Topic 4, 1-152 Flashcards by Jose Barrera

Which AWS service is a content delivery network that securely delivers data, video, and applications to users globally with low latency and high speeds?

AWS CloudFormation
AWS Direct Connect
AmazonCloudFront
Amazon Pinpoint

Amazon CloudFront

How well did you know this?

Not at all

Perfectly

Which solution provides the FASTEST application response times to frequently accessed data to users in multiple AWS Regions?

AWS CloudTrail across multiple Availability Zones
Amazon CloudFront to edge locations
AWS CloudFormation in multiple regions
A virtual private gateway over AWS Direct Connect

Amazon CloudFront to edge locations

How well did you know this?

Not at all

Perfectly

Which AWS service can be used in the application deployment process?

AWS AppSync
AWS Batch
AWS CodePipeline
AWS DataSync

AWS CodePipeline

How well did you know this?

Not at all

Perfectly

Which benefit of the AWS clouds supporting matching the supply of resources with changing workloads demands?

Security
Reliability
Elasticity
High availability

Elasticity

How well did you know this?

Not at all

Perfectly

Which AWS tool cant they use?

AWS Trusted Advisor
AWS Systems Manager
AWS Config
AWS Service Catalog

AWS Trusted Advisor

How well did you know this?

Not at all

Perfectly

When a company provisions web servers in multiple AWS region what is being increased?

Coupting
Availability
Security
Durability

Availability

How well did you know this?

Not at all

Perfectly

What tasks should a customer perform when that customer suspects an AWS account has been compromised? (Select TWO)

Rotate passwords and access keys.
Remove MFA tokens.
Move resources to a different AWS Region.
Delete AWS CloudTrail Resources.
Contact AWS Support.

Rotate passwords and access keys.

Contact AWS Support.

How well did you know this?

Not at all

Perfectly

Where should users report that AWS resources are being used for malicious purposes?

AWS Abuse team

AWS Shield

AWS Support

AWS Developer Forums

AWS Abuse team

How well did you know this?

Not at all

Perfectly

Which management service can be used to set alarms for AWS resources?

Amazon CloudWatch
Amazon Simple Notification Service (Amazon SNS)
Amazon Simple Email Service (Amazon SES)
AWS CloudTrail

Amazon CloudWatch

How well did you know this?

Not at all

Perfectly

When comparing the total cost of ownership (TCO) of on-premises infrastructure to a cloud architecture, what costs should be considered? (Select TWO.)

The credit card processing fees for application transactions in the cloud.
The cost of purchasing and installing server hardware in the on-premises data.
The cost of administering the infrastructure, including the operating system and software installations, patches, backups, and recovering from failures.
The costs of third-party penetration testing.
The advertising costs associated with an ongoing enterprise-wide campaign.

The cost of purchasing and installing server hardware in the on-premises data.

The cost of administering the infrastructure, including the operating system and software installations, patches, backups, and recovering from failures

How well did you know this?

Not at all

Perfectly

What does AWS Marketplace allow users to do? (Choose two.)

Sell unused Amazon EC2 Spot Instances.
Sell solutions to other AWS users.
Buy third-party software that runs on AWS.
Purchase AWS security and compliance documents.
Order AWS Snowball.

Sell solutions to other AWS users.

Buy third-party software that runs on AWS.

How well did you know this?

Not at all

Perfectly

According to the AWS shared responsibility model, what is AWS responsible for?

Configuring Amazon VPC
Managing application code
Maintaining application traffic
Managing the network infrastructure

Managing the network infrastructure

How well did you know this?

Not at all

Perfectly

What does it mean if a user deploys a hybrid cloud architecture on AWS?

All resources run using the on-premises infrastructure.
Some resources run on-premises and some run in a colocation center.
All resources run in the AWS Cloud.
Some resources run on-premises and some run in the AWS Cloud.

Some resources run on-premises and some run in the AWS Cloud

How well did you know this?

Not at all

Perfectly

Which architectural principle is used when deploying an Amazon Relational Database Service (Amazon RDS) instance in Multiple Availability Zone mode?

Implement loose coupling.
Design for failure.
Automate everything that can be automated.
Use services, not servers.

Design for failure.

How well did you know this?

Not at all

Perfectly

Treating infrastructure as code in the AWS Cloud allows users to:

automate migration of on-premises hardware to AWS data centers.
let a third party automate an audit of the AWS infrastructure.
turn overapplication code to AWS so it can run on the AWS infrastructure.
automate the infrastructure provisioning process.

automate the infrastructure provisioning process.

How well did you know this?

Not at all

Perfectly

A Cloud Practitioner needs to store data for 7 years to meet regulatory requirements.
Which AWS service will meet this requirement at the LOWEST cost?

Amazon S3
AWS Snowball
Amazon Redshift
Amazon S3 Glacier

Amazon S3 Glacier

How well did you know this?

Not at all

Perfectly

Which Amazon EC2 pricing model is the MOST cost-efficient for an uninterruptible workload that runs once a year for 24 hours?

On-Demand Instances
Reserved Instances
Spot Instances
Dedicated Instances

On-Demand Instances

How well did you know this?

Not at all

Perfectly

According to the AWS Well-Architected Framework, what change management steps should be taken to achieve reliability in the AWS Cloud? (Select TWO.)

Use AWS Contig to generate an inventory of AWS resources
Use service limits to prevent users from creating or making changes to AWS resources.
Use AWS CloudTrail to record AWS API calls into an auditable log file
Use AWS Certificate Manager to whitelist approved AWS resources and services.
Use Amazon GuardDuty to validate configuration changes made to AWS resources

Use service limits to prevent users from creating or making changes to AWS resources.

Use Amazon GuardDuty to validate configuration changes made to AWS resources

How well did you know this?

Not at all

Perfectly

A user has underutilized on-premises resources. Which AWS Cloud concept can BEST address this Issue?

High availability
Elasticity
Security
Loose coupling

Elasticity

How well did you know this?

Not at all

Perfectly

A user wants a recommendation on how to optimize the cost and performance of their AWS environment?

Which AWS tool can they use?

AWS trusted Advisor
AWS Systems Manager
AWS Config
AWS Service Catalog

AWS trusted Advisor

How well did you know this?

Not at all

Perfectly

A user deploys an Amazon RDS DB instance in multiple Availability Zones. This strategy involves which pillar of the AWS WelI-Architected Framework?

Performance efficiency
Reliability
Cost optimization
Security

Reliability

How well did you know this?

Not at all

Perfectly

A company is considering migrating its applications to AWS. The company wants to compare the cost of running the workload on-premises to running the equivalent workload on the AWS platform.
Which tool can be used to perform this comparison?

AWS Simple Monthly Calculator
AWS Total Cost of Ownership (TCO) Calculator
AWS Billing and Cost Management console
Cost Explorer

AWS Total Cost of Ownership (TCO) Calculator

How well did you know this?

Not at all

Perfectly

A customer runs anOn-Demand Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6 seconds.
For how much time will the customer be billed?

3 hours, 5 minutes
3 hours, 5 minutes, and 6 seconds
3 hours, 6 minutes
4 hours

3 hours, 5 minutes, and 6 seconds

How well did you know this?

Not at all

Perfectly

Which of the following identify and access management entitles is associated with an access key id and secret access key when using AWS command-line interface?

IAM group
IAM user
IAM role
IAM policy

IAM user

How well did you know this?

Not at all

Perfectly

A web application running on AWS has been **spammed** with **malicious** requests from a recurring set of IP addresses. Which AWS **service** can help **secure** the application and **block the malicious** traffic? - AWS IAM - Amazon GuardDuty - Amazon Simple Notification Service (Amazon SNS) - AWS WAF

AWS **WAF**

Which **principles** are used to architect applications for **reliability** on the AWS Cloud? **(Choose two.)** * *-**Design for automated failure recovery - Use multiple Availability Zones - Manage changes via documented processes - Test for moderate demand to ensure reliability - Backup recovery to an on-premises environment

**-Design** for **automated** failure recovery -**Backup recovery** to an on-premises environment

Which AWS service identifies security groups that **allow unrestricted access** to a user’s AWS resources? - AWS CloudTrail - AWS Trusted Advisor - Amazon CloudWatch - Amazon Inspector

AWS Trusted Advisor

What is an AWS Cloud design best practice? Tight coupling of components Single point of failure High availability Overprovisioning of resources

Tight coupling of components

Which AWS service or feature allows a company to visualize, understand, and manage AWS costs and usage over time? AWS Budgets AWS Cost Explorer AWS Organizations Consolidated billing

AWS Cost Explorer

How does AWS MOST effectively reduce computing costs for a growing start-up company? - It provides on-demand resources for peak usage. - It automates the provisioning of individual developer environments. - It automates customer relationship management. - It implements a fixed monthly computing budget.

It provides **on-demand** resources for peak usage.

Under the AWS shared responsibility model, AWS is responsible for which security-related task? Lifecycle management of IAM credentials Physical security of global infrastructure Encryption ofAmazon EBS volumes Firewall configuration

Physical security of global infrastructure

Under the AWS shared responsibility model, customer responsibilities include which one of the following? - Securing the hardware, software, facilities, and networks that run all products and services. - Providing certificates, reports, and other documentation directly to AWS customers under NDA. - Configuring the operating system, network, and firewall. - Obtaining industry certifications and independent third-party attestations.

-Configuring the operating system, network, and firewall.

Which actions support the reliability pillar of the AWS Architected Framework? **(Select TWO.)** * *-**Enforce higher security specifically in regard to designed for failure. - Ensure that backend components include multiple Availability Zone deployments. - Avoid the use of automatic scaling to simplify the cloud architecture. - Enable object versioning within Amazon S3 and replicating data to another AWS Region. - Include an Application Load Balancer to distribute traffic to multiple Amazon EC2 instance in separate Availability Zones

Ensure that **backend** components include multiple Availability Zone deployments. Enable object **versioning** within Amazon S3 and replicating data to another AWS Region.

Which of the following is the responsibility of AWS? - Setting up AWS Identity and Access Management (IAM) users and groups - Physically destroying storage media at end of life - Patching guest operating systems - Configuring security settings on Amazon EC2 instances

-Physically destroying storage media at end of life

What will help a company perform a **cost benefit analysis** of migrating to the AWS Cloud? - Cost Explorer - AWS Total Cost of Ownership (TCO)Calculator - AWS Simple Monthly Calculator - AWS Trusted Advisor

-AWS Total Cost of Ownership (TCO)Calculator

A user needs an automated security assessment report that will **identify** unintended network access to Amazon EC2 instances and vulnerabilities on those instances. Which AWS service will provide this assessment report? - EC2 security groups - AWS Config - Amazon Macie - Amazon Inspector

Amazon Inspector

Which AWS service can be used to generate **alerts** based on an estimated monthly bill? - AWS Config - Amazon CloudWatch - AWS X-Ray - AWS CloudTrail

Amazon **CloudWatch**

Using AWS Identity and Access Management (**IAM**) to grant access only to the resources needed to perform a task is a concept known as: - restricted access. - as-needed access. - least privilege access. - token access

least privilege access.

What function do security groups serve related to Amazon Elastic Compute Cloud (Amazon EC2) instance security? - Act as a virtual firewall for the Amazon EC2 instance. - Secure AWS user accounts with AWS Identity and Access Management (IAM) policies. - Provide DDoS protection with AWS Shield. - Use Amazon CloudFront to protect the Amazon EC2 instance

-Act as a virtual firewall for the Amazon EC2 instance.

What does AWS Shield Standard provide? WAFrules DDoS protection Identity and Access Management (IAM) permissions and access to resources Data encryption

**DDoS** protection

which of the following acts as a virtual firewall at the amazon ec2 instance level to **control traffic** for one or more instances? Access keys Virtual private gateways Security groups Access Control Lists (ACL)

Security groups

Which of the following provides the ability to share the cost benefits of Reserved Instances across AWS accounts? - AWS Cost Explorer between AWS accounts - Linked accounts and consolidated billing - Amazon Elastic Compute Cloud (Amazon EC2) Reserved Instance Utilization Report - Amazon EC2 Instance Usage Report between AWS accounts

Linked accounts and consolidated billing

What is the value of using **third-party** software from **AWS Marketplace** instead of installing third-party software on Amazon EC2? **(Choose two.)** - Users pay for the software by the hour or month depending on licensing. - AWS Marketplace enables the user to launch applications with 1-Click. - AWS Marketplace data encryption is managed by a third-party vendor. - AWS Marketplace eliminates the need toupgrade to newer software versions. - Users can deploy third-party software without testing

Users pay for the software **by the hour** or month depending on licensing. AWS Marketplace enables the user to **launch applications** with **1-Click**.

A company has **multiple** AWS **accounts** and wants to simplify and consolidate its billing process. Which AWS service will achieve this? - AWS Cost and Usage Reports - AWS Organizations - AWS Cost Explorer - AWS Budgets

AWS Organizations

Which AWS service enables users to **consolidate** billing across **multiple** accounts? Amazon QuickSight AWS Organizations AWS Budgets Amazon Forecast

AWS Organizations

What is one of the customer's responsibilities according to the AWS shared responsibility model? Virtualization infrastructure Network infrastructure Application security Physical security of hardware

Application security

A company is migrating from on-premises data centers to the AWS cloud and is looking for hands-on help with the project. How can the company get this support? **(Select Two.)** * *-**Ask for a quote from the AWS Marketplace team to perform a migration into the company's AWS accounts - Contact AWS Support and open a case for assistance - Use AWS professional services to provide and to set up and AWS Landing Zone in the company's AWS account - Select a partner from the AWS Partner Network (APN) to assist with the migration. - Use Amazon Connect to create a new request for proposal (RFP) for export assistance in migrating to the AWS Cloud

**Contact** AWS Support and open a case for assistance **Select** a partner from the AWS Partner Network (APN) to assist with the migration

A startup is working on a new application that needs to go to market quickly. The application requirements may need to be adjusted in the near future. Which of the following is a characteristic of the AWS Cloud that would meet this specific need? Elasticity Reliability Performance Agility

Agility

Which of the following services is a **MySQL**-compatible database that automatically grows storage as needed? Amazon Elastic Compute Cloud (Amazon EC2) Amazon Relational Database Service (Amazon RDS) for MySQL Amazon Lightsail Amazon Aurora

Amazon **Aurora**

What is the benefit of loose coupling as a principle of cloud architecture design? It facilitates low-latency request handling. It allows applications to have dependent workflows. It prevents cascading failures between different components. It allows companies to focus on their physical data center operations

It prevents cascading failures between different components.

Which service’s PRIMARY purpose is software version control? Amazon CodeStar AWS Command Line Interface (AWS CLI) Amazon Cognito AWS CodeCommit

AWS **CodeCommit**

Which tasks are the customer's responsibility in the AWS shared? **(Select TWO)** Infrastructure facilities access management Cloud infrastructure hardware lifecycle management Configuration management of user's applications Networking infrastructure protection Security groups configuration

Configuration management of user's applications Security groups configuration

A user is running an application on AWS and notices that one or more AWS-owned IP addresses is involved in a distributed denial-of-service (DDoS) attack. Who should the user contact FIRST about this situation? AWS Premium Support AWSTechnical Account Manager AWS Solutions Architect AWS Abuse team

AWS Abuse team

Which AWS services provide a way to extend an on-premises architecture lo the AWS Cloud? **(Select TWO )** Amazon EBS AWS Direct Connect Amazon CloudFront AWS Storage Gateway Amazon Connect

AWS Direct Connect AWS Storage Gateway

Acompany wants to migrate an **MYSQL** database to AWS but _does not have the budget for Database Administrators_ to handle routine tasks including provisioning, patching, and performing backups? Which AWS service will support this use case? - Amazon RDS - Amazon DynamoDB - Amazon DocumentDB - Amazon ElasttiCache

Amazon DynamoDB

A system in the AWS Cloud is designed to withstand the failure of one or more components. What is this an example of? Elasticity High Availability Scalability Agility

Agility

What is an example of high availability in the AWS Cloud? Consulting AWS technical support at any time day or night Ensuring an application remains accessible, even if a resource fails Making any AWS service available for use by paying on demand Deploying in any part of the world using AWS Regions

Ensuring an application remains accessible, even if a resource fails

A company with a Developer-level AWS Support plan provisioned an Amazon RDS database and cannot to it. Who should the developer contact for this level of support? AWS Support using a support case AWS Professional Services AWS Technical Account Manager AWS consulting partners

AWS Support using a support case

Which of the following is an AWS database service? Amazon Redshift Amazon Elastic Block Store (Amazon EBS) Amazon S3Glacier AWS Snowball

Amazon Redshift

Why should a company choose AWS instead of a traditional data center? AWS provides users with full control over the underlying resources. AWS does not require long-term contracts and provides a pay-as-you-go model. AWS offers edge locations in every country, supporting global reach. AWS has no limits on the number of resources that can be created.

AWS does not require long-term contracts and provides a pay-as-you-go model

Which of the following are advantages of the AWS cloud? **(Select TWO)** AWS manages the maintenance of the cloud infrastructure. AWS manages the security of application built on AWS. AWS manages capacity planning for physical servers. AWS manages the development of applications on AWS. AWS manages cost planning for virtual servers.

AWS manages the **maintenance** of the cloud infrastructure. AWS manages **capacity** planning for physical servers.

A company requires a **dedicated** network **connection** between its on-premises servers and the AWS Cloud. Which AWS service should be used? AWS VPN AWS Direct Connect Amazon API Gateway Amazon Connect

AWS Direct Connect

A company that does business online needs to quickly deliver new functionality in an iterative manner, minimizing the time to market Which AWS Cloud feature can provide this? Elasticity High availability Agility Reliability

Agility

which of the following are benefits of running a database on amazon rds compared to an on premises database? **(Select TWO)** RDS backup are managed by AWS RDS supports any relational database RDS has no database engineer licensing costs. RDS database compute capacity can be easily scaled. RDS inbound traffic content (for example, security groups) is managed by AWS.

RDS backup are **managed by AWS** RDS has **no** database engineer **licensing costs.**

Which service should be used to estimate the costs of running a new project on AWS? AWS TCO Calculator AWS Simple Monthly Calculator AWS Cost Explorer API AWSBudgets

AWS Cost Explorer API

Under the AWS shared responsibility model, which of the following are customer responsibilities? **(Select TWO.)** Setting up server-side encryption on an Amazon S3 bucket Amazon RDS instance patching Network and firewall configurations Physical security of data center facilities Compute capacity availability

Network and firewall configurations Compute capacity availability

What does AWS Shield Standard provide? WAF rules DDoS protection Identity and Access Management (IAM) permissions and access to resources Data encryption

DDoS protection

Each department within a company has its own independent AWS account and its own payment method New company leadership wants to centralized departmental governance and consolidate payments How can this be achieved using AWS services or features? - Forward monthly invoices for each account Then create 1AM roles to allow cross-account access - Create a new AWS account Then configure AWS Organizations and invite all 0 existing accounts to join. - Configure AWS Organizations in each of the existing accounts Then link all accounts together - Use Cost Explorer to combine costs from all accounts Then replicate I AM policies across accounts

Create a new AWS account Then configure AWS Organizations and invite all 0 existing accounts to join.

Which AWS service controls permissions to the AWS management console? Amazon Connect AWS IAM AWS Direct Connect AmazonRecognition

AWS IAM

Which managed AWS service provides real-time guidance on AWS security best practices? AWS X-Ray AWS Trusted Advisor Amazon CloudWatch AWS Systems Manager

AWS Trusted Advisor

Which AWS service provides a secure, fast, and cost-effective way to migrate or transport exabyte-scale datasets into AWS? AWS Batch AWS Snowball AWS Migration Hub AWS Snowmobile

AWS Snowmobile

Which load balancer types are available with Elastic Load Balancing (ELB)? **(Choose two.)** Public load balancers with AWS Application Auto Scaling capabilities F5Big-IP and Citrix NetScaler load balancers Classic Load Balancers Cross-zone load balancers with public and private IPs Application Load Balancers

Public load balancers with AWS Application Auto Scaling capabilities Application Load Balancers

What is the MINIMUM AWS Support plan that provides designated Technical Account Managers? Enterprise Business Developer Basic

Enterprise

Which Amazon Virtual Private Cloud (Amazon **VPC**) feature enables users to connect **two** VPCs **together**? Amazon VPC endpoints Amazon Elastic Compute Cloud (Amazon EC2) ClassicLink Amazon VPC peering AWS Direct Connect

Amazon VPC peering

Which AWS support plan provides access to architectural and operational reviews as well as 24/7 access to senior cloud support engineers through email, online chat, and phone? Basic Business Developer Enterprise

Enterprise

What are the advantages of Reserved Instances? **(Choose two.)** They provide a discount over on-demand pricing. They provide access to additional instance types. They provide additional networking capability. Customers can upgrade instances as new types become available. Customers can reserve capacity in an Availability Zone.

They provide a discount over on-demand pricing. Customers can reserve capacity in an Availability Zone.

Which services use AWS edge locations? **(Choose two.)** Amazon CloudFront AWS Shield Amazon EC2 Amazon RDS Amazon ElastiCache

Amazon CloudFront Amazon ElastiCache

What is an AWS Identity and Access Management (IAM) role? A user associated with an AWS resource A group associated with an AWS resource An entity that defines a set of permissions for use with an AWS resource An authentication credential associated with a multi-factor authentication (MFA) token

An entity that defines a set of permissions for use with an AWS resource

Which of the following AWS services provide compute resources? **(Choose two.)** AWS Lambda Amazon Elastic Container Service (Amazon ECS) AWS CodeDeploy Amazon Glacier AWS Organizations

AWS Lambda Amazon Elastic Container Service (Amazon ECS)

Which Amazon EC2 principle model offers the MOST significant discount when compared to On-Demand Instances? Partial Upfront Reserved Instances for a 1-year term All Upfront Reserved Instances for a 1-year term All Upfront Reserved Instances for a 3-year term No Upfront Reserved Instances for a 3-year term

**All Upfront** Reserved Instances tor a **3 year term**

Which tool is used to forecast AWS spending? AWS Trusted Advisor AWS Organizations Cost Explorer Amazon Inspector

Cost Explorer

Which service enables customers to audit and monitor changes in AWS resources? AWS Trusted Advisor Amazon GuardDuty Amazon Inspector AWS Config

AWS Config

A director has been tasked with investigating hybrid cloud architecture. The company currently accesses AWS over the public internet. Which service will facilitate private hybrid connectivity? Amazon Virtual Private Cloud (Amazon VPC) NAT Gateway AWS Direct Connect Amazon Simple Storage Service (Amazon S3) Transfer Acceleration AWS Web Application Firewall (AWS WAF)

AWS Direct Connect

Which Amazon RDS feature can be used to achieve high availability? Multiple Availability Zones Amazon Reserved Instances Provisioned IOPS storage Enhanced monitoring

Multiple Availability Zones

An architect design includes Amazon EC2, an Elastic Load Balancer, and Amazon RDS. What is the BEST way to got a monthly cost estimation for this architecture? - Open an AWS Support case, provide the architecture proposal, and ask for monthly cost estimation. - Use the published prices of the AWS services and calculate the monthly estimate. - Use the AWS Simple Monthly Calculator to estimate the monthly cost. - Use the AWS Total Cost of Ownership (TCO) Calculator to estimate the monthly cost.

Use the AWS Simple Monthly Calculator to estimate the monthly cost

Which AWS service enables users to securely connect to AWS resources over the public internet? Amazon VPS peering AWS Direct Connect AWS VPN Amazon Pinpoint

AWS VPN

when building a cloud total cost of ownership model which cost elements should be considered for workload running on AWS? **(Select Three.)** - Compute costs - Facilities costs - Storage costs - Data transfer costs - Network infrastructure costs - Hardware lifecycle costs

Compute costs Storage costs Hardware lifecycle costs

Which of the following allows users to provision a dedicated network connection from their internal network to AWS? AWSCloudHSM AWS Direct Connect AWS VPN Amazon Connect

AWS Direct Connect

Which of the following AWS services can be used to run a self-managed database? Amazon Route 53 AWS X-Ray AWS Snowmobile Amazon Elastic Compute Cloud(Amazon EC2)

Amazon Elastic Compute Cloud(Amazon EC2)

which amazon ec2 pricing model should be used to comply with per-core software license requirements? Dedicated Hosts On-Demand Instances Spot Instances Reserved Instances

Reserved Instances

What helps a company provide a lower latency experience to its users globally? Using an AWS Region that is central to all users Using a second Availability Zone in the AWS Region that is using used Enabling caching in the AWS Region that is being used Using edge locations to put content closer to all users

Using an AWS Region that is central to all users

What is the responsibility of AWS in the shared responsibility model? - Updating the network ACLs to block traffic to vulnerable ports. - Patching operating systems running on Amazon EC2 instances. - Updating the firmware on the underlying EC2 hosts. - Updating the security group rules to block traffic to the vulnerable ports

Updating the firmware on the underlying EC2 hosts.

After selecting an Amazon EC2 Dedicated Host reservation, which pricing option would provide the largest discount? No upfront payment Hourly on-demand payment Partial upfront payment All upfront payment

All upfront payment

Which AWS service is suitable for an event driven workload? Amazon EC2 AWS Elastic Beanstalk AWS Lambda Amazon Lumberyard

AWS Elastic Beanstalk

Which AWS services may be scaled using AWS auto scaling? **(Select TWO)** Amazon EC2 Amazon DynamoDB Amazon S3 Amazon Route 53 Amazon Redshift

Amazon DynamoDB Amazon Redshift

Which AWS service enables users to deploy infrastructure as code by automating the process of provisioning resources? Amazon GameLift AWS CloudFormation AWS Data Pipeline AWS Glue

AWS CloudFormation

What is an advantage of using the AWS Cloud over a traditional on-premises solution? **(Select TWO)** Users do not have to guess about future capacity needs. Users can utilize existing hardware contracts for purchases. Users can fix costs no matter what their traffic is. Users can avoid audits by using reports from AWS

Users do not have to guess about future capacity needs. Users can fix costs no matter what their traffic is.

Which of the following are benefits of hosting infrastructure in the AWS Cloud? **(Choose two.)** - There are no upfront commitments. - AWS manages all security in the cloud. - Users have the ability to provision resources on demand. - Users have access to free and unlimited storage. - Users have control over the physical infrastructure

AWS manages all security in the cloud. -Users have the ability to provision resources on demand.

Which AWS tool will identify security groups that grant unrestricted Internet access to a limited list of ports? AWS Organizations AWSTrusted Advisor AWS Usage Report Amazon EC2 dashboard

Amazon EC2 dashboard

Which benefit of the AWS Cloud supports matching the supply of resources with changing workload demands? Security Reliability Elasticity High availability

Elasticity

What feature of Amazon RDS helps to create globally redundant databases? Snapshots Automatic patching and updating Cross-Region read replicas Provisioned IOPS

Snapshots

Which of the following are AWS best practices? **(Select TWO.)** - Enable AWS Multi-Factor Authentication (AWS MFA) for users. - Enable access key sharing among users. - Use the inline policies instead of user managed policies. - Configure strong password policies for users. - Avoid rotating credentials.

Enable AWS Multi-Factor Authentication (AWS MFA) for users. -Use the inline policies instead of user managed policies.

Which services manage and automate application deployment on AWS? **(Select TWO.)** AWS Elastic Beanstalk AWS CodeCommit AWS Data Pipeline AWSCloudFormation AWS Config

AWS CodeCommit AWS Data Pipeline

A company wants to build its new application workloads in the AWS Cloud instead of using on-premises resources. What expense can be reduced using the AWS Cloud? - The cost of writing custom-built Java or Node .js code - Penetration testing for security - hardware required to support new applications - Writing specific test cases for third-party applications

hardware required to support new applications

What is an AWS cloud design best practice? Tight coupling of components Single point of failure High availability Overprovisioning of resources

Single point of failure

Which design principle should be considered when architecting in the AWS Cloud? - Think of servers as non-disposable resources. - Use synchronous integration of services. - Design loosely coupled components - Implement the least permissive rules for security groups

Design loosely coupled components

When comparing AWS with on-premises Total Cost of Ownership (TCO), what costs are included? Data center security Business analysis Project management Operating system administration

Data center security

Under the AWS shared responsibility model, which of the following is an example of security in the AWS Cloud? Managing edge locations Physical security Firewall configuration Global infrastructure

Physical security

which AWS tools or services can be used to list all AWS Lambda functions running in an account? AWS CLI AWS CloudFormation AWS SDKs AWS CloudTrail Amazon Cloud Directory

AWS CLI AWS SDKs

Which AWS service identifies security groups that allow unrestricted access to the AWS resources? AWS Trusted Advisor Amazon Inspector Amazon CloudWatch AWSCloudTrail

Amazon Inspector

Which AWS service securely delivers data, videos, applications, and APIS to users globally with low latency and high transfer speeds? AWSCloudFormation Amazon CloudFront Amazon Pinpoint Amazon Redshift

Amazon CloudFront

Which requirement must be met for a member account to be unlinked from an AWS organization account? - The linked account must be activity compliant with AWS System and Organization Controls (SOC) - The payer and the linked account both create AWS Support cases to request that the member account be unlinked from the organization. - The monitor account must meet the requirements of a standalone account. - The payer account must be used to remove the linked account from the organization

The **payer account** must be used to remove the linked account from the organization

A user needs to automatically discover, classify, and protect sensitive data stored in Amazon S3 Which AWS service can meet these requirements? Amazon Inspector Amazon Macie Amazon GuardDuty AWS Secrets Manager

Amazon Macie

Which of the following allows AWS users to manage cost allocates for billing? Tagging resources Limiting who can create resources Adding a secondary payment method Running all operation on a single AWS account

Tagging resources

On demand reserved and spot instances belong to which principle of cloud architecture design? Performance Removing single points of failure Loose coupling Optimizing for cost

Optimizing for cost

Which methods can be used to identify AWS costs by departments? **(Choose two.)** - Enable multi-factor authentication for the AWS account root user. - Create separate accounts for each department. - Use Reserved Instances whenever possible. - Use tags to associate each instance with a particular department. - Pay bills using purchase orders

Create separate accounts for each department. Pay bills using purchase orders

What are the immediate benefits of using the AWS Cloud? **(Choose two.)** Increased IT staff. Capital expenses are replaced with variable expenses. User control of infrastructure. Increased agility. AWS holds responsibility for security in the cloud.

User control of infrastructure. Increased agility.

which AWS service is used t automate configuration management using Chef and puppet? AWS Config AWS OpsWorks AWSCloudFormation AWS Systems Manager

AWS OpsWorks

A company is considering moving its on-premises data center to AWS. What factors should be included in doing a Total Cost of Ownership (TCO) analysis? **(Choose two.)** Amazon EC2 instance availability Power consumption of the data center Labor costs to replace old servers Application developer time Database engine capacity

Power consumption of the data center Labor costs to replace old servers

What does it mean to grant the least privilege to AWS IAM users? It is granting permissions to a single user only It is granting permissions using AWS IAM policies only. It is granting AdministratorAccess policy permissions to trustworthy users. It is granting only the permissions required to perform a given task

It is granting **only the permissions** required to perform a given task

A company is designing an application hosted in a single AWS Region serving end-users spread across the world. The company wants to provide the end-users low latency access to the application data. Which of the following services will help fulfill this requirement? - Amazon CloudFront - AWS Direct Connect - Amazon Route 53 global DNS - Amazon Simple Storage Service (Amazon S3) transfer acceleration

AWS Direct Connect

Which AWS hybrid storage service enables your on-premises applications to seamlessly use AWS Cloud storage through standard file-storage protocols? AWS Direct Connect AWS Snowball AWS Storage Gateway AWS Snowball Edge

AWS Storage Gateway

Which of the following deployment models enables customers to fully trade their capital IT expenses for operational expenses? On-premises Hybrid Cloud Platform as a service

Cloud

Which feature adds elasticity to Amazon EC2 instances to handle the changing demand for workloads? Resource groups Lifecycle policies Application Load Balancer Amazon EC2 Auto Scaling

Amazon EC2 Auto Scaling

Under the AWS shared responsibility model the customer manages which of the following? **(Select TWO)** - Decommissioning of physical storage devices. - Security group and ACL configuration - Patch management of an Amazon RDS instance operating system - Controlling physical access to data centers - Patch management of an Amazon EC2 instance operating system

**Security group** and ACL configuration **Patch** management of an Amazon **EC2** instance **operating system**

Which AWS feature or service can be used to capture information about incoming and outgoing traffic in an AWS VPC infrastructure? AWS Config VPC Flow Logs AWSTrusted Advisor AWS CloudTrail

VPC Flow Logs

Which of the following is an important architectural principle when designing cloud applications? - Store data and backups in the same region. - Design tightly coupled system components. - Avoid multi-threading. - Design for failure

Design for failure

Which situation should be reported to the AWS abuse team? - An Availability Zone has a service disruption. - An intrusion attempt is made from an AWS IP address - A user has trouble accessing an Amazon S3 bucket from an AWS IP address - A user needs to change payment methods due to a compromise

An intrusion attempt is made from an AWS IP address

What is AWS Trusted Advisor? ## Footnote - It is an AWS staff member who provides recommendations and best practices on how to use AWS. - It is a network of AWS partners who provide recommendations and best practices on how to use AWS. - It is an online tool with a set of automated checks that provide recommendations on cost optimization, performance, and security. - It is another name for AWS Technical Account Managers who provide recommendations on cost optimization, performance, and security

It is an **online tool** with a set of automated checks that provide recommendations on cost optimization, performance, and security.

According to the AWS shared responsibility model who is responsible for configuration? - It is solely responsible of the customer - It is solely the responsibility of AWS - It is shared between AWS and the customer - It is not part of the AWS shared responsibility model

It is shared between AWS and the customer.

A company wants to monitor the CPU usage of its Amazon EC2 resources. Which AWS service should the company use? AWS CloudTrail Amazon CloudWatch AWS Cost and Usage report Amazon SimpleNotification Service (Amazon SNS)

Amazon CloudWatch

What AWS service would be used to centrally manage AWS access across multiple accounts? - AWS Service Catalog - AWS Config - AWS TrustedAdvisor - AWS Organizations

AWS Organizations

Which of the following is an AWSWell-Architected Framework design principle related to reliability? Deployment to a single Availability Zone Ability to recover from failure Design for cost optimization Perform operations as code

Ability to recover from failure

Where can a user find a catalog of AWS recognized providers of **third party** security solutions? AWS Service Catalog AWS Marketplace AWS Quick Start AWS CodeDeploy

AWS Marketplace

What exclusive benefit is provided to users with Enterprise Support? Access to a Technical Project Manager Access to a Technical Account Manager Access to a Cloud Support Engineer Access to a Solutions Architect

Access to a Cloud Support Engineer

Which AWS service allows users to provision infrastructure as code? AWS CodeBuild AWS CloudFormation AWS Organizations AWS CodeCommit

AWS CloudFormation

Which AWS service needs to be enabled to track all user account changes within the AWS Management Console? AWS CloudTrail Amazon Simple Notification Service (Amazon SNS) VPC Flow Logs AWS CloudHSM

AWS CloudTrail

A Cloud Practitioner is asked how to estimate the cost of using a new application on AWS. What is the MOST appropriate response? - Inform the user that AWS pricing allows for on-demand pricing. - Direct the user to the AWS Simple Monthly Calculator for an estimate. - Use Amazon QuickSight to analyze current spending on-premises. - Use Amazon AppStream 2.0 for real-time pricing analytics

Direct the user to the AWS Simple Monthly Calculator for an estimate

Which AWS service offers on-demand access to AWS security and compliance reports? AWS CloudTrail AWS Artifact AWS Health Amazon CloudWatch

AWS Artifact

How does AWS charge for AWS Lambda? - Users bid on the maximum price they are willing to pay per hour. - Users choose a 1-, 3- or 5-year upfront payment term. - Users pay for the required permanent storage on a file system or in a database. - Users pay based on the number of requests and consumed computing resources.

-Users pay based on the number of requests and consumed computing resources.

Which tool can be used to compare the costs of running a web application in a traditional hosting environment to running it on AWS? AWS Cost Explorer AWS Budgets AWS Cost and Usage report AWS Total Cost of Ownership (TCO) Calculator

AWS Total Cost of Ownership (TCO) Calculator

Which of the following is an advantage of using AWS? AWS audits user data. Data is automatically secure. There is no guessing on capacity needs. AWS manages compliance needs.

There is no guessing on capacity needs.

Which of the following is a component of the AWS Global infrastructure? Amazon Alexa AWS Regions Amazon Lightsail AWSOrganizations

AWS Regions

When designing a typical three-tier web application which AWS services and for features improve availability and reduce the impact failures? AWS Auto Scaling for Amazon for amazon EC2 instances. **(Select TWO)** - Amazon VPC subnet ACLs check the health of a service. - Distributed resources across multiple Availability Zones. - AWS Server Migration Service (AWS SMS) to move Amazon EC2 instance into a different Region. - Distributed resources across multiple AWS points of presence

- Amazon VPC subnet ACLs check the health of a service. - AWS Server Migration Service (AWS SMS) to move Amazon EC2 instance into a different

Under the AWS shared responsibility model, customers are responsible for which aspects of security in the cloud? **(Choose two.)** - Visualization management - Hardware management - Encryption management - Facilities management - Firewall management

Encryption management Firewall management

Which AWS service is a long term archiving solution? Amazon S3 Glacier Amazon S3 Amazon EFS AWS Storage Gateway

Amazon S3 Glacier

Which service would provide network connectivity in a hybrid architecture that includes the AWS Cloud? Amazon VPC AWS Direct Connect AWS Directory Service Amazon API Gateway

Amazon VPC

How is asset management on AWS easier than asset management in a physical data center? - AWS provides a Configuration Management Database that users can maintain. - AWS performs infrastructure discovery scans on the customer’s behalf. - Amazon EC2 automatically generates an asset report and places it in the customer’s specified Amazon S3 bucket. - Users can gather asset metadata reliably with a few API calls.

-AWS performs infrastructure discovery scans on the customer’s behalf.

Which AWS service can a customer use to set up an alert notification when the account is approaching a particular dollar amount? AWS Cost and Usage reports AWS Budgets AWS Cost Explorer AWS Trusted Advisor

AWS Budgets

Which AWS services provide a quick and automated way to create and manage AWS accounts? AWS QuickSight Amazon Lighsil AWS Organizations Amazon Connect

AWS Organizations

When comparing AWS with on-premises Total Cost of Ownership (TCO), what costs are included? Data center security Business analysis Project management Operating system administration

Data center security