You would like to collect custom metrics from a production application every 1 minute. What type of monitoring should you use?

  1. CloudWatch with detailed monitoring
  2. CloudWatch with basic monitoring
  3. CloudTrail with detailed monitoring
  4. CloudTrail with basic monitoring
A
  1. CloudWatch with detailed monitoring
  • Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring (CloudTrail is for auditing). Used to collect and track metrics, collect and monitor log files, and set alarms. Basic monitoring collects metrics every 5 minutes whereas detailed monitoring collects metrics every 1 minute
  • AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is for auditing (CloudWatch is for performance monitoring). CloudTrail is about logging and saves a history of API calls for your AWS account
148
Q

Which AWS service can be used for testing and interacting with apps for Android, iOS and web apps?

  1. AWS AppSync
  2. AWS Device Farm
  3. AWS Config
  4. AWS CodeDeploy
A
  1. AWS Device Farm
  • AWS Device Farm is an app testing service that lets you test and interact with your Android, iOS, and web apps on many devices at once, or reproduce issues on a device in real time
  • AWS AppSync makes it easy to build data-driven mobile and browser-based apps that deliver responsive, collaborative experiences by keeping the data updated when devices are connected, enabling the app to use local data when offline, and synchronizing the data when the devices reconnect
  • AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
  • AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources
149
Q

How are AWS Lambda functions triggered?

  1. Events
  2. Schedules
  3. Metrics
  4. Counters
A
  1. Events

• AWS Lambda lets you run code as functions without provisioning or managing server. Lambda-based applications (also referred to as serverless applications) are composed of functions triggered by events

150
Q

What type of Amazon CloudFront distribution support streaming media files using Adobe Flash Media?

  1. Web distribution
  2. Static website
  3. RTMP distribution
  4. S3 buckets
A
  1. RTMP distribution
  • An RTMP distribution is used to distribute streaming media files using Adobe Flash Media Server’s RTMP protocol
  • Of the answers listed, only web distribution and RTMP distribution are actually types of distribution
151
Q

Which of the below are components that can be configured in the VPC section of the AWS management console? (choose 2)

  1. Subnet
  2. EBS volumes
  3. Elastic Load Balancer
  4. Endpoints
  5. DNS records
A
  1. Subnet
  2. Endpoints
  • You can have configured subnets and endpoints within the VPC section of AWS management console
  • EBS volumes and ELB must be configured in the EC2 section of the AWS management console
  • DNS records must be configured in Amazon Route 53

• https://digitalcloud.training/certification-training/aws-solutions-architect-associate/networking-and-content-delivery/amazon-vpc/

152
Q

Which type of data storage system is typically considered to hold “structured” data?

  1. Non-relational database
  2. File system
  3. Email system
  4. Relational database
A
  1. Relational database
  • Relation databases such as Structured Query Language (SQL) databases hold data in a structured format. Examples are Amazon RDS and Microsoft SQL Server
  • File systems, email systems and non-relational databases hold data in an “unstructured” format. This means that though there is some structure to it, the data cannot be easily searched using standard data processing algorithms or structured queries. Unstructured data is more human-friendly than machine-friendly
153
Q

Which statements are correct about the retention of Amazon Elastic Block Store (EBS) volumes when an EC2 instance is terminated? (choose 2)

  1. Root EBS volumes are deleted by default
  2. Root EBS volumes are retained by default
  3. Non-root EBS volumes are deleted by default
  4. Non-root EBS volumes are retained by default
  5. EBS volumes are always deleted
A
  1. Root EBS volumes are deleted by default
  2. Non-root EBS volumes are retained by default
  • The root EBS device is the volume the OS boots from. Root EBS volumes are deleted on termination by default.
  • Extra non-boot volumes are not deleted on termination by default
154
Q

Which options are available for transferring domains with Route 53? (choose 2)

  1. You can transfer domains to Route 53 if the Top Level Domain (TLD) is supported
  2. You can transfer a domain from Route 53 to another registrar through the console
  3. You can transfer any domains to Route 53
  4. You can transfer Route 53 hosted domains to another account
  5. You must register domains through Route 53, you cannot transfer them
A
  1. You can transfer domains to Route 53 if the Top Level Domain (TLD) is supported
  2. You can transfer Route 53 hosted domains to another account
  • You can transfer domains to Route 53 only if the Top Level Domain (TLD) is supported
  • You can transfer a domain from Route 53 to another registrar by contacting AWS support, you cannot do it through the console
  • You can transfer a domain to another account in AWS however it does not migrate the hosted zone by default (optional)
155
Q

When connecting to AWS over AWS Direct Connect, what the is scope of connectivity enabled? (choose 2)

  1. You can connect to all public and private services in all regions
  2. You can connect to an individual AZ
  3. You can connect to all AZs within the VPC of the local region
  4. You can connect to a specified IP subnet
  5. You can connect to public services in remote regions
A
  1. You can connect to all AZs within the VPC of the local region
  2. You can connect to public services in remote regions
  • With Direct Connect you have a private connection to a specific region. You can access all resources within the local region over a private virtual interface (VIF). You can also connect to the public services in other regions using a public VIF and IPSec
  • You can connect to private VPCs in other regions too, though for that you need a Direct Connect Gateway
156
Q

Which AWS service lets connected devices easily and securely interact with cloud applications and other devices?

  1. Amazon Workspaces
  2. AWS Directory Service
  3. AWS IoT Core
  4. AWS SMS
A
  1. AWS IoT Core
  • AWS IoT Core is a managed cloud service that lets connected devices easily and securely interact with cloud applications and other devices. AWS IoT Core can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely
  • AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud
  • Amazon WorkSpaces is a managed, secure cloud desktop service
  • AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS
157
Q

Which AWS service can be used to prepare and load data for analytics using an extract, transform and load (ETL) process?

  1. AWS Lambda
  2. AWS Glue
  3. Amazon EMR
  4. Amazon Athena
A
  1. AWS Glue
  • AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics
  • Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances
  • Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL
  • AWS Lambda is a serverless application that runs code as functions in response to events
158
Q

What is the availability model of Amazon DynamoDB?

  1. Data is synchronously replicated across all regions
  2. Data is asynchronously replicated across 3 facilities (AZs) in a region
  3. Data is synchronously replicated across 3 facilities in a region
  4. Data is asynchronously replicated across 3 facilities in a region
A
  1. Data is synchronously replicated across 3 facilities in a region

• Amazon DynamoDB stores three geographically distributed replicas of each table to enable high availability and data durability. Data is synchronously replicated across 3 facilities (AZs) in a region

159
Q

Which type of storage stores objects comprised of key, value pairs?

  1. Amazon DynamoDB
  2. Amazon EBS
  3. Amazon EFS
  4. Amazon S3
A
  1. Amazon S3
  • Amazon S3 is an object-based storage system that stores objects that are comprised of key, value pairs
  • Amazon DynamoDB stores items, not objects, based on key, value pairs
  • Amazon EBS is a block-based storage system
  • Amazon EFS is a file-based storage system
160
Q

Which service provides alerts and remediation guidance when AWS is experiencing events that may impact you?

  1. AWS Trusted Advisor
  2. AWS Inspector
  3. AWS Personal Health Dashboard
  4. AWS Shield
A
  1. AWS Personal Health Dashboard
  • AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you
  • Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment
  • Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS
  • AWS Shield is a managed Distributed Denial of Service (DDoS) protection service
161
Q

Which AWS services form the app-facing services of the AWS serverless infrastructure? (choose 2)

  1. AWS Step Functions
  2. AWS Lambda
  3. Amazon API Gateway
  4. Amazon DynamoDB
  5. Amazon EFS
A
  1. AWS Lambda
  2. Amazon API Gateway
  • AWS Lambda and Amazon API Gateway are both app-facing components of the AWS Serverless infrastructure
  • Amazon DynamoDB and EFS are database and storage services of the serverless infrastructure
  • AWS Step Functions is an orchestration service
162
Q

Which type of EBS volumes can be encrypted?

  1. Non-root volumes only
  2. Both non-root and root if launched from an encrypted AMI
  3. Only non-root volumes created from snapshots
  4. Any volume can have encryption applied at launch time
A
  1. Both non-root and root if launched from an encrypted AMI
  • You can encrypt non-root volumes at launch time. Root volumes (boot volumes) can only be encrypted if you create the instance from an encrypted AMI
  • https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/
163
Q

Which AWS service enables developers and data scientists to build, train, and deploy machine learning models?

  1. Amazon Rekognition
  2. Amazon Comprehend
  3. Amazon SageMaker
  4. Amazon MQ
A
  1. Amazon SageMaker
  • Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. Amazon SageMaker removes all the barriers that typically slow down developers who want to use machine learning
  • Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text
  • Amazon Rekognition makes it easy to add image and video analysis to your applications
  • Amazon MQ is a managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud
164
Q

What is the name of the AWS managed Docker registry service used by the Amazon Elastic Container Service (ECS)?

  1. EC2 Container Registry
  2. ECS Container Registry
  3. Docker Container Registry
  4. Docker Image Repository
A
  1. EC2 Container Registry

• The EC2 container registry (ECR) is a managed AWS Docker registry service for storing, managing and deploying Docker images

165
Q

Which of the following statements are true in relation to public facing Elastic Load Balancers? (choose 2)

  1. ELB nodes have public IP addresses
  2. ELB nodes route traffic to the public IP addresses of EC2 instances
  3. ELB nodes have private IP addresses
  4. ELB nodes route traffic to the private IP addresses of EC2 instances
  5. Does not require an Internet Gateway
A
  1. ELB nodes have public IP addresses
  2. ELB nodes route traffic to the private IP addresses of EC2 instances

• ELBs can be configured as public facing or internal only. Public facing load balancers have public IP addresses and require an Internet Gateway to function. The public facing ELBs route traffic to the private IP addresses of EC2 instances

166
Q

Which AWS service can be used to send automated notifications to HTTP endpoints?

  1. Amazon SQS
  2. Amazon SWF
  3. Amazon SNS
  4. Amazon SES
A
  1. Amazon SNS
  • Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud. SNS can be used to send automated or manual notifications to email, mobile (SMS), SQS, and HTTP endpoints
  • Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications
  • Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential step
  • Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails
167
Q

What feature of Amazon S3 enables you to set rules to automatically transfer objects between different storage classes at defined time intervals?

  1. Elastic Data Management
  2. Object Lifecycle Management
  3. Auto Lifecycle Scaling
  4. S3 Archiving
A
  1. Object Lifecycle Management
  • Object lifecycle management can be used with objects so that they are stored cost effectively throughout their lifecycle. Objects can be transitioned to another storage class or expired
  • All other options are bogus and do not exist
168
Q

How can an organization scale out write performance for their Amazon Aurora database across multiple availability zones?

  1. Using Read Replicas
  2. By implementing a Multi-AZ configuration
  3. Using Cross-Region Read replicas
  4. By implementing a Multi-Master configuration
A
  1. By implementing a Multi-Master configuration
  • Amazon Aurora Multi-Master is a new feature of the Aurora MySQL-compatible edition that adds the ability to scale out write performance across multiple Availability Zones, allowing applications to direct read/write workloads to multiple instances in a database cluster and operate with higher availability
  • Multi-AZ is not a feature that you can configure with Aurora but data is replicated 6 ways, across 3 AZs by default
  • Read replicas and cross-region read replicas would not assist with scaling write performance as they only scale read performance
169
Q

What are the AWS best practices for storing large items and attributes in Amazon DynamoDB? (choose 2)

  1. Compress large attribute values
  2. Store large attributes in AWS Lambda
  3. Store large attributes as objects in Amazon S3
  4. Use ElastiCache to cache large attributes
  5. Never store large attributes in DynamoDB
A
  1. Compress large attribute values
  2. Store large attributes as objects in Amazon S3
  • If an application needs to store more data in an item than the DynamoDB size limit permits, you can try compressing one or more large attributes, or you can store them as an object in Amazon Simple Storage Service (Amazon S3) and store the Amazon S3 object identifier in your DynamoDB item
  • You cannot store anything in AWS Lambda, it is a service that provides processes (functions) for executing code
  • You cannot use ElastiCache to cache the large objects as it is not designed for this purpose
170
Q

How can you configure Amazon Route 53 to monitor the health and performance of your application?

  1. Using DNS lookups
  2. Using Route 53 health checks
  3. Using the Route 53 API
  4. Using CloudWatch
A
  1. Using Route 53 health checks
  • Amazon Route 53 health checks monitor the health and performance of your web applications, web servers, and other resources
  • None of the other options provide a solution that can check the health and performance of an application
171
Q

At which layer of the OSI model does a Classic Load Balancer operate at?

  1. Layer 3
  2. Layer 4
  3. Layer 7
  4. Layer 4 & 7
A
  1. Layer 4 & 7
  • Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7
  • Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request
  • Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data
172
Q

In Amazon EC2, which types of Placement Groups are available? (choose 2)

  1. Cluster
  2. Affinity
  3. Proximity
  4. Spread
  5. Zone
A
  1. Cluster
  2. Spread

• Placement groups are a logical grouping of instances in one of the following configurations:
– A cluster placement group is a logical grouping of instances within a single Availability Zone. Cluster placement groups are recommended for applications that benefit from low network latency, high network throughput, or both, and if the majority of the network traffic is between the instances in the group
– A spread placement group is a group of instances that are each placed on distinct underlying hardware. Spread placement groups are recommended for applications that have a small number of critical instances that should be kept separate from each other

173
Q

With which service can a developer upload code from a Git repository and have the service handle the end-to-end deployment of the resources?

  1. AWS CodeDeploy
  2. AWS Elastic Beanstalk
  3. Amazon ECS
  4. AWS CodeCommit
A
  1. AWS Elastic Beanstalk
  • AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Developers upload applications and Elastic Beanstalk handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring
  • AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositiories
  • AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
  • Amazon Elastic Container Service is a managed service for running Docker containers
174
Q

Which service can you use to monitor, store and access log files generated by EC2 instances and on-premises servers?

  1. Amazon CloudTrail
  2. AWS OpsWorks
  3. Amazon CloudWatch Logs
  4. Amazon Kinesis
A
  1. Amazon CloudWatch Logs
  • You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources
  • You can then retrieve the associated log data from CloudWatch Logs
  • Amazon CloudTrail is used for recording a history of API actions taken on your account.
  • Amazon Kinesis is a set of services used for collecting, processing and analyzing streaming data
175
Q

Which type of Amazon RDS automated backup allows you to restore the database with a granularity of as little as 5 minutes?

  1. Snapshot backup
  2. Full backup
  3. Incremental backup
  4. Point-in-time recovery
A
  1. Point-in-time recovery

• You can restore a DB instance to a specific point in time with a granularity of 5 minutes. RDS uses transaction logs which it uploads to Amazon S3 to do this

176
Q

Which combination of AWS services could be used to deploy a stateless web application that can automatically and elastically scale?

  1. EC2, Auto Scaling and Elastic Load Balancing
  2. EC2, CloudFront and RDS
  3. EC2, DynamoDB and ElastiCache
  4. EC2, EBS and Auto Scaling
A
  • Whenever EC2 is included you need to use Auto Scaling to automatically scale the number of instances which only leaves 2 potential answers. EBS volumes can only be mounted to a single instance and so data cannot be shared therefore that rules out the other potential answer. Therefore EC2 with Auto Scaling and an ELB sitting in front is the correct solution
  • DynamoDB can be used for storing session state for stateless web applications but is not necessary for the answer
177
Q

Which DynamoDB feature provides in-memory acceleration to tables that result in significant performance improvements?

  1. Amazon ElastiCache
  2. Amazon DynamoDB Accelerator (DAX)
  3. Amazon EFS
  4. Amazon CloudFront
A
  1. Amazon DynamoDB Accelerator (DAX)
  • Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second
  • DAX does all the heavy lifting required to add in-memory acceleration to your DynamoDB tables, without requiring developers to manage cache invalidation, data population, or cluster management
178
Q

A developer needs a way to automatically provision a collection of AWS resources. Which AWS service is primarily used for deploying infrastructure as code?

  1. AWS Elastic Beanstalk
  2. Amazon CloudFormation
  3. AWS CodeDeploy
  4. Jenkins
A
  1. Amazon CloudFormation
  • AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. Think of CloudFormation as deploying infrastructure as code
  • Elastic Beanstalk is more focussed on deploying applications on EC2 (PaaS)
  • AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
  • Jenkins deploys infrastructure as code but is not an AWS service
179
Q

Select the statements that are correct in relation to Amazon Route 53? (choose 2)

  1. Amazon Route 53 is an internal elastic load balancer
  2. You can register domain names via Amazon Route 53
  3. Amazon Route 53 does not support SPF records
  4. Amazon Route 53 supports Alias and CNAME records
  5. Amazon Route 53 can be used to connect on-premises data centers to the AWS cloud
A
  1. You can register domain names via Amazon Route 53
  2. Amazon Route 53 supports Alias and CNAME records

• Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service
• Route 53 offers the following functions:
– Domain name registry
– DNS resolution
– Health checking of resources
• Health checks verify Internet connected resources are reachable, available and functional
• Routing policies include Simple, Weighted, Latency-based, Failover and Geo-Location
• Many record types are supported including Alias and CNAME
• Internal elastic load balancing is performed by the Amazon ELB
• It does not support connecting on-premises data centers to the cloud – this is done by Direct Connect

180
Q

Assuming you have configured them correctly, which AWS services can scale automatically without intervention? (choose 2)

  1. Amazon RDS
  2. Amazon EC2
  3. Amazon S3
  4. Amazon DynamoDB
  5. Amazon EBS
A
  1. Amazon S3
  2. Amazon DynamoDB
  • Both S3 and DynamoDB automatically scale as demand dictates. In the case of DynamoDB you can either configure the on-demand or provisioned capacity mode. With on-demand capacity mode DynamoDB automatically adjusts the read and write throughput for you
  • EC2 cannot scale automatically. You need to use Auto Scaling to scale the number of EC2 instances deployed
  • EBS and RDS do not scale automatically. You must intervene to adjust volume sizes and database instance types to scale these resources
181
Q

What offerings are included in the Amazon Lightsail product set? (choose 2)

  1. Virtual Private Server
  2. NoSQL database
  3. Managed MySQL database
  4. Object storage
  5. Serverless functions
A
  1. Virtual Private Server
  2. Managed MySQL database
  • Amazon Lightsail provides an easy, low cost way to consume cloud services without needing the skill set for using VPC resources. The product set includes virtual private servers (instances), managed MySQL databases, HA storage, and load balancing
  • You can connect to other AWS services such as S3, DynamoDB, and CloudFront, however these are not part of the Lightsail product range
182
Q

Which type of Amazon EBS volume do AWS suggest customers use for the boot volume of most workloads?

  1. General Purpose SSD
  2. Provisioned IOPS SSD
  3. Throughput Optimized HDD
  4. Cold HDD
A
  1. General Purpose SSD
  • AWS suggest that the General Purpose SSD is used for the boot volume of most workloads
  • Provisioned IOPS SSD is for high performance applications that require sustained IOPS
  • Throughput Optimized HDD is for streaming workloads with fast throughput requirements
  • Cold HDD is the lowest cost HDD and is for infrequently accessed data
183
Q

An engineer launched a new EC2 instance and it was immediately terminated. What is the most likely reason?

  1. The user does not have the permissions to launch EC2 instances
  2. The AZ does not have any capacity left
  3. The account has reached its On-Demand instance limit for the region
  4. The AMI was deleted
A
  1. The account has reached its On-Demand instance limit for the region
  • You are limited to running up to a total of 20 On-Demand instances across the instance family, purchasing 20 Reserved Instances, and requesting Spot Instances per your dynamic Spot limit per region
  • If a user did not have permissions to launch an instance then it would not launch at all, rather than launching and then terminating
  • If the AZ did not have capacity, or the AMI was deleted the instance would not launch
184
Q

How can a systems administrator connect over the Internet to a Linux instance in a private subnet?

  1. Deploy a bastion host in a public subnet
  2. Add a public elastic IP address to the instance
  3. Use a NAT Gateway
  4. Update the security group to allow the traffic
A
  1. Deploy a bastion host in a public subnet
  • When you have an EC2 instance in a private subnet you cannot add a public elastic IP address to it or update security group rules to allow connectivity. Instead you must deploy a bastion host server into a public subnet and use that to jump across from the public subnet to the private subnet
  • A NAT Gateway is used to allow instances in a private subnet to access the Internet, it cannot be used for proxying inbound connections
185
Q

In Amazon CloudWatch, which of the following Amazon EC2 data points requires a custom metric to monitor?

  1. Memory utilization
  2. CPU utilization
  3. Disk write operations
  4. Network packets in
A
  1. Memory utilization
•	The AWS/EC2 namespace includes the following instance metrics:
	– CPUUtilization
	– DiskReadOps
	– DiskWriteOps
	– DiskReadBytes
	– DiskWriteBytes
	– NetworkIn
	– NetworkOut
	– NetworkPacketsIn
	– NetworkPacketsOut
186
Q

Which of the following configuration items are important to enabling an EC2 web server to serve web pages on the Internet? (choose 2)

  1. Security group rules configured to allow HTTP/HTTPS
  2. A private IP address assigned to the instance
  3. Security groups rules configured to allow SSH
  4. A public IP address assigned to the instance
  5. An established VPN connection
A
  1. Security group rules configured to allow HTTP/HTTPS
  2. A public IP address assigned to the instance
  • To connect to a web page on a web server you use the HTTP/HTTPS protocol. You therefore need to ensure the instance’s security group allows these protocols in an inbound rule
  • A public IP address assigned to an instance in a public subnet is required in order to be able to directly access the instance from the Internet. There also needs to be an Internet Gateway attached to the VPC and an entry in the route table for the subnet that points to it
  • A private IP address will always be assigned to instances in EC2, but these do not enable access from the Internet
  • An established VPN connection is not required, connections will come through an Internet Gateway to a public subnet
187
Q

Which of the following is NOT an AWS service used for transferring large amounts of data into Amazon S3?

  1. AWS Snowball
  2. AWS Snowmobile
  3. S3 Transfer Acceleration
  4. AWS DMS
A
  1. AWS DMS
  • AWS DMS is used for migrating databases into or within AWS
  • All other options are valid services that are used for transferring large amounts of data into Amazon S3
188
Q

Which AWS service is part of the suite of “serverless” services and runs code as functions?

  1. Amazon ECS
  2. Amazon EKS
  3. AWS Lambda
  4. AWS CodeCommit
A
  1. AWS Lambda
  • AWS Lambda is aserverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. The code you run on AWS Lambda is called a “Lambda function”
  • Amazon ECS and EKS are both used for running software containers such as Docker containers
  • AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositiories
189
Q

What type of cloud computing service type do AWS Elastic Beanstalk and Amazon RDS correspond to?

  1. IaaS
  2. PaaS
  3. SaaS
  4. Hybrid
A
  1. PaaS
  • Both Elastic Beanstalk and RDS are services that are managed at the platform level meaning you don’t need to manage the infrastructure level yourself. Therefore, tasks like OS management and patching are performed for you
  • IaaS is a model where the underlying hardware platform and hypervisor are managed for you and you are delivered tools and interfaces for working with operating system instances
  • SaaS is a model where the whole stack is managed for you right up to the application and you are delivered working software that you can customize and populate with data
  • Hybrid is a type of cloud delivery model in which you consume both public and private cloud and connect the two together
190
Q

Which types of scaling policies are available when using AWS Auto Scaling? (choose 2)

  1. Simple scaling
  2. Deferred scaling
  3. Agile scaling
  4. Step scaling
  5. Warm scaling
A
  1. Simple scaling
  2. Step scaling
  • With AWS Auto Scaling the scaling policies include: simple, scheduled, dynamic, and step scaling
  • The other options are bogus and do not exist
  • https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/elastic-load-balancing-and-auto-scaling/
  • https://digitalcloud.training/certification-training/aws-solutions-architect-associate/compute/aws-auto-scaling/
191
Q

Which type of Elastic Load Balancer only distributes traffic using the TCP protocol information?

  1. Application Load Balancer (ALB)
  2. Network Load Balancer (NLB)
  3. Classic Load Balancer (CLB)
  4. No load balancers operate at the TCP level
A
  1. Network Load Balancer (NLB)
  • NLBs process traffic at the TCP level (layer 4)
  • ALBs process traffic at the HTTP,HTTPS level (layer 7)
  • CLBs process traffic at the TCP, SSL, HTTP and HTTPS levels (layer 4 & 7)
192
Q

How can a company configure automatic, asynchronous copying of objects in Amazon S3 buckets across regions?

  1. This is done by default by AWS
  2. By configuring multi-master replication
  3. Using cross-region replication
  4. Using lifecycle actions
A
  1. Using cross-region replication
  • Cross-region replication(CRR) enables automatic, asynchronous copying of objects across buckets in different AWS Regions. Buckets configured for cross-region replication can be owned by the same AWS account or by different account
  • Multi-master replication is not something you can do with Amazon S3 (Amazon Aurora has this feature)
  • Lifecycle actions cannot be configured to move to another storage class in a different region
193
Q

How can a Solutions Architect reduce the latency between end-users and applications or content? (choose 2)

  1. Deploy applications in multiple AZs
  2. Deploy applications in regions closest to the end-users
  3. Use S3 Transfer Acceleration to improve application performance
  4. Use Amazon CloudFront to cache content closer to end-users
  5. Use larger EC2 instance types for the applications
A
  1. Deploy applications in regions closest to the end-users
  2. Use Amazon CloudFront to cache content closer to end-users
  • To reduce latency, which corresponds with the distance over which network communications travel, you should aim to host your applications closer to your end-users. This means deploying them in the closest regions
  • Deploying in multiple AZs may create resiliency but won’t change latency much as AZs are geographically close to each other
  • S3 Transfer Acceleration is used to improve upload speeds for S3 objects and does not affect application performance
  • CloudFormation is used for deploying resources through code (“infrastructure as code”)
  • Using a larger instance type for your application may improve application performance but will not reduce latency
194
Q

Which AWS database service is a SQL database that supports complex queries and joins?

  1. Amazon DynamoDB
  2. Amazon ElastiCache
  3. Amazon SimpleDB
  4. Amazon RDS
A
  1. Amazon RDS
  • Amazon RDS is a relational database of the SQL type and can be used for complex queries and joins
  • All other options listed are NoSQL types of database which are not suitable for complex queries and joins
195
Q

Which AWS technology enables you to group resources that share one or more tags?

  1. Tag groups
  2. Organization groups
  3. Resource groups
  4. Consolidation groups
A
  1. Resource groups
  • Resource groups make it easy to group resources using the tags that are assigned to them. You can group resources that share one or more tags
  • The other options are bogus and do not exist

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-billing-and-pricing/

196
Q

You need to provision a single EBS volume that is 500 GiB in size and needs to support 20,000 IOPS. Which EBS volume type will you select?

  1. General Purpose SSD
  2. Provisioned IOPS SSD
  3. Throughput Optimized HDD
  4. Cold HDD
A
  1. Provisioned IOPS SSD
  • Provisioned IOPS SSD supports up to 50 IOPS per GiB with up to 32,000 IOPS per volume
  • General purpose SSD supports 3 IOPS per GiB and can burst up to 3000 IOPS (volumes > 334GB), and a maximum of 10,000 per volume
  • The HDD options provide much lower IOPS per volume (500, 250)
197
Q

What is the easiest way to store a backup of an EBS volume on Amazon S3?

  1. Write a custom script to copy the data into a bucket
  2. Use S3 lifecycle actions to backup the volume
  3. Create a snapshot of the volume
  4. Use Amazon Kinesis to process the data and store the results in S3
A
  1. Create a snapshot of the volume
  • All you need to do is create a snapshot as EBS snapshots are stored on S3
  • Writing a custom script could work but would not be the easiest method
  • You cannot apply S3 lifecycle actions to EBS volumes
  • Amazon Kinesis is used for processing streaming data, not data in EBS volumes
198
Q

Which AWS storage service is accessed using the Network File System (NFS) protocol?

  1. Amazon EBS
  2. Amazon S3
  3. Amazon Instance Store
  4. Amazon EFS
A
  1. Amazon EFS
  • The Amazon Elastic File System (EFS) storage service can be accessed using the NFSv4 protocol
  • Amazon EBS and Instance store are both block-based storage systems (not file-based like EFS)
  • Amazon S3 is an object-based storage system and is accessed by HTTP/HTTPS
199
Q

A Solutions Architect is looking for a way to use standard templates for describing and provisioning their infrastructure resources on AWS. Which AWS service can be used in this scenario?

  1. Amazon SNS
  2. AWS Auto Scaling
  3. AWS Elastic Beanstalk
  4. AWS CloudFormation
A
  1. AWS CloudFormation
  • AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts
  • AWS Elastic Beanstalk is the fastest and simplest way to get web applications up and running on AWS. It is more of a PaaS service and is focused on web applications not infrastructure
  • Auto Scaling automates the process of adding (scaling up) OR removing (scaling down) EC2 instances based on the traffic demand for your application
  • Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud
200
Q

Which type of Elastic Load Balancer allows you to route traffic to instances based on the URL path of the HTTP header?

  1. Application Load Balancer (ALB)
  2. Network Load Balancer (NLB)
  3. Classic Load Balancer (CLB)
  4. This is not supported with any type of ELB
A
  1. Application Load Balancer (ALB)
  • Application load balancers allow you to use content-based routing to direct traffic to instances based on the host field or URL path of the HTTP header
  • No other type of load balancer supports path-based routing
201
Q

What can be used to automatically invoke an AWS Lambda function? (choose 2)

  1. Changes to an Amazon S3 bucket
  2. Creation of an IAM user
  3. An EC2 instance is terminated
  4. Messages added to an Amazon SQS queue
  5. Data is written to an Amazon EBS volume
A
  1. Changes to an Amazon S3 bucket
  2. Messages added to an Amazon SQS queue
  • Lambda functions can be invoked in response to events. These events include objects being created or deleted in an Amazon S3 bucket or messages being added to an SQS queue
  • A list of possible event sources is included in the reference link below

• https://docs.aws.amazon.com/lambda/latest/dg/invoking-lambda-function.html#supported-event-source-s3

202
Q

Up to what layer of the OSI model does AWS Web Application Firewall operate?

  1. Layer 3
  2. Layer 4
  3. Layer 5
  4. Layer 7
A
  1. Layer 7
  • The AWS Web Application Firewall operates up to the application layer (layer 7). You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application
  • https://aws.amazon.com/waf/
203
Q

What do you need to log into the AWS console?

  1. User name and password
  2. Key pair
  3. Access key and secret ID
  4. Certificate
A
  1. User name and password
  • You can log into the AWS console using a user name and password
  • You cannot log in to the AWS console using a key pair, access key & secret ID or certificate
204
Q

Your manager has asked you to explain the benefits of using IAM groups. Which of the below statements are valid benefits? (choose 2)

  1. You can restrict access to the subnets in your VPC
  2. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users
  3. Provide the ability to create custom permission policies
  4. Enables you to attach IAM permission policies to more than one user at a time
  5. Provide the ability to nest groups to create an organizational hierarchy
A
  1. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users
  2. Enables you to attach IAM permission policies to more than one user at a time
  • Groups are collections of users and have policies attached to them
  • A group is not an identity and cannot be identified as a principal in an IAM policy
  • Use groups to assign permissions to users
  • Use the principal of least privilege when assigning permissions
  • You cannot nest groups (groups within groups)
205
Q

When using Amazon Kinesis Data Streams, where can a consumer store their results? (choose 2)

  1. Amazon S3
  2. Amazon RDS
  3. Amazon DynamoDB
  4. Amazon ECS
  5. Amazon EBS
A
  1. Amazon S3
  2. Amazon DynamoDB
  • Kinesis Data Streams enables you to build custom applications that process or analyze streaming data for specialized needs. Producers continually push data to Kinesis Data Streams and Consumers process the data in real time. Consumers can store their results using an AWS service such as Amazon DynamoDB, Amazon Redshift, or Amazon S3
  • https://digitalcloud.training/certification-training/aws-solutions-architect-associate/analytics/amazon-kinesis/
206
Q

A company wants to use their on-premise Active Directory service to authenticate with applications on the AWS cloud. Which AWS service can be used to connect their on-premise AD to AWS?

  1. Simple AD
  2. AD Connector
  3. IAM Connector
  4. RADIUS
A
  1. AD Connector
  • AD Connector is a directory gateway for redirecting directory requests to your on-premise Active Directory. AD Connector eliminates the need for directory synchronization and the cost and complexity of hosting a federation infrastructure. Connects your existing on-premise AD to AWS
  • Simple AD is an inexpensive Active Directory-compatible service with common directory features. It is a standalone, fully managed directory in the AWS cloud. It does not connect your on-premise AD to AWS
  • IAM connector does not exist
  • Remote Authentication Dial-In User Service (RADIUS) is a networking protocol, operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. It is not an AWS service
207
Q

Which type of Elastic Load Balancer only distributes traffic using the HTTP, and HTTPS protocol information?

  1. Application Load Balancer (ALB)
  2. Network Load Balancer (NLB)
  3. Classic Load Balancer (CLB)
  4. No load balancers operate at the TCP level
A
  1. Application Load Balancer (ALB)
  • ALBs process traffic at the HTTP,HTTPS level (layer 7)
  • NLBs process traffic at the TCP level (layer 4)
  • CLBs process traffic at the TCP, SSL, HTTP and HTTPS levels (layer 4 & 7)
208
Q

A company is currently running containers using Docker and Kubernetes. The company are interested in consuming a managed Kubernetes service so they don’t need to maintain their own implementation. Which AWS service can they use?

  1. Amazon ECS
  2. Amazon EC2
  3. Amazon EKS
  4. Amazon EBS
A
  1. Amazon EKS
  • Amazon Elastic Container Service for Kubernetes (EKS) is a managedKubernetes service that makes it easy for you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane
  • Amazon Elastic Container Service (ECS) is used for running Docker containers but is not a managed Kubernetes service
  • Amazon EC2 is used for running operating system instances, not containers (though you could build your own Docker/Kubernetes implementation on an EC2 instance)
  • Amazon Elastic Block Store (EBS) provides block storage volumes
209
Q

You need to connect your company’s on-premise network into AWS and would like to establish an AWS managed VPN service. Which of the following configuration items needs to be setup in your company side of the connection?

  1. A Virtual Private Gateway
  2. A Customer Gateway
  3. A Network Address Translation device
  4. A Firewall
A
  1. A Customer Gateway
  • A customer gateway is a physical device or software application on your side of the VPN connection
  • A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection
  • NAT devices and firewalls are not required for an AWS managed VPN
210
Q

How can you deploy your EC2 instances so that if a single data center fails you still have instances available?

  1. Across regions
  2. Across subnets
  3. Across Availability Zones
  4. Across VPCs
A
  1. Across Availability Zones
    • An AZ spans one or more data centers and each AZ is physically isolated from other AZs and connected by high speed networking. If you want to deploy a highly available application you should spread your instances across AZs and they will be resilient to the failure of a single DC
    • Subnets are created within AZs. Therefore, if you deploy resources into multiple subnets within an AZ and a data center fails, you may lose all of your instances
    • You could deploy your instances across separate regions but this is not necessary to create a highly available application and introduces complexity and cost. For example you may need multiple ELBs (one per region), complex name resolution and potential data transfer charges
211
Q

When using an Application Load Balancer (ALB), what protocols can be selected for instance health checks? (choose 2)

  1. HTTP
  2. SSL
  3. HTTPS
  4. TCP
  5. ICMP
A
  1. HTTP
  2. HTTPS
  • The Classic Load Balancer (CLB) supports health checks on HTTP, TCP, HTTPS and SSL
  • The Application Load Balancer (ALB) only supports health checks on HTTP and HTTPS
212
Q

How can a systems administrator specify a script to be run on an EC2 instance during launch?

  1. Metadata
  2. User Data
  3. Run Command
  4. AWS Config
A
  1. User Data
  • When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts
  • You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives
  • User data is data that is supplied by the user at instance launch in the form of a script
  • User data is limited to 16KB
  • User data and meta data are not encrypted
213
Q

How can a company facilitate the sharing of data over private connections between two accounts they own within a region?

  1. Create an internal ELB
  2. Create a subnet peering connection
  3. Create a VPC peering connection
  4. Configure matching CIDR address ranges
A
  1. Create a VPC peering connection
  • A VPC peering connection helps you to facilitate the transfer of data. For example, if you have more than one AWS account, you can peer the VPCs across those accounts to create a file sharing network. You can also use a VPC peering connection to allow other VPCs to access resources you have in one of your VPCs
  • An internal ELB will not help you to transfer data between accounts
  • You cannot peer subnets
  • Configuring matching CIDR address ranges will not mean you can route between accounts. Also, you cannot peer with an account with a matching (or overlapping) address range
214
Q

Which HTTP code indicates a successful upload of an object to Amazon S3

  1. 200
  2. 300
  3. 400
  4. 500
A
  1. 200
  • A HTTP 200 codes indicates a successful upload
  • A HTTP 300 code indicates a redirection
  • A HTTP 400 code indicates a client error
  • A HTTP 500 code indicates a server error
215
Q

Which of the following records are captured by Amazon CloudTrail? (choose 2)

  1. The identity of the API caller
  2. The CPU usage of the instance
  3. Custom metrics generated by applications
  4. The request parameters
  5. Billing information
A
  1. The identity of the API caller
  2. The request parameters

• AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is about logging and saves a history of API calls for your AWS account
• CloudTrail records account activity and service events from most AWS services and logs the following records:
– The identity of the API caller
– The time of the API call
– The source IP address of the API caller
– The request parameters
– The response elements returned by the AWS service
• All other options are metrics that can be recorded using CloudWatch

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/monitoring-and-logging-services/

216
Q

Which AWS database service is schema-less and can be scaled dynamically without incurring downtime?

  1. Amazon RDS
  2. Amazon Aurora
  3. Amazon RedShift
  4. Amazon DynamoDB
A
  1. Amazon DynamoDB
  • Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Push button scaling means that you can scale the DB at any time without incurring downtime. DynamoDB is schema-less
  • All other options are SQL type of databases and therefore have a schema. They also rely on EC2 instances so cannot be scaled dynamically without incurring downtime (you have to change instance types)
217
Q

When using Amazon RDS with Read Replicas, which of the deployment options below are valid? (choose 2)

  1. Within an Availability Zone
  2. Cross-edge location
  3. Cross-subnet
  4. Cross-data center
  5. Cross-Availability Zone
A
  1. Within an Availability Zone
  2. Cross-Availability Zone
  • Read replicas are used for offloading read traffic from the primary RDS database. You can configure read replicas to be within an AZ, across AZs, and across regions
  • You cannot specify the subnet or data center to deploy a read replica in
218
Q

What do you need to create to specify how your AWS Auto Scaling Group scales and shrinks?

  1. IAM Policy
  2. Scaling Plan
  3. Scaling Policy
  4. Launch Configuration
A
  1. Scaling Policy
  • Scaling policies determine when, if, and how the ASG scales and shrinks (on-demand/dynamic scaling, cyclic/scheduled scaling)
  • Scaling Plans define the triggers and when instances should be provisioned/de-provisioned
  • A launch configuration is the template used to create new EC2 instances and includes parameters such as instance family, instance type, AMI, key pair and security groups
  • An IAM policy is not used to control Auto Scaling

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/elastic-load-balancing-and-auto-scaling/

219
Q

Which AWS Glacier data access option retrieves data from an archive in 1-5 minutes?

  1. Standard
  2. Express
  3. Accelerated
  4. Expedited
A
  1. Expedited
  • You can use the expedited access to retrieve data within 1-5 minutes
  • Standard takes 3-5 hours
  • The other options are bogus and do not exist
220
Q

With which AWS Storage Gateway Volume Gateway configuration is data stored on-premise and asynchronously backed up to Amazon S3?

  1. Cached volume mode
  2. File gateway mode
  3. Stored volume mode
  4. VTL mode
A
  1. Stored volume mode
    • The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes
    – Stored Volume mode – the entire dataset is stored on-site and is asynchronously backed up to S3 (EBS point-in-time snapshots). Snapshots are incremental and compressed
    – Cached Volume mode – the entire dataset is stored on S3 and a cache of the most frequently accessed data is cached on-site
    • A file gateway is not a mode but a different type of AWS Storage Gateway that provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3
    • Virtual Tape Library is not a mode but a gateway that is preconfigured with a media changer and tape drives
221
Q

Which type of AWS database is ideally suited to analytics using SQL queries?

  1. Amazon DynamoDB
  2. Amazon RedShift
  3. Amazon RDS
  4. Amazon S3
A
  1. Amazon RedShift
  • Amazon Redshift is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and existing Business Intelligence (BI) tools. RedShift is a SQL based data warehouse used for analyticsapplications
  • Amazon RDS is a transactional DB, not an analytics DB
  • Amazon DynamoDB is a NoSQL type of database and is not suited to analytics using SQL queries
  • Amazon S3 is an object storage solution not a database
222
Q

Which AWS service makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow?

  1. Amazon SWF
  2. AWS Step Functions
  3. Amazon SNS
  4. Amazon SES
A
  1. AWS Step Functions
  • AWS Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. AWS Step Functions lets you build visual workflows that enable fast translation of business requirements into technical requirements
  • Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps. SWF is not a visual workflow tool
  • Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service
  • Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails

• https://aws.amazon.com/step-functions/

223
Q

A Solutions Architect is creating the business process workflows associated with an order fulfilment system. Which AWS service can assist with coordinating tasks across distributed application components?

  1. Amazon STS
  2. Amazon SQS
  3. Amazon SWF
  4. Amazon SNS
A
  1. Amazon SWF
  • Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks
  • Amazon Security Token Service (STS) is used for requesting temporary credentials
  • Amazon Simple Queue Service (SQS) is a message queue used for decoupling application components
  • Amazon Simple Notification Service (SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud
  • SNS supports notifications over multiple transports including HTTP/HTTPS, Email/Email-JSON, SQS and SMS
224
Q

Which types of servers can be migrated using the AWS Server Migration Service? (choose 2)

  1. OpenStack VMs
  2. VMware vSphere VMs
  3. Oracle VMs
  4. Hyper-V VMs
  5. Azure Instances
A
  1. VMware vSphere VMs
  2. Hyper-V VMs

• AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS. AWS SMS allows you to automate, schedule, and track incremental replications of live server volumes, making it easier for you to coordinate large-scale server migrations. Currently, you can migrate virtual machines from VMware vSphere and Windows Hyper-V to AWS using AWS Server Migration Service

225
Q

Which AWS service is designed to be used for operational analytics?

  1. Amazon EMR
  2. Amazon Athena
  3. Amazon QuickSight
  4. Amazon Elasticsearch Service
A
  1. Amazon Elasticsearch Service
  • For operational analytics such as application monitoring, log analytics and clickstream analytics,Amazon Elasticsearch Service allows you to search, explore, filter, aggregate, and visualize your data in near real-time
  • For big data processing using the Spark and Hadoop frameworks,Amazon EMR provides a managed service that makes it easy, fast, and cost-effective to process vast amounts data
  • For interactive analysis,Amazon Athena makes it easy to analyze data directly in S3 and Glacier using standard SQL queries
  • For dashboards and visualizations,Amazon QuickSight provides you a fast, cloud-powered business analytics service, that that makes it easy to build stunning visualizations and rich dashboards that can be accessed from any browser or mobile device

• https://aws.amazon.com/big-data/datalakes-and-analytics/

226
Q

You need to connect your company’s on-premise network into AWS and would like to establish an AWS managed VPN service. Which of the following configuration items needs to be setup on the Amazon VPC side of the connection?

  1. A Virtual Private Gateway
  2. A Customer Gateway
  3. A Network Address Translation device
  4. A Firewall
A
  1. A Virtual Private Gateway
  • A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection
  • A customer gateway is a physical device or software application on your side of the VPN connection
  • NAT devices and firewalls are not required for an AWS managed VPN
227
Q

Where are Amazon EBS snapshots stored?

  1. On an Amazon EBS instance store
  2. On an Amazon EFS filesystem
  3. Within the EBS block store
  4. On Amazon S3
A
  1. On Amazon S3
  • Snapshots capture a point-in-time state of an instance. Snapshots are stored on S3
  • https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-storage/
228
Q

Which type of Elastic Load Balancer distributes traffic using the TCP, SSL, HTTP and HTTPS protocol information?

  1. Application Load Balancer (ALB)
  2. Network Load Balancer (NLB)
  3. Classic Load Balancer (CLB)
  4. No load balancers operate at the TCP level
A
  1. Classic Load Balancer (CLB)
  • CLBs process traffic at the TCP, SSL, HTTP and HTTPS levels (layer 4 & 7)
  • ALBs process traffic at the HTTP,HTTPS level (layer 7)
  • NLBs process traffic at the TCP level (layer 4)
229
Q

What locations can be used for storing Amazon CloudWatch log files? (choose 2)

  1. Amazon EBS
  2. Amazon CloudWatch Logs
  3. Amazon Storage Gateway
  4. Splunk
  5. Amazon CloudTrail
A
  1. Amazon CloudWatch Logs
  2. Splunk
  • Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. Used to collect and track metrics, collect and monitor log files, and set alarms
  • Options for storing logs include CloudWatch Logs, Amazon S3 by using a custom script, and a centralized logging system such as Splunk
230
Q

How many snapshots are required in order to restore an Amazon EBS volume?

  1. The most recent snapshot only
  2. The first and most recent snapshot
  3. All snapshots
  4. The first snapshot only
A
  1. The most recent snapshot only

• if you make periodic snapshots of a volume, the snapshots are incremental, which means that only the blocks on the device that have changed after your last snapshot are saved in the new snapshot. Even though snapshots are saved incrementally, the snapshot deletion process is designed so that you need to retain only the most recent snapshot in order to restore the volume

231
Q

To which destinations can Amazon S3 NOT send event notifications? (choose 2)

  1. DynamoDB Table
  2. SNS Topics
  3. SQS Queue
  4. CloudWatch
  5. Lambda functions
A
  1. DynamoDB Table
  2. CloudWatch
  • The Amazon S3 notification feature enables you to receive notifications when certain events happen in your bucket
  • Notifications can be sent to: SNS Topics, SWS Queues, and Lambda functions
232
Q

Which Amazon S3 storage class has a minimum storage duration charge of 90 days?

  1. S3 Standard
  2. S3 Standard-IA
  3. S3 One Zone-IA
  4. Amazon Glacier
A
  1. Amazon Glacier

• Only Amazon Glacier has a minimum storage duration charge of 90 days. Standard-IA and One Zone-IA both have a minimum storage duration charge of 30 days