YT 21-40 Flashcards
Which AWS service can identify when an Amazon EC2 instance was terminated?
A. AWS Identity and Access Management (IAM)
B. AWS CloudTrail
C. AWS Compute Optimizer
D. Amazon EventBridge
Correct Answer: B. AWS CloudTrail
✅ Explanation:
AWS CloudTrail logs all API calls, including EC2 instance terminations, providing a full audit trail.
❌ Why the others are wrong:
A. IAM: Manages permissions but does not track EC2 instance terminations.
C. AWS Compute Optimizer: Provides performance recommendations, not termination tracking.
D. Amazon EventBridge: Can trigger responses but does not log historical API actions.
Which of the following services can be used to block network traffic to an instance? (Choose two.)
A. Security groups
B. Amazon Virtual Private Cloud (Amazon VPC) flow logs
C. Network ACLs
D. Amazon CloudWatch
E. AWS CloudTrail
Correct Answer: A. Security groups, C. Network ACLs
✅ Explanation:
Security groups act as virtual firewalls at the instance level.
Network ACLs control inbound and outbound traffic at the subnet level.
❌ Why the others are wrong:
B. VPC flow logs: Monitor traffic but do not block it.
D. Amazon CloudWatch: Monitors performance but does not block traffic.
E. AWS CloudTrail: Logs API actions but does not control traffic.
Which AWS service gives users the ability to discover and protect sensitive data that is stored in Amazon S3 buckets?
A. Amazon Macie
B. Amazon Detective
C. Amazon GuardDuty
D. AWS IAM Access Analyzer
Correct Answer: A. Amazon Macie
✅ Explanation:
Amazon Macie uses machine learning to detect sensitive data in S3 buckets.
❌ Why the others are wrong:
B. Amazon Detective: Investigates security incidents but does not scan S3 for sensitive data.
C. Amazon GuardDuty: Detects threats but does not classify sensitive data.
D. IAM Access Analyzer: Reviews permissions but does not scan S3 content.
A company has a test AWS environment. A company is planning on testing an application within AWS. The application testing can be interrupted and does not need to run continuously. Which Amazon EC2 purchasing option will meet these requirements MOST cost-effectively?
A. On-Demand Instances
B. Dedicated Instances
C. Spot Instances
D. Reserved Instances
Correct Answer: C. Spot Instances
✅ Explanation:
Spot Instances are the cheapest EC2 option and ideal for workloads that can handle interruptions.
❌ Why the others are wrong:
A. On-Demand Instances: More expensive but flexible.
B. Dedicated Instances: Expensive, used for regulatory needs.
D. Reserved Instances: Cheaper for steady usage, but not the cheapest for sporadic workloads.
A company is using Amazon DynamoDB. Which task is the company’s responsibility, according to the AWS shared responsibility model?
A. Patch the operating system.
B. Provision hosts.
C. Manage database access permissions.
D. Secure the operating system.
Correct Answer: C. Manage database access permissions
✅ Explanation:
Under the AWS Shared Responsibility Model, customers manage database access through IAM roles and policies.
❌ Why the others are wrong:
A, B, D: AWS fully manages infrastructure, patching, and OS security for DynamoDB.
To reduce costs, a company is planning to migrate a NoSQL database to AWS.Which AWS service is fully managed and can automatically scale throughput capacity to meet database workload demands?
A. Amazon Redshift
B. Amazon Aurora
C. Amazon DynamoDB
D. Amazon RDS
Correct Answer: C. Amazon DynamoDB
✅ Explanation:
Amazon DynamoDB is a fully managed NoSQL database that auto-scales based on demand.
❌ Why the others are wrong:
A. Amazon Redshift: For data warehousing, not NoSQL.
B. Amazon Aurora: Relational (SQL) database, not NoSQL.
D. Amazon RDS: Manages relational databases, not NoSQL.
Which AWS service is always provided at no charge?
A. Amazon S3
B. AWS Identity and Access Management (IAM)
C. Elastic Load Balancers
D. AWS WAF
Correct Answer: B. AWS Identity and Access Management (IAM)
✅ Explanation:
IAM is free and controls access to AWS resources.
❌ Why the others are wrong:
A. Amazon S3: Charges apply for storage and access.
C. Elastic Load Balancers: Charges apply for data handling.
D. AWS WAF: Charges apply for web application security.
Which AWS service is a cloud security posture management (CSPM) service that aggregates alerts from various AWS services and partner products in a standardized format?
A. AWS Security Hub
B. AWS Trusted Advisor
C. Amazon EventBridge
D. Amazon GuardDuty
Correct Answer: A. AWS Security Hub
✅ Explanation:
AWS Security Hub aggregates alerts from AWS security services like GuardDuty and Macie.
❌ Why the others are wrong:
B. Trusted Advisor: Provides best practices, not security alerts.
C. EventBridge: Routes events but does not analyze security.
D. GuardDuty: Detects threats but does not aggregate multiple security sources.
A company is developing an application that uses multiple AWS services. The application needs to use temporary, limited-privilege credentials for authentication with other AWS APls.Which AWS service or feature should the company use to meet these authentication requirements?”
A. Amazon API Gateway
B. IAM users
C. AWS Security Token Service (AWS STS)
D. IAM instance profiles
Correct Answer: C. AWS Security Token Service (AWS STS)
✅ Explanation:
AWS STS provides temporary credentials for AWS services.
❌ Why the others are wrong:
A. API Gateway: Manages APIs, not authentication.
B. IAM users: Have permanent credentials, not temporary.
D. IAM instance profiles: Assign permissions but do not generate temporary credentials.
Which of the following is a software development framework that a company can use to define cloud resources as code and provision the resources through AWS CloudFormation?
A. AWS CLI
B. AWS Developer Center
C. AWS Cloud Development Kit (AWS CDK)
D. AWS CodeStar
Correct Answer: C. AWS Cloud Development Kit (AWS CDK)
✅ Explanation:
AWS CDK lets developers define AWS infrastructure using programming languages.
❌ Why the others are wrong:
A. AWS CLI: Command-line tool for managing AWS, not defining infrastructure as code.
B. AWS Developer Center: Provides resources for developers but not infrastructure automation.
D. AWS CodeStar: Used for CI/CD, not infrastructure as code.
Which option is a benefit of the economies of scale based on the advantages of cloud computing?
A. The ability to trade variable expense for fixed expense
B. Increased speed and agility
C. Lower variable costs over fixed costs
D. Increased operational costs across data centers
Correct Answer: C. Lower variable costs over fixed costs
✅ Explanation:
AWS achieves economies of scale by serving a massive number of customers, allowing for lower costs that are passed on to users.
❌ Why the others are wrong:
A. The ability to trade variable expense for fixed expense: Cloud computing reduces fixed costs, not increases them.
B. Increased speed and agility: While true, this is not related to economies of scale.
D. Increased operational costs across data centers: Cloud computing reduces operational costs, not increases them.
A company is building an application that needs to deliver images and videos globally with minimal latency. Which approach can the company use to accomplish this in a cost effective manner?
A. Deliver the content through Amazon CloudFront.
B. Store the content on Amazon S3 and enable S3 cross-region replication.
C. Implement a VPN across multiple AWS Regions.
D. Deliver the content through AWS PrivateLink.
Correct Answer: A. Deliver the content through Amazon CloudFront.
✅ Explanation:
Amazon CloudFront is a global content delivery network (CDN) that caches content at edge locations, reducing latency and costs.
❌ Why the others are wrong:
B. Store the content on Amazon S3 and enable S3 cross-region replication: This copies data across regions but does not optimize for global delivery.
C. Implement a VPN across multiple AWS Regions: A VPN is for private network security, not content delivery.
D. Deliver the content through AWS PrivateLink: PrivateLink connects services securely but does not distribute content globally.
A company is exploring the use of the AWS Cloud, and needs to create a cost estimate for a project before the infrastructure is provisioned. Which AWS service or feature can be used to estimate costs before deployment?
A. AWS Free Tier
B. AWS Pricing Calculator
C. AWS Billing and Cost Management
D. AWS Cost and Usage Report
Correct Answer: B. AWS Pricing Calculator
✅ Explanation:
AWS Pricing Calculator helps businesses estimate costs before deployment based on service usage.
❌ Why the others are wrong:
A. AWS Free Tier: Allows limited free usage but does not estimate future costs.
C. AWS Billing and Cost Management: Monitors actual usage costs, not future estimates.
D. AWS Cost and Usage Report: Provides detailed billing reports but does not generate estimates.
A company wants to make an upfront commitment for continued use of its production Amazon EC2 instances in exchange for a reduced overall cost. Which pricing options meet these requirements with the LOWEST cost? (Choose two.)
A. Spot Instances
B. On-Demand Instances
C. Reserved Instances
D. Savings Plans
E. Dedicated Hosts
Correct Answers: C. Reserved Instances, D. Savings Plans
✅ Explanation:
Reserved Instances: Offer up to 75% discount for long-term EC2 usage commitments.
Savings Plans: Offer flexible pricing for various AWS services in exchange for usage commitment.
❌ Why the others are wrong:
A. Spot Instances: Cheaper, but can be interrupted at any time, making them unreliable for steady workloads.
B. On-Demand Instances: No upfront commitment; the most expensive option.
E. Dedicated Hosts: Expensive, primarily used for compliance or licensing needs.
A company wants to migrate its on-premises relational databases to the AWS Cloud. The company wants to use infrastructure as close to its current geographical location as possible. Which AWS service or resource should the company use to select its Amazon RDS deployment area?
A. Amazon Connect
B. AWS Wavelength
C. AWS Regions
D. AWS Direct Connect
Correct Answer: C. AWS Regions
✅ Explanation:
AWS Regions allow businesses to deploy services in geographically close locations to reduce latency.
❌ Why the others are wrong:
A. Amazon Connect: A contact center service, unrelated to database deployment.
B. AWS Wavelength: Designed for ultra-low latency applications at the edge, not database placement.
D. AWS Direct Connect: Provides private network connectivity but does not determine deployment areas.
Which AWS Cloud Adoption Framework (AWS CAF) capability belongs to the people perspective?
A. Data architecture
B. Event management
C. Cloud fluency
D. Strategic partnership
Correct Answer: C. Cloud fluency
✅ Explanation:
Cloud fluency focuses on training employees to work effectively with cloud technologies.
❌ Why the others are wrong:
A. Data architecture: Falls under the Platform Perspective (technical infrastructure).
B. Event management: Belongs to the Operations Perspective (monitoring & response).
D. Strategic partnership: Part of the Business Perspective (stakeholder alignment).
Which AWS service can be used at no additional cost?
A. Amazon SageMaker
B. AWS Config
C. AWS Organizations
D. Amazon CloudWatch
Correct Answer: C. AWS Organizations
✅ Explanation:
AWS Organizations lets businesses manage multiple AWS accounts centrally for free.
❌ Why the others are wrong:
A. Amazon SageMaker: Machine learning service that incurs costs.
B. AWS Config: Charges for configuration tracking and compliance reporting.
D. Amazon CloudWatch: Charges apply for logs, metrics, and monitoring beyond free-tier limits.
A company has 5 TB of data stored in Amazon S3. The company plans to occasionally run queries on the data for analysis. Which AWS service should the company use to run these queries in the MOST cost-effective manner?
A. Amazon Redshift
B. Amazon Athena
C. Amazon Kinesis
D. Amazon RDS
Correct Answer: B. Amazon Athena
✅ Explanation:
Amazon Athena allows running serverless SQL queries directly on S3 data, minimizing costs.
❌ Why the others are wrong:
A. Amazon Redshift: Requires data migration and is expensive for occasional queries.
C. Amazon Kinesis: Designed for real-time data streaming, not querying.
D. Amazon RDS: Manages relational databases but does not query data stored in S3.
What is a customer responsibility when using AWS Lambda according to the AWS shared responsibility model?
A. Managing the code within the Lambda function
B. Confirming that the hardware is working in the data center
C. Patching the operating system
D. Shutting down Lambda functions when they are no longer in use
Correct Answer: A. Managing the code within the Lambda function
✅ Explanation:
Under the AWS Shared Responsibility Model, AWS handles infrastructure, while customers manage their Lambda function code.
❌ Why the others are wrong:
B. Confirming that the hardware is working in the data center: AWS manages hardware.
C. Patching the operating system: AWS automatically manages the underlying OS for Lambda.
D. Shutting down Lambda functions when they are no longer in use: AWS scales Lambda automatically.
Which service enables customers to audit API calls in their AWS accounts?
A. AWS CloudTrail
B. AWS Trusted Advisor
C. Amazon Inspector
D. AWS X-Ray
Correct Answer: A. AWS CloudTrail
✅ Explanation:
AWS CloudTrail logs all AWS API calls for security and compliance auditing.
❌ Why the others are wrong:
B. AWS Trusted Advisor: Provides best practices but does not log API calls.
C. Amazon Inspector: Focuses on security vulnerability scanning, not API logging.
D. AWS X-Ray: Traces application requests but does not audit AWS API calls.
