Wrong answers Flashcards
Data encryption is automatically enabled for which of the following AWS services? (Select two)?
Amazon S3 Glacier - Amazon S3 Glacier (S3 Glacier), is a storage service optimized for infrequently used data, or “cold data. Data at rest stored in S3 Glacier is automatically server-side encrypted using 256-bit Advanced Encryption Standard (AES-256) with keys maintained by AWS
AWS Storage Gateway - AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. All data transferred between the gateway and AWS storage is encrypted using SSL (for all three types of gateways - File, Volume and Tape Gateways).
Which of the following AWS Support plans provides access to online training with self-paced labs?
Enterprise
An IT company is on a cost-optimization spree and wants to identify all EC2 instances that are under-utilized. Which AWS services can be used to address this use-case? (Select two)
AWS Trusted Advisor
AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: Cost Optimization, Performance, Security, Fault Tolerance, Service Limits.
AWS Cost Explorer
The rightsizing recommendations feature in Cost Explorer helps you identify cost-saving opportunities by downsizing or terminating EC2 instances. You can see all of your underutilized EC2 instances across member accounts in a single view to immediately identify how much you can save.
Which of the following AWS services are part of the AWS Foundation services for the Reliability pillar of the Well-Architected Framework in AWS Cloud? (Select two)
AWS Trusted Advisor
AWS Identity and Access Management (IAM)
A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task?
AWS Systems Manager
Which AWS service can be used to subscribe to an RSS feed to be notified of services’ interruptions?
AWS Service Health Dashboard
A photo sharing web application wants to store thumbnails of user-uploaded images on Amazon S3. The thumbnails are rarely used but need to be immediately accessible from the web application. The thumbnails can be regenerated easily if they are lost. Which is the most cost-effective way to store these thumbnails on S3?
Use S3 One-Zone Infrequent Access (One-Zone IA) to store the thumbnails
S3 One Zone-IA is for data that is accessed less frequently but requires rapid access when needed.
An organization maintains a separate Virtual Private Cloud (VPC) for each of its business units. Two units need to privately share data. Which is the most optimal way of privately sharing data between the two VPCs?
VPC Peering
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region.
Which of the following are correct statements regarding the AWS Shared Responsibility Model? (Select two)
“For abstracted services like Amazon S3, AWS operates the infrastructure layer, the operating system, and platforms” - For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data.
What is the primary benefit of deploying an RDS database in a Read Replica configuration?
Read Replica improves database scalability
Read Replicas allow you to create read-only copies that are synchronized with your master database. Read Replicas are used for improved read performance. You can also place your read replica in a different AWS Region closer to your users for better performance. Read Replicas are an example of horizontal scaling of resources.
An AWS user is trying to launch an EC2 instance in a given region. What is the region-specific constraint that the Amazon Machine Image (AMI) must meet so that it can be used for this EC2 instance?
You must use an AMI from the same region as that of the EC2 instance. The region of the AMI has no bearing on the performance of the EC2 instance
A company would like to separate cost for AWS services by the department for cost allocation. Which of the following actions can assist with this task?
Create tags for each department
Typically, you use business tags such as cost center/business unit, customer, or project to associate AWS costs with traditional cost-allocation dimensions. But a cost allocation report can include any tag. This lets you associate costs with technical or security dimensions, such as specific applications, environments, or compliance programs.
A financial services company wants to ensure that its AWS account activity meets the governance, compliance and auditing norms. As a Cloud Practitioner, which AWS service would you recommend for this use-case?
You may see use-cases asking you to select one of CloudWatch vs CloudTrail vs Config. Just remember this thumb rule -
Think resource performance monitoring, events, and alerts; think CloudWatch.
Think account-specific activity and audit; think CloudTrail.
Think resource-specific change history, audit, and compliance; think Config.
Which of the following AWS services offer block-level storage? (Select two)
EBS -
Amazon Elastic Block Store (EBS) is an easy to use, high-performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction-intensive workloads at any scale. A broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS.
Instance Store
An instance store provides temporary block-level storage for your EC2 instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for the temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers. Instance storage is temporary, data is lost if instance experiences failure or is terminated. EC2 instance store cannot be used for file sharing between instances.
A startup runs its proprietary application on docker containers. As a Cloud Practitioner, which AWS service would you recommend so that the startup can run containers and still have access to the underlying servers?
Amazon Elastic Container Service (Amazon ECS)
Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster. This is not a fully managed service and you can manage the underlying servers yourself.
What is the difference between an Availability Zone and a Local Zone?
An Availability Zone is an isolated location within an AWS region. A Local Zone is an extension of an AWS Region in geographic proximity to your users.
An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. AZ’s give customers the ability to operate production applications and databases that are more highly available, fault-tolerant, and scalable than would be possible from a single data center.
AWS Local Zones are managed and supported by AWS, bringing you all of the elasticity, scalability, and security benefits of the cloud. Each AWS Local Zone location is an extension of an AWS Region where you can run your latency-sensitive applications using AWS services such as Amazon Elastic Compute Cloud, Amazon Virtual Private Cloud, Amazon Elastic Block Store, Amazon File Storage, and Amazon Elastic Load Balancing in geographic proximity to end-users.
You need to organize and consolidate information based on criteria specified in tags or resources in AWS. Which of the following should you use?
AWS Resource Groups lets you organize AWS resources such as Amazon EC2 instances, Amazon Relational Database Service databases, and Amazon S3 buckets into groups using criteria that you define as tags.
A resource group is a collection of resources that match the resource types specified in a query and share one or more tags or portions of tags. You can create a group of resources based on their roles in your cloud infrastructure, lifecycle stages, regions, application layers, or virtually any criteria.
Which of the following services offers you the same AWS hardware infrastructure, services, APIs, and tools to build and run your applications on-premises and in the cloud?
AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any data center, co-location space, or on-premises facility for a truly consistent hybrid experience. AWS Outposts is ideal for workloads that require low latency access to on-premises systems, local data processing, or local data storage.
AWS Outposts offers you the same AWS hardware infrastructure, services, APIs, and tools to build and run your applications on-premises and in the cloud for a truly consistent hybrid experience.
A gaming company needs a service that uses the AWS global network to optimize users’ access to their applications using an anycast static IP address. Which of the following services fits this criteria?
AWS Global Accelerator is a service that improves the availability and performance of your applications with local or global users. It provides you with static IP addresses that serve as a fixed entry point to your applications hosted in one or more AWS Regions. These IP addresses are anycast from AWS edge locations, so they’re announced from multiple AWS edge locations at the same time. This enables traffic to ingress onto the AWS global network as close to your users as possible.
Global Accelerator uses the AWS global network to optimize the path from your users to your applications, improving the performance of your traffic by as much as 60%.
Hence, the correct answer in this scenario is: AWS Global Accelerator.
Which of the following is true regarding the Developer support plan in AWS?
- No access to the AWS Support API
- Limited access to the 7 Core Trusted Advisor checks
In AWS, ____ is one of the advantages of Consolidated Billing
Volume Pricing
___ is one of the components of AWS Global Infrastructure which consists of one or more discrete data centers each with redundant power, networking, and connectivity, and housed in separate facilities
Availability Zone
Which of the following Amazon EC2 instance purchasing options can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses?
Dedicated Host
You need to launch a new EC2 Instance for a beta program which is scheduled to change its instance family, operating system and tenancy exactly 3 months after its trial period. Which type of Reserved Instance should you use
Convertible RI
A company is in the process of choosing the most suitable AWS Region to migrate their applications. Which of the following factors should they consider?
- Enhance customer experiences by reducing latency to users
- Support country-specific data sovereignty compliances requirements
In AWS Trusted Advisor, which of the following options are included among the five categories being considered to analyze AWS environment and provide the best practice recommendations?
- Fault tolerance
- Performance
Which of the following is a key benefit of migrating systems hosted on your on-premises data center to AWS?
Opportunity to replace upfront capital expenses (CAPEX) with low variable costs
Which of the following are true regarding Amazon RDS?
- Makes it easy to set up, operate, and scale a relational database
- Simplifies the management of time-consuming database administration tasks
Which of the following options below is solely the responsibility of the customer in accordance with the AWS shared responsibility model?
- Zone Security
What should you provide to your developers to allow them to access your AWS services through the AWS CLI?
Access keys
You need to host a new Microsoft SQL Server database in AWS for an urgent project. Which AWS services should you use to meet this requirement?
EC2 and RDS
Which of the following can you use to connect your on-premises data center and your cloud architecture in AWS?
Virtual Private Gateway
Route 53
Which of the following are regarded as regional services in AWS?
AWS Batch
EFS
Global services: IAM, Route 53, CloudFront, and WAF
Zonal: EC2 and EBS snapshots
The rest: regional
The DevOps team at an IT company is moving 500 GB of data from an EC2 instance to an S3 bucket in the same region. Which of the following scenario captures the correct charges for this data transfer?
The company would not be charged for this data transfer
Which of the following statements are CORRECT regarding the AWS VPC service? (Select two)
A Security Group can have allow rules only
A NAT Gateway is managed by AWS
Which of the following AWS services has encryption enabled by default?
CloudTrail Logs
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. CloudTrail can be used to record AWS API calls and other activity for your AWS account and save the recorded information to log files in an Amazon Simple Storage Service (Amazon S3) bucket that you choose. By default, the log files delivered by CloudTrail to your S3 bucket are encrypted using server-side encryption with Amazon S3–managed encryption keys (SSE-S3).
