AWS CCP

Question 1

Provide you with a significant discount (up to 54%) compared to On-Demand Instances and can be purchased for a 1-year or 3-year term. Good if you need additional flexibility, such as the ability to use different instance families, operating systems, or tenancies over the Reserved Instance term.

Answer 1

Convertible Reserved Instances (RI)

Question 2

A highly available and scalable cloud Domain Name System (DNS) web service in AWS

Answer 2

Route 53

Question 3

Customer is responsible for

Answer 3

Service and Communications Protection or Zone Security

Question 4

Shared responsibilities are

Answer 4

– Patch Management: AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.

– Configuration Management: AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.

– Awareness & Training: AWS trains AWS employees, but a customer must train their own employees.

Question 5

AWS is responsible for

Answer 5

Physical and Environmental controls

Question 6

Professional services firms that help customers of all sizes design, architect, migrate, or build new applications on AWS. They include System Integrators (SIs), Strategic Consultancies, Resellers, Digital Agencies, Managed Service Providers (MSPs), and Value-Added Resellers (VARs).

Answer 6

APN Consulting Partners

Question 7

Provide software solutions that are either hosted on or integrated with the AWS platform. They include Independent Software Vendors (ISVs), SaaS, PaaS, developer tools, management, and security vendors.

Answer 7

APN Technology Partners

Question 8

Which service should a company use to centrally manage account policies and consolidate billing across multiple AWS accounts?

Answer 8

AWS Organization

Question 9

Gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. Also lets you set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define.

Answer 9

AWS Budget

Question 10

Which service should you use if you need a scalable, fast, and flexible non-relational database service

Answer 10

DynamoDB

Question 11

A suitable service to use to store static content (high-resolution images, videos, and other static files)

Answer 11

Amazon S3

Question 12

Which of the following is an advantage of using managed services like RDS, ElastiCache, and CloudSearch in AWS?

Answer 12

Simplifies all of your OS patching and backup activities to help keep your resources current and secure

Question 13

Amazon [ ] offers fully managed Redis and Memcached. Seamlessly deploy, run, and scale popular open-source compatible in-memory data stores. Build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. Amazon [ ] is a popular choice for Gaming, Ad-Tech, Financial Services, Healthcare, and IoT apps You no longer need to perform management tasks such as hardware provisioning, software patching, setup, configuration, monitoring, failure recovery, and backups. [ ] continuously monitors your clusters to keep your workloads up and running so that you can focus on higher-value application development.

Answer 13

Elasticache

Question 14

Allows you to easily undo mistakes on your database. If you mistakenly perform a destructive action, such as a DELETE without a WHERE clause, you can backtrack the DB cluster to a time before the destructive action with minimal interruption of service.

Answer 14

Amazon Aurora Backtrack

Question 15

Store the results of I/O-intensive SQL database queries to improve application performance?

Answer 15

Elasticache

Question 16

Consolidated billing benefits

Answer 16

One bill – You get one bill for multiple accounts.

Easy tracking – You can track the charges across multiple accounts and download the combined cost and usage data.

Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with individual standalone accounts.

No extra fee – Consolidated billing is offered at no additional cost.

Question 17

How can you apply and easily manage the common access permissions to a large number of IAM users in AWS?

Answer 17

Attach the necessary policies or permissions required to a new IAM Group then afterwards, add the IAM Users to the IAM group.

Question 18

Which of the following is a key use case of AWS Control Tower?

Answer 18

An easy way to establish a landing zone that implements an AWS well-architected, multi-account environment and applies the AWS best practices. Easy way to set up and govern a secure and compliant multi-account AWS environment based on best practices

Question 19

With the AWS Cost & Usage Report, you can do the following:

Answer 19

Access comprehensive AWS cost and usage information

– The AWS Cost & Usage Report gives you the ability to delve deeply into your AWS cost and usage data, understand how you are using your AWS implementation, and identify opportunities for optimization.

Track your Amazon EC2 Reserved Instance (RI) usage

– Each line item of usage that receives an RI discount contains information about where the discount was allocated. This makes it easier to trace which instances are benefitting from specific reservations.

Leverage strategic data integrations

– Using the Amazon Athena data integration feature, you can quickly query your cost and usage information using standard SQL queries. You can also upload your data directly into Amazon Redshift or Amazon QuickSight.

Question 20

Which of the following AWS Global Infrastructure components is made up of one or more discrete data centers, each with redundant power, networking, and connectivity and housed in separate facilities?

Answer 20

Availability Zones

Question 21

What is true about RDS

Answer 21

Makes it easy to set up, operate, and scale a relational database

Simplifies the management of time-consuming database administration tasks

Question 22

Which of the following is true on how AWS lessens the time to provision your IT resources?

Answer 22

It provides various ways to programmatically provision IT resources.

Question 23

Five categories of Trust Advisor

Answer 23

Cost Optimization – recommendations that can potentially save you money by highlighting unused resources and opportunities to reduce your bill.

Security – identification of security settings that could make your AWS solution less secure.

Fault Tolerance – recommendations that help increase the resiliency of your AWS solution by highlighting redundancy shortfalls, current service limits, and over-utilized resources.

Performance – recommendations that can help to improve the speed and responsiveness of your applications.

Service Limits – recommendations that will tell you when service usage is more than 80% of the service limit.

Question 24

Four ways to launch a new RDS database cluster

Answer 24

AWS Management Console, AWS CLI, AWS SDK and AWS CloudFormation

Question 25

Which type of Elastic Load Balancer supports path-based routing, host-based routing, and bi-directional communication channels using WebSockets?

Answer 25

Application Load Balancer

Question 26

Which of the following can you use to resolve the connection between your on-premises VPN and your AWS virtual private cloud?

Answer 26

Virtual Private Gateway and Route 53

A customer gateway is an anchor on your side of that connection. It can be a physical or software appliance. The anchor on the AWS side of the VPN connection is called a virtual private gateway.

Question 27

Which of the following Amazon EC2 instance purchasing options can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses?

Answer 27

Dedicated Host

Question 28

AWS Budget

Answer 28

Gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.

CloudWatch Billing Alarm does not allow you to set coverage targets and receive alerts when your utilization drops below the threshold you define.

Question 29

Amazon Simple Storage Service

Answer 29

An object storage service that offers industry-leading scalability, data availability, security, and performance with virtually unlimited storage space

Question 30

EC2 Instance Store

Answer 30

High-performance hardware disk, better I/O performance, good for buffer/cache/scratch data/temporary content.

EC2 Instance Store lose their storage if they’re stopped (if shut down), has a
risk of data loss if hardware fails

Question 31

Which of the following services is capable of inspecting your AWS environment and making recommendations to lower expenditures, improve system performance and reliability, and close security gaps?

Answer 31

AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. It inspects your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps.

Question 32

Which of the following channels shares a collection of offerings to help you achieve specific business outcomes related to enterprise cloud adoption through paid engagements in several specialty practice areas?

Answer 32

AWS Professional Services

Question 33

A fully-managed service that automates time-consuming administration tasks like hardware provisioning, database setup, patching, and backups without any manual intervention from you. Also if you need to launch a highly scalable MySQL OLTP database.

Answer 33

AWS Aurora

Question 34

For security audit purposes, a company needs to download compliance-related documents in AWS such as ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports. Where can they retrieve these files?

Answer 34

AWS Artifact

Question 35

What are the benefits of using Edge locations in AWS?

Answer 35

Improves application performance by delivering content closer to your users

Provides caching which reduces the load on your origin servers

Question 36

AWS Global Service and AWS Zonal Service

Answer 36

Global: IAM, STS, Route 53, CloudFront, and WAF

Zonal: EC2 Instances and EBS Volumes which are tied to the Availability Zone

Regional: All the other

Question 37

CloudEndure Disaster Recovery

Answer 37

A tool that minimizes downtime and data loss by providing fast, reliable recovery of physical, virtual, and cloud-based servers into AWS Cloud. You can also use CloudEndure Disaster Recovery to protect your most critical SQL databases thanks to the continuous replication of your machines into a low-cost staging area in your target AWS account and preferred Region.

Question 38

AWS QuickSight

Answer 38

A business intelligence service for creating visualizations and dashboards.

Question 39

Amazon CloudWatch Logs has the following features

Answer 39

Monitor Logs from Amazon EC2 Instances, Monitor AWS CloudTrail Logged Events, Log Retention, Archive Log Data, and Log Route 53 DNS Queries

Question 40

Serverless services

Answer 40

FAG ASS READLE ASS
* Fargate
* Athena
* Glue

• API Gateway
• Step Function,
• S3
• RedShift
• EFS
• Aurora
• DyanomoDB
• Lambda
• EventBridge
• AppSync
• SQS
• SNS

Question 41

Which service does AWS use to notify you when AWS is experiencing events that may impact you?

Answer 41

AWS Health. AWS Health provides ongoing visibility into your resource performance and the availability of your AWS services and accounts.

Question 42

What is required when launching an EBS-backed EC2 instance?

Answer 42

EBS Root volume, Security Group, and VPC and subnet specification. Elastic IP address is NOT required.

Question 43

What is the most secure way to provide applications temporary access to your AWS resources?

Answer 43

Create an IAM role and have the application assume the role

Question 44

A space agency is using Amazon S3 to store their high-resolution satellite images and videos everyday. Which of the following should they do to minimize the upload time?

Answer 44

Use the Multipart upload API

Question 45

Amazon Kinesis

Answer 45

Used for streaming data in real-time. Amazon Kinesis is the service used to ingest real-time data such as video, audio, application logs, website clickstreams, and IoT telemetry data for machine learning, analytics, and other applications.

Question 46

What services will help you create a highly available and scalable web app in the cloud?

Answer 46

EC2 Auto Scaling and ELB

Question 47

Agility

Answer 47

Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.

Question 48

AWS Server Migration Service

Answer 48

An agentless service that makes it easier and faster for you to migrate thousands of on-premises applications to AWS. This is not the appropriate service to use in migrating your on-premises database. Replaced by Application Migration Service (MGN)

Question 49

IAM Policy Simulator

Answer 49

Use to test and troubleshoot IAM and resource-based policies

Question 50

AWS Penetration Test accepted services are:

Answer 50

REAL CEAL

• RDS
• EC2 instances, NAT Gateways, and Elastic Load Balancers
• API Gateways
• Lambda and Lambda Edge functions
• CloudFront
• Elastic Beanstalk environments
• Aurora
• Lightsail resources

Question 51

AWS Penetration Test prohibited activities are:

Answer 51

– DNS zone walking via Amazon Route 53 Hosted Zones
– Denial of Service (DoS), Distributed Denial of Service (DDoS), Simulated DoS, Simulated DDoS
– Port flooding
– Protocol flooding
– Request flooding (login request flooding, API request flooding)

Question 52

A company needs to troubleshoot an issue on their serverless application which is composed of an API Gateway, Lambda function, and a DynamoDB database. Which service should they use to trace user requests as they travel through their entire application?

Answer 52

AWS X-Ray.

Question 53

How to help prevent accidental bucket deletion

Answer 53

Configure MFA delete on S3

Question 54

Amazon Inspector

Answer 54

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It is for EC2, Container Image, and Lambda.

Question 55

Amazon SQS

Answer 55

Allows you to send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available

Question 56

AWS Directory Service

Answer 56

AWS Directory Service provides multiple ways to use Amazon Cloud Directory and Microsoft Active Directory (AD) with other AWS services.

Question 57

Three ways to connect to EC2

Answer 57

Secure Shell (SSH) – the most common tool to connect to Linux servers.

Session Manager – it is a fully managed AWS Systems Manager capability that lets you manage your EC2 instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS CLI.

EC2 Instance Connect – connect to your Linux instances using a browser-based client.

Question 58

AWS Global Accelerator

Answer 58

AWS Global Accelerator provides you with static IP addresses that serve as a fixed entry point to your applications hosted in one or more AWS Regions. These IP addresses are anycast from AWS edge locations, so they’re announced from multiple AWS edge locations at the same time. This enables traffic to ingress onto the AWS global network as close to your users as possible.

Question 59

A customer needs to organize and consolidate information based on criteria specified in tags or resources in AWS. Which of the following services would you recommend to satisfy this requirement?

Answer 59

Resource Groups

Question 60

AWS Firewall Manager

Answer 60

AWS Firewall Manager is a security management service that allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations.

Question 61

Amazon free services

Answer 61

ABCCIV
A - Auto Scaling Group
B - Beanstalk
C - CloudFormation
C - Consolidated Billing
I - IAM
V - VPC

Question 62

AWS Systems Manager

Answer 62

Gives you visibility and control of your infrastructure on AWS. It provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.

Patching automation and run commands across an entire fleet of servers

Question 63

Amazon Machine Image (AMI)

Answer 63

A backup of an EC2 instance along with all of its EBS volumes. If only a single volume needs to be backed up, you should create EBS Snapshots instead.

Question 64

What feature will allow you to label and sort your EC2 instances according to their deployment stage (development, staging, production)?

Answer 64

Instance tag

Question 65

Which of the following services will be able to reroute traffic to your secondary EC2 instances in another region during disaster recovery?

Answer 65

Amazon Route 53

Question 66

What service allows you to create alarms that notify you when EC2 CPU Utilization thresholds are breached?

Answer 66

Amazon CloudWatch

Question 67

Which of the following services allow you to mask downtime of your application by rerouting your traffic to healthy instances?

Answer 67

Route 53 and ELB

Question 68

You wish to host a static website of your own in AWS at a low cost. Which service should be used for this purpose?

Answer 68

S3 Standard

Question 69

Amazon Cognito

Answer 69

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.

Add user sign-up, sign-in, and access control to your mobile app with a feature that supports sign-in with social identity providers such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. With Amazon Cognito, you also have the option to authenticate users through social identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions, or by using your own identity system. It is an identity management solution for customers/developers building B2C or B2B apps for their customers.

Question 70

When to use Amazon MQ

Answer 70

If your messaging service requires the use of certain protocols

Question 71

When to use Amazon SQS

Answer 71

To transmit any volume of data, at any level of throughput, without losing messages or requiring other services to be available.

To decouple application components so that they run and fail independently, increasing the overall fault tolerance of the system. Multiple copies of every message are stored redundantly across multiple availability zones so that they are available whenever needed.

Question 72

CodeDeploy can deploy application contents that are in

Answer 72

GitHub, S3 buckets, and it can also deploy Lambda functions

Question 73

What is a Puppet

Answer 73

Puppet is an automation platform that allows you to use code to automate the configurations of your servers.

OpsWorks lets you use Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.

Question 74

Which AWS service lets you provision either Windows or Linux desktops in just a few minutes and can scale easily to provide thousands of desktops to workers?

Answer 74

AWS Workspace

Question 75

If you are storing data that must be updated very frequently, you should consider using other services that take into account read and write latencies, such as

Answer 75

EBS volumes, RDS, DynamoDB, EFS, or relational databases running on Amazon EC2.

Read and write latencies can occur if your storage service is not placed within your VPC or in the same Availability Zone of your EC2 instance. This means that it will take some time for your data to be sent over from your server to your data storage. Amazon EBS provides the lowest latency access to data from a single EC2 instance. This is because the EBS volume is directly attached to the EC2 instance and is also located at the same Availability Zone.

Question 76

Which service will allow you to quickly deploy your application into the AWS Cloud without having to build or launch the individual resources yourself?

Answer 76

Elastic Beanstalk. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time.

Question 77

Security group valid rules

Answer 77

Security groups accept IP address, IP address range, and security group ID as either source or destination of inbound or outbound rules.

Question 78

Services that you can use to manage or deploy applications to your servers running on-premises:

Answer 78

OpsWorks – AWS OpsWorks is a configuration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef and Puppet.

CodeDeploy – AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier to rapidly release new features, avoids downtime during application deployment, and handles the complexity of updating applications.

Question 79

Amazon Storage Gateway

Answer 79

It provides a file interface into Amazon Simple Storage Service (Amazon S3) and is a combination of storage service and a virtual software appliance. This service is meant for local software hosted on your on-premises data center which requires connection to S3. It is not meant to serve a fleet of EC2 instances.

Question 80

You have a fleet of on-premises servers that require a centralized scalable and durable file storage. It should be able to support massive parallel access. Which of the following is the most appropriate service to use?

Answer 80

Amazon EFS provides secure access for thousands of connections for Amazon EC2 instances and on-premises servers simultaneously using a traditional file permissions model, file locking capabilities, and hierarchical directory structure via the NFSv4 protocol. Amazon EC2 instances can access your file system across AZs, regions, and VPCs, while on-premises servers can access using AWS Direct Connect or AWS VPN.

Question 81

Amazon Pinpoint

Answer 81

AWS’s digital user engagement service that enables AWS customers to effectively communicate with their end users and measure user engagement across multiple channels including email, Text Messaging (SMS) and Mobile Push Notifications.

Question 82

Which of the following is the most cost-effective service to use if you want to coordinate multiple AWS services into serverless workflows?

Answer 82

AWS Step Functions provides serverless orchestration for modern applications. Orchestration centrally manages a workflow by breaking it into multiple steps, adding flow logic, and tracking the inputs and outputs between the steps.

Question 83

You are planning to deploy a video streaming application with frequently accessed, throughput-intensive workloads to your EC2 instance which requires fast, consistent throughput. What EBS volume type should you use to maximize performance as well as cost?

Answer 83

Throughput Optimized HHD. This volume type is a good fit for large, sequential workloads such as Amazon EMR, ETL, data warehouses, and log processing.

Question 84

Amazon Chime

Answer 84

Amazon Chime is a high-quality communications service that transforms online meetings with an easy-to-use app that works seamlessly across all your devices.

Question 85

Which of the following services allows you to purchase Reserved Instances?

Answer 85

Amazon EC2, Amazon RDS, Amazon ElastiCache, Amazon Redshift, and Amazon DynamoDB.

Question 86

Which service in AWS supports various business intelligence tools such as Apache Spark so that you may perform data transformation workloads (ETL) and analytics at a low cost?

Answer 86

Amazon Elastic MapReduce (EMR). Amazon EMR is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. It utilizes a hosted Apache Hadoop framework running on the web-scale infrastructure of Amazon EC2 and Amazon S3.

Question 87

Which type of Elastic Load Balancer allows you to forward the incoming request to a target group with a Lambda function as a target?

Answer 87

Application Load Balancer. This is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers.

Question 88

Which IAM service is responsible for enforcing privileges and access controls in your AWS environment?

Answer 88

IAM Policy

Question 89

IAM Roles vs Policies

Answer 89

IAM Roles manage who has access to your AWS resources, whereas IAM policies control their permissions.

Question 90

Which of the following AWS well-architected pillars discusses the use of the right computing resources to meet demand levels even as the demand changes and technologies evolve?

Answer 90

Performance Efficiency

Question 91

Operational Excellence

Answer 91

Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures

Question 92

Amazon EBS

Answer 92

General Purpose SSD – Recommended for most workloads; Can be used as system boot volumes; Best for development and test environments

Provisioned IOPS SSD – Meant for critical business applications that require sustained IOPS performance; Best used for large database workloads

Throughput Optimized HDD – Meant for streaming workloads requiring consistent, fast throughput at a low price, big data, data warehouses, and log processing. It cannot be a boot volume

Cold HDD – Meant for throughput-oriented storage for large volumes of data that are infrequently accessed or in scenarios where the lowest storage cost is important. It cannot be a boot volume

Question 93

Which of the following is an example of IaaS in AWS?

Answer 93

EC2

Question 94

Availability Zones are physically separated by a meaningful distance from any other AZ, although all are within 100 km or 60 miles of each other. What is the primary reason why Availability Zones are set up the way they are now?

Answer 94

To keep them as far apart from each other in case of a disaster

Question 95

What is an advantage of cloud computing when it comes to equipment expenditures?

Answer 95

AWS does its best to reduce the cost of its operations and infrastructures each year. This reduction in cost translates to the customer such that the customer also receives lower prices for using AWS resources.

Question 96

A startup is in need of a database that is capable of self-healing and has a high throughput. Which of the following services fits these criteria?

Answer 96

Amazon Aurora storage is also self-healing. Data blocks and disks are continuously scanned for errors and repaired automatically.

Question 97

A MariaDB RDS database is known to have high memory consumption during peak hours which deteriorates the overall performance of your application. What cost-effective change can you introduce to resolve this issue if the database is handling write-intensive operations?

Answer 97

Scale the instance vertically to a higher memory capacity

Question 98

Which of the following RDS engines allows you to bring your own license (BYOL)?

Answer 98

Oracle

Question 99

What AWS service can monitor the compliance status of your AWS resources against a set of compliance guidelines?

Answer 99

AWS Config. Helps with auditing and recording compliance of your AWS resources.

Question 100

Which of the following instances is it better to use IAM roles rather than IAM users?

Answer 100

When you have outside entities that need to perform specific actions in your AWS account

When you want to provide AWS services permissions to do certain actions

Question 101

SOC1

Answer 101

A report on Controls at a Service Organization (CSO) which are relevant to user entities’ internal control over financial reporting.

Question 102

SOC2

Answer 102

Focused more on making sure that systems are set up so they assure security, availability, processing integrity, confidentiality, and privacy of customer data.

Question 103

AWS Cognito

Answer 103

The two main components of Amazon Cognito are user pools and identity pools.

1. User pools – are user directories that provide sign-up and sign-in options for your app users.
2. Identity pools – enable you to grant your users access to other AWS services. You can use identity pools and user pools separately or together.

Question 104

Which of the following provides a collection of technical resources to help you build more effectively and efficiently in the AWS Cloud?

Answer 104

AWS Architecture Center

Question 105

Which of the following benefits do AWS Organizations provide?

Answer 105

Automate AWS account creation and management

Centrally manage policies across multiple AWS accounts

Question 106

A company needs to store frequently accessed data in Amazon S3. How will AWS bill you for storing objects in your S3 buckets?

Answer 106

The rate you are charged depends on your objects’ size (GB), how long you stored the objects during the month, and the storage class.

Question 107

Origin Access Identity

Answer 107

An Origin Access Identity is used for sharing private content through CloudFront. The OAI is a virtual user identity that will be used to give your CloudFront distribution permission to fetch a private object from your origin server. It is replaced by Origin Access Control (OAC)

Question 108

Which of the following is a benefit of using AWS Global Accelerator?

Answer 108

Decreased latency in accessing applications hosted in AWS

Question 109

Which of the following services can establish a connection from your on-premises environment and resources hosted on AWS?

Answer 109

AWS Direct Connect, Site-to-Site

Question 110

VPC Endpoints

Answer 110

Endpoints allow you to connect to AWS Services using a private network instead of the public www network. This gives you enhanced security and lower latency to access AWS services

• VPC Endpoint Gateway: S3 & DynamoDB
• VPC Endpoint Interface: the rest

Question 111

AWS PrivateLink

Answer 111

• Most secure & scalable way to expose a service to 1000s ofVPCs
• Does not require VPC peering, internet gateway, NAT, route tables…
• Requires a network load balancer (Service VPC) and ENI (Customer VPC)

Question 112

Which AWS service provides tracing and monitoring capabilities for your Lambda function?

Answer 112

AWS X-Ray can trace requests made to your serverless applications built using AWS Lambda. It enables you to gain insights into the performance of serverless applications, allowing you to pinpoint the root cause of issues so that you can address them.

Question 113

Amazon Inspector

Answer 113

Amazon Inspector cannot debug, trace, or monitor a Lambda function. It is primarily used to automatically assess applications for exposure, vulnerabilities, and deviations from AWS best practices. It is a security assessment service that helps improve the security and compliance of applications.

Question 114

Which of the following services protects your web applications from application-layer attacks such as SQL injection and cross-site scripting?

Answer 114

AWS Web Application Firewall (WAF) gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define.

Question 115

A developer needs to install their application in Docker containers. Which of the following services eliminates the need to manage containers manually?

Answer 115

Fargate lets you define your application content, networking, storage, and scaling requirements. There is no provisioning, patching, cluster capacity management, or any infrastructure management required.

AWS just runs containers for you based on the CPU / RAM you need.

Question 116

Which of the following AWS services does Amazon EBS use natively for encryption?

Answer 116

Amazon KMS

Question 117

Which AWS team can assist you when your systems are impacted by AWS resources engaging in abusive activities such as phishing, malware, spam, and denial of service (DoS) or distributed denial of service (DDoS) incidents?

Answer 117

AWS Trust & Safety

Question 118

Architecture Support

Answer 118

A team that guides customers on how AWS services fit together to meet a specific architecture, use-case, workload, or application.

Question 119

Which AWS service provides automated reference deployments for key workloads in AWS via CloudFormation templates?

Answer 119

AWS Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately.

Question 120

Which feature will customers have access to by using the AWS Business Support plan?

Answer 120

Architecture support

Question 121

Which of the following cost management capabilities does AWS immediately provide you even before you create your AWS account?

Answer 121

Allows you to estimate your monthly spending in AWS (Pricing Calculator)

Question 122

Which is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy?

Answer 122

CodeBuild

Question 123

Which service lets you create rules to filter web traffic based on conditions that include IP addresses, HTTP headers, or custom URIs?

Answer 123

WAF

Question 124

Which AWS services should you use to upload SSL certificates?

Answer 124

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

You can use IAM as a certificate manager only when you must support HTTPS connections in a region not supported by ACM. IAM securely encrypts your private keys and stores the encrypted version in IAM SSL certificate storage. IAM supports deploying server certificates in all Regions, but you must obtain your certificate from an external provider for use with AWS.

Question 125

Which policy describes prohibited uses of the web services offered by Amazon Web Services?

Answer 125

Acceptable Use Policy

Question 126

Data encryption is automatically enabled for which of the following AWS services?

Answer 126

Amazon S3 Glacier, Storage Gateway

Question 127

How to detect underutilized services

Answer 127

Trusted Advisor and Cost Explorer

Question 128

Reduce costs and improve performance by recommending optimal AWS resources for your workloads. Helps you choose optimal configurations and right- size your workloads (over/under provisioned)

Answer 128

AWS Compute Optimizer

Question 129

AWS Compute Optimizer delivers recommendations for

Answer 129

Selected types of EC2 instances, EC2 Auto Scaling groups, EBS volumes, and Lambda functions.

Question 130

Which of the following AWS services are part of the AWS Foundation services for the Reliability pillar of the Well-Architected Framework in AWS Cloud?

Answer 130

Service Quotas, Trusted Advisor

Question 131

A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task?

Answer 131

With Systems Manager, you can select a resource group and view its recent API activity, resource configuration changes, related notifications, operational alerts, software inventory, and patch compliance status. You can also take action on each resource group depending on your operational needs. Systems Manager provides a central place to view and manage your AWS resources, so you can have complete visibility and control over your operations.