Mock Exam Flashcards
A company is developing a new application that will be hosted in the AWS Cloud. The company needs to make changes to the application and the AWS resources that it uses.
Which of the following is a characteristic of the AWS Cloud that would meet this specific requirement?
A) Elasticity
B) Reliability
C) Performance
D) Agility
D) Agility
Which of the following are pillars of the AWS Well-Architected Framework? (Select TWO.)
A) Multiple Availability Zones
B) Performance Efficiency
C) Security
D) Encryption Usage
E) High Availability
B) Performance Efficiency
C) Security
A company must meet compliance and software licensing requirements that state a workload must be hosted on a physical server.
Which Amazon EC2 instance pricing option will meet these requirements?
A) Dedicated Hosts
B) Dedicated Instances
C) Spot Instances
D) Reserved Instances
A) Dedicated Hosts
Which managed service can store common database query results to alleviate database query load?
A) Amazon Machine Image
B) Amazon SQS
C) Amazon ElastiCache
D) Amazon EC2 Instance store
C) Amazon ElastiCache
A characteristic of edge locations is that they:
A) host Amazon EC2 instances closer to users.
B) help lower latency and improve performance for users.
C) cache frequently changing data without reaching the origin server.
D) refresh data changes daily.
B) help lower latency and improve performance for users.
Which AWS service will help users determine if an application running on an Amazon EC2 instance has sufficient CPU capacity?
A) Amazon CloudWatch
B) AWS Config
C) AWS CloudTrail
D) Amazon Inspector
A) Amazon CloudWatch
Correct. CloudWatch monitors AWS resources and the applications that run on AWS in real time. For example, you can monitor CPU utilization, disk I/O, and network utilization for an EC2 instance that hosts an application.
INCORRECT ANSWERS:
B) AWS Config:
Incorrect. AWS Config monitors and records your AWS resource configurations. With AWS Config, you can automate the evaluation of recorded configurations against desired configurations. Although AWS Config is a monitoring tool, it cannot be used to monitor the CPU capacity of an EC2 instance.
C) AWS CloudTrail:
Incorrect. CloudTrail monitors events such as actions taken in the AWS Management Console, AWS CLI, AWS software development kits (SDKs), and APIs. CloudTrail cannot be used to monitor the CPU utilization of an EC2 instance.
D) Amazon Inspector
Incorrect. Amazon Inspector monitors network accessibility of your EC2 instances and the security state of your applications that run on those instances. Amazon Inspector cannot be used to monitor the CPU utilization of an instance.
A company is migrating to the AWS Cloud from on-premises data centers and wants hands-on help with the project.
How can the company get this support? (Select TWO.)
A) Ask for a quote from the AWS Marketplace team to perform a migration into the company’s AWS account.
B) Contact AWS Training and open a case for assistance.
C) Use AWS Professional Services.
D) Select a partner from the AWS Partner Network (APN) to assist with the migration.
E) Use Amazon Connect to create a new request for proposal (RFP) for expert assistance in migrating to the AWS Cloud.
C) Use AWS Professional Services.
D) Select a partner from the AWS Partner Network (APN) to assist with the migration.
INCORRECT ANSWERS:
A) Ask for a quote from the AWS Marketplace team to perform a migration into the company’s AWS account.
Incorrect. AWS Marketplace is not a migration service. AWS Marketplace is a catalog of listings from the independent software vendors that work with AWS.
B) Contact AWS Training and open a case for assistance.
Incorrect. AWS Training focuses on building individual skills and corporate competency. AWS Training does not provide hands-on assistance for a project.
E) Use Amazon Connect to create a new request for proposal (RFP) for expert assistance in migrating to the AWS Cloud.
Incorrect. Amazon Connect is a call center and workforce management software, not an RFP tool.
Which AWS tool or feature compares prices of different services, creates rough estimates of the total monthly costs, and exports the estimates to a .csv file?
A) Cost Explorer
B) AWS Pricing Calculator
C) Consolidated billing
D) AWS Budgets
B) AWS Pricing Calculator
Correct. With AWS Pricing Calculator, users can explore AWS services and create an estimate for the cost of their use cases on AWS. Users can model their solutions before building them, explore the price points and calculations behind the estimates, and find the available instance types and contract terms that meet their needs.
INCORRECT ANSWERS
A) Cost Explorer
Incorrect. With Cost Explorer, users can view and analyze their current costs and usage. Users can view data for up to the last 12 months, forecast how much they are likely to spend for the next 3 months, and get recommendations for what Reserved Instances to purchase. However, Cost Explorer does not compare prices of different services.
C) Consolidated billing
Incorrect. The consolidated billing feature in AWS Organizations enables users to consolidate billing and payment for multiple AWS accounts. Every organization in Organizations has a management account that pays the charges of all the member accounts. However, consolidated billing does not compare prices of different services.
D) AWS Budgets
Incorrect. You can use AWS Budgets to track and take action on your AWS cost and usage. You can use AWS Budgets to monitor your aggregate utilization and coverage metrics for your Reserved Instances or Savings Plans. However, AWS Budgets does not compare prices of different services.
A user needs to automatically discover, classify, and protect sensitive data stored in Amazon S3.
Which AWS service can meet these requirements?
A) Amazon Inspector
B) Amazon Macie
C) Amazon GuardDuty
D) AWS Secrets Manager
B) Amazon Macie
Correct. Macie is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
INCORRECT ANSWERS
A) Amazon Inspector
Incorrect. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on Amazon EC2 instances. Amazon Inspector does not perform S3 data classification and automatic discovery.
C) Amazon GuardDuty
Incorrect. GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. GuardDuty does not perform S3 data classification.
D) AWS Secrets Manager
Incorrect. Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. Secrets Manager does not perform S3 data classification and automatic discovery.
A company has deployed several relational databases on Amazon EC2 instances. Every month, the database software vendor releases new security patches that need to be applied to the databases.
What is the MOST efficient way to apply the security patches?
A) Connect to each database instance on a monthly basis, and download and apply the necessary security patches from the vendor.
B) Enable automatic patching for the instances by using the Amazon RDS console.
C) In AWS Config, configure a rule for the instances and the required patch level.
D) Use AWS Systems Manager to automate database patching according to a schedule.
D) Use AWS Systems Manager to automate database patching according to a schedule.
Correct. This scenario is a primary use case of Systems Manager.
INCORRECT ANSWERS
A) Connect to each database instance on a monthly basis, and download and apply the necessary security patches from the vendor.
Incorrect. This manual process is the least efficient way to patch multiple EC2 instances.
B) Enable automatic patching for the instances by using the Amazon RDS console.
Incorrect. Amazon RDS will automatically apply patches during the maintenance window. The scenario states that the instances are on Amazon EC2.
C) In AWS Config, configure a rule for the instances and the required patch level.
Incorrect. You can create an AWS Config rule for each patch release and then create an AWS Systems Manager Automation runbook for remediation. However, it would be more efficient to apply the patches in Systems Manager.
Which AWS security mechanisms can be used to restrict or permit access to resources within a VPC? (Select TWO.)
A) Network ACL
B) Elastic network interface
C) Route table
D) Security group
A) Network ACL
D) Security group
Which of the following AWS features enables a user to launch a pre-configured Amazon Elastic Compute Cloud (Amazon EC2) instance?
A) Amazon Elastic Block Store (Amazon EBS)
B) Amazon Machine Image (AMI)
C) Amazon EC2 Systems Manager
D) Amazon AppStream 2.0
B) Amazon Machine Image (AMI)
Correct. AMIs provide the information needed to launch an EC2 instance.
An AMI includes the following:
One or more Amazon EBS snapshots
Launch permissions that control which AWS accounts can use the AMI to launch instances
A block device mapping that specifies which volumes to attach to the instance when it is launched
INCORRECT ANSWERS
A) Amazon Elastic Block Store (Amazon EBS)
Incorrect. Amazon EBS is the feature of Amazon EC2 that manages volumes to be mounted to the EC2 instances. A configured EBS volume can be the result after an AMI is used to create a volume. However, Amazon EBS is not the feature that configures the volume itself.
C) Amazon EC2 Systems Manager
Incorrect. Systems Manager is a service used to view and manage an EC2 instance. Systems Manager uses utilities such as Patch Manager, Inventory, and Fleet Manager.
D) Amazon AppStream 2.0
Incorrect. AppStream 2.0 is a fully managed application streaming service used to stream desktop applications to users without rewriting the applications.
Which AWS service allows customers to purchase unused Amazon EC2 capacity at an often discounted rate?
A) Reserved Instances
B) On-Demand Instances
C) Dedicated Instances
D) Spot Instances
