Test prep Flashcards

Question 1

Q

AWS Systems Manager

Answer

A

Allows you to centralize operational data from multiple AWS services and automate tasks across your AWS resources
Create logical groups of resources such as applications, different layers of an application stack, or production versus development environments
can select a resource group and view its recent API activity, resource configuration changes, related notifications, operational alerts, software inventory, and patch compliance status
can also take action on each resource group depending on your operational needs

Question 2

Q

AWS Partner Solutions (formerly Quick Starts)

Answer

A

Automated reference deployments built by AWS solutions architects and AWS Partners
help you deploy popular technologies to AWS according to AWS best practices. You can reduce hundreds of manual procedures to a few steps and start using your environment within minutes

Question 3

Q

AWS Batch

Answer

A

Enables users to easily and efficiently run hundreds of thousands of batch computing jobs on AWS
use AWS Batch to plan, schedule, and execute your batch computing workloads across the full range of AWS compute services
Dynamically provisions the optimal quantity and type of compute resources (for example - memory optimized instance or CPU) based on the volume and specific resource requirements of the batch jobs submitted

Question 4

Q

Amazon Simple Queue Service (Amazon SQS)

Answer

A

Fully managed message queuing service
enables you to decouple and scale microservices, distributed systems, and serverless applications
eliminates the complexity and overhead associated with managing and operating message-oriented middleware
empowers developers to focus on differentiating work.
can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

Question 5

Q

AWS Elastic Beanstalk

Answer

A

easy-to-use service for deploying and scaling web applications and services
upload your code; Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, and auto scaling to application health monitoring
Platform as a Service (PaaS) as you only manage the applications and the data.

Question 6

Q

Amazon LightSail

Answer

A

designed to be the easiest way to launch and manage a virtual private server (VPS) with AWS
plans include everything you need to jumpstart your project – a virtual machine, SSD- based storage, data transfer, Domain Name System (DNS) management, and a static IP address – for a low, predictable price
great for people with little cloud experience to launch quickly a popular IT solution ready to use immediately

Question 7

Q

AWS CloudFormation

Answer

A

gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion
use sample templates or create your own templates to describe your AWS resources, and any associated dependencies or runtime parameters, required to run your application
provides a single source of truth for all your resources and helps you to standardize infrastructure components used across your organization, enabling configuration compliance and faster troubleshooting.
CloudFormation templates allow you to estimate the cost of your resources.

Question 8

Q

AWS Cost & Usage Report (AWS CUR)

Answer

A

contains the most comprehensive set of cost and usage data available
use Cost and Usage Reports to publish your AWS billing reports to an S3 bucket that you own
receive reports that break down your costs by the hour or month, by product or product resource, or by tags that you define yourself.

Question 9

Q

AWS Budgets

Answer

A

gives the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount
use Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define
can be created at the monthly, quarterly, or yearly level, and you can customize the start and end dates
can further refine your budget to track costs associated with multiple dimensions, such as AWS service, linked account, tag, and others
Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations.

Question 10

Q

AWS Cost Explorer

Answer

A

has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time
includes a default report that helps you visualize the costs and usage associated with your top five cost-accruing AWS services and gives you a detailed breakdown of all services in the table view
reports let you adjust the time range to view historical data going back up to twelve months to gain an understanding of your cost trends
also supports forecasting to get a better idea of what your costs and usage may look like in the future so that you can plan.

Question 11

Q

AWS Pricing Calculator

Answer

A

lets you explore services and create an estimate for the cost of your use cases
model your solutions before building them, explore the price points and calculations behind your estimate, and find the available instance types and contract terms that meet your needs
can plan your costs and usage or price out by setting up a new set of instances and services.

Question 12

Q

Amazon Machine Image (AMI)

Answer

A

provides the information required to launch an instance
-must specify an Amazon Machine Image (AMI) when you launch an instance
-can launch multiple instances from a single Amazon Machine Image (AMI) when you need multiple instances with the same configuration

Question 13

Q

Amazon ElastiCache

Answer

A

web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud
improves the performance of web applications by allowing you to retrieve information from in-memory caches

Question 14

Q

AWS Glue

Answer

A

fully managed ETL service that makes it easy for customers to prepare and load their data for analytics
meant to be used for batch ETL data processing.

Question 15

Q

Amazon EMR

Answer

A

provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances.

Question 16

Q

Convertible reserved instance (RI)

Answer

A

provides you with a significant discount (up to 54%) compared to an on-demand instance and can be purchased for a 1-year or 3-year term
useful when workloads are likely to change

Question 17

Q

Reserved instance (RI)

Answer

A

provides you with a significant discount (up to 72%) compared to on-demand instance pricing
can be purchased for a 1-year or 3-year term
do not offer as much flexibility as convertible reserved instance (RI), such as not being able to change the instance family type

Question 18

Q

AWS Health Dashboard - Service Health

Answer

A

single place to learn about the availability and operations of AWS services
view the overall status of AWS services
view personalized communications about your particular AWS account or organization.
publishes most up-to-the-minute information on the status and availability of all AWS services in tabular form for all Regions that AWS is present in
does not provide best practice recommendations.

Question 19

Q

Amazon Simple Notification Service (Amazon SNS)

Answer

A

highly available, durable, secure, fully managed pub/sub messaging service
enables you to decouple microservices, distributed systems, and serverless applications.

Question 20

Q

AWS CloudHSM

Answer

A

allows you to securely generate, store, and manage cryptographic keys used for data encryption in a way that keys are accessible only to you
helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud

Question 21

Q

Amazon Inspector

Answer

A

automated security assessment service that helps improve the security and compliance of applications deployed on AWS
automatically assesses applications for exposure, vulnerabilities, and deviations from best practices

Question 22

Q

AWS GuardDuty

Answer

A

threat detection service that continuously monitors for malicious or unauthorized behavior
helps you protect your AWS accounts and workloads
monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise
also detects potentially compromised instances or reconnaissance by attackers

Question 23

Q

AWS Secrets Manager

Answer

A

easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle
helps you protect secrets needed to access your applications, services, and IT resources
integrated with AWS CloudHSM to generate, use, and manage encryption keys

Question 24

Q

AWS Identity and Access Management (IAM) access advisor

Answer

A

shows the service permissions granted to a user and when those services were last accessed
identify unnecessary permissions so that you can revise your IAM policies accordingly

Question 25

Q

IAM credentials report

Answer

A

generates a credentials report that lists all users in your account and the status of their various credentials, including passwords, access keys, and MFA devices
use the report to assist in your auditing and compliance efforts; audit the effects of credential lifecycle requirements, such as password and access key rotation
can provide the report to an external auditor, or grant permissions to an auditor so that he or she can download the report directly.

Question 26

Q

Amazon Inspector

Answer

A

automated security assessment service
helps improve the security and compliance of applications deployed on EC2 instances
automatically assesses applications for exposure, vulnerabilities, and deviations from best practices

Question 27

Q

Amazon CloudWatch

Answer

A

monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers
provides data and actionable insights to monitor applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health
does not provide best practice recommendations

Question 28

Q

AWS DataSync

Answer

A

secure online data transfer service that simplifies, automates, and accelerates copying terabytes of data to and from AWS storage services
Easily migrate or replicate large data sets without having to build custom solutions or oversee repetitive tasks - copy data between Network File System (NFS) shares, or Server Message Block (SMB) shares, self-managed object storage, AWS Snowcone, Amazon Simple Storage Service (Amazon S3) buckets, Amazon Elastic File System (Amazon EFS) file systems, and Amazon FSx for Windows File Server file systems

Question 29

Q

AWS IAM Identity Center

Answer

A

successor to AWS Single Sign-On (AWS SSO)
built on top of AWS Identity and Access Management (IAM)
simplifies access management to multiple AWS accounts, AWS applications, and other SAML-enabled cloud applications
create users directly in IAM Identity Center or bring them from your existing workforce directory.
quickly and easily assign and manage your employees’ access to multiple AWS accounts, SAML-enabled cloud applications (such as Salesforce, Microsoft 365, and Box), and custom-built in-house applications, all from a central place.

Question 30

Q

AWS Cognito

Answer

A

lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily
option to authenticate users through social identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions, or by using your own identity system
identity management solution for customers/developers building B2C or B2B apps for their customers.

Question 31

Q

AWS Identity and Access Management (AWS IAM)

Answer

A

create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

Question 32

Q

AWS Command Line Interface (CLI)

Answer

A

unified tool to manage your AWS services
can control multiple AWS services from the command line and automate them through scripts

Question 33

Q

Amazon Athena

Answer

A

interactive query service that makes it easy to analyze data in Amazon Simple Storage Service (Amazon S3) using standard SQL
Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run
used for analytics and not to prepare data for analytics.

Question 34

Q

Amazon Redshift

Answer

A

fast and scalable data warehouse that makes it simple and cost-effective to analyze all your data across your data warehouse and data lake

Customers use Amazon RDS databases primarily for online-transaction processing (OLTP) workload while Amazon Redshift is used primarily for reporting and analytics.

Question 35

Q

Amazon EMR(?)

Answer

A

provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances

Question 36

Q

AWS Direct Connect

Answer

A

makes it easy to establish a dedicated network connection from your premises to AWS
can establish private connectivity between AWS and your data center, office, or colocation environment
can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections
takes at least one month for completion.

Question 37

Q

VPC Endpoint

Answer

A

enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
two types of VPC endpoints: interface endpoints and gateway endpoints.

An interface endpoint is an elastic network interface with a private IP address from the IP address range of your subnet that serves as an entry point for traffic destined to a supported service. Interface endpoints are powered by AWS PrivateLink, a technology that enables you to privately access services by using private IP addresses.

A gateway endpoint is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service. The following AWS services are supported:

Amazon Simple Storage Service (Amazon S3)

Amazon DynamoDB

Exam Alert:

You may see a question around this concept in the exam. Just remember that only Amazon S3 and Amazon DynamoDB support VPC gateway endpoint. All other services that support VPC Endpoints use a VPC interface endpoint (note that Amazon S3 supports the VPC interface endpoint as well).

Question 38

Q

VPC peering connection

Answer

A

networking connection between two virtual private clouds (VPCs) that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses
used to connect virtual private clouds (VPCs) together

Question 39

Q

AWS Security Token Service (AWS STS)

Answer

A

web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (AWS IAM) users or for users that you authenticate (federated users).

You can use the AWS Security Token Service (AWS STS) to create and provide trusted users with temporary security credentials that can control access to your AWS resources. Temporary security credentials work almost identically to the long-term access key credentials that your IAM users can use, with the following differences:

(1) Temporary security credentials are short-term, as the name implies. They can be configured to last for anywhere from a few minutes to several hours. After the credentials expire, AWS no longer recognizes them or allows any kind of access from API requests made with them.

(2) Temporary security credentials are not stored with the user but are generated dynamically and provided to the user when requested. When (or even before) the temporary security credentials expire, the user can request new credentials, as long as the user requesting them still has permission to do so.

Temporary security credentials are generated by AWS Security Token Service (AWS STS). By default, AWS STS is a global service with a single endpoint at https://sts.amazonaws.com. However, you can also choose to make AWS STS API calls to endpoints in any other supported Region.

Question 40

Q

AWS Web Application Firewall (AWS WAF)

Answer

A

web application firewall that helps protect web applications from attacks
configure rules that allow, block, or monitor (count) web requests based admin-defined conditions
conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection, and cross-site scripting (XSS)
charges based on the number of web access control lists (web ACLs) that you create, the number of rules that you add per web ACL, and the number of web requests that you receive (it is not a free service

Question 41

Q

AWS Snowmobile

Answer

A

AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can transfer up to 100PB per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. AWS Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration. Transferring data with Snowmobile is more secure, fast, and cost-effective.

Question 42

Q

AWS Snowball Edge

Answer

A

AWS Snowball Edge is an edge computing and data transfer device provided by the AWS Snowball service. It has onboard storage and compute power that provides select AWS services for use in edge locations. However, one AWS Snowball Edge only provides up to 100 TB of capacity.

Question 43

Q

AWS Snowball

Answer

A

AWS Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS. The use of Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. Transferring data with AWS Snowball is simple, fast, secure, and can be as little as one-fifth the cost of high-speed Internet. However, one Snowball only provides up to 80 TB of capacity.

Question 44

Q

AWS Storage Gateway

Answer

A

hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage
user can use the service for backup and archiving, disaster recovery, cloud data processing, storage tiering, and migration
data transfer through AWS Storage Gateway takes longer even with great bandwidth
All data transferred between the gateway and AWS storage is encrypted using SSL (for all three types of gateways - File, Volume and Tape Gateways)
cannot use AWS Storage Gateway to connect your on-premises data center with multiple VPCs within your AWS network

Question 45

Q

AWS Config

Answer

A

service that enables you to assess, audit, and evaluate the configurations of your AWS resources
continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations
you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines
enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.

Question 46

Q

AWS CloudFormation

Answer

A

AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.

You can use the AWS CloudFormation sample templates or create your own templates to describe your AWS resources, and any associated dependencies or runtime parameters, required to run your application. This provides a single source of truth for all your resources and helps you to standardize infrastructure components used across your organization, enabling configuration compliance and faster troubleshooting.

AWS CloudFormation templates allow you to estimate the cost of your resources.

Question 47

Q

AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD)

Answer

A

enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud.

Question 48

Q

AWS CodeDeploy

Answer

A

service that automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises
makes it easier for you to rapidly release new features, helps you avoid downtime during deployment, and handles the complexity of updating your applications
use CodeDeploy to automate deployments, eliminating the need for error-prone manual operations, and the service scales with your infrastructure so you can easily deploy to one instance or thousands

Question 49

Q

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer

A

for data that is accessed less frequently but requires rapid access when needed
stores data in a single Availability Zone (AZ) and costs 20% less than S3 Standard-IA
ideal for customers who want a lower-cost option for infrequently accessed data but don’t require the availability and resilience of S3 Standard or S3 Standard-IA
good choice for storing secondary backup copies of on-premises data or easily re-creatable data. You can also use it as cost-effective storage for data that is replicated from another AWS Region using S3 cross-region replication (S3 CRR).

Question 50

Q

Amazon S3 Glacier Deep Archive

Answer

A

storage class designed to provide durable and secure long-term storage for large amounts of data at a price that is competitive with off-premises tape archival service
Data is stored across 3 or more AWS Availability Zones(AZs) and can be retrieved in 12 hours or less.
designed for customers that retain data sets for 7-10 years or longer to meet regulatory compliance requirements
can also be used for backup and disaster recovery use cases
has a retrieval time (first byte latency) of 12 to 48 hours

Question 51

Q

Amazon S3 Standard

Answer

A

Amazon S3 Standard offers high durability, availability, and performance object storage for frequently accessed data. Because it delivers low latency and high throughput, Amazon S3 Standard is appropriate for a wide variety of use cases, including cloud applications, dynamic websites, content distribution, mobile and gaming applications, and big data analytics.

Question 52

Q

Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

Answer

A

Amazon S3 Standard-Infrequent Access (S3 Standard-IA) is for data that is accessed less frequently but requires rapid access when needed. S3 Standard-IA offers the high durability, high throughput, and low latency of S3 Standard, with a low per GB storage price and per GB retrieval fee. This combination of low cost and high performance makes S3 Standard-IA ideal for long-term storage, backups, and as a data store for disaster recovery files. It can be used for backups, but it is more expensive than S3 One Zone - Infrequent Access. Hence, S3 One Zone - Infrequent Access is a better option for secondary backup copies.

Question 53

Q

Amazon Route 53

Answer

A

highly available and scalable cloud Domain Name System (DNS) web service
designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other
offers domain name registration services, where you can search for and register available domain names or transfer in existing domain names to be managed by Route 53.
can monitor the health and performance of your application as well as your web servers and other resources.

Question 54

Q

Network Access Control List (network ACL)

Answer

A

A Network Access Control List (network ACL) is an optional layer of security for your virtual private cloud (VPC) that acts as a firewall for controlling traffic in and out of one or more subnets (i.e. it works at the subnet level). A network ACL has separate inbound and outbound rules, and each rule can either allow or deny traffic.

Question 55

Q

Security Group

Answer

A

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. Security groups act at the instance level, not at the subnet level. You can specify allow rules, but not deny rules. You can specify separate rules for inbound and outbound traffic.

Question 56

Q

VPC Flow Logs

Answer

A

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs or Amazon Simple Storage Service (Amazon S3). After you’ve created a flow log, you can retrieve and view its data in the chosen destination.

Question 57

Q

AWS Organizations

Answer

A

offers policy-based management for multiple AWS accounts
can create groups of accounts, automate account creation, and apply and manage policies for those groups
enable you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes

Question 58

Q

Amazon SageMaker

Answer

A

fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale
removes all the barriers that typically slow down developers who want to use machine learning

Question 59

Q

Amazon Polly

Answer

A

can be used to turn text into lifelike speech thereby allowing you to create applications that talk
Polly’s Text-to-Speech (TTS) service uses advanced deep learning technologies to synthesize natural sounding human speech

Question 60

Q

Amazon Comprehend

Answer

A

Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find meaning and insights in text. Natural Language Processing (NLP) is a way for computers to analyze, understand, and derive meaning from textual information in a smart and useful way. By utilizing natural language processing (NLP), you can extract important phrases, sentiment, syntax, key entities such as brand, date, location, person, etc., and the language of the text.

Question 61

Q

Amazon Connect

Answer

A

Amazon Connect is an omnichannel cloud contact center. You can set up a contact center in a few steps, add agents who are located anywhere, and start engaging with your customers. You can create personalized experiences for your customers using omnichannel communications. Amazon Connect is an open platform that you can integrate with other enterprise applications.

Question 62

Q

Amazon Macie

Answer

A

Amazon Macie is a fully managed data security and data privacy service that uses Machine Learning and pattern matching to discover and protect your sensitive data in AWS.

Amazon Macie uses Machine Learning and pattern matching to cost-efficiently discover sensitive data at scale. Amazon Macie automatically detects a large and growing list of sensitive data types, including personally identifiable information (PII) such as names, addresses, and credit card numbers. It also gives you constant visibility of the data security and data privacy of your data stored in Amazon S3.

Question 63

Q

AWS Artifact

Answer

A

go-to, central resource for compliance-related information that matters to you
provides on-demand access to AWS’ security and compliance reports and selects online agreements

Question 64

Q

AWS Key Management Service (AWS KMS)

Answer

A

makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications
secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys

Answer 65

A

A customer gateway device is a physical or software appliance on your side of a Site-to-Site VPN connection. You or your network administrator must configure the device to work with the Site-to-Site VPN connection.

You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection.

Answer 66

A

A virtual private gateway (VGW) is the VPN concentrator on the Amazon side of the AWS Site-to-Site VPN connection. A customer gateway is a resource in AWS that provides information to AWS about your Customer gateway device.

Answer 67

A

Server access logging provides detailed records for the requests that are made to an Amazon S3 bucket. Server access logs are useful for many applications. For example, access log information can be useful in security and access audits.

It can also help you learn about your customer base and understand your Amazon S3 bill.

Answer 68

A

S3 cross-region replication (S3 CRR) enables automatic, asynchronous copying of objects across Amazon S3 buckets. Cross-Region replication (CRR) is used to copy objects across Amazon S3 buckets in different AWS Regions.

Answer 69

A

Amazon S3 Bucket policy is a resource-based AWS Identity and Access Management (IAM) policy. You add a bucket policy to a bucket to grant other AWS accounts or IAM users access permissions for the bucket and the objects in it. Object permissions apply only to the objects that the bucket owner creates.

Answer 70

A

To manage your objects so that they are stored cost-effectively throughout their lifecycle, configure their Amazon S3 Lifecycle. An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. There are two types of actions: Transition actions (define when objects transition to another storage class) and expiration actions (define when objects expire. Amazon S3 deletes expired objects on your behalf).

Answer 71

A

Amazon S3 Transfer Acceleration (S3TA) enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket. S3 Transfer Acceleration leverages Amazon CloudFront’s globally distributed AWS Edge Locations. As data arrives at an AWS Edge Location, data is routed to your Amazon S3 bucket over an optimized network path. S3 Transfer Acceleration is designed to optimize transfer speeds from across the world into S3 buckets. If you are uploading to a centralized bucket from geographically dispersed locations, or if you regularly transfer GBs or TBs of data across continents, you may save hours or days of data transfer time with S3 Transfer Acceleration.

Answer 72

A

An S3 bucket policy is a resource-based AWS Identity and Access Management (IAM) policy. You add a bucket policy to a bucket to grant other AWS accounts or IAM users access permissions for the bucket and the objects in it. Object permissions apply only to the objects that the bucket owner creates.

Answer 73

A

Amazon Lex is a service for building conversational interfaces using voice and text. Powered by the same conversational engine as Amazon Alexa, Amazon Lex provides high-quality speech recognition and language understanding capabilities, enabling the addition of sophisticated, natural language ‘chatbots’ to new and existing applications.

Answer 74

A

With Amazon Rekognition, you can identify objects, people, text, scenes, and activities in images and videos and also detect any inappropriate content. Amazon Rekognition also provides highly accurate facial analysis and facial search capabilities that you can use to detect, analyze, and compare faces for a wide variety of user verification, people counting, and public safety use cases. Amazon Rekognition is a regional service.

Answer 75

A

Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. Amazon SageMaker removes all the barriers that typically slow down developers who want to use machine learning.

Answer 76

A

Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find meaning and insights in text. Natural Language Processing (NLP) is a way for computers to analyze, understand, and derive meaning from textual information in a smart and useful way. By utilizing Natural Language Processing (NLP), you can extract important phrases, sentiment, syntax, key entities such as brand, date, location, person, etc., and the language of the text.

Answer 77

A

enables developers to build applications with the same machine learning (ML) technology used by Amazon.com for real-time personalized recommendations. Amazon Personalize can be used to personalize the end-user experience over any digital channel. Examples include product recommendations for e-commerce, news articles and content recommendation for publishing, media, and social networks, hotel recommendations for travel websites, credit card recommendations for banks, and match recommendations for dating sites. These recommendations and personalized experiences can be delivered over websites, mobile apps, or email/messaging. Amazon Personalize can also be used to customize the user experience when user interaction is over a physical channel, e.g., a meal delivery company could personalize weekly meals to users in a subscription plan.

Amazon Personalize supports the following key use cases:

Personalized recommendations
Similar items
Personalized reranking i.e. rerank a list of items for a user
Personalized promotions/notifications

Answer 78

A

Amazon CodeGuru is a developer tool that provides intelligent recommendations to improve code quality and identify an application’s most expensive lines of code. Integrate Amazon CodeGuru into your existing software development workflow to automate code reviews during application development, continuously monitor application performance in production, provide recommendations and visual clues for improving code quality and application performance, and reduce overall cost.

Amazon CodeGuru Reviewer uses machine learning and automated reasoning to identify critical issues, security vulnerabilities, and hard-to-find bugs during application development and provides recommendations to improve code quality.

Amazon CodeGuru Profiler pinpoints an application’s most expensive lines of code by helping developers understand the runtime behavior of their applications, identify and remove code inefficiencies, improve performance, and significantly decrease compute costs.

Answer 79

A

helps developers analyze and debug production, and distributed applications, such as those built using a microservices architecture

you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors
provides an end-to-end view of requests as they travel through your application, and shows a map of your application’s underlying components

Answer 80

A

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With AWS CodeBuild, you don’t need to provision, manage, and scale your own build servers. AWS CodeBuild scales continuously and processes multiple builds concurrently, so your builds are not left waiting in a queue.

Answer 81

A

AWS Fault Injection Simulator (AWS FIS) is a fully managed service for running fault injection experiments on AWS that makes it easier to improve an application’s performance, observability, and resiliency. Fault injection experiments are used in chaos engineering, which is the practice of stressing an application in testing or production environments by creating disruptive events, such as a sudden increase in CPU or memory consumption, observing how the system responds, and implementing improvements. Fault injection experiment helps teams create the real-world conditions needed to uncover the hidden bugs, and monitor blind spots, and performance bottlenecks that are difficult to find in distributed systems.

AWS Fault Injection Simulator (AWS FIS) simplifies the process of setting up and running controlled fault injection experiments across a range of AWS services so teams can build confidence in their application behavior. With AWS Fault Injection Simulator (AWS FIS), teams can quickly set up experiments using pre-built templates that generate the desired disruptions. AWS Fault Injection Simulator (AWS FIS) provides the controls and guardrails that teams need to run experiments in production, such as automatically rolling back or stopping the experiment if specific conditions are met. With a few clicks in the console, teams can run complex scenarios with common distributed system failures happening in parallel or building sequentially over time, enabling them to create the real-world conditions necessary to find hidden weaknesses.

Answer 82

A

Cloud Computing can be broadly divided into three types - Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS).

Platform as a Service (PaaS) removes the need to manage underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications. You don’t need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application.

Answer 83

A

Infrastructure as a Service (IaaS) contains the basic building blocks for cloud IT. It typically provides access to networking features, computers (virtual or on dedicated hardware), and data storage space. Infrastructure as a Service (IaaS) gives the highest level of flexibility and management control over IT resources.

Answer 84

A

Software as a Service (SaaS) provides you with a complete product that is run and managed by the service provider. With a Software as a Service (SaaS) offering, you don’t have to think about how the service is maintained or how the underlying infrastructure is managed. You only need to think about how you will use that particular software. Amazon Rekognition is an example of a SaaS service.

Answer 85

A

The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define your cloud application resources using familiar programming languages.

AWS Cloud Development Kit (AWS CDK) uses the familiarity and expressive power of programming languages for modeling your applications. It provides you with high-level components called constructs that preconfigure cloud resources with proven defaults, so you can build cloud applications without needing to be an expert. AWS CDK provisions your resources in a safe, repeatable manner through AWS CloudFormation. It also enables you to compose and share your own custom constructs that incorporate your organization’s requirements, helping you start new projects faster.

In short, you use the AWS CDK framework to author AWS CDK projects which are executed to generate AWS CloudFormation templates.

Answer 86

A

Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. It does not inspect Amazon CloudFront distributions.

Answer 87

A

Amazon Elastic Block Store (Amazon EBS) is an easy to use, high-performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction-intensive workloads at any scale. A broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS.

Answer 88

A

configuration management service that provides managed instances of Chef and Puppet
lets you use Chef and Puppet to automate how servers are configured, deployed and managed across your Amazon EC2 instances or on-premises compute environments

Answer 89

A

serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS)
makes it easy for you to focus on building your applications
removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design

Answer 90

A

An interface endpoint is an elastic network interface (ENI) with a private IP address from the IP address range of your subnet that serves as an entry point for traffic destined to a supported service. Interface endpoints are powered by AWS PrivateLink, a technology that enables you to privately access services by using private IP addresses. AWS PrivateLink restricts all network traffic between your VPC and services to the Amazon network. You do not need an internet gateway, a Network Address Translation (NAT) device, or a virtual private gateway.

Exam Alert:

You may see a question around this concept in the exam. Just remember that only Amazon S3 and Amazon DynamoDB support VPC gateway endpoint. All other services that support VPC Endpoints use a VPC interface endpoint (note that Amazon S3 supports the VPC interface endpoint as well).

Answer 91

A

gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service
supported AWS services: Amazon S3, DynamoDB

Answer 92

A

Amazon Virtual Private Cloud (Amazon VPC) is a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your IP address range, creation of subnets, and configuration of route tables and network gateways. You can easily customize the network configuration of your Amazon VPC using public and private subnets.

Answer 93

A

AWS Virtual Private Network (AWS VPN) lets you establish a secure and private encrypted tunnel from your on-premises network to the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN.

Answer 94

A

Full set of AWS Trusted Advisor best practice checks, enhanced Technical Support with unlimited cases, and unlimited contacts and third-party Software Support are available only for Business and Enterprise Support plans.

AWS Health Dashboard – Your account health is available for all Support plans.

AWS Health Dashboard – Your account health provides alerts and remediation guidance when AWS is experiencing events that may impact you.

With AWS Health Dashboard – Your account health, alerts are triggered by changes in the health of your AWS resources, giving you event visibility, and guidance to help quickly diagnose and resolve issues.

Answer 95

A

can run code for virtually any type of application or backend service - all with zero administration
upload your code and Lambda takes care of everything required to run and scale your code with high availability
set up your code to automatically trigger from other AWS services or call it directly from any web or mobile app
pay only for the compute time you consume

Answer 96

A

AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). Fargate makes it easy for you to focus on building your applications. Fargate removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design.

AWS Fargate is a purpose-built serverless compute engine for containers. Fargate scales and manages the infrastructure required to run your containers.

Answer 97

A

Amazon EC2 Instance Connect provides a simple and secure way to connect to your instances using Secure Shell (SSH). With Amazon EC2 Instance Connect, you use AWS Identity and Access Management (AWS IAM) policies and principals to control SSH access to your instances, removing the need to share and manage SSH keys. All connection requests using Amazon EC2 Instance Connect are logged to AWS CloudTrail so that you can audit connection requests.

You can use Amazon EC2 Instance Connect to connect to your Linux instances using a browser-based client, the Amazon EC2 Instance Connect CLI, or the SSH client of your choice. Amazon EC2 Instance Connect can be used to connect to an EC2 instance from a Mac OS, Windows or Linux based computer.

Answer 98

A

Use for a single resource that performs a given function for your domain, for example, a web server that serves content for the example.com website. You can use simple routing to create records in a private hosted zone.

Answer 99

A

Use when you want to configure active-passive failover. You can use failover routing to create records in a private hosted zone.

Answer 100

A

Use when you have resources in multiple AWS Regions and you want to route traffic to the Region that provides the best latency. You can use latency routing to create records in a private hosted zone.

Answer 101

A

Use to route traffic to multiple resources in proportions that you specify. You can use weighted routing to create records in a private hosted zone.

Answer 102

A

Universal 2nd Factor (U2F) Security Key is a device that you can plug into a USB port on your computer. U2F is an open authentication standard hosted by the FIDO Alliance. When you enable a U2F security key, you sign in by entering your credentials and then tapping the device instead of manually entering a code.

Answer 103

A

software app that runs on a phone or other device and emulates a physical device
device generates a six-digit numeric code based upon a time-synchronized one-time password algorithm
user must type a valid code from the device on a second webpage during sign-in
virtual MFA device assigned to a user must be unique.

Answer 104

A

hardware device that generates a six-digit numeric code based upon a time-synchronized one-time password algorithm
user must type a valid code from the device on a second webpage during sign-in
each MFA device assigned to a user must be unique
user cannot type a code from another user’s device to be authenticated.

Answer 105

A

MFA in which the IAM user settings include the phone number of the user’s SMS-compatible mobile device
when the user signs in, AWS sends a six-digit numeric code by SMS text message to the user’s mobile device
user is required to type that code on a second webpage during sign-in.

Answer 106

A

secure, durable, and extremely low-cost Amazon S3 storage class for data archiving and long-term backup
designed to deliver 99.999999999% durability, and provide comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements
mandates a minimum storage duration charge for 90 days.

Answer 107

A

NoSQL database that supports key-value and document data models and enables developers to build modern, serverless applications that can start small and scale globally to support petabytes of data and tens of millions of read and write requests per second
supports both key-value and document data models; enables it to have a flexible schema, so each row can have any number of columns at any point in time
allows you to easily adapt the tables as your business requirements change, without having to redefine the table schema as you would in relational databases. Amazon DynamoDB cannot be used for online analytical processing.

Answer 108

A

service that improves the availability and performance of your applications with local or global users
provides static IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions, such as your Application Load Balancers, Network Load Balancers or Amazon EC2 instances
Similar to CloudFront it uses AWS Global network and edge locations for enhanced performance
overall performance enhancer than an upload speed accelerator

Answer 109

A

object storage service that offers industry-leading scalability, data availability, security, and performance
flat, non-hierarchical structure and various management features are helping customers of all sizes and industries organize their data in ways that are valuable to their businesses and teams
To host a static website on Amazon S3, you configure an Amazon S3 bucket for website hosting and then upload your website content to the bucket.
When you configure a bucket as a static website, you must enable website hosting, set permissions, and create and add an index document.

Answer 110

A

provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources
to access EFS file systems from on-premises, you must have an AWS Direct Connect or AWS VPN connection between your on-premises datacenter and your Amazon VPC
You mount an EFS file system on your on-premises Linux server using the standard Linux mount command for mounting a file system
EFS storage option cannot directly be used to host a website, EFS needs to be mounted on Amazon EC2 to work as a static website.

Answer 111

A

AWS Artifact is your go-to, central resource for compliance-related information that matters to your organization. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. It is not a service, it’s a no-cost, self-service portal for on-demand access to AWS’ compliance reports.

Answer 112

A

Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing (ELB) offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault-tolerant.

Answer 113

A

monitors your applications and automatically adjusts the capacity to maintain steady, predictable performance at the lowest possible cost
it’s easy to setup application scaling for multiple resources across multiple services in minutes
service provides a simple, powerful user interface that lets you build scaling plans for resources including Amazon EC2 instances and Spot Fleets, Amazon ECS tasks, Amazon DynamoDB tables and indexes, and Amazon Aurora Replicas. Auto Scaling cannot be used for load-balancing HTTP and HTTPS traffic

Answer 114

A

Network Load Balancer is best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic where extreme performance is required.

Answer 115

A

service that enables governance, compliance, operational auditing, and risk auditing of your AWS account
log, continuously monitor, and retain account activity related to actions across your AWS infrastructure
provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.
Billing alarms cannot be triggered via AWS CloudTrail.

Answer 116

A

AWS Device Farm is an application testing service that lets you improve the quality of your web and mobile apps by testing them across an extensive range of desktop browsers and real mobile devices; without having to provision and manage any testing infrastructure. The service enables you to run your tests concurrently on multiple desktop browsers or real devices to speed up the execution of your test suite, and generates videos and logs to help you quickly identify issues with your app.

Device Farm is designed for developers, QA teams, and customer support representatives who are building, testing, and supporting mobile apps to increase the quality of their apps. Application quality is increasingly important, and also getting complex due to the number of device models, variations in firmware and OS versions, carrier and manufacturer customizations, and dependencies on remote services and other apps. AWS Device Farm accelerates the development process by executing tests on multiple devices, giving developers, QA and support professionals the ability to perform automated tests and manual tasks like reproducing customer issues, exploratory testing of new functionality, and executing manual test plans. AWS Device Farm also offers significant savings by eliminating the need for internal device labs, lab managers, and automation infrastructure development.

Answer 117

A

fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates
automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define
enables you to rapidly and reliably deliver features and updates.

Answer 118

A

storage class is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead
works by storing objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access
does not charge any data retrieval fee

Answer 119

A

The Operational Excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. In the cloud, you can apply the same engineering discipline that you use for application code to your entire environment. You can define your entire workload (applications, infrastructure) as code and update it with code. You can implement your operations procedures as code and automate their execution by triggering them in response to events.

Answer 120

A

Operational Excellence
Security
Reliability
Performance Efficiency
Cost Optimization
Sustainability

Answer 121

A

Cost Optimization focuses on avoiding un-needed costs. Key topics include understanding and controlling where the money is being spent, selecting the most appropriate and right number of resource types, analyzing spend over time, and scaling to meet business needs without overspending.

Answer 122

A

The performance efficiency pillar focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.

Answer 123

A

The security pillar focuses on protecting information & systems. Key topics include confidentiality and integrity of data, identifying and managing who can do what with privilege management, protecting systems, and establishing controls to detect security events.

Answer 124

A

Effect, Action

Answer 125

A

AWS Transit Gateway connects VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once. As you expand globally, inter-Region peering connects AWS Transit Gateways using the AWS global network. Your data is automatically encrypted and never travels over the public internet. This service is helpful in reducing the complex topology of VPC peering when a lot of systems are involved.

Answer 126

A

fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale
APIs act as the “front door” for applications to access data, business logic, or functionality from your backend services.

Answer 127

A

Agility refers to the ability of the cloud to give you easy access to a broad range of technologies so that you can innovate faster and build nearly anything that you can imagine. You can quickly spin up resources as you need them – from infrastructure services, such as compute, storage, and databases, to Internet of Things, machine learning, data lakes and analytics, and much more.

Answer 128

A

Elasticity

The ability to acquire resources as you need and release when they are no longer needed is termed as Elasticity of the Cloud. With cloud computing, you don’t have to over-provision resources upfront to handle peak levels of business activity in the future. Instead, you provision the number of resources that you need. You can scale these resources up or down instantly to grow and shrink capacity as your business needs change.

Answer 129

A

Cost budget - Helps you plan how much you want to spend on a service.

Usage budget - Helps you plan how much you want to use one or more services.

Reservation budget - This helps you track the usage of your Reserved Instances (RI). Two ways of doing it - Reserved Instance (RI) utilization budgets (This lets you see if your Reserved Instances (RI) are unused or under-utilized), Reserved Instance (RI) coverage budgets (This lets you see how much of your instance usage is covered by a reservation).

Answer 130

A

AWS Knowledge Center contains the most frequent & common questions and requests and AWS provided solutions for the same. This should be the starting point of checking for a solution or troubleshooting an issue with AWS services.

Answer 131

A

The AWS Marketplace enables qualified partners to market and sell their software to AWS Customers. AWS Marketplace is an online software store that helps customers find, buy, and immediately start using the software and services that run on AWS.

AWS Marketplace is designed for Independent Software Vendors (ISVs), Value-Added Resellers (VARs), and Systems Integrators (SIs) who have software products they want to offer to customers in the cloud. Partners use AWS Marketplace to be up and running in days and offer their software products to customers around the world.

Answer 132

A

AWS Support Center is the hub for managing your Support cases. The Support Center is accessible through the AWS Management Console, providing federated access support. All Developer-level and higher Support customers can open a Technical Support case online through the Support Center. Business and Enterprise-level customers can ask Support to call at a convenient phone number or strike up a conversation with one of our engineers via chat. Enterprise-level customers can have direct access to their dedicated Technical Account Manager.

Answer 133

A

easy to use, high-performance block storage service designed for use with Amazon Elastic Compute Cloud (Amazon EC2) for both throughput and transaction-intensive workloads at any scale
broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS.

Answer 134

A

provides temporary block-level storage for your EC2 instance
located on disks that are physically attached to the host computer
ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers
instance storage is temporary, data is lost if instance experiences failure or is terminated
cannot be used for file sharing between instances.

Answer 135

A

provides a simple, scalable, fully managed, elastic NFS file system
built to scale on-demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth
designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistent low latencies

Answer 136

A

highly scalable, high-performance container management service that supports Docker containers
allows you to easily run applications on a managed cluster of Amazon EC2 instances

Answer 137

A

fully-managed source control service that hosts secure Git-based repositories
makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem
eliminates the need to operate your own source control system or worry about scaling its infrastructure
cannot be used to automate code deployment.

Answer 138

A

AWS Migration Evaluator (Formerly TSO Logic) is a complimentary service to create data-driven business cases for AWS Cloud planning and migration.

AWS Migration Evaluator quickly provides a business case to make sound AWS planning and migration decisions. With AWS Migration Evaluator, your organization can build a data-driven business case for AWS, gets access to AWS expertise, visibility into the costs associated with multiple migration strategies, and insights on how reusing existing software licensing reduces costs further.

Answer 139

A

AWS Billing and Cost Management is the service that you use to pay your AWS bill, monitor your usage, and analyze and control your costs. It is the billing department for AWS services - with necessary tools and services under its hood. You cannot use this service to create data-driven business cases for transitioning your business from on-premises to AWS Cloud.

Answer 140

A

fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS
helps identify and alert you to sensitive data, such as personally identifiable information (PII)
service is an added security feature for data privacy

Answer 141

A

Software as a Service (SaaS) provides you with a complete product that is run and managed by the service provider. With a Software as a Service (SaaS) offering, you don’t have to think about how the service is maintained or how the underlying infrastructure is managed. You only need to think about how you will use that particular software. Gmail is an example of Software as a Service (SaaS).

Answer 142

A

Infrastructure as a Service (IaaS) contains the basic building blocks for cloud IT. It typically provides access to networking features, computers (virtual or on dedicated hardware), and data storage space. IaaS gives the highest level of flexibility and management control over IT resources. Amazon EC2 is an example of Infrastructure as a Service (IaaS).

Answer 143

A

Platform as a Service (PaaS) removes the need to manage underlying infrastructure (usually hardware and operating systems), and allows you to focus on the deployment and management of your applications. You don’t need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application. AWS Elastic Beanstalk is an example of Platform as a Service (PaaS).

Answer 144

A

Function as a service (FaaS) is a category of cloud computing services that provides a platform allowing customers to develop, run, and manage application functionalities without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app. AWS Lambda is an example of Function as a service (FaaS).

Answer 145

A

A Spot Instance is an unused EC2 instance that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts (up to 90%), you can lower your Amazon EC2 costs significantly. Spot Instances are well-suited for data analysis, batch jobs, background processing, and other flexible tasks that can be interrupted. These can be terminated at short notice, so these are not suitable for critical workloads that need to run at a specific point in time.

Answer 146

A

instance that you use on-demand
you have full control over its lifecycle — you decide when to launch, stop, hibernate, start, reboot, or terminate it
no long-term commitment required when you purchase On-Demand Instances
no upfront payment and you pay only for the seconds that your On-Demand Instances are running
price per second for running an On-Demand Instance is fixed
On-demand instances cannot be interrupted.

Answer 147

A

use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2 so that you get the flexibility and cost-effectiveness of using your licenses, but with the resiliency, simplicity, and elasticity of AWS
physical server fully dedicated for your use, so you can help address corporate compliance requirement

Answer 148

A

A Network Address Translation gateway (NAT gateway) or a NAT Instance can be used in a public subnet in your VPC to enable instances in the private subnet to initiate outbound IPv4 traffic to the Internet. Network Address Translation gateway (NAT gateway) is managed by AWS but NAT Instance is managed by you.

Answer 149

A

horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet
serves two purposes: to provide a target in your VPC route tables for internet-routable traffic and to perform network address translation (NAT) for instances
imposes no availability risks or bandwidth constraints on your network traffic.

Answer 150

A

AWS Database Migration Service (AWS DMS) helps you migrate databases from on-premises to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service (AWS DMS) can migrate your data to and from the most widely used commercial and open-source databases.

Answer 151

A

Versioning is a means of keeping multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures.

Versioning-enabled buckets enable you to recover objects from accidental deletion or overwrite. For example: if you delete an object, instead of removing it permanently, Amazon S3 inserts a delete marker, which becomes the current object version.

Answer 152

A

intelligent search service powered by machine learning
reimagines enterprise search for your websites and applications so your employees and customers can easily find the content they are looking for, even when it’s scattered across multiple locations and content repositories within your organization
stop searching through troves of unstructured data and discover the right answers to your questions, when you need them
fully managed service, so there are no servers to provision, and no machine learning models to build, train, or deploy
supports unstructured and semi-structured data in .html, MS Office (.doc, .ppt), PDF, and text formats

Answer 153

A

compute service that lets you run code without provisioning or managing servers
executes your code only when needed and scales automatically, from a few requests per day to thousands per second
one can run code for virtually any type of application or backend service - all with zero administration

Answer 154

A

fast, fully managed cloud data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools
allows you to run complex analytic queries against terabytes to petabytes of structured data, using sophisticated query optimization, columnar storage on high-performance storage, and massively parallel query execution

Answer 155

A

makes it easy to set up, operate, and scale a relational database in the cloud
provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and backups

Customers use Amazon RDS databases primarily for online-transaction processing (OLTP) workload while Amazon Redshift is used primarily for reporting and analytics.

Answer 156

A

Cloud Foundations provides a guided path to help customers deploy, configure, and secure their new workloads while ensuring they are ready for on-going operations in the cloud. Cloud Foundations helps customers navigate through the decisions they need to make through curated AWS Services, AWS Solutions, Partner Solutions, and Guidance.

Answer 157

A

AWS offers four different support plans to cater to each of its customers - AWS Developer Support, AWS Business Support, AWS Enterprise On-Ramp Support and AWS Enterprise Support plans. A basic support plan is included for all AWS customers.

AWS Enterprise Support provides customers with concierge-like service where the main focus is helping the customer achieve their outcomes and find success in the cloud. With AWS Enterprise Support, you get 24x7 technical support from high-quality engineers, tools and technology to automatically manage the health of your environment, consultative architectural guidance delivered in the context of your applications and use-cases, and a designated Technical Account Manager (TAM) to coordinate access to proactive/preventative programs and AWS subject matter experts.

Answer 158

A

AWS service for relational databases
can deliver up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing application
schema change on a relational database is not easy and straight-forward as it is on a NoSQL database

Answer 159

A

service that provides real-time access to changes in data in AWS services, your own applications, and software as a service (SaaS) applications without writing code
EventBridge Scheduler is a serverless task scheduler that simplifies creating, executing, and managing millions of schedules across AWS services without provisioning or managing underlying infrastructure

Answer 160

A

lets you coordinate multiple AWS services into serverless workflows
- user can design and run workflows that stitch together services such as AWS Lambda, AWS Glue and Amazon SageMaker
- cannot be used to run a process on a schedule.

Answer 161

A

Tape Gateway, File Gateway and Volume Gateway

AWS Storage Gateway is a hybrid cloud storage service that connects your existing on-premises environments with the AWS Cloud. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. These include moving tape backups to the cloud, reducing on-premises storage with cloud-backed file shares, providing low latency access to data in AWS for on-premises applications, as well as various migration, archiving, processing, and disaster recovery use cases.

AWS Storage Gateway service provides three different types of gateways – Tape Gateway, File Gateway, and Volume Gateway – that seamlessly connect on-premises applications to cloud storage, caching data locally for low-latency access.

Answer 162

A

You should use the AWS Enterprise On-Ramp Support plan if you have production/business critical workloads in AWS and want 24x7 access to technical support and need expert guidance to grow and optimize in the Cloud. AWS Enterprise On-Ramp Support plan provides 24x7 phone, email and chat access to technical support however it’s costlier than the AWS Business Support plan.

Answer 163

A

You should use the AWS Developer Support plan if you are testing or doing early development on AWS and want the ability to get email based technical support during business hours as well as general architectural guidance as you build and test. This plan does not support 24x7 phone based technical support.

Answer 164

A

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection.

Answer 165

A

acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic
Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance
-only have “allow” rules
-cannot use the security groups to block users from certain geographies

Answer 166

A

industry-leading cloud big data platform for processing vast amounts of data using open source tools such as Hadoop, Apache Spark, Apache Hive, Apache HBase, Apache Flink, Apache Hudi, and Presto
can be used to provision resources to run big data workloads on Hadoop clusters

Answer 167

A

allows organizations to create and manage catalogs of IT services that are approved for use on AWS
can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures

Answer 168

A

professional services firm that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their migration to AWS cloud

Answer 169

A

provides hardware, connectivity services, or software solutions that are either hosted on or integrated with, the AWS Cloud

Answer 170

A

online tool that provides you real-time guidance to help you provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits, and performance improvement
recommendations provided by Trusted Advisor regularly help keep your solutions provisioned optimally
customers get access to the seven core Trusted Advisor checks to help increase the security and performance of the AWS environment

Answer 171

A

AWS billing and account experts that specialize in working with enterprise accounts
will quickly and efficiently assist you with your billing and account inquiries
only available for the Enterprise Support plan

Answer 172

A

replicate data automatically across your choice of AWS Regions and automatically scale capacity to accommodate your workloads
globally distributed applications can access data locally in the selected regions to get single-digit millisecond read and write performance

Answer 173

A

in-memory cache that delivers fast read performance for your tables at scale by enabling you to use a fully managed in-memory cache
can improve the read performance of your DynamoDB tables by up to 10 times—taking the time required for reads from milliseconds to microseconds

Answer 174

A

all DB instances have read/write capability

Answer 175

A

helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application
create collections of Amazon EC2 instances, called Auto Scaling groups
specify the minimum number of instances in each Auto Scaling group, and Amazon EC2 Auto Scaling ensures that your group never goes below this size.

Answer 176

A

web service that provides secure, resizable compute capacity in the cloud with support for per-second billing
easiest way to provision servers on AWS Cloud and access the underlying OS

Answer 177

A

system that is available is capable of delivering the designed functionality at a given point in time
Highly available systems are those that can withstand some measure of degradation while still remaining available
you can run instances for an application in a multi-AZ deployment to achieve High Availability

Answer 178

A

horizontal scaling operation refers to an increase in capacity by adding more computers to the system
in contrast to a “scale up” operation, which is constrained to running its processes on only one computer; in such systems, the only way to increase performance is to add more resources into one computer in the form of faster (or more) CPUs, memory or storage. Horizontally scalable systems are oftentimes able to outperform vertically scalable systems by enabling parallel execution of workloads and distributing those across many different computers. Auto Scaling Group is an example of Horizontal Scaling on AWS.

Answer 179

A

vertical scaling operation implies adding more resources (like CPU, RAM) to a single node or machine. Example- Resizing an instance of EC2.

Answer 180

A

ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve

Answer 181

A

allow you to use select AWS services, like compute and storage services, closer to more end-users, providing them very low latency access to the applications running locally
connected to the parent region via Amazon’s redundant and very high bandwidth private network, giving applications running in AWS Local Zones fast, secure, and seamless access to the rest of AWS services
use AWS Local Zones to deploy workloads closer to your end-users for low-latency requirements
supports AWS Direct Connect, so resources created in the Local Zone can serve local end-users with very low-latency communications

Answer 182

A

site that CloudFront uses to cache copies of the content for faster delivery to users at any location

Answer 183

A

extends the AWS cloud to a global network of 5G edge locations to enable developers to innovate and build a whole new class of applications that require ultra-low latency
provide a high-bandwidth, secure connection to the parent AWS Region, allowing developers to seamlessly connect to the full range of services in the AWS Region through the same APIs and toolsets

Answer 184

A

can be used to store, manage, and deploy Docker container images
eliminates the need to operate your container repositories
does not support running container applications.

Answer 185

A

web service that provides secure, resizable compute capacity in the cloud
designed to make web-scale cloud computing easier for developers
not a free service; pay for what you use or depending on the plan you choose

Answer 186

A

AWS community platform where people can help each other

Answer 187

A

technical content authored by AWS and the AWS community to expand your knowledge of the cloud
includes technical whitepapers, technical guides, reference material, and reference architecture diagrams
You can find useful content for your deployment, but it is not a service that will deploy technologies

Answer 188

A

allows marketers and developers to deliver customer-centric engagement experiences by capturing customer usage data to draw real-time insights

Answer 189

A

provides you with significant savings (up to 75%) on your Amazon EC2 costs compared to On-Demand Instance pricing
is not a physical instance, but rather a billing discount applied to the use of On-Demand Instances in your account
can purchase a Reserved Instance (RI) for a one-year or three-year commitment, with the three-year commitment offering a bigger discount
cannot be interrupted

Answer 190

A

instance that you use on-demand
full control over its lifecycle — you decide when to launch, stop, hibernate, start, reboot, or terminate it
no long-term commitment required when you purchase On-Demand Instances
no upfront payment and you pay only for the seconds that your On-Demand Instances are running
price per second for running an On-Demand Instance is fixed
On-demand instances cannot be interrupted; not as cost-effective as reserved instances

Answer 191

A

unused EC2 instance that is available for less than the On-Demand price
enable you to request unused EC2 instances at steep discounts (up to 90%)
well-suited for data analysis, batch jobs, background processing, and optional tasks
can be terminated at short notice, so these are not suitable for critical workloads that need to run at a specific point in time

Answer 192

A

allows you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2 so that you get the flexibility and cost-effectiveness of using your licenses, but with the resiliency, simplicity, and elasticity of AWS
physical server fully dedicated for your use, so you can help address corporate compliance requirement
not cost-efficient compared to an On-Demand instance

Answer 193

A

fully-managed service that provides you with an interactive browser-based shell and CLI experience
helps provide secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, and manage SSH keys
helps to enable compliance with corporate policies that require controlled access to instances, increase security and auditability of access to the instances while providing simplicity and cross-platform instance access to end-users

Answer 194

A

provides a simple and secure way to connect to your Linux instances using Secure Shell (SSH)
use AWS Identity and Access Management (IAM) policies and principals to control SSH access to your instances, removing the need to share and manage SSH keys
will need port 22 to be open for traffic. Therefore, not the correct option here.

Answer 195

A

fully managed database service built for the cloud that makes it easier to build and run graph applications. It’s not the right fit to store recommendation results with the LEAST operational overhead for any scale.

Answer 196

A

fully managed, serverless, key-value NoSQL database designed to run high-performance applications at any scale
-offers built-in security, continuous backups, automated multi-region replication, in-memory caching, and data export tools
replicate data automatically across your choice of AWS Regions and automatically scale capacity to accommodate your workloads
globally distributed applications can access data locally in the selected regions to get single-digit millisecond read and write performance

Answer 197

A

used to automatically distribute your incoming application traffic across all the EC2 instances that you are running
use Elastic Load Balancing to manage incoming requests by optimally routing traffic so that no one instance is overwhelmed
acts as a single point of contact for all incoming web traffic to your application
when an instance is added, it needs to register with the load balancer or no traffic is routed to it
when an instance is removed, it must deregister from the load balancer or traffic continues to be routed to it

Answer 198

A

makes it easy for you to perform interactive log analytics, real-time application monitoring, website search, and more
open source, distributed search and analytics suite derived from Elasticsearch

Answer 199

A

creates a secure connection between your data center or branch office and your AWS cloud resources
connection goes over the public internet

Answer 200

A

easy to use, high-performance block storage service
designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction-intensive workloads at any scale

Answer 201

A

fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads
makes it easy to store, query, and index JSON data.

Answer 202

A

highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications
using SNS topics, your publisher systems can fan-out messages to a large number of subscriber endpoints for parallel processing, including Amazon SQS queues, AWS Lambda functions, and HTTP/S webhooks
SNS can be used to fan out notifications to end users using mobile push, SMS, and email.

Answer 203

A

defends against most common, frequently occurring network and transport layer DDoS attacks that target your website or applications
helps protect all AWS customers, you get better protection if you are using Amazon CloudFront and Amazon Route 53
all AWS customers benefit from the automatic protections at no additional charge

Answer 204

A

includes intelligent DDoS attack detection and mitigation for not only for network layer (layer 3) and transport layer (layer 4) attacks but also for application layer (layer 7) attacks
paid service that provides additional protections for internet-facing applications

Answer 205

A

provides customers with concierge-like service where the main focus is helping the customer achieve their outcomes and find success in the cloud
24x7 technical support from high-quality engineers, tools and technology to automatically manage the health of your environment, consultative architectural guidance delivered in the context of your applications and use-cases, and a designated Technical Account Manager (TAM) to coordinate access to proactive/preventative programs and AWS subject matter experts
access to guidance, configuration, and troubleshooting of AWS interoperability with many common operating systems, platforms, and application stack components

Answer 206

A

use if you have production workloads on AWS and want 24x7 phone, email and chat access to technical support and architectural guidance in the context of your specific use-cases
get full access to AWS Trusted Advisor Best Practice Checks
get access to guidance, configuration, and troubleshooting of AWS interoperability with many common operating systems, platforms, and application stack components

Answer 207

A

only provides access to the following:

Customer Service & Communities - 24x7 access to customer service, documentation, whitepapers, and support forums. AWS Trusted Advisor - Access to the core Trusted Advisor checks and guidance to provision your resources following best practices to increase performance and improve security. AWS Health - Your Account Health Dashboard : A personalized view of the health of your AWS services, and alerts when your resources are impacted.

Answer 208

A

use if you are testing or doing early development on AWS and want the ability to get email-based technical support during business hours
also supports general guidance on how services can be used for various use cases, workloads, or applications
no access to Infrastructure Event Management

Answer 209

A

recommends optimal AWS resources for your workloads to reduce costs and improve performance by using machine learning to analyze historical utilization metrics
Over-provisioning resources can lead to unnecessary infrastructure costs, and under-provisioning resources can lead to poor application performance
helps you choose optimal configurations for three types of AWS resources: Amazon EC2 instances, Amazon EBS volumes, and AWS Lambda functions, based on your utilization data

Answer 210

A

SDKs take the complexity out of coding by providing language-specific APIs for AWS services
= AWS SDK for JavaScript simpliﬁes the use of AWS Services by providing a set of libraries that are consistent and familiar for JavaScript developers
- provides support for API lifecycle considerations such as credential management, retries, data marshaling, serialization, and deserialization
- offered in several programming languages to make it simple for developers working on different programming and scripting languages
- can help with using AWS services from within an application using language-specific APIs

Answer 211

A

web application that comprises and refers to a broad collection of service consoles for managing AWS
home page provides access to each service console as well as an intuitive user interface for exploring AWS and getting helpful tips

Answer 212

A

designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead
works by storing objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access

Answer 213

A

secure, durable, and extremely low-cost S3 cloud storage class for data archiving and long-term backup
designed to deliver 99.999999999% durability, and provide comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements

Answer 214

A

EC2 instance that runs in a virtual private cloud (VPC) on hardware that’s dedicated to a single customer
Dedicated Instances that belong to different AWS accounts are physically isolated at the hardware level
However, Dedicated Instances may share hardware with other instances from the same AWS account that are not Dedicated Instances
cannot use Dedicated Instances for using server-bound software licenses

Answer 215

A

is a threat detection service that monitors malicious activity and unauthorized behavior to protect your AWS account. GuardDuty analyzes billions of events across your AWS accounts from AWS CloudTrail (AWS user and API activity in your accounts), Amazon VPC Flow Logs (network traffic data), and DNS Logs (name query patterns). This service is for AWS account level access, not for instance-level management like an EC2. GuardDuty cannot be used to check OS vulnerabilities.

Answer 216

A

ability of a system to recover from infrastructure or service disruptions, by dynamically acquiring computing resources to meet demand, and mitigate disruptions

Answer 217

A

measurement of a system’s ability to grow to accommodate an increase in demand, or shrink down to a diminishing demand

Answer 218

A

managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers on AWS
reduces your operational responsibilities by managing the provisioning, setup, and maintenance of message brokers for you
connects to your current applications with industry-standard APIs and protocols
can easily migrate to AWS without having to rewrite code

Answer 219

A

enables you to build custom applications that process or analyze streaming data for specialized needs
continuously add various types of data such as clickstreams, application logs, and social media to an Amazon Kinesis data stream from hundreds of thousands of sources

Answer 220

A

focuses on demonstrating how the cloud will help accelerate your business outcomes

Answer 221

A

focuses on identifying capability gaps across the six AWS CAF perspectives, identifying cross-organizational dependencies, and surfacing stakeholder concerns and challenges

Answer 222

A

focuses on delivering pilot initiatives in production and on demonstrating incremental business value

Answer 223

A

focuses on expanding production pilots and business value to desired scale and ensuring that the business benefits associated with your cloud investments are realized and sustained

Answer 224

A

Amazon FSx for Windows File Server

Amazon FSx for Windows File Server provides fully managed, highly reliable, and scalable file storage that is accessible over the industry-standard Service Message Block (SMB) protocol. It is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-user file restore, and Microsoft Active Directory (AD) integration.

To support a wide spectrum of workloads, Amazon FSx provides high levels of throughput, IOPS and consistent sub-millisecond latencies. Amazon FSx is accessible from Windows, Linux, and macOS compute instances and devices.

For Windows-based applications, Amazon FSx provides fully managed Windows file servers with features and performance optimized for “lift-and-shift” business-critical application workloads including home directories (user shares), media workflows, and ERP applications. It is accessible from Windows and Linux instances via the SMB protocol.

Brainscape's Knowledge GenomeTM

Test prep Flashcards

Brainscape's Knowledge Genome^TM