AWS Certified Cloud Practitioner Practice Exam (1) Flashcards
One of the most important AWS best-practices to follow is the cloud architecture principle of elasticity. How does this principle improve your architecture’s design?
A.By automatically provision the required AWS resources based on changes in demand
B.By automatically scaling your AWS resources using an Elastic Load Balancer
C.By automatically scaling your on-premises resources based on changes in demand
D.By reducing interdependencies between application components wherever possible
A.By automatically provision the required AWS resources based on changes in demand
Explanation
Before cloud computing, you had to overprovision infrastructure to ensure you had enough capacity to handle your business operations at the peak level of activity. Now, you can provision the amount of resources that you actually need, knowing you can instantly scale up or down with the needs of your business. This reduces costs and improves your ability to meet your users’ demands.
The concept of Elasticity involves the ability of a service to scale its resources out or in (up or down) based on changes in demand. For example, Amazon EC2 Autoscaling can help automate the process of adding or removing Amazon EC2 instances as demand increases or decreases.
The other options are incorrect:
“By reducing interdependencies between application components wherever possible” is incorrect. Reducing interdependencies between application components is much more related to the concept of “Loose Coupling”. Loose coupling is an approach that involves interconnecting the components in a system or network so that those components depend on each other to the least extent practical. Engineers should architect their system or application such that failure in one component does not negatively affect other components. Loosely coupled components make the system resilient and allow it to recover gracefully from failure.
“By automatically scaling your on-premises resources based on changes in demand” is incorrect. It is not possible to scale on-premises resources automatically. When deploying on-premises, you have to guess on your infrastructure capacity needs.
“By automatically scaling your AWS resources using an Elastic Load Balancer” is incorrect. Elastic Load Balancers do not scale resources. Elastic Load Balancers distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions.
What are the benefits of having infrastructure hosted in AWS? (Choose TWO)
A.Gaining complete control over the physical infrastructure
B.Increasing spped and agility
C.All of the physical security and most of the data/network security are taken care of for you
d.There is no need to worry about security
E.Operating applications on behalf of customers
B.Increasing spped and agility
C.All of the physical security and most of the data/network security are taken care of for you
Explanation
All of the physical security are taken care of for you. Amazon data centers are surrounded by three physical layers of security. “Nothing can go in or out without setting off an alarm”. It’s important to keep bad guys out, but equally important to keep the data in which is why Amazon monitors incoming gear, tracking every disk that enters the facility. And “if it breaks we don’t return the disk for warranty. The only way a disk leaves our data center is when it’s confetti.”
Most (not all) data and network security are taken care of for you. When we talk about the data/network security, AWS has a “shared responsibility model” where AWS and the customer share the responsibility of securing them. For example, the customer is responsible for creating rules to secure their network traffic using the security groups and is also responsible for protecting data with encryption.
"Increasing speed and agility" is also a correct answer because in a cloud computing environment, new IT resources are only a click away, which means it requires less time to make those resources available to developers - from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.
The other options are incorrect:
“Gaining complete control over the physical infrastructure” is incorrect. The Physical infrastructure is a responsibility of AWS, not the customer.
“Operating applications on behalf of customers” is incorrect. AWS customers are responsible for building and operating their applications.
“There is no need to worry about security” is incorrect. As mentioned above, security is a shared responsibility between AWS and the customer. For example, the customer has to manage who can access and use AWS resources using the IAM service
Hundreds of thousands of DDoS attacks are recorded every month worldwide. What service does AWS provide to help protect AWS Customers from these attacks? (Choose TWO) A.AWS Config B.AWS WAF C.AWS Shield D.Amazon Cognito E.AWS KMS
B.AWS WAF
C.AWS Shield
Explanation
AWS provides flexible infrastructure and services that help customers implement strong DDoS mitigations and create highly available application architectures that follow AWS Best Practices for DDoS Resiliency. These include services such as Amazon Route 53, Amazon CloudFront, Elastic Load Balancing, and AWS WAF to control and absorb traffic, and deflect unwanted requests. These services integrate with AWS Shield, a managed DDoS protection service that provides always-on detection and automatic inline mitigations to safeguard web applications running on AWS.
The other options are incorrect:
“Amazon Cognito” is incorrect. Amazon Cognito allows you to add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.
“AWS KMS” is incorrect. AWS KMS provides a highly available key storage, management, and auditing solution for you to encrypt data within your own applications and control the encryption of stored data across AWS services.
“AWS Config” is incorrect. AWS Config is a service that enables you to monitor, assess, and audit all changes made to your AWS resources.
In order to implement best practices when dealing with a “Single Point of Failure,” you should attempt to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help? (Choose TWO) A.ELB B.ECR C.Amazon EC2 D.Amazon Athena E.Auto Scaling
A.ELB
E.Auto Scaling
Explanation:
You should attempt to build as much automation as possible in both detecting and reacting to failure. You can use services like ELB and Amazon Route53 to configure health checks and mask failure by only routing traffic to healthy endpoints. In addition, Auto Scaling can be configured to automatically replace unhealthy nodes. You can also replace unhealthy nodes using the Amazon EC2 auto-recovery feature or services such as AWS OpsWorks and AWS Elastic Beanstalk. It won’t be possible to predict every possible failure scenario on day one. Make sure you collect enough logs and metrics to understand normal system behavior. After you understand that, you will be able to set up alarms that trigger automated response or manual intervention.
The other options are incorrect:
ECR is incorrect. Amazon Elastic Container Registry (ECR) is a Docker container registry that allows developers to store, manage, and deploy Docker container images.
Amazon Athena is incorrect. Amazon Athena is an interactive query service that is mainly used to analyze data in Amazon S3 using standard SQL.
Amazon EC2 is incorrect. Amazon EC2 is a server-based compute service. Fault tolerance is not built-in, you have to architect for fault tolerance using the services we mentioned above.
Additional information:
Lambda is a serverless compute service. Serverless computing provides built-in fault tolerance. You don’t need to architect for this capability since the service provides it by default.
Which service provides object-level storage in AWS? A.Amazon EBS B.Amazon S3 C.Amazon EFS D.Amazon Instance Store
B.Amazon S3
Explanation:
Amazon S3 is an object level storage built to store and retrieve any amount of data from anywhere – web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry.
The other options are incorrect:
“Amazon EFS” is incorrect. Amazon EFS is a file-level storage technology that provides massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistently low latencies.
“Amazon EBS” is incorrect. Amazon EBS is a block-level storage that provides storage volumes for use with Amazon EC2 and Amazon RDS instances.
“Amazon Instance Store” is incorrect. An instance store provides temporary block-level storage for your EC2 instances. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content.
A company is concerned that they are spending money on underutilized compute resources in AWS. Which AWS feature will help ensure that their applications are automatically adding/removing EC2 compute capacity to closely match the required demand? A.AWS Auto Scaling B.AWS Elastic Load Balancer C.AWS Budgets D.AWS Cost Explorer
A.AWS Auto Scaling
Explanation:
AWS Auto Scaling is the feature that automates the process of adding/removing server capacity (based on demand). Autoscaling allows you to reduce your costs by automatically turning off resources that aren’t in use. On the other hand, Autoscaling ensures that your application runs effectively by provisioning more server capacity if required.
The other options are incorrect:
“AWS Budgets” is incorrect. AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.
“AWS Elastic Load Balancer” is incorrect. AWS Elastic Load Balancer (ELB) is a service that distributes the incoming application traffic to multiple targets that you define.
“AWS Cost Explorer” is incorrect. AWS Cost Explorer provides an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time.
You have noticed that several critical Amazon EC2 instances have been terminated. Which of the following AWS services would help you determine who took this action? A.EC2 Instance Usage Report B.AWS Trusted Advisor C.AWS CloudTrail D.Amazon Inspector
C.AWS CloudTrail
Explanation:
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.
The other options are incorrect:
“Amazon Inspector” is incorrect. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
“EC2 Instance Usage Report” is incorrect. This report shows you your historical EC2 instance usage, and helps you plan for future EC2 usage. EC2 Instance Usage Reports are designed to make it easier for you to track and better manage your EC2 usage and spending.
“AWS Trusted Advisor” is incorrect. AWS Trusted Advisor is an online tool that provides real time guidance to help you provision your resources following AWS best practices.
Which of the below options are related to the reliability of AWS? (Choose TWO)
A.Providing compensation to customers if issues occur
B.All AWS services are considered Global Services and this design helps customers serve their international users
C.Ability to recover quickly from failures
D.Applying the principle of least privilege to all AWS resources
E.Automatically provisioning new resources to meet demand
C.Ability to recover quickly from failures
E.Automatically provisioning new resources to meet demand
Explanation
The reliability term encompasses the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. The automatic provisioning of resources and the ability to recover from failures meet these criteria.
The other options are incorrect:
“Applying the principle of least privilege to all AWS resources” is incorrect. Principle of least privilege is a security concept related to access management.
“Providing compensation to customers if issues occur” is incorrect. AWS generally does not provide compensation to customers if issues occur and doing so has nothing to do with reliability.
“All AWS services are considered Global Services, and this design helps customers serve their international users” is incorrect. AWS services are either Global, Regional or specific to an Availability Zone. Among all the services that AWS offers, only a few of them are considered global services. Examples of AWS global services include: Amazon CloudFront, AWS Identity and Access Management and Amazon Route 53. This answer is incorrect because NOT ALL AWS Services are Global.
An organization has a large number of technical employees who operate their AWS Cloud infrastructure. What does AWS provide to help organize them into teams and then assign the appropriate permissions for each team? A.AWS Organizations B.IAM Groups C.IAM users D.IAM Roles
B.IAM Groups
Explanation
An IAM group is a collection of IAM users that are managed as a unit. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group. If a new user joins your organization and needs administrator privileges, you can assign the appropriate permissions by adding the user to that group. Similarly, if a person changes jobs in your organization, instead of editing that user's permissions, you can remove him or her from the old groups and add him or her to the appropriate new groups.
The other options are incorrect:
“IAM role” is incorrect. An IAM role is an IAM identity that you can create in your account that has specific permissions. IAM roles allow you to delegate access (for a limited time) to users or services that normally don’t have access to your organization’s AWS resources. IAM users or AWS services can assume a role to obtain temporary security credentials that can be used to interact with specific AWS resources.
You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources. For example, you might want to grant users in your AWS account access to resources they don't usually have, or grant users in one AWS account access to resources in another account. Or you might want to allow a mobile app to use AWS resources, but not want to embed AWS keys within the app. Sometimes you want to give AWS access to users who already have identities defined outside of AWS, such as in your corporate directory. Or, you might want to grant access to your account to third parties so that they can perform an audit on your resources. For these scenarios, you can delegate access to AWS resources using an IAM role.
“IAM users” is incorrect. An IAM user is an entity that you create in AWS to represent the person or application that uses it to directly interact with AWS. A primary use for IAM users is to give people the ability to sign in to the AWS Management Console for interactive tasks and to make programmatic requests to AWS services using the API or CLI. A user in AWS consists of a name, a password to sign into the AWS Management Console, and up to two access keys that can be used with the API or CLI. When you create an IAM user, you grant it permissions by making it a member of a group that has appropriate permission policies attached (recommended), or by directly attaching policies to the user.
Additional information:
An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone (or any service, application, …etc) who needs it. Also, a role does not have standard long-term credentials such as a password or access keys associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session. IAM roles are meant to be assumed by authorized entities, such as IAM users, applications, or an AWS service such as Amazon EC2.
“AWS Organizations” is incorrect. AWS Organizations can be used to group AWS accounts, not IAM users (the employees). AWS Organization helps you to centrally manage billing; control access, compliance, and security; and share resources across multiple AWS accounts.
AWS allows users to manage their resources using a web based user interface. What is the name of this interface? A.AWS CLI B.AWS DSK C.AWS API D.AWS Management Console
D.AWS Management Console
Explanation
The AWS Management Console allows you to access and manage Amazon Web Services through a simple and intuitive web-based user interface. You can also use the AWS Console mobile app to quickly view resources on the go.
The other options are incorrect:
AWS CLI is incorrect. The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
AWS SDK is incorrect. The AWS SDK (Software Development Kit) allows you to interact with AWS services using your preferred programming language.
AWS API is incorrect. AWS API refers to the AWS application programming interface.
Which of the following are examples of AWS-Managed Services, where AWS is responsible for the operational and maintenance burdens of running the service? (Choose TWO) A.AWS IAM B.Amazon DynamoDB C.Amazon Elastic Compute Cloud D.Amazon VPC E.Amazon Elastic MapReduce
B.Amazon DynamoDB
E.Amazon Elastic MapReduce
Explanation
For managed services such as Amazon Elastic MapReduce (Amazon EMR) and DynamoDB, AWS is responsible for performing all the operations needed to keep the service running.
Amazon EMR launches clusters in minutes. You don’t need to worry about node provisioning, infrastructure setup, Hadoop configuration, or cluster tuning. Amazon EMR takes care of these tasks so you can focus on analysis.
DynamoDB is serverless with no servers to provision, patch, or manage and no software to install, maintain, or operate. DynamoDB automatically scales tables up and down to adjust for capacity and maintain performance. Availability and fault tolerance are built in, eliminating the need to architect your applications for these capabilities.
Other managed services include: AWS Lambda, Amazon RDS, Amazon Redshift, Amazon CloudFront, and several other services.
For these managed services, AWS is responsible for most of the configuration and management tasks, but customers are still responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.
NOTE:
The AWS managed services we mentioned above are different than the AWS Managed Services (AMS) service. AMS is an AWS service that operates AWS on behalf of enterprise customers and partners. Enterprises want to adopt AWS at scale but often the skills that have served them well in traditional IT do not always translate to success in the cloud. AWS Managed Services (AMS) enables them to migrate to AWS at scale more quickly, reduce their operating costs, improve security and compliance and focus on their differentiating business priorities.
The other options are incorrect:
“Amazon VPC” is incorrect. Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment. Amazon VPC is not a managed service, you are responsible for managing almost everything when using the Amazon VPC service.
“Amazon Elastic Compute Cloud” is incorrect. Amazon Elastic Compute Cloud (Amazon EC2) is a service that gives you complete control over your compute resources. Apart from patching the underlying host - which is the responsibility of AWS - you are responsible for managing almost everything in your server instances when using Amazon EC2.
“AWS IAM” is incorrect. AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
You work as an on-premises MySQL DBA. The work of database configuration, backups, patching, and DR can be time-consuming and repetitive. Your company has decided to migrate to the AWS Cloud. Which of the following can help save time on database maintenance so you can focus on data architecture and performance? A.Amazon RDS B.Amazon Redshift C.Amazon CloudWatch D.Amazon DynamoDB
A.Amazon RDS
Explanation
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity while automating time-consuming administration tasks such as hardware provisioning, operating system maintenance, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.
Amazon RDS can be used to host Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and SQL Server databases.
The other options are incorrect:
“Amazon Redshift” is incorrect. Amazon Redshift is not a MySQL database service. Amazon Redshift is a fully managed data warehouse service that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools.
“Amazon DynamoDB” is incorrect. Amazon DynamoDB is not a MySQL database service. Amazon DynamoDB is a fully managed NoSQL database service.
“Amazon CloudWatch” is incorrect. Amazon CloudWatch is not a database service. Amazon CloudWatch is a monitoring service that gives you complete visibility of your cloud resources and applications
A global company with a large number of AWS accounts is seeking a way in which they can centrally manage billing and security policies across all accounts. Which AWS Service will assist them in meeting these goals? A.AWS Organizations B.AWS Config C.AWS Trusted Advisor D.IAM Groups
A.AWS Organizations
Explanation
AWS Organizations helps customers centrally govern their environments as they grow and scale their workloads on AWS. Whether customers are a growing startup or a large enterprise, Organizations helps them to centrally manage billing; control access, compliance, and security; and share resources across their AWS accounts.
AWS Organizations has five main benefits:
1) Centrally manage access polices across multiple AWS accounts.
2) Automate AWS account creation and management.
3) Control access to AWS services.
4) Consolidate billing across multiple AWS accounts.
5) Configure AWS services across multiple accounts.
The other options are incorrect:
“AWS Trusted Advisor” is incorrect. AWS Trusted Advisor is an online tool that provides customers with real time guidance to help them provision their resources following AWS best practices.
“IAM Groups” is incorrect. IAM groups are not used to manage multiple AWS accounts. An IAM group is a collection of IAM users - within the same AWS account - that are managed as a unit. IAM Groups let customers specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, customers could have a group called Admins and give that group the types of permissions that administrators typically need.
“AWS Config” is incorrect. AWS Config is a fully managed service that provides customers with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance.
Which of the following does NOT belong to the AWS Cloud Computing models? A.Platform as a Service (PaaS) B.Software as a Service (SaaS) C.Netowkring as a Service (NaaS) D.Infrastructure as a Service (IaaS)
C.Netowkring as a Service (NaaS)
Explanation:
There are three Cloud Computing Models:
1) Infrastructure as a Service (IaaS) - Infrastructure as a Service (IaaS) contains the basic building blocks for cloud IT and typically provide access to networking features, computers (virtual or on dedicated hardware), and data storage space. IaaS provides you with the highest level of flexibility and management control over your IT resources and is most similar to existing IT resources that many IT departments and developers are familiar with today.
2) Platform as a Service (PaaS) - Platform as a Service (PaaS) removes the need for your organization to manage the underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications. This helps you be more efficient as you don’t need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application.
3) Software as a Service (SaaS) - Software as a Service (SaaS) provides you with a completed product that is run and managed by the service provider. In most cases, people referring to Software as a Service are referring to end-user applications. With a SaaS offering you do not have to think about how the service is maintained or how the underlying infrastructure is managed; you only need to think about how you will use that particular piece of software. A common example of a SaaS application is web-based email which you can use to send and receive email without having to manage feature additions to the email product or maintain the servers and operating systems that the email program is running on.
Networking services are provided as part of the IaaS model.
The identification process of an online financial services company requires that new users must complete an online interview with their security team. The completed recorded interviews are only required in the event of a legal issue or a regulatory compliance breach. What is the most cost-effective service to store the recorded videos? A.AWS Marketplace B.Amazon Glacier C.Amazon EBS D.S3 Intelligent-Tiering
B.Amazon Glacier
Explanation:
Amazon Glacier is an extremely low-cost storage service that provides secure, durable, and flexible storage for long-term data backup and archival. With Amazon Glacier, customers can reliably store their data for as little as $0.004 per gigabyte per month. Amazon Glacier enables customers to offload the administrative burdens of operating and scaling storage to AWS, so that they don’t have to worry about capacity planning, hardware provisioning, data replication, hardware failure detection and repair, or time-consuming hardware migrations.
The other options are incorrect:
“S3 Intelligent-Tiering” is incorrect. S3 Intelligent-Tiering is ideal for data with unknown or changing access patterns.
S3 Intelligent-Tiering is the first cloud object storage class that delivers automatic cost savings by moving data between two access tiers - frequent access and infrequent access - when access patterns change.
“AWS Marketplace” is incorrect. AWS Marketplace is a curated digital catalog that makes it easy for customers to find, buy, deploy, and manage third-party software and services that customers need to build solutions and run their businesses. AWS Marketplace includes thousands of software listings from popular categories such as security, networking, storage, machine learning, business intelligence, database, and DevOps. AWS Marketplace also simplifies software licensing and procurement with flexible pricing options and multiple deployment methods. Customers can quickly launch pre-configured software with just a few clicks, and choose software solutions in AMI and SaaS formats, as well as other formats. Flexible pricing options include free trial, hourly, monthly, annual, multi-year, and BYOL, and get billed from one source, AWS.
“Amazon EBS” is incorrect. Amazon EBS is a block level storage that provides storage volumes for use with Amazon EC2 and Amazon RDS. Amazon EBS is not a cost-effective choice here.
A company is planning to host an educational website on AWS. Their video courses will be streamed all around the world. Which of the following AWS services will help achieve high transfer speeds? A.Amazon SNS B.AWS CloudFormation C.Amazon Kinesis Video Streams D.Amazon CloudFront
D.Amazon CloudFront
Explanation:
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.
The use cases of Amazon CloudFront include:
1- Accelerate static website content delivery.
CloudFront can speed up the delivery of your static content (for example, images, style sheets, JavaScript, and so on) to viewers across the globe. By using CloudFront, you can take advantage of the AWS backbone network and CloudFront edge servers to give your viewers a fast, safe, and reliable experience when they visit your website.
2- Live & on-demand video streaming.
The Amazon CloudFront CDN offers multiple options for streaming your media – both pre-recorded files and live events – at sustained, high throughput required for 4K delivery to global viewers.
3- Security.
CloudFront integrates seamlessly with AWS Shield for Layer 3/4 DDoS mitigation and AWS WAF for Layer 7 protection.
4- Customizable content delivery with Lambda@Edge.
Lambda@Edge is a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency.
The other options are incorrect:
“AWS CloudFormation” is incorrect. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.
“Amazon Kinesis Video Streams” is incorrect. Amazon Kinesis Video Streams enables you to securely stream video from connected devices (IoT devices) to AWS for analytics, machine learning (ML), playback, and other processing. Kinesis Video Streams automatically provisions and elastically scales all the infrastructure needed to ingest streaming video data from millions of devices. It durably stores, encrypts, and indexes video data in your streams, and allows you to access your data through easy-to-use APIs.
“Amazon SNS” is incorrect. Amazon Simple Notification Service (SNS) is a fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. Using Amazon SNS topics, your publisher systems can fan out messages to a large number of subscriber endpoints for parallel processing, including AWS Lambda functions, and HTTP/S webhooks. Additionally, SNS can be used to fan out notifications to end users using mobile push, SMS, and email.
What do you gain from setting up consolidated billing for five different AWS accounts under another master account?
A.AWS services cost will be reduced to half the original price
B.The consolidated billing feature is just for organizational purposes
C.Each AWS account gets five times the free-tier services capacity
D.Each AWS account gets volume discounts
D.Each AWS account gets volume discounts
AWS consolidated billing enables an organization to consolidate payments for multiple AWS accounts within a single organization by making a single paying account. For billing purposes, AWS treats all the accounts on the consolidated bill as one account. Some services, such as Amazon EC2 and Amazon S3 have volume pricing tiers across certain usage dimensions that give the user lower prices when they use the service more. For example if you use 50 TB in each account you would normally be charged $23 *50*3 (because they are 3 different accounts), But with consolidated billing you would be charged $23*50+$22*50*2 (because they are treated as one account) which means that you would save $100.
HOW IT WORKS
After you create an organization and verify that you own the email address associated with the master (management) account, you can invite existing AWS accounts to join your organization. When you invite an account, the AWS Organizations service sends an invitation to the account owner, who decides whether to accept or decline the invitation. If they accept, their account becomes a member of that organization. At the moment an account accepts the invitation to join an organization, the master account of the organization becomes liable for all charges accrued by the new member account. The payment method attached to the member account is no longer used. Instead, the payment method attached to the master account of the organization pays for all charges accrued by the member account.
What is the AWS service that provides a virtual network dedicated to your AWS account? A.AWS Dedicated Hosts B.AWS VPN C.Amazon VPC D.AWS Subnets
C.Amazon VPC
Explanation:
Amazon Virtual Private Cloud (Amazon VPC) allows you to carve out a portion of the AWS Cloud that is dedicated to your AWS account. Amazon VPC enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
The other options are incorrect:
“AWS Dedicated Hosts” is incorrect. An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts can save you money by enabling you to leverage your existing server-bound software license investments (e.g., Windows Server, Windows SQL Server, and SUSE Linux Enterprise Server) within EC2, subject to your license terms. Dedicated Hosts also give you more flexibility, visibility, and control over the placement of instances on dedicated hardware. This makes it easier to ensure you deploy your instances in a way that meets your compliance and regulatory requirements.
“AWS VPN” is incorrect. AWS Virtual Private Network (AWS VPN) allows you to establish a secure and private tunnel from your network or device to the AWS global network.
“AWS Subnets” is incorrect. A subnet is a range of IP addresses within a VPC.
You want to run a questionnaire application for only one day (without interruption), which Amazon EC2 purchase option should you use? A.Spot instances B.Reserved instances C.Dedicated instances D.On-demand instances
D.On-demand instances
Explanation:
With On-Demand instances, you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments. You can increase or decrease your compute capacity depending on the demands of your application and only pay for what you use.
The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. On-Demand instances also remove the need to buy “safety net” capacity to handle periodic traffic spikes.
The other options are incorrect:
“Reserved instances” is incorrect. Reserved instances are not appropriate in this case because the shortest reservation length is one year.
“Spot instances” is incorrect. Spot instances is not the right choice because the application must run without interruption.
“Dedicated instances” is incorrect. Dedicated instances can be used if you require your instance be physically isolated at the host hardware level from instances that belong to other AWS accounts.
According to the AWS Acceptable Use Policy, which of the following statements is true regarding penetration testing of EC2 instances?
A.The AWS customers are only allowed to perform penetration testing on services managed by AWS
B.Penetration testing can be performed by the customer on their own instances without prior authorization from AWS
C.Penetration testing is performed automatically by AWS to determine vulnerabilities in your AWS infrastructure
D.Penetration testing is now allowed in AWS
B.Penetration testing can be performed by the customer on their own instances without prior authorization from AWS
Explanation
AWS customers are welcome to carry out security assessments and penetration tests against their AWS infrastructure without prior approval for 8 services:
1- Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers.
2- Amazon RDS.
3- Amazon CloudFront.
4- Amazon Aurora.
5- Amazon API Gateways.
6- AWS Lambda and Lambda Edge functions.
7- Amazon Lightsail resources.
8- Amazon Elastic Beanstalk environments.
The other options are incorrect.
“Penetration testing is performed automatically by AWS to determine vulnerabilities in your AWS infrastructure” is incorrect. The AWS customers are responsible for performing penetration tests against their AWS infrastructure.
“Penetration testing is not allowed in AWS” is incorrect. AWS customers are allowed to perform penetration tests against their AWS infrastructure, but they must ensure that their activities are aligned with AWS policies.
“The AWS customers are only allowed to perform penetration testing on services managed by AWS” is incorrect. AWS customers are allowed to perform penetration testing on both AWS-managed services such as Amazon RDS and customer-managed services such as Amazon EC2.
Additional information:
The difference between AWS-managed services and customer-managed services:
For AWS-managed services such as Amazon RDS and Amazon DynamoDB, AWS is responsible for performing all the operations needed to keep the service running.
The AWS-managed services automate time-consuming administration tasks such as hardware provisioning, software setup, patching and backups. The AWS-managed services free customers to focus on their applications so they can give them the fast performance, high availability, security and compatibility they need.
Examples of AWS-managed services include Amazon RDS, Amazon DynamoDB, Amazon Redshift, Amazon WorkSpaces, Amazon CloudFront, Amazon CloudSearch, and several other services.
On the other hand, customer-managed services are services that are completely managed by the customer. For example, a service such as Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS) and, as such, requires the customer to perform all of the necessary security configuration and management tasks. Customers that deploy an Amazon EC2 instance are responsible for the management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance.
Examples of customer-managed services include Amazon Elastic Compute Cloud (Amazon EC2), Amazon Virtual Private Cloud (Amazon VPC), and AWS Identity And Access Management (AWS IAM).
Which of the following is not a benefit of Amazon S3? (Choose TWO)
A.Amazon S3 provides 99.999999999% of data durability
B.Amazon S3 can run any type of application or backend system
C.Amazon S3 stores any number of objects, but with object size limits
D.Amazon S3 provides unlimited storage for any type of data
E.Amazon S3 can be scaled manually to store and retrieve any amount of data from anywhere
B.Amazon S3 can run any type of application or backend system
E.Amazon S3 can be scaled manually to store and retrieve any amount of data from anywhere
Explanation:
“Amazon S3 can run any type of application or backend system” is not a benefit of S3 and thus is a correct answer. Amazon S3 is a storage service not a compute service.
“Amazon S3 can be scaled manually to store and retrieve any amount of data from anywhere” is not a benefit of S3 and thus is a correct answer. Amazon S3 scales automatically to store and retrieve any amount of data from anywhere.
Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere – web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It’s a simple storage service that offers highly available, and infinitely scalable data storage infrastructure at very low costs. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry. S3 provides comprehensive security and compliance capabilities that meet even the most stringent regulatory requirements. It gives customers flexibility in the way they manage data for cost optimization, access control, and compliance. S3 provides query-in-place functionality, allowing you to run powerful analytics directly on your data at rest in S3. And Amazon S3 is the most supported cloud storage service available, with integration from the largest community of third-party solutions, systems integrator partners, and other AWS services. Amazon S3 stores any number of objects, but each object does have a size limitation. Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes.
A company is deploying a new two-tier web application in AWS. Where should the most frequently accessed data be stored so that the application’s response time is optimal? A.AWS Storage Gateway B.Amazon EBS volume C.Amazon ElastiCache D.AWS OpsWorks
C.Amazon ElastiCache
Explanation:
Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases.
The primary purpose of an in-memory data store is to provide ultrafast (submillisecond latency) and inexpensive access to copies of data. Querying a database is always slower and more expensive than locating a copy of that data in a cache. Some database queries are especially expensive to perform. An example is queries that involve joins across multiple tables or queries with intensive calculations. By caching (storing) such query results, you pay the price of the query only once. Then you can quickly retrieve the data multiple times without having to re-execute the query.
The other options are incorrect:
“AWS Storage Gateway” is incorrect. AWS Storage Gateway is not a caching service, it is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage.
“Amazon EBS volume” is incorrect. An Amazon EBS volume is a durable, block-level storage device that you can attach to a single EC2 instance. You can use EBS volumes as primary storage for data that requires frequent updates, such as the system drive for an instance or storage for a database application. You can also use them for throughput-intensive applications that perform continuous disk scans.
“AWS OpsWorks” is incorrect. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.
A company is introducing a new product to their customers, and is expecting a surge in traffic to their web application. As part of their Enterprise Support plan, which of the following provides the company with architectural and scaling guidance? A.AWS Personal Health Dashboard B.AWS Support Concierge Service C.AWS SUpport API D.Infrastructure Event Management
D.Infrastructure Event Management
Explanation:
AWS Infrastructure Event Management is a short-term engagement with AWS Support, included in the Enterprise-level Support product offering, and available for additional purchase for Business-level Support subscribers. AWS Infrastructure Event Management partners with your technical and project resources to gain a deep understanding of your use case and provide architectural and scaling guidance for an event. Common use-case examples for AWS Event Management include advertising launches, new product launches, and infrastructure migrations to AWS.
The other options are incorrect:
“AWS Personal Health Dashboard” is incorrect. AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.
AWS Support API is incorrect. The AWS Support API provides access to some of the features of the AWS Support Center via an API.
AWS Support Concierge Service is incorrect. AWS Support Concierge Service assists customers with account and billing inquiries.
You have deployed your application on multiple Amazon EC2 instances. Your customers complain that sometimes they can’t reach your application. Which AWS service allows you to monitor the performance of your EC2 instances to assist in troubleshooting these issues? A.AWS Config B.Amazon CloudWatch C.AWS CloudTrail D.AWS Lambda
B.Amazon CloudWatch
Explanation
Amazon CloudWatch is a service that monitors AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate. You can use CloudWatch to detect anomalous behavior in your environments, take automated actions, troubleshoot issues, and discover insights to keep your applications running smoothly.
The other options are incorrect:
“AWS Config” is incorrect. AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. With AWS Config you can discover existing AWS resources, export a complete inventory of your AWS resources with all configuration details, and determine how a resource was configured at any point in time. These capabilities enable compliance auditing, security analysis, and resource change tracking.
“AWS CloudTrail” is incorrect. AWS CloudTrail is an AWS service that can be used to monitor all user interactions with the AWS environment.
“AWS Lambda” is incorrect. AWS Lambda is a serverless compute service.
Which of the following is NOT correct regarding Amazon EC2 On-demand instances?
A.You have to pay a start-up fee when launching a new instance for the first time
B.When using on-demand Linux instances, you are charged per second based on a hourly rate
C.With on-demand instances, no longer-term commitments or upfront payments are needed
A.You have to pay a start-up fee when launching a new instance for the first time
Explanation
There are no startup or termination fees associated with Amazon EC2.
The other options are incorrect:
“The on-demand instances follow the AWS pay-as-you-go pricing model” is incorrect. AWS pay-as-you-go pricing model is similar to how you pay for utilities like water and electricity. With Amazon EC2 on-demand instances, you only pay for the compute capacity you consume, and once you stop using them, there are no additional costs or termination fees.
“With on-demand instances, no longer-term commitments or upfront payments are needed” is incorrect. With On-Demand instances, you pay for compute capacity by the hour or the second depending on which instances you run. No longer-term commitments or upfront payments are needed.
“When using on-demand Linux instances, you are charged per second based on an hourly rate” is incorrect. With per-second billing, you pay for only what you use. It takes cost of unused minutes and seconds in an hour off of the bill, so you can focus on improving your applications instead of maximizing usage to the hour. Especially, if you manage instances running for irregular periods of time, such as dev/testing, data processing, analytics, batch processing and gaming applications, can benefit.
Per-second billing is available for instances launched in:
- On-Demand, Reserved and Spot forms
- All regions and Availability Zones
- Amazon Linux and Ubuntu
In the AWS Shared responsibility Model, which of the following are the responsibility of the customer? (Choose TWO)
A.Configuring network access rules
B.Controlling physical access to compute resources
C.Setting password complexity rules
D.Patching the Network infrastructure
E.Disk disposal
A.Configuring network access rules
C.Setting password complexity rules
Explanation
The customer is responsible for securing their network by configuring Security Groups, Network Access control Lists (Network ACLs), and Routing Tables. The customer is also responsible for setting a password policy on their AWS account that specifies the complexity and mandatory rotation periods for their IAM users' passwords.
The other options are incorrect:
“Disk disposal” is incorrect. Disk disposal ( Storage Device Decommissioning): When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.
“Controlling physical access to compute resources” is incorrect. AWS is responsible for controlling physical access to the data centers.
“Patching the Network infrastructure” is incorrect. Patching the underlying infrastructure is the responsibility of AWS. The customer is responsible for patching the Operating System of their EC2 instances and any software installed on these instances.
