Certified Cloud Practitioner Exam (CLF-C01)

Question 1

Amazon EC2 Instance Type:

Provides balance of compute, memory, and networking resources. Flexible workloads.

Answer 1

Amazon EC2 Instance - General Purpose Instances

Question 2

Amazon EC2 Instance Type:

Ideal for compute-bound applications that benefit from high-performance processors

Answer 2

Amazon EC2 Instance - Compute Optimized Instances

Question 3

Amazon EC2 Instance Type:

Delivers fast performance for workloads that process large datasets in memory

Answer 3

Amazon EC2 Instance - Memory Optimized Instances

Question 4

Amazon EC2 Instance Type:

Use hardware accelerators, or coprocessors, to perform some functions more efficiently than is possible in software running on CPUs.

Answer 4

Amazon EC2 Instance - Accelerated Computing Instances

Examples of these functions include floating-point number calculations, graphics processing, and data pattern matching

Question 5

Amazon EC2 Instance Type:

Designed for workloads that require high, sequential read and write access to large datasets on local storage.

Answer 5

Amazon EC2 Instance - Storage Optimized Instances

Examples of workloads suitable for storage optimized instances include distributed file systems, data warehousing applications, and high-frequency online transaction processing (OLTP) systems.

Question 6

Amazon EC2 Pricing - OnDemand

Answer 6

Ideal for short-term, irregular workloads that cannot be interrupted. No upfront costs or minimum contracts apply. The instances run continuously until you stop them, and you pay for only the compute time you use.

Sample use cases for On-Demand Instances include developing and testing applications and running applications that have unpredictable usage patterns.

Question 7

Amazon EC2 Pricing - EC2 Savings Plan

Answer 7

Enables you to reduce your compute costs by committing to a consistent amount of compute usage for a 1-year or 3-year term.

Note: Discount based off of committed amount spent.

Question 8

Amazon EC2 Pricing - Reserved Instances

Answer 8

Billing discount applied to the use of On-Demand Instances in your account.

Two types: Standard Reserve Instances, convertible reserve instances. Terms of 1 or 3 years.

Note: Based off or upfront payment towards an instance, as opposed to a commitment to spend a certain amount (as in the savings plan)

Question 9

Amazon EC2 Pricing - Spot Instances

Answer 9

Ideal for workloads with flexible start and end times, or that can withstand interruptions.

Spot Instances use unused Amazon EC2 computing capacity and offer you cost savings at up to 90% off of On-Demand prices.

Question 10

Amazon EC2 Pricing - Dedicated Hosts

Answer 10

Physical servers with Amazon EC2 instance capacity that is fully dedicated to your use.

Question 11

EC2 Autoscaling

Answer 11

Enables you to automatically add or remove Amazon EC2 instances in response to changing application demand.

Predictive Scaling - Automatically schedules right number of Amazon EC2 instances based on predicted demand.

Dynamic scaling - Responds to changing demand.

Question 12

Elastic Load Balancing

Answer 12

The AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances.

Question 13

Messaging + Queuing

Answer 13

Queue is essentially a waitlist for messages being sent from one application to another. Makes sure messages are not lost if one application is down.

Question 14

AWS Lambda

Answer 14

AWS Lambda is a service that lets you run code without needing to provision or manage servers.

While using AWS Lambda, you pay only for the compute time that you consume. Charges apply only when your code is running. You can also run code for virtually any type of application or backend service, all with zero administration.

For example, a simple Lambda function might involve automatically resizing uploaded images to the AWS Cloud.

In this case, the function triggers when uploading a new image.

Question 15

Containers

Answer 15

Provide you with a standard way to package your application’s code and dependencies into a single object.

You can also use containers for processes and workflows in which there are essential requirements for security, reliability, and scalability.

Question 16

Amazon Elastic Container Service

Answer 16

Highly scalable, high-performance container management system that enables you to run and scale containerized applications on AWS.

Amazon ECS supports Docker containers. Docker is a software platform that enables you to build, test, and deploy applications quickly.

Question 17

Amazon Elastic Kubernetes Service (Amazon EKS)

Answer 17

Fully managed service that you can use to run Kubernetes on AWS.

Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale.

Question 18

Amazon Fargate

Answer 18

Serverless compute engine for containers. It works with both Amazon ECS and Amazon EKS.

When using AWS Fargate, you do not need to provision or manage servers. AWS Fargate manages your server infrastructure for you. You can focus more on innovating and developing your applications, and you pay only for the resources that are required to run your containers.

Question 19

Amazon Elastic Cloud Compute (Amazon EC2)

Answer 19

Provides secure, resizable compute capacity in the cloud as Amazon EC2 instances.

Question 20

List all Amazon EC2 Instance Types

Answer 20

General purpose
Compute optimized
Memory optimized
Accelerated computing
Storage Optimized

Question 21

Availability Zones

Answer 21

A single data center or group or data centers with a Region

Question 22

Edge Location

Answer 22

A site that Amazon CloudFront uses to store cached copies of your content closer to your customers for faster delivery

Question 23

Ways to Interact and Deploy AWS Services

Answer 23

AWS Management Console
AWS Command Line Interface
Software Development Kits
AWS Elastic Beanstalk
AWS Cloudformation

Question 24

AWS Elastic Beanstalk

Answer 24

A mechanism to interact and deploy AWS resources.

With AWS Elastic Beanstalk, you provide code and configuration settings, and Elastic Beanstalk deploys the resources necessary to allocate resources.

Question 25

AWS CloudFormation

Answer 25

A mechanism to interact and deploy AWS resources.

With AWS CloudFormation, you can treat your infrastructure as code. This means that you can build an environment by writing lines of code instead of using the AWS Management Console to individually provision resources.

Question 26

Amazon Cloudfront

Answer 26

Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy.

Question 27

AWS Outposts

Answer 27

Extends AWS infrastructure and services to your on-premises data center

Question 28

Amazon Virtual Private Cloud (VPC)

Answer 28

A networking service that you can use to establish boundaries around your AWS resources is Amazon Virtual Private Cloud (Amazon VPC).

Amazon VPC enables you to provision an isolated section of the AWS Cloud. In this isolated section, you can launch resources in a virtual network that you define. Within a virtual private cloud (VPC), you can organize your resources into subnets. A subnet is a section of a VPC that can contain resources such as Amazon EC2 instances.

Access your VPC via an internet gateway

Question 29

Amazon VPC Sub-topic:

Subnet

Answer 29

A subnet is a section of a VPC that can contain resources such as Amazon EC2 instances

Question 30

Virtual Private Gateway

Answer 30

The virtual private gateway is the component that allows protected internet traffic to enter into the VPC.

Question 31

AWS Direct Connect

Answer 31

AWS Direct Connect is a service that enables you to establish a dedicated private connection between your data center and a VPC

Question 32

Amazon VPC Sub-topic:

Packet

Answer 32

Unit of data sent over the internet or network

Question 33

Amazon VPC Sub-topic:

Network Access Control Lists (ACLs)

Answer 33

A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic (packets) at the subnet level.

Default network access control list allows all inbound and outbound traffic.

Question 34

Stateless Vs. Stateful Packet Filtering

Answer 34

Stateless packets filtering remember nothing and check packets that cross the subnet border each way: inbound and outbound.

Stateful packets filtering remember previous decisions made for incoming packets.

Question 35

AWS account’s default network access control list

Stateless vs. Stateful?
Allow inbound / outbound traffic?

Answer 35

It is stateless and allows all inbound and outbound traffic.

Question 36

Amazon VPC Sub-topic: Security Groups

Answer 36

A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.

By default, denies all inbound traffic and allows all outbound traffic.

Question 37

Domain Name System (DNS)

Answer 37

A system that translates a domain name provided by a person to an IP address.

Question 38

Amazon Route 53

Answer 38

A DNS web service that allows for a reliable way to route end users to internet applications hosted on AWS

Question 39

Amazon Instance Store

Answer 39

Provided temporary block-level storage for an Amazon EC2 instance.

When instance is terminated, you lost data in the instance store.

Question 40

Amazon Elastic Block Store (EBS)

Resides in how many availability zones?

Answer 40

Service that provides block-level storage volumes that you can use with Amazon EC2 instances.

Terminating instance will not delete data.

Resides within single Availability Zone. To attach to EC2 instance both EBS and EC2 must be in same zone

Question 41

AWS Simple Storage Service (S3)

Answer 41

Service that provides object-level storage (images, videos, txt files, etc…).

Question 42

Class of AWS S3: Amazon S3 Standard

Stored in how many availability zones?

Answer 42

Designed for frequently accessed data.

Stores data in minimum of three availability zones.

Question 43

Class of AWS S3: Amazon S3 Standard Infrequent Access

Answer 43

Ideal for infrequently accessed data.

Similar to S3 Standard but with lower storage price and higher retrieval price.

Question 44

Class of AWS S3: Amazon S3 One Zone Infrequent Access

Answer 44

Lower storage price than Amazon S3 Standard-IA

Question 45

Class of AWS S3: Amazon S3 Intelligent-Tiering

Answer 45

Ideal for data with unknown or changing access patterns.

Requires small monthly monitoring and automation fee per object.

Question 46

Class of AWS S3: Amazon S3 Glacier Instant Retrieval

Answer 46

Works well for archived data that requires immediate access (retrieval within a few milliseconds)

Question 47

Class of AWS S3: Amazon S3 Glacier Flexible Retrieval

Answer 47

Low-cost storage designed for data archiving.

Able to retrieve objects within few minutes to hours.

Question 48

Class of AWS S3: Amazon S3 Glacier Deep Dive

Answer 48

Lowest-cost object storage class ideal for archiving (retrieval within 12 hours)

Question 49

Amazon S3 Outposts

Answer 49

Created S3 buckets on Amazon S3 outposts.

Makes it easier to retrieve, store, and access data on AWS outposts.

Question 50

Amazon Elastic File System (Amazon EFS)

Answer 50

A scalable file system used with AWS Cloud services and on-premises resources. As you add and remove files, Amazon EFS grows and shrinks automatically. It can scale on demand to petabytes without disrupting applications.

It stores data in and across multiple Availability Zones.

Question 51

Amazon Relational Database Service (Amazon RDS)

Answer 51

It is a service that enables you to run relational databases in the AWS Cloud.

Amazon RDS is a managed service that automates tasks such as hardware provisioning, database setup, patching, and backups. With these capabilities, you can spend less time completing administrative tasks and more time using data to innovate your applications.

Supported Amazon RDS Database Engines include:

Amazon Aurora
PostgreSQL
MySQL
MariaDB
Oracle Database
Microsoft SQL Server

Question 52

Amazon Aurora

How many data copies? Availability zones?

Answer 52

Amazon Aurora is an enterprise-class relational database. It is compatible with MySQL and PostgreSQL relational databases. It is up to five times faster than standard MySQL databases and up to three times faster than standard PostgreSQL databases.

Amazon Aurora helps to reduce your database costs by reducing unnecessary input/output (I/O) operations, while ensuring that your database resources remain reliable and available.

Consider Amazon Aurora if your workloads require high availability. It replicates six copies of your data across three Availability Zones and continuously backs up your data to Amazon S3.

Question 53

Amazon DynamoDB

Answer 53

A key-value database service. It delivers single-digit millisecond performance at any scale. Serverless and automatic scaling.

Question 54

Amazon Redshift

Answer 54

A data warehousing service that you can use for big data analytics. It offers the ability to collect data from many sources and helps you to understand relationships and trends across your data.

Question 55

AWS Database Migration Service (AWS DMS)

Answer 55

Enables you to migrate relational databases, nonrelational databases, and other types of data stores.

With AWS DMS, you move data between a source database and a target database. The source and target databases can be of the same type or different types. During the migration, your source database remains operational, reducing downtime for any applications that rely on the database.

Question 56

AWS Identity and Access Management (IAM)

Answer 56

Enables you to manage access to AWS services and resources securely.

IAM gives you the flexibility to configure access based on your company’s specific operational and security needs.

Question 57

AWS Organizations

Answer 57

Used to consolidate and manage multiple AWS accounts within a central location.

Question 58

AWS Artifact

Answer 58

A service that provides on-demand access to AWS security and compliance reports and select online agreements. AWS Artifact consists of two main sections: AWS Artifact Agreements and AWS Artifact Reports.

In AWS Artifact Agreements, you can review, accept, and manage agreements for an individual account and for all your accounts in AWS Organizations. Different types of agreements are offered to address the needs of customers who are subject to specific regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).

AWS Artifact Reports provide compliance reports from third-party auditors. These auditors have tested and verified that AWS is compliant with a variety of global, regional, and industry-specific security standards and regulations. AWS Artifact Reports remains up to date with the latest reports released.

Question 59

denial-of-service (DoS) attack

Answer 59

A deliberate attempt to make a website or application unavailable to users.

Question 60

AWS Shield Standard / Advanced

Answer 60

AWS Shield is a service that protects applications against DDoS attacks. AWS Shield provides two levels of protection: Standard and Advanced.

AWS Shield Standard automatically protects all AWS customers at no cost. It protects your AWS resources from the most common, frequently occurring types of DDoS attacks.

AWS Shield Advanced is a paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks.

Question 61

AWS Key Management Service (AWS KMS)

Answer 61

Enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

Question 62

Amazon Machine Images (AMI)

Answer 62

Supported and maintained image provided by AWS that provides the information required to launch an instance

Question 63

Standard Reserve Instance (Pricing Option)

Answer 63

Pricing option discount when you specify a number if EC2 instances to run a specific OS, instance family and size, region, and tenancy

Question 64

Convertible Reserved Instances

Answer 64

Pricing discount where you don’t need to specify instance types or availability zone.

Question 65

Amazon Simple Queue Service (SQS)

Answer 65

A message queuing service that allows you to send, store, and receive messages between software components without losing messages or requiring components to be available.

Question 66

Amazon Simple Notification Service

Answer 66

A publisher/subsribe service. Allows a publisher to publish messages to subscriber.

Question 67

AWS Regions

Answer 67

Separate geographic areas consisting of multiple physically separated and isolated availability zones that are connected with low latency, high throughput, and highly redundant networking

Contain at least 3 availability zones

Question 68

Amazon DocumentDB

Answer 68

Document database service that supports MongoDB workloads.

Question 69

Amazon Neptune

Answer 69

A graph database service. Good for highly connected datasets.

Question 70

Amazon Quantum Ledger Database

Answer 70

A ledger database service. You can review a complete history of all the changes that have been made to your application data.

Question 71

Amazon Managed Blockchain

Answer 71

Service that you can use to create and manage blockchain networks with open source frameworks.

Blockchain is a distributed ledger technology that lets multiple parties run transactions and share data without a central authority.

Question 72

Amazon Elasticache

Answer 72

Service that adds caching layers on top of your databases to improve the read times of common requests.

Question 73

Amazon DynamoDB Accelerator

Answer 73

An in-memory cache for DynamoDB. Improved response times from single digit milliseconds to microseconds.

Question 74

AWS WAF

Answer 74

Web application firewall that’s lets you monitor requests that come into your web applications.

Question 75

Amazon Inspector

Answer 75

Improves security and compliance of applications by running automated security assessments.

Question 76

Amazon Guard Duty

Answer 76

Service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment

Question 77

AWS Cloudwatch

Answer 77

Web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics.

AWS sends metrics to Cloudwatch which then creates graphs automatically that show performance.

Can also set custom alarms.

Question 78

AWS Cloudtrail

Answer 78

Records API calls for your account. Also has option to enable Cloudtrail Insights

Question 79

AWS Trusted Advisor

Answer 79

Web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices

Question 80

AWS Trusted Advisor provides best practice recommendations across the following five categories:

Answer 80

Cost optimization, performance, security, fault tolerance, and service limits

Question 81

List AWS 6 Strategies for Migration

Answer 81

Rehosting
Replatforming
Refactoring / re-architecting
Repurchasing
Retaining
Retiring

Question 82

AWS 6 Strategies for Migration:

Rehosting

Answer 82

Known as “lift and shift” involves moving apps without changes

Question 83

AWS 6 Strategies for Migration

Replatforming

Answer 83

Known as “lift, tinker, and shift”, involved making a few cloud optimizations to realize a tangible benefit

Question 84

AWS 6 Strategies for Migration

Refactoring

Answer 84

Involves reimagining how an application is architecture and developed using cloud-native features.

Driven by a strong business need to add features, scale, or performance that would otherwise be difficult in the applications existing environment.

Question 85

AWS 6 Strategies for Migration

Repurchasing

Answer 85

Involves moving from a traditional license to a software as a service model.

Question 86

AWS 6 Strategies for Migration

Retaining

Answer 86

Consists of keeping applications that are critical for business in the source environment.

Question 87

AWS 6 Strategies for Migration

Retiring

Answer 87

Process of removing apps that are no longer needed.

Question 88

AWS Snowcone

Answer 88

A small, rugged, and secure edge computing a data transfer service.

Features 2CPUS, 4GB of memory, and up to 14TB of usable storage.

Question 89

AWS Snowball

Answer 89

Two types of devices: Snowball Edge Storage Optimized and Snowball Edge Compute Optimized

Question 90

AWS Snowmobile

Answer 90

Exabyte scale data transfer device used to move large amounts of data to AWS

Storage capacity of 100PB

Question 91

Six AWS Well Architected Framework Pillars

Answer 91

Operational excellence
Security
Reliability
Performance Efficiency
Cost Optimization
Sustainability

Question 92

AWS Cost Explorer

Answer 92

Allows businesses to create custom reports to analyze their AWS cost and usage data

Question 93

AWS Sagemaker

Answer 93

A managed service that provides tools to build, train, and deploy ML models.

Question 94

AWS NAT Gateway

Answer 94

An AWS managed that is used to connect private subnet instances to the AWS services or the internet.