Test 8 Flashcards by Michael Cessaro

Which of the following is an AWS key-value database offering consistent single-digit millisecond performance at any scale?

a.
Amazon DynamoDB
b.
Amazon RDS
c.
Amazon Aurora
d.
Amazon Redshift

a.
Amazon DynamoDB

How well did you know this?

Not at all

Perfectly

For which AWS service is the customer responsible for maintaining the underlying operating system?

a.
Amazon EC2
b.
Amazon S3
c.
AWS Lambda
d.
Amazon DynamoDB

a.
Amazon EC2

How well did you know this?

Not at all

Perfectly

A company is running its application in the AWS Cloud and wants to protect against a DDoS attack. The company’s security team wants near real-time visibility into DDoS attacks. Which AWS service or traffic filter will meet these requirements with the MOST features for DDoS protection?

a.
Network ACLs
b.
Amazon GuardDuty
c.
AWS Shield Advanced
d.
AWS Shield

c.
AWS Shield Advanced

How well did you know this?

Not at all

Perfectly

Which of the following are general AWS Cloud design principles described in the AWS Well-Architected Framework? (Select TWO.)

a. Consolidate key components into monolithic architectures.
b. Drive architecture design based on data collected about the workload behavior and requirements,
c. Test systems at production scale.
d. Make AWS Cloud architectural decisions static, one-time events.
e. Provision more capacity than a workload is expected to need.

b. Drive architecture design based on data collected about the workload behavior and requirements,
c. Test systems at production scale.

How well did you know this?

Not at all

Perfectly

Which AWS services provide high availability across multiple Availability Zones by default? (Select TWO.)

a. Amazon Redshift
b. Amazon Elastic File System (Amazon EFS)
c. Amazon S3
d. Amazon Elastic Block Store (Amazon EBS)
e. Amazon EC2

b. Amazon Elastic File System (Amazon EFS)
c. Amazon S3

How well did you know this?

Not at all

Perfectly

A company is moving to the AWS Cloud to reduce operational overhead for its application infrastructure. Which IT operation will the company still be responsible for after the migration to AWS?

a.
Termination of Amazon EC2 instances that are managed by AWS Auto Scaling
b.
Security patching of AWS Elastic Beanstalk
c.
Backups of data that is stored in Amazon Aurora
d.
Configuration of IAM access controls

d.
Configuration of IAM access controls

How well did you know this?

Not at all

Perfectly

Which of the following is a benefit of using an AWS managed service?

a.
Removal of the need to have a backup strategy
b.
Increased fixed costs that can be predicted by a finance team
c.
Reduced operational overhead for a company’s IT staff
d.
Removal of the need to follow compliance standards

c.
Reduced operational overhead for a company’s IT staff

How well did you know this?

Not at all

Perfectly

A company that uses AWS needs to transfer 2 TB of data. Which type of transfer of that data would result in no cost for the company?

a.
Data transfer between AWS Regions
b.
Outbound data transfer to the internet
c.
Inbound data transfer from the internet
d.
Data transfer between Availability Zones

c.
Inbound data transfer from the internet

How well did you know this?

Not at all

Perfectly

Which of the following is a customer responsibility according to the AWS shared responsibility model?

a.
Install operating system updates on Lambda@Edge.
b.
Implement multi-factor authentication (MFA) for IAM user accounts.
c.
Provide physical security for AWS datacenters.
d.
Apply security patches for Amazon S3 infrastructure devices.

b.
Implement multi-factor authentication (MFA) for IAM user accounts.

How well did you know this?

Not at all

Perfectly

A company needs to connect on-premises applications to AWS Cloud storage by using industry-standard internet Small Computer Systems Interface (iSCSI) connectivity. Which AWS solution can the company use to meet this requirement?

a.
AWS Transit Gateway
b.
Amazon API Gateway
c.
AWS Storage Gateway file gateway
d.
AWS Storage Gateway volume gateway

d.
AWS Storage Gateway volume gateway

How well did you know this?

Not at all

Perfectly

A company wants high levels of detection and near-real-time (NRT) mitigation against large and sophisticated distributed denial of service (DoS) attacks on applications running on AWS. Which AWS service should the company use?

a.
Amazon Macie
b.
Amazon GuardDuty
c.
Amazon Inspector
d.
AWS Shield Advanced

d.
AWS Shield Advanced

How well did you know this?

Not at all

Perfectly

Which of the following is a pillar of the AWS Well-Architected Framework?

a.
Multi-Region
b.
Availability
c.
Redundancy
d.
Operational excellence

d.
Operational excellence

How well did you know this?

Not at all

Perfectly

A company encourages its teams to test failure scenarios regularly and to validate their understanding of the impact of potential failures. Which pillar of the AWS Well-Architected Framework does this philosophy represent?

a.
Operational excellence
b.
Performance efficiency
c.
Cost optimization
d.
Security

a.
Operational excellence

How well did you know this?

Not at all

Perfectly

A company has a social media platform in which users upload and share photos with other users. The company wants to identify and remove inappropriate photos.The company has no machine learning (ML) scientists and must build this detection capability with no ML expertise. Which AWS service should the company use to build this capability?

a.
Amazon Recognition
b.
Amazon SageMaker
c.
Amazon Comprehend
d.
Amazon Textract

a.
Amazon Recognition

How well did you know this?

Not at all

Perfectly

Which task can a user complete by using AWS Identity and Access Management (IAM)?

a.
Filter traffic to or from an Amazon EC2 instance.
b.
Grant permissions to applications that run on Amazon EC2 instances.
c.
Validate JSON syntax from an application configuration file.
d.
Analyze logs from an Amazon API Gateway call.

b.
Grant permissions to applications that run on Amazon EC2 instances.

How well did you know this?

Not at all

Perfectly

A company’s IT team is managing MySQL database server clusters. The IT team has to patch the database and take backup snapshots of the data in the clusters. The company wants to move this workload to AWS so that these tasks will be completed automatically. What should the company do to meet these requirements?

a.
Use an AWS CloudFormation template to deploy MySQL database servers on Amazon EC2 instances
b.
Deploy MySQL database server clusters on Amazon EC2 instances.
c.
Use Amazon RDS with a MySQL database.
d.
Migrate all the MySQL database data to Amazon S3.

c.
Use Amazon RDS with a MySQL database.

How well did you know this?

Not at all

Perfectly

A company wants to expand from one AWS Region into a second AWS Region. What does the company need to do to expand into the second Region?

a.
Download the AWS Management Console for the second Region.
b.
Contact an AWS account manager to sign a new contract.
c.
Move an Availability Zone to the second Region.
d.
Begin to deploy resources in the second Region.

d.
Begin to deploy resources in the second Region.

How well did you know this?

Not at all

Perfectly

A company needs to organize its resources and track AWS costs on a detailed level. The company needs to categorize costs by business department, environment, and application. Which solution will meet these requirements?

a.
Access the AWS Billing and Cost Management dashboard to organize and track resource consumption on a detailed level.
b.
Access the AWS Cost Management console to organize resources, set an AWS budget, and receive notifications of unintentional usage.
c.
Use tags to organize the resources. Activate cost allocation tags to track AWS costs on a detailed level
d.
Create Amazon CloudWatch dashboards to visually organize and track costs individually.

c.
Use tags to organize the resources. Activate cost allocation tags to track AWS costs on a detailed level

How well did you know this?

Not at all

Perfectly

Which AWS service or feature is used to troubleshoot network connectivity issues between Amazon EC2 instances?

a.
AWS Certificate Manager (ACM)
b.
AWS CloudHSM
c.
Internet gateway
d.
VPC Flow Logs

d.
VPC Flow Logs

How well did you know this?

Not at all

Perfectly

Amazon Elastic File System (Amazon EFS) and Amazon FSx offer which type of storage?

a.
Object storage
b.
Instance store
c.
File storage
d.
Block storage

c.
File storage

How well did you know this?

Not at all

Perfectly

A company wants to migrate its high performance computing (HPC) application to Amazon EC2 instances. The application has multiple components. The application must have fault tolerance and must have the ability to fail over automatically. Which AWS infrastructure solution will meet these requirements with the LEAST latency between components?

a.
Multiple edge locations
b.
Multiple AWS Regions
c.
Regional edge caches
d.
Multiple Availability Zones

d.
Multiple Availability Zones

How well did you know this?

Not at all

Perfectly

A company’s headquarters is located on a different continent from where the majority of the company’s customers live. The company wants an AWS Cloud environment setup that will provide the lowest latency to the customers. Which solution will provide the LOWEST network latency between the AWS resources and the customers?

a.
Place the resources in AWS edge locations that are closest to the company’s headquarters.
b.
Place all workloads in the AWS Region that is closest to the company’s headquarters.
c.
Place the resources in the AWS Region that is closest to the company’s headquarters. Move the resources to the Availability Zone that is closest to the customers.
d.
Place all workloads in the AWS Region that is closest to the majority of customers.

d.
Place all workloads in the AWS Region that is closest to the majority of customers.

How well did you know this?

Not at all

Perfectly

Which benefit is included with an AWS Enterprise Support plan?

a.
AWS Partner Network (APN) support at no cost
b.
Designated support from an AWS technical account manager (TAM) manager (TAM)
c.
On-site support from AWS engineers
d.
AWS managed compliance as code with AWS Config

b.
Designated support from an AWS technical account manager (TAM) manager (TAM)

How well did you know this?

Not at all

Perfectly

Which AWS service or feature enables users to get one bill and easily track charges for multiple AWS accounts?

a.
AWS Management Console
b.
AWS Organizations
c.
AWS Trusted Advisor
d.
Cost Explorer

b.
AWS Organizations

How well did you know this?

Not at all

Perfectly

A developer needs to build an application for a retail company. The application must provide real-time product recommendations that are based on machine learning. Which AWS service should the developer use to meet this requirement? a. Amazon Forecast b. AWS Health Dashboard c. Amazon Personalize d. Amazon Transcribe

c. Amazon Personalize

A developer who has no AWS Cloud experience wants to use AWS technology to build a web application. Which AWS service should the developer use to start building the application? a. Amazon SageMaker b. Amazon Lightsail c. Amazon Elastic Container Service (Amazon ECS) d. AWS Lambda

b. Amazon Lightsail

A company needs to centralize its operational data. The company also needs to automate tasks across all of its Amazon EC2 instances. Which AWS service can the company use to meet these requirements? a. AWS CodeDeploy b. AWS Trusted Advisor c. AWS Elastic Beanstalk d. AWS Systems Manager

d. AWS Systems Manager

A company needs to store infrequently used data for data archives and long-term backups. Which AWS service or storage class will meet these requirements MOST cost-effectively? a. Amazon FSx for Lustre b. Amazon Elastic File System (Amazon EFS) c. Amazon S3 Glacier Flexible Retrieval d. Amazon Elastic Block Store (Amazon EBS)

c. Amazon S3 Glacier Flexible Retrieval

A company needs to identify who accessed an AWS service and what action was performed for a given time period. Which AWS service should the company use to meet this requirement? a. Amazon Inspector b. AWS CloudTrail c. AWS Security Hub d. Amazon CloudWatch

b. AWS CloudTrail

Which database engine is compatible with Amazon RDS? a. Apache Cassandra b. MongoDB c. Neo4j d. PostgreSQL

d. PostgreSQL

A company's on-premises application deployment cycle was 3- 4 weeks. After migrating to the AWS Cloud, the company can deploy the application in 2-3 days. Which benefit has this company experienced by moving to the AWS Cloud? a. Resilience b. Flexibility c. Agility d. Elasticity

c. Agility

A company is using AWS Organizations to configure AWS accounts. Which design principle is a best practice for the company to implement? a. Organize accounts based on security and operational needs. b. Combine production workloads and non-production workloads. c. Assign multiple sets of related workloads to each production account. d. Deploy workloads to the organization's management account.

a. Organize accounts based on security and operational needs.

Which scenarios represent the concept of elasticity on AWS? (Select TWO.) a. Using AWS compliance documents to accelerate the compliance process b. Scaling the number of Amazon EC2 instances based on traffic c. Having the ability to create and govern environments using code d. Resizing Amazon RDS instances as business needs change e. Automatically directing traffic to less-utilized Amazon EC2 instances

b. Scaling the number of Amazon EC2 instances based on traffic d. Resizing Amazon RDS instances as business needs change

A company distributes traffic evenly among a fleet of Amazon EC2 instances. The EC2 instances must accommodate unpredictable increases in traffic. Which benefit does the AWS Cloud provide to meet this requirement? a. Security b. Scalability c. Resilience d. Agility

b. Scalability

A company is building an application on AWS. The application needs to comply with credit card regulatory requirements. The company needs proof that the AWS services and deployment are in compliance. Which actions should the company take to meet these requirements? (Select TWO.) a. Use Amazon Inspector to submit the application for certification. b. Use AWS Artifact to access AWS documents about the compliance of the services. c. Get the compliance of the application certified by a company assessor. d. Use AWS Security Hub to certify the compliance of the application. e. Ensure that the application's underlying hardware components comply with requirements.

b. Use AWS Artifact to access AWS documents about the compliance of the services. d. Use AWS Security Hub to certify the compliance of the application.

A company needs to implement identity management for a fleet of mobile apps that are running in the AWS Cloud.Which AWS service will meet this requirement? a. AWS Security Hub b. AWS WAF c. Amazon Cognito d. AWS Shield

c. Amazon Cognito

A company has deployed an application in the AWS Cloud. The company wants to ensure that the application is highly resilient. Which component of AWS infrastructure can the company use to meet this requirement? a. Wavelength Zones b. Content delivery network (CDN) c. Availability Zones d. Edge locations

c. Availability Zones

A global company wants to use a managed security service for protection from SQL injection attacks. The service also must provide detailed logging information about access to the company's commerce applications. Which AWS service will meet these requirements? a. AWS WAF b. Amazon GuardDuty c. Amazon RDS for SQL Server d. AWS Network Firewall

a. AWS WAF

AWS has the ability to achieve lower pay-as-you-go pricing by aggregating usage across hundreds of thousands of users. This describes which advantage of the AWS Cloud? a. No guessing about compute capacity b. High economies of scale c. Launch globally in minutes d. Increase speed and agility

b. High economies of scale

Which of the following is a benefit of decoupling an AWS Cloud architecture? a. Reduced latency b. Fewer components to manage c. Decreased costs d. Ability to upgrade components independently

d. Ability to upgrade components independently

Which task is the customer's responsibility, according to the AWS shared responsibility model? a. Control physical access to an AWS data center. b. Patch a host operating system that is deployed on Amazon S3. c. Patch a guest operating system that is deployed on an Amazon EC2 instance. d. Control access to AWS underlying hardware.

c. Patch a guest operating system that is deployed on an Amazon EC2 instance.

Which VPC component provides a layer of security at the subnet level? a. Network ACLs b. Security groups c. Route tables d. NAT gateways

a. Network ACLs

What are characteristics of Availability Zones? (Select TWO.) a. All traffic between Availability Zones is encrypted. b. Availability Zones are physically separated by a minimum of distance of 150 km (100 miles). c. Availability Zones within an AWS Region share redundant power, networking, and connectivity. d. Every Availability Zone contains a single data center. e. All Availability Zones in an AWS Region are interconnected with high-bandwidth, low-latency networking.

a. All traffic between Availability Zones is encrypted. e. All Availability Zones in an AWS Region are interconnected with high-bandwidth, low-latency networking.

A company wants to minimize network latency between its Amazon EC2 instances. Which solution achieves this goal? a. Use EC2 instances in a single Availability Zone. b. Use EC2 instances in multiple edge locations. c. Use EC2 instances in multiple AWS Regions. d. Use EC2 instances in the same Availability Zone but in different AWS Regions.

a. Use EC2 instances in a single Availability Zone.

A company wants to analyze streaming user data and respond to customer queries in real time. Which AWS service can meet these requirements? a. Amazon Kinesis Data Analytics b. Amazon Redshift c. AWS Data Pipeline d. Amazon QuickSight

a. Amazon Kinesis Data Analytics

According to the AWS shared responsibility model, who is responsible for the virtualization layer down to the physical security of the facilities in which AWS services operate? a. It is the sole responsibility of the customer. b. It is a shared responsibility between AWS and the customer. c. The customer's AWS Support plan tier determines who manages the configuration. d. It is the sole responsibility of AWS.

d. It is the sole responsibility of AWS.

A company deployed an Amazon EC2 instance last week. A developer realizes that the EC2 instance is no longer running. The developer reviews a list of provisioned EC2 instances, and the EC2 instance is no longer on the list. What can the developer do to generate a recent history of the EC2 instance? a. Perform a search in AWS CloudTrail to find all EC2 instance-related events. b. Run Cost Explorer to identify the start time and end time of the EC2 instance. c. Use AWS Secrets Manager to display hidden termination logs of the EC2 instance. d. Use Amazon Inspector to find out when the EC2 instance was stopped.

a. Perform a search in AWS CloudTrail to find all EC2 instance-related events.

Which AWS services support a hybrid compute architectural model? (Select TWO.) a. Amazon Macie b. VMware Cloud on AWS c. AWS Wavelength d. AWS Outposts e. AWS Service Catalog

b. VMware Cloud on AWS d. AWS Outposts

Which AWS service or tool should a company use to forecast AWS spending? a. AWS Organizations b. Cost Explorer c. AWS Trusted Advisor d. Amazon DevPay

b. Cost Explorer

A company needs to migrate its website from on premises to the AWS Cloud. The website must be hosted on hardware that is not shared with other companies. The company wants to use its existing per-socket, per-core software licenses. Which Amazon EC2 instance purchasing option will meet these requirements? a. Dedicated Host b. On-Demand Instance c. Dedicated Instance d. Reserved Instance

a. Dedicated Host

An IT engineer needs to access AWS services from an on-premises application. Which credentials or keys does the application need for authentication? a. lAM access key and secret b. Amazon EC2 key pairs c. AWS Key Management Service (AWS KMS) keys d. AWS account user name and password

d. AWS account user name and password

What should a user do if the user loses an IAM secret access key? a. Request a new secret access key from AWS Support. b. Retrieve the secret access key by using the IAM console. c. Rotate the secret access key. d. Create a new user with a new access key and a new secret access key.

c. Rotate the secret access key.

A company is reviewing its operating policies. Which policy complies with guidance in the security pillar of the AWS Well-Architected Framework? a. Apply security requirements at all layers of a process. b. Grant all privileges and access to all users. c. Expand employees' permissions as they gain more experience. d. Ensure that employees have access to all company data.

a. Apply security requirements at all layers of a process.

Which of the following are aspects of the AWS shared responsibility model? (Select TWO.) a. Configuration management of infrastructure devices is the customer's responsibility. b. AWS is responsible for protecting the physical cloud infrastructure. c. AWS is responsible for training the customer's employees on AWS products and services. d. For Amazon EC2, AWS is responsible for maintaining the guest operating system. e. For Amazon S3, AWS operates the infrastructure layer, the operating systems, and the platforms.

b. AWS is responsible for protecting the physical cloud infrastructure. e. For Amazon S3, AWS operates the infrastructure layer, the operating systems, and the platforms.

Which of the following does Amazon CloudFront use to distribute content to users around the world? a. Edge locations b. AWS Local Zones c. Availability Zones d. Amazon VPC

a. Edge locations

Which type of workload should the company run on Amazon EC2 Reserved Instances? a. A steady-state workload that requires a particular EC2 instance configuration for a long period of time b. A short-term workload that cannot be interrupted c. A steady-state workload that does not require a long-term commitment d. A short-term workload that can be interrupted

a. A steady-state workload that requires a particular EC2 instance configuration for a long period of time

Which AWS service provides encryption at rest for Amazon RDS and for Amazon Elastic Block Store (Amazon EBS) volumes? a. AWS Key Management Service (AWS KMS) b. Amazon Rekognition c. AWS Lambda d. AWS WAF

a. AWS Key Management Service (AWS KMS)

A company's user base needs to remotely access virtual desktop computers from the internet. Which AWS service provides this functionality? a. Amazon AppStream 2.0 b. Amazon Cognito c. Amazon WorkSpaces d. Amazon Connect

c. Amazon WorkSpaces

A company is migrating its data center to AWS. The company needs an AWS Support plan that provides chat access to a cloud support engineer 24 hours a day, 7 days a week. The company does not require access to infrastructure event management. What is the MOST cost-effective AWS Support plan that meets these requirements? a. AWS Developer Support b. AWS Basic Support c. AWS Enterprise Support d. AWS Business Support

d. AWS Business Support

A company needs a quick estimate of the cost to run 100 Amazon EC2 instances with AWS Business Support. Which tool should the company use to generate the estimate? a. Cost Explorer b. AWS Cost and Usage Report c. AWS Budgets d. AWS Pricing Calculator

d. AWS Pricing Calculator

A company needs to run code in response to an event notification that occurs when objects are uploaded to an Amazon S3 bucket. Which AWS service will integrate directly with the event notification? a. Amazon EC2 b. AWS Elastic Beanstalk c. Amazon Elastic Container Registry (Amazon ECR) d. AWS Lambda

d. AWS Lambda

A company wants to use guidelines from the AWS Well-Architected Framework to limit human error and facilitate consistent responses to events. Which of the following is a Well-Architected design principle that will meet these requirements? a. Migrate workloads to a Dedicated Host. b. Use AWS Compute Optimizer. c. Perform operations as code. d. Use AWS CodeDeploy.

c. Perform operations as code.

A gaming company wants to move its on-premises environment to AWS. The company needs its resources to be highly available. Which benefit does the AWS Cloud provide to meet this requirement? a. Security b. The AWS shared responsibility model c. Reliability d. Agility

c. Reliability

A user has a stateless and restartable application that will run on an Amazon EC2 instance for 2 hours at a time. Which purchase option is the MOST cost-effective? a. Spot Instances b. On-Demand Instances c. Reserved Instances d. Dedicated Instances

a. Spot Instances

A company needs to maximize its ability to adapt to changing business needs without overcommitting its budget. Which strategy should the company implement to meet these requirements? a. Pay less by using more. b. Optimize operations. c. Use Savings Plans. d. Use pay-as-you-go pricing.

d. Use pay-as-you-go pricing.