1
Q
Which of the following statements is correct in relation to consolidated billing?
A
- Paying accounts are independent and cannot access resources of other accounts
- One bill is provided per AWS organization
2
Q
How can a company separate costs for storage, Amazon EC2, Amazon S3, and other AWS services by department?
A
Add department-specific tags to each resource
3
Q
A web application running on AWS has been received malicious requests from the same set of IP addresses.
Which AWS service can help secure the application and block the malicious traffic?
A
The AWS Web Application Firewall (WAF) is used to protect web applications or APIs against common web exploits. Rules can be created that block traffic based on source IP address.
4
Q
What can a Cloud Practitioner use the AWS Total Cost of Ownership (TCO) Calculator for?
A
Estimate savings when comparing the AWS Cloud to an on-premises environment
5
Q
Which Amazon EC2 pricing model should be used to comply with per-core software license requirements?
A
Dedicated Hosts
6
Q
A Cloud Practitioner needs to rapidly deploy a popular IT solution and start using it immediately.
What should the Cloud Practitioner use?
A
AWS Quick Start reference deployments
7
Q
Which AWS service provides a quick and automated way to create and manage AWS accounts?
A
AWS Organizations
8
Q
Which AWS service can be used to process a large amount of data using the Hadoop framework?
A
Amazon EMR
9
Q
How can an organization compare the cost of running applications in an on-premise or colocation environment against the AWS cloud?
A
TCO Calculator
10
Q
A company is using the AWS CLI and programmatic access of AWS resources from its on-premises network.
What is a mandatory requirement in this scenario?
A
Using an AWS access key and a secret key
11
Q
For which services does Amazon not charge customers? (Select TWO.)
A
- Amazon VPC
- Amazon CloudFormation
12
Q
What technology enables compute capacity to adjust as loads change?
A
Auto Scaling
13
Q
Which Amazon EC2 pricing model is the most cost-effective for an always-up, right-sized database server running a project that will last 1 year?
A
Standard Reserved Instances
14
Q
According to the AWS Well-Architected Framework, what change management steps should be taken to achieve reliability in the AWS Cloud? (Select TWO.)
A
- Use AWS CloudTrail to record AWS API calls into an auditable log file
- Use AWS Config to generate an inventory of AWS resources
15
Q
Which of the following acts as a virtual firewall at the Amazon EC2 instance level to control traffic for one or more instances?
A
A security group is an instance-level firewall that can be used to control traffic the that reaches (ingress/inbound) and is sent out from (egress/outbound) your EC2 instances. Rules are created for inbound or outbound traffic. A security group can be attached to multiple EC2 instances.
16
Q
Which of the following statements about AWS’s pay-as-you-go pricing model is correct?
A
It results in reduced capital expenditures
17
Q
What is the most cost-effective support plan that should be selected to provide at most a 1-hour response time for a production system failure?
A
Business
18
Q
Which AWS dashboard displays relevant and timely information to help users manage events in progress, and provides proactive notifications to help plan for scheduled activities?
A
AWS Personal Health Dashboard
19
Q
Which of the following best describes an Availability Zone in the AWS Cloud?
A
One or more physical data centers
20
Q
Which AWS hybrid storage service enables a user’s on-premises applications to seamlessly use AWS Cloud storage?
A
AWS Storage Gateway
21
Q
Which AWS service provides on-demand downloads of AWS security and compliance reports?
A
AWS Artifact
22
Q
What benefits does Amazon EC2 provide over using non-cloud servers? (Select TWO.)
A
- Elastic web-scale computing
- Inexpensive
23
Q
A company has deployed several relational databases on Amazon RDS. Every month, the database software vendor releases new security patches that need to be applied to the database.
A
Enable automatic patching for the instances using the Amazon RDS console
24
Q
Under the AWS shared responsibility model, which of the following are customer responsibilities? (Select TWO.)
A
- Network and firewall configurations
- Setting up server-side encryption on an Amazon S3 bucket
25
Which AWS service can be used to generate encryption keys that can be used to encrypt data? (Select TWO.)
- AWS CIoudHSM
| - AWS Key Management Service (AWS KMS)
26
When instantiating compute resources, what are two techniques for using automated, repeatable processes that are fast and avoid human error? (Select TWO.)
- Infrastructure as code
| - Bootstrapping
27
A user needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances and vulnerabilities on those instances.
Amazon Inspector
28
A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in an Amazon VPC.
Which service should be used to deploy the application?
AWS Elastic Beanstalk
29
Which AWS services can be used to connect the AWS Cloud and on-premises resources? (Select TWO.)
- AWS Managed VPN
| - AWS Direct Connect
30
Which service can you use to provision a preconfigured server with little to no AWS experience?
Amazon Lightsail
31
Which service can be used for building and integrating loosely-coupled, distributed applications?
Amazon SNS
32
Which service records API activity on your account and delivers log files to an Amazon S3 bucket?
AWS CloudTrail
33
Which service provides a way to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs?
Amazon Elastic Transcoder
34
What are the names of two types of AWS Storage Gateway?
File Gateway, Tape Gateway
35
Which aspects of security on AWS are customer responsibilities?
Setting up account password policies
| Server-side encryption
36
Amazon S3 is typically used for which of the following use cases?
- Host a static website
| - Media hosting
37
Which AWS components aid in the construction of fault-tolerant applications?
- AMIs
| - Elastic IP addresses
38
Which of the following are AWS recommended best practices in relation to IAM?
- Enable MFA for all users
| - Create individual IAM users
39
Five AWS Trusted Advisor categories
cost optimization, performance, security, fault tolerance and service limits
40
Which types of root storage devices are available for Amazon EC2 instances?
- EBS volumes
| - Instance Stores
41
Assuming you have configured them correctly, which AWS services can scale automatically without intervention
- DynamoDB
| - S3
42
What do you need to log into the AWS console?
User name and password
43
Support reservations
Amazon ElastiCache and Redshift both support reserved nodes
44
To ensure the security of your AWS account, what are two AWS best practices for managing access keys
- Don’t generate an access key for the root account user
| - Where possible, use IAM roles with temporary security credentials
45
Which of the authentication options below can be used to authenticate using AWS APIs?
- Access keys
| - Server certificates
46
Which security service only requires a rule to be created in one direction as it automatically allows return traffic?
Security groups are stateful so if you allow traffic to pass through, the return traffic is automatically allowed even if no rule matches the traffic
47
What does an organization need to do in Amazon IAM to enable user access to services being launched in new region?
Nothing, IAM is global
48
You need to provision a single EBS volume that is 500 GiB in size and needs to support 20,000 IOPS. Which EBS volume type will you select?
Provisioned IOPS SSD
49
An organization has multiple AWS accounts and uses a mixture of on-demand and reserved instances. One account has a considerable amount of unused reserved instances. How can the organization reduce their costs? (Select TWO.)
- Consolidated billing
| - AWS organizations
50
What is the most cost-effective Amazon S3 storage tier for data that is not often accessed but requires high availability?
Amazon S3 Standard-IA
51
What is the function of Amazon EC2 Auto Scaling?
Scales the number of EC2 instances in or out automatically, based on demand.
52
How is data protected by default in Amazon S3?
Objects are redundantly stored on multiple devices across multiple facilities within a region
53
To optimize pricing or ensure capacity is available reservations can be applied to which of the following services?
- Amazon EC2
| - Amazon RDS
54
Which combination of AWS services could be used to deploy a stateless web application that can automatically and elastically scale?
EC2, Auto Scaling and Elastic Load Balancing
55
What advantages does the AWS cloud provide in relation to cost?
- Ability to turn off resources and not pay for them
| - Fine-grained billing
56
Which AWS technology enables you to group resources that share one or more tags?
Resource groups
57
A company recently setup an organization in AWS Organizations with one member account. Who pays for usage incurred by users in the AWS accounts?
The owner of the master account pays for all usage across accounts.
58
Which of the below is an example of optimizing for cost?
Replace an EC2 compute instance with AWS Lambda
59
Which tool enables you to visualize your usage patterns over time and to identify your underlying cost drivers?
AWS Cost Explorer
60
Which Amazon EC2 feature provides a static IPv4 public IP address that does not change when the instance is rebooted?
Elastic IP
61
Which types of scaling policies are available when using AWS Auto Scaling?
Simple
| Step
62
How can a systems administrator specify a script to be run on an EC2 instance during launch?
User Data
63
A Solutions Architect is creating the business process workflows associated with an order fulfilment system. Which AWS service can assist with coordinating tasks across distributed application components?
Amazon SWF
64
What types of monitoring can Amazon CloudWatch be used for? (Select TWO.)
- Operational health
| - Application performance
65
Which type of AWS Storage Gateway can be used to backup data with popular backup software?
Gateway Virtual Tape Library
66
Up to what layer of the OSI model does AWS Web Application Firewall operate?
Layer 7
67
With which service can a developer upload code from a Git repository and have the service handle the end-to-end deployment of the resources?
AWS Elastic Beanstalk
68
When designing a VPC, what is the purpose of an Internet Gateway?
Enables Internet communications for instances in public subnets
69
What is the easiest way to store a backup of an EBS volume on Amazon S3?
Create a snapshot of the volume
70
Which AWS service allows you to use block-based volumes on-premise that are then asynchronously backed up to Amazon S3?
AWS Storage Gateway Volume Gateway
71
Which AWS technology can be referred to as a “virtual hard disk in the cloud”?
Amazon EBS volume
72
An Amazon EC2 instance running the Amazon Linux 2 AMI is billed in what increment?
Per second
73
What types of rules can be defined in a security group?
- Inbound
| - Outbound
74
With which AWS Storage Gateway Volume Gateway configuration is data stored on-premise and asynchronously backed up to Amazon S3?
Stored volume mode
75
An Elastic IP Address can be remapped between EC2 instances across which boundaries?
Availability Zones
76
Which statement is true in relation to data stored within an AWS Region?
Data is not replicated outside of a region unless you configure it
77
What is the scope of an Amazon Virtual Private Cloud (VPC)?
It spans all Availability Zones within a region
78
Which AWS service makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow?
AWS Step Functions
79
What is the scope of a VPC within a region?
Spans all Availability Zones within the region
80
Which AWS support plans provide support via email, chat and phone? (Select TWO.)
Business
| Enterprise
81
Which of the following services does Amazon Route 53 provide?
- Domain Name Service (DNS)
| - Domain registration
82
Why would a company choose a NAT Gateway over a NAT instance?
- They are elastically scalable
| - They are managed by AWS, not by you
83
What are the benefits of using IAM roles for applications that run on EC2 instances?
- It is easier to manage IAM roles
| - More secure than storing access keys within applications
84
Which type of security control can be used to deny network access from a specific IP address?
- Network ACL
85
How does Amazon EC2 Auto Scaling help with resiliency?
- By launching and terminating instances as needed
86
An organization would like to run managed desktops on the AWS cloud using the Windows 10 operating system. Which service can deliver these requirements?
- Amazon Workspaces
87
Which of the below AWS services supports automated backups as a default configuration?
- Amazon RDS
88
Which type of consistency model does Amazon S3 provide for PUTS of new objects?
Read-after-write consistency
89
The AWS acceptable use policy for penetration testing allows?
Customers to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for selected services
90
What components can be managed in the Virtual Private Cloud (VPC) management console? (Select TWO.)
- Subnets
| - IP CIDR
91
Which AWS program can help an organization to design, build, and manage their workloads on AWS?
APN Consulting Partners
92
What is the name of the AWS managed Docker registry service used by the Amazon Elastic Container Service (ECS)?
Elastic Container Registry
93
An organization has an on-premises cloud and accesses their AWS Cloud over the Internet. How can they create a private hybrid cloud connection?
AWS Direct Connect
94
What kinds of routing policies are available in Amazon Route 53?
- Latency
| - Simple
95
In addition to DNS services, what other services does Amazon Route 53 provide? (
- Traffic flow
| - Domain registration
96
Which feature can you use to grant read/write access to an Amazon S3 bucket?
IAM Policy
97
What type of database is fully managed and can be scaled without incurring downtime
Amazon DynamoDB
98
What can be assigned to an IAM user?
- A password for access to the management console
| - An access key ID and secret access key
99
What billing timeframes are available for Amazon EC2 on-demand instances?
- Per hour
| - Per second
100
Which AWS tools can be used for automation?
- AWS CloudFormation
| - AWS Elastic Beanstalk
101
Which team is available to support AWS customers on an Enterprise support plan with account issues?
AWS Concierge
102
Which AWS service is a data warehouse that uses columnar data storage and is suited to analytic and reporting workloads against very large data sets?
Amazon RedShift
103
What type of cloud computing service type do AWS Elastic Beanstalk and Amazon RDS correspond to?
PaaS
104
Which type of AWS database is ideally suited to analytics using SQL queries?
Amazon RedShift
105
When a customer deploys a database on Amazon RDS, what is the customer responsible for?
Controlling network access through security groups
106
Which of the following represent economic advantages of moving to the AWS cloud?
- Reduce the need to manage infrastructure
| - Increase efficiencies through automation
107
How can a company facilitate the sharing of data over private connections between two accounts they own within a region?
Create a VPC peering connection
108
Which feature allows customers to route traffic via private IP addresses between two VPCs?
- Peering Connections
109
Which AWS support plan should you use if you need a response time of < 15 minutes for a business-critical system failure?
Enterprise
110
What can be assigned to an IAM user?
- A password for access to the management console
| - An access key ID and secret access key
111
What is the best way for an organization to automate the creation, retention, and deletion of EBS snapshots?
Use Amazon DLM
112
Which of the options below are recommendations in the cost optimization pillar of the well-architected framework?
- Analyze and attribute expenditure
| - Adopt a consumption model
113
Which service can an organization use to track API activity within their account?
AWS CloudTrail
114
Which of the following is not a best practice for protecting the root user of an AWS account?
Remove administrative permissions
115
What is a benefit of moving an on-premises database to Amazon Relational Database Service (RDS)?
There is no need to manage operating systems
116
How do AWS charge for Amazon CloudFront?
- Data transfer out
| - Number of requests
117
What are the charges for using Amazon Glacier?
- Retrieval requests
| - Data storage
118
Which services are integrated with KMS encryption?
- Amazon EBS
| - Amazon RDS
119
Which of the following are features of Amazon CloudWatch?
- Used to gain system-wide visibility into resource utilization
- Can be accessed via API, command-line interface, AWS SDKs, and the AWS Management Console
120
Which benefits can an organization achieve by deploying AWS Global Accelerator?
- Decreased latency to reach applications deployed on AWS"
| - Reduces the cost of deploying global services on AWS
121
What can you use to quickly connect your office securely to your Amazon VPC?
AWS Managed VPN
122
A company stores copies of backups on Amazon S3 and requires rapid access but low resiliency. Which storage class is optimized for these requirements?
Amazon S3 One Zone IA
123
Which AWS service is used to enable multi-factor authentication?
AWS IAM
124
How does AWS assist organisations’ with their capacity requirements?
You don't need to guess your capacity needs
125
A Cloud Practitioner needs to decide which Amazon S3 storage class to use for storing copies of backup data. The storage must provide rapid access when needed but resiliency can be low. Which storage class is most suitable?
Amazon S3 One Zone IA
126
When a customer deploys a database on Amazon RDS, what is the customer responsible for?
Control network access using security groups
127
Which Amazon S3 storage classes should be used for storing data for long time periods when immediate access is not required at the LOWEST cost?
- Amazon Glacier
| - Amazon Glacier Deep Archive
128
Which AWS hybrid storage service enables a user’s on-premises applications to seamlessly use AWS Cloud storage?
AWS Storage Gateway
129
Which tool can be used to create and manage a selection of AWS services that are approved for use on AWS?
AWS Service Catalog
130
A Cloud Practitioner wants to build an application stack that will be highly elastic. What AWS services can be used that don’t require you to make any capacity decisions upfront?
- Amazon S3
| - Amazon Lambda
131
A Cloud Practitioner requires a simple method to identify if unrestricted access to resources has been allowed by security groups. Which service can the Cloud Practitioner use?
AWS Trusted Advisor
132
What are the benefits of using the AWS Managed Services?
- Baseline integration with ITSM tools
| - Alignment with ITIL processes
133
What features does Amazon RDS provide to deliver scalability, availability and durability?
- Read replicas
| - Multi AZ
134
A Cloud Practitioner wants to configure the AWS CLI for programmatic access to AWS services. Which credential components are required?
- An access key ID
| - A secret access key
135
Which AWS construct provides you with your own dedicated virtual network in the cloud?
VPC
136
Which AWS service should a Cloud Practitioner use to establish a secure network connection between an on-premises network and AWS?
Virtual Private Network
137
What are two ways of connecting to an Amazon VPC from an on-premise data center?
- AWS VPN CloudHub
| - AWS Direct Connect
138
Which AWS service protects against common exploits that could compromise application availability, compromise security or consume excessive resources?
AWS WAF
139
A manager needs to keep a check on his AWS spend. How can the manager setup alarms that notify him when his bill reaches a certain amount?
AWS CloudWatch
140
What are the names of two types of AWS Storage Gateway?
- File Gateway
| - Tape Gateway
141
An application stores images which will be retrieved infrequently, but must be available for retrieval immediately. Which is the most cost-effective storage option that meets these requirements?
Amazon S3 Standard - IA
142
Which items should be included in a TCO analysis comparing on-premise to AWS Cloud?
- Data centre security
| - Compute hardware
143
Which AWS tools can be used for automation?
- Elastic Beanstalk
| - Cloud Formation
144
To gain greater discounts, which services can be reserved?
- Redshift
| - DynamoDB
145
Which AWS database service provides a fully managed data warehouse that can be analyzed using SQL tools and business intelligence tools?
Redshift
146
When using Amazon IAM, what authentication methods are available to use?
- Server certificates
| - Access keys
147
Which descriptions are correct regarding cloud deployment models?
- With public cloud, consumer organization typically incurs OPEX costs for usage
- With private cloud, consumer org owns infrastructure
148
Which authentication method is used to authenticate programmatic calls to AWS services?
Access keys
149
How does the consolidated billing feature of AWS Organizations treat Reserved Instances that were purchased by another account in the organization?
All accounts in the organization are treated as one account so any account can receive the hourly cost benefit
150
Which service can be used to create sophisticated, interactive graph applications?
Amazon Neptune
151
Which pricing options are available when using Amazon EC2 Reserved Instances?
- All upfront
| - Partial upfront
152
What is the best way for an organization to transfer hundreds of terabytes of data from their on-premise data center into Amazon S3 with limited bandwidth available?
AWS Snowball
153
Which service can be used to cost-effectively move exabytes of data into AWS?
AWS Snowmobile
154
How can an organization track resource inventory and configuration history for the purpose of security and regulatory compliance?
Configure AWS Config with resource types
155
A security operations engineer needs to implement threat detection and monitoring for malicious or unauthorized behavior. Which service should be used?
AWS GuardDuty
156
Which IAM entity can be used for assigning permissions to AWS services?
IAM Role
157
Which of the options below are recommendations in the performance efficiency pillar of the well-architected framework?
- Democratize advanced technologies.
– Use serverless architectures.
158
What is the most cost-effective Amazon S3 storage tier for data that is not often accessed but requires high availability?
Amazon S3 Standard-IA
159
Which Amazon EC2 billing option gives you low cost, maximum flexibility, no upfront costs or commitment, and you only pay for what you use?
On-Demand Instances
160
When using Amazon RDS databases, which items are you charged for?
- Outbound data transfer
| - Multi AZ
161
Which services can be used for asynchronous integration between application components?
- SQS
| - Step Functions
162
How can consolidated billing within AWS Organizations help lower overall monthly expenses?
Pooling usage - pricing tier discount
163
Which AWS service should be used to create a billing alarm?
Amazon CloudWatch
164
What billing timeframes are available for Amazon EC2 on-demand instances?
- Per second
| - Per hour
165
Which AWS services form the app-facing services of the AWS serverless infrastructure?
- AWS Lambda
| - AWS API Gateway
166
With which service can a developer upload code using a ZIP or WAR file and have the service handle the end-to-end deployment of the resources?
Elastic Beanstalk
167
Which AWS components aid in the construction of fault-tolerant applications?
- Elastic IPs
| - AMI
168
Which type of Amazon RDS automated backup allows you to restore the database with a granularity of as little as 5 minutes?
Point in time recovery
169
Which support plan is the lowest cost option that allows unlimited cases to be open?
Developer
170
Which service can you use to monitor, store and access log files generated by EC2 instances and on-premises servers?
AWS CloudWatch Logs
171
What is the name of the online, self-service portal that AWS provides to enable customers to view reports and, such as PCI reports, and accept agreements?
Artifact
172
A cloud practitioner needs to decrease application latency and increase performance for globally distributed users.
- S3
| - CloudFront
173
What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions?
AWS Transit Gateway
174
Your manager has asked you to explain the benefits of using IAM groups. Which of the below statements are valid benefits?
- Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users
- Enables you to attach IAM permission policies to more than one user at a time
175
Which AWS Glacier data access option retrieves data from an archive in 1-5 minutes?
Expedited
176
Which AWS service is designed to be used for operational analytics?
AWS ElasticSearch
177
Which AWS support plans provide 24x7 access to customer service?
All plