Test 7 Flashcards by Michael Cessaro

Which AWS service or feature allows users to securely store encrypted credentials and retrieve these credentials when required?

a.
AWS Artifact
b.
AWS Encryption SDK
c.
AWS Secrets Manager
d.
AWS Security Hub

c.
AWS Secrets Manager

How well did you know this?

Not at all

Perfectly

Who is responsible for managing IAM user access and secret keys according to the AWS shared responsibility model?

a.
IAM access and secret keys are static, so there is no need to rotate them.
b.
The customer is responsible for rotating keys.
c.
The AWS Support team will rotate keys when requested by the customer
d.
AWS will rotate the keys whenever required.

b.
The customer is responsible for rotating keys.

How well did you know this?

Not at all

Perfectly

A company is undergoing a security audit. The audit includes security validation and compliance validation of the AWS infrastructure and services that the company uses. The auditor needs to locate compliance-related information and must download AWS security and compliance documents. These documents include the System and Organization Control (SOC) reports. Which AWS service or group can provide these documents?

a.
AWS Artifact
b.
AWS Support
c.
AWS Abuse team
d.
AWS Config

a.
AWS Artifact

How well did you know this?

Not at all

Perfectly

Which AWS service provides the capability to view end-to-end performance metrics and troubleshoot distributed applications?

a.
AWS CodeStar
b.
AWS Cloud Map
c.
AWS Cloud9
d.
AWS X-Ray

d.
AWS X-Ray

How well did you know this?

Not at all

Perfectly

A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, and environment maintenance. Which AWS service meets these requirements?

a.
Amazon RDS
b.
AWS Lambda
c.
AWS Athena
d.
AWS Fargate

d.
AWS Fargate

How well did you know this?

Not at all

Perfectly

Which duty is a responsibility of AWS under the AWS shared responsibility model?

a.
Firewall configuration
b.
Server-side encryption (SSE)
c.
Maintaining physical hardware
d.
Identity and access management

c.
Maintaining physical hardware

How well did you know this?

Not at all

Perfectly

A company with multiple accounts and teams wants to set up a new multi-account AWS environment. Which AWS service supports this requirement?

a.
Amazon Virtual Private Cloud (Amazon VPC)
b.
AWS CloudFormation
c.
AWS Config
d.
AWS Control Tower

d.
AWS Control Tower

How well did you know this?

Not at all

Perfectly

A company needs an AWS service to perform automated security assessments on applications that are deployed in the AWS Cloud. Which AWS service will meet this requirement?

a.
AWS Config
b.
Amazon GuardDuty
c.
AWS Security Hub
d.
Amazon Inspector

d.
Amazon Inspector

How well did you know this?

Not at all

Perfectly

Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses?

a.
Global reach
b.
Pay-as-you-go pricing
c.
High availability
d.
Economies of scale

b.
Pay-as-you-go pricing

How well did you know this?

Not at all

Perfectly

Which AWS service or feature is highly available by default?

a.
Amazon EC2
b.
NAT instances
c.
Amazon RDS
d.
Amazon Aurora

d.
Amazon Aurora

How well did you know this?

Not at all

Perfectly

Which AWS services can be used to store files? (Select TWO.)

a. Amazon S3
b. AWS Lambda
c. Amazon SageMaker
d. Amazon Elastic Block Store (Amazon EBS)
e. AWS Storage Gateway

a. Amazon S3

How well did you know this?

Not at all

Perfectly

A company wants to build a new architecture with AWS services. The company needs to compare service costs at various scales. Which AWS service, tool, or feature should the company use to meet this requirement?

a.
Cost Explorer rightsizing recommendations
b.
AWS Compute Optimizer
c.
AWS Pricing Calculator
d.
AWS Trusted Advisor

c.
AWS Pricing Calculator

How well did you know this?

Not at all

Perfectly

Which phrase describes agility as a benefit of building in the AWS Cloud?

a.
The ability to eliminate guessing about infrastructure capacity needs
b.
The ability to support innovation through a reduction in the time that is required to make IT resources available to developers
c.
The ability to pay only when computing resources are consumed, based on the volume of resources that are consumed
d.
The ability to deploy an application in multiple AWS Regions around the world in minutes

b.
The ability to support innovation through a reduction in the time that is required to make IT resources available to developers

How well did you know this?

Not at all

Perfectly

A company wants to increase its ability to recover its infrastructure in the case of a natural disaster. Which pillar of the AWS Well-Architected Framework does this ability represent?Select one

a.
Security
b.
Reliability
c.
Cost optimization
d.
Performance efficiency

b.
Reliability

How well did you know this?

Not at all

Perfectly

Which AWS service or feature provides users with recommendations for common billing questions?

a.
AWS Marketplace
b.
Amazon Connect
c.
Amazon Pinpoint
d.
AWS Knowledge Center

d.
AWS Knowledge Center

How well did you know this?

Not at all

Perfectly

A company is running a Microsoft SQL Server instance on premises and is migrating its application to AWS. The company lacks the resources needed to refactor the application, but management wants to reduce operational overhead as part of the migration. Which database service would MOST effectively support these requirements?

a.
Amazon DynamoDB
b.
Amazon RDS for SQL Server
c.
Amazon Redshift
d.
Microsoft SQL Server on Amazon EC2

b.
Amazon RDS for SQL Server

How well did you know this?

Not at all

Perfectly

A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in the AWS Cloud. Which service should be used to deploy the application?

a.
AWS Elastic Beanstalk
b.
Amazon EC2
c.
AWS CloudFormation
d.
AWS OpsWorks

a.
AWS Elastic Beanstalk

How well did you know this?

Not at all

Perfectly

A company wants to connect an on-premises software appliance with AWS Cloud storage. The company needs seamless integration with data security features between the on-premises IT environment and the AWS storage infrastructure. Which AWS service will meet these requirements?

a.
AWS Data Pipeline
b.
AWS Storage Gateway
c.
AWS Snowball Edge Storage Optimized
d.
AWS Direct Connect

b.
AWS Storage Gateway

How well did you know this?

Not at all

Perfectly

A large organization has a single AWS account. What are the advantages of reconfiguring the single account into multiple AWS accounts? (Select TWO.)

a. Discounts can be applied on a quarterly basis by submitting cases in the AWS Management Console

b. It allows for administrative isolation between different workloads

c. Transitioning objects from Amazon S3 to Amazon S3 Glacier in separate AWS accounts will be less expensive

d. Having multiple accounts reduces the risks associated with malicious activity targeted at a single account

e. Amazon QuickSight offers access to a cost tool that provides application-specific recommendations for environments running in multiple accounts.

b. It allows for administrative isolation between different workloads

d. Having multiple accounts reduces the risks associated with malicious activity targeted at a single account

How well did you know this?

Not at all

Perfectly

Which AWS service allows users to provision resources using a consistent and repeatable process?

a.
AWS Systems Manager
b.
AWS CloudFormation
c.
AWS Batch
d.
AWS Config

b.
AWS CloudFormation

How well did you know this?

Not at all

Perfectly

A retail company needs to build a highly available architecture for a new ecommerce platform. The company is using only AWS services that replicate data across multiple Availability Zones. Which AWS services should the company use to meet this requirement? (Select TWO.)

a. Amazon DynamoDB
b. Amazon EC2
c. Amazon Elastic Block Store (Amazon EBS)
d. Amazon Aurora
e. Amazon Redshift

d. Amazon Aurora

e. Amazon Redshift

How well did you know this?

Not at all

Perfectly

Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity?

a.
Durability
b.
Agility
c.
Elasticity
d.
Reliability

c.
Elasticity

How well did you know this?

Not at all

Perfectly

Which AWS services make use of global edge locations? (Select TWO.)

a.
Amazon VPC
b.
AWS Fargate
c.
AWS Global Accelerator
d.
AWS Wavelength
e.
Amazon CloudFront

c.
AWS Global Accelerator

e.
Amazon CloudFront

How well did you know this?

Not at all

Perfectly

What does Amazon CloudFront provide?

a.
Automatic scaling for all resources to power an application from a single unified interface
b.
Ability to directly manage traffic globally through a variety of routing types, including latency-based routing, geo DNS, geoproximity, and weighted round robin
c.
Automatic distribution of incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and AWS Lambda functions
d.
Secure delivery of data, videos, applications, and APIs to users globally with low latency

d.
Secure delivery of data, videos, applications, and APIs to users globally with low latency

How well did you know this?

Not at all

Perfectly

Which of the following are economic benefits of using the AWS Cloud? (Select TWO.) a. AWS Enterprise Support at no additional cost b. Perpetual licenses c. Consumption-based pricing d. Bring-your-own-hardware model e. Economies of scale

c. Consumption-based pricing e. Economies of scale

A company is moving multiple applications to a single AWS account. The company wants to monitor the AWS Cloud costs incurred by each application. What can the company do to meet this requirement? a. Set budgets in Cost Explorer b. Set up invoiced billing c. Create cost allocation tags d. Use AWS Artifact

c. Create cost allocation tags

A user has an AWS Business Support plan and requires detailed billing information. Which AWS resource will help? a. AWS Cost and Usage Report b. AWS Budgets c. AWS Concierge Support d. AWS Service Catalog

a. AWS Cost and Usage Report

Which cloud computing benefit does AWS demonstrate with its ability to offer lower variable costs as a result of high purchase volumes? a. High availability b. Pay-as-you-go pricing c. Economies of scale d. Global reach

c. Economies of scale

Which of the following are characteristics of AWS Regions and Availability Zones? (Select TWO.) a. Regions bring AWS services to on-premises facilities b. Regions are within 100 km (60 miles) of each other c. Regions consist of multiple Availability Zones d. Regions are located around the world e. An Availability Zone contains several Regions

c. Regions consist of multiple Availability Zones d. Regions are located around the world

Which pillar of the AWS Well-Architected Framework focuses on the ability to run workloads effectively, gain insight into operations, and continuously improve supporting processes and procedures? a. Operational excellence b. Performance efficiency c. Reliability d. Cost optimization

a. Operational excellence

A company is using Amazon EC2 Auto Scaling to scale its Amazon EC2 instances. Which benefit of the AWS Cloud does this example illustrate? a. Elasticity b. High availability c. Global reach d. Reliability

a. Elasticity

Which of the following services can be used to block network traffic to an instance? (Select TWO.) a. Network ACLs b. AWS CloudTrail c. Amazon CloudWatch d. Security groups e. Amazon Virtual Private Cloud (Amazon VPC) flow logs

a. Network ACLs d. Security groups

Which AWS service will automatically identify and protect a user's sensitive data? a. Amazon Inspector b. Amazon GuardDuty c. Amazon CloudWatch d. Amazon Macie

d. Amazon Macie

Which of the following is included within the security pillar of the AWS Well-Architected Framework? a. Disaster recovery b. Data protection c. Identity federation d. Incident reporting

b. Data protection

Which AWS Trusted Advisor checks are available to users with AWS Basic Support? (Select TWO.) a. Security groups - specific ports unrestricted b. Large number of rules in an EC2 security group c. Load balancer optimization d. Service limits e. High utilization Amazon EC2 instances

a. Security groups - specific ports unrestricted d. Service limits

Which AWS service is always free of charge for users? a. Amazon S3 b. Amazon EC2 c. AWS Identity and Access Management (IAM) d. Amazon Aurora

c. AWS Identity and Access Management (IAM)

Which AWS service or feature enables users to encrypt data at rest in Amazon S3? a. Client-side encryption b. Server-side encryption c. IAM policies d. Amazon GuardDuty

b. Server-side encryption

What is the MOST cost-effective AWS Support plan that provides all of the AWS Trusted Advisor checks? a. AWS Basic Support b. AWS Developer Support c. AWS Enterprise Support d. AWS Business Support

d. AWS Business Support

hich AWS service can be used to decouple applications? a. AWS Batch b. Amazon Simple Email Service (Amazon SES) c. Amazon Simple Queue Service (Amazon SQS) d. AWS Config

c. Amazon Simple Queue Service (Amazon SQS)

Which of the following is the customer responsible for updating and patching, according to the AWS shared responsibility model? a. Amazon FSx for Windows File Server b. Amazon RDS for Microsoft SQL Server c. Amazon WorkSpaces virtual Windows desktop d. AWS Directory Service for Microsoft Active Directory

b. Amazon RDS for Microsoft SQL Server

Which AWS service is a relational database compatible with MySQL and PostgreSQL? a. Amazon Neptune b. Amazon Aurora c. Amazon DynamoDB d. Amazon Redshift

b. Amazon Aurora

A company hosts an application on an Amazon EC2 instance. The EC2 instance needs to access several AWS resources, including Amazon S3 and Amazon DynamoDB. What is the MOST operationally efficient solution to delegate permissions? a. Create an IAM user and use its access key and secret access key in the application b. Create an IAM user and use its access key and secret access key to create a CLI profile in the EC2 instance c. Create an IAM role with the required permissions. Attach the role to the EC2 instance d. Create an IAM role with the required permissions. Attach the role to the administrative IAM user

c. Create an IAM role with the required permissions. Attach the role to the EC2 instance

Which task is an AWS responsibility when a workload is running in Amazon RDS? a. Dropping the database records b. Creating the database table c. Updating the database schema d. Installing the database engine

d. Installing the database engine

A company wants to receive a notification when a specific AWS cost threshold is reached. Which AWS services or tools can the company use to meet this requirement? (Select TWO.) a. Amazon Simple Queue Service (Amazon SQS) b. AWS Budgets c. AWS Cost and Usage Report d. Cost Explorer e. Amazon CloudWatch

b. AWS Budgets e. Amazon CloudWatch

An online retail company recently deployed a production web application. The system administrator needs to block common attack patterns such as SQL injection and cross-site scripting. Which AWS service should the administrator use to address these concerns? a. Amazon GuardDuty b. AWS WAF c. Amazon VPC d. Amazon CloudWatch

b. AWS WAF

A user needs the ability to access as many resources as are needed. The user also needs the ability to scale up and scale down with only a few minutes of notice. Which benefit of the AWS Cloud describes these abilities? a. Economy of scale b. Elasticity c. Reliability d. Pay-as-you-go pricing

b. Elasticity

A web developer has limited knowledge of AWS networking services such as Amazon VPC, Elastic Load Balancing, and Auto Scaling, but wants to host a highly available web application. Which AWS service would automatically handle the deployment and reduce the complexity for the developer? a. AWS CloudFormation b. AWS Resource Access Manager c. AWS CodeDeploy d. AWS Elastic Beanstalk

d. AWS Elastic Beanstalk

A company wants to establish a private network connection between AWS and its corporate network. Which AWS service or feature will meet this requirement? a. Amazon Connect b. Amazon Route 53 c. AWS Direct Connect d. VPC peering

c. AWS Direct Connect

Which network security features are supported by Amazon VPC? (Select TWO) a. Firewall rules b. Security groups c. VPC peering d. Internet gateways e. Network ACLs

b. Security groups e. Network ACLs

A company has an application workload that is stateless by design and can sustain occasional downtime. The application performs massively parallel computations. Which Amazon EC2 pricing model should the company choose for its application to reduce cost? a. Dedicated Instances b. On-Demand Instances c. Spot Instances d. Reserved Instances

c. Spot Instances

Which tasks require use of the AWS account root user? (Select TWO.) a. Modifying an Amazon EC2 instance type b. Closing an AWS account c. Changing an AWS Support plan d. Grouping resources in AWS Systems Manager e. Running applications in Amazon Elastic Kubernetes Service (Amazon EKS)

b. Closing an AWS account c. Changing an AWS Support plan

A company implements an Amazon EC2 Auto Scaling policy along with an Application Load Balancer to automatically recover unhealthy applications that run on Amazon EC2 instances. Which pillar of the AWS Well-Architected Framework does this action cover? a. Reliability b. Security c. Performance efficiency d. Operational excellence

a. Reliability

Which of the following describes AWS Local Zones? a. One or more data centers with redundant power and networking b. A site used by Amazon CloudFront to cache frequently accessed content c. A cluster of data centers in one geographic location d. An extension of an AWS Region to more granular locations

d. An extension of an AWS Region to more granular locations

A company uses a database that has a simple sign-up page to create users, and a basic login form to authenticate users so they can access the database. The company wants to give users the ability to store personal information, but user access must be controlled in a more secure and reliable way. Which AWS service or feature will meet these requirements? a. AWS Secrets Manager b. Security groups c. Amazon GuardDuty d. Amazon Cognito

d. Amazon Cognito

A company has existing software licenses that it wants to bring to AWS, but the licensing model requires licensing physical cores. How can the company meet this requirement in the AWS Cloud? a. Create an On-Demand Capacity Reservation b. Launch an Amazon EC2 instance on a Dedicated Host c. Launch an Amazon EC2 instance with default tenancy d. Purchase Dedicated Reserved Instances

b. Launch an Amazon EC2 instance on a Dedicated Host

A user with an AWS Basic Support plan has determined that illegal activities are being run on their AWS resources. What is the recommended method for the user to report the activity to AWS? a. Contact the AWS Abuse team. b. Contact an AWS technical account manager. c. Contact the AWS Concierge Support team d. Contact the AWS Support team.

a. Contact the AWS Abuse team.

What training content is included with AWS Support plans? (Select TWO.) a. Access to documentation and whitepapers is included with all Support plans b. Access to AWS Certification exam half-price vouchers is included with the Business Support plan c. Access to third-party developer-focused training is included with the Developer Support plan d. Access to online AWS self-paced labs is included with the Enterprise Support plan e. Access to all AWS Certification exam classroom readiness training is included with the Business Support plan

a. Access to documentation and whitepapers is included with all Support plans d. Access to online AWS self-paced labs is included with the Enterprise Support plan

An Elastic Load Balancer allows the distribution of web traffic across multiple a. Dedicated Hosts b. AWS Regions c. Availability Zones d. Amazon S3 buckets

c. Availability Zones

According to the AWS shared responsibility model, the customer is responsible for applying the latest security updates and patches for which of the following? a. Amazon RDS instances b. Amazon DynamoDB c. Amazon EC2 instances d. Amazon S3

c. Amazon EC2 instances

A company is building a mobile app to provide shopping recommendations to its customers. The company wants to use a graph database as part of the shopping recommendation engine. Which AWS database service should the company choose? a. Amazon Aurora b. Amazon DynamoDB c. Amazon DocumentDB (with MongoDB compatibility) d. Amazon Neptune

d. Amazon Neptune

A company is based in the us-east-1 Region and has a satellite office in the eu-west-2 Region. The company wants to use Amazon WorkSpaces to host its internal web portal and virtual desktops for employees. What should the company do to minimize latency and ensure the best possible performance for employees? a. Deploy the internal web portal to us-east-1 and eu-west-2. Deploy the virtual desktops on network optimized Amazon EC2 instances to us-east-1 only. b. Deploy the internal web portal to us-east-1 only. Deploy the virtual desktops to us-east-1 and eu-west-2. c. Deploy the internal web portal and virtual desktops to us-east-1 and eu-west-2. d. Deploy the internal web portal and virtual desktops to us-east-1 only. Use an Amazon CloudFront distribution for the users in eu-west-2. 62 / 64

c. Deploy the internal web portal and virtual desktops to us-east-1 and eu-west-2.

Which disaster recovery option is the LEAST expensive? a. Backup and restore b. Warm standby c. Multisite d. Pilot light

a. Backup and restore

A company wants to improve its security and audit posture by limiting Amazon EC2 inbound access. What should the company use to access instances remotely instead of opening inbound SSH ports and managing SSH keys? a. EC2 Key Pairs b. Network ACLs c. AWS Systems Manager Session Manager d. AWS Identity and Access Management (IAM)

c. AWS Systems Manager Session Manager

Which AWS service should a company use to continuously monitor the compliance of AWS resource configurations? a. AWS Organizations Your Answer: Incorrect b. AWS Artifact c. AWS Service Catalog d. AWS Config

d. AWS Config