Udemy Practice Exam 4 Flashcards by Celina Alvarez

Which AWS service would you use to create a logically isolated section of the AWS Cloud where you can launch AWS resources in your virtual network?

Virtual Private Cloud (VPC)

How well did you know this?

Not at all

Perfectly

As per the Shared Responsibility Model, Security and Compliance is a shared responsibility between AWS and the customer. Which of the following security services falls under the purview of AWS under the Shared Responsibility Model?

-AWS Shield Standard
-AWS Web Application Firewall (WAF)
-AWS Shield Advanced
-Security Groups for Amazon EC2

AWS Shield Standard

How well did you know this?

Not at all

Perfectly

According to the AWS Shared Responsibility Model, which of the following are responsibilities of the customer for IAM? (Select two)

-Manage global network security infrastructure
-Enable MFA on all accounts
-Analyze user access patterns and review IAM permissions
-Configuration and vulnerability analysis for the underlying software infrastructure
-Compliance validation for the underlying software infrastructure

-Enable MFA on all accounts
-Analyze user access patterns and review IAM permissions

How well did you know this?

Not at all

Perfectly

Which of the following is available across all AWS Support plans?

-Full set of AWS Trusted Advisor best practice checks
-Enhanced Technical Support with unlimited cases and unlimited contacts
-AWS Personal Health Dashboard
-Third-Party Software Support

“AWS Personal Health Dashboard”

How well did you know this?

Not at all

Perfectly

A streaming media company wants to convert English language subtitles into Spanish language subtitles. As a Cloud Practitioner, which AWS service would you recommend for this use-case?

Amazon Translate

How well did you know this?

Not at all

Perfectly

AWS Shield Advanced provides expanded DDoS attack protection for web applications running on which of the following resources? (Select two)

-Amazon CloudFront
-Amazon Elastic Compute Cloud

How well did you know this?

Not at all

Perfectly

Who’s responsability is Patching networking infrastructure

AWS

How well did you know this?

Not at all

Perfectly

Which of the following types are free under the Amazon S3 pricing model? (Select two)

Data transferred in from the internet

Data transferred out to an Amazon Elastic Compute Cloud (Amazon EC2) instance, when the instance is in the same AWS Region as the S3 bucket

How well did you know this?

Not at all

Perfectly

The DevOps team at an IT company wants to centrally manage its servers on AWS Cloud as well as on-premise data center so that it can collect software inventory, run commands, configure and patch servers at scale. As a Cloud Practitioner, which AWS service would you recommend for this use-case?

Systems Manager

How well did you know this?

Not at all

Perfectly

Which of the following AWS services offer LifeCycle Management for cost-optimal storage?

How well did you know this?

Not at all

Perfectly

How is Amazon EC2 different from traditional hosting systems? (Select two)

-Amazon EC2 can scale with changing computing requirements -With Amazon EC2, developers can launch and terminate the instances anytime they need to

How well did you know this?

Not at all

Perfectly

Who is responsible for AWS Shield Standard

AWS
-managed service
-automatically activated for all customers
-no customization

How well did you know this?

Not at all

Perfectly

An e-commerce company would like to receive alerts when the Reserved EC2 Instances utilization drops below a certain threshold. Which AWS service can be used to address this use-case?

AWS Budgets

How well did you know this?

Not at all

Perfectly

-alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount
-define a utilization threshold and receive alerts when your RI usage falls below that threshold

AWS Budgets

How well did you know this?

Not at all

Perfectly

An organization maintains a separate Virtual Private Cloud (VPC) for each of its business units. Two units need to privately share data. Which is the most optimal way of privately sharing data between the two VPCs?

VPC Peering

How well did you know this?

Not at all

Perfectly

Which of the following are the serverless computing services offered by AWS (Select two)

-Fargate
-Lambda

How well did you know this?

Not at all

Perfectly

Analyze user access patterns and review IAM permissions
responsibility of

Customer

How well did you know this?

Not at all

Perfectly

A financial services company wants to migrate from its on-premises data center to AWS Cloud. As a Cloud Practitioner, which AWS service would you recommend so that the company can compare the cost of running their IT infrastructure on-premises vs AWS Cloud?

AWS Pricing Calculator

How well did you know this?

Not at all

Perfectly

Which of the following S3 storage classes do not charge any data retrieval fee? (Select two)

-S3 Standard
-S3 Intelligent-Tiering

How well did you know this?

Not at all

Perfectly

AWS Marketplace facilitates which of the following use-cases? (Select two)

-Sell Software as a Service (SaaS) solutions to AWS customers
-AWS customer can buy software that has been bundled into customized AMIs by the AWS Marketplace sellers

How well did you know this?

Not at all

Perfectly

Which of the following describes an Availability Zone in the AWS Cloud?

One or more data centers in the same location

How well did you know this?

Not at all

Perfectly

is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region.

vailability Zone

How well did you know this?

Not at all

Perfectly

A media company uploads its media (audio and video) files to a centralized S3 bucket from geographically dispersed locations. Which of the following solutions can the company use to optimize transfer speeds?

S3 Transfer Acceleration

How well did you know this?

Not at all

Perfectly

A financial services company wants to ensure that all customer data uploaded on its data lake on Amazon S3 always stays private. Which of the following is the MOST efficient solution to address this compliance requirement?

Use Amazon S3 Block Public Access to ensure that all S3 resources stay private

How well did you know this?

Not at all

Perfectly

Which of the following statements are true regarding Amazon Simple Storage Service (S3) (Select two)?

-S3 is a key value based object storage service -S3 stores data in a flat non-hierarchical structure

AWS Shield Advanced provides expanded DDoS attack protection for web applications running on which of the following resources? (Select two)

Cloud Front EC2 Elastic Compute Cloud

Reserved Instance pricing is available for which of the following AWS services? (Select two)

-RDS -EC2

Which entity ensures that your application on Amazon EC2 always has the right amount of capacity to handle the current traffic demand?

Auto Scaling

Which of the following is the MOST cost-effective EC2 instance purchasing option for short-term, spiky and critical workloads on AWS Cloud?

On-Demand Instance

Which of the following AWS Support plans provide programmatic access to AWS Support Center features to create, manage and close your support cases? (Select two)

-Business -Enterprise

Which pillar of AWS Well-Architected Framework is responsible for making sure that you select the right resource types and sizes based on your workload requirements?

Performance Efficiency

The ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.

Reliability

Pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

Operational Excellence

AWS Trusted Advisor can provide alerts on which of the following common security misconfigurations? (Select two)?

-When you allow public access to Amazon S3 buckets -When you don't turn on user activity logging (AWS CloudTrail)

Which of the following S3 storage classes has NO constraint of a minimum storage duration charge for objects?

S3 Standard S3 Intelligent Tiering

minimum storage duration charge for 90 days

S3 Glacier

minimum storage duration charge for 30 days.

Infrequent Access

minimum storage duration charge for 180 days.

S3 Glacier Deep Archive

Which of the following is best-suited for load-balancing HTTP and HTTPS traffic?

Application Load Balancer

Which of the following is correct regarding the AWS RDS service?Read Replicas

-You can use Read Replicas for both improved read performance as well as Disaster Recovery -cross-Region Read Replica

Which of the following can you use to run a bootstrap script while launching an EC2 instance?

EC2 instance user data

Which of the following is available across all AWS Support plans?

AWS Personal Health Dashboard

U2F security key

The DevOps team at a Big Data consultancy has set up EC2 instances across two AWS Regions for its flagship application. Which of the following characterizes this application architecture? cross region improves

Availability

Which AWS service will help you install application code automatically to an Amazon EC2 instance?

AWS CodeDeploy

Which of the following are recommended security best practices for the AWS account root user? (Select two)

Enable MFA for the AWS account root user Set up an IAM user with administrator permissions and do not use AWS account root user for administrative tasks

Which AWS service can be used to set up billing alarms to monitor estimated charges on your AWS account? -AWS Organizations -Amazon CloudWatch -AWS Organizations -AWS Cost Explorer

Amazon CloudWatch

Which AWS service would you choose for a data processing project that needs a schemaless database?

Amazon DynamoDB

True

Which of the following is a container service of AWS? works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS).

AWS Fargate

Which of the following AWS storage services can be directly used with on-premises systems?

Amazon Elastic File System (Amazon EFS)

To access EFS file systems from on-premises

-AWS Direct Connect or -AWS VPN connection

Amazon S3 can be accessed from on-premises

only via AWS Storage Gateway

A firm wants to maintain the same data on S3 between its production account and multiple test accounts. Which technique should you choose to copy data into multiple test accounts while retaining object metadata?

Amazon S3 Replication

When accounts in organization share reserved instances, they must

be launched in the same Availability Zone as the reserved instances where purchased

Which of the following entities are part of a VPC in the AWS Cloud? (Select two)

Subnet Internet Gateway

An e-commerce company has migrated its IT infrastructure from the on-premises data center to AWS Cloud. Which of the following costs is the company responsible for?

Application software license costs

Which AWS service will you use to provision the same AWS infrastructure across multiple AWS accounts and regions?

AWS CloudFormation

Which of the following entities can be used to connect to an EC2 server from a Mac OS, Windows or Linux based computer via a browser-based client?

EC2 Instance Connect

EC2 Instance Connect uses

Secure Shell (SSH). AWS Identity and Access Management (IAM) policies

can be used from a Mac OS, Windows or Linux based computer,

SSH

Which of the following AWS services can be used to forecast your AWS account usage and costs?

AWS Cost Explorer

automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.

Inspector

Which AWS service can help you analyze your infrastructure to identify unattached or underutilized EBS volumes?

AWS Trusted Advisor

Which of the following are benefits of the AWS Web Application Firewall (WAF)? (Select two)

-WAF can block all requests except the ones that you allow -WAF can check for the presence of SQL code that is likely to be malicious (known as SQL injection)

WAF can check for the presence of SQL code that is likely to be malicious (known as SQL injection)

-Amazon API Gateway API -Amazon CloudFront -Application Load Balancer.

-is a good fit for non-HTTP use cases -provides static IP addresses that act as a fixed entry point to your applications

AWS Global Accelerator

Which of the following AWS entities lists all users in your account and the status of their various account aspects such as passwords, access keys, and MFA devices?

Credential Reports

A cargo shipping company runs its server-fleet on Amazon EC2 instances. Some of these instances host the CRM (Customer Relationship Management) applications that need to be accessible 24*7. These applications are not mission-critical. In case of a disaster, these applications can be managed on a lesser number of instances for some time. Which disaster recovery strategy is well-suited as well as cost-effective for this requirement?

Warm Standby strategy

-always running but smaller -business critical

Warm Standby strategy

-iddle service -provision and then scale

Pilot light

-mission critial -no downtime

multi-site active/active

-lower priority -restore after event

backup & restore

Udemy Practice Exam 4 Flashcards

(73 cards)