Revision

Question 1

AWS Trusted Advisor offers a rich set of best practice checks and recommendations across five categories:

Answer 1

-cost optimization
-security
-fault tolerance
-performance
-service limits

Question 2

-Relational database that is compatible with MySQL and PostgreSQL
-Scale up to 128 TB
-Can deploy replicas for read scaling within and across Regions.
-Offers automated backups.

Answer 2

Amazon Aurora

Question 3

Used for querying data in Amazon S3 using SQL.

Answer 3

Amazon Athena

Question 4

-NoSQL database that supports document data structures.
-Fully managed
-Flexible schema that allows for the data model to evolve
-MongoDB
-Automatically replicates six copies of your data across 3 availability zones to offer a 99.99% availability.

Answer 4

Amazon DocumentDB

Question 5

-Serverless
-Fully managed NoSQL database
-Supports key-value and document data models.
-Replicates the data across multiple availability zones (AZs)

Answer 5

DynamoDB

Question 6

AWS Well-Architected
Under the operational excellence pillar the following best practices

Answer 6

-Perform operations as code
-Make frequent, small, reversible changes
-Refine operations procedures frequently
-Anticipate failure
-Learn from all operational failures

Question 7

Amazon EC2 Auto Scaling Policies Types

Answer 7

-Scheduled scaling
-Predictive scaling
-Target tracking scaling:(ASG keep in target)
-Step scaling:Launch resources in response to demand (waiting time)

Question 8

is used for managing EC2 instances such as installing patches and software.

Answer 8

Systems Manager

Question 9

-Extend your VPC into the on-premises data center
-Fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any data center, co-location space, or on-premises facility for a truly consistent hybrid experience.

Answer 9

AWS Outposts

Question 10

Seamless omnichannel experience through a single unified contact center for voice, chat, and task management.

Answer 10

Amazon Connect

Question 11

creating a low-latency private connection to an on-premises data center but it cannot be used to extend the VPC.

Answer 11

Direct Connect

Question 12

-CloudFormation templates that automate the deployment and a guide that discusses the architecture and provides step-by-step deployment instructions.
-Acelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately.

Answer 12

AWS Quick Starts

Question 13

used to deploy infrastructure from templates,

Answer 13

CloudFormation

Question 14

content delivery network (CDN) that caches content around the world for lower latency access.
-improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery).
-good fit for HTTP use cases

Answer 14

Amazon CloudFront

Question 15

Enables access to your application by leveraging the same Edge Locations as CloudFront and routing connections across the AWS global network.
improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions.
-good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or VoIP, as well as for HTTP use cases that require static IP addresses or deterministic, fast regional failover.

Answer 15

AWS Global Accelerator

Question 16

This service is used for optimizing the network topology of interconnected VPCs and on-premises networks.

Answer 16

AWS Transit Gateway

Question 17

Elastic Load Balancers can only serve targets in a single Region

Answer 17

True

Question 18

WAF can be used to protect on-premises resources if they are deployed behind an

Answer 18

Application Load Balancer (ALB)

Question 19

fully managed non-persistent application and desktop streaming service.

Answer 19

AppStream 2.0

Question 20

is an Extract, Transform, and Load (ETL) service.

Answer 20

AWS Glue

Question 21

scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloud.

Answer 21

-Amazon QuickSight

Question 22

Generate reports that break down AWS Cloud compute costs by duration, resource, or tags

Answer 22

AWS Cost & Usage Report.

Question 23

Estimate a monthly bill for the AWS Cloud resources that will be used

Answer 23

Pricing Calculator

Question 24

Enable billing alerts to monitor actual AWS costs compared to estimated costs

Answer 24

Amazon CloudWatch.

Question 25

-Estimate savings when comparing the AWS Cloud to an on-premises environment

Answer 25

AWS Total Cost of Ownership (TCO) Calculator

Question 26

fully managed ledger database that provides transparent, immutable, and cryptographically verifiable transactions

Answer 26

Amazon Quantum Ledger Database (QLDB)

Question 27

enables you to easily generate and use your own encryption keys on the AWS Cloud.

helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module

Answer 27

AWS CloudHSM

Question 28

This service is also involved with creating and managing encryption keys but does not use dedicated hardware.

Answer 28

AWS Key Management Service (AWS KMS)

Question 29

used to capture network traffic information,

Answer 29

VPC Flow Logs

Question 30

is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.

Answer 30

AWS Storage Gateway

Question 31

AWS Storage Gateway types of gateways

Answer 31

Tape Gateway
Amazon S3 File Gateway
Amazon FSx File Gateway,
Volume Gateway

Question 32

intelligent threat detection service

Answer 32

Amazon GuardDuty

Question 33

is a cloud computing model where a third-party provider delivers hardware and software tools to users over the internet. Usually, these tools are needed for application development.

Answer 33

Platform as a Service (PaaS)

Question 34

software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted.

Answer 34

Software as a Service (SaaS)

Question 35

type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis

Answer 35

Infrastructure as a Service (IaaS)

Question 36

type of cloud-computing service that allows you to execute code in response to events

Answer 36

Function as a Service (FaaS)

Question 37

configuration management service that provides managed instances of Chef and Puppet

Answer 37

AWS OpsWorks

Question 38

easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.
imply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring.
can access the underlying resources at any time.

Answer 38

AWS Elastic Beanstalk

Question 39

AWS-managed service can be used to process vast amounts of data using a hosted Hadoop framework?

Answer 39

-Amazon EMR Elastic Map Reduce

Question 40

manage the maximum available permissions for AWS Organizations
Applied to account or OU

Answer 40

Service Control Policy (SCP)

Organizational Units or Accounts

Question 41

lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.

Answer 41

Amazon Cognito.

Question 42

plan provides access to architectural and operational reviews, as well as 24/7 access to Cloud Support Engineers through email, online chat, and phone

Answer 42

enterprise

Question 43

Each tag consists of a key and a value. For each resource, each tag key must be unique, and each tag key can have only one value.

Answer 43

Add department-specific tags to each resource

Question 44

attached to a VPC and allows inbound traffic from the internet to access the VPC. It is also used as a target in route tables for outbound internet traffic.

Answer 44

Internet gateway

Question 45

outbound internet access for instances running in a private subnet.

Answer 45

NAT gateway

Question 46

group of protocols that are used together to set up encrypted connections between devices. It helps keep data sent over public networks secure.

Answer 46

IPSec

Question 47

A VGW is used for IPSec VPN connections to access a VPC

Answer 47

Virtual Private Gateway

Question 48

set of rules, called routes, that determine where network traffic from your subnet or gateway is directed.

Answer 48

VPC Route Table

Question 49

each NACL can be applied to one or more subnets, but each subnet is required to be associated with one—and only one—NACL

Answer 49

true

Question 50

collections of users and have policies attached to them.

Answer 50

IAM Group
place the users in the group and then create an IAM policy with the correct permissions and attach it to the group.

Question 51

capture information about inbound and outbound IP traffic on network interfaces in a VPC?

Answer 51

VPC Flow Logs

Question 52

Key pairs are used for authenticating to

Answer 52

EC2 instances.

Question 53

connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once.

Answer 53

AWS Transit Gateway

Question 54

serverless event bus that makes it easier to build event-driven applications at scale using events generated from your applications.

Answer 54

Amazon EventBridge

Question 55

you visibility and control of your infrastructure on AWS. provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.

Answer 55

AWS Systems Manager

Question 56

threat detection and continuous security monitoring for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.

Answer 56

Amazon GuardDuty

Question 57

automated vulnerability management service that continually scans Amazon Elastic Compute Cloud (EC2), AWS Lambda functions, and container workloads for software vulnerabilities and unintended network exposure.

Answer 57

Amazon Inspector

Question 58

makes it easy to analyze, investigate, and quickly identify the root cause of security findings or suspicious activities.

Answer 58

Amazon Detective

Question 59

A service that is intended for organizations with multiple accounts and teams who are looking for the easiest way to set up their new multi-account AWS environment and govern at scale

Answer 59

AWS Control Tower

Question 60

Beanstalk is a platform service that leverages the automation capabilities of

Answer 60

CloudFormation

Question 61

blazing fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications.

Answer 61

Amazon ElastiCache

Question 62

To gain greater discounts, which services can be reserved?

Answer 62

-EC2
-Amazon DynamoDB
-Amazon RedShift
-RDS
-ElastiCache
-OpenSearch Service,

Question 63

Which AWS services can be used as infrastructure automation tools?

Answer 63

-AWS OpsWorks
-AWS CloudFormation

Question 64

Allows instance to connec to the internet while remaining private/
-AWS managed

Answer 64

NAT Gateway

-customer managed : NAT instance

Question 65

Firewall that controls traffic from and to a subnet

Answer 65

NACL Network ACL
-Allow / Deny
-IP addresses
-stateless: return traffic must explicit allow
-process rules in numbered order when deciding weather to allow
-auto applied to all instances in subnet

Question 66

Controls traffic to and from an EC2

Answer 66

Security Group
-Allow only
-IP or other security groups
-stateful: return traffic automatically allowed
-evaluate rules before deciding if allow
-must be specified at launch or associated

Question 67

Types of flow logs

Answer 67

-VPC Flow Logs
-Subnet Flow Logs
-Elastic Network Interface FLow logsELastic

Help to troubleshoot connectivity issues