YT 41-60 Flashcards
Elasticity in the AWS Cloud refers to which of the following?
(Choose two.)
A. How quickly an Amazon EC2 instance can be restarted
B. The ability to rightsize resources as demand shifts
C. The maximum amount of RAM an Amazon EC2 instance can use
D. The pay-as-you-go billing model
E. How easily resources can be procured when they are needed
β Correct Answers: B. The ability to rightsize resources as demand shifts & E. How easily resources can be procured when they are needed
π‘ Explanation:
Elasticity refers to the ability to automatically scale resources up or down as demand changes, ensuring cost efficiency and performance. AWS enables fast provisioning of resources when needed.
β Why the others are wrong:
A. How quickly an Amazon EC2 instance can be restarted: This relates to availability, not elasticity.
C. The maximum amount of RAM an Amazon EC2 instance can use: This is a capacity limit, not elasticity.
D. The pay-as-you-go billing model: This refers to cost structure, not elasticity.
A company is setting up AWS Identity and Access Management (IAM) on an AWS account.Which recommendation complies with IAM security best practices?
A. Use the account root user access keys for administrative tasks.
B. Grant broad permissions so that all company employees can access the resources they need.
C. Turn on multi-factor authentication (MFA) for added security during the login process.
D. Avoid rotating credentials to prevent issues in production applications.
β Correct Answer: C. Turn on multi-factor authentication (MFA) for added security during the login process.
π‘ Explanation:
MFA enhances security by requiring additional authentication beyond just passwords, protecting against unauthorized access.
β Why the others are wrong:
A. Use the account root user access keys for administrative tasks: The root user should not be used for daily tasks due to security risks.
B. Grant broad permissions so that all company employees can access the resources they need: Least privilege access should be followed.
D. Avoid rotating credentials to prevent issues in production applications: Credentials should be rotated regularly for security.
An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud.Which cost is the companyβs direct responsibility?
A. Cost of application software licenses
B. Cost of the hardware infrastructure on AWS
C. Cost of power for the AWS servers
D. Cost of physical security for the AWS data center
β Correct Answer: A. Cost of application software licenses
π‘ Explanation:
AWS does not manage third-party application licenses; customers are responsible for those costs.
β Why the others are wrong:
B. Cost of the hardware infrastructure on AWS: AWS owns and manages the hardware.
C. Cost of power for the AWS servers: AWS handles infrastructure power costs.
D. Cost of physical security for the AWS data center: AWS is responsible for physical security.
A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud. How can these reports be generated?
A. Contact the AWS Compliance team.
B. Download the reports from AWS Artifact.
C. Open a case with AWS Support.
D. Generate the reports with Amazon Macie.
β Correct Answer: B. Download the reports from AWS Artifact.
π‘ Explanation: AWS Artifact is the primary service for accessing AWS compliance documents.
β Why the others are wrong:
A. Contact AWS Compliance team β Reports are self-service via AWS Artifact.
C. Open a case with AWS Support β AWS Support does not provide compliance reports.
D. Generate reports with Amazon Macie β Macie is for data security, not compliance reports.
Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity?
A. AWS Service Catalog
B. AWS Systems Manager
C. AWS IAM Access Analyzer
D. AWS Organizations
β Correct Answer: C. AWS IAM Access Analyzer
π‘ Explanation:
AWS IAM Access Analyzer detects public access to AWS resources, helping to enforce security policies.
β Why the others are wrong:
A. AWS Service Catalog: Manages AWS-approved products, not security analysis.
B. AWS Systems Manager: Focuses on operations, not security exposure.
D. AWS Organizations: Manages multiple AWS accounts but does not analyze access permissions.
A company needs to block SQL injection attacks. Which AWS service or feature can meet this requirement?
A. AWS WAF
B. AWS Shield
C. Network ACLs
D. Security groups
β Correct Answer: A. AWS WAF
π‘ Explanation:
AWS WAF (Web Application Firewall) protects against SQL injection and other web-based attacks.
β Why the others are wrong:
B. AWS Shield: Protects against DDoS attacks, not SQL injection.
C. Network ACLs: Controls inbound/outbound traffic but does not analyze SQL queries.
D. Security groups: Controls access but does not filter SQL injection threats.
What does the concept of agility mean in AWS Cloud computing? (Choose two.)
A. The speed at which AWS resources are implemented
B. The speed at which AWS creates new AWS Regions
C. The ability to experiment quickly
D. The elimination of wasted capacity
E. The low cost of entry into cloud computing
β Correct Answers: A. The speed at which AWS resources are implemented & C. The ability to experiment quickly
π‘ Explanation:
AWS agility means quickly launching, testing, and modifying cloud resources without large upfront investments.
β Why the others are wrong:
B. The speed at which AWS creates new AWS Regions: AWS Region creation is not related to user agility.
D. The elimination of wasted capacity: This relates to cost efficiency, not agility.
E. The low cost of entry into cloud computing: This relates to affordability, not agility.
A company runs thousands of simultaneous simulations using AWS Batch. Each simulation is stateless, is fault tolalerant, and runs for up to 3 hours. Which pricing model enables the company to optimize costs and meet these requirements?
A. Reserved Instances
B. Spot Instances
C. On-Demand Instances
D. Dedicated Instances
β Correct Answer: B. Spot Instances
π‘ Explanation:
Spot Instances offer up to 90% savings compared to On-Demand, making them ideal for short-lived, fault-tolerant workloads.
β Why the others are wrong:
A. Reserved Instances: Requires long-term commitment (1-3 years).
C. On-Demand Instances: More expensive than Spot.
D. Dedicated Instances: Used for regulatory/compliance needs, not cost optimization.
A user needs programmatic access to AWS resources through the AWS CLI or the AWS API. Which option will provide the user with the appropriate access?
A. Amazon Inspector
B. Access keys
C. SSH public keys
D. AWS Key Management Service (AWS KMS) keys
β Correct Answer: B. Access keys
π‘ Explanation:
Access keys (Access Key ID & Secret Access Key) allow secure programmatic AWS access.
β Why the others are wrong:
A. Amazon Inspector: Security assessment tool, not an access method.
C. SSH public keys: Used for SSH logins, not AWS API access.
D. AWS KMS keys: Used for encryption, not authentication.
Which AWS Service or feature is used to send both text and email messages from distributed applications?
A. Amazon Simple Notification Service (Amazon SNS)
B. Amazon Simple Email Service (Amazon SES)
C. Amazon CloudWatch alerts
D. Amazon Simple Queue Service (Amazon SQS)
β Correct Answer: A. Amazon Simple Notification Service (Amazon SNS)
π‘ Explanation:
SNS enables sending push notifications, SMS, and emails to distributed systems.
β Why the others are wrong:
B. Amazon SES: Used only for email, not SMS or push notifications.
C. Amazon CloudWatch alerts: Monitors metrics, does not send messages.
D. Amazon SQS: Message queuing service, not for notifications.
A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud. Which activities related to a Snowball Edge device are available to the company at no cost?
A. Use of the Snowball Edge appliance for a 10-day period
B. The transfer of data out of Amazon S3 and to the Snowball Edge appliance
C. The transfer of data from the Snowball Edge appliance into Amazon S3
D. Daily use of the Snowball Edge appliance after 10 days
β C. The transfer of data from the Snowball Edge appliance into Amazon S3
π‘ Explanation:
AWS does not charge for importing data from a Snowball Edge device into Amazon S3.
β Why the others are wrong:
A. Use of the Snowball Edge appliance for a 10-day period: After 10 days, AWS charges a daily fee.
B. The transfer of data out of Amazon S3 and to the Snowball Edge appliance: Data egress from S3 is chargeable.
D. Daily use of the Snowball Edge appliance after 10 days: AWS applies fees beyond the free period.
A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices. Which AWS service can the company use to meet these requirements?
A. AWS Trusted Advisor
B. Amazon Inspector
C. AWS Config
D. Amazon GuardDuty
β B. Amazon Inspector
π‘ Explanation:
Amazon Inspector scans EC2 instances and containers to identify security vulnerabilities and best practice violations.
β Why the others are wrong:
A. AWS Trusted Advisor: Provides cost optimization and security best practice checks but does not perform vulnerability scanning.
C. AWS Config: Tracks configuration changes but does not assess vulnerabilities.
D. Amazon GuardDuty: Detects security threats but does not scan applications for vulnerabilities.
A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally. What is the MOST operationally efficient AWS solution for this scenario?
A. Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility.
B. Configure and deploy an AWS Storage Gateway file gateway. Connect each userβs workstation to the file gateway.
C. Move each userβs working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user.
D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.
β B. Configure and deploy an AWS Storage Gateway file gateway. Connect each userβs workstation to the file gateway.
π‘ Explanation:
AWS Storage Gateway provides scalable, cloud-backed file storage while enabling on-premises applications to access it with low latency.
β Why the others are wrong:
A. Create an Amazon S3 bucket for each user: S3 is not a shared file system.
C. Move each userβs working environment to Amazon WorkSpaces: WorkSpaces is a virtual desktop, not a storage extension.
D. Deploy an Amazon EC2 instance with an EBS volume: EBS is not designed for shared file access across multiple users.
According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket
A. Hard code an IAM userβs secret key and access key directly in the application, and upload the file.
B. Store the IAM userβs secret key and access key in a text file on the EC2 instance, read the keys, then upload the file.
C. Have the EC2 instance assume a role to obtain the privileges to upload the file.
D. Modify the S3 bucket policy so that any service can upload to it at any time.
β C. Have the EC2 instance assume a role to obtain the privileges to upload the file.
π‘ Explanation:
Using an IAM role ensures secure access to S3 without hardcoding credentials.
β Why the others are wrong:
A. Hard code IAM user credentials in the application: Insecure and prone to credential leaks.
B. Store IAM keys in a text file on the EC2 instance: Keys can be stolen if the instance is compromised.
D. Modify the S3 bucket policy to allow uploads anytime: Broad permissions create security risks.
Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?
A. Physical security of DynamoDB
B. Patching of DynamoDB
C. Access to DynamoDB tables
D. Encryption of data at rest in DynamoDB
β D. Encryption of data at rest in DynamoDB
π‘ Explanation:
Under the Shared Responsibility Model, customers are responsible for encrypting their data in DynamoDB.
β Why the others are wrong:
A. Physical security of DynamoDB: Managed by AWS.
B. Patching of DynamoDB: AWS handles database maintenance.
C. Access to DynamoDB tables: While customers manage permissions, encryption remains a separate responsibility.
A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, and environment maintenance. Which AWS service meets these requirements?
A. AWS Lambda
B. Amazon RDS
C. AWS Fargate
D. Amazon Athena
β C. AWS Fargate
π‘ Explanation:
AWS Fargate provides serverless container management, handling cluster size and scheduling automatically.
β Why the others are wrong:
A. AWS Lambda: Not designed for container orchestration.
B. Amazon RDS: Manages databases, not Docker environments.
D. Amazon Athena: Used for querying data in S3, not managing containers.
A company wants to run a NoSQL database on Amazon EC2 instances. Which task is the responsibility of AWS in this scenario?
A. Update the guest operating system of the EC2 instances.
B. Maintain high availability at the database layer.
C. Patch the physical infrastructure that hosts the EC2 instances.
D. Configure the security group firewall.
β C. Patch the physical infrastructure that hosts the EC2 instances.
π‘ Explanation:
AWS maintains the underlying infrastructure, including physical servers and network security.
β Why the others are wrong:
A. Update the guest operating system of the EC2 instances: Customers manage OS updates.
B. Maintain high availability at the database layer: Customers must configure database replication.
D. Configure the security group firewall: Customers control security groups and network rules.
Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose two.)
A. AWS Cost Explorer
B. AWS Billing Conductor
C. Amazon CodeGuru
D. Amazon SageMaker
E. AWS Compute Optimizer
β A. AWS Cost Explorer & E. AWS Compute Optimizer
π‘ Explanation:
AWS Cost Explorer provides cost trends, while AWS Compute Optimizer recommends optimal EC2 instance sizes.
β Why the others are wrong:
B. AWS Billing Conductor: Focuses on cost allocation, not rightsizing.
C. Amazon CodeGuru: Optimizes code, not EC2 usage.
D. Amazon SageMaker: Used for machine learning, not cost optimization.
Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)
A. Providing high-performance container orchestration
B. Creating and rotating encryption keys
C. Detecting underutilized resources to save costs
D. Improving security by proactively monitoring the AWS environment
E. Implementing enforced tagging across AWS resources
β C. Detecting underutilized resources to save costs & D. Improving security by proactively monitoring the AWS environment
π‘ Explanation:
Trusted Advisor helps optimize costs and improves security by identifying misconfigurations and underused resources.
β Why the others are wrong:
A. Providing high-performance container orchestration: ECS and EKS handle this, not Trusted Advisor.
B. Creating and rotating encryption keys: AWS KMS manages encryption keys.
E. Implementing enforced tagging across AWS resources: Managed through AWS Organizations and SCPs.
Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud?
A. Elimination of expenses for running and maintaining data centers
B. Price discounts that are identical to discounts from hardware providers
C. Distribution of all operational controls to AWS
D. Elimination of operational expenses
β A. Elimination of expenses for running and maintaining data centers
π‘ Explanation:
AWS removes the need for physical infrastructure, reducing hardware and maintenance costs.
β Why the others are wrong:
B. Price discounts identical to hardware providers: AWS pricing varies and follows a different model.
C. Distribution of all operational controls to AWS: Customers still manage applications and configurations.
D. Elimination of operational expenses: Some operational costs still exist, such as management and optimization.
