Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Certify for Sure > Topic 4 > Flashcards

Topic 4 Flashcards

1
Q 
Which of the following is a component of the AWS Global infrastructure?
A. Amazon Alexa
B. AWS Regions
C. Amazon Lightsail
D. AWSOrganizations
A

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
where can user find a catalog of AWS recognized providers of third party security solutions?
A. AWS Service Catalog
B. AWS Marketplace
C. AWS Quick Start
D. AWS CodeDeploy
A

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following AWS services can be used to run a self-managed database?
A. Amazon Route 53
B. AWS X-Ray
C. AWS Snowmobile
D. Amazon Elastic Compute Cloud(Amazon EC2)

A

Answer: D
Explanation:
Reference: https://severalnines.com/news/aws-users-prefer-self-managed-databases
4.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
when a company provisions web servers in multiple aws region what is being increased?
A. Coupting
B. Availability
C. Security
D. Durability
A

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
After selecting an Amazon EC2 Dedicated Host reservation, which pricing option would provide the largest
discount?
A. No upfront payment
B. Hourly on-demand payment
C. Partialupfront payment
D. All upfront payment
A

Answer: D
Explanation:
Reference: https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which AWS hybrid storage serviceenables your on-premises applications to seamlessly use AWS Cloud
storage through standard file-storage protocols?
A. AWS Direct Connect
B. AWS Snowball
C. AWS Storage Gateway
D. AWS Snowball Edge

A

Answer: C
The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and
the AWS Cloud. It seamlessly integrates on-premises enterprise applications and workflows with Amazon’s
block and object cloud storage services through industry standard storage protocols. It provides low-latency
performance by caching frequently accessed data on premises, while storing data securely and durably in
Amazon cloud storage services. It provides an optimized data transfer mechanism and bandwidth
management, which tolerates unreliable networksand minimizes the amount of data being transferred. It
brings the security, manageability, durability, and scalability of AWS to existing enterprise environments
through native integration with AWS encryption, identity management, monitoring, and storage services.
Typical use cases include backup and archiving, disaster recovery, moving data to S3 for in-cloud
workloads, and tiered storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a responsibility of AWS in theshared responsibility model?
A. Updating the network ACLs to block traffic to vulnerable ports.
B. Patching operating systems running on Amazon EC2 instances.
C. Updating the firmware on the underlying EC2 hosts.
D. Updating the security group rules toblock traffic to the vulnerable ports.

A

Answer: C
Explanation:
Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
What exclusive benefit is provided to users with Enterprise Support?
A. Access to a Technical Project Manager
B. Access to a Technical Account Manager
C. Access to a Cloud Support Engineer
D. Access to a Solutions Architect
A

Answer: C
Explanation:
Reference: https://aws.amazon.com/premiumsupport/plans/enterprise/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
Which service would provide network connectivity in a hybrid architecture that includes the AWS Cloud?
A. Amazon VPC
B. AWS Direct Connect
C. AWS Directory Service
D. Amazon API Gateway
A

Answer: A. Suena raro deberia de ser AWS Direct Connect, la VPC no sale del cloud al on prem revisar

Explanation:
Amazon Virtual Private Cloud (Amazon VPC) is a logically isolated, private section of the AWS Cloud to
launch resources in a virtual data center in the cloud. Amazon VPC allows you to leverage multiple
Availability Zones (AZ) within a region sothat you can build greater fault tolerance within your workloads.
You have complete control.
Reference:
https://aws.amazon.com/blogs/publicsector/aws-networking-capabilities-gives-you-choices-for-hybrid-clou
d-co

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is an AWS database service?
A. Amazon Redshift
B. Amazon Elastic Block Store (Amazon EBS)
C. Amazon S3Glacier
D. AWS Snowball

A

Answer: A
Explanation:
Reference: https://www.sisense.com/glossary/redshift-database/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which AWS service needs to be enabled to track all user account changes within the AWS Management
Console?
A. AWS CloudTrail
B. Amazon Simple Notification Service (Amazon SNS)
C. VPC Flow Logs
D. AWS CloudHSM

A

Answer: A
Explanation:
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of
your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related
to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity,
including actions taken through the AWS Management Console, AWS SDKs, command line tools, and
other AWS services. Thisevent history simplifies security analysis, resource change tracking, and
troubleshooting. In addition, you can use CloudTrail to detect unusual activity in your AWS accounts. These capabilities help simplify operational analysis and troubleshooting.
Reference: https://aws.amazon.com/cloudtrail/
12.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q 
Which of the following deployment models enables customers to fully trade their capital IT expenses for
operational expenses?
A. On-premises
B. Hybrid
C. Cloud
D. Platform as a service
A

Answer: C
Explanation:
The cloud allows you to trade capital expenses (such as data centers and physical servers) for variable
expenses, and only pay for IT as you consume it. Plus, the variable expenses aremuch lower than what you
would pay to do it yourself because of the economies of scale.
Reference: https://aws.amazon.com/what-is-cloud-computing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How is asset management on AWS easier than asset management in a physical data center?
A. AWS provides a Configuration Management Database that users can maintain.
B. AWS performs infrastructure discovery scans on the customer’s behalf.
C. Amazon EC2 automatically generates an asset report and places it in the customer’s specified Amazon
S3 bucket.
D. Users can gather asset metadata reliably with a few API calls.

