Test 14 and 15 Flashcards
Which option is a shared control between AWS and the customer, according to the AWS shared responsibility model?
a.
Identity and access management
b.
Configuration management
c.
Physical and environmental controls.
d.
Data integrity authentication
a.
Identity and access management
Which AWS service keeps track of SSL/TLS certificates, creates new certificates, and processes renewals?
a.
AWS Certificate Manager (ACM)
b.
AWS Identity and Access Management (IAM)
c.
AWS Config
d.
AWS Trusted Advisor
a.
AWS Certificate Manager (ACM)
A company has services that run in the AWS Cloud and in an on-premises data center. The company wants to set up a dedicated, high-throughput connection between AWS and the data center. Which AWS service will meet these requirements?
a.
Amazon VPC
b.
AWS Direct Connect
c.
Amazon CloudFront
d.
Amazon API Gateway
b.
AWS Direct Connect
What is a benefit of using AWS serverless computing?
a.
Application deployment and management are not required
b.
Application security will be fully managed by AWS
c.
Monitoring and logging are not needed
d.
Management of infrastructure is offloaded to AWS
d.
Management of infrastructure is offloaded to AWS
A company’s workload can recover with minimal downtime when failures occur. Which AWS Cloud benefit does this scenario represent?
a.
Agility
b.
Elasticity
c.
Resiliency
d.
Scalability
c.
Resiliency
Which of the following are best practices in AWS Identity and Access Management (IAM)? (Select TWO.)
a. Create shared access keys
b. Use roles to delegate permissions
c. Disable multi-factor authentication (MFA)
d. Avoid the use of policy conditions
e. Use groups to assign permissions to IAM users
b. Use roles to delegate permissions
e. Use groups to assign permissions to IAM users
Which of the following are design principles for reliability in the AWS Cloud? (Select TWO.)
a. Build architectures with tightly coupled resources
b. Use AWS Trusted Advisor to meet security best practices
c. Use automation to recover immediately from failure
d. Rightsize Amazon EC2 instances to ensure optimal performance
e. Simulate failures to test recovery processes.
c. Use automation to recover immediately from failure
e. Simulate failures to test recovery processes.
A company needs to create an encrypted network connection between two offices in different countries. The connection must be over the public internet. Which AWS service should the company use to meet these requirements?
a.
AWS Direct Connect
b.
Amazon VPC Lattice
c.
AWS Site-to-Site VPN
d.
AWS Cloud WAN
c.
AWS Site-to-Site VPN
Which AWS service or feature can a company use to apply security rules to a subnet for Amazon EC2 instances?
a.
AWS WAF
b.
AWS Shield
c.
Network ACL
d.
Security groups
c.
Network ACL
Which capabilities are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)
a. Performance and capacity management This is in the Operations Perspective.
b. Data engineering This is in the Data Perspective.
c. Continuous integration and continuous delivery (CI/CD) This is in the DevOps Perspective.
d. Infrastructure protection
e. Change and release management
d. Infrastructure protection
e. Change and release management
A company runs a web application on Amazon EC2 instances. The application has consistent usage and is expected to run indefinitely. Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?
a.
3year All Upfront Reserved Instances
b.
1year All Upfront Reserved Instances/1-year No Upfront Reserved Instances
c.
1year No Upfront Reserved Instances
d.
3year No Upfront Reserved Instances
a.
3year All Upfront Reserved Instances
A company needs to provide users with a list of company-generated products built on AWS services. The company also needs to control access to these products by provisioning a personalized portal for specific users. Which AWS service will meet these requirements?
a.
AWS Service Catalog
b.
Amazon Lightsail
c.
AWS App Runner
d.
Amazon AppFlow
a.
AWS Service Catalog
A company wants to securely rehost databases to AWS with minimal downtime. Which AWS service will meet these requirements?
a.
AWS Snow Family
b.
AWS DataSync
c.
AWS Database Migration Service (AWS DMS)
d.
AWS Mainframe Modernization
c.
AWS Database Migration Service (AWS DMS)
A company needs to continuously monitor its environment to analyze network and account activity and identify potential security threats. Which AWS service should the company use to meet these requirements?
a.
AWS Artifact
b.
Amazon Macie
c.
AWS Identity and Access Management (IAM)
d.
Amazon GuardDuty
d.
Amazon GuardDuty
Which AWS service scans for software vulnerabilities and unintended network exposure?
a.
Amazon Inspector
b.
AWS Security Hub
c.
AWS Shield
d.
AWS Trusted Advisor
a.
Amazon Inspector
What is the scope of a VPC within the AWS network?
a.
Its scope is confined to a single AWS Region but can span across all of the Availability Zones (AZs) within that Region.
b.
This allows for high availability and fault tolerance by deploying resources across multiple AZs within the same VPC.
c.
The other options are incorrect because a VPC does not have a global scope, nor is it limited to only two subnets or edge locations.
d.
A VPC can span all Availability Zones within an AWS Region
d.
A VPC can span all Availability Zones within an AWS Region
A company has only basic knowledge of AWS technologies. Which AWS service provides the SIMPLEST way for the company to establish a website on AWS?
a.
Amazon Elastic File System (Amazon EFS)
b.
AWS Elastic Beanstalk
c.
AWS Lambda
d.
Amazon Lightsail
d.
Amazon Lightsail
Which AWS Trusted Advisor check category includes the AWS CloudTrail logging check?
a.
Service limits
b.
Security
c.
Performance
d.
Fault tolerance
b.
Security
A company wants to migrate its on-premises application to the AWS Cloud. The company is legally obligated to retain certain data in its on-premises data center. Which AWS service or feature will support this requirement?
a.
AWS Wavelength
b.
AWS Local Zones
c.
VMware Cloud on AWS
d.
AWS Outposts
d.
AWS Outposts
In the AWS shared responsibility model, which tasks are the responsibility of AWS? (Select TWO.)
a. Patch an Amazon EC2 instance operating system
b. Configure a security group
c. Monitor the health of an Availability Zone
d. Protect the infrastructure that runs Amazon EC2 instances
e. Manage access to the data in an Amazon S3 bucket
c. Monitor the health of an Availability Zone
d. Protect the infrastructure that runs Amazon EC2 instances
A company wants to migrate its containerized workload from an on-premises data center to a managed container service in the AWS Cloud. Which AWS services should the company use? (Select TWO.)
a. Amazon EC2
b. Amazon Elastic Kubernetes Service (Amazon EKS)
c. Amazon Elastic Container Registry (Amazon ECR)
d. Amazon Elastic Container Service (Amazon ECS)
e. AWS Lambda
b. Amazon Elastic Kubernetes Service (Amazon EKS)
d. Amazon Elastic Container Service (Amazon ECS)
A company operates a petabyte-scale data warehouse to analyze its data. The company wants a solution that will not require manual hardware and software management. Which AWS service will meet these requirements?
a.
Amazon DocumentDB (with MongoDB compatibility)
b.
Amazon Redshift
c.
Amazon Neptune
d.
Amazon ElastiCache
b.
Amazon Redshift
A company is designing an application. For the data persistence layer, the company wants to use a NoSQL database. Which AWS service should the company use for the database?
a.
Amazon Redshift
b.
AWS DataSync
c.
Amazon Athena
d.
Amazon DynamoDB
d.
Amazon DynamoDB
A company needs AWS to automate monitoring, patch management, and backup services on the company’s behalf. Which AWS service or framework provides this functionality?
a.
AWS Cloud Adoption Framework (AWS CAF)
b.
AWS Managed Services (AMS)
c.
AWS Support
d.
AWS Well-Architected Framework
b.
AWS Managed Services (AMS)
