AWS Certified Cloud Practitioner Practice Test Flashcards
According to the AWS Penetration Testing Policy, are customers allowed to perform penetration tests?
YES - Customers can perform Penetration testing on their EC2 instance - According to the AWS Penetration Testing Policy, you can perform Penetration testing on EC2 instances. AWS allows customers to conduct penetration testing on their own EC2 instances to assess the security posture of their applications and environments. However, there are certain guidelines and requirements that need to be followed, such as obtaining prior authorization from AWS, performing testing only on their own resources, and adhering to the rules outlined in the AWS Penetration Testing Policy.
What is AWS Cognito?
Amazon Cognito is a fully managed service that provides authentication, authorization, and user management for web and mobile applications. It supports social identity providers like Facebook and Google, allowing users to sign in using their social media accounts.
With Amazon Cognito, developers can easily integrate user sign-up, sign-in, and access control functionalities into their applications across both web and mobile platforms. It takes care of the authentication process, token management, and user profile management, relieving developers from the complexities of building these features from scratch.
Additionally, Amazon Cognito can be seamlessly integrated with other AWS services, enabling developers to leverage additional functionalities such as secure storage, data synchronization, and user management.
What is AWS WAF?
AWS WAF (Web Application Firewall) is a managed security service that helps protect web applications from common web exploits and malicious traffic. It allows you to define rules and conditions to filter and monitor HTTP and HTTPS requests that flow to your applications. AWS WAF helps mitigate threats such as SQL injection, cross-site scripting (XSS), and distributed denial-of-service (DDoS) attacks, providing an additional layer of security to your web applications deployed on AWS. It does not provide user authentication.
Does RDS have an automated backup feature?
Yes, Amazon RDS makes it easy to go back in time with database snapshots and automated backups. It will automatically back up your database and keep your backup for a retention period that you specify. These backups include all your database transactions, allowing you to restore to any second during your retention period, up to the last five minutes.
Can AWS Global Accelerator be used to provide high performance with low latency to users worldwide?
Yes, It uses the AWS global network infrastructure to route traffic efficiently from the users to the application endpoints, reducing the latency and providing a consistent user experience. By using Global Accelerator, the startup can ensure that user requests are directed to the closest application endpoint, minimizing the network distance and improving the overall performance and response times.
What is AWS Transit Gateway?
AWS Transit Gateway is a fully managed service that simplifies network connectivity by acting as a hub for interconnecting virtual private clouds (VPCs), on-premises networks, and Amazon VPCs. It enables central management of network resources, simplifies routing, and provides a scalable and efficient solution for connecting multiple networks within the AWS ecosystem. AWS Transit Gateway can connect multiple VPCs and on-premises networks.
AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This connection simplifies your network and puts an end to complex peering relationships. Transit Gateway acts as a highly scalable cloud router—each new connection is made only once.
Which AWS service should you use to get a prediction of next month’s bill for the services you use? AWS Cost Explorer, Budgets, or AWS Billing?
AWS Cost Explorer - AWS Cost Explorer provides comprehensive cost visibility and analysis for your AWS resources. It allows you to visualize, understand, and manage your AWS costs effectively. With AWS Cost Explorer, you can access a wide range of cost reports, including forecasted costs. The forecasted costs feature enables you to estimate your expenses for the upcoming month based on historical usage patterns and current resource utilization. It provides valuable insights into how your costs are expected to change and helps you plan your budget accordingly.
By using AWS Cost Explorer’s forecasted costs, you can proactively anticipate and optimize your spending.
AWS Budgets - AWS Budgets is a cost management service that helps you set spending limits and track your AWS resource usage and costs. You can define budgets based on cost, usage, or reservation, and receive alerts when your usage or spending exceeds the defined thresholds.
AWS Billing - AWS Billing manages the billing and invoicing for AWS resources and services. It provides detailed usage reports, cost allocation, and payment options, allowing customers to monitor and manage their AWS expenses efficiently and effectively. It does not provide a prediction for the next month’s bill.
AWS X-Ray
AWS X-Ray allows you to analyze and debug distributed applications, including microservices architectures. It provides end-to-end visibility into the application’s behavior and performance by tracing requests as they flow across services. With X-Ray, you can identify bottlenecks, diagnose performance issues, and understand the dependencies and latency within your application. It helps you pinpoint the root cause of performance problems and optimize your application’s performance. When troubleshooting performance and latency issues in a microservices application running in the AWS cloud, AWS X-Ray is the recommended service.
Amazon Inspector
Amazon Inspector automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure.
Amazon Inspector is a security assessment service that helps you identify security vulnerabilities and compliance violations in your application. It focuses on security assessments.
Support compliance requirements and best practices for NIST CSF, PCI DSS, and other regulations with Amazon Inspector scans.
What is ASW ELASTIC LOAD BALANCER?
Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple targets and virtual appliances in one or more Availability Zones (AZs). It is linked to the HIGH AVAILABILITY concept.
It can also re-route traffic from unhealthy EC2s to healthy ones, running in different availability zones.
Deliver applications with high availability and automatic scaling.
Secure your applications with integrated certificate management, user authentication, and SSL/TLS decryption.
What is AWS AUTO SCALING GROUPS?
You create collections of EC2 instances, called Auto Scaling groups. You can specify the minimum number of instances in each Auto Scaling group, and Amazon EC2 Auto Scaling ensures that your group never goes below this size. You can specify the maximum number of instances in each Auto Scaling group, and Amazon EC2 Auto Scaling ensures that your group never goes above this size. If you specify the desired capacity, either when you create the group or at any time thereafter, Amazon EC2 Auto Scaling ensures that your group has this many instances. If you specify scaling policies, then Amazon EC2 Auto Scaling can launch or terminate instances as demand on your application increases or decreases. -> Linked to ELASTICITY principle
AWS CloudFormation (CFN)
It’s a DECLARATIVE (verbose, no misconfig, scripting language as JSON, YAML,XML) Infrastructure as a Code (IaC) tool to write scripts to AUTOMATE the creation, update and destruction of cloud infrastructure.
AWS Cloud Developement Kit (CDK)
It’s an IMPERATIVE (less verbose, possible misconfig, scripting language as Python, Ruby, Javascript) Infrastructure as a Code (IaC) tool to write scripts to AUTOMATE the creation, update and destruction of cloud infrastructure.
AWS CloudFormation
IaaC tool. Speed up cloud provisioning with infrastructure as code. AWS CloudFormation gives you an easy way to model a collection of related AWS and third-party resources, provision them quickly and consistently, and manage them throughout their lifecycles, by treating infrastructure as code. A CloudFormation template describes your desired resources and their dependencies so you can launch and configure them together as a stack. You can use a template to create, update, and delete an entire stack as a single unit, as often as you need to, instead of managing resources individually. You can manage and provision stacks across multiple AWS accounts and AWS Regions.
CloudFormation allows you to model your entire cloud environment in text files. You can use open-source declarative languages, such as JSON or YAML, to describe what AWS resources you want to create and configure. If you prefer to design visually, you can use AWS CloudFormation Designer to help you get started with AWS CloudFormation templates.
With the AWS Cloud Development Kit (AWS CDK), you can define your cloud environment using TypeScript, Python, Java, and .NET. AWS CDK is an open-source software development framework that helps you model cloud application resources using familiar programming languages, and then provision your infrastructure using CloudFormation directly from your IDE.
Does AWS Enterprise Support provide support for third-party software integration?
Yes it does.