A

Answer: B
Explanation:
AWS assets are centrally managed through an inventory management system that stores and tracks owner,
location, status, maintenance, and descriptive information for AWS-owned assets. Following procurement,
assets are scanned and tracked, and assets undergoing maintenance are checked and monitored for
ownership, status, and resolution.
Reference: https://aws.amazon.com/compliance/data-center/controls/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A company wants to monitor the CPU usage of its Amazon EC2 resources. Which AWS service should the
company use?
A. AWS CloudTrail
B. Amazon CloudWatch
C. AWS Cost and Usage report
D. Amazon SimpleNotification Service (Amazon SNS)

A

Answer: B
Explanation:
With Basic monitoring you get data on your cloudwatch metrics every 5 minutes. Enabling detailed
monitoring, you will get the data every one minute.
To check if detailed monitoring is enabled, on your EC2 Console, Select the instance, on the lower plane,
Select Monitoring.
Reference: https://forums.aws.amazon.com/thread.jspa?threadID=263876

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which ofthe following are AWS best practices? (Select TWO.)
A. Enable AWS Multi-Factor Authentication (AWS MFA) for users.
B. Enable access key sharing among users.
C. Use the inline policies instead of user managed policies.
D. Configure strong password policiesfor users.
E. Avoid rotating credentials.

A

Answer: A C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q 
whch amazon ec2 pricingmodel should be used to comply with per core software license requirements?
A. Dedicated Hosts
B. On-Demand Instances
C. Spot Instances
D. Reserved Instances
A

Answer: D

Confirmar

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
    • (Exam Topic 4)
      Which management service can be used to set alarms for AWS resources?
      A. Amazon CloudWatch
      B. Amazon Simple Notification Service (Amazon SNS)
      C. Amazon Simple Email Service (Amazon SES)
      D. AWS CloudTrail
A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q 
Using AWS Identity and Access Management (IAM) to grant access only to the resources needed to
perform a task is a concept known as:
A. restricted access.
B. as-needed access.
C. least privilege access.
D. token access
A

Answer: C
Explanation:
When you create IAM policies, follow the standard security advice of granting least privilege, or granting
only the permissions required to perform a task. Determine what users (and roles) need to do and then
craftpolicies that allow them to perform only those tasks.
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

According to the AWS shared responsibility model who ts responsible for configuration management?
A. It is solely the responsibility of the customer.
B. It is solely the responsibility of AWS.
C. It is shared between AWS and the customer.
D. It is not part of the AWS sharedresponsibility model.

A

Answer: C
Explanation:
AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring
their own guest operating systems, databases, and applications.
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q 
Which Amazon RDS feature can be used to achieve high availability?
A. Multiple Availability Zones
B. Amazon Reserved Instances
C. Provisioned IOPS storage
D. Enhanced monitoring
A

Answer: A
Explanation:
Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments.
Amazon RDS uses several different technologies to provide failover support. Multi-AZ deployments for
Oracle, PostgreSQL, MySQL, and MariaDB DB instances use Amazon’s failover technology. SQL Server
DB instances use SQL Server Database Mirroring (DBM).
Reference: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q 
Which service should be used to estimate the costs of running a new project on AWS?
A. AWS TCO Calculator
B. AWS Simple Monthly Calculator
C. AWS Cost Explorer API
D. AWSBudgets
A

Answer: C
Explanation:
To forecast your costs, use the AWS Cost Explorer. Use cost allocation tags to divide your resources into
groups, and then estimate the costs for each group.
Reference:https://aws.amazon.com/premiumsupport/knowledge-center/estimating-aws-resource-costs/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which AWS service is a content delivery network that securely delivers data, video, and applications to
users globally with low latency and high speeds?
A. AWS CloudFormation
B. AWS Direct Connect
C. AmazonCloudFront
D. Amazon Pinpoint

A

Explanation:
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos,
applications, and APIs to customers globally with low latency, high transfer speeds, all within
adeveloper-friendly environment. CloudFront is integrated with AWS – both physical locations that are
directly connected to the AWS global infrastructure, as well as other AWS services.
Reference: https://aws.amazon.com/cloudfront/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q 
Where should users report that AWS resources are being used for malicious purposes?
A. AWS Abuse team
B. AWS Shield
C. AWS Support
D. AWS Developer Forums
A

Answer: A
Explanation:
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q 
When comparing AWS with on-premises Total Cost of Ownership (TCO), what costs are included?
A. Data center security
B. Business analysis
C. Project management
D. Operating system administration
A

Answer: A
Explanation:
Reference: https://www.awstcocalculator.com/Output/Load/f85bbf7e131446643911859504

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What tasks should a customer perform whenthat customer suspects an AWS account has been
compromised? (Choose two.)
A. Rotate passwords and access keys.
B. Remove MFA tokens.
C. Move resources to a different AWS Region.
D. Delete AWS CloudTrail Resources.
E. Contact AWS Support.

A

Answer: A E
Explanation:
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q 
Which aws services may be scaled using aws auto scaling?
A. Amazon EC2
B. Amazon DynamoDB
C. Amazon S3
D. Amazon Route 53
E. Amazon Redshift
A

Answer: B E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q 
Which AWS service is a long term archiving solution?
A. Amazon S3 Glacier
B. Amazon S3
C. Amazon EFS
D. AWS Storage Gateway
A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which situation should be reported to the aws abuse team?
A. AnAvailability Zone has a service disruption.
B. An intrusion attempt is made from an AWS IP address
C. A user has trouble accessing an Amazon S3 bucket from an AWS IP address
D. A user needs to change payment methods due to a compromise.

A

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q 
which aws service allows users to provision infrastructure as code?
A. AWS CodeBuild
B. AWS CloudFormation
C. AWS Organizations
D. AWS CodeCommit
A

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Each department within a company has its own independent AWS account and its own payment method
New company leadership wants to centralizedepartmental governance and consolidate payments.
How can this be achieved using AWS services or features?
A. Forward monthly invoices for each account Then create 1AM roles to allow cross-account access
B. Create a new AWS account Then configure AWS Organizations and invite all 0 existing accounts to join.
C. Configure AWS Organizations in each of the existing accounts Then link all accounts together
D. Use Cost Explorer to combine costs from all accounts Then replicate I AM policies across accounts.

A

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Why should a company choose AWS instead of a traditional data center?
A. AWS provides users with full control over the underlying resources.
B. AWS does not require long-term contracts and provides a pay-as-you-go model.
C. AWS offers edge locations in every country, supporting global reach.
D. AWS has no limits on the number ofresources that can be created.

A

Answer: B
Explanation:
AWS offers you a pay-as-you-go approach for pricing for over 160 cloud services. With AWS you pay only
for the individual services you need, for as long as you use them, and without requiring long-term
contractsor complex licensing. AWS pricing is similar to how you pay for utilities like water and electricity.
You only pay for the services you consume, and once you stop using them, there are no additional costs or
termination fees.
Reference: https://aws.amazon.com/pricing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q 
On demand reserved and spot instances belong to which principle of cloud architecture design?
A. Performance
B. Removing single points off failure
C. Loose coupling
D. Optimizing for cost
A

Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following is an AWSWell-Architected Framework design principle related to reliability?
A. Deployment to a single Availability Zone
B. Ability to recover from failure
C. Design for cost optimization
D. Perform operations as code

A

Answer: B
Explanation:
Reference: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q 
A company has multiple AWS accounts and wants to simplify and consolidate its billing process. Which
AWSservice will achieve this?
A. AWS Cost and Usage Reports
B. AWS Organizations
C. AWS Cost Explorer
D. AWS Budgets
A

Answer: B
Explanation:
You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for
multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization
in AWS Organizations has a master (payer) account that pays the charges of all the member (linked)
accounts.
Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q 
Which managed AWS serviceprovides real-time guidance on AWS security best practices?
A. AWS X-Ray
B. AWS Trusted Advisor
C. Amazon CloudWatch
D. AWS Systems Manager
A

Answer: B
Explanation:
AWS offers premium services such as AWS Trusted Advisor, which provides real-time guidance to help
youreduce cost, increase performance, and improve security.
Reference: https://www.ibm.com/downloads/cas/2N40X4PQ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which tasks are the customer’s responsibility in the AWS shared
A. Infrastructure facilities access management
B. Cloud infrastructure hardware lifecycle management
C. Configuration management of user’s applications
D. Networking infrastructure protection
E. Security groups configuration

A

Answer: C E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q 
What feature of Amazon RDS helps to create globally redundant databases?
A. Snapshots
B. Automatic patching and updating
C. Cross-Region read replicas
D. Provisioned IOPS
A

Answer: A
Explanation:
Reference: https://docs.amazonaws.cn/en_us/AmazonRDS/latest/UserGuide/rds-ug.pdf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What does it mean to grant least privilege to AWS IAM users?
A. It is granting permissions to a single user only.
B. It isgranting permissions using AWS IAM policies only.
C. It is granting AdministratorAccess policy permissions to trustworthy users.
D. It is granting only the permissions required to perform a given task.

A

Answer: D
Explanation:
When you create IAM policies, follow thestandard security advice of granting least privilege, or granting
only the permissions required to perform a task. Determine what users (and roles) need to do and then craft
policies that allow them to perform only those tasks.
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q 
Which AWS services provide a way to extend an on-premises architecture lo the AWS Cloud? (Select
TWO )
A. Amazon EBS
B. AWSDirect Connect
C. Amazon CloudFront
D. AWS Storage Gateway
E. Amazon Connect
A

Answer: B D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A startup is working on a new application that needs to go to market quickly. The application requirements
may need to be adjusted in the near future.
Which of the following is a characteristic of the AWS Cloud that would meet this specific need?
A. Elasticity
B. Reliability
C. Performance
D. Agility

A

Answer: D
Explanation:
Agile is a time boxed, iterativeapproach to software delivery that builds software incrementally from the start
of the project, instead of trying to deliver it all at once near the end.
Reference:
http://www.agilenutshell.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q 
Which aws service is suitable for an event driven workload?
A. Amazon EC2
B. AWS Elastic Beanstalk
C. AWS Lambda
D. Amazon Lumberyard
A

Answer: B

42
Q

Which of the following identify and access management entitles is associated with an access key id and
secret access key when using AWS command line interface?
A. IAM group
B. IAM user
C. IAM role
D. IAM policy

A

Answer: B

43
Q

What is an example of high availability in the AWS Cloud?
A. Consulting AWS technical support at any time day or night
B. Ensuring an application remains accessible, even if a resource fails
C. Making any AWS service available for use by paying on demand
D. Deploying in any part of the world using AWS Regions

A

Explanation:
Reference: https://aws.amazon.com/blogs/startups/high-availability-for-mere-mortals/

44
Q

Which load balancer types are available with Elastic Load Balancing (ELB)? (Choose two.)
A. Public load balancers with AWS Application Auto Scaling capabilities
B. F5Big-IP and Citrix NetScaler load balancers
C. Classic Load Balancers
D. Cross-zone load balancers with public and private IPs
E. Application Load Balancers

A

Answer: A E
Explanation:
Elastic Load Balancing supports the following types of load balancers:Application Load Balancers, Network
Load Balancers, and Classic Load Balancers. Amazon ECS services can use either type of load balancer.
Application Load Balancers are used to route HTTP/HTTPS (or Layer 7) traffic. Network Load Balancers
and Classic LoadBalancers are used to route TCP (or Layer 4) traffic.
Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html

45
Q

What are the advantages of Reserved Instances? (Choose two.)
A. They provide a discount over on-demand pricing.
B. They provide access to additional instance types.
C. They provide additional networking capability.
D. Customers can upgrade instances as new types become available.
E. Customers can reserve capacity in an Availability Zone.

A

Answer: A E
Explanation:
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-basics/

46
Q

An architect design includes Amazon EC2, an Elastic Load Balancer, and Amazon RDS. What is the BEST
way to got a monthly cost estimation for this architecture?
A. Open an AWS Support case, provide the architecture proposal, and ask for a monthly costestimation.
B. Use the published prices of the AWS services and calculate the monthly estimate.
C. Use the AWS Simple Monthly Calculator to estimate the monthly cost.
D. Use the AWS Total Cost of OwnerShip (TCO) Calculator estimate the monthly cost.

A

Answer: C

47
Q

A Cloud Practitioner needs to store data for 7 years to meet regulatory requirements. Which AWS service
will meet this requirement at the LOWEST cost?
A. Amazon S3
B. AWS Snowball
C. Amazon Redshift
D. Amazon S3 Glacier

A

Answer: D
Explanation:
S3Glacier Deep Archive is Amazon S3’s lowest-cost storage class and supports long-term retention and
digital preservation for data that may be accessed once or twice in a year. It is designed for customers —
particularly those in highly-regulated industries,such as the Financial Services, Healthcare, and Public
Sectors — that retain data sets for 7-10 years or longer to meet regulatory compliance requirements. S3
Glacier Deep Archive can also be used for backup and disaster recovery use cases, and is a cost-effective
and easy-to-manage alternative to magnetic tape systems, whether they are on-premises libraries or
off-premises services.
Reference: https://aws.amazon.com/s3/storage-classes/

48
Q 
Which AWS services provides a quick and automated way to create and manage AWS accounts?
A. AWS QuickSight
B. Amazon Lighsil
C. AWS Organizations
D. Amazon Connect
A

Answer: C

49
Q

A company is considering migrating its applications to AWS. The company wants to compare the cost of
running the workload on-premises to running the equivalent workload on the AWS platform.
Which tool can be used to perform this comparison?
A. AWS Simple Monthly Calculator
B. AWS Total Cost of Ownership (TCO) Calculator
C. AWS Billing and Cost Management console
D. Cost Explorer

A 
Answer: B
Explanation:
TCO calculator compare the cost of running your applications in an on-premises or colocation environment
to AWS.
Reference: https://awstcocalculator.com
50
Q 
A user needs to automatically discover,classify, and protect sensitive data stored in Amazon S3 Which
AWS service can meet these requirements?
A. Amazon Inspector
B. Amazon Macie
C. Amazon GuardDuty
D. AWS Secrets Manager
A

Answer: B

51
Q

Which of the following allows AWS users to manage cost allocates for billing?
A. Tagging resources
B. Limiting who can create resources
C. Adding a secondary payment method
D. Running all operation on a single AWS account

A

Answer: A

52
Q 
Which Amazon EC2 pricing model is the MOST cost efficient for an uninterruptible workload that runs once
a year for 24 hours?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Dedicated Instances
A

Answer: A
Explanation:
With On-Demand instances, you pay for compute capacity by the hour or the second depending on which
instances you run. No longer-term commitments or upfront payments are needed. You can increase or
decrease your compute capacity depending on the demands of your application and only pay the specified
per hourly rates for the instance you use.
Reference: https://aws.amazon.com/ec2/pricing/

53
Q 
A user has underutilized on-premises resources Which AWS Cloud concept can BEST address this Issue?
A. High availability
B. Elasticity
C. Security
D. Loose coupling
A

Answer: B

54
Q

What are the immediate benefits of using theAWS Cloud? (Choose two.)
A. Increased IT staff.
B. Capital expenses are replaced with variable expenses.
C. User control of infrastructure.
D. Increased agility.
E. AWS holds responsibility for security in the cloud.

A

Answer: C D

55
Q 
which AWS service is used t automate configuration management using Chef and puppet?
A. AWS Config
B. AWS OpsWorks
C. AWSCloudFormation
D. AWS Systems Manager
A

Answer: B

56
Q

Which Amazon Virtual Private Cloud (Amazon VPC) feature enables users to connect two VPCs together?
A. Amazon VPC endpoints
B. Amazon Elastic Compute Cloud (Amazon EC2) ClassicLink
C. Amazon VPC peering
D. AWS Direct Connect

A

Answer: C
Explanation:
A VPC peeringconnection is a networking connection between two VPCs that enables you to route traffic
between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate
with each other as if they are within the same network. You can create a VPC peering connection between
your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known
as an inter-region VPC peering connection).
Reference: https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

57
Q

What will help a company perform a cost benefit analysis of migrating to the AWS Cloud?
A. Cost Explorer
B. AWS Total Cost of Ownership (TCO)Calculator
C. AWS Simple Monthly Calculator
D. AWS Trusted Advisor

A

Answer: B
Explanation:
AWS TCO calculators allow you to estimate the cost savings when using AWS and provide a detailed set of
reports that can be used in executive presentations. The calculators also give you the option to modify
assumptions that best meet your business needs.
Reference: https://aws.amazon.com/tco-calculator/

58
Q 
Which AWS service can a customer use to set up an alert notification when the account is approaching a
particular dollar amount?
A. AWS Cost and Usage reports
B. AWS Budgets
C. AWS Cost Explorer
D. AWS Trusted Advisor
A 
Answer: B
Explanation:
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_clo
udwa
59
Q

A company that does business online needs to quickly deliver new functionality in an iterative manner,
minimizing the time to market
Which AWS Cloud feature can provide this?
A. Elasticity
B. High availability
C. Agility
D. Reliability

A

Answer: C

60
Q

Which AWS support plan provides access toarchitectural and operational reviews as well as 24/7 access to
senior cloud support engineers through email,online chat,and phone?
A. Basic
B. Business
C. Developer
D. Enterprise

A

Answer: D

61
Q

Which of the following is an advantage of using AWS?
A. AWS audits user data.
B. Data is automatically secure.
C. There is no guessing on capacity needs.
D. AWS manages compliance needs.

A

Answer: C
Explanation:
AWS manages dozens of compliance programs in its infrastructure. This means that segments of your
compliance have already been completed.
Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.html

62
Q 
Which AWS tool cant they use?
A. AWS Trusted Advisor
B. AWS Systems Manager
C. AWS Config
D. AWS Service Catalog
A

Answer: A. No enendi la pregunta

63
Q 
which of the following acts as a virtual firewall at the amzon ec2 instance level to control traffic for one or
more instance?
A. Access keys
B. Virtual private gateways
C. Security groups
D. Access Control Lists (ACL)
A

Answer: C

64
Q 
Under the AWS shared responsibility model, which of the following is an example of security in the AWS
Cloud?
A. Managing edge locations
B. Physical security
C. Firewall configuration
D. Global infrastructure
A

Answer: B
Explanation:
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

65
Q 
A company requires a dedicated network connection between its on-premises servers and the AWS Cloud.
Which AWS service should be used?
A. AWS VPN
B. AWS Direct Connect
C. Amazon API Gateway
D. Amazon Connect
A

Answer: B
Explanation:
You can use AWS Direct Connect to establish a private virtual interface from your on-premise network directly to your Amazon VPC, providing you with a private, high bandwidth network connection between
your network and your VPC. With multiple virtual interfaces, you can even establish private connectivity to
multiple VPCs while maintaining network isolation.
Reference: https://aws.amazon.com/directconnect/

66
Q

Which of the following AWS services provide compute resources? (Choose two.)
A. AWS Lambda
B. Amazon Elastic Container Service (Amazon ECS)
C. AWS CodeDeploy
D. Amazon Glacier
E. AWS Organizations

A

Answer: A B
Explanation:
Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/compute-services.html

67
Q 
when building a cloud total cost of ownership model which costelements should be considered for workload
runninng on aws? (Select Three.)
A. Compute costs
B. Facilities costs
C. Storage costs
D. Data transfer costs
E. Network infrastructure costs
F. Hardware lifecycle costs
A

Answer: A C E

68
Q 
Which AWS service enables users to consolidate billing across multiple accounts?
A. Amazon QuickSight
B. AWS Organizations
C. AWS Budgets
D. Amazon Forecast
A

Answer: B
Explanation:
You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for
multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization
in AWS Organizations has a master (payer) account that pays the charges of all the member (linked)
accounts.
Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

69
Q

How does AWS charge for AWS Lambda?
A. Users bid on the maximum price they are willing to payper hour.
B. Users choose a 1-, 3- or 5-year upfront payment term.
C. Users pay for the required permanent storage on a file system or in a database.
D. Users pay based on the number of requests and consumed compute resources.

A

Answer: D
Explanation:
AWS Lambda is charging its users by the number of requests for their functions and by the duration, which
is the time the code needs to execute. When code starts running in response to an event, AWS Lambda
counts a request. It will charge the total number of requests across all of the functions used. Duration is
calculated by the time when your code started executing until it returns or until it is terminated, rounded up
near to 100ms. The AWS Lambda pricing depends on the amount of memory that the user used to allocate
tothe function.
Reference: https://dashbird.io/blog/aws-lambda-pricing-model-explained/

70
Q 
Which service enables customers to audit and monitorchanges in AWS resources?
A. AWS Trusted Advisor
B. Amazon GuardDuty
C. Amazon Inspector
D. AWS Config
A

Answer: D
Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS
resources. Configcontinuously monitors and records your AWS resource configurations and allows you to
automate the evaluation of recorded configurations against desired configurations. With Config, you can
review changes in configurations and relationships between AWS resources, dive into detailed resource
configuration histories, and determine your overall compliance against the configurations specified in your
internal guidelines. This enables you to simplify compliance auditing, security analysis, change
management, andoperational troubleshooting.
Reference: https://aws.amazon.com/config/

71
Q

which of the following are benefits of running a database on amazon rds compared to an on premises
database?
A. RDS backup are managed by AWS
B. RDS supports any relational database
C. RDs has no database engineer licensing costs.
D. RDS database compute capacity can be easily scaled.
E. RDS inbound traffic content (for example, security groups) is managed by AWS.

A

Answer: A C

72
Q

Which of the following provides the ability to share the cost benefits of Reserved Instances across
AWSaccounts?
A. AWS Cost Explorer between AWS accounts
B. Linked accounts and consolidated billing
C. Amazon Elastic Compute Cloud (Amazon EC2) Reserved Instance Utilization Report
D. Amazon EC2 Instance Usage Report between AWS accounts

A

Answer: B
Explanation:
Theway that Reserved Instance discounts apply to accounts in an organization’s consolidated billing family
depends on whether Reserved Instance sharing is turned on or off for the account. By default, Reserved
Instance sharing for all accounts in an organization is turned on. You can change this setting by Turning Off
Reserved Instance Sharing for an account.
The capacity reservation for a Reserved Instance applies only to the account the Reserved Instance was
purchased on, regardless of whether Reserved Instance sharing is turned on or off.
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-consolidated-billing/

73
Q

How does AWS MOST effectively reduce computing costs for agrowing start-up company?
A. It provides on-demand resources for peak usage.
B. It automates the provisioning of individual developer environments.
C. It automates customer relationship management.
D. It implements a fixed monthly computing budget.

A

Answer: A
Explanation:
You can continue to optimize your spend and keep your development costs low by making sure you revisit
your architecture often, to adjust to your startup growth. Manage your cost further by leveraging different
options such as S3 CloudFront for caching & offloading to reduce cost of EC2 computing, as well as Elastic
Load Balancing which prepares you for massive scale, high reliability and uninterrupted growth. Another
way to keep costs down is to use AWS Identity and Access Management solutions (IAM) to manage
governance of your cost drivers effectively and by the right teams.
Reference: https://aws.amazon.com/startups/lean/

74
Q

What does it mean if a user deploys a hybrid cloud architecture on AWS?
A. All resources runusing on-premises infrastructure.
B. Some resources run on-premises and some run in a colocation center.
C. All resources run in the AWS Cloud.
D. Some resources run on-premises and some run in the AWS Cloud.

A

Answer: D
Explanation:
Reference: https://aws.amazon.com/hybrid/

75
Q

A director has been tasked with investigating hybrid cloud architecture. The company currently accesses
AWS over the public internet.
Which service will facilitate private hybrid connectivity?
A. Amazon Virtual Private Cloud (Amazon VPC) NAT Gateway
B. AWS Direct Connect
C. Amazon Simple Storage Service (Amazon S3) Transfer Acceleration
D. AWS Web Application Firewall (AWS WAF)

A

Answer: B
Explanation:
Amazon VPC provides multiple network connectivity options for you to leverage depending on your current
network designs and requirements. These connectivity options include leveraging either the internet or an
AWS Direct Connect connection as the network backbone and terminating the connection into either AWS
or user-managed network endpoints. Additionally, with AWS, you can choose how network routing is
delivered between Amazon VPC and your networks, leveraging either AWS or user-managed network
equipment and routes.
Reference:https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/introduction.html

76
Q

Treating infrastructure as code in the AWS Cloud allows users to:
A. automate migration of on-premises hardware to AWS data centers.
B. let a third party automate an audit of the AWS infrastructure.
C. turn overapplication code to AWS so it can run on the AWS infrastructure.
D. automate the infrastructure provisioning process.

A

Answer: D
Explanation:
Reference: https://asperbrothers.com/blog/infrastructure-as-code-aws/

77
Q 
Which of the following allows users to provision a dedicated network connection from their internal network
to AWS?
A. AWSCloudHSM
B. AWS Direct Connect
C. AWS VPN
D. Amazon Connect
A

Answer: B
Explanation:
AWS Direct Connect lets you establish a dedicated network connection between your network and one of
the AWS Direct Connect locations. Using industry standard 802.1q VLANs, thisdedicated connection can
be partitioned into multiple virtual interfaces. This allows you to use the same connection to access public
resources such as objects stored in Amazon S3 using public IP address space, and private resources such
as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space,
while maintaining network separation between the public and private environments. Virtual interfaces can
be reconfigured at any time to meet your changing needs.
Reference:https://aws.amazon.com/directconnect/

78
Q 
When comparing AWS with on-prerruses Total Cost of Ownership (TCO), what costs are included?
A. Data center security
B. Business analysis
C. Project management
D. Operating system administration
A

Answer: A

79
Q

When designing a typical three tier web application which aws services and for features improve availability
and reduce the impact failures?
AWS Auto Scaling for Amazon forAmazon EC2 instances.
A. Amazon VPC subnet ACLs check the health of a service.
B. Distributed resources across multiple Availability Zones.
C. AWS Server Migration Service (AWS SMS) to move Amazon EC2 instance into a different Region.
D. Distributed resources across multiple AWS points of presence

A

Answer: A C

80
Q 
Which AWS service securely delivers data, videos , applications, and APIS to users globally with low
latency and high transfer speeds?
A. AWSCloudFormation
B. Amazon CloudFornt
C. Amazon Pinpoint
D. Amazon Redshift
A

Answer: B

81
Q 
Under the AWS shared responsibility model, customers are responsible for which aspects of security in the
cloud? (Choose two.)
A. Visualization management
B. Hardware management
C. Encryption management
D. Facilities management
E. Firewall management
A

Answer: C E
With the basic Cloud infrastructure secured and maintained by AWS, the responsibility for what goes into
the cloud falls on you. This covers both client and server side encryption and network traffic protection,
security of theoperating system, network, and firewall configuration, followed by application security and
identity and access management.
Firewall configuration remains the responsibility of the end user, which integrates at the platform and
application management level. For example, RDS utilizes security groups, which you would be responsible
for configuring and implementing.
Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

82
Q

Which of the following is the responsibility of AWS?
A. Setting up AWS Identity and Access Management (IAM) users and groups
B. Physically destroying storage media at end of life
C. Patching guest operating systems
D. Configuring security settings on Amazon EC2 instances

A

Answer: B
Explanation:
Media storage devices used tostore customer data are classified by AWS as Critical and treated
accordingly, as high impact, throughout their life-cycles. AWS has exacting standards on how to install,
service, and eventually destroy the devices when they are no longer useful. When a storage device has
reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88.
Media that stored customer data is not removed from AWS control until it has been securely
decommissioned.
Reference: https://aws.amazon.com/compliance/data-center/controls/

83
Q

Which tool can be used to compare the costs of running a web application in a traditional hosting
environment to running it on AWS?
A. AWS Cost Explorer
B. AWS Budgets
C. AWS Cost and Usage report
D. AWS Total Costof Ownership (TCO) Calculator

A

Answer: D
Explanation:
Reference: https://aws.amazon.com/tco-calculator/

84
Q

Under the AWS shared responsibility model, which of the following are customer responsibilities? (Select
TWO.)
A. Setting up server-side encryption onan Amazon S3 bucket
B. Amazon RDS instance patching
C. Network and firewall configurations
D. Physical security of data center facilities
E. Compute capacity availability

A

Answer: C D

85
Q

under the AWS shared responsibility model the customer manages which of the following?
A. Decommissioning of physical storage devices.
B. Security group and ACL configuration
C. Patch management of an Amazon RDS instance operating system
D. Controlling physical access to data centers
E. Patch management of an Amazon EC2 instance operating system

A

Answer: B E

86
Q

When comparing the total cost of ownership (TCO) of an on-premises infrastructure to a cloud architecture,
what costs should be considered? (Choose two.)
A. The credit card processing fees for application transactions in the cloud.
B. The cost of purchasing and installing server hardware in the on-premises data.
C. The cost of administering the infrastructure, including operating system and software installations,
patches, backups, and recovering from failures.
D. The costs of third-party penetration testing.
E. The advertising costs associated with an ongoing enterprise-wide campaign.

A

Answer: B C
Explanation:
Reference: https://aws.amazon.com/tco-calculator/

87
Q

According to the AWS Well-Architected Framework, what change management steps should be taken to
achieve reliability in the AWS Cloud? (Select TWO.)
A. Use AWS Contig to generate an inventory of AWS resources
B. Use service limits to prevent users from creating or making changes to AWS resources.
C. Use AWS CloudTrail to record AWS API calls into an auditable log file
D. Use AWS Certificate Manager to whitelist approved AWS resources and services.
E. Use Amazon GuardDuty to validate configuration changes made to AWS resources

A

Answer: B E

88
Q 
Which AWS service or feature allows a company to visualize, understand, and manage AWS costs and
usage over time?
A. AWS Budgets
B. AWS Cost Explorer
C. AWS Organizations
D. Consolidated billing
A

Answer: B
Explanation:
AWS Cost Explorer has aneasy-to-use interface that lets you visualize, understand, and manage your AWS
costs and usage over time.
Reference: https://aws.amazon.com/aws-cost-management/aws-cost-explorer/

89
Q 
What is an AWS cloud design best practice?
A. Tight coupling of components
B. Single point of failure
C. High availability
D. Overprovisioning of resources
A

Answer: B

90
Q

which of the following are advantages of the aws cloud?
A. AWS manages the maintenance of the cloud infrastructure.
B. AWSmanages the security of application built on AWS.
C. AWS manages capacity planning for physical servers.
D. AWS manages the development of applications on AWS.
E. AWS manages cost planning for virtual servers.

A

Answer: A C

91
Q

Acompany wants to migrate a MYSQL database to AWS but does not have the budget for Database
Administrators to handle routine tasks including provisioning, patching, and performing backups?
Which AWS service will support this use case?
A. Amazon RDS
B. Amazon DynamoDB
C. Amazon DocumentDB
D. Amazon ElasttiCache

A

Answer: B

92
Q 
Which AWS feature or service can be used to capture information about incoming and outgoing traffic in an
AWS VPC infrastructure?
A. AWS Config
B. VPC Flow Logs
C. AWSTrusted Advisor
D. AWS CloudTrail
A

Answer: B

93
Q

A company with a Developer-level AWS Support planprovisioned an Amazon RDS database and cannot to
it.
Who should the developer contact for this level of support?
A. AWS Support using a support case
B. AWS Professional Services
C. AWS Technical Account Manager
D. AWS consulting partners

A

Answer: A

94
Q 
According to the AWS shared responsibility model, what is AWS responsible for?
A. Configuring Amazon VPC
B. Managing application code
C. Maintaining application traffic
D. Managing the network infrastructure
A

Answer: D
Explanation:
Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

95
Q

What is an AWS Identity and Access Management (IAM) role?
A. A user associated with an AWS resource
B. A group associated with an AWS resource
C. An entity that defines a set of permissions for use with an AWS resource
D. An authentication credential associated with a multi-factor authentication (MFA) token

A

Answer: C
Explanation:
AWS Identity and AccessManagement (IAM) enables you to manage access to AWS services and
resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions
to allow and deny their access to AWS resources.
Reference: https://aws.amazon.com/iam/

96
Q

A company wants to build its new application workloads in the AWS Cloud instead of using on-premises
resources.
What expense can be reduced using the AWS Cloud?
A. The cost of writing custom-built Java or Node .js code
B. Penetration testing for security
C. hardware required to support new applications
D. Writing specific test cases for third-party applications.

A

Answer: C
Explanation:
Reference:https://aws.amazon.com/pricing/cost-optimization/

97
Q 
What AWS service would be used to centrally manage AWS access across multiple accounts?
A. AWS Service Catalog
B. AWS Config
C. AWS TrustedAdvisor
D. AWS Organizations
A

Answer: D
To improve control over your AWS environment, you can use AWS Organizations to create groups of
accounts, and then attach policies to a group to ensure the correct policies are applied across the accounts
withoutrequiring custom scripts and manual processes.
Reference: https://aws.amazon.com/organizations/

98
Q

Which principles are used to architect applications for reliability on the AWS Cloud? (Choose two.)
A. Design for automated failure recovery
B. Use multiple Availability Zones
C. Manage changes via documented processes
D. Test for moderate demand to ensure reliability
E. Backup recovery to an on-premises environment

A

Answer: A C
Explanation:
Reference: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

99
Q 
Which AWS service controls permissions to the AWS management console?
A. Amazon Connect
B. AWS IAM
C. AWS Direct Connect
D. AmazonRecognition
A

Answer: B

100
Q

What is an advantage of using the AWS Cloud over a traditional on-premises solution?
A. Users do not have to guess about future capacity needs.
B. Users can utilizeexisting hardware contracts for purchases.
C. Users can fix costs no matter what their traffic is.
D. Users can avoid audits by using reports from AWS.

A

Answer: A C
Explanation:
Reference: https://data-flair.training/blogs/aws-advantages/

101
Q

Which actions support the reliability pillar of the AWS Architected Framework? (Select TWO.)
A. Enforce higher security specifically in regard to designed for failure.
B. Ensure that backend components include multiple Availability Zone deployments.
C. Avoid the use of automatic scaling to simplify the cloud architecture.
D. Enable object versioning within Amazon S3 and replicating data to another AWS Region.
E. Include an Application Load Balancer to distribute traffic to multiple Amazon EC2 instance in separate
Availability Zones

A

Answer: B D

Certify for Sure (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions