Practice Test 5 Study Flashcards
Which AWS service can inspect Amazon CloudFront distributions running on any HTTP web server?
1. AWS Web Application Firewall (AWS WAF)
2. Amazon Inspector
3. AWS Guard Duty
4. Elastic Load Balancing (ELB)
1 - AWS Web Application Firewall (AWS WAF)
AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront and lets you control access to your content.
A corporation would like to simplify access management to multiple AWS accounts as well as facilitate AWS Single Sign-On (AWS SSO) access to its AWS accounts. As a Cloud Practitioner, which AWS service would you use for this task?
1. AWS IAM Identity Center
2. AWS Identity and Access Management (AWS IAM)
3. AWS Command Line Interface (CLI)
4. AWS Cognito
1 - AWS IAM Identity Center
AWS IAM Identity Center is the successor to AWS Single Sign-On (AWS SSO). It is built on top of AWS Identity and Access Management (IAM) to simplify access management to multiple AWS accounts, AWS applications, and other SAML-enabled cloud applications. In IAM Identity Center, you create or connect, your workforce users for use across AWS. You can choose to manage access just to your AWS accounts, just to your cloud applications, or to both.
You can create users directly in IAM Identity Center, or you can bring them from your existing workforce directory. With IAM Identity Center, you get a unified administration experience to define, customize, and assign fine-grained access. Your workforce users get a user portal to access their assigned AWS accounts or cloud applications.
Which of the following billing timeframes is applied when running a Windows EC2 on-demand instance?
1. Pay per minute
2. Pay per hour
3. Pay per day
4. Pay per second
4 - Pay per second
Which AWS service can be used to send, store, and receive messages between software components at any volume to decouple application tiers?
1. Amazon Simple Notification Service (Amazon SNS)
2. AWS Organizations
3. AWS Elastic Beanstalk
4. Amazon Simple Queue Service (Amazon SQS)
4 - Amazon Simple Queue Service (Amazon SQS)
A company would like to reserve Amazon Elastic Compute Cloud (Amazon EC2) compute capacity for three years to reduce costs. The company also plans to increase their workloads during this period. As a Cloud Practitioner, which Amazon Elastic Compute Cloud (Amazon EC2) reserved instance (RI) type would you recommend?
1. Standard Reserved Instance (RI)
2. Scheduled Reserved Instance (RI)
3. Convertible Reserved Instance (RI)
4. Adaptable Reserved Instance (RI)
3 - Convertible Reserved Instance (RI)
Purchase convertible reserved instance (RI) if you need additional flexibility, such as the ability to use different instance families, operating systems, or tenancies over the reserved instance (RI) term. Convertible reserved instance (RI) provides you with a significant discount (up to 54%) compared to an on-demand instance and can be purchased for a 1-year or 3-year term.
Convertible reserved instance (RI) can be useful when workloads are likely to change. In this case, a convertible reserved instance (RI) enables you to adapt as needs evolve while still obtaining discounts and capacity reservation.
https://aws.amazon.com/ec2/pricing/
Which AWS service can be used to view the most comprehensive billing details for the past month?
1. AWS Cost Explorer
2. AWS Cost & Usage Report (AWS CUR)
3. AWS Budgets
4. AWS Pricing Calculator
2 - AWS Cost & Usage Report (AWS CUR)
The AWS Cost & Usage Report (AWS CUR) contains the most comprehensive set of cost and usage data available.
A company would like to move 50 petabytes (PBs) of data from its on-premises data centers to AWS in the MOST cost-effective way. As a Cloud Practitioner, which of the following solutions would you choose?
1. AWS Storage Gateway
2. AWS Snowmobile
3. AWS Snowball
4. AWS Snowball Edge
2 - AWS Snowmobile
AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can transfer up to 100PB per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. AWS Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration. Transferring data with Snowmobile is more secure, fast, and cost-effective.
https://aws.amazon.com/snowmobile/
Which of the following AWS services can be used to generate, use, and manage encryption keys on the AWS Cloud?
1. AWS Secrets Manager
2. AWS CloudHSM
3. AWS GuardDuty
4. Amazon Inspector
2 - AWS CloudHSM
AWS CloudHSM allows you to securely generate, store, and manage cryptographic keys used for data encryption in a way that keys are accessible only to you.
Which security control tool can be used to deny traffic from a specific IP address?
1. VPC Flow Logs
2. Security Group
3. Network Access Control List (Network ACL)
4. Amazon GuardDuty
3 - Network Access Control List (Network ACL)
An organization would like to copy data across different Availability Zones (AZs) using Amazon EBS snapshots. Where are Amazon EBS snapshots stored in the AWS Cloud?
1. Amazon S3
2. Amazon EFS
3. Amazon EC2
4. Amazon RDS
1 - Amazon S3
You can back up the data on your Amazon EBS Elastic Volumes to Amazon Simple Storage Service (Amazon S3) by taking point-in-time snapshots.
According to the AWS Well-Architected Framework, which of the following statements are recommendations in the Operational Excellence pillar? (Select two)
1. Make frequent, small, reversible changes
2. Enable traceability
3. Automatically recover from failure
4. Use serverless architectures
5. Anticipate failure
1 - Make frequent, small, reversible changes
5 - Anticipate failure
Which of the following services are provided by Amazon Route 53? (Select Two)
1. Health checks and monitoring
2. IP routing
3. Domain registration
4. Transfer acceleration
5. Load balancing
1 - Health checks and monitoring
3 - Domain registration
Which service/tool will you use to create and provide trusted users with temporary security credentials that can control access to your AWS resources?
1. AWS IAM Identity Center
2. Amazon Cognito
3. AWS Security Token Service (AWS STS)
4. AWS Web Application Firewall (AWS WAF)
3 - AWS Security Token Service (AWS STS)
AWS Security Token Service (AWS STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (AWS IAM) users or for users that you authenticate (federated users).
Which of the following statements is the MOST accurate when describing AWS Elastic Beanstalk?
1. It is a Platform as a Service (PaaS) that allows you to model and provision resources as needed for an application
2. It is an Infrastructure as a Service (IaaS) that allows you to deploy and scale web applications and services
3. It is an Infrastructure as Code (IaC) that allows you to model and provision resources needed for an application
4. It is a Platform as a Serfvice (PaaS) that allows you to deploy and scal web applications and services
4 - It is a Platform as a Service (PaaS) that allows you to deploy and scal web applications and services
It is a Platform as a Service (PaaS) as you only manage the applications and the data.
A company would like to separate cost for AWS services by the department for cost allocation. Which of the following is the simplest way to achieve this task?
1. Create one account for all departments and share this account
2. Create tags for each department
3. Create different accounts for different departments
4. Create different virtual private cloud (VPCs) for differnt departments
2 - Create tags for each department
Typically, you use business tags such as cost center/business unit, customer, or project to associate AWS costs with traditional cost-allocation dimensions. But a cost allocation report can include any tag. This lets you associate costs with technical or security dimensions, such as specific applications, environments, or compliance programs.
