Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Study Deck - SAA > Chapter 9 - Developer Tools Management and Governance > Flashcards

Chapter 9 - Developer Tools Management and Governance Flashcards

1
Q

Which AWS service helps you enable governance, compliance, and operational and risk auditing of your AWS account and also records as events actions taken by a user, role, or an AWS service?

  1. AWS Cloudwatch
  2. AWS WAF
  3. AWS Shield
  4. AWS Cloudtrail
A
  1. AWS Cloudwatch
  2. AWS WAF
  3. AWS Shield
  4. AWS Cloudtrail
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where is Cloudtrail event logs stored?

  1. EBS
  2. RDS
  3. Redshift
  4. S3
  5. EMR
A
  1. EBS
  2. RDS
  3. Redshift
  4. S3
  5. EMR
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which AWS service you will use for continuous integration and continuous delivery for fast and reliable application and infrastructure updates?

  1. AWS CodePipeline
  2. AWS CodeBuild
  3. AWS CodeDeploy
  4. AWS CodeStar
  5. AWS CloudFormation
A
  1. AWS CodePipeline
  2. AWS CodeBuild
  3. AWS CodeDeploy
  4. AWS CodeStar
  5. AWS CloudFormation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which AWS service is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy?

  1. AWS CodePipeline
  2. AWS CodeBuild
  3. AWS CodeDeploy
  4. AWS CodeStar
  5. AWS CloudFormation
A
  1. AWS CodePipeline
  2. AWS CodeBuild
  3. AWS CodeDeploy
  4. AWS CodeStar
  5. AWS CloudFormation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which AWS service automates code deployments to any instance, including Amazon EC2 instances and on-premises servers?

  1. AWS CodePipeline
  2. AWS CodeBuild
  3. AWS CodeDeploy
  4. AWS CodeStar
  5. AWS CloudFormation
A
  1. AWS CodePipeline
  2. AWS CodeBuild
  3. AWS CodeDeploy
  4. AWS CodeStar
  5. AWS CloudFormation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which AWS service allows to model your entire infrastructure in a text file?

  1. AWS CodePipeline
  2. AWS CodeBuild
  3. AWS CodeDeploy
  4. AWS CodeStar
  5. AWS CloudFormation
A
  1. AWS CodePipeline
  2. AWS CodeBuild
  3. AWS CodeDeploy
  4. AWS CodeStar
  5. AWS CloudFormation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which AWS configuration management service uses Chef?

  1. AWS CodePipeline
  2. AWS CodeBuild
  3. AWS CodeDeploy
  4. AWS OpsWorks
  5. AWS CloudFormation
A
  1. AWS CodePipeline
  2. AWS CodeBuild
  3. AWS CodeDeploy
  4. AWS OpsWorks
  5. AWS CloudFormation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which AWS service helps you to continuously monitor and record configuration changes of your AWS resources and also inventory your AWS resources?

  1. AWS Cloudwatch
  2. AWS Config
  3. AWS SystemManager
  4. AWS OpsWorks
  5. AWS CloudFormation
A
  1. AWS Cloudwatch
  2. AWS Config
  3. AWS SystemManager
  4. AWS OpsWorks
  5. AWS CloudFormation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which AWS service will you use to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources?

  1. AWS Cloudwatch
  2. AWS Config
  3. AWS SystemManager
  4. AWS Cloudwatch
  5. AWS CloudFormation
A
  1. AWS Cloudwatch
  2. AWS Config
  3. AWS SystemManager
  4. AWS Cloudwatch
  5. AWS CloudFormation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

As a developer which AWS service you will use to analyze and debug production, distributed applications built using a microservices architecture?

  1. AWS Cloudwatch
  2. AWS Config
  3. AWS SystemManager
  4. AWS Cloudwatch
  5. AWS X-Ray
A
  1. AWS Cloudwatch
  2. AWS Config
  3. AWS SystemManager
  4. AWS Cloudwatch
  5. AWS X-Ray
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following format can be used to write CloudFormation ‘infrastructure as a code’ scripts?

  1. JSON only
  2. YAML only
  3. JSON and YAML
  4. JSON and XML
  5. XML Only
A
  1. JSON only
  2. YAML only
  3. JSON and YAML
  4. JSON and XML
  5. XML Only
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You want to centralize operational data from multiple AWS services and automate tasks across your AWS resources. Which AWS service you should use?

  1. AWS Account Dashboard
  2. AWS System Manager
  3. AWS Trusted Advisor
  4. AWS Cloud Trail
A
  1. AWS Account Dashboard
  2. AWS System Manager
  3. AWS Trusted Advisor
  4. AWS Cloud Trail
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following use case is not enabled by Cloudtrail?

  1. IT and Security administrators can perform security analysis
  2. DevOps engineers can model and provision AWS and third party application resources in your cloud environment
  3. IT Administrators and DevOps engineers can track changes to AWS resources
  4. DevOps engineers can troubleshoot operations issues
  5. IT Auditors can use log files as compliance aid
A
  1. IT and Security administrators can perform security analysis
  2. DevOps engineers can model and provision AWS and third party application resources in your cloud environment
  3. IT Administrators and DevOps engineers can track changes to AWS resources
  4. DevOps engineers can troubleshoot operations issues
  5. IT Auditors can use log files as compliance aid
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the different use cases for AWS Config? Choose 4.

  1. To exercise better governance over your resource configurations and to detect resource misconfigurations.
  2. To have visibility and control of your infrastructure on AWS.
  3. Auditing and Compliance for data that requires frequent audits to ensure compliance with internal policies and best practices.
  4. Managing and Troubleshooting Configuration Changes.
  5. Detailed historical information about your AWS resource configurations to analyze potential security weaknesses.
A
  1. To exercise better governance over your resource configurations and to detect resource misconfigurations.
  2. To have visibility and control of your infrastructure on AWS.
  3. Auditing and Compliance for data that requires frequent audits to ensure compliance with internal policies and best practices.
  4. Managing and Troubleshooting Configuration Changes.
  5. Detailed historical information about your AWS resource configurations to analyze potential security weaknesses.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

By default, what is the periodic interval in which Amazon EC2 sends metric data to CloudWatch?

  1. 1-minute
  2. 3-minute
  3. 5-minute
  4. 4-minute
A
  1. 1-minute
  2. 3-minute
  3. 5-minute
  4. 4-minute
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What you should do to send metric data for your instance to CloudWatch in 1-minute periods?

  1. Disable detailed monitoring
  2. Enable detailed monitoring
  3. Write a lambda program to process CloudWatch events
  4. Change the value in Cloudwatch for periodic interval to 1 minute
A
  1. Disable detailed monitoring
  2. Enable detailed monitoring
  3. Write a lambda program to process CloudWatch events
  4. Change the value in Cloudwatch for periodic interval to 1 minute
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You are the cloud infrastructure administrator for your company. The VPC created by different business unit development team have to following security guidelines:

    • No security group should ingress from 0.0.0.0/0 to port 22 -
  • VPC flow logs should be enabled -
  • Default security group of every VPC should restricts all traffic.

How can you ensure that you are notified whenever there is a change in existing VPC or a new VPC is created which violates the above rules?

  1. Use AWS Cloudtrail and have a custom log analyzer to capture the settings and changes.
  2. Use Amazon Inspector to capture the settings and changes.
  3. Use Amazon Cloudwatch to capture the settings and changes.
  4. Use AWS Config to create above compliance rules for VPC
A
  1. Use AWS Cloudtrail and have a custom log analyzer to capture the settings and changes.
  2. Use Amazon Inspector to capture the settings and changes.
  3. Use Amazon Cloudwatch to capture the settings and changes.
  4. Use AWS Config to create above compliance rules for VPC
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are differences between AWS Config and AWS CloudTrail? Choose 2.

  1. AWS CloudTrail records user API activity on your account and allows you to access information about this activity. AWS Config records point-in-time configuration details for your AWS resources as Configuration Items (CIs).
  2. AWS CloudTrail get full details about API actions, such as identity of the caller, the time of the API call, the request parameters, and the response elements returned by the AWS service. You can use AWS Config to answer “What did my AWS resource look like?” at a point in time. You can use AWS CloudTrail to answer “Who made an API call to modify this resource?”
  3. AWS Config get full details about API actions, such as identity of the caller, the time of the API call, the request parameters, and the response elements returned by the AWS service. You can use AWS CloudTrail CI to answer “What did my AWS resource look like?” at a point in time. You can use AWS CloudTrail toanswer “Who made an API call to modify this resource?”
  4. AWS Config records user API activity on your account and allows you to access information about this activity. AWS CloudTrail records point-in-time configuration details for your AWS resources as Configuration Items (CIs).
A
  1. AWS CloudTrail records user API activity on your account and allows you to access information about this activity. AWS Config records point-in-time configuration details for your AWS resources as Configuration Items (CIs).
  2. AWS CloudTrail get full details about API actions, such as identity of the caller, the time of the API call, the request parameters, and the response elements returned by the AWS service. You can use AWS Config to answer “What did my AWS resource look like?” at a point in time. You can use AWS CloudTrail to answer “Who made an API call to modify this resource?”
  3. AWS Config get full details about API actions, such as identity of the caller, the time of the API call, the request parameters, and the response elements returned by the AWS service. You can use AWS CloudTrail CI to answer “What did my AWS resource look like?” at a point in time. You can use AWS CloudTrail toanswer “Who made an API call to modify this resource?”
  4. AWS Config records user API activity on your account and allows you to access information about this activity. AWS CloudTrail records point-in-time configuration details for your AWS resources as Configuration Items (CIs).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which AWS service enables you to monitor your complete stack (applications, infrastructure, and services) and leverage alarms, logs, and events data to take automated actions?

  1. Account Dashboard
  2. Flow Logs
  3. CloudWatch
  4. Cloud Trail
A
  1. Account Dashboard
  2. Flow Logs
  3. CloudWatch
  4. Cloud Trail
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You are the solution architect for a Healthcare Application developed on AWS platform. Because of the regulatory requirements you want an email to be sent to a distribution list whenever there is configuration changes that involve security groups and Network Access Control List (ACL). How can you achieve this?

  1. Configure VPC flow logs with CloudWatch Logs to monitor your trail logs and be notified when activity occurs through SNS email.
  2. Configure CloudTrail with CloudWatch Logs to monitor your trail logs and be notified when activity occurs through SNS email.
  3. Configure CloudTrail notify when activity occurs through SNS email.
  4. Configure CloudWatch to monitor and be notified when activity occurs through SNS email.
A
  1. Configure VPC flow logs with CloudWatch Logs to monitor your trail logs and be notified when activity occurs through SNS email.
  2. Configure CloudTrail with CloudWatch Logs to monitor your trail logs and be notified when activity occurs through SNS email.
  3. Configure CloudTrail notify when activity occurs through SNS email.
  4. Configure CloudWatch to monitor and be notified when activity occurs through SNS email.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the benefits of CloudFormation? Choose 3.

  1. Simplifies Infrastructure Management. AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources.
  2. Quickly Replicate Your Infrastructure. You can reuse your template to set up your resources consistently and repeatedly.
  3. Easily Control and Track Changes to Your Infrastructure.
  4. Provides an environment to easily deploy and run applications in the cloud.
A
  1. Simplifies Infrastructure Management. AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources.
  2. Quickly Replicate Your Infrastructure. You can reuse your template to set up your resources consistently and repeatedly.
  3. Easily Control and Track Changes to Your Infrastructure.
  4. Provides an environment to easily deploy and run applications in the cloud.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

You are maintaining three environment for your web application in the US-East region: Production, Staging and QA. Production environment has 4 EC2 instances. Your DevOps team uses CloudFormation to manage the environment infrastructure provisioning. To do performance testing in a secluded environment you have requested your DevOps team to spin off another environment in US-East region which is replica of Production environment. The DevOps mentions that they will cross the EC2 instance quota for the region if they create 4 EC2 instances but will meet the total quota if they provision 3 instances. What will happen if the DevOps team executes the CloudFormation template to provision 4 instances?

  1. All four EC2 instances will be provisioned irrespective of regional total count exceeding the quota.
  2. The template execution will fail and not a single EC2 instance will be provisioned.
  3. The template execution will throw a warning, but provision three EC2 instance which will make the total equal to region quota.
  4. The template execution will provision three EC2 instance and raise AWS support request automatically for provision of one more EC2 instance.
A
  1. All four EC2 instances will be provisioned irrespective of regional total count exceeding the quota.
  2. The template execution will fail and not a single EC2 instance will be provisioned.
  3. The template execution will throw a warning, but provision three EC2 instance which will make the total equal to region quota.
  4. The template execution will provision three EC2 instance and raise AWS support request automatically for provision of one more EC2 instance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the features of AWS X-Ray? Choose 4.

  1. Simplifies your compliance audits by automatically recording and storing event logs for actions made within your AWS account.
  2. You can analyze simple asynchronous event calls, three-tier web applications, or complex microservices applications consisting of thousands of services.
  3. Traces user requests as they travel through your entire application
  4. You can glean insights into how your application is performing identify performance bottlenecks and discover root causes.
  5. Can automatically highlight bugs or errors in your application code by analyzing the response code for each request made to your application.
A
  1. Simplifies your compliance audits by automatically recording and storing event logs for actions made within your AWS account.
  2. You can analyze simple asynchronous event calls, three-tier web applications, or complex microservices applications consisting of thousands of services.
  3. Traces user requests as they travel through your entire application
  4. You can glean insights into how your application is performing identify performance bottlenecks and discover root causes.
  5. Can automatically highlight bugs or errors in your application code by analyzing the response code for each request made to your application.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

You company’s Cloud Center of Excellence has defined security policies for AWS services used for deployed applications. You have been tasked to create solution that will detect, inform and automatically react to non-compliant configuration changes within application microservices architecture. For example if a member of the development team has made a change to the API Gateway for a microservice to allow the endpoint to accept inbound HTTP traffic, rather than only allowing HTTPS requests. Your solution should identifies this change as a security violation, and performs two actions: creates a log of the detected change for auditing and send a notification. Which AWS services you will use to tackle this scenario so that it is scalable, reliable and cost effective?

  1. AWS Config, Amazon SNS, Amazon SQS, AWS Lambda
  2. AWS Config, Amazon SNS, Amazon SQS, Amazon EC2
  3. AWS Config, Amazon SQS, AWS Lambda
  4. AWS Config, Amazon SNS, Amazon SQS
  5. AWS Config, Amazon SNS
A
  1. AWS Config, Amazon SNS, Amazon SQS, AWS Lambda
  2. AWS Config, Amazon SNS, Amazon SQS, Amazon EC2
  3. AWS Config, Amazon SQS, AWS Lambda
  4. AWS Config, Amazon SNS, Amazon SQS
  5. AWS Config, Amazon SNS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Choose two correct statements regarding Cloudwatch metrics?

  1. Standard resolution, with data having a one-minute granularity
  2. High resolution, with data at a granularity of one second
  3. Standard resolution, with data having a one-second granularity
  4. High resolution, with data at a granularity of one minute
A
  1. Standard resolution, with data having a one-minute granularity
  2. High resolution, with data at a granularity of one second
  3. Standard resolution, with data having a one-second granularity
  4. High resolution, with data at a granularity of one minute
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Your company has deployed lot of web applications on AWS running on Auto Scaling EC2 instances. You want to monitor the EC2 service limits continuously and also to be proactively notified when your AWS account has reached 60% of the EC2 On-Demand instance limit. How can you achieve this? Choose 2.

  1. Use the AWS Trusted Advisor Service Limits check to monitor service limits.
  2. Configure alarm in Cloudwatch using TrustedAdvisor servicelimit metrics.
  3. Configure alarm in Cloudtrail using TrustedAdvisor servicelimit metrics.
  4. Use the AWS System Manager to monitor service limits.
A
  1. Use the AWS Trusted Advisor Service Limits check to monitor service limits.
  2. Configure alarm in Cloudwatch using TrustedAdvisor servicelimit metrics.
  3. Configure alarm in Cloudtrail using TrustedAdvisor servicelimit metrics.
  4. Use the AWS System Manager to monitor service limits.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which AWS services will help your company to enable compliance, and operational and risk auditing of your AWS account? Choose 2.

  1. CloudTrail
  2. CloudWatch
  3. Config
  4. CloudFormation
A
  1. CloudTrail
  2. CloudWatch
  3. Config
  4. CloudFormation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

You are using AWS Config to keep track of the configuration of your S3 bucket ACLs and policies for violations which allows public read or public write access. If AWS Config finds a policy violation for noncompliant S3 bucket, how can you ensure it is remediated automatically?

  1. With AWS Config, use Amazon CloudWatch, Amazon SNS, and Lambda to overwrite a public bucket ACL.
  2. There is not automatic option in AWS Config to remediate a non-compliant resource.
  3. Use AWS Config auto remediation feature for AWS Config rules using existing S3 documents or custom S3 documents.
  4. Use AWS Config auto remediation feature for AWS Config rules using existing SSM documents or custom SSM documents.
A
  1. With AWS Config, use Amazon CloudWatch, Amazon SNS, and Lambda to overwrite a public bucket ACL.
  2. There is not automatic option in AWS Config to remediate a non-compliant resource.
  3. Use AWS Config auto remediation feature for AWS Config rules using existing S3 documents or custom S3 documents.
  4. Use AWS Config auto remediation feature for AWS Config rules using existing SSM documents or custom SSM documents.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Your company has deployed applications on AWS across regions. As per audit requirements they want to monitor API activity for resources across all regions and also for any future regions as well. How can achieve this?

  1. Turn on CloudTrail for each desired region. For future region create it separately using console.
  2. Specify that a trail will apply to all regions and CloudTrail will automatically create the same trail in each region. Future region trail will be automatically created.
  3. Turn on CloudTrail for each desired region. For future region create it separately using CloudFormation.
  4. Turn on CloudTrail for each desired region. For future region create it separately using AWS CLI.
A
  1. Turn on CloudTrail for each desired region. For future region create it separately using console.
  2. Specify that a trail will apply to all regions and CloudTrail will automatically create the same trail in each region. Future region trail will be automatically created.
  3. Turn on CloudTrail for each desired region. For future region create it separately using CloudFormation.
  4. Turn on CloudTrail for each desired region. For future region create it separately using AWS CLI.
30
Q

Which of the following provides an automated way to send log data to CloudWatch Logs from Amazon EC2 instances?

  1. VPC Flow Logs
  2. Cloudtrail
  3. CloudWatch Logs Agent
  4. Cloudtrail Logs Agent
A
  1. VPC Flow Logs
  2. Cloudtrail
  3. CloudWatch Logs Agent
  4. Cloudtrail Logs Agent
31
Q

Which of the following statement is not correct about Amazon CloudWatch Events?

  1. Delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources.
  2. Using simple rules that you can quickly set up, you can match events and route them to one or more target functions or streams.
  3. A rule matches incoming events and routes them to targets for processing.
  4. A single rule can route to only a single target.
A
  1. Delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources.
  2. Using simple rules that you can quickly set up, you can match events and route them to one or more target functions or streams.
  3. A rule matches incoming events and routes them to targets for processing.
  4. A single rule can route to only a single target.
32
Q

Which of the following you cannot configure as targets for CloudWatch Events?

  1. Amazon EC2 instances, AWS Lambda functions, Amazon Kinesis Data Streams, Amazon Kinesis Data Firehose
  2. Log groups in Amazon CloudWatch Logs, Amazon ECS tasks, Pipelines in CodePipeline
  3. Amazon SNS topics, Amazon SQS queues, AWS Batch jobs, Step Functions state machines
  4. S3, EBS, EFS, RDS, DynamoDB
A
  1. Amazon EC2 instances, AWS Lambda functions, Amazon Kinesis Data Streams, Amazon Kinesis Data Firehose
  2. Log groups in Amazon CloudWatch Logs, Amazon ECS tasks, Pipelines in CodePipeline
  3. Amazon SNS topics, Amazon SQS queues, AWS Batch jobs, Step Functions state machines
  4. S3, EBS, EFS, RDS, DynamoDB
33
Q

Which of the following is incorrect about CloudFormation Stack?

  1. A collection of AWS resources that you can manage as a single unit.
  2. You can create, update, or delete a collection of resources by creating, updating, or deleting stacks.
  3. If a resource cannot be created, AWS CloudFormation doesn’t rolls the stack back.
  4. All the resources in a stack are defined by the stack’s AWS CloudFormation template.
A
  1. A collection of AWS resources that you can manage as a single unit.
  2. You can create, update, or delete a collection of resources by creating, updating, or deleting stacks.
  3. If a resource cannot be created, AWS CloudFormation doesn’t rolls the stack back.
  4. All the resources in a stack are defined by the stack’s AWS CloudFormation template.
34
Q

You have used CloudFormation to create a stack comprising of EC2 instance, ELB and RDS. After few weeks you want to update the instances’ AMI ID. How can you update it using CloudFormation? Choose 2.

  1. Direct update, you submit a template or input parameters that specify updates to the resources in the stack, and AWS CloudFormation will immediately deploy them.
  2. Updating Stack Using Change Sets which allow you to preview how proposed changes to a stack might impact your running resources.
  3. You cannot update a running stack using CloudFormation.
  4. Create a new stack and delete the existing resources.
A
  1. Direct update, you submit a template or input parameters that specify updates to the resources in the stack, and AWS CloudFormation will immediately deploy them.
  2. Updating Stack Using Change Sets which allow you to preview how proposed changes to a stack might impact your running resources.
  3. You cannot update a running stack using CloudFormation.
  4. Create a new stack and delete the existing resources.
35
Q

When you submit an update, AWS CloudFormation updates resources based on differences between what you submit and the stack’s current template. Resources that have not changed run without disruption during the update process. Which of the following is update behavior used by AWS CloudFormation for updated resources?

  1. Update with No Interruption
  2. Updates with Some Interruption
  3. Replacement
  4. All of the above
A
  1. Update with No Interruption
  2. Updates with Some Interruption
  3. Replacement
  4. All of the above
36
Q

What are the recommendations provided by Cost Explorer?

Choose 2.

  1. Reserved Instance Recommendations
  2. Budget Recommendations
  3. EC2 Rightsizing recommendations
  4. RD S Rightsizing recommendations
A
  1. Reserved Instance Recommendations
  2. Budget Recommendations
  3. EC2 Rightsizing recommendations
  4. RD S Rightsizing recommendations
37
Q

Your organization use multiple accounts for business units, applications, and developers. They often create separate accounts for development, testing, staging, and production on a per-application basis. They build global applications that span two or more regions, implement sophisticated multi-region disaster recovery models, replicate S3, Aurora, PostgreSQL, and MySQL data in real time, and choose locations for storage and processing of sensitive data in accord with national and regional regulations. Which feature of CloudFormation you can use that can make rolling out stacks across accounts in different region easy and consistent?

  1. CloudFormation StackSet which extends the functionality of stacks by enabling you to create, update, or delete stacks across multiple accounts and regions with a single operation.
  2. Use separate CloudFormation template for every region in each account.
  3. Use third party tools provided by AWS partners to manage CloudFormation templates across regions and accounts.
  4. Create a good designed parameter driven CloudFormation template which can be reused across account and regions.
A
  1. CloudFormation StackSet which extends the functionality of stacks by enabling you to create, update, or delete stacks across multiple accounts and regions with a single operation.
  2. Use separate CloudFormation template for every region in each account.
  3. Use third party tools provided by AWS partners to manage CloudFormation templates across regions and accounts.
  4. Create a good designed parameter driven CloudFormation template which can be reused across account and regions.
38
Q

Which AWS service records AWS API calls for your account and delivers log files to you?

  1. AWS Cloudwatch
  2. AWS Config
  3. AWS Cloudtrail
  4. AWS Cloudwatch
  5. AWS X-Ray
A
  1. AWS Cloudwatch
  2. AWS Config
  3. AWS Cloudtrail
  4. AWS Cloudwatch
  5. AWS X-Ray
39
Q

Your company is using AWS CloudFormation to create, manage, and update a collection of AWS resources (a “stack”) in a controlled, predictable manner. Currently to update a stack the process followed is to edit their existing template (or create a new one) and then use CloudFormation’s Update Stack operation to activate the changes. Recently you have been asked by your DevOps head for additional insight into the changes that CloudFormation is planning to perform when there is an update to a stack. You should be able to preview the changes, verify that they are in line with their expectations, and proceed with the update. How can you achieve this?

  1. There is no preview feature of update stack in CloudFormation.
  2. Create a change set by submitting changes against the stack you want to update. CloudFormation compares the stack to the new template and/or parameter values and produces a change set that you can review and then choose to apply (execute).
  3. Create a preview set by submitting changes against the stack you want to update. CloudFormation compares the stack to the new template and/or parameter values and produces a change set that you can review and then choose to apply (execute).
  4. Create a test update set by submitting changes against the stack you want to update. CloudFormation compares the stack to the new template and/or parameter values and produces a change set that you can review and then choose to apply (execute).
A
  1. There is no preview feature of update stack in CloudFormation.
  2. Create a change set by submitting changes against the stack you want to update. CloudFormation compares the stack to the new template and/or parameter values and produces a change set that you can review and then choose to apply (execute).
  3. Create a preview set by submitting changes against the stack you want to update. CloudFormation compares the stack to the new template and/or parameter values and produces a change set that you can review and then choose to apply (execute).
  4. Create a test update set by submitting changes against the stack you want to update. CloudFormation compares the stack to the new template and/or parameter values and produces a change set that you can review and then choose to apply (execute).
40
Q

You have been using ‘infrastructure as code’ by leveraging CloudFormation templates to deploy stacks for your web applications. You have a loadbalancer configuration that you use for most of your stacks. Your manager asked you if there is a way to avoid copying and pasting the same configurations into your templates. What will be your answer?

  1. Use Reuse Stacks
  2. Use Parent-child Stacks
  3. Use Changed set stacks
  4. Use Nested Stacks
A
  1. Use Reuse Stacks
  2. Use Parent-child Stacks
  3. Use Changed set stacks
  4. Use Nested Stacks
41
Q

You are a solution architect for a multinational company which wants to migrate all their existing applications to AWS cloud platform. They want to create separate AWS account based on each country where they have regional headquarters. They also want to centrally manage billing; control access, compliance, and security; and share resources across AWS accounts. If you want to define your own custom multi-account environment with advanced governance and management capabilities which AWS service you will use?

  1. AWS Organizations
  2. AWS System Manager
  3. AWS Control Tower
  4. AWS Service Catalog
A
  1. AWS Organizations
  2. AWS System Manager
  3. AWS Control Tower
  4. AWS Service Catalog
42
Q

Which of the following central governance and management capabilities does AWS Organizations does not enable? Choose 2.

  1. Centralized management of all of your AWS accounts
  2. Consolidated billing for all member accounts
  3. Hierarchical grouping of your accounts to meet your budgetary, security, or compliance needs
  4. A landing zone which is a well-architected, multi-account AWS environment that’s based on security and compliance best practices.
  5. Control over the AWS services and API actions that each account can access
  6. An Account Factory which is a configurable account template that helps to standardize the provisioning of new accounts with pre-approved account configurations.
A
  1. Centralized management of all of your AWS accounts
  2. Consolidated billing for all member accounts
  3. Hierarchical grouping of your accounts to meet your budgetary, security, or compliance needs
  4. A landing zone which is a well-architected, multi-account AWS environment that’s based on security and compliance best practices.
  5. Control over the AWS services and API actions that each account can access
  6. An Account Factory which is a configurable account template that helps to standardize the provisioning of new accounts with pre-approved account configurations.
43
Q

Which of the following are components of setting up AWS Organizations? Choose 4.

  1. Root
  2. AWS Account
  3. IAM Policies
  4. Organization Unit (OU)
  5. Service control policies (SCPs)
A
  1. Root
  2. AWS Account
  3. IAM Policies
  4. Organization Unit (OU)
  5. Service control policies (SCPs)
44
Q

AWS Trusted Advisor analyzes your environment on which of the following five categories?

  1. Cost Optimization
  2. Performance
  3. Security
  4. Reliability
  5. Fault Tolerance
  6. Service Limits
A
  1. Cost Optimization
  2. Performance
  3. Security
  4. Reliability
  5. Fault Tolerance
  6. Service Limits
45
Q

Your company uses AWS, it is looking to be more agile with deployments and enable developers to focus more on writing code instead of devoting time on managing servers, databases, networking, security etc. Which of the following three services can help you in achieving this goal?

  1. AWS CodeCommit
  2. AWS CodePipeline
  3. AWS Elastic Beanstalk
  4. AWS CloudFormation
A
  1. AWS CodeCommit
  2. AWS CodePipeline
  3. AWS Elastic Beanstalk
  4. AWS CloudFormation
46
Q

Which of the following is not a use case for AWS Organizations?

  1. Implement and enforce corporate security, audit, and compliance policies
  2. Share resources across accounts
  3. Automate the deployment of AWS workloads
  4. Automate the creation of AWS accounts and categorize workloads
A
  1. Implement and enforce corporate security, audit, and compliance policies
  2. Share resources across accounts
  3. Automate the deployment of AWS workloads
  4. Automate the creation of AWS accounts and categorize workloads
47
Q

Which of the following statements are correct about AWS Organization Service control policies (SCPs)? Choose 4.

  1. SCPs aren’t available if your Organization has enabled only the consolidated billing features.
  2. SCPs are available if your Organization has enabled only the consolidated billing features.
  3. SCPs are not available in an Organization that has all features enabled.
  4. SCPs are available only in an Organization that has all features enabled.
  5. SCPs are necessary but not sufficient for granting access in the accounts in your organization. You still need to attach IAM policies to users and roles in your organization’s accounts to actually grant permissions to them.
  6. SCPs are sufficient for granting access in the accounts in your Organization. You don’t need to attach IAM policies to users and roles in your Organization’s accounts to actually grant permissions to them.
  7. An SCP never grants permissions. Instead, SCPs are JSON policies that specify the maximum permissions for an Organization or Organization Unit (OU).
A
  1. SCPs aren’t available if your Organization has enabled only the consolidated billing features.
  2. SCPs are available if your Organization has enabled only the consolidated billing features.
  3. SCPs are not available in an Organization that has all features enabled.
  4. SCPs are available only in an Organization that has all features enabled.
  5. SCPs are necessary but not sufficient for granting access in the accounts in your organization. You still need to attach IAM policies to users and roles in your organization’s accounts to actually grant permissions to them.
  6. SCPs are sufficient for granting access in the accounts in your Organization. You don’t need to attach IAM policies to users and roles in your Organization’s accounts to actually grant permissions to them.
  7. An SCP never grants permissions. Instead, SCPs are JSON policies that specify the maximum permissions for an Organization or Organization Unit (OU).
48
Q

The diagram below depicts the configuration in an AWS Organization setup for a company. Services whitelisted (allowed) for each group by the organization’s SCP are in filled circle, and IAM policies allowing access to particular services are in without filled circle. The IAM user Bob is part of the Dev OU, and the IAM policy associated with Bob allows full access to the Amazon S3 and Amazon EC2 services. The SCP associated with the Dev OU and Sales OU allows the use of the S3 service. David user doesn’t have any IAM policy attached to it. Which of the following statements are correct? Choose 2.

  1. Bob cannot use EC2.
  2. Bob can use EC2.
  3. David can access S3.
  4. David cannot access S3.
A
  1. Bob cannot use EC2.
  2. Bob can use EC2.
  3. David can access S3.
  4. David cannot access S3.
49
Q

Which AWS service is for creating, managing, and working with software development projects on AWS and helps in quickly develop, build, and deploying applications?

  1. AWS OpsWorks
  2. AWS CodeStar
  3. AWS SystemManager
  4. AWS CloudFormation
A
  1. AWS OpsWorks
  2. AWS CodeStar
  3. AWS SystemManager
  4. AWS CloudFormation
50
Q

Which AWS service can be used to set up CI/CD process?

  1. Aws CodePipeline
  2. Aws CodeCommit
  3. Aws CodeBuild
  4. Aws CodeDeploy
A
  1. Aws CodePipeline
  2. Aws CodeCommit
  3. Aws CodeBuild
  4. Aws CodeDeploy
51
Q

You are the solution architect for an online store application hosted on Amazon EC2 and using serverless technologies like Amazon API Gateway, AWS Lambda, and Amazon DynamoDB. Which AWS service you will use to analyze and debug production, distributed applications, such as those built using a microservices architecture?

  1. AWS Cloudtrail
  2. AWS Cloudwatch
  3. AWS Config
  4. AWS X-Ray
A
  1. AWS Cloudtrail
  2. AWS Cloudwatch
  3. AWS Config
  4. AWS X-Ray
52
Q

Which AWS service automates and simplifies the task of repeatedly and predictably creating groups of related resources of your applications as ‘Infrastructure as Code’?

  1. AWS CodePipeline
  2. AWS CodeCommit
  3. AWS CloudFormation
  4. AWS CodeDeploy
A
  1. AWS CodePipeline
  2. AWS CodeCommit
  3. AWS CloudFormation
  4. AWS CodeDeploy
53
Q

Which of the following statements are correct about CloudFormation Template? Choose 4.

  1. AWS CloudFormation templates are JSON or YAML-formatted text files.
  2. A stack is a collection of resources that result from instantiating a template.
  3. You create a stack by supplying a template and any required parameters to AWS CloudFormation.
  4. A stack is collection of templates to create resources.
  5. Based on the template and any dependencies specified in it, AWS CloudFormation determines what AWS resources need to be created and in what order.
  6. AWS CloudFormation templates can be written using java, .net or python.
A
  1. AWS CloudFormation templates are JSON or YAML-formatted text files.
  2. A stack is a collection of resources that result from instantiating a template.
  3. You create a stack by supplying a template and any required parameters to AWS CloudFormation.
  4. A stack is collection of templates to create resources.
  5. Based on the template and any dependencies specified in it, AWS CloudFormation determines what AWS resources need to be created and in what order.
  6. AWS CloudFormation templates can be written using java, .net or python.
54
Q

Your company’s devops team wants to use CloudFormation for provisioning and configuring the resources required for a web application for test and production environment. Though the resources required are same for both environment but there will be difference in configuration. For example following configuration will be different for two environments: Amazon RDS database size, EC2 instance type, security groups. Load balancer. Which of the following statements is correct?

  1. As the configuration of resources in two environment is different, devops team have to create two separate CloudFormation template.
  2. Devops team can use one template for both environments by using parameters to customize configuration specific to an environment at the runtime.
  3. CloudFormation parameter supports EC2 but not RDS configuration during runtime.
  4. CloudFormation parameter supports RDS but not EC2 configuration during runtime.
A
  1. As the configuration of resources in two environment is different, devops team have to create two separate CloudFormation template.
  2. Devops team can use one template for both environments by using parameters to customize configuration specific to an environment at the runtime.
  3. CloudFormation parameter supports EC2 but not RDS configuration during runtime.
  4. CloudFormation parameter supports RDS but not EC2 configuration during runtime.
55
Q

Your devops team uses CloudFormation template to provision resources for web application running on Amazon EC2 instance and Amazon RDS Aurora. For the initial beta release they have deployed the web application on a production environment running on t1.micro Amazon EC2 instance. Next week they are planning to roll out the web application to wider set of users and expecting more traffic. To handle the increase in the traffic they want to change the production environment EC2 instance from t1.micro to m1.small Amazon EC2 instance type. How can they make this change using CloudFormation template?

  1. They have to create a new stack and delete the old one.
  2. Submit a support request to AWS for updating the stack.
  3. They can simply modify the existing stack’s template.
  4. None of the above.
A
  1. They have to create a new stack and delete the old one.
  2. Submit a support request to AWS for updating the stack.
  3. They can simply modify the existing stack’s template.
  4. None of the above.
56
Q

Which of the following statements are correct about CloudFormation stack deletion? Choose 3.

  1. When you delete a stack, you specify the stack to delete, and AWS CloudFormation deletes the stack and all the resources in that stack.
  2. If you want to delete a stack but want to retain some resources in that stack, you can use a deletion policy to retain those resources.
  3. You cannot retain resources from a stack which you want to delete.
  4. If AWS CloudFormation cannot delete a resource, the stack will not be deleted.
A
  1. When you delete a stack, you specify the stack to delete, and AWS CloudFormation deletes the stack and all the resources in that stack.
  2. If you want to delete a stack but want to retain some resources in that stack, you can use a deletion policy to retain those resources.
  3. You cannot retain resources from a stack which you want to delete.
  4. If AWS CloudFormation cannot delete a resource, the stack will not be deleted.
57
Q

Which of the following are correct regarding CloudFormation best practices?

  1. Use input parameters to pass in information whenever you create or update a stack, using the NoEcho property to obfuscate the parameter value.
  2. Use dynamic parameters in the stack template to reference sensitive information that is stored and managed outside of CloudFormation, such as in the Systems Manager Parameter Store or Secrets Manager.
  3. Use input parameters to pass in information whenever you create or update a stack, using the Echo property to obfuscate the parameter value.
  4. When you launch stacks, you can install and configure software applications on Amazon EC2 instances by using the cfn-init helper script and the AWS:: CloudFormation::Init resource.
A
  1. Use input parameters to pass in information whenever you create or update a stack, using the NoEcho property to obfuscate the parameter value.
  2. Use dynamic parameters in the stack template to reference sensitive information that is stored and managed outside of CloudFormation, such as in the Systems Manager Parameter Store or Secrets Manager.
  3. Use input parameters to pass in information whenever you create or update a stack, using the Echo property to obfuscate the parameter value.
  4. When you launch stacks, you can install and configure software applications on Amazon EC2 instances by using the cfn-init helper script and the AWS:: CloudFormation::Init resource.
58
Q

Your company has migrated all existing on-premise application to AWS cloud platform. All the application’s stack primarily consists of EC2 instances, Application Load Balancer, RDS, kinesis streams and S3 buckets in VPCs. Which AWS service you will use so that you are able to do following tasks?

  • Group AWS resources together by any purpose or activity you choose, such as application, environment, region, project, campaign, business unit, or software lifecycle.
  • Centrally define the configuration options and policies for your managed instances.
  • Centrally view, investigate, and resolve operational work items related to AWS resources. Automate or schedule a variety of maintenance and deployment tasks.
  1. AWS Managed Services
  2. AWS Systems Manager
  3. AWS CloudFormation
  4. AWS OpsWorks
A
  1. AWS Managed Services
  2. AWS Systems Manager
  3. AWS CloudFormation
  4. AWS OpsWorks
59
Q

What are the operating systems supported by AWS Systems Manager? Choose 3.

  1. MacOS
  2. Windows Server
  3. Linux
  4. Raspbian
A
  1. MacOS
  2. Windows Server
  3. Linux
  4. Raspbian
60
Q

Which of the following is not a feature of AWS Systems Manager Documents?

  1. Defines the actions that Systems Manager performs on your managed instances.
  2. Documents use JavaScript Object Notation (JSON) or YAML
  3. Types of Document: Command, Automation, Package, Session, Policy, Change Calendar
  4. Blueprints for building your AWS resources.
A
  1. Defines the actions that Systems Manager performs on your managed instances.
  2. Documents use JavaScript Object Notation (JSON) or YAML
  3. Types of Document: Command, Automation, Package, Session, Policy, Change Calendar
  4. Blueprints for building your AWS resources.
61
Q

Your company has migrated all existing on premise application to AWS cloud platform. All the application’s stack primarily consists of EC2 instances. Your company’s cloud security team has laid down very strict guidelines not to open inbound ports, maintain bastion hosts, or manage SSH keys for logging into instance for management and administrative tasks. Which feature of System Manager you will use to gain secure access to instance as per guidelines? Choose 2.

  1. Patch Manager
  2. Session Manager
  3. Run Command
  4. OpsCenter
A
  1. Patch Manager
  2. Session Manager
  3. Run Command
  4. OpsCenter
62
Q

Which of the following are features of AWS Systems Manager? Choose 4

  1. AWS AppConfig helps you deploy application configuration in a managed and a monitored way just like code deployments
  2. Inventory: collects information about your instances and the software installed on them.
  3. Automation: allows you to safely automate common and repetitive IT operations and management tasks.
  4. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
  5. Patch Manager: helps you select and deploy operating system and software patches automatically across large groups of Amazon EC2 or on-premises instances.
A
  1. AWS AppConfig helps you deploy application configuration in a managed and a monitored way just like code deployments
  2. Inventory: collects information about your instances and the software installed on them.
  3. Automation: allows you to safely automate common and repetitive IT operations and management tasks.
  4. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
  5. Patch Manager: helps you select and deploy operating system and software patches automatically across large groups of Amazon EC2 or on-premises instances.
63
Q

An SCP attached to the organization root allows permissions A, B, and C. The organization root contains an organizational unit (OU), and an SCP that allows C, D, and E is attached to that OU. Which of the following statement is correct? Choose 2.

  1. A or B permissions are blocked for the OU and any of its child OUs or accounts.
  2. D or E permission cannot be used by any OUs or accounts in the organization.
  3. OU and its children account can use A, B, C, D, E permission.
  4. OU and its children account can use C, D or E permission.
A
  1. A or B permissions are blocked for the OU and any of its child OUs or accounts.
  2. D or E permission cannot be used by any OUs or accounts in the organization.
  3. OU and its children account can use A, B, C, D, E permission.
  4. OU and its children account can use C, D or E permission.
64
Q

What are the different services you can use for cost management? Choose 3.

  1. AWS Budgets
  2. AWS Cost & Usage reports
  3. AWS Cloudwatch
  4. AWS Cost Explorer
A
  1. AWS Budgets
  2. AWS Cost & Usage reports
  3. AWS Cloudwatch
  4. AWS Cost Explorer
65
Q

Which AWS tool enables you to view and analyze your costs and usage?

  1. AWS System Manager
  2. AWS Well architected Tool
  3. AWS Trusted Advisor
  4. AWS Billing and Cost Management
A
  1. AWS System Manager
  2. AWS Well architected Tool
  3. AWS Trusted Advisor
  4. AWS Billing and Cost Management
66
Q

Your company has been using AWS for different kind of workloads running on EC2 instances for more than a year. As part of companywide cost optimization drive you been asked to look at how you can optimize the EC2 instances cost. Which AWS service you will use to analyze the current EC2 instances both from cost optimization and performance bottleneck identification so as to:

  • Get downsizing recommendations within or across instance families.
  • Get upsizing recommendations to remove performance bottlenecks.
  • Understand the performance risks and how your workload would perform on various EC2 instance options to evaluate the price-performance trade-off for your workloads.
  1. AWS Compute Optimizer
  2. AWS Cost Explorer
  3. AWS EC2 optimizer
  4. AWS Budget
A
  1. AWS Compute Optimizer
  2. AWS Cost Explorer
  3. AWS EC2 optimizer
  4. AWS Budget
67
Q

What are the five pillars of AWS well architected framework?

  1. Operational Excellence
  2. Security Reliability
  3. Performance Efficiency
  4. Cost Optimization
  5. Resiliency
A
  1. Operational Excellence
  2. Security Reliability
  3. Performance Efficiency
  4. Cost Optimization
  5. Resiliency
68
Q

Which of the following you can do in AWS Billing and Cost Management service? Choose 5.

  1. Estimate and forecast your AWS cost and usage
  2. Instance Performance report
  3. Receive notifications when you exceed your budgeted thresholds
  4. Assess your biggest investments in AWS resources
  5. Analyze your spend and usage data
  6. Reserved Instance Utilization Report & Reserved Instance Coverage Report
A
  1. Estimate and forecast your AWS cost and usage
  2. Instance Performance report
  3. Receive notifications when you exceed your budgeted thresholds
  4. Assess your biggest investments in AWS resources
  5. Analyze your spend and usage data
  6. Reserved Instance Utilization Report & Reserved Instance Coverage Report
69
Q

What are the default Cost Explorer reports available? Choose 2.

  1. EC2 Performance Reports
  2. Cost and Usage Reports
  3. Reserved Instance Reports
  4. Budget Reports
A
  1. EC2 Performance Reports
  2. Cost and Usage Reports
  3. Reserved Instance Reports
  4. Budget Reports
70
Q

You are the solution architect for your company which is using AWS Organization features for setting up the accounts. You have created multiple AWS accounts mapped to each country where your company has office. These country specific regional AWS accounts are linked to master (payer) account. You are contemplating whether to use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts. What are the benefits? Choose 3.

  1. One bill – You get one bill for multiple accounts.
  2. Easy tracking – You can track the charges across multiple accounts and download the combined cost and usage data.
  3. Capacity Reservations – You will be able to reserve capacities for different AWS services.
  4. Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts, Reserved Instance discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts.
A
  1. One bill – You get one bill for multiple accounts.
  2. Easy tracking – You can track the charges across multiple accounts and download the combined cost and usage data.
  3. Capacity Reservations – You will be able to reserve capacities for different AWS services.
  4. Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts, Reserved Instance discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts.

AWS Study Deck - SAA (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions