Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS > the 65 > Flashcards

the 65 Flashcards

1
Q

What’s the maximum amount of data you can store in a Redshift cluster when using dense storage nodes?

  • 236 TB
  • 326 PB
  • 2 TB
  • 326 TB
  • 2 PB
A
  • 2 PB

Dense storage nodes can be used in a cluster to store up to 2 PB of data. Dense compute nodes can be used to store up to 326 TB of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is a valid CIDR for a VPC or subnet?

  • 10.0.0.0/8
  • 10.0.0.0/15
  • 10.0.0.0/28
  • 10.0.0.0/29

A VPC or subnet CIDR can have a size between /16 and /28 inclusive, so 10.0.0.0/28 would be the only valid CIDR.

A
  • 10.0.0.0/28

A VPC or subnet CIDR can have a size between /16 and /28 inclusive, so 10.0.0.0/28 would be the only valid CIDR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is true of a new security group?
- It contains an inbound rule denying access from any IP address.

  • It contains an inbound rule allowing access from any IP address.
  • It contains an inbound rule denying access from public IP addresses.
  • It contains an outbound rule denying access to public IP addresses.
  • It contains an outbound rule allowing access to any IP address.
A
  • It contains an outbound rule allowing access to any IP address.

When you create a security group, it contains an outbound rule that allows access to any IP address. It doesn’t contain an inbound rule by default. Security group rules can only permit access, not deny it, so any traffic not explicitly allowed will be denied.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is true of a VPC peering connection?

  • It’s a private connection that connects more than three VPCs.
  • It’s a public connection between two VPCs.
    Correct Answer
  • It’s a private connection between two VPCs.
  • It’s a virtual private network (VPN) connection between two VPCs.

A VPC peering connection is a private connection between only two VPCs. It uses the private AWS network, and not the public internet. A VPC peering connection is different than a VPN connection.

A
  • It’s a private connection between two VPCs.

A VPC peering connection is a private connection between only two VPCs. It uses the private AWS network, and not the public internet. A VPC peering connection is different than a VPN connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following are true about registering a domain name with Route 53? (Select TWO.)

  • The registrar you use to register a domain name determines who will host DNS for that domain.
  • Route 53 creates a public hosted zone for the domain.
  • Route 53 creates a private hosted zone for the domain.
  • You can register a domain name for a term of up to 10 years.
A

Route 53 creates a public hosted zone for the domain.

  • You can register a domain name for a term of up to 10 years.

When you register a domain name, you can choose a term between 1 year and 10 years. If you use Route 53, it will automatically create a public hosted zone for the domain. The registrar and DNS hosting provider don’t have to be the same entity, but often are.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following Route 53 routing policies doesn’t use health checks?

  • Geolocation
  • Simple
  • Latency
  • Multivalue Answer
A
  • Simple

All Route 53 routing policies except for Simple can use health checks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have two EC2 instances hosting a web application. You want to distribute 20 percent of traffic to one instance and 80 percent to the other. Which of the following Route 53 routing policies should you use?

  • Failover
  • Multivalue Answer
  • Simple
  • Weighted
A
  • Weighted

A Weighted routing policy lets you distribute traffic to endpoints according to a ratio that you define. None of the other routing policies allows this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You want to provide private name resolution for two VPCs using the domain name company.pri. How many private hosted zones do you need to create?

  • 4
  • 2
  • 3
  • 1

Route 53 private hosted zones provide DNS resolution for a single domain name within multiple VPCs. Therefore, to support resolution of one domain names for two VPCs, you’d need one private hosted zone.

A
  • 1

Route 53 private hosted zones provide DNS resolution for a single domain name within multiple VPCs. Therefore, to support resolution of one domain names for two VPCs, you’d need one private hosted zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

From where does CloudFront retrieve content to store for caching?

  • Origins
  • Edge locations
  • Regions
  • Distributions
A
  • Origins

A CloudFront origin is the location that a distribution sources content from. Content is stored in edge locations. A distribution defines the edge locations and origins to use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You need to deliver content to users in the United States and Canada. Which of the following edge location options will be the most cost effective for your CloudFront distribution?

  • All edge locations
  • United States, Canada, and Europe
  • United States, Canada, Europe, and Asia
  • United States, Canada, Europe, Asia, and Africa
A
  • United States, Canada, and Europe

The more edge locations you use for a distribution, the more you’ll pay. Selecting the minimum number of locations will be the most cost effective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following are valid origins for a CloudFront distribution? (Select TWO.)

  • A public S3 bucket
  • A private S3 bucket that you don’t have access to
  • EC2 instance
  • A private S3 bucket that you own

An origin can be an EC2 instance or a public S3 bucket. You can’t use a private S3 bucket as an origin.

A
  • A public S3 bucket
  • EC2 instance

An origin can be an EC2 instance or a public S3 bucket. You can’t use a private S3 bucket as an origin.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What formats do CloudFormation templates support? (Select TWO.)

  • XML
  • HTML
  • JSON
  • YAML

CloudFormation templates are written in the YAML or JSON format.

A
  • JSON
  • YAML

CloudFormation templates are written in the YAML or JSON format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why would you use CloudFormation to automatically create resources for a development environment instead of creating them using AWS CLI commands? (Select TWO.)

  • CloudFormation stack updates help ensure that changes to one resource won’t break another.
  • Resources created by CloudFormation always work as expected.

Correct Answer
- Resources CloudFormation creates are organized into stacks and can be managed as a single unit.

  • CloudFormation can provision resources faster than the AWS CLI.
A
  • CloudFormation stack updates help ensure that changes to one resource won’t break another.
  • Resources CloudFormation creates are organized into stacks and can be managed as a single unit.

Resources CloudFormation creates are organized into stacks. When you update a stack, CloudFormation analyzes the relationships among resources in the stack and updates dependent resources as necessary. This does not, however, mean that any resource you create using CloudFormation will work as you expect. Provisioning resources using CloudFormation is not necessarily faster than using the AWS CLI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In the context of CodeCommit, what can differencing accomplish?

  • Understanding what code change introduced a bug
  • Seeing when an application was last deployed
  • Deleting duplicate lines of code
  • Allowing reverting to an older version of a file
  • Differencing lets you see the differences between two versions of a file, which can be useful when figuring out what change introduced a bug.
A
  • Understanding what code change introduced a bug

Versioning, not differencing, is what allows reverting to an older version of a file. Differencing doesn’t identify duplicate lines of code or tell you when an application was deployed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which CodeBuild build environment compute types support Windows operating systems? (Select TWO.)

Correct Answer
build.general1.medium
Correct Answer

build.general1.large

build.general2.large
build.windows1.small
build.general1.small
Build.general1.medium and build.general1.large support Windows and Linux operating systems. Build.general1.small supports Linux only. The other compute types don’t exist.

A
  • build.general1.medium
  • build.general1.large

Build.general1.medium and build.general1.large support Windows and Linux operating systems. Build.general1.small supports Linux only. The other compute types don’t exist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following can CodeDeploy do? (Select THREE.)

  • Deploy a website to an S3 bucket.
  • Deploy a Docker container to the Elastic Container Service.
  • Deploy an application to an Android smartphone.
    Correct Answer
  • Upgrade an application on an EC2 instance running Red Hat Enterprise Linux
  • Deploy an application to an on-premises Windows instance.
A
  • Deploy a Docker container to the Elastic Container Service.
  • Upgrade an application on an EC2 instance running Red Hat Enterprise Linux
  • Deploy an application to an on-premises Windows instance.

CodeDeploy can deploy application files to Linux or Windows EC2 instances and Docker containers to ECS. It can’t deploy an application to smartphones, and it can’t deploy files to an S3 bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You want to predefine the configuration of EC2 instances that you plan to launch manually and using Auto Scaling. What resource must you use?

  • Launch template
  • Launch configuration
  • CloudFormation template
  • Instance role
A
  • Launch template

A launch template can be used to launch instances manually and with EC2 Auto Scaling. A launch configuration can’t be used to launch instances manually. An instance role is used to grant permissions to applications running on an instance. Auto Scaling can’t provision instances using a CloudFormation template.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

An Auto Scaling group has a desired capacity of 7 and a maximum size of 7. What will Auto Scaling do if someone manually terminates one of these instances?

  • It will change the desired capacity to 6.
  • It will terminate one instance
    Correct Answer
  • It will launch one new instance.
  • It will not launch any new instances.
A
  • It will launch one new instance.

Auto Scaling will use self-healing to replace the failed instance to maintain the desired capacity of 7. Terminating an instance or failing to replace the failed one will result in 6 instances. Auto Scaling won’t ever change the desired capacity in response to a failed instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What type of AWS Systems Manager document can run Bash or PowerShell scripts on an EC2 instance?

  • Command document
  • Script document
  • Run document
  • Automation document
A
  • Command document

A Command document can execute commands on an EC2 instance. An Automation document can perform administrative tasks on AWS, such as starting or stopping an instance. There is no such thing as a Script document or a Run document.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following OpsWorks services uses Chef recipes?

  • AWS OpsWorks Layers
  • AWS OpsWorks for Puppet Enterprise
    Correct Answer
  • AWS OpsWorks Stacks
  • AWS OpsWorks for Automation
  • AWS OpsWorks Stacks uses Chef recipes, while AWS OpsWorks for Puppet Enterprise uses Puppet modules.
A
  • AWS OpsWorks Stacks

There is no service called AWS OpsWorks Layers or AWS OpsWorks for Automation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following OpsWorks Stacks layers contains at least one EC2 instance?

  • Relational Database Service (RDS) layer
  • Elastic Container Service (ECS) cluster layer
  • Elastic Load Balancing (ELB) layer
  • OpsWorks layer
  • EC2 Auto Scaling layer
A
  • OpsWorks layer

Only an OpsWorks layer contains at least one EC2 instance. There’s no such thing as an EC2 Auto Scaling layer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following are examples of applying the principles of the least privilege or maximum security?

  • Granting each AWS user their own IAM username and password
  • Creating a security group rule to deny access to unused ports
  • Deleting an empty S3 bucket
  • Enabling S3 versioning
A
  • Granting each AWS user their own IAM username and password
  • Enabling S3 versioning

Security is about protecting the confidentiality, integrity, and availability of data. Granting each AWS user their own IAM username and password makes it possible to ensure the confidentiality of data. Enabling S3 versioning protects the integrity of data by maintaining a backup of an object. Deleting an empty S3 bucket doesn’t help with any of these. It’s not possible to create a security group rule that denies access to unused ports since security groups deny any traffic that’s not explicitly allowed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following can help achieve cost optimization? (Select TWO.)

  • Deleting unused S3 objects
  • Deleting unused VPCs
  • Deleting empty S3 buckets
  • Deleting unused application load balancers
A
  • Deleting unused S3 objects
  • Deleting unused application load balancers

Deleting unused S3 objects and unused application load balancers can reduce costs since you’re charged for both. Deleting unused VPCs and empty S3 buckets won’t reduce costs since they don’t cost anything.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following is a key component of operational excellence?

  • Adding more security personnel
  • Making people work longer hours
  • Automating manual processes
  • Making minor improvements to bad processes
A
  • Automating manual processes

Operational excellence is concerned with strengthening the other four pillars of reliability, performance efficiency, security, and cost optimization; automation is the key to achieving each of these. Improving bad processes and making people work longer hours run counter to achieving operational excellence. Adding more security personnel may be a good idea, but it isn’t a key component of operational excellence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Your default VPC in the us-west-1 Region has three default subnets. How many Availability Zones are in this Region?

  • 3
  • 5
  • 4
  • 2
A
  • 3

In a default VPC, AWS creates a subnet for each Availability Zone in the Region. Hence, if there are three subnets in the default VPC, there must be three Availability Zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

How does an application load balancer enable reliability?

  • By replacing failed instances
  • By caching frequently accessed content
  • By routing traffic to the least busy instances
  • By routing traffic away from failed instances
A
  • By routing traffic away from failed instances

An application load balancer can use health checks to identify failed instances and remove them from load balancing. This can prevent a user from ever reaching a failed instance. A load balancer can’t replace a failed instance, but Auto Scaling can. An application load balancer distributes traffic to instances using a round-robin algorithm, not based on how busy those instances are. An application load balancer doesn’t cache content.

27
Q

Which of the following contains the configuration information for instances in an Auto Scaling group?

  • CloudFormation template
  • Launch template
  • Launch directive
  • Dynamic scaling policy
A
  • Launch template

A launch template tells Auto Scaling how to configure the instances it provisions. A dynamic scaling policy controls how Auto Scaling scales in and out based on CloudWatch metrics. There’s no such thing as a launch directive. Auto Scaling does not reference a CloudFormation template, but you can use a CloudFormation template to create a stack that contains a launch template.

28
Q

You’ve created a target tracking policy for an Auto Scaling group. You want to ensure that the number of instances in the group never exceeds 5. How can you accomplish this?

  • Delete the target tracking policy.
  • Set the minimum group size to 5.
  • Set the maximum group size to 5.
  • Set the group size to 5.
A
  • Set the maximum group size to 5.

The maximum group size limits the number of instances in the group. Setting the group size (also known as the desired capacity) or minimum group size to 5 would increase the number of instances to 5 but would not stop Auto Scaling from subsequently adding more instances. Deleting the target tracking policy would not necessarily prevent the number of instances in the group from growing, as another process such as a scheduled scaling policy could add more instances to the group.

29
Q

Which of the following features of S3 improve the security of data you store in an S3 bucket? (Select TWO.)

  • S3 removes public objects by default.
  • All objects are readable by all AWS users by default.
  • By default, S3 removes ACLs that allow public read access to objects.
  • Objects in S3 are not public by default
A
  • By default, S3 removes ACLs that allow public read access to objects.
  • Objects in S3 are not public by default

Objects you upload to an S3 bucket are not public by default, nor are they accessible to all AWS users. Even if you try to make an object public using an ACL, S3 will immediately remove the ACL, but you can disable this behavior. S3 never removes objects by default.

30
Q

Which of the following is required to enable S3 static website hosting on a bucket?

  • Disable default encryption.
  • Enable object versioning.
  • Disable object versioning.
  • Make all objects in the bucket public.
  • Enable bucket hosting in the S3 service console
A
  • Enable bucket hosting in the S3 service console

To have S3 host your static website, you need to enable bucket hosting in the S3 service console. It’s not necessary to disable or enable default encryption or object versioning. There’s also no need to make all objects in the bucket public, but only those that you want S3 to serve up.

31
Q

You’ve created a static website hosted on S3 and given potential customers the URL that consists of words and numbers. They’re complaining that it’s too hard to type in. How can you come up with a friendlier URL?

  • Re-create the bucket using only words in the name.
  • Re-create the bucket in a different Region.
  • Re-create the bucket using only numbers in the name.
  • Use a custom domain name.
A
  • Use a custom domain name.

Purchasing and using a custom domain name is the best option for a friendly URL. You need to name the bucket the same as the domain name. Creating a bucket name with only words is unlikely to work, regardless of Region, as bucket names must be globally unique. A bucket name can’t start with a number.

32
Q

Which of the following can impact the reliability of a web application running on EC2 instances?

  • Provisioning too many instances.
  • Not replacing a misconfigured resource that the application depends on.
  • Taking EBS snapshots of the instances.
  • The user interface is too difficult to use.
A
  • Not replacing a misconfigured resource that the application depends on.

The reliability of an application can be impacted by the failure of resources the application depends on. One way a resource can fail is if it’s misconfigured. Taking EBS snapshots of an instance or provisioning more instances than you need won’t impact reliability. The user interface being difficult to use might be an annoyance for the user but doesn’t affect the actual reliability of the application.

33
Q

You have a public web application running on EC2 instances. Which of the following factors affecting the performance of your application might be out of your control?

  • Compute
  • Network
  • Storage
  • Database
A
  • Network

You may have control over your VPC, but the rest of the network between your application and users on the internet is not under your control. Compute, storage, and any database your application uses are, or at least theoretically could be, under your control.

34
Q

An Auto Scaling group can use an EC2 system health check to determine whether an instance is healthy. What other type of health check can it use?

  • VPC
  • ELB
  • S3
  • SNS
A
  • ELB

An Auto Scaling group can use an ELB health check to determine whether an instance is healthy. There is no such thing as an S3 health check, a VPC health check, or an SNS health check.

35
Q

You’re hosting a static website on S3. Your web assets are stored in the US East 1 Region in the bucket named mygreatwebsite. What is the URL of the website?

  • http://mygreatwebsite.s3-website-us-east-1.amazonaws.com
  • http://mygreatwebsite.s3-us-east-1.amazonaws.com
  • http://mygreatwebsite.s3.amazonaws.com
  • http://mygreatwebsite.s3-website-us-east.amazonaws.com
A
  • http://mygreatwebsite.s3-website-us-east-1.amazonaws.com

The format of the URL is the bucket name, followed by s3-website-, the Region identifier, and then amazonaws.com.

36
Q

What are some key benefits often available for applications run on a large cloud platform like AWS? (Select TWO.)

  • Improved infrastructure reliability
  • Improved developer-admin communications
  • Improved data security
  • Improved turnaround for new application code releases
A
  • Improved infrastructure reliability
  • Improved data security

Amazon’s size and scale allow it to implement best security and reliability practices. Its size alone is, however, unlikely to directly impact your team’s code commit or communication processes.

37
Q

Which of the following best describes infrastructure redundancy?

  • Increasing the size of deployed resources to meet changing user demand
  • Increasing the number of deployed resources to meet changing user demand
  • Maintaining secure network connections to control incoming access
  • Maintaining copies of application data across multiple physical locations
A
  • Maintaining copies of application data across multiple physical locations

Your assets are redundant when they’re replicated in a way that ensures they’ll survive the failure of one set. Increasing the number of deployed resources is known as horizontal scaling. Increasing the size of deployed resources is known as vertical scaling. Controlling network access is not a function of redundancy.

38
Q

Which of the following best describes infrastructure elasticity?

  • Maintaining copies of application data across multiple physical locations
  • Manually setting the number of deployed resources to meet changing user demand
  • The presence of automated, pay-as-you-go access to new resources
  • Configuring applications to be easily resizable without manual intervention
A
  • Configuring applications to be easily resizable without manual intervention

Automation is a key characteristic of elasticity. Maintaining multiple copies is redundancy. Pay-as-you-go access to resources is a contributing element of elasticity, but it’s not its best description.

39
Q

Process automation is a key element of successful cloud deployments. Which of these contribute the most to Amazon’s cloud automation? (Select TWO.)

  • Server virtualization
  • Elasticity
  • AWS Command Line Interface (CLI) access
  • Metered service payments
A
  • AWS Command Line Interface (CLI) access
  • Metered service payments

Metered payments and scripted (CLI) access are direct drivers of the efficiencies of automation. Elasticity and virtualization can be important pieces of the automation puzzle, but their contribution isn’t as direct.

40
Q

What is the main benefit of server virtualization for cloud computing customers?

  • Virtualization allows cloud customers greater server security.
  • Virtualization allows cloud customers direct access to a wide range of compute choices.
  • Virtualization allows cloud customers access to a wider range of software choices.
  • Virtualization allows cloud customers more effective utilization of hardware resources.
A
  • Virtualization allows cloud customers direct access to a wide range of compute choices.

It’s true that virtualized environments can sometimes allow for enhanced hardware utilization and security, but that’s not primarily a benefit that’s specific to the cloud. Virtualization has very little to do with enhanced software choices.

41
Q

Which of the following contribute the most to Amazon’s ability to provide its cloud services at rates often below what they would cost locally? (Select TWO.)

  • Enhanced security
  • Distributed infrastructure
  • Virtualization
  • Automation
A
  • Virtualization
  • Automation

Amazon’s distributed infrastructure and enhanced security are powerful but have little or no impact on lower customer costs. Virtualization and automation both permit greater usage of AWS physical hardware and, thus, drive costs down.

42
Q

Which of the following best describes Amazon’s Elastic Beanstalk service?

  • Infrastructure as a service
  • Serverless workloads
  • Platform as a service
  • Software as a service
A
  • Platform as a service
    Because AWS manages all underlying infrastructure invisibly, Elastic Beanstalk is considered a platform-as- a-service (PaaS) environment. IaaS leaves most infrastructure administration in your hands. SaaS doesn’t allow the level of customization you find in Beanstalk, and a serverless tool (like Lambda) doesn’t provision a dedicated instance for your code the way Beanstalk does.
43
Q

What happens if your use of an AWS service goes over the Free Tier threshold?

  • Your AWS account will be temporarily suspended until you contact customer support.
  • Nothing. AWS has a “mercy” rule that permits up to 75 percent over-usage on the Free Tier limit.
  • You will receive an email alert, warning you that you might soon incur actual costs.
  • Your registered credit card will automatically be billed for any usage above the Free Tier limit.
A
  • Your registered credit card will automatically be billed for any usage above the Free Tier limit.

Going over your Free Tier limit is in no way a breach of AWS rules; on the contrary, it’s a normal and expected practice. Therefore, your account would not be suspended. By default, you will be sent a warning email before your usage goes past the Free Tier limit, not after. There is no “mercy” rule.

44
Q

Which of the following would be possible to run during your AWS account’s first year without incurring any charges?

  • An EC2 t2.micro instance and two 10 GB EBS volumes running 24/7 for 12 months
  • An EC2 t2.micro instance and one 25 GB EBS volume running 24/7 for 12 months
  • 900 MB worth of Docker container images stored on the Amazon Elastic Container Registry (ECR)
  • A static website consuming 8 GB of S3 storage
A
  • An EC2 t2.micro instance and two 10 GB EBS

Two 10 GB EBS volumes are within the Free Tier limit of 20 GB. The Free Tier only allows 5 GB of S3 storage and 500 MB of images in ECR.

45
Q

What is the purpose of the AWS Total Cost of Ownership (TCO) Calculator?

  • To enable quick and accurate estimates of the costs of running any application stack on AWS resources
  • To provide reports on your actual account spending trends
  • To enable apples-to-apples comparisons of the costs of complex local versus AWS- based deployments
  • To provide real-time pricing data for selected AWS services
A
  • To enable apples-to-apples comparisons of the costs of complex local versus AWS- based deployments

The TCO Calculator provides cost estimates comparing AWS versus local deployments. You should not consider the actual AWS service prices to be 100 percent current, and the report will not reflect any real-time costs related to your account. Use the Simple Monthly Calculator for quick and accurate estimates of the costs of running any application stack.

46
Q

What is the value of an “AWS Budgets” Usage budget?

  • Monitor account costs.
  • Monitor resource consumption.
  • Monitor the behavior of IAM users associated with your account.
  • Monitor reservation status.
A
  • Monitor resource consumption.

The Cost budget monitors account costs. The Reservation budget gives you status reports for your reservations (assuming there are any). Monitoring IAM users is outside the scope of AWS Budgets.

47
Q

To help you organize the way data is displayed in the -

  • Cost Explorer
  • To make tracking the billing impact of running resources easier
  • To help you quickly identify accounts within AWS Organizations
  • To make identifying resources running in your AWS account easier
A
  • To make tracking the billing impact of running resources easier

Unlike resource tags (which are meant to help you identify running resources within many contexts), cost allocation tags focus exclusively on the costs incurred by resources.

48
Q

Which of the following best describes AWS Organizations?

  • A tool for configuring your AWS Support preferences
  • A tool to centralize the administration of multiple AWS accounts
  • A tool to automate control over your account billing
  • A tool that permits resource collaboration between separate accounts
A
  • A tool to centralize the administration of multiple AWS accounts

AWS Organizations let you centralize the administration of multiple AWS accounts owned or controlled by a single company. It allows you to consolidate your billing operations, but it isn’t focused on billing automation, support settings, or resource collaboration.

49
Q

Which of the following would represent the approximate monthly AWS Business support tier cost for a company spending $40,000/month on AWS infrastructure?

  • $15,000
  • $4,000
  • $100
  • $2,800
A
  • $2,800

The Business support tier is billed at 7 percent when costs fall between $10,000 and $80,000. A company using the Enterprise support tier would pay the monthly minimum of $15,000 for a spend of $40,000.

50
Q

Which of the following services are available for accounts subscribed to the Basic support plan? (Select TWO.)

  • Business hours access to an AWS cloud support associate
  • Limited access to Trusted Advisor
  • Access to AWS white papers
  • Full access to Trusted Advisor
A
  • Limited access to Trusted Advisor
  • Access to AWS white papers

Basic-level subscribers get access to only partial access to Trusted Advisor and all publicly available AWS documentation (including white papers). They do not get to speak with AWS cloud support associates.

51
Q

Which of the following is available only for Enterprise support plan subscribers?

  • Access to a dedicated Technical Account Manager (TAM)
  • 24/7 access to senior cloud support engineers within 10 minutes
  • General guidance within 24 hours
  • Support for troubleshooting interoperability between AWS resources and third-party software and operating systems
A
  • Access to a dedicated Technical Account Manager (TAM)

General guidance within 24 hours is also available at the Developer and Business levels. Troubleshooting support is also available for Business customers. 24/7 access to engineers is available to Enterprise customers, but only within 15 minutes.

52
Q

Which documentation collection is most likely to contain comprehensive, curated solutions to common AWS deployment problems?

  • The official AWS FAQ
  • The AWS discussion forums
  • The AWS Knowledge Center
  • AWS service documentation pages
A
  • The AWS Knowledge Center

Service documentation pages don’t focus on solutions to problems. The solutions in the forum aren’t necessarily comprehensive or curated. There is no “official AWS FAQ.”

53
Q

Which of these Trusted Advisor alert categories will identify resources in your account that are unnecessarily vulnerable to service disruptions?

  • Service Limits
  • Fault Tolerance
  • Performance
  • Security
A
  • Fault Tolerance

The Performance category identifies configuration settings that might be blocking performance improvements. The Service Limits category identifies resource usage that’s approaching AWS Region or service limits. The Security category identifies any failures to use security best-practice configurations.

54
Q

Which of these Trusted Advisor alert categories are available only for accounts subscribed to Business or Enterprise support tiers? (Select TWO.)

  • Service Limits
  • Security
  • Cost Optimization
  • Fault Tolerance
A
  • Cost Optimization
  • Fault Tolerance

The Service Limits category and many Security alerts are available for all AWS customers.

55
Q

Which of the following AWS services are considered global rather than bound to a single AWS Region? (Select TWO.)

  • IAM
  • RDS
  • CloudFront
  • EC2
A
  • IAM
  • CloudFront

The Relational Database Service (RDS) and Elastic Compute Cloud (EC2) both provide instances in a single Region—unlike IAM and CloudFront, which are Region-independent.

56
Q

Which of the following most accurately describes an AWS Availability Zone?

  • The Network settings defining permitted external access to your AWS resources
  • The infrastructure resources of one of at least two physical data centers within a single AWS Region
  • The full set of infrastructure resources used by an AWS Region
  • The virtual compute, storage, and network resources used by at least three physical data centers
A
  • The infrastructure resources of one of at least two physical data centers within a single AWS Region

There is no special term used to describe all the resources of an AWS Region. Availability Zones are made up of at least two data centers, not three. Network access to resources is controlled by security groups, IAM policies, or access control groups, not by “Availability Zones.”

57
Q

Which of the following would correctly designate an Availability Zone in the US East (Ohio) Region?

  • us-east-2
  • us-east-2c
  • us-east-c
  • us-east-c2
A
  • us-east-2c

Availability Zones use the full designation of the parent Region (us-east2, in this case) and a letter for the specific zone.

58
Q

Which of the following are design approaches that can directly increase the performance reliability of your applications? (Select TWO.)

  • Use a content distribution network (CDN) like CloudFront to cache your content.
  • Run redundant resources in multiple Availability Zones
  • Locate resources geographically close to your users.
  • Incorporate Auto Scaling into your design.
A
  • Run redundant resources in multiple Availability Zones
  • Incorporate Auto Scaling into your design.

While geolocation and a good CDN can improve performance, they won’t have a direct impact on reliability.

59
Q

Which of the following AWS services provides Domain Name Services (DNS)?

  • Lambda Edge
  • CloudFront
  • Shield
  • Route 53
A
  • Route 53
60
Q

Which of the following AWS services would require the customer (i.e., you) to assume the least responsibility for administration? (Select TWO.)

  • Relational Database Service
  • Elastic Beanstalk
  • Elastic Compute Cloud
  • Route 53
A
  • Elastic Beanstalk

While RDS is a managed service, it’s not as fully managed as Beanstalk. EC2 gives you control over nearly the entire infrastructure powering your instance.

61
Q

Which of the following authentication tools is most commonly used for programmatic or automated access to AWS resources?

  • Multifactor authentication
  • Access keys
  • SSH key pairs
  • Passwords
A
  • Access keys

MFA and passwords are most commonly used for manual, direct logins to the AWS Management Console. SSH key pairs are used for SSH login sessions to EC2 instances. Access keys are generally incorporated into AWS CLI or coded access via an AWS API.

62
Q

Which of the following steps should ideally be taken on behalf of an AWS account’s root user? (Select THREE.)

  • Create access keys.
  • Apply multifactor authentication (MFA).
  • Set a complex password.
  • Delete associated access keys.
A
  • Federation

Single sign-on defines a user’s authorization status after authentication. IAM roles define the access allowed to a process. MFA is an authentication method.

63
Q

Which of the following describes managing user authentication through third-party authentication services?

  • IAM roles
  • Single sign-on
  • MFA
  • Federation
A

Which of the following describes managing user authentication through third-party authentication services?

  • IAM roles
  • Single sign-on
  • MFA
  • Federation
64
Q

Which of the following tools should be used regularly to provide insight into who has access to your account resources?

  • Credential report
  • Single sign-on
  • Federation
  • Encryption
A
  • Credential report

Encryption protects your data from unauthorized use. Federation and single sign-on are used to control account access. The credential report provides insight into who has access to your ac

AWS (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions