Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

aws certification > AWIT Flashcards > Flashcards

AWIT Flashcards

(202 cards)

Start Studying
1
Q

6 Benefits of Cloud Computing

A

Trade capital expense for variable expense
Benefit from massive economies of scale
Stop guessing capacity
Increase speed and agility
Stop spending money running and maintaining data centers
Go global in minutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Horizontal
Scaling

A

Adding more things. Example: when an EC2 micro instance gets overloaded, auto-scale 3
more to handle the load. AWS excels at this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vertical Scaling

A

Replacing with a larger thing. Example: when an EC2 micro instance gets overloaded,
replace it with an EC2 large instance. This generally requires a reboot that disrupts
workloads.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which AWS service provides the ability to detect inadvertent data leaks of personally identifiable information (PII) and user credential data?
Amazon Macie
AWS Shield
Amazon Inspector
Amazon GuardDuty

A

Amazon Macie
Amazon Macie is the correct answer. Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in Amazon S3, including PII and user credential data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which pricing model will interrupt a running Amazon EC2 instance if capacity becomes temporarily unavailable?
Convertible Reserved Instances
On-Demand Instances
Standard Reserved Instances
Spot Instances

A

Spot Instances is the correct answer. Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. When AWS need to reclaim the capacity you get a 2 minute warning and then your instances are terminated. With all other pricing models your instances will not be terminated by AWS once they are running.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following are NOT features of AWS IAM? (Select TWO)
Identity federation
PCI DSS compliance
Charged for what you use
Logon using local user accounts
Shared access to your AWS account

A

Charged for what you use is the correct answer. You are also not charged for what you use because IAM is free to use.
Logon using local user accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Question 4

Which of the authentication options below can be used to authenticate using AWS APIs? (Select TWO)
Security groups
Server Passwords
Key Pairs
Server Certificates
Access Keys

A

Server Certificates
Access Keys
Server certificates are SSL/TLS certificates that you can use to authenticate with some AWS services.
Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the name for the top-level container used to hold objects within Amazon S3?
Bucket
Folder
Directory
Instance Store

A

Bucket
Amazon S3 is an object-based storage system. You upload your objects into buckets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In which ways does AWS’ pricing model benefit organizations?
Eliminates licensing costs
Reduce the cost of maintaining idle resources
Focus spend on capital expenditure, rather than operational expenditure
Reduces the people cost of application development

A

Reduce the cost of maintaining idle resources
Using AWS you can provision only what you need and adjust resources automatically and elastically. This reduces the amount of resources that are sitting idle which reduces cost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the statements below does NOT characterize cloud computing?
Cloud computing is the on-demand delivery of compute power
With cloud computing you can increase your speed and agility
With cloud computing you get to benefit from massive economies of scale
Cloud computing allows you to swap variable expense for capital expense

A

Cloud computing allows you to swap variable expense for capital expense
Cloud computing is not a one-off capital expense, it is an ongoing operating expense. The caveat to this is that if you purchase reserved capacity you have an option to partially or fully pay upfront. However, it is still an operating cost as you do not own and depreciate the assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which type of AWS data warehouse is ideally suited to analytics using SQL queries?
Amazon RedShift
Amazon RDS
Amazon DynamoDB
Amazon S3

A

Amazon RedShift

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What do you need to log into the AWS console? ?
User name and password
Access key and secret ID
Certificate
Key pair

A

User name and password is the correct answer. You can log into the AWS console using a user name and password. You cannot log in to the AWS console using a key pair, access key & secret ID or certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can a systems administrator specify a script to be run on an EC2 instance during launch?
User Data
AWS Config
Metadata
Run Command

A

AWS Config

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which type of AWS data warehouse is ideally suited to analytics using SQL queries?
Amazon RedShift
Amazon RDS
Amazon DynamoDB
Amazon S3

A

Amazon RedShift

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your company has recently migrated to AWS. How can your CTO monitor the organization’s costs?
AWS Cost Explorer
AWS CloudTrail
AWS Simple Monthly calculator
AWS Consolidated Billing

A

AWS Cost Explorer – enables you to visualize your usage patterns over time and to identify your underlying cost drivers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your organization has offices around the world and some employees travel between offices. How should their accounts be setup?
Create a separate account in IAM within each region in which they will travel
IAM is a global service, just create the users in one place
Set the user account as a “global” account when created
Enable MFA for the accounts

A

IAM is a global service, just create the users in one place is the correct answer. IAM is a global service and all users that are created are able to login to the AWS Management Console from any location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is an example of scaling vertically?
AWS Lambda adding concurrently executing functions
Increasing the instance size with Amazon RDS
Adding read replicas to an Amazon RDS database
AWS Auto Scaling adding more EC2 instances

A

Increasing the instance size with Amazon RDS is the correct answer. A good example of vertical scaling is changing the instance size of an EC2 instance or RDS database to one with more CPU and RAM. All of the other options are examples of scaling horizontally.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You are evaluating AWS services that can assist with creating scalable application environments. Which of the statements below best describes the Elastic Load Balancer service?
A highly available and scalable Domain Name System (DNS) service
Helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application
A network service that provides an alternative to using the Internet to connect customers’ on-premise sites to AWS
Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses

A

Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses is the correct answer. Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the advantages of running a database service such as Amazon RDS in the cloud versus deploying on-premise? (Select TWO)
ou have full control of the operating system and can install your own operational tools
High availability is easier to implement due to built-in functionality for deploying read replicas and multi-AZ
Scalability is improved as it is quicker to implement and there is an abundance of capacity
You can use any database engine or software you like, allowing greater flexibility
There are no costs for replicating data between DBs in different data centers or regions

A

High availability is easier to implement due to built-in functionality for deploying read replicas and multi-AZ is also a correct answer. Amazon RDS allows you to replicate data between AZs and regions so this must be taken into account in any cost analysis.
Scalability is improved as it is quicker to implement and there is an abundance of capacity is a correct answer. The advantages of using Amazon RDS include being able to easily scale by increasing your instance type without having to go through a long procurement cycle for getting new hardware or worrying about whether capacity exists on your existing private cloud infrastructure. You can also implement fault tolerance and scalability features through multi-AZ and read replicas easily

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Based on the shared responsibility model, which of the following security and compliance tasks is AWS responsible for?
Updating Amazon EC2 host firmware
Updating operating systems
Granting access to individuals and services
Encrypting data in transit

A

Updating Amazon EC2 host firmware is the correct answer. AWS are responsible for updating Amazon EC2 host firmware. This is considered “security of the cloud”. All other tasks are the responsibility of the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which AWS service or feature helps restrict the AWS service, resources, and individual API actions the users and roles in each member account can access?
Amazon Cognito
AWS Organizations
AWS Firewall Manager
AWS Shield

A

tbd I think it is AWS Organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Select TWO)
Ensuring that access to data centers is restricted
Ensuring that AWS Network Time Protocol (NTP) servers are set to the correct time
Ensuring that application data is encrypted at rest
Ensuring that data center hardware is disposed of properly
Ensuring that users have received security training in the use of AWS services

A

Ensuring that application data is encrypted at rest is a correct answer. As a customer on AWS you take responsibility for encrypting data. This includes encrypting data at rest and data in transit
Ensuring that users have received security training in the use of AWS services is also a correct answer. It’s also a customer’s responsibility to properly train their staff in security best practices and procedures for the AWS services they use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Under the AWS shared responsibility model, which of the following are customer responsibilities? (Select TWO)
Physical security of data center facilities
Compute capacity availability
Network and firewall configurations
Setting up server-side encryption on an Amazon S3 bucket
Amazon RDS instance patching

A

Network and firewall configurations is also a correct answer. Another security responsibility the customer owns is setting network and firewall configurations. For instance, you must configure Network ACLs and Security Groups, and any operating system-level firewalls on your EC2 instances.
Setting up server-side encryption on an Amazon S3 bucket is a correct answer. As a customer on AWS you take responsibility for encrypting data. This includes encrypting data at rest and data in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which AWS service is designed to be used for operational analytics?
Amazon Elasticsearch Service(OpenSearch)
Amazon EMR
Amazon QuickSight
Amazon Athena

A

Amazon QuickSight

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Where do Amazon Identity and Access Management (IAM) accounts need to be created for a global organization? Create them globally, and then replicate them regionally In each region where the users are located Just create them once, as IAM is a global service In each geographical area where the users are located
Just create them once, as IAM is a global service is the correct answer. IAM is a global service so you only need to create your users once and can then use those user accounts anywhere globally. The other options are all incorrect. as you do not create IAM accounts regionally, replicate them regionally, or create them within geographical areas.
26
Which resource should you use to access AWS security and compliance reports? AWS IAM AWS Artifact AWS Organizations AWS Business Associate Addendum (BAA)
AWS Artifact is the correct answer. AWS Artifact, available in the console, is a self-service audit artifact retrieval portal that provides our customers with on-demand access to AWS’ compliance documentation and AWS agreements.
27
You need to connect your company’s on-premise network into AWS and would like to establish an AWS managed VPN service. Which of the following configuration items needs to be setup on the Amazon VPC side of the connection? A Virtual Private Gateway A Customer Gateway A Firewall A Network Address Translation device
A Virtual Private Gateway is the correct answer. A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection.
28
Which AWS service makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow? AWS Step Functions Amazon SNS Amazon SWF Amazon SES
AWS Step Functions is the correct answer. AWS Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. AWS Step Functions lets you build visual workflows that enable fast translation of business requirements into technical requirements.
29
Which AWS service can serve a static website? AWS X-ray Amazon S3 Amazon Route 53 Amazon QuickSight
Amazon S3 is the correct answer. You can use Amazon S3 to host a static website. On a static website, individual webpages include static content. They might also contain client-side scripts.
30
A startup eCommerce company needs to quickly deliver new website features in an iterative manner, minimizing the time to market. Which AWS Cloud feature allows this? Agility High Availability Elasticity Reliability
Agility is the correct answer. In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes.
31
Which of the following is NOT a best practice for protecting the root user of an AWS account? Remove Administrative permissions Enable MFA Don't share the root user credentials Lock away the AWS root user access keys
Remove administrative permissions is the correct answer. You cannot remove administrative permissions from the root user of an AWS account. Therefore, you must protect the account through creating a complex password, enabling MFA, locking away access keys (assuming they’re even required), and not sharing the account details.
32
What methods are available for scaling an Amazon RDS database? (Select TWO) You can scale out automatically with EC2 Auto Scaling You can scale up by increasing storage capacity You can scale up automatically using AWS Auto Scaling You can scale out by implementing Elastic Load Balancing
You can scale up by moving to a larger instance size is a correct answer. To handle a higher load in your database, you can vertically scale up your master database with a simple push of a button. There are currently over 18 instance sizes that you can choose from when resizing your RDS MySQL, PostgreSQL, MariaDB, Oracle, or Microsoft SQL Server instance.
33
Which service allows you to monitor and troubleshoot systems using system and application log files generated by those systems? CloudTrail Logs CloudWatch Metrics CloudWatch Logs CloudTrail Metrics
CloudWatch Log is the correct answer. Amazon CloudWatch Logs lets you monitor and troubleshoot your systems and applications using your existing system, application and custom log files. CloudWatch Logs can be used for real time application and system monitoring as well as long term log retention.
34
Which AWS support plans provide 24×7 access to customer service? Developer Basic Business All plans
All plans is the correct answer. All support plans provide 24×7 access to customer service, documentation, whitepapers, and support forums.
35
Which AWS security tool uses an agent installed in EC2 instances and assesses applications for vulnerabilities and deviations from best practices? AWS TCO Calculator AWS Trusted Advisor AWS Personal health Dashboard AWS Inspector
AWS Inspector is the correct answer. Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Inspector automatically assesses applications for vulnerabilities or deviations from best practices. Inspector uses an agent installed on EC2 instances.
36
According to the AWS Shared Responsibility Model, which of the following is a shared control? Operating system patching Awareness and training Protection of infrastructure Client-side data encryption
Awareness and training is the correct answer. Shared Controls are controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include patch management, configuration management, and awareness and training.
37
Your manager has asked you to explain the benefits of using IAM groups. Which of the below statements are valid benefits? (Select TWO) Provide the ability to create custom permission policies Enables you to attach IAM permission policies to more than one user at a time You can restrict access to the subnets in your VPC Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users
Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users is a correct answer. Groups are collections of users and have policies attached to them. This enables you to organize groups of users by job function or role and apply relevant policies to the group.
38
Which AWS technology can be referred to as a “virtual hard disk in the cloud”? Amazon ENI Amazon S3 bucket Amazon EBS volume Amazon EFS Filesystem
Amazon EBS volume is the correct answer. An Amazon Elastic Block Store (EBS) volume is often described as a “virtual hard disk in the cloud”. EBS volumes are block-level storage volumes that are attached to EC2 instances much as you would attach a virtual hard disk to a virtual machine in a virtual infrastructure.
39
How can a database administrator reduce operational overhead for a MySQL database? Migrate the database onto an Amazon RDS instance Migrate the database onto an EC2 instance Migrate the database onto AWS Lambda Use AWS CloudFormation to manage operations
Migrate the database onto an Amazon RDS instance
40
Which of the following acts as a virtual firewall at the Amazon EC2 instance level to control traffic for one or more instances? Network Access Control Lists (ACL) Virtual Private gateways(VPG) Route table Security Groups
Security Groups Wrong answer : Virtual private gateways (VPG) is incorrect. A VPG is the Amazon side of an AWS Managed VPN.
41
Which AWS Cloud design principles can help increase reliability? (Select TWO) Automatically recovering from failure Testing recovery procedures Using monolithic architecture Measuring overall efficiency Adopting a consumption model
Automatically recovering from failure is the correct answer. When designing systems, it is also a good practice to implement automatic recovery when possible. This reduces or eliminates the operational burden and potential downtime associated with a failure of a system or application component. Testing recovery procedures is the correct answer. Recovery procedures should always be tested ahead of any outage of disaster recovery situation. This is the only way to be sure your recovery procedures are effective.
42
What type of cloud computing service type do AWS Elastic Beanstalk and Amazon RDS correspond to? Hybrid PaaS IaaS Saas
PaaS is the correct answer. Both Elastic Beanstalk and RDS are services that are managed at the platform level meaning you don’t need to manage the infrastructure level yourself. Therefore, tasks like OS management and patching are performed for you.
43
How can you deploy your EC2 instances so that if a single data center fails you still have instances available? Across Availability Zones Across regions Across subnets Across VPCs
Across Availability Zones is the correct answer. An AZ spans one or more data centers and each AZ is physically isolated from other AZs and connected by high speed networking. If you want to deploy a highly available application you should spread your instances across AZs and they will be resilient to the failure of a single DC
44
What is the easiest way to store a backup of an EBS volume on Amazon S3? Use S3 lifecycle actions to back up the volume Create a snapshot of the volume Use Amazon Kinesis to process the data and store the results in S3 Write a AWS Lambda script to copy the data into a bucket
Create a snapshot of the volume is the correct answer. You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved.
45
Which AWS technology enables you to group resources that share one or more tags? Tag groups Consolidation groups Organization groups Resource groups
Resource groups is the correct answer. You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time.
46
Under the AWS Shared Responsibility Model, who is responsible for what? (Select TWO) AWS is responsible for network and firewall configuration AWS is responsible for networking infrastructure Customers are responsible for networking traffic protection Customers are responsible for edge locations Customers are responsible for compute infrastructure
AWS is responsible for networking infrastructure is also a correct answer. AWS is responsible for networking infrastructure. The underlying networking equipment is maintained by AWS. Customers are responsible for networking traffic protection is a correct answer. Customers are responsible for networking traffic protection. This includes applying encryption and using security groups and Network ACLs.
47
Which of the following statements about AWS’s pay-as-you-go pricing model is correct? It reduces operational expenditures It results in reduced capital expenditures It requires payment up front for AWS services It is relevant only for Amazon EC2, Amazon S3, and Amazon DynamoDB
It results in reduced capital expenditures is the correct answer. The pay-as-you-go pricing model means you only pay for the services and consumption you actually use. You are charged for compute, storage and outbound data transfer. This model reduces capital expenditure as you pay a monthly bill (operational expenditure).
48
Which of the following are examples of horizontal scaling? (Select TWO) Add more instances as demand increases Automatic using services such as AWS Auto Scaling Add more CPU/RAM to existing instances as demand increases Requires a restart to scale up or down Scalability is limited by maximum instance size
Add more instances as demand increases is a correct answer. With horizontal scaling you add more instances to a fleet of instances to service demand as it increases. This can be achieved automatically by using AWS Auto Scaling to add instances in response to CloudWatch performance metrics. Automatic using services such as AWS Auto Scaling is also a correct answer. With vertical scaling you are adding CPU, RAM or storage to an existing instance. This may involve modifying the instance type which typically requires a restart. With vertical scaling on AWS scalability is limited by the maximum instance size.
49
Which AWS service is suitable for an event-driven workload? AWS Elastic Beanstalk Amazon Lumberyard AWS Lambda Amazon EC2
AWS Lambda is the correct answer. AWS Lambda is an event-driven service. For example, you can configure an Amazon S3 bucket with event notifications that trigger an AWS Lambda function when data is uploaded to an S3 bucket.
50
Which type of scaling does Amazon EC2 Auto Scaling provide? Linear Vertical Incremental Horizontal
Horizontal is the correct answer. Amazon EC2 Auto Scaling scales horizontally by adding launching and terminating EC2 instances based on actual demand for your application.
51
How can a company configure automatic, asynchronous copying of objects in Amazon S3 buckets across regions? Using lifecycle actions Using cross-region replication This is done by default by AWS By configuring multi-master replication
Using cross-region replication is the correct answer. Cross-region replication (CRR) enables automatic, asynchronous copying of objects across buckets in different AWS Regions. Buckets configured for cross-region replication can be owned by the same AWS account or by different account
52
According to the AWS Well-Architected Framework, what change management steps should be taken to achieve reliability in the AWS Cloud? (Select TWO) Use Amazon GuardDuty to record API activity to an S3 bucket Use AWS Certificate Manager to create a catalog of approved services Use AWS Config to generate an inventory of AWS resources Use service limits to prevent users from creating or making changes to AWS resources Use AWS CloudTrail to record AWS API calls into an auditable log file
Use AWS CloudTrail to record AWS API calls into an auditable log file is the correct answer. With CloudTrail you can audit who made what API calls on what resources at what time. This can help with identifying changes that cause reliability issues. Use AWS Config to generate an inventory of AWS resources is the correct answer. AWS Config can be used to track the configuration state of your resources and how the state has changed over time.
53
Which of the following are pillars from the five pillars of the AWS Well-Architected Framework? (Select TWO) Confidentiality Economics Resilience Performance efficiency Operational excellence
Performance efficiency & Operational excellence. The five pillars of the AWS Well-Architected Framework are operation excellence, security, reliability, performance efficiency, and cost optimization
54
Which feature of Amazon S3 enables you to create rules to control the transfer of objects between different storage classes? Bucket policies Lifecycle management versioning object sharing
Lifecycle management is the correct answer. To manage your objects so that they are stored cost effectively throughout their lifecycle, configure their Amazon S3 Lifecycle. An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects.
55
What is object sharing
Object sharing refers to the ability to make any object publicly available via a URL.
56
Which AWS service can be used to run Docker containers? AWS Fargate AWS Lambda Amazon AMI Amazon ECR
AWS Fargate AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS).
57
Your manager has asked you to explain some of the security features available in the AWS cloud. How can you describe the function of Amazon CloudHSM? It provides server-side encryption for S3 objects It is a firewall for use with web applications It can be used to generate, use and manage encryption keys in the cloud It is a Public Key Infrastructure (PKI)
It can be used to generate, use and manage encryption keys in the cloud is the correct answer. AWS CloudHSM is a cloud-based hardware security module (HSM) that allows you to easily add secure key storage and high-performance crypto operations to your AWS applications.
58
A web application running on AWS has been received malicious requests from the same set of IP addresses. Which AWS service can help secure the application and block the malicious traffic? AWS WAF AWS IAM Amazon GuardDuty Amazon SNS
AWS WAF is the correct answer. The AWS Web Application Firewall (WAF) is used to protect web applications or APIs against common web exploits. Rules can be created that block traffic based on source IP address.
59
Which AWS database service is schema-less and can be scaled dynamically without incurring downtime? Amazon RedShift Amazon Aurora Amazon DynamoDB Amazon RDS
Amazon DynamoDB is the correct answer. Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Push button scaling means that you can scale the DB at any time without incurring downtime. DynamoDB is schema-less. All other options are SQL type of databases and therefore have a schema. They also rely on EC2 instances so cannot be scaled dynamically without incurring downtime (you have to change instance types).
60
Which AWS Glacier data access option retrieves data from an archive in 1-5 minutes? Express Expedited Accelerated Standard
Expedited is the correct answer. Expedited retrievals allow you to quickly access your data when occasional urgent requests for a subset of archives are required. For all but the largest archives (250 MB+), data accessed using Expedited retrievals are typically made available within 1–5 minutes.
61
According to the AWS Shared Responsibility Model, which of the following is a shared control? Operating system patching Protection of infrastructure Client-side data encryption Awareness and training
Awareness and training is the correct answer. Shared Controls are controls that apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include patch management, configuration management, and awareness and training.
62
What advantages does the AWS cloud provide in relation to cost? (Select TWO) Fine-grained billing One-off payments for on-demand resources Itemized power costs Ability to turn off resources and not pay for them Enterprise licensing discounts
"Fine-grained billing" is a correct answer. "Ability to turn off resources and not pay for them" is also a correct answer. With the AWS cloud you get fine-grained billing and can turn off resources you are not using easily and not have to pay for them (pay for what you use model).
63
Why is AWS more economical than traditional data centers for applications with varying compute workloads? Amazon EC2 costs are billed on a monthly basis Users retain full administrative access to their Amazon EC2 instances Amazon EC2 instances can be launched on demand when needed Users can permanently run enough instances to handle peak workloads
Amazon EC2 instances can be launched on demand when needed" is correct. The ability to launch instances on demand when needed allows users to launch and terminate instances in response to a varying workload. This is a more economical practice than purchasing enough on-premises servers to handle the peak load.
64
Which service provides the ability to simply upload applications and have AWS handle the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring? AWS OpsWorks AWS Elastic Beanstalk Amazon EC2 Amazon EC2 Auto Scaling
AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Developers upload applications and Elastic Beanstalk handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. Considered a Platform as a Service (PaaS) solution. Supports Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker web applications
65
You need to run a production process that will use several EC2 instances and run constantly on an ongoing basis. The process cannot be interrupted or restarted without issue. What EC2 pricing model would be most cost-effective for this workload? On-demand instances Reserved instances Spot instances Flexible instance
Reserved Instance (RIs) is correct. RIs provide you with a significant discount (up to 75%) compared to On-Demand instance pricing. You have the flexibility to change families, OS types, and tenancies while benefitting from RI pricing when you use RIs. In this scenario for a stable process that will run constantly on an ongoing basis RIs will be the most affordable solution.
66
Which services allow you to store files on AWS? (Select TWO) Amazon EFS AWS Lambda Amazon SQS Amazon LightSail Amazon EBS
You can store files on the Elastic File System (EFS). EFS volumes are mounted to the instance using the NFS protocol. You can store files on the Elastic Block Store (EBS). EBS volumes are mounted as block devices to EC2 instances.
67
Which AWS offering enables users to find, buy, and immediately start using software solutions in their AWS environment? AWS OpsWorks AWS SDK AWS Config AWS Marketplace
AWS Marketplace is correct. AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that makes it easy to find, test, buy, and deploy software that runs on AWS.
68
What information must be entered into the AWS TCO Calculator? The number of storage systems in your company The number of applications in your company The number of end users in your company The number of servers in your company
The number of servers in your company
69
Which AWS feature of Amazon EC2 allows an administrator to create a standardized image that can be used for launching new instances? Amazon Machine Image AWS Config AWS Platinum AMI Amazon CloudFormation Template
Amazon Machine Image (AMI) is correct. The purpose of an AMI, whether you create one or buy it from the AWS Marketplace, is to load standardized software onto new EC2 instances you launch.
70
A company wants to utilize a pay as you go cloud model for all of their applications without CAPEX costs and which is highly elastic. Which cloud delivery model will suit them best? Hybrid Private Public On-premises
Public cloud is correct. The public cloud is offered under a purely pay as you go model (unless you choose to reserve), and allows companies to completely avoid CAPEX costs. The public cloud is also highly elastic so companies can grow and shrink the applications as demand changes.
71
What is a graph database ?
Amazon Neptune A non-relational graph database. Graph databases power social networks.
72
What is a data warehouse?
Amazon Redshift A data warehouse. A data warehouse pulls and stores information from many sources in a columnar format and provides the compute to run queries
73
What is Amazon Forecast?
A machine-learning (ML) service that predicts future needs based on current and historical patterns.
74
Amazon EMR
Elastic Map Reduce. Performs big data analysis by splitting up the data, processing the data on Hadoop servers, then combine the results.
75
AWS Lake Formation
Creates and secures data lakes (on S3).
76
AWS Glue
Extract, transform, load (ETL) service. Take big data, clean it, and load it else (like from an S3 data lake to Redshift)
77
Amazon Kinesis
Real-time analysis of data streams. Example: see housing price trends based on changes to listing price across a country.
78
Amazon Elasticsearch Service (Opensearch)
Managed Elasticsearch, an open source service, for operational analytics on your storage, applications, logs, and clickstreams. Performs very fast queries and data visualization
79
Amazon QuickSight
Build custom business intelligence (BI) service dashboards for your customers to use.
80
Amazon Aurora
Amazon’s proprietary relational (SQL) database engine, part of RDS. Tuned to perform and scale best on AWS. Only works with two open source databases: MySQL and PostgreSQL.
81
Amazon DynamoDB
A non-relational (NoSQL) key-value store. These are key-values: Make: Ford Model: Explorer
82
Amazon DocumentDB (with MongoDB compatibility
A non-relational (NoSQL) document store. A document store is basically pages of the same repeating key-values. The most popular document store is MongoDB, hence the “with MongoDB
83
AWS Step Functions
Like SNS, but runs Lambda functions that tell resources what to do (instead of resources sending and listening for notifications)
84
EC2 pricing Model - Dedicated Host
Expensive ($1-$2/hr)! Your EC2 instances will run on servers physically isolated from other AWS customers. Use case: military.
85
EC2 pricing Model - On-Demand Instance
Available 24/7; you can stop or terminate anytime
86
EC2 pricing Model - Standard Reserved Instance
Save up to 75% for 1 or 3 year commitment. Can resell in AWS Marketplace.
87
EC2 pricing Model - Convertible Reserved Instance
Save up to 54% for 1 or 3 year commitment. Can exchange for another Convertible Reserved Instance, for example, changing the instance type.
88
EC2 pricing Model - Spot Instance
Save the most by allowing others to use your compute on 2 hours’ notice Least expensive.
89
Amazon Lightsail
Select a blueprint to automatically launch your pre-configured stack. Easier than Elastic Beanstalk, and does NOT automatically scale. Industry term for this is platform-as-a-service (PaaS)
90
AWS Elastic Beanstalk
Upload a full-stack application code (e.g., Node.js). Elastic Beanstalk reads your code and automatically launches your stack. Automatically scales. Use case: you already built an app and want it up on AWS quickly. Industry term for this is platform-as-a-service (PaaS).
91
Amazon CloudWatch
A running log of how your resources are doing. Review to debug failures. You can set metrics and alarms to monitor operational health and application performance
92
AWS CloudTrail
A running log of API calls. Review to audit who did what, where, and when.
93
AWS Trusted Advisor
Real-time guidance on cost optimization, Performance, Security, Fault Tolerance, Service Limits
94
AWS OpsWorks
Provides managed Chef and Puppet automation platforms to configure your EC2 instances on launch.
95
AWS CloudFormation
Launch multiple AWS resources at once using a code template. Simulate a big org deployment -- with many diverse resources -- quickly. Industry term for this is infrastructure-as-code.
96
AWS Organizations
Do things to multiple (thousands) of AWS accounts at once. (Great for big orgs.) Also create thousands of AWS accounts at once. Manage all the accounts with a single management account. Receive a single consolidated bill, and run savings plans and Cost Explorer across your account. The highest unit of consolidation is an organization. Currently, you cannot manage across different organizations.
97
Amazon Cloudfront
Content delivery network (CDN). Stores content (pictures, videos) in edge locations to make it load faster. Comes with AWS Shield, which protect against DDoS.
98
AWS Shield
Protects against DDoS attacks by rejecting suspicious traffic. On all locations, including edge locations
99
AWS Web Application Firewall (WAF)
Firewall that protects your apps from common web exploits
100
Amazon GuardDuty
Continuous threat detection by analyzing AWS CloudTrial and other logs
101
Amazon Macie
Find and classify sensitive data, such as personally identifiable information (PII). Uses machine learning.
102
Amazon Inspector
Automatically assess applications running on your EC2 instances. Produces list of security findings
103
Amazon Artifact
Download compliance reports (“artifacts”) proving AWS services meet certain standards, like HIPAA or FedRAMP
104
AWS CloudHSM
A hardware security module (HSM) that allows you to generate your own encryption keys, rather than using KMS.
105
Amazon Cognito
Provides sign-in via Apple, Facebook, Google, Amazon, and enterprise identities
106
Permission
A permission is a statement about what you’re allowed or not allowed to do.
107
Policy
A policy is a document that contains multiple permissions.
108
Root user
A root user has full access to everything, and cannot be denied using a permission or policy.
109
IAM user
An IAM user (or just user) starts with no permissions. You assign them permissions.
110
Group
A user can belong to 10 groups. Groups cannot belong to other groups.
111
Which of the statements below is accurate regarding Amazon S3 Buckets?(Select TWO) Bucket names must be unique regionally Bucket names must be unique globally Buckets are replicated globally Buckets can contain other buckets Buckets are region-specific
Bucket names must be unique globally Buckets are region specific
112
Which of the following is a method of backup available in the AWS cloud? Availability zones Amazon Route 53 Alias Record Amazon EBS snapshots Amazon EFS File Systems
Amazon EBS Snapshots is the correct answer. Amazon Elastic Block Store (EBS) is a block-based storage system that provides a “virtual hard disk in the cloud”. You can back up your EBS volumes using snapshots which are point-in-time copies of the data.
113
Which storage type can be mounted using the NFS protocol to many EC2 instances simultaneously? Amazon EBS Amazon S3 Amazon Instance Store Amazon EFS
Amazon EFS is the correct answer. "NFS" stands for network file system. EFS is a fully-managed service that makes it easy to set up and scale file storage in the Amazon Cloud. EFS can concurrently connect 1 to 1000s of EC2 instances, from multiple AZs.
114
What are two gateways offered by AWS Storage Gateway? (Select two) Block Gateway S3 Gateway File Gateway Cached Gateway Tape Gateway
File Gateway is a correct answer. File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3 Tape Gateway is also a correct answer. Tape Gateway is used for backup with popular backup software.
115
What is the most cost-effective Amazon S3 storage tier for data that is not often accessed but requires high availability? Amazon S3 Standard-IA Amazon S3 Standard Amazon S3 One Zone -IA Amazon Glacier
Amazon S3 Standard-IA is the correct answer. S3 Standard-IA is for data that is accessed less frequently, but requires rapid access when needed. S3 Standard-IA offers the high durability, high throughput, and low latency of S3 Standard with 99.9% availability
116
Which AWS service enables hybrid cloud storage between on-premises and the AWS Cloud? Amazon Elastic File System(EFS) Amazon CloudFront AWS Storage Gateway Amazon S3 Cross Region Replication (CRR)
AWS Storage Gateway is the correct answer. The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS Cloud. It seamlessly integrates on-premises enterprise applications and workflows with Amazon’s block and object cloud storage services through industry - standard storage protocols.
117
Which AWS hybrid storage service enables a user’s on-premises applications to seamlessly use AWS Cloud storage? Amazon Connect AWS Backup AWS Direct Connect AWS Storage Gateway
AWS Storage Gateway is the correct answer. AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases.
118
Which service is "exabyte-scale" and moves exabytes of data into AWS? AWS Snowball S3 Cross-Region-Replication (CRR) S3 Transfer Acceleration AWS Snowmobile
AWS Snowmobile is the correct answer. With AWS Snowmobile you can move 100PB per snowmobile. AWS call this an “Exabyte-scale data transfer service”. AWS Snowcone : fits in your mailbox AWS Snowball Edge : a suitcase sized rugged computer AWS Snowmobile: Each carries up to 100PB
119
Which AWS service can be used to host a static website? Amazon s3 AWS CloudFormation Amazon EBS Amazon EFS
Amazon S3 is the correct answer. You can use Amazon S3 to host a static website. On a static website, individual webpages include static content. They might also contain client-side scripts. By contrast, a dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting, but AWS has other resources for hosting dynamic websites.
120
What is AWS CloudFormation?
Launch multiple AWS resources at once using a code template. Simulate a big org deployment -- with many diverse resources -- quickly. Industry term for this is infrastructure-as-code.
121
Which type of gateway can be used to backup VMWare virtual machines directly to AWS? AWS Backup gateway Volume Gateway File Gateway Tape Gateway
AWS Backup gateway File gateway saves on-prem files to S3 Volume gateway saves on-prem server hard disks(think on-prem EBS) to EBS snapshots on S3 Tape Gateway saves on-prem tape backup to S3. Many companies use physical tape to store information. Customers can migrate physical tape to “virtual tape backup library” on S3.
122
Which AWS service allows you to automate and centralize your backups across multiple AWS services? Amazon Backup Service(ABS) Amazon S3 Amazon EBS Snapshots AWS Backup
AWS Backup is the correct answer. AWS Backup enables you to centralize and automate data protection across AWS services. AWS Backup offers a cost-effective, fully managed, policy-based service that further simplifies data protection at scale.
123
Which statements are true about Amazon EBS volumes? (Select TWO) You can attach multiple EBS volumes to an instance EBS volume data is ephemeral and is lost when an instance is stopped EBS volumes are object storage You can attach EBS volumes to multiple instances EBS volumes must be in the same Availability Zone as the instances they are attached to
EBS volumes must be in the same Availability Zone as the instances they are attached to is the correct answer. Amazon EBS volumes are used by EC2 instances for persistent storage. EBS volumes must be in the same AZ as the instances they are attached to. You can attach multiple EBS volumes to an instance You cannot attach an EBS volume to multiple instances (use Elastic File Store instead).
124
An application stores images which will be retrieved infrequently but must be highly available for retrieval. Which is the most cost-effective storage option that meets these requirements? Amazon EFS Amazon S3 Standard Infrequent access Amazon Glacier with expedited retrievals Amazon S3 Standard
Amazon S3 Standard-Infrequent Access
125
Which storage service allows you to connect multiple EC2 instances concurrently using file-level protocols? Amazon EBS Amazon S3 Amazon EFS Amazon Glacier
Amazon EFS is the correct answer. Amazon Elastic File System allows you to connect hundreds or thousands of EC2 instances concurrently and is accessed using the file-level NFS protocol.
126
What are two components of Amazon S3 (Select TWO) Buckets Block devices Objects Directories File Systems
Buckets Objects Objects is also a correct answer. Amazon S3 is an object-based storage system that is accessed using a RESTful API over HTTP(S). It consists of buckets, which are root level folders, and objects, which are the files, images etc. that you upload. The terms directory, file system and block device do not apply to Amazon S3.
127
What is the difference between an EBS volume and an Instance store? Instance store volumes can be used with all EC2 instance types whereas EBS cannot EBS volumes are file-level storage devices whereas Instance store volumes are object-based Instance store volumes are ephemeral whereas EBS volumes are persistent storage EBS volumes are object storage devices whereas Instance store volume are block based
Instance store volumes are ephemeral whereas EBS volumes are persistent storage is the correct answer. EBS-backed means the root volume is an EBS volume and storage is persistent. Instance store-backed means the root volume is an instance store volume and storage is not persistent. Both EBS and Instance store volumes are block-based storage devices. EBS volumes can be used with all EC2 instance types whereas Instance store volumes are more limited in compatibility.
128
Question 5 Using AWS terminology, which items can be created in an Amazon S3 bucket? (Select TWO) Files Folders Tables Queues Objects
Folders Objects is also a correct answer. The Amazon Simple Storage Service (S3) is an object store so you create objects (files, images, video etc.) within buckets. Though it is a flat structure (no hierarchy), you can mimic a hierarchical structure by using folders.
129
A company stores copies of backups on Amazon S3 and requires rapid access but low resiliency (low availability). Which storage class is optimized for these requirements? Amazon S3 Glacier Deep Archive Amazon S3 Standard Amazon S3 One Zone-Infrequent Access Amazon S3 Glacier
Amazon S3 One Zone-Infrequent Access is the correct answer. S3 One Zone-IA is for data that is accessed less frequently, but requires rapid access when needed. Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ and costs 20% less than S3 Standard-IA.
130
What billing timeframes are available for Amazon EC2 on-demand instance(Select TWO) Per minute Per week Per day Per second Per hour
Per Hour Per second With EC2 you are billed either by the second, for some Linux instances, or by the hour for all other instance types.
131
Which service can you use to provision a preconfigured server with little to no AWS experience? AWS Lambda Amazon Elastic Beanstalk Amazon LightSail Amazon EC2
Amazon LightSail is the correct answer. Amazon LightSail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites, web applications, and databases in the cloud. LightSail provides preconfigured virtual private servers (instances) that include everything required to deploy and application or create a database. Deploying a server on LightSail is extremely easy and does not require knowledge of how to configure VPCs, security groups, network ACLs etc.
132
What is the main benefit of the principle of loose coupling?
Reduce interdependencies so a failure in one component does not cascade to other components is the correct answer. As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components.
133
How should an organization deploy an application running on multiple EC2 instances to ensure that a power failure does not cause an application outage?
Launch the EC2 instances into different Availability Zones is the correct answer. If you have multiple EC2 instances that are part of an application, you should deploy them into separate availability zones (AZs). Each AZ has redundant power and is also fed from a different grid. AZs also have low-latency network links which is often advantageous for most applications.
134
Which service can be used for building and integrating loosely-coupled, distributed applications?
Amazon SNS is the correct answer. Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud. Amazon SNS is used for building and integrating loosely-coupled, distributed applications.
135
How are AWS Lambda functions triggered?
Events is the correct answer. AWS Lambda lets you run code as functions without provisioning or managing server. Lambda-based applications (also referred to as serverless applications) are composed of functions triggered by events.
136
How does Amazon EC2 Auto Scaling help with resiliency?
By launching and terminating instances as needed is the correct answer. Amazon EC2 Auto Scaling launches and terminates instances as demand changes. This helps with resiliency and high availability as it can also be set to ensure a minimum number of instances are always available.
137
A company plans to deploy a global commercial application on Amazon EC2 instances. The deployment solution be designed with the highest redundancy and fault tolerance. Based on this situation, how should the EC2 instances be deployed?
Across multiple Availability Zones in two AWS Regions is the correct answer. For maximum redundancy and fault tolerance the application should be deployed in multiple AWS Regions and multiple Availability Zones within each of those regions. This architecture may use Elastic Load Balancers and Amazon Route 53 records to direct traffic to instances. Alternatively, it could use AWS Global Accelerator.
138
Which AWS service provides elastic web-scale cloud computing allowing you to deploy operating system instances?
Amazon EC2 is the correct answer. The Amazon Elastic Compute Cloud (EC2) provides elastic web-scale computing in the cloud allowing you to deploy instances running the Windows and Linux operating systems.
139
Which service allows you to run code as functions without needing to provision or manage servers?
AWS Lambda is the correct answer. AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. Lambda runs your code on high-availability compute infrastructure and performs all the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code and security patch deployment, and code monitoring and logging. All you need to do is supply the code.
140
Which compute service should be used for running a Linux operating system upon which you will install custom software?
Amazon EC2 is the correct answer. Amazon EC2 should be used when you need access to a full operating system instance that you can manage.
141
What are the fundamental charges for an Amazon EC2 instance? (Select TWO)
Data storage is a correct answer. When using EC2 instances you are charged for the compute uptime of the instance based on the family and type you chose. You are also charged for the amount of data provisioned.
142
Where can resources be launched when configuring Amazon EC2 Auto Scaling?
Multiple AZs within a Region is the correct answer. Amazon EC2 Auto Scaling is configured within the EC2 console and can launch instances within a VPC across multiple AZs. It cannot launch resources into another AWS Region.
143
To reduce the price of your Amazon EC2 instances, which term lengths are available for reserved instances? (Select TWO)
3 years is also a correct answer. Reserved instances provide significant discounts, up to 75% compared to On-Demand pricing, by paying for capacity ahead of time. They are good for applications that have predictable usage, that need reserved capacity, and for customers who can commit to a 1 or 3-year term.
144
Which of the below are good use cases for a specific Amazon EC2 pricing model? (Select TWO)
Reserved instances for steady state predictable usage is a correct answer. On-demand for ad-hoc requirements that cannot be interrupted is also a correct answer. Typical use cases for the pricing models listed are: On-demand: Good for users that want the low cost and flexibility of EC2 without any up-front payment or long-term commitment. Applications with short term, spiky, or unpredictable workloads that cannot be interrupted. Reserved: Applications with steady state or predictable usage or that require reserved capacity. Spot: Applications that have flexible start and end times and that are only feasible at very low compute prices. May be terminated by AWS. Dedicated hosts: Useful for regulatory requirements that may not support multi-tenant virtualization. Great for licensing which does not support multi-tenancy or cloud deployments.
145
What technology enables compute capacity to adjust as loads change?
Auto Scaling is the correct answer. Auto Scaling allows the dynamic adjustment of provisioned resources based on demand. For instance, you can use Amazon EC2 Auto Scaling to launch additional EC2 instances when CloudWatch metrics report the CPU utilization has reached a certain threshold.
146
You need to implement a hosted queue for storing messages in transit between application servers. Which service should you use?
Amazon SQS is a correct answer. Amazon Simple Queue Service (Amazon SQS) is a web service that gives you access to message queues that store messages waiting to be processed. SQS offers a reliable, highly-scalable, hosted queue for storing messages in transit between computers. SQS is used for distributed/decoupled application.
147
You need to ensure you have the right amount of compute available to service demand. Which AWS service can automatically scale the number of EC2 instances for your application?
Amazon EC2 Auto Scaling is the correct answer. Auto Scaling automates the process of adding (scaling up) or removing (scaling down) EC2 instances based on the traffic demand for your application.
148
What method can you use to take a backup of an Amazon EC2 instance using AWS tools?
Take a snapshot to capture the point-in-time state of the instance is the correct answer. You can take snapshots of EC2 instances which creates a point-in-time copy of the instance. You can centralize taking snapshots across many EC2 instances using AWS Backup. If you make periodic snapshots of a volume, the snapshots are incremental, which means that only the blocks on the device that have changed after your last snapshot are saved in the new snapshot.
149
What strategy can assist with allocating metadata to AWS resources for cost tracking and visibility?
Tagging is the correct answer. AWS allows customers to assign metadata to their AWS resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources. AWS Cost Explorer and detailed billing reports support the ability to break down AWS costs by tag.
150
Which service can be used to create sophisticated, interactive graph applications?
Amazon Neptune is the correct answer. Amazon Neptune is a fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. With Amazon Neptune, you can create sophisticated, interactive graph applications that can query billions of relationships in milliseconds.
151
What you use the AWS Total Cost of Ownership (TCO) Calculator for?
Estimate savings when comparing the AWS Cloud to an on-premises environment is the correct answer. The TCO calculators allow you to estimate the cost savings when using AWS, compared to on-premises, and provide a detailed set of reports that can be used in executive presentations. The calculators also give you the option to modify assumptions that best meet your business needs.
152
How can an organization compare the cost of running applications in an on-premises environment against the AWS cloud?
TCO Calculator is the correct answer. The TCO calculator is a free tool provided by AWS that allows you to estimate the cost savings of using the AWS Cloud vs. using an on-premises data center.
153
Which of the below is a fully managed Amazon search service based on open source software that allows you to collect analytics on your customers, such as clickstreams, at scale?
Amazon Elasticsearch (renamed Opensearch in mid-2021) is the correct answer. Amazon Elasticsearch Service is a fully managed service that makes it easy for you to deploy, secure, operate, and scale Elasticsearch to search, analyze, and visualize data in real-time. Elasticsearch is based on open source software.
154
Which AWS service can be used to process a large amount of data using the Hadoop framework?
Amazon EMR is the correct answer. Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances.
155
Which AWS database service provides a fully managed data warehouse that can be analyzed using SQL tools and business intelligence tools?
Amazon RedShift is the correct answer. Amazon RedShift is a fully managed data warehouse service designed to handle petabytes of data for analysis. Data can be analyzed with standard SQL tools and business intelligence tools. RedShift allows you to run complex analytic queries against petabytes of structured data.
156
Which AWS service can you use to install a third-party database?
Amazon EC2
157
Which Amazon RDS deployment type is best used to enable fault tolerance in the event of the failure of an availability zone?
Multiple Availability Zones is the correct answer. Multi AZ provides a mechanism to failover the RDS database to another synchronously replicated copy in the event of the failure of an AZ. The endpoint address for the RDS instances gets remapped to the standby instance.
158
An solutions architect needs to compare the cost of deploying an on-premise web server and an EC2 instance on the AWS cloud. Which tool can be used to assist the solutions architect?
AWS TCO Calculator is the correct answer. The TCO calculator is a free tool provided by AWS that allows you to estimate the cost savings of using the AWS Cloud vs. using an on-premised data center.
159
Which of the following need to be included in a total cost of ownership (TCO) analysis? (Select TWO)
Facility equipment installation Data center security costs Data center security costs is also a correct answer. To perform a TCO you need to document all of the costs you’re incurring today to run your IT operations. That includes facilities equipment installation and data center security costs. That way you get to compare the full cost of running your IT on-premises today, to running it in the cloud.
160
Which tool enables you to visualize your usage patterns over time and to identify your underlying cost drivers?
AWS Cost Explorer is the correct answer. The AWS Cost Explorer is a free tool that allows you to view charts of your costs. You can view cost data for the past 13 months and forecast how much you are likely to spend over the next three months. Cost Explorer can be used to discover patterns in how much you spend on AWS resources over time and to identify cost problem area.
161
What is a benefit of moving an on-premises database to Amazon Relational Database Service (RDS)?
There is no need to manage operating systems is the correct answer. With Amazon RDS, which is a managed service, you do not need to manage operating systems like you would by running a database on an operating system on an Amazon EC2 instance. This reduces operational costs.
162
What database service is fully managed and gives you the option of running both propriety and open-source engines?
Amazon RDS is correct. RDS gives you the option to run both propriety (e.g., Oracle, Microsoft SQL Server) and open-source (e.g., MySQL, PostgreSQL) database engines.
163
Which types of pricing policies does AWS offer? (Select TWO)
Pay-as-you-go Global usage discounts
164
Which service can be added in front of a database to provide improved performance for the most popular customer requests?
Amazon ElastiCache is the correct answer. Amazon ElastiCache provides in-memory caching which improves performance for read requests when the data is cached in ElastiCache. ElastiCache can be placed in front of your database.
165
Which AWS service would simplify the migration of a database to AWS?
AWS Database Migration Service (AWS DMS) is correct. AWS DMS helps users migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. AWS DMS can migrate data to and from most widely used commercial and open-source databases.
166
How can a company separate costs for storage, Amazon EC2, Amazon S3, and other AWS services by department?
Add department-specific tags to each resource" is the correct answer. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report, to make it easier for you to categorize and track your AWS costs.
167
Which AWS database service is schema-less and can be scaled dynamically without incurring downtime?
Recall from Gordon's lecture that SQL databases have schemas (he showed you Airbnb's schemas). DynamoDB is the only NoSQL database service answer choice, and also the correct choice.
168
How can a database administrator reduce operational overhead for a MySQL database?
Migrate the database onto an Amazon RDS instance
169
How does the consolidated billing feature of AWS Organizations treat Reserved Instances that were purchased by another account in the organization?
All accounts in the organization are treated as one account so any account can receive the hourly cost benefit is the correct answer. For billing purposes, the consolidated billing feature of AWS Organizations treats all the accounts in the organization as one account. This means that all accounts in the organization can receive the hourly cost benefit of Reserved Instances that are purchased by any other account.
170
Which tool can be used to create alerts when the actual or forecasted cost of AWS services exceed a certain threshold?
AWS Budgets
171
What is a Resource Group?
A collection of resources that share one or more tags is the correct answer. A resource group is a collection of resources that share one or more tags or portions of tags. To create a resource group, you simply identify the tags that contain the items that members of the group should have in common.
172
Which AWS service is primarily used for software version control?
AWS CodeCommit is the correct answer. AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem.
173
Which AWS service can an organization use to automate operational tasks on EC2 instances using existing Chef cookbooks?
AWS OpsWorks
174
Which feature of Amazon Rekognition can assist with saving time?
Identification of objects in images and videos is the correct answer. Amazon Rekognition makes it easy to add image and video analysis to your applications. You just provide an image or video to the Rekognition API, and the service can identify the objects, people, text, scenes, and activities, as well as detect any inappropriate content.
175
Which service would be used to send alerts based on Amazon CloudWatch alarms?
Amazon SNS is correct. Amazon SNS and Amazon CloudWatch are integrated so users can collect, view, and analyze metrics for every active SNS. Once users have configured CloudWatch for Amazon SNS, they can gain better insight into the performance of their Amazon SNS topics, push notifications, and SMS deliveries.
176
Which tool can be used to create and manage a selection of AWS services that are approved for use on AWS?
AWS Service Catalog is the correct answer. AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures.
177
A company would like to maximize their potential volume and Reserved Instance discounts across multiple accounts and also apply service control policies on member accounts. Which service or tool can they use to gain these benefits?
AWS Organizations is the correct answer. AWS Organizations enables you to create groups of AWS accounts and then centrally manage policies across those accounts. AWS Organizations provides consolidated billing in both feature sets, which allows you set up a single payment method in the organization’s management account and still receive an invoice for individual activity in each member account. Volume pricing discounts can be applied to resources.
178
Which service can identify the user that made the API call when an Amazon EC2 instance is terminated?
AWS CloudTrail is correct. AWS CloudTrail helps users enable governance, compliance, and operational and risk auditing of their AWS accounts. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface (CLI), and AWS SDKs and APIs.
179
Which service provides visibility into user activity by recording actions taken on your account?
Amazon CloudTrail is the correct answer. CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail records API activity. CloudTrail is used for auditing whereas CloudWatch is used for performance monitoring.
180
Which AWS service allows you to automate the evaluation of recorded configurations against desired configuration?
AWS Config is the correct answer. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
181
You are concerned that you may be getting close to some of the default service limits for several AWS services. What AWS tool can be used to display current usage and limits?
AWS Trusted Advisor is the correct answer. Trusted Advisor is an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. Trusted Advisor provides real time guidance to help you provision your resources following AWS best practices. Offers a Service Limits check (in the Performance category) that displays your usage and limits for some aspects of some services.
182
What types of monitoring can Amazon CloudWatch be used for? (Select TWO)
Application performance Application performance is also a correct answer. Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch performs performance monitoring and can monitor custom metrics generated by applications and the operational health of your AWS resources
183
Which service can be used to easily create multiple accounts?
AWS Organizations is the correct answer. AWS Organizations can be used for automating AWS account creation via the Organizations API.
184
A manager needs to keep a check on his AWS spend. How can the manager setup alarm that notify him when his bill reaches a certain amount?
Using Amazon CloudWatch
185
Which service can be used to track the CPU usage of an EC2 instance?
Amazon CloudWatch
186
Which AWS service should a Cloud Practitioner use to automate configuration management using Puppet?
AWS OpsWorks is the correct answer. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.
187
Which cloud computing model gives the IT department the highest level of flexibility and management control?
Infrastructure as a Service (IaaS) is the correct answer. With IaaS the IT department have the most flexibility and management control over resources as only the infrastructure layer is provided by the Cloud Provider.
188
Which AWS services can be used as infrastructure automation tools?
AWS CloudFormation AWS OpsWorks AWS CloudFormation is a correct answer. AWS CloudFormation provides a common language for you to model and provision AWS and third-party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. AWS OpsWorks is also a correct answer. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.
189
Which AWS service uses a highly secure hardware storage device to store encryption keys?
AWS CloudHSM is the correct answer. AWS CloudHSM is a cloud-based hardware security module (HSM) that allows you to easily add secure key storage and high-performance crypto operations to your AWS applications
190
What is the scope of an Amazon Virtual Private Cloud (VPC)?
It spans all Availability Zones within a region is the correct answer. A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. A VPC spans all the Availability Zones in the region.
191
What does an organization need to do to move to another AWS Region?
Just start deploying resources in the additional region is the correct answer. You don’t need to do anything except start deploying resources in the new region. With the AWS cloud you can use any region around the world at any time. There is no need for a separate account, and IAM is a global service.
192
Which of the following are AWS recommended best practices in relation to IAM? (Select TWO)
Enable multi-factor authentication (MFA) for all users
193
To ensure the security of your AWS account, what are two AWS best practices for managing access keys? (Select TWO)
Don’t generate an access key for the root account user Where possible, use IAM roles with temporary security credentials is also a correct answer. Best practices include: (1) Don’t generate an access key for the root account user. (2) Use Temporary Security Credentials (IAM Roles) Instead of Long-Term Access Keys. (3) Manage IAM User Access Keys Properly.
194
Which items can be configured from within the VPC management console? (Select TWO)
Security Groups is the correct answer. The other responses are not related to security.
195
Under the AWS shared responsibility model what is AWS responsible for? (Select TWO)
Replacement and disposal of disk drives is the correct answer. AWS are responsible for items such as the physical security of the DC, replacement of old disk drives, and patch management of the infrastructure. Customers are responsible for items such as configuring security groups, network ACLs, patching their operating systems and encrypting their data. Physical security of the data center is the correct answer.
196
A security operations engineer needs to implement threat detection and monitoring for malicious or unauthorized behavior. Which service should be used?
AWS GuardDuty is the correct answer. Amazon GuardDuty offers threat detection and continuous security monitoring for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.
197
Which AWS service can assist with providing recommended actions on cost optimization?
Trusted Advisor is correct. Trusted Advisor is an online resource from AWS Support that helps you reduce cost, increase performance and improve security by optimizing your AWS environment.
198
How can Coursera ensure their video courses play with minimal latency for their users around the world?
Use Amazon CloudFront is correct. Amazon CloudFront is a content delivery network (CDN) that enables you to cache content in Edge Locations that are located around the world. This brings your media closer to your end users which reduces latency and improves the user experience.
199
How can an organization assess applications for vulnerabilities and deviations from best practice?
Use AWS Inspector is the correct answer. Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Inspector automatically assesses applications for vulnerabilities or deviations from best practices.
200
Which document can you create to grant read/write access to an Amazon S3 bucket?
IAM Policy is the correct answer. Identity and access management (IAM) Policies are documents that define permissions and can be applied to users, groups and roles. IAM policies can be written to grant access to Amazon S3 buckets.
201
Where can a user find information about prohibited actions on the AWS infrastructure?
The AWS Acceptable Use Policy provides information regarding prohibited actions on the AWS infrastructure.
202
Which AWS service gives you centralized control over the encryption keys used to protect your data?
AWS KMS is the correct answer. AWS Key Management Service gives you centralized control over the encryption keys used to protect your data. You can create, import, rotate, disable, delete, define usage policies for, and audit the use of encryption keys used to encrypt your data.

aws certification (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions