Batch #3

Question 1

Which type of security control can be used to deny network access from a specific IP address?

Answer 1

Network ACL

Question 2

What does an organization need to do in Amazon IAM to enable user access to services being launched in new region?

Answer 2

Nothing, IAM is global

Question 3

Which AWS service allows you to automate the evaluation of recorded configurations against desired configuration?

Answer 3

AWS Config

Question 4

Which AWS service lets you add user sign up, sign-in and access control to web and mobile apps?

Answer 4

AWS Cognito

Question 5

What are two components of Amazon S3

Answer 5

Buckets (the folders) and Objects (files you upload)

Question 6

Which type of AWS Storage Gateway can be used to backup data with popular backup software?

Answer 6

Gateway Virtual Tap Library

Question 7

To reduce the price of your Amazon EC2 instances, which term lengths are available for reserved instances? (

Answer 7

1 or 3 years

Question 8

Which Amazon EC2 pricing model should be used to comply with per-core software license requirements?

Answer 8

Dedicated Hosts

Question 9

Which team is available to support AWS customers on an Enterprise support plan with account issues?

Answer 9

AWS Concierge

Question 10

What is the most cost-effective Amazon S3 storage tier for data that is not often accessed but requires high availability

Answer 10

Amazon S3 Standard-IA; S3 Standard-IA is for data that is accessed less frequently, but requires rapid access when needed. S3 Standard-IA offers the high durability, high throughput, and low latency of S3 Standard with 99.9% availability

Question 11

Which AWS service should be used to create a billing alarm?

Answer 11

AWS CloudWatch

Question 12

Which tool can be used to create alerts when the actual or forecasted cost of AWS services exceed a certain threshold?

Answer 12

AWS Budgets

Question 13

What billing timeframes are available for Amazon EC2 on-demand instances?

Answer 13

Per hour or per second; With EC2 you are billed either by the second, for some Linux instances, or by the hour for all other instance types.

Question 14

Which service can be added to a database to provide improved performance for some requests?

Answer 14

Amazon Elasticache

Question 15

Which feature of AWS IAM enables you to identify unnecessary permissions that have been assigned to users?

Answer 15

Access Advisor

Question 16

In addition to DNS services, what other services does Amazon Route 53 provide?

Answer 16

Domain Registration, Traffic Flow

Question 17

Which AWS support plan provides email only support by Cloud Support Associates?

Answer 17

Developer provides email support by the Cloud Support Associates team whereas Business and Enterprise provide email, 24×7 phone and chat access to Cloud Support Engineers. Basic does not provide email support at all.

Question 18

What is the name of the AWS managed Docker registry service used by the Amazon Elastic Container Service (ECS)?

Answer 18

Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.

Amazon ECR is integrated with Amazon Elastic Container Service (ECS). Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure.

Question 19

Which type of storage stores objects comprised of key, value pairs?

Answer 19

Amazon S3

Question 20

How can a company connect from their on-premises network to VPCs in multiple regions using private connections?

Answer 20

You can use an AWS Direct Connect gateway to connect your AWS Direct Connect connection over a private virtual interface to one or more VPCs in your account that are located in the same or different Regions

Question 21

Which service can you use to monitor, store and access log files generated by EC2 instances and on-premises servers?

Answer 21

AWS CloudWatch Logs

Question 22

A company needs protection from distributed denial of service (DDoS) attacks on its website and assistance from AWS experts during such events.

Which AWS managed service will meet these requirements?

Answer 22

AWS Shield Advanced

Question 23

Assuming you have configured them correctly, which AWS services can scale automatically without intervention?

Answer 23

AWS S3 and DynamoDB

Question 24

Which AWS security service provides a firewall at the subnet level within a VPC?

Answer 24

Network Access Control List; A Network ACL is a firewall that is associated with a subnet within your VPC. It is used to filter the network traffic that enters and exits the subnet.

Question 25

Which AWS service can be used to prepare and load data for analytics using an extract, transform and load (ETL) process?

Answer 25

AWS Glue

Question 26

Which support plan is the lowest cost option that allows unlimited cases to be open?

Answer 26

Developer

Question 27

Which AWS service lets connected devices easily and securely interact with cloud applications and other devices?

Answer 27

AWS IoT Core

Question 28

Which AWS service enables developers and data scientists to build, train, and deploy machine learning models?

Answer 28

Amazon SageMaker

Question 29

Which DynamoDB feature provides in-memory acceleration to tables that result in significant performance improvements?

Answer 29

Amazon DynamoDB Accelerator (DAX)