whizlab incorrect answers Flashcards

1
Q

I need to migrate millions of customers’ financial transaction data from the On-Premise Mainframe system to a non-relational database in AWS. The database should also provide good performance for data retrieval and data analytics. Which of the following Database services is the most suitable?

A. Amazon RDS
B. Amazon RedShift
C. Amazon ElastiCache
D. Amazon DynamoDB

A

D.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A client who has adopted AWS cloud services would like to ensure that his systems always scale with increasing traffic for a great end-user experience. I have implemented the same by defining AutoScaling Scale-In & Scale-Out policies & CloudWatch alarms that trigger the AutoScaling. Which Cloud Architecture Design principles have I implemented here? Select TWO most suitable options.

A. Encryption 
B. Operational Excellence 
C. Performance Efficiency 
D. Cost Optimization  
E. Least privilege
A

B.

C.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following may NOT be an Economic benefit to a client using AWS cloud services?

A. The Client is running a dedicated MySQL Database Server on AWS with his own CPU bound license (BOYL).
B. The Client is running Spot Instances for batch data processing workloads.
C. The client is running applications with a relatively predictable & consistent resource Demand using AWS Reserved Instances.
D. The client is using S3 Intelligent Tiering storage class while uploading objects.
E. The client is using an Active - Passive failover routing strategy of his On - Promise Data Center to AWS cloud.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following AWS resources or the AWS features (cloud concepts) does NOT provide automation capabilities?

A. AWS Elastic Beanstalk
B. Amazon DynamoDB
C. AWS CloudFormation
D. RDS manual snapshot

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

I have certain applications On-Premises that experience times within a year where infrastructure takes a heavier load impact (e.g., Christmas, Thanksgiving, etc.) than other times in the year. You do not want to decommission the on-premises infrastructure. What is the easiest and most cost-effective way in which I can handle this load?

A. By moving all my infrastructure to AWS Cloud and using On-Demand capacity
B. By creating a Private Cloud environment in my On-Premises data center that will provide me with the required elasticity
C. By using Scheduled Reserved Instances to match capacity reservation for the load
D. By provisioning Burst Capacity on the AWS Cloud for the duration of the load

A

D.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

To make programmatic calls to AWS, a user was provided an access key ID and secret access key. However, the user has now forgotten the shared credentials and cannot make the required programmatic calls.
How can an access key ID and secret access key be provided to the user?

A. Use the “Forgot Password” Option
B. Use “Create New Access Key” by logging in to AWS Management Console as the root user.
C. Credentials can not be generated
D. Raise a ticket with AWS Support

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When provisioning a security certificate from AWS Certificate Manager (ACM). which of the following statements is true? Choose TWO.

A. ACM-issued security certificate cannot be applied to an Application load balancer.
B. To verify a security certificate, a CNAME record would need to be created.
C. Third-party security certificates cannot be applied to AWS resources.
D. To verify a security certificate, the administrator would need to acknowledge a verification email sent to an address of their choice.
E. A security certificate issued in ACM can only be applied to one AWS resource.

A

B. To verify a security certificate, a CNAME record would need to be created.
D. To verify a security certificate, the administrator would need to acknowledge a verification email sent to an address of their choice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An administrator would like VPCs in three different AWS accounts to access on-premise resources via a VPN connection terminating on a Transit Gateway. Each of the VPCs is in distinct AWS regions. How can this be achieved?

A. Use AWS Resource Access Manager (RAM) to share the Transit Gateway resource.
B. Configure a Virtual Private Gateway (VGW) for each VPC and then extend the VPN tunnels to them.
C. Create VPC attachments from each of the VPCs to the Transit Gateway.
D. Configure VPC peering connections between the VPCs and then route traffic from on-premise through the VPN to the Transit Gateway and then to each VPC peer.

A

A. Use AWS Resource Access Manager (RAM) to share the Transit Gateway resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

During an audit process, an organization is advised by the audit committee to centrally manage all the VPC security groups and WAF rules across their AWS environment. Given that the organization has multiple AWS accounts, how can this be achieved?

A. AWS Identity & Access Management (IAM)
B. AWS Firewall Manager
C. Amazon Cloud Directory
D. AWS Security Hub

A

B. AWS Firewall Manager makes it possible to manage VPC security groups, AWS Shield Advanced and WAF rules on one platform even across multiple AWS accounts.

A. IAM does not allow for the management of VPC security groups or WAF rules.
C. Amazon Cloud Directory is a repository for developer objects. The service does not have the functionality to centrally manage all the VPC security groups or WAF rules in the AWS environment
D. AWS Security Hub is a full-view. single-look, comprehensive depiction of the security state of the customer’s AWS environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following statements accurately describe a function of AWS Secrets Manager? [Select Two]

A. Encrypts authentication information in code, ensuring that it is unreadable, that is, not in plain-text.
B. Replaces the need to hardcode authentication credentials in code.
C. Makes it possible to include an API call in code that retrieves authentication information from a central repository.
D. Automatically rotates and updates the code in the application build, ensuring that repositories are kept up to date.
E. Facilitates the embedding of authentication information in code during runtime.

A

B,C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A client has decided to go for a MySQL RDS database on the AWS cloud-based on its Scalability & High Availability features. When he does so, what role does he play in making the database secure? (Select TWO)

A. He can restrict RDS database access by using a Security Group.
B. He can provide the most recent updates of his database software installed on the EC2 Instance for preventing Security attacks.
C. He can provide the most recent versions of his Operating System on the EC2 instance for preventing Security attacks.
D. He can Encrypt database data at rest by using EBS volume storage encryption.
E. He can plan for backup & recovery strategies for data that may be lost.

A

A. He can restrict RDS database access by using a Security Group.
E. He can plan for backup & recovery strategies for data that may be lost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

I have a Mobile App that needs to access AWS resources like S3, DynamoDB. What is the best way to allow users of the mobile app access to these AWS resources?

A. Keep the Security Credentials associated with the AWS resource access within the Mobile App
B. Use Security Token Service (STS) with Identity Federation that will allow an User access to resources within a session
C. Create Users & Groups within IAM and assign IAM policies for accessing the resources
D. Have the mobile app connect to another web application running on an EC2 instance that can assume a role for accessing the AWS resources

A

B. A mobile app that becomes popular can have a large user base. The best way to provide access to AWS resources in this scenario will be to use Federated Identity access using External Identity Providers(IcIP) like Amazon, Facebook, Google etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

I have a compliance requirement for my application, stating that unrestricted SSH access to any EC2 instance needs to be immediately notified to an admin. Which services can I use to achieve the requirement?

A. AWS Trusted Advisor, Amazon SNS
B. AWS Inspector, Amazon SNS
C. AWS Config, Amazon SNS
D. Both B & C right

A

D. Both AWS Inspector & AWS Config can scan EC2 instances, access their network exposure, and then integrate with Amazon SNS to send notifications. Trusted Advisor also can check for overly permissive access of EC2 instances. Still, the notifications can be performed by monitoring the Trusted Advisor check results with AWS CloudWatch events that can use specific targets like Lambda. SNS etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A startup is using only an AWS Basic Support plan and cannot afford a higher plan right now. They require technical assistance from AWS to better understand the behavior of their services.

Which of the following can be a source of technical assistance for this startup?

AWS Technical Account Manager
AWS Discussion Forums
AWS Trusted Advisor
AWS Concierge Support

A

AWS Discussion Forums

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following are valid use cases supported by Amazon CloudFront? (Select TWO.)

Schema Conversion
Serverless Interactive Query
Live and on-demand video streaming
Automated Backups
Static asset caching
A

– Static asset caching

– Live & on-demand video streaming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following services offers you the same AWS hardware infrastructure, services, APIs, and tools to build and run your applications on-premises and in the cloud?

AWS Organizations
AWS Wavelength
AWS Lambda
AWS Outposts

A

AWS Outposts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A company plans to use an application streaming service to give its employees instant access to their desktop applications from any device.

Which of the following services fulfills this requirement?

AWS AppSync
Amazon Kinesis Data Streams
Amazon AppStream 2.0
Amazon WorkSpaces

A

Amazon AppStream 2.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A company plans to migrate on-premises VMs to AWS. To coordinate the large-scale migration, they must find a way to automate, schedule, and track the entire procedure.

Which of the following services should they use?

Use AWS Migration Hub to track the progress of migrations.
Use AWS Application Migration Service to migrate on-premises workloads to AWS.
Use Amazon CloudWatch to monitor the migration process.
Use AWS Database Migration Service to migrate on-premises workloads to AWS.

A

AWS Application Migration Service (MGN) is the primary migration service recommended for lift and shift migrations to AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A gaming company needs a service that uses the AWS global network to optimize users’ access speed to their applications through an anycast static IP address. Which of the following services fits this criteria?

AWS Global Accelerator
Amazon ElastiCache
Amazon CloudFront
Amazon Route 53

A

AWS Global Accelerator

Amazon ElastiCache is incorrect because it cannot route user traffic to the optimal endpoint. ElastiCache is primarily used to improve web applications’ performance by allowing you to retrieve information from a fast, managed, in-memory system, instead of relying entirely on slower disk-based databases.

Amazon CloudFront is incorrect. Although CloudFront uses the AWS global network, this is best used for HTTP use cases and securing access over your endpoints. CloudFront uses Edge Locations to cache content while Global Accelerator uses Edge Locations to find an optimal pathway to the nearest regional endpoint. In addition, CloudFront is not capable of providing static Anycast IP addresses.

Amazon Route 53 is incorrect because it doesn’t use a static Anycast IP address to minimize the latency for end-users. Route 53 is a highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services. Also, Route 53 is mainly used to translate specific domain names into their corresponding IP addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following provides you the most granular data about your AWS costs and usage and also load that information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice?

AWS Budgets
AWS Cost Explorer
Consolidated Billing
AWS Cost and Usage report

A

The Cost and Usage Report is your one-stop-shop for accessing the most granular data about your AWS costs and usage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which type of Elastic Load Balancer supports path-based routing, host-based routing, and bi-directional communication channels using WebSockets?

Classic Load Balancer
Network Load Balancer
Application Load Balancer
Both Application Load Balancer and Network Load Balancer

A

Application Load Balancers support path-based routing, host-based routing, WebSockets and support for containerized applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following is the most cost-effective AWS Support Plan to use if you need access to AWS Support API for programmatic case management?

Basic
Business
Developer
Enterprise

A

Business

Both Basic and Developer support plans are incorrect since these types do not have access to the AWS Support API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Users from different parts of the globe are complaining about the slow performance of the newly launched photo-sharing website in loading their high-resolution images. Which combination of AWS services should you use to serve the files with lowest possible latency? (Select TWO.)

AWS Storage Gateway
Amazon Glacier
Amazon S3
Amazon CloudFront
Amazon Elastic File System
A

– Amazon S3

– Amazon CloudFront

AWS Storage Gateway is incorrect because this is just a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage in AWS.

Amazon Elastic File System is incorrect because this is not a suitable service to use to store static content unlike S3. It is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability. In addition, you can’t directly connect it to CloudFront, unlike S3.

Amazon Glacier is incorrect because this is primarily used for data archival with usually a long data retrieval time. Like EFS, you can’t directly connect it to CloudFront too, unlike Amazon S3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A company has enlisted the help of TDojo Consulting Co. to assist them in designing an AWS disaster recovery solution for their on-premises bare metal servers and SQL databases. The implementation has to be robust, fast, and simple to use. It should also prevent any type of data loss from occurring. The company would like to keep track of the status of the migration.

Which tool should the team adopt for the DR solution?

AWS Migration Hub
CloudEndure
AWS Database Migration Service
AWS Server Migration Service

A

CloudEndure Disaster Recovery is a tool that minimizes downtime and data loss by providing fast, reliable recovery of physical, virtual, and cloud-based servers into AWS Cloud.

AWS Server Migration Service is incorrect because this service cannot migrate bare metal servers. It is also not the best solution for this scenario, since we are not performing a migration.

AWS Database Migration Service is incorrect because this service cannot migrate bare metal servers. It is also not the best solution for this scenario, since we are not performing a migration.

AWS Migration Hub is incorrect because this service is for monitoring the state of your migrations. It does not handle disaster recovery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following are the things that Amazon CloudWatch Logs can accomplish? (Select TWO.)

Create alarms that automatically stop, terminate, reboot, or recover your EC2 instances.
Record AWS Management Console actions and API calls.
Adjust the retention policy for each log group.
Store your log data at absolutely no charge.
Monitor application logs from Amazon EC2 Instances.

A

Monitor application logs from Amazon EC2 Instances.
Adjust the retention policy for each log group.

You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources.

The option that says: record AWS Management Console actions and API calls is incorrect because this refers to CloudTrail and not CloudWatch Logs.

The option that says: create alarms that automatically stop, terminate, reboot, or recover your EC2 instances is incorrect because this is actually a task that can be accomplished by CloudWatch Alarms.

The option that says: store your log data at absolutely no charge is incorrect because this service is not entirely free and you still have to pay for your usage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which AWS services should you use to store rapidly changing data with low read and write latencies? (Select TWO.)

Amazon RDS
Amazon AppStream 2.0
AWS Snowball
Amazon EBS
Amazon S3
A

Amazon EBS and Amazon RDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which service allows you to add powerful visual analysis feature to your applications that enables you to search, verify, and organize millions of images?

Amazon SageMaker
Amazon CloudSearch
Amazon Rekognition
Amazon Macie

A

Amazon Rekognition.

Amazon Macie is incorrect because it is a security service and not suitable for visual analysis. It uses machine learning to automatically discover, classify, and protect sensitive data in AWS.

Amazon SageMaker is incorrect because this is a service that provides every developer and data scientist with the ability to build, train, and deploy machine learning models quickly in AWS.

Amazon CloudSearch is incorrect because this service is used to set up, manage, and scale a search solution for your website or application in AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which service allows you to add powerful visual analysis feature to your applications that enables you to search, verify, and organize millions of images?

Amazon SageMaker
Amazon CloudSearch
Amazon Rekognition
Amazon Macie

A

Amazon Rekognition.

Amazon Macie is incorrect because it is a security service and not suitable for visual analysis. It uses machine learning to automatically discover, classify, and protect sensitive data in AWS.

Amazon SageMaker is incorrect because this is a service that provides every developer and data scientist with the ability to build, train, and deploy machine learning models quickly in AWS.

Amazon CloudSearch is incorrect because this service is used to set up, manage, and scale a search solution for your website or application in AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A new AWS customer needs to deploy up to 100 t3a.large EC2 instances on their recently launched VPC, which is way beyond the default service limit. What should they do so they can launch their additional instances?

Use AWS Trusted Advisor to increase the default service limits for EC2 instances.
Do nothing. You can directly launch 100 t3a.large EC2 instances at the same time since AWS will automatically increase your service limit for you.
Create a case in the AWS Support Center page and request a service limit increase.
Enable Enhanced Networking.

A

Create a case in the AWS Support Center page and request a service limit increase.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A new AWS customer needs to deploy up to 100 t3a.large EC2 instances on their recently launched VPC, which is way beyond the default service limit. What should they do so they can launch their additional instances?

Use AWS Trusted Advisor to increase the default service limits for EC2 instances.
Do nothing. You can directly launch 100 t3a.large EC2 instances at the same time since AWS will automatically increase your service limit for you.
Create a case in the AWS Support Center page and request a service limit increase.
Enable Enhanced Networking.

A

Create a case in the AWS Support Center page and request a service limit increase.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

You are permitted to conduct security assessments and penetration testing without prior approval against which AWS resources? (Select TWO.)

AWS Security Token Service (STS)
Amazon Aurora
Amazon RDS
Amazon S3
AWS Identity and Access Management (IAM)
A

– Amazon RDS

– Amazon Aurora

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

You are permitted to conduct security assessments and penetration testing without prior approval against which AWS resources? (Select TWO.)

AWS Security Token Service (STS)
Amazon Aurora
Amazon RDS
Amazon S3
AWS Identity and Access Management (IAM)
A

– Amazon RDS

– Amazon Aurora

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which service does AWS use to notify you when AWS is experiencing events that may impact you?

AWS Personal Health Dashboard
AWS Service Health Dashboard
Amazon SNS
AWS Support Center

A

AWS Personal Health Dashboard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A company needs to troubleshoot an issue on their serverless application which is composed of an API Gateway, Lambda function, and a DynamoDB database. Which service should they use to trace user requests as they travel through their entire application?

AWS CloudTrail
Amazon CloudWatch
Amazon Inspector
AWS X-Ray

A

AWS X-Ray.

Amazon CloudWatch is incorrect. Although you can troubleshoot the issue by checking the logs, it is still better to use AWS X-Ray as it enables you to analyze and debug your serverless application more effectively.

Amazon Inspector is incorrect because this is primarily used for EC2 and not for Lambda.

AWS CloudTrail is incorrect because this will only enable you to track all API calls to your Lambda, DynamoDB, and SNS. It is still better to use AWS X-Ray to debug your application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following cloud best practices reinforces the use of the Service-Oriented Architecture (SOA) design principle?

Implement elasticity.
Think parallel.
Design for failure.
Decouple your components.

A

Decouple your components

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A customer currently has a Basic support plan and they are planning to use the Infrastructure Event Management, Well-Architected Reviews and Operations Reviews features in AWS. What should they do in order to access these features in the most cost-effective manner?

None since these features are already included in their Basic support plan.
Upgrade to Developer support plan.
Upgrade to Business support plan.
Upgrade to Enterprise support plan.

A

Upgrade to Enterprise support plan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which of the following should you use if you need to provide temporary AWS credentials for users who have been authenticated via their social media logins as well as for guest users who do not require any authentication?

Amazon Cognito User Pool
Amazon Cognito Sync
Amazon Cognito Identity Pool
AWS Single Sign-On

A

Amazon Cognito Identity Pool.

Amazon Cognito User Pool is incorrect because a user pool is a user directory in Amazon Cognito. In addition, it doesn’t enable access to unauthenticated identities. You have to use an Identity Pool instead.

Amazon Cognito Sync is incorrect because this is a client library that enables cross-device syncing of application-related user data.

AWS Single Sign-On is incorrect because this service lets you centrally manage SSO access to multiple AWS accounts. It also does not allow any “guest” or unauthenticated access, unlike Amazon Cognito.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which of the following should you use if you need to provide temporary AWS credentials for users who have been authenticated via their social media logins as well as for guest users who do not require any authentication?

Amazon Cognito User Pool
Amazon Cognito Sync
Amazon Cognito Identity Pool
AWS Single Sign-On

A

Amazon Cognito Identity Pool.

Amazon Cognito User Pool is incorrect because a user pool is a user directory in Amazon Cognito. In addition, it doesn’t enable access to unauthenticated identities. You have to use an Identity Pool instead.

Amazon Cognito Sync is incorrect because this is a client library that enables cross-device syncing of application-related user data.

AWS Single Sign-On is incorrect because this service lets you centrally manage SSO access to multiple AWS accounts. It also does not allow any “guest” or unauthenticated access, unlike Amazon Cognito.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which of the following is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads?

AWS Shield
Amazon GuardDuty
Amazon Macie
AWS WAF

A

Amazon GuardDuty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

There is an incident with your team where an S3 object was deleted using an account without the owner’s knowledge. What can be done to prevent unauthorized deletion of your S3 objects?

Set your S3 buckets to private so that objects are not publicly readable/writable
Configure MFA delete on the S3 bucket.
Create access control policies so that only you can perform S3-related actions
Set up stricter IAM policies that will prevent users from deleting S3 objects

A

Configure MFA delete on the S3 bucket.

The option that says: Set up stricter IAM policies that will prevent users from deleting S3 objects is incorrect because you can prevent unwanted deletion by removing the permission from IAM Users. However, in this case, the issue is caused by unauthorized access to the account which had the capability of deleting objects. This will totally restrict the authorized users from deleting necessary objects.

The option that says: Create access control policies so that only you can perform S3-related actions is incorrect because this will not prevent unauthorized access to AWS accounts.

The option that says: Set your S3 buckets to private so that objects are not publicly readable/writable is incorrect because this is unrelated to the issue in this case.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

There is an incident with your team where an S3 object was deleted using an account without the owner’s knowledge. What can be done to prevent unauthorized deletion of your S3 objects?

Set your S3 buckets to private so that objects are not publicly readable/writable
Configure MFA delete on the S3 bucket.
Create access control policies so that only you can perform S3-related actions
Set up stricter IAM policies that will prevent users from deleting S3 objects

A

Configure MFA delete on the S3 bucket.

The option that says: Set up stricter IAM policies that will prevent users from deleting S3 objects is incorrect because you can prevent unwanted deletion by removing the permission from IAM Users. However, in this case, the issue is caused by unauthorized access to the account which had the capability of deleting objects. This will totally restrict the authorized users from deleting necessary objects.

The option that says: Create access control policies so that only you can perform S3-related actions is incorrect because this will not prevent unauthorized access to AWS accounts.

The option that says: Set your S3 buckets to private so that objects are not publicly readable/writable is incorrect because this is unrelated to the issue in this case.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which of the following tasks fall under the sole responsibility of AWS based on the shared responsibility model?

Implementing IAM policies
Patch Management
Physical and environmental controls
Applying Amazon S3 bucket policies

A

Physical and environmental controls.

Implementing IAM policies and Applying Amazon S3 bucket policies are both incorrect because these are the responsibilities of the customer and not AWS.

Patch Management is incorrect because this is actually a shared control between AWS and the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Which of the following are the best practices that can help secure your AWS resources using the AWS Identity and Access Management (IAM) service? (Select TWO.)

Grant most privilege.
Lock away your AWS account root user access keys.
Grant least privilege.
Use Bastion Hosts.
Use Inline Policies instead of Customer Managed Policies.

A

– Grant Least Privilege

– Lock away your AWS account root user access keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which of the following are the best practices that can help secure your AWS resources using the AWS Identity and Access Management (IAM) service? (Select TWO.)

Grant most privilege.
Lock away your AWS account root user access keys.
Grant least privilege.
Use Bastion Hosts.
Use Inline Policies instead of Customer Managed Policies.

A

– Grant Least Privilege

– Lock away your AWS account root user access keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which of the following policies grant the necessary permissions required to access your Amazon S3 resources? (Select TWO.)

Bucket policies
Network access control policies
Object policies
Routing policies
User policies
A

– Bucket policies

– User policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

A space agency is using Amazon S3 to store their high-resolution satellite images and videos everyday. Which of the following should they do to minimize the upload time?

Enable Cross-Origin Resource Sharing (CORS)
Use the Multipart upload API
Upload the images and videos using the BatchWriteItem API
Shift to S3 Intelligent-Tiering storage class

A

Use the Multipart Upload API.

The option that says: Use the BatchWriteItem API is incorrect because this is a DynamoDB API action and not S3.

The option that says: Shift to S3 Intelligent-Tiering storage class is incorrect because this is primarily used to optimize your storage costs automatically based on your data access patterns without performance impact or operational overhead.

The option that says: Enable Cross-Origin Resource Sharing (CORS) is incorrect because this is only applicable for client web applications that are loaded in one domain to interact with resources in a different domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

A space agency is using Amazon S3 to store their high-resolution satellite images and videos everyday. Which of the following should they do to minimize the upload time?

Enable Cross-Origin Resource Sharing (CORS)
Use the Multipart upload API
Upload the images and videos using the BatchWriteItem API
Shift to S3 Intelligent-Tiering storage class

A

Use the Multipart Upload API.

The option that says: Use the BatchWriteItem API is incorrect because this is a DynamoDB API action and not S3.

The option that says: Shift to S3 Intelligent-Tiering storage class is incorrect because this is primarily used to optimize your storage costs automatically based on your data access patterns without performance impact or operational overhead.

The option that says: Enable Cross-Origin Resource Sharing (CORS) is incorrect because this is only applicable for client web applications that are loaded in one domain to interact with resources in a different domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which of the following is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using appliances with on-board storage and compute capabilities?

AWS Snowcone
Lambda@Edge
AWS Snowball Edge
AWS Snowmobile

A

AWS Snowball Edge.

AWS Snowmobile is incorrect because this is primarily used to migrate tens of petabytes to exabytes of data in batches to the cloud.

AWS Snowcone is incorrect. Although it is a data transport solution like Snowball Edge, it is not suitable for moving terabytes to petabytes of data. Take note that the usable storage for Snowcone is only 8 TB.

Lambda@Edge is incorrect because this is just a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which of the following is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using appliances with on-board storage and compute capabilities?

AWS Snowcone
Lambda@Edge
AWS Snowball Edge
AWS Snowmobile

A

AWS Snowball Edge.

AWS Snowmobile is incorrect because this is primarily used to migrate tens of petabytes to exabytes of data in batches to the cloud.

AWS Snowcone is incorrect. Although it is a data transport solution like Snowball Edge, it is not suitable for moving terabytes to petabytes of data. Take note that the usable storage for Snowcone is only 8 TB.

Lambda@Edge is incorrect because this is just a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is the most secure way to provide applications temporary access to your AWS resources?

Create an IAM policy that allows the application to access the resources, and attach the policy to the application
Create an IAM role and have the application assume the role
Create an IAM group that has access to the resources, and add the application there
Create an IAM user with access keys and assign it to the application

A

Create an IAM role and have the application assume the role.

The option that says: Create an IAM user with access keys and assign it to the application is incorrect because an IAM User is primarily used for long-term credentials, not for temporary access.

The option that says: Create an IAM group that has access to the resources, and add the application there is incorrect because an IAM Group does not provide temporary access credentials.

The option that says: Create an IAM policy that allows the application to access the resources, and attach the policy to the application is incorrect because IAM policies are not entities that have credentials in AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which of the following actions will AWS charge you for?

Network charges for the transfer of data from your data center to S3 through a VPN
Provisioning elastic IPs and attaching them to running EC2 instances
Setting up additional VPCs in your account
Transfer of EC2 files between two AWS Regions

A

Transfer of EC2 files between two AWS Regions.

The option that says: Network charges for the transfer of data from your data center to S3 through a VPN is incorrect because the data coming in from your data center to AWS does not incur you charges.

The option that says: Provisioning Elastic IPs and attaching them to running EC2 instances is incorrect because Elastic IPs are only charged if they are not attached to running instances.

The option that says: Setting up additional VPCs in your account is incorrect because VPCs are free to use in AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which of the following actions will AWS charge you for?

Network charges for the transfer of data from your data center to S3 through a VPN
Provisioning elastic IPs and attaching them to running EC2 instances
Setting up additional VPCs in your account
Transfer of EC2 files between two AWS Regions

A

Transfer of EC2 files between two AWS Regions.

The option that says: Network charges for the transfer of data from your data center to S3 through a VPN is incorrect because the data coming in from your data center to AWS does not incur you charges.

The option that says: Provisioning Elastic IPs and attaching them to running EC2 instances is incorrect because Elastic IPs are only charged if they are not attached to running instances.

The option that says: Setting up additional VPCs in your account is incorrect because VPCs are free to use in AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

A company wants to launch a Microsoft SQL Server database in AWS. The database instance should only be managed by the company’s DBA and must be accessible via RDP. A standard license for SQL Server is required but the company is not yet sure how much CPU and memory to allocate to the database.

Which option gives the most convenience and flexibility to determine the best database size while still being cost-effective?

Launch an Amazon Aurora database that runs MS SQL Server. Buy a Standard MSSQL license from the AWS License Manager service.
Use a Windows Server with SQL Server Standard bundled AMI so you won’t need to buy and manage your own license.
Launch an RDS instance that runs MS SQL Server Standard. Purchase a Standard MSSQL license and store it in the AWS Managed Services (AMS).
Launch an EC2 instance and install MS SQL Server. Purchase a Standard MSSQL license from Microsoft and apply it to the database you installed.

A

Use a Windows Server with SQL Server Standard bundled AMI so you won’t need to buy and manage your own license.

The option that says: Launch an EC2 instance and install MS SQL Server. Purchase a Standard MSSQL license from Microsoft and apply it to the database you installed is incorrect since this is not the most convenient method of launching an MS SQL Server in AWS. You typically use this solution if you already have a SQL Server license and you prefer to BYOL (bring your own license).

The option that says: Launch an RDS instance that runs MS SQL Server Standard. Purchase a Standard MSSQL license and store it in the AWS Managed Services (AMS) is incorrect. It is explicitly stated in the scenario that the database instance should only be managed by the company’s DBA and must be accessible via RDP. You cannot directly establish an RDS connection to an Amazon RDS database. In addition, Amazon RDS costs more than Amazon EC2 because the infrastructure is managed by AWS.

The option that says: Launch an Amazon Aurora database that runs MS SQL Server. Buy a Standard MSSQL license from the AWS License Manager service is incorrect since Amazon Aurora does not support MS SQL Server. Moreover, you cannot directly buy software licenses from the AWS License Manager service. This is just used to easily manage your software licenses from various vendors such as Microsoft, SAP, Oracle, and IBM across AWS and on-premises environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Which of the following is true regarding the Business support plan in AWS?

Provides a 1-hour response time support if your production system got impaired
Provides a 15-minute response time support if your business-critical system goes down
Provides a 15-minute response time support if your production system goes down
Provides a 1-hour response time support if your production system goes down

A

Provides a 1-hour response time support if your production system goes down.

The option that says: Provides a 15-minute response time support if your production system goes down is incorrect because the Business support plan only provides a 1-hour response time and not 15 minutes.

The option that says: Provides a 15-minute response time support if your business-critical system goes down is incorrect because this high level of support is only available for Enterprise support plan.

The option that says: Provides a 1-hour response time support if your production system got impaired is incorrect because the Business support plan only gives you a 4-hour response time and not an hour in the event that your production system got impaired.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Agility is one of the benefits of using cloud computing that provides customer with what advantage?

Allows you to trade capital expense for variable expense.
Avoid overprovisioning of your infrastructure to ensure you have enough capacity to handle your business operations at the peak level of activity.
Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.
Easily deploy your application in multiple physical locations around the world with just a few clicks.

A

Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Agility is one of the benefits of using cloud computing that provides customer with what advantage?

Allows you to trade capital expense for variable expense.
Avoid overprovisioning of your infrastructure to ensure you have enough capacity to handle your business operations at the peak level of activity.
Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.
Easily deploy your application in multiple physical locations around the world with just a few clicks.

A

Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which of the following statements is true for AWS CloudTrail?

CloudTrail is disabled by default for newly created AWS accounts
When you create a trail in the AWS Management Console, the trail applies to all AWS Regions by default
CloudTrail charges you for every management event trail created
CloudTrail is able to capture application error logs from your EC2 instances

A

When you create a trail in the AWS Management Console, the trail applies to all AWS Regions by default.

The option that says: CloudTrail is disabled by default for newly created AWS accounts is incorrect because AWS CloudTrail is now enabled by default for ALL CUSTOMERS and will provide visibility into the past seven days of account activity without the need for you to configure a trail in the service to get started.

The option that says: CloudTrail is able to capture application error logs from your EC2 is incorrect because CloudTrail actually does not capture error logs in your EC2 instances. You may instead use CloudWatch Logs for this purpose.

The option that says: CloudTrail charges you for every management event trail created is incorrect because actually, CloudTrail does not charge you for your first management trail, but only the additional management trails you create after the first one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Which service lets you create rules to filter web traffic based on conditions that include IP addresses, HTTP headers, or custom URIs?

AWS Trusted Advisor
Network ACLs
Security Group
AWS WAF

A

AWS WAF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Which of the following best describes what an account alias is in IAM?

Your IAM root username
The name AWS assigns to your account
The numerical value of your account ID
A substitute for an account ID in the web address for your account

A

A substitute for an account ID in the web address for your account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

A company is using Amazon S3 to store their static media contents such as photos and videos. Which of the following should you use to provide specific users access to the bucket?

SSH key
Security Group
Network Access Control List
Bucket Policy

A

Bucket Policy.

Security Group is incorrect because this is primarily used as a virtual firewall for your EC2 instances, and not S3 buckets, to control inbound and outbound traffic.

SSH key is incorrect because this is only used if you want to establish an SSH connection to your EC2 instances and not for S3 buckets.

Network Access Control List is incorrect because this is just an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. This has nothing to do with providing users access to your S3 bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What is the best way to keep track of all activities made in your AWS account?

Set up MFA logging to know who is currently in your environment
Use Amazon CloudWatch Logs to log all activities
Create a multi-region trail in AWS CloudTrail
Use LDAP authentication on your AWS account

A

Create a multi-region trail in AWS CloudTrail.

Using Amazon Cloudwatch Logs is incorrect since this service is not related to user actions in your account. CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service.

Setting up MFA is incorrect because it will not tell you exactly who performed what in your AWS account.

Using LDAP authentication on your AWS account is incorrect because not all company supports it. Access logging can be done from the company’s side however, this cannot capture the actions performed within the AWS account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Which of the following is true if you store your data in AWS?

You are the owner of the data you store in AWS
AWS has the right to review any data stored for potential threats
All data are stored durably and redundantly in different AZs
Encryption is required for all data at rest and in transit

A

You are the owner of the data you store in AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Which of the following security group rules are valid? (Select TWO.)

Outbound HTTPS rule with hostname as destination
Outbound MYSQL rule with IP address as source
Inbound HTTP rule with security group ID as source
Inbound TCP rule with instance ID as source
Inbound RDP rule with an address range as source

A

Inbound HTTP rule with security group ID as source and Inbound RDP rule with an address range as source.

Inbound TCP rule with instance ID as source and Outbound HTTPS rule with hostname as destination are both incorrect because Instance IDs or hostnames are not valid values.

Outbound MYSQL rule with IP address as source is incorrect because the source cannot be modified. Since it is outbound, you should specify the allowed destination instead.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Customer wants to further secure his network beyond security groups and network access control lists. Which of the services below can be used to provide the additional security features? (Select TWO.)

Amazon SQS
AWS WAF
AWS Key Management Service
Amazon GuardDuty
AWS Single Sign-On
A

– Amazon GuardDuty

– AWS WAF

Amazon SQS is incorrect because this is not a security service. This is a messaging service that allows you to decouple applications and provides more durability for your messages.

AWS Single Sign-On is incorrect because this service only allows you to centrally manage SSO access to multiple AWS accounts and business applications. SSO does not protect your network from potential security threats, but it does provide additional access security for your AWS account.

AWS KMS or Key Management Service is incorrect because this is a central repository for encryption keys in your account. It is not used to protect your network from potential security threats. KMS is useful if you have data that you need to encrypt, and you want a central location where you can manage your keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

You noticed that you cannot reach one of your EC2 web servers behind an ELB whenever you enter the DNS name of your load balancer. Which of the following should you first check to gain more insight on the issue?

AWS Config
Amazon CloudWatch
AWS CloudTrail
ELB Health Check

A

This is verified by the ELB health checks that you can see in your ELB dashboard, which determines whether an instance is healthy or not.

Amazon CloudWatch is incorrect because this is just used to monitor your AWS resources and collect information in the form of logs, metrics, and events. Although this service can prove useful for investigation, it is not the first thing you should check in this scenario.

AWS CloudTrail is incorrect because this simply provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. Although this service can prove useful for investigation, it is not the first thing you should check in this scenario.

AWS Config is incorrect because it just continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. This service will not help you very much in your investigation of the issue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Which of the following services allows you to purchase Reserved Instances? (Select TWO.)

AWS Elastic Beanstalk
AWS Batch
Amazon EKS
Amazon EC2
Amazon RDS
A

Amazon EC2 and RDS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

In which of the following occasions should you use the Amazon SQS in your application system? (Select TWO.)

When your application requires the use of industry-standard messaging protocols for message delivery
If you require a durable storage for your application events or messages
When you have to automate certain tasks in your workflow
If you need to decouple certain parts of your system for better fault tolerance
If you need to submit push notifications to your event subscribers

A

– If you need to decouple certain parts of your system for better fault tolerance

– If you require a durable storage for your application events or messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Which of the following infrastructure correlates to a VPC’s subnet?

Availability zone
Region
Edge location
Server

A

Each subnet must reside entirely within one Availability Zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

How can you easily and securely copy your infrastructure to another AWS Region?

Take an EBS snapshot on all your storage devices and copy them to the new region
Create a golden AMI which you can use to redeploy your instances to the new region
Enable RDS multi-AZ to have a similar database instance running in the new region
Create a CloudFormation template and deploy it in the new region

A

Create a CloudFormation template and deploy it in the new region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

You wish to host a static website of your own in AWS at a low cost. Which service should be used for this purpose?

Amazon EC2
Amazon S3 Standard
Amazon Elastic Load Balancer
Amazon S3 Infrequent Access

A

Amazon S3 Standard.

Amazon EC2 is incorrect because using this will not be as cost-effective as using Amazon S3 Standard for static website hosting. This is because there are other costs to consider when using EC2 instances, such as EBS volumes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

You have a fleet of on-premises servers that require a centralized scalable and durable file storage. It should be able to support massive parallel access. Which of the following is the most appropriate service to use?

Amazon S3
Amazon Storage Gateway – File Gateway
Amazon EFS
Amazon Redshift

A

Amazon EFS is the correct answer.

Amazon S3 is incorrect. First, it is meant specifically for object storage, and second, EFS can serve a fleet of EC2 instances better than S3 as file storage.

Amazon Storage Gateway is incorrect because this service simply provides a file interface into Amazon Simple Storage Service (Amazon S3) and is a combination of storage service and a virtual software appliance. This service is meant for local software hosted on your on-premises data center which requires connection to S3. It is not meant to serve a fleet of EC2 instances.

Amazon Redshift is incorrect because this is a data warehousing service offered by AWS. It cannot be used for file storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Which of the following practices demonstrate operational excellence in AWS cloud? (Select TWO.)

Use serverless applications such as AWS Lambda
Perform monthly game days on your AWS environment
Monitor EC2 metric consumption and adjust the instance type accordingly
Launching your infrastructure manually via the Console
Deploy small, incremental changes to your production servers using AWS CodeDeploy

A

Deploy small, incremental changes to your production servers using AWS CodeDeploy and Perform monthly game days on your AWS environment.

The option that says: Launching your infrastructure manually via the console is incorrect because this is not a notable best practice under operational excellence. In the cloud, it is preferred to automate majority of the tasks to achieve a predictable and constant result.

The option that says: Using serverless applications such as AWS Lambda is incorrect because this is more of a design principle that focuses on performance efficiency and not operational excellence. Serverless is a very useful tool that steers away from traditional server management and lets you focus more on your applications and services.

The option that says: Monitoring EC2 consumption and adjusting your instance type accordingly is incorrect because this is more related to the performance efficiency pillar. Underprovisioned instances need to be scaled up to deliver better performance. Overprovisioned instances need to be scaled down to save on costs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Your organization would like to boost productivity by improving business communication channels and customer service experience. Which of the following AWS applications would you suggest? (Select TWO.)

Amazon Connect
AWS Transfer Family
Amazon Chime
Amazon Workspaces
AWS Marketplace
A

– Amazon Chime

– Amazon Connect

AWS Transfer Family is incorrect because this tool is used for recurring business-to-business file transfers to Amazon S3 and Amazon EFS using SFTP, FTPS, and FTP protocols.

AWS Marketplace is incorrect because this is a sales channel for ISVs and Consulting Partners to sell their solutions to AWS customers.

Amazon Workspaces is incorrect because this is a fully managed desktop virtualization service for Windows and Linux, and is not related to business communications or customer service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Which of the following is the most cost-effective service to use if you want to coordinate multiple AWS services into serverless workflows?

Amazon SWF
AWS Lambda
AWS Step Functions
AWS Batch

A

AWS Step Functions provides serverless orchestration for modern applications.

Amazon SWF is incorrect because it is just a fully-managed state tracker and task coordinator service. It does not provide serverless orchestration to multiple AWS resources.

AWS Lambda is incorrect because although this service is used for serverless computing, it does not provide a direct way to coordinate multiple AWS services into serverless workflows.

AWS Batch is incorrect because this is primarily used to efficiently run hundreds of thousands of batch computing jobs in AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Which of the following should you set up in order to connect your AWS VPC network to your local network via an IPsec tunnel?

An on-premises NAT gateway device connected to your VPC’s Internet Gateway
A VPN gateway in your VPC connected to the Customer Gateway in your on-premises network
A NAT gateway in your private subnet connected to your on-premises network
VPC Peering connection between your on-premises network and VPC

A

An Amazon VPC VPN connection links your data center (or network) to your Amazon Virtual Private Cloud (VPC)

The option that says: VPC Peering connection between your on-premises network and VPC is incorrect because VPC Peering connects two different VPCs for inter-VPC communication. It does not connect your local network via IPsec VPN.

The option that says: A NAT gateway in your private subnet connected to your on-premises network is incorrect because a NAT Gateway is primarily used to allow EC2 instances launched in your private subnet to be able to connect to the public Internet, but disallows external servers to establish Internet connection to the VPC.

The option that says: An on-premises NAT gateway device connected to your VPC’s Internet Gateway is incorrect because as mentioned above, a NAT Gateway is not a suitable service/network device to be used here.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Which of the following provides you access to Reserved Instance (RI) purchase recommendations based on your past usage and indicate potential opportunities for savings as compared to On-Demand usage?

AWS Budgets
AWS Cost Explorer
AWS Cost and Usage report
AWS Billing Dashboard

A

AWS Cost Explorer.

AWS Billing Dashboard, AWS Budgets, and AWS Cost and Usage report are all incorrect since these tools do not provide Reserved Instance (RI) purchase recommendations, unlike AWS Cost Explorer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

What service acts as a firewall for your EC2 instances?

VPC
Elastic Network Interface
Security Group
Network ACL

A

security Group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Which AWS service lets you provision either Windows or Linux desktops in just a few minutes and can scale easily to provide thousands of desktops to workers?

Amazon Workspaces
AWS Systems Manager
AWS Cloud9
AWS Organizations

A

Amazon WorkSpaces is a managed, secure Desktop-as-a-Service (DaaS) solution where you provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe.

AWS Cloud9 is incorrect because this is simply a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. It includes a code editor, debugger, and terminal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Which type of Elastic Load Balancer allows you to forward the incoming request to a target group with a Lambda function as a target?

Application Load Balancer
Network Load Balancer
Classic Load Balancer
Gateway Load Balancer

A

Application Load Balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Which of the following services allow you to mask downtime of your application by rerouting your traffic to healthy instances? (Select TWO.)

Amazon Route 53
AWS ELB
VPC Route tables
AWS App Mesh
AWS EC2 Auto Scaling
A

AWS ELB and Amazon Route 53 help mask downtime by redirecting traffic to your healthy instances and allowing failover to your secondary systems. This is achieved through a combination of different health checks, routing policies, and failover policies.

AWS EC2 Auto Scaling, and VPC Route Tables do not help mask downtime by rerouting traffic to healthy backend servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

How can your RDS production instances be more cost-effective when they will be used for a long period of time?

You can stop your RDS instances when idle to prevent AWS from charging you during this time
You can easily backup, terminate, and restore RDS instances when you need them
You can avail of reserved instances to get discounts on your instance costs
AWS does not charge you when your RDS is idle

A

Amazon RDS Reserved Instances give you the option to reserve a DB instance for a one or three year term and in turn receive a significant discount compared to the On-Demand Instance pricing for the DB instance.

The option that says: You can stop your RDS instances when idle to prevent AWS from charging you during this time is not the best way to save money as it entails more effort than required to do so. It is still better to opt for reserved instances for your RDS database cluster instead.

The option that says: You can easily backup, terminate, and restore RDS instances when you need them is not the best solution. There is too much effort involved.

The option that says: AWS does not charge you when your RDS is idle is incorrect. Idle time or not, once your RDS instance is running, AWS charges you for it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

You have a large number of log files that will be archived in AWS for a long time and should have a retrieval time of 12 hours or less. Which service is the most cost-effective storage class for this purpose?

Amazon S3 Glacier Deep Archive
Amazon S3 Standard-IA
Amazon S3 Glacier
Amazon EBS Cold HDD

A

S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class and supports long-term retention and digital preservation for data that may be accessed once or twice in a year.

Amazon S3 Standard-IA is incorrect because this costs more than Glacier and Glacier Deep Archive. This storage type takes into consideration that you will still need to retrieve your objects in a timely manner, although infrequently.

Amazon S3 Glacier is incorrect because it is already mentioned in the scenario that the retrieval option should be within 12 hours and thus, Glacier Deep Archive can provide a more cost-effective option than the Glacier class including the capability to retrieve the data within the mentioned timeframe.

Amazon EBS Cold HDD is incorrect because this is not the best nor the cheapest choice for archival. You use Cold HDD if you have infrequent workloads that require consistent throughput. EBS volumes need to be used along with EC2 instances for you to have access to the files stored in it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Which service in AWS supports various business intelligence tools such as Apache Spark so that you may perform data transformation workloads (ETL) and analytics at a low cost?

Amazon OpenSearch
Amazon Redshift
Amazon EMR
Amazon RDS

A

Amazon EMR is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data.

81
Q

You are planning to deploy a video streaming application with frequently accessed, throughput-intensive workloads to your EC2 instance which requires fast, consistent throughput. What EBS volume type should you use to maximize performance as well as cost?

General Purpose SSD
Provisioned IOPS SSD
Cold HDD
Throughput Optimized HDD

A

Throughput Optimized HDD

Provisioned IOPS SSD is incorrect because this is not the most cost-effective EBS type and is primarily used for critical business applications that require sustained IOPS performance.

General Purpose SSD is incorrect because although this volume balances price and performance for a wide variety of workloads, it is not suitable for frequently accessed, throughput-intensive workloads. Throughput Optimized HDD is a more suitable option to use than General Purpose SSD.

Cold HDD is incorrect because although this one provides the lowest cost among all other options, it is much suitable for less frequently accessed workloads.

82
Q

Which service in AWS allows you to host your own Puppet Enterprise infrastructure?

AWS Service Catalog
AWS Elastic Beanstalk
AWS CloudFormation
AWS Opsworks

A

AWS Opsworks

83
Q

What service should you use in order to add user sign-up, sign-in, and access control to your mobile app with a feature that supports sign-in with social identity providers such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0?

Amazon Cognito
AWS Directory Service
AWS Identity and Access Management (IAM)
AWS Single Sign-On (SSO)

A

Amazon Cognito

84
Q

Where can you track the costs you’ve incurred so far in your AWS account with a graphical visualization?

AWS Consolidated Billing
AWS Cost Explorer
AWS Cost and Usage Reports
AWS Budgets

A

The AWS Cost Explorer service has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time

AWS Cost & Usage Report is incorrect because this simply lists AWS usage for each service category used by an account and its IAM users in hourly or daily line items, as well as any tags that you have activated for cost allocation purposes.

85
Q

Which of the following is a continuous delivery service that you should use to automate your release pipelines for fast and reliable application and infrastructure updates?

AWS CodePipeline
AWS CodeCommit
Amazon Data Pipeline
AWS CodeDeploy

A

AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates

Amazon Data Pipeline is incorrect because this service is primarily used for data workflow orchestration which helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals. This has nothing to do with application release pipelines which is what AWS CodePipeline handles.

AWS CodeCommit is incorrect because this is just a fully-managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories.

86
Q

Which of the following services will be able to reroute traffic to your secondary EC2 instances in another region during disaster recovery?

Amazon VPC
Amazon Route 53
VPC Peering
AWS ELB

A

Amazon Route 53

Both Amazon VPC and VPC Peering are incorrect because they don’t do any kind of failover rerouting procedure during a disaster.

AWS ELB is incorrect. If the ELB itself were to fail then no traffic would reach your servers at all.

87
Q

________ is AWS’s digital user engagement service that enables AWS customers to effectively communicate with their end users and measure user engagement across multiple channels including email, Text Messaging (SMS) and Mobile Push Notifications.

Amazon Pinpoint
Amazon Simple Notification Service
Amazon SNS Mobile Push
Amazon Simple Email Service

A

Amazon Pinpoint is AWS’s Digital User Engagement Service that enables AWS customers to effectively communicate with their end-users and measure user engagement across multiple channels including email, Text Messaging (SMS) and Mobile Push Notifications.

88
Q

Tutorials Dojo would like to test their new mobile app on multiple devices at once in a coordinated fashion using AWS. Which of the following services will help speed up the process? (Select TWO.)

AWS Device Farm
Amazon Lumberyard
AWS Ground Station
AWS Mobile Hub
AWS Security Bulletin
A

– AWS Device Farm

– AWS Mobile Hub

AWS Ground Station is incorrect since this service is for controlling satellite communications and processing data using satellites.

Amazon Lumberyard is incorrect because this is a game engine service for creating games. Take note that you need to test out a new mobile app on multiple devices. Therefore, this service won’t help you accomplish the task.

AWS Security Bulletin is incorrect because this AWS service is a security announcement provider service. This means that you can’t use this service to test mobile apps on multiple devices.

89
Q

Which of the following are defined as global services in AWS? (Select TWO.)

Amazon CloudFront
Amazon RDS
AWS Batch
Amazon DynamoDB
AWS Identity and Access Management
A

– AWS Identity and Access Management

– Amazon CloudFront

90
Q

What cloud computing model deals with services such as EC2 instances?

IaaS
PaaS
SaaS
DBaaS

A

Infrastructure as a Service (IaaS)

91
Q

Which of the following are regarded as regional services in AWS? (Select TWO.)

Amazon EFS
AWS Security Token Service
Amazon Route 53
AWS Batch
Amazon EC2
A

AWS Batch is a regional service that simplifies running batch jobs across multiple Availability Zones within a region.
Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability.

AWS Security Token Service and Amazon Route 53 are incorrect because these are considered as global services.

Amazon EC2 is incorrect because this is considered as a zonal service

92
Q

Due to a high number of visitors, many customers are timing out from your website which is running in an Auto Scaling group of EC2 instances behind an ELB. Upon checking, the Auto Scaling group has stopped adding new instances to your group.

Which of the following Trusted Advisor categories will give you more insight on this issue? (Select TWO.)

Security
Performance
Service Limits
Fault Tolerance
Cost Optimization
A

Performance

Service Limits

93
Q

Which among the options below can you use to launch a new Amazon RDS database cluster to your VPC? (Select TWO.)

AWS Systems Manager
AWS CloudFormation
AWS CodePipeline
AWS Concierge
AWS Management Console
A

– AWS Management Console

– AWS CloudFormation

AWS Concierge is incorrect because this is actually a senior customer service agent who is assigned to your account when you subscribe to an Enterprise or qualified Reseller Support plan.

94
Q

You have a customized EC2 instance running your latest web application. How can you create an exact copy of this instance in another region?

A

Create a golden AMI of the instance and copy it to the other region.

95
Q

A customer has a popular website that has millions of viewers from all over the world and has read-heavy database workloads. Which of the following is the best option to use to increase the read throughput on their database?

Enable Multi-AZ deployments
Enable Amazon RDS Standby Replicas
Enable Amazon RDS Read Replicas
Use SQS to queue up the requests

A

Amazon RDS Read Replicas

The option that says: Enable Multi-AZ deployments is incorrect because the Multi-AZ deployments feature is mainly used to achieve high availability and failover support for your database.

The option that says: Enable Amazon RDS Standby Replicas is incorrect because a Standby replica is used in Multi-AZ deployments and hence, it is not a solution to reduce read-heavy database workloads.

96
Q

Which AWS storage service offers faster disk read and write performance and provides temporary block-level storage for your instance?

EBS Provisioned IOPS SSD
EBS Throughput Optimized HDD
EFS
Instance Store

A

An instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer

97
Q

Which of the following services should you provision if your local data center requires additional storage space without having to migrate data?

AWS Direct Connect
AWS Storage Gateway
AWS Snowball Edge
AWS Backup

A

AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.

98
Q

A company has a hybrid cloud architecture where their on-premises data center interacts with their cloud resources in AWS. Which of the following services in AWS can you use to deploy a web application to the servers running on-premises? (Select TWO.)

AWS CodeDeploy
AWS Elastic Beanstalk
AWS OpsWorks
AWS Batch
AWS CloudFormation
A

AWS OpsWorks and AWS CodeDeploy.

AWS CloudFormation and AWS Elastic Beanstalk are incorrect because these services can only deploy applications to your AWS resources

99
Q

What type of EBS volume is recommended for most workloads and is also usable as a boot volume?

Throughput Optimized HDD
Provisioned IOPS SSD
General Purpose SSD
Cold HDD

A

General Purpose SSD

100
Q

Which AWS well-architected pillar stresses the importance of selecting the most appropriate and right number of resource types for your requirements?

Performance Efficiency
Reliability
Operational Excellence
Cost optimization

A

Cost optimization

Performance efficiency is incorrect because this pillar focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.

Operational Excellence is incorrect because this pillar focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.

101
Q

What AWS service can monitor the compliance status of your AWS resources against a set of compliance guidelines?

AWS Artifact
AWS Config
Amazon CloudWatch
AWS IAM

A

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

102
Q

Which AWS service allows me to patch my Windows EC2 instances without having to RDP into them?

AWS CloudFormation
AWS CodeDeploy
AWS Systems Manager
Amazon Simple Workflow

A

AWS Systems Manager allows you to centralize operational data from multiple AWS services and automate tasks across your AWS resources.

103
Q

Which of the following RDS engines allows you to bring your own license (BYOL)?

PostgreSQL
MS SQL
MySQL
Oracle

A

Oracle

104
Q

If you are tasked to create a lightweight Wordpress site in AWS without having to install the package on your own, which PaaS solution in AWS will allow you to do this easily?

Amazon Lightsail
AWS Glue
Amazon GameLift
AWS Elastic Beanstalk

A

Amazon Lightsail is a PaaS solution for users who need a simple virtual private server (VPS) solution. Lightsail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud.

Amazon Elastic Beanstalk is another PaaS solution of AWS. This is not the correct answer, however, because you would have to deploy and set up your own WordPress application first. Elastic Beanstalk does not offer a simple solution to quickly set up a functional WordPress website in minutes, unlike Lightsail.

Amazon GameLift is incorrect because you can’t use this service to deploy applications. Amazon GameLift is a dedicated game server hosting solution that deploys, operates, and scales cloud servers for multiplayer games.

AWS Glue is incorrect because this is a serverless ETL (extract, transform, and load) service that makes it simple and cost-effective to categorize your data, clean it, enrich it, and move it reliably between various data stores and data streams. This service is not for setting up a WordPress site.

105
Q

A customer is using Amazon S3 to store sprites of game characters. When players retrieve these sprites, they are temporarily stored on the player’s computer. The sprites are currently stored in the S3 Standard storage class. Which of the following options would you recommend to optimize storage costs?

Add a lifecycle policy to move sprites to S3 Standard – Infrequent Access after the customer uploads them.
Add a lifecycle policy to move sprites to S3 Glacier after the customer uploads them.
Have the customer compress the sprites to reduce storage consumption.
Have the customer directly upload the sprites to S3 Standard – Infrequent Access.

A

Have the customer directly upload the sprites to S3 Standard – Infrequent Access.

Sprites are rarely accessed (and after accessing them they are stored on the user’s phone).

Add a lifecycle policy to move sprites to S3 Standard – Infrequent Access after the customer uploads them is not necessary since you can store the objects directly to S3 Standard-IA.

106
Q

Availability Zones are physically separated by a meaningful distance from any other AZ, although all are within 100 km or 60 miles of each other. What is the primary reason why Availability Zones are set up the way they are now?

Price of the land is cheaper in those locations
To keep them as far apart from each other in case of a disaster
To achieve better network connectivity to users in the location
To maximize area coverage in a Region

A

To keep them as far apart from each other in case of a disaster

107
Q

Which of the following is true regarding the AWS Cost and Usage report? (Select TWO.)

Provides you a dashboard that lets you view the status of your month-to-date AWS expenditure and provides access to a number of other cost management products that can help you dig deeper into your AWS costs and usage

Provides you with granular data about your AWS costs and usage
Lets you set custom cost and usage budgets that alert you when those thresholds are exceeded

Allows you to load your cost and usage information into Amazon Athena, Amazon Redshift, and AWS QuickSight

Helps you visualize, understand, and manage your AWS costs and usage over time via an intuitive interface that enables you to quickly create custom reports

A

– Provides you with granular data about your AWS costs and usage

– Allows you to load your cost and usage information into Amazon Athena, Amazon Redshift, and AWS QuickSight

108
Q

Which of the following actions does not affect costs when using Amazon S3?

Making GET requests to your S3 objects
Choosing S3 Standard IA rather than One Zone IA
Data transfer costs for uploading objects into your S3 bucket.
Moving objects out of your S3 bucket to another bucket

A

: Data transfer costs for uploading objects into your S3 bucket.

109
Q

What is an advantage of cloud computing when it comes to equipment expenditures?

AWS makes sure that physical devices are continuously secured and monitored.
You can easily scale and manage the number of resources running in your cloud environment.
AWS introduces cost reductions each year in their services.
AWS uses the cheapest possible equipment for their data centers so that they do not charge expensive fees.

A

AWS introduces cost reductions each year in their services.

110
Q

You have an Amazon Linux EC2 instance running for an hour and thirty minutes. How will AWS bill you in terms of usage?

You will only be billed for an hour according to the hourly billing rule
You will be billed for one hour and thirty minutes according to the hourly billing rule
You will be billed for an hour and thirty minutes according to the per-second billing rule
You will be billed for an hour and twenty-nine minutes according to the per second billing rule

A

Amazon Linux instances are now billed in a per-second duration. With per-second billing, you pay for only what you use.

111
Q

What is the lowest support plan that allows an unlimited number of technical support cases to be opened?

Developer
Basic
Business
Enterprise

A

Developer

112
Q

In implementing continuous integration and continuous delivery (CI/CD) in your cloud architecture, which service will make it easy for you to set up your entire development and continuous delivery toolchain for coding, building, testing, and deploying your application code?

AWS CodeCommit
AWS CodeStar
AWS CodeBuild
AWS CodePipeline

A

With AWS CodeStar, you can set up your entire continuous delivery toolchain in minutes, allowing you to start releasing code faster.

AWS CodeBuild is incorrect because this is just a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy.

AWS CodeCommit is incorrect because this is simply a fully-managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories.

AWS CodePipeline is incorrect because this basically helps you automate your release pipelines for fast and reliable application and infrastructure updates. It doesn’t provide an entire development and continuous delivery toolchain for coding, building, testing, and deploying your application code, unlike AWS CodeStar.

113
Q

Which of the following does the Enterprise support plan provide to customers in AWS? (Select TWO.)

Limited access to the 7 Core Trusted Advisor checks
15-minute response time support if your production system goes down
Proactive Technical Account Management
Access to online self-paced labs
5-minute response time support if your business-critical system goes down

A

Proactive Technical Account Management
Access to online self-paced labs

The option that says: Limited access to the 7 Core Trusted Advisor checks is incorrect because the Enterprise support plan has access to the full set of Trusted Advisor checks.

The option that says: 15-minute response time support if your production system goes down is incorrect because the Enterprise support plan actually provides a 1-hour response time for this kind of incident.

The option that says: 5-minute response time support if your business-critical system goes down is incorrect because the Enterprise support plan actually provides a 15-minute response time for this type of outage.

114
Q

A startup is in need of a database that is capable of self-healing and has a high throughput. Which of the following services fits these criteria?

Amazon Aurora
Amazon RDS
Amazon Redshift
Amazon DynamoDB

A

Amazon Aurora

Amazon RDS is incorrect. Although it is similar to Amazon Aurora such that they are both SQL databases, RDS does not have self-healing capabilities.

Amazon DynamoDB and Amazon Redshift are both incorrect since these services are not self-healing databases. Amazon Redshift is considered more as a data warehouse rather than a database.

115
Q

What type of service is AWS Elastic Beanstalk?

IaaS
PaaS
DBaaS
SaaS

A

Platform as service - PaaS services include AWS Elastic Beanstalk, which provides you a platform to launch your applications, while the service prepares all the necessary infrastructure to run your application.

116
Q

What are the benefits of using Amazon DynamoDB as your database? (Select TWO.)

DynamoDB offers 11 9’s in terms of durability, according to the SLA
You can perform very complex queries and joins without deterioration in performance
DynamoDB is self-healing, which means your data is scanned for errors and is repaired continuously
Database size scales automatically so you won’t have to worry about capacity
You can store different kinds of unstructured data that would normally not be suitable for relational databases

A

– Database size scales automatically so you won’t have to worry about capacity

– You can store different kinds of unstructured data that would normally not be suitable for relational databases

The option that says: DynamoDB is self-healing, which means your data is scanned for errors and is repaired continuously is incorrect because DynamoDB is not a self-healing database and it doesn’t automatically scan or repair your data. An example of a self-healing database in AWS is Amazon Aurora in which the concept of “self-healing” relates to the underlying infrastructure.

The option that says: DynamoDB offers 11 9’s in terms of durability, according to the SLA is incorrect because it does not offer 11 9’s in durability, unlike Amazon S3.

The option that says: You can perform very complex queries and joins without deterioration in performance is incorrect because usually, with NoSQL databases, you would not perform complex queries due to the unstructured formatting of your data. Complex queries are better performed in SQL databases due to predictable structuring.

117
Q

A number of servers in your on-premises data center have been collecting dust over the past few years. What is the benefit of moving to the Cloud in this case?

AWS has automated services for you
Physical servers are managed and maintained by AWS for you
The ability to provision resources only when you need them
The ability to pay for only what you use

A

The ability to provision resources only when you need them

118
Q

Which of the following advantages of cloud computing describes the continual price reduction of AWS services?

Trade capital expense for variable expense
Stop guessing capacity
Benefit from massive economies of scale
Stop spending money running and maintaining data centers

A

Benefit from massive economies of scale

119
Q

Which of the following services simplifies contact center operations, improves agent efficiency, lowers costs, and can scale to support millions of customers?

Amazon WorkSpaces
AWS Direct Connect
Amazon Lex
Amazon Connect

A

Amazon Connect.

Amazon Lex is incorrect because this is just a service for building conversational interfaces into any application using voice and text.

120
Q

A developer needs to install their application in Docker containers. Which of the following services eliminates the need to manage containers manually?

Amazon EC2
Amazon FSx
AWS Fargate
Amazon ECS

A

AWS Fargate is a serverless compute engine for containers.

Amazon FSx is incorrect because this is primarily used as a file system for Windows-based applications.

Amazon ECS is incorrect because by using this service, you still need to manage your own EC2 instances where your containers are hosted.

Amazon EC2 is incorrect since you still need to provision and manage your Docker containers that are hosted in these EC2 instances.

121
Q

Which of the following cost management capabilities does AWS immediately provide you even before you create your AWS account?

Allows you to organize your resources according to your own cost allocation tagging strategy.
Allows you to estimate your monthly spending in AWS.
Allows you to create monthly reports on the cost behavior of your resources.
Allows you to request billing discounts in exchange for a committed level of instance usage.

A

Allows you to estimate your monthly spending in AWS.

122
Q

What is the cloud computing model for services like Amazon RDS and Amazon ECS?

FaaS
SaaS
IaaS
PaaS

A

PaaS - you don’t need to worry about setting up servers, storage, and network. You only manage the application and the data.

123
Q

A customer plans to use Amazon S3 to store their less frequently accessed data and reduce their costs. The data is re-creatable and will be used as a secondary backup. They also require S3’s low latency and high throughput performance. Which of the following storage classes is the cheapest and most suitable option?

S3 Standard
S3 Glacier Deep Archive
S3 Glacier
S3 One Zone-IA

A

S3 One Zone-IA is for data that is accessed less frequently but requires rapid access when needed.

S3 Standard is incorrect because it is not the cheapest option available.

S3 Glacier and S3 Glacier Deep Archive are both incorrect because they are designed for low-cost data archiving. These storage classes have retrieval options that take from a few minutes to hours.

124
Q

Which of the following support plans provides access to the AWS Personal Health Dashboard?

Developer, Business, Enterprise
Basic, Developer, Business
Basic, Developer, Business, Enterprise
Basic, Business, Enterprise

A

Basic, Developer, Business, Enterprise

125
Q

A company is using Cost Explorer to gain an understanding of its cost trends in AWS. How many months of historical data can Cost Explorer store and display?

12 Months
6 Months
15 Months
3 Months

A

12 Months

126
Q

A customer needs to store objects that are frequently accessed. To help the customer save costs, you must select a storage service free from retrieval charges. Which of the following S3 storage classes would meet this requirement? (Select TWO.)

S3 Intelligent Tiering
S3 One Zone IA
S3 Standard
S3 Standard-IA
S3 Glacier Deep Archive
A

– S3 Standard

– S3 Intelligent-Tiering

S3 Glacier Deep Archive, S3 Standard-IA, and S3 One Zone-IA are all incorrect since these storage tiers have object retrieval fees.

127
Q

Which of the following services connects VPCs and on-premises networks through a central hub?

AWS Transit Gateway
AWS Direct Connect
Amazon VPC Peering
AWS Client VPN

A

AWS Transit Gateway.

AWS Client VPN is incorrect because this is just a VPN service used to securely access your AWS resources and resources in your on-premises network. You can’t use AWS Client VPN to connect and manage multiple VPCs.

VPC Peering is incorrect. Although this service could connect two or more VPCs, it is not appropriate to use if you are managing multiple VPC peering connections and on-premises networks at scale.

AWS Direct Connect is incorrect because this is a dedicated network connection from your on-premises to AWS. Direct Connect doesn’t support the peering between VPCs unless it is associated with Transit Gateway.

128
Q

Which of the following services displays the general status of all available AWS Services and informs you if a service is experiencing availability issues?

AWS Service Health Dashboard
AWS CloudTrail
AWS Personal Health Dashboard
Amazon CloudWatch

A

AWS Service Health Dashboard

129
Q

Which AWS services should you use to upload SSL certificates? (Select TWO.)

AWS License Manager
AWS Certificate Manager
AWS Systems Manager
AWS KMS
AWS IAM
A

– AWS Certificate Manager

– AWS Identity and Access Management

AWS License Manager is incorrect because this service is mainly used for managing software licenses from different vendors (Microsoft, Oracle, SAP, IBM)

130
Q

Which of the following pricing options will automatically reduce your cost on any EC2 instance usage regardless of region, instance family, size, OS, or tenancy?

On-Demand Instances
Dedicated Hosts
Savings Plans
Reserved Instances

A

Savings Plans

131
Q

What types of caching solutions are available in Amazon ElastiCache? (Select TWO.)

Amazon ElastiCache for Serverless
Amazon ElastiCache for Redis
Amazon ElastiCache for Memcached
Amazon ElastiCache for Apache Kafka
Amazon ElastiCache for Apache Ignite
A

Amazon ElastiCache for Redis

Amazon ElastiCache for Memcached

132
Q

Which service should you use to run complex analytic queries against terabytes to petabytes of structured data?

Amazon DynamoDB
Amazon Redshift
Amazon S3
Amazon Neptune

A

Amazon Redshift

133
Q

A company plans to restrict access to content served from an Amazon S3 bucket using Amazon CloudFront. Which of the following features can you use to satisfy this requirement?

Server Name Indication
Service Control Policies
Origin Access Identity
Sticky Sessions

A

An Origin Access Identity is used for sharing private content through CloudFront.

Service Control Policies is incorrect because this is an AWS Organization policy and not an Amazon CloudFront feature.

134
Q

A company plans to encrypt and manage its own encryption keys using a single-tenant hardware security module. The company must also have exclusive control over how its keys are used via an authentication mechanism independent from AWS.

Which service would meet that requirement?
Amazon Guard​Duty
 Amazon S3
 AWS KMS
 AWS CloudHSM
A

AWS CloudHSM is standards-compliant and enables you to export all of your keys to most other commercially available HSMs,

AWS KMS is incorrect because this service is primarily used to create and manage cryptographic keys, and control their use across a wide range of AWS services and in your applications. Requirement in the scenario is to have exclusive control over how its keys are used via an authentication mechanism independent from AWS.

135
Q
Which AWS team can assist you when your systems are impacted by AWS resources engaging in abusive activities such as phishing, malware, spam, and denial of service (DoS) or distributed denial of service (DDoS) incidents?
 Concierge Support
 AWS Support API
 AWS Trust & Safety
 Architecture Support
A

AWS Trust & Safety

Concierge Support is incorrect because this is a team of experts that quickly and efficiently assist you with your billing and account inquiries, and work with you to implement billing and account best practices so that you can focus on running your business.

AWS Support API is incorrect because this is not a team in AWS, but a collection of APIs that provides programmatic access to AWS Support Center features. This is primarily used to create, manage, and close your support cases, and operationally manage your Trusted Advisor check requests and status.

Architecture Support is incorrect because this is a team that guides customers on how AWS services fit together to meet a specific architecture, use-case, workload, or application.

136
Q

A high-performance computing (HPC) application needs a storage service in AWS that can be used as a centralized Windows File Server for multiple EC2 instances.

Which of the following should they use?
 Amazon S3
 Amazon EFS
 Amazon FSx
 Amazon EBS
A

Amazon FSx makes it easy and cost-effective to launch and run popular file systems.

Amazon EFS is incorrect. Although it is a shared file system storage, EFS only supports Linux workloads.

Amazon EBS is incorrect. An EBS volume can only be accessed by multiple EC2 instances if it is a Provisioned IOPS EBS volume. A more suitable option here is to use Amazon FSx for Windows File Server.

137
Q
Which of the following services connects VPCs and on-premises networks through a central hub?
 AWS Client VPN
 Amazon VPC Peering
 AWS Direct Connect
 AWS Transit Gateway
A

AWS Transit Gateway connects VPCs and on-premises networks through a central hub.

AWS Direct Connect is incorrect because this is a dedicated network connection from your on-premises to AWS. Direct Connect doesn’t support the peering between VPCs unless it is associated with Transit Gateway.

138
Q

Which of the following provides a collection of technical resources to help you build more effectively and efficiently in the AWS Cloud?

AWS Trusted Advisor
AWS Organizations
AWS Architecture Center
AWS Config

A

AWS Architecture Center.

AWS Trusted Advisor is incorrect because this is just an online tool that provides real-time guidance to help you provision your resources following AWS best practices.

139
Q
Which is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy?
 AWS CodeDeploy
 AWS CodePipeline
 AWS CodeCommit
 AWS CodeBuild
A

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.

CodeDeploy is primarily used to automate code deployments to any instance, including EC2 instances and instances running on-premises. CodePipeline is a continuous delivery service while CodeCommit is a fully-managed source control service

140
Q
A developer plans to build a serverless application with a key-value database. Which of the following AWS services can be used to fulfill this requirement? (Select TWO.)
 Amazon RDS
 AWS Lambda
 Amazon DynamoDB
 Amazon ECR
 Amazon SageMaker
A
  • AWS Lambda
  • Amazon DynamoDB

Amazon RDS is incorrect because it is not a key-value database. RDS is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud. Also, RDS is not a suitable fit for key-value pairs.

Amazon ECR is incorrect because this is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. ECR is not a serverless computing service. If you want to have a serverless container, you can use AWS Fargate.

Amazon SageMaker is incorrect because this is not a serverless service. SageMaker is primarily used to build, train, and deploy machine learning (ML) models quickly.

141
Q

Which of the following is a benefit of using AWS Global Accelerator?
Decreased latency in accessing applications hosted in AWS
Accelerates server performance of your Amazon EC2 instances globally
Reduced server costs in running AWS Services
Provides a highly durable data store in AWS

A

Decreased latency in accessing applications hosted in AWS

142
Q

An organization is mandated to secure its Amazon S3 bucket and ensure that it cannot have any public objects to satisfy the compliance requirements.

What S3 feature should be used to easily accomplish this?
 Block Public Access
 Network ACL
 Security Groups
 VPC Endpoint
A

Amazon S3 provides Block Public Access settings for buckets and accounts to help you manage public access to Amazon S3 resources.

Network ACL is incorrect because a Network ACL is primarily used for VPCs and not in S3 buckets.

Security Group is incorrect because Amazon S3 doesn’t have a security group.

143
Q
What is the MOST affordable AWS Support plan that provides users access to the AWS Support API?
 Basic
 Developer
 Business
 Enterprise
A

Business

144
Q
A developer needs to set up a message broker service for Apache ActiveMQ for its enterprise application running in AWS. Which service should be used in this scenario?
 Amazon Simple Email Service
 Amazon Chime
 Amazon WorkMail
 Amazon MQ
A

Amazon MQ is a managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud

145
Q

Which of the following are the capabilities provided by Amazon Route 53? (Select TWO.)

Resource metrics collection
Web traffic filtering
Domain Registration
DNS Resolution
DDoS Protection
A

Domain Registration

DNS Resolution

146
Q

Which of the following AWS resources is a zonal service? (Select TWO.)

Amazon S3
Amazon EBS
Amazon Route 53
AWS IAM
Amazon EC2
A

– Amazon EC2

– Amazon EBS

Amazon EC2 is a compute capacity in the cloud and Amazon EBS is a block storage service. Both are created in a specific Availability Zone, and EBS can be attached to any instances in that same Availability Zone.

Amazon S3, Amazon Route 53, and AWS IAM are all incorrect because these are global services offered by AWS.

147
Q

A company needs to store frequently accessed data in Amazon S3. How will AWS bill you for storing objects in your S3 buckets?

Per Hour or Second
Per Unique File Type
Per GB
By Instance Type

A

Per GB

The usage of an EC2 instance is calculated by the hour or second based on the size of the instance, operating system, and the AWS Region where the instances are launched

148
Q

Which service enables you to set up directories in the AWS cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory?

AWS Site-to-Site VPN
AWS Direct Connect
AWS Directory Service
Amazon Connect

A

AWS Directory Service

149
Q

Which feature will customers have access to by using the AWS Business Support plan?

Technical Account Manager
Access to online self-paced labs
Concierge Support Team
Architecture Support

A

Architecture Support

150
Q

A company needs access to the full set of monitoring checks in AWS Trusted Advisor to ensure that its cloud environment is well-architected.

What is the MOST cost-effective support plan that the company should avail of?

Enterprise
Business
Basic
Developer

A

Business

151
Q

Which AWS service provides automated reference deployments for key workloads in AWS via CloudFormation templates?

AWS OpsWorks
AWS Config
AWS Quick Starts
AWS Systems Manager Automation

A

AWS Quick Starts

152
Q

Which AWS service provides tracing and monitoring capabilities for your Lambda function?

AWS Shield
AWS X-Ray
Amazon Macie
Amazon Inspector

A

AWS X-Ray

153
Q

Which of the following AWS Cost Management tools enable you to forecast future costs and usage of your AWS resources based on your past consumption?

AWS Pricing Calculator
AWS Cost and Usage report
Cost Explorer
Amazon Forecast

A

Cost Explorer

154
Q

Which of the following Cost Management Tools allows you to track your Amazon EC2 Reserved Instance (RI) usage and view the discounted RI rate that was charged to your resources?

AWS Cost and Usage report
AWS Systems Manager
AWS Cost Explorer
AWS Budgets

A

AWS Cost and Usage report

155
Q

Which of the following purchase options offers the most significant discount compared to On-Demand instance pricing to process steady-state workloads that will continuously be running for a year?

Convertible Reserved Instance
Standard Reserved Instance
Dedicated Instance
Scheduled Reserved Instance

A

Standard Reserved Instances provide you with a significant discount compared to On-Demand instance pricing and can be purchased for a 1-year or 3-year term

156
Q

Which of the following are the characteristics of Amazon EC2 Convertible Reserved Instances? (Select TWO.)

Allows the change of instance family, operating system, tenancy, and payment option
Allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month
Allows you to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or lesser value
Has the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value
Provides the most significant discount of the RI types and are best suited for steady-state usage

A

– ALlows the change of instance family, operating system, tenancy, and payment option.

– Has the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value.

157
Q

Which of the following provides you access to Reserved Instance (RI) purchase recommendations based on your past usage and indicate potential opportunities for savings as compared to On-Demand usage?

AWS Cost Explorer
AWS Cost and Usage report
AWS Billing Dashboard
AWS Budgets

A

AWS Cost Explorer

158
Q

Which of the following statements is true for AWS CloudTrail?

CloudTrail charges you for every management event trail created
When you create a trail in the AWS Management Console, the trail applies to all AWS Regions by default
CloudTrail is disabled by default for newly created AWS accounts
CloudTrail is able to capture application error logs from your EC2 instances

A

When you create a trail in the AWS Management Console, the trail applies to all AWS Regions by default

159
Q

What feature will allow you to label and sort your EC2 instances according to their deployment stage (development, staging, production)?

Instance metadata
Instance type
Instance userdata
Instance tags

A

Instance tags

Instance metadata is incorrect because it just details the server and network information of the instance itself. This is automatically generated for you by AWS when you launch an instance. To add metadata of your own, use tags.

Instance user data is incorrect because this is just a custom script that you prepare if you want your instance to be initialized every time it is launched. You cannot add metadata such as environment tags here

160
Q

Which of the following AWS well-architected pillars discusses the use of the right computing resources to meet demand levels even as the demand changes and technologies evolve?

Operational Excellence
Reliability
Performance Efficiency
Cost optimization

A

Performance Efficiency

161
Q

A company is planning to deploy their high-frequency trading (HFT) application which will store constantly changing financial data in AWS and require low latency access. Which AWS services below should you use? (Select TWO.)

Amazon S3
Amazon RDS
Amazon EFS
Amazon Glacier
AWS Snowball
A

Amazon RDS
Amazon EFS

Amazon S3 is incorrect because although you can technically use this service as a data storage for rapidly changing data, this entails high latency since S3 is located outside of your VPC.

Amazon Glacier is not suitable to be used for applications with rapidly changing data.

162
Q

Which of the following services should you use to deploy and easily rollback a web application from your Git repository to your on-premises server?

AWS OpsWorks
AWS Systems Manager
AWS CloudFormation
AWS Elastic Beanstalk

A

AWS OpsWorks

AWS CloudFormation and AWS Elastic Beanstalk are incorrect because these services can only deploy applications to your AWS resources and not to the servers located in your on-premises data center.

163
Q

Which AWS support plan includes a Concierge Support Team which will assist you with your billing and account inquiries, and work with you to implement billing and account best practices?

Developer support plan
Enterprise support plan
Business support plan
Basic support plan

A

Enterprise support plan

164
Q

Which of the following Amazon EC2 instance purchasing options can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses?

On-Demand Instance
Dedicated Instance
Dedicated Host
Reserved Instance

A

Dedicated Host

Dedicated Instance purchasing option is incorrect because although Dedicated instances also run on dedicated hardware, Dedicated Hosts provide further visibility and control by allowing you to place your instances on a specific, physical server

165
Q

Which of the following is typically used to secure your VPC subnets?

Security Group
AWS IAM
AWS Config
Network ACL

A

Network ACL

Security group is incorrect because this is used to secure your resource-level network such as EC2 instances and RDS databases, in a similar way with how network ACLs work. However, security groups do not operate on the subnet level.

166
Q

Which of the following AWS services are not considered to be region-specific services? (Select TWO.)

Amazon Route 53
AWS WAF
AWS CloudTrail
AWS Lambda
Amazon VPC
A

Amazon Route 53 and AWS WAF are both global services

AWS Lambda, AWS CloudTrail, and Amazon VPC are all incorrect because these are region-specific services.

167
Q

Which of the following services are part of the AWS serverless platform that does not require provisioning, maintaining, and administering servers for backend components? (Select TWO.)

Amazon API Gateway
Amazon OpenSearch
Amazon ElastiCache
Amazon EMR
Lambda@Edge
A

– Amazon API Gateway

– Lambda@Edge

All of the other options are incorrect because you still need to choose which type of EC2 instance type will be used for running these services as well as its scaling capability.

168
Q

What services has built-in DDoS mitigation and/or protection?

a) SNS
b) EC2
c) None of these apply
d) RDS

A

c) None of these apply

AWS services with built-in DDoS mitigation/protection include: 1) Route 53 2) CloudFront 3) WAF (web application firewall) 4) Elastic Load Balancing 5) VPCs and Security Groups https://linuxacademy.com/cp/courses/lesson/course/1548/lesson/5/module/154

169
Q

How many VPCs are created by default in a region?

​
a) 2
​
b) 3
​
c) 4
​
d) 1
A

d) 1

By default, when an AWS account is created, each region will get 1 VPC.

170
Q

What is NACL?

a) A logically isolated section of AWS

​b) A table of rules that directs traffic flow in a network

​c) A firewall on the subnet level

​d) A firewall on the instance level

A

​c) A firewall on the subnet level

A NACL is a firewall on the subnet level.

171
Q

VPCs span all of these except for _____.

​a) AWS Regions
​
b) Availability Zones
​
c) AWS Resources
​
d) Subnets
A

​a) AWS Regions

VPCs cannot span AWS Regions.

172
Q

A security group is a _____ on the _____ level.

​a) Firewall, Instance
​
b) Firewall, AWS
​
c) Firewall, VPC
​
d) Firewall, Subnet
A

​a) Firewall, Instance

A security group is a firewall on the instance level.

173
Q

Which of the following will connect instances within a VPC to networks outside of the VPC and provides Internet access for the VPC?

​a) Subnet
​
b) Route Table
​
c) Internet Gateway
​
d) NACL
A

c) Internet Gateway

An internet gateway connects instances within a VPC to the network outside of the VPC. Video for reference: Internet Gateways and Route Tables

174
Q
Which of the following is *not* a method of getting or using MFA codes?
​
a) Single sign-on
​
b) Virtual MFA Device
​
c) Hardware key fob
​
d) API keys
A

a) Single sign-on

175
Q
In this scenario, we have an IAM User with an _AWSDenyAll_ policy, but this user is also in an IAM Group with access to various AWS services. These services include S3, EC2, VPC, and IAM. Which of the following resources can this user access?
​
a) S3 and VPC
​
b) EC2
​
c) The IAM user cannot access any of the AWS services
​
d) VPC And EC2
A

c) The IAM user cannot access any of the AWS services

This IAM User will not be able to access any of the AWS services because the user is attached to an AWSDenyAll policy regardless of being in an IAM Group with access to these services. This is because an explicit deny always overrides and explicit allow. Video for reference: Overview of Identity and Access Management Part 2

176
Q
By default, which timeframe does CloudWatch provide free analysis metrics?
​
a) 5 minutes
​
b) 1 minute
​
c) 30 seconds
​
d) 10 minutes
A

a) 5 minutes

By default, CloudWatch analyzes AWS resources for metrics every 5 minutes for free. Video for reference: CloudWatch Monitoring, Metrics, and Logs

177
Q

Which service stores log events for CloudTrail?

​
a) IAM
​
b) CloudWatch
​
c) S3
​
d) CloudTrail
A

c) S3

S3 is the service in which CloudTrail logs events. It logs the events as an S3 object.

178
Q

Which of the following examples best demonstrates the agility that cloud computing offers?

a) Protect your data by centralizing your applications in one Availability Zone.
b) Increase network throughput with AWS Direct Connect (DX) nodes.
c) Spin up servers in minutes, and shut down servers when you don’t need them.
d) Quickly deploy multi—factor authentication (MFA) to multiple data centers.

A

(c) Spin up servers in minutes, and shut down servers when you don’t need them.

179
Q

Users of your services are reporting latency. With on-premises architecture you would notify your Administrator to launch another server to balance the load. How can this be automated using AWS?

a) Create a new template using AWS CloudFormation.
b) Enable AWS CloudTrail to monitor latency issues.
c) Enable an Amazon CloudWatch alarm to trigger a scaling policy.
d) Create six Amazon EC2 instances in different Availability Zones.

A

(c) Enable an Amazon CloudWatch alarm to trigger a scaling policy.

180
Q

Which AWS service enables you to repeatedly and predictably provision resources to power your applications?

a) AWS CloudFormation
b) AWS Cloud Map
c) AWS CloudTrail
d) Amazon CloudFront

A

(a) AWS CloudFormation

181
Q

You have an application composed of individual services
and you need to route a request to a service based on the
content of the request. What type of load balancer should
you use?

a) Application Load Balancer
b) Classic Load Balancer
c) Network Load Balancer
d) VPN Load Balancer

A

(a) Application Load Balancer

182
Q

An intern at an IT company provisioned a Linux based On-demand EC2 instance with per-second billing but terminated it within 30 seconds as he wanted to provision another instance type. What is the duration for which the instance would be charged?

a. 600 seconds
b. 300 seconds
c. 60 seconds
d. 30 seconds

A

c. 60 seconds

183
Q

Which of the following AWS Support plans provides access to online training with self-paced labs?

a. Business
b. Enterprise
c. Developer
d. Basic

A

b. Enterprise

184
Q

Which of the following AWS authentication mechanisms supports a Multi-Factor Authentication (MFA) device that you can plug into a USB port on your computer?

a. U2F security key
b. Virtual MFA device
c. SMS text messaged-based MFA
d. Hardware MFA device

A

a

185
Q

An IT company wants to run a log backup process every Monday at 2 AM. The usual runtime of the process is 5 minutes. As a Cloud Practitioner, which AWS services would you recommend to build a serverless solution for this use-case? (Select two)

a. Step Function
b. EC2 Instance
c. Lambda
d. Systems Manager
e. CloudWatch

A

c. Lambda

e. CloudWatch

186
Q

Data encryption is automatically enabled for which of the following AWS services? (Select two)

a. Amazon RedShift
b. Amazon EBS volumes
c. Amazon EFS drives
d. Amazon S3 Glacier
e. AWS Storage Gateway

A

d. Amazon S3 Glacier

e. AWS Storage Gateway

187
Q

An AWS user is trying to launch an EC2 instance in a given region. What is the region-specific constraint that the Amazon Machine Image (AMI) must meet so that it can be used for this EC2 instance?

a. You must use an AMI from the same region as that of the EC2 instance. The region of the AMI has no bearing on the performance of the EC2 instance.
b. You can use an AMI from a different region, but it degrades the performance of the EC2 instance.
c. You should us an AMI from the same region, as it improves the performance of the EC2 instance.
d. An AMI is a global entity, so the region is NOT applicable.

A

a. You must use an AMI from the same region as that of the EC2 instance. The region of the AMI has no bearing on the performance of the EC2 instance.

188
Q

A start-up would like to quickly deploy a popular technology on AWS. As a Cloud Practitioner, which AWS tool would you use for this task?

a. AWS Quick Start References
b. AWS Whitepapers
c. AWS Forums
d. AWS CodeDeploy

A

a. AWS Quick Start References

189
Q

A Cloud Practitioner would like to deploy identical resources across all regions and accounts using templates while estimating costs. Which AWS service can assist with this task?

a. Amazon LightSail
b. AWS CloudFormation
c. AWS Directory Service
d. AWS CodeDeploy

A

b. AWS CloudFormation

190
Q

Which of the following options is NOT a feature of Amazon Inspector?

a. Automate security assessments
b. Track configuration changes
c. Analyze against unintended network accessibility
d. Inspect running operating systems (OS) against known vulnerabilities

A

b. Track configuration changes

191
Q

A corporation would like to have a central user portal to log in to third-party business applications as well as accounts managed under AWS Organizations. As a Cloud Practitioner, which AWS service would you use for this task?

a. AWS Command Line Interface (CLI)
b. AWS Cognito
c. AWS Identity and Access Management (IAM)
d. AWS Single Sign-On (SSO

A

d. AWS Single Sign-On (SSO)

192
Q

Which pillar of the AWS Well-Architected Framework recommends maintaining infrastructure as code?

a. Operational Excellence
b. Performance Efficiency
c. Security
d. Cost Optimization

A

a. Operational Excellence

193
Q

A photo sharing web application wants to store thumbnails of user-uploaded images on Amazon S3. The thumbnails are rarely used but need to be immediately accessible from the web application. The thumbnails can be regenerated easily if they are lost. Which is the most cost-effective way to store these thumbnails on S3?

a. Use S3 One-Zone Infrequent Access (One-Zone IA) to store the thumbnails.
b. Use S3 Standard to store the thumbnails.
c. Use S3 Standard Infrequent Access (Standard-IA) to store the thumbnails.
d. Use S3 Glacier to store the thumbnails.

A

a. Use S3 One-Zone Infrequent Access (One-Zone IA) to store the thumbnails.

194
Q

A unicorn startup is building an analytics application with support for a speech-based interface. The application will accept speech-based input from users and then convey results via speech. As a Cloud Practitioner, which solution would you recommend for the given use-case?

a. Use Amazon Polly to convert speech to text for downstream analysis. Then use Amazon Translate to convey the text results via speech.
b. Use Amazon Translate to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speech.
c. Use Amazon Polly to convert speech to text for downstream analysis. Then use Amazon Transcribe to convey the text results via speech.
d. Use Amazon Transcribe to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speech.
d. Use Amazon Transcribe to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speech.

A

d. Use Amazon Transcribe to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speech.

195
Q

A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task?

a. Amazon Trusted Advisor
b. Amazon Inspector
c. AWS Systems Manager
d. AWS Personal Health Dashboard
c. AWS Systems Manager

A

c. AWS Systems Manager

196
Q

A financial services enterprise plans to enable Multi-Factor Authentication (MFA) for its employees. For ease of travel, they prefer not to use any physical devices to implement MFA. Which of the below options is best suited for this use case?

a. Soft Token MFA device
b. Hardware MFA device
c. U2F security key
d. Virtual MFA device

A

d. Virtual MFA device

197
Q

Which AWS Route 53 routing policy would you use to route traffic to multiple resources and also choose how much traffic is routed to each resource?

a. Failover routing policy
b. Weighted routing policy
c. Simple routine policy
d. Latency routing policy

A

b. Weighted routing policy

198
Q

Which AWS service can be used to subscribe to an RSS feed to be notified of services’ interruptions?

a. Amazon SNS
b. AWS Lambda
c. AWS Personal Health Dashboard
d. AWS Service Health Dashboard

A

d. AWS Service Health Dashboard

199
Q

A data analytics company is running a proprietary batch analytics application on AWS and wants to use a storage service which would be accessed by hundreds of EC2 instances simultaneously to append data to existing files. As a Cloud Practitioner, which AWS service would you suggest for this use-case?

a. S3
b. EFS
c. Instance Store
d. EBS

A

b. EFS

200
Q

A financial services company wants to ensure that its AWS account activity meets the governance, compliance and auditing norms. As a Cloud Practitioner, which AWS service would you recommend for this use-case?

a. ) Config
b. ) Trusted Advisor
c. ) CloudWatch
d. ) CloudTrail

A

D.) CloudTrail

You can use CloudTrail to log, monitor and retain account activity related to actions across your AWS infrastructure. CloudTrail provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

201
Q

Which of the following AWS services offer block-level storage? (Select two)

a. S3
b. EBS
c. ECS
d. EFS
e. Instance Store

A

b. EBS

e. Instance Store

202
Q

Due to regulatory and compliance reasons, an organization is supposed to use a hardware device for any data encryption operations in the cloud. Which AWS service can be used to meet this compliance requirement?

a. AWS Trusted Advisor
b. AWS Key Management Service (KMS)
c. AWS CloudHSM
d. AWS Secrets Manager

A

c. AWS CloudHSM

AWS CloudHSM is a service for creating and managing cloud-based hardware security modules.
AWS Key Management Service (AWS KMS) lets you create, store, and manage KMS keys securely.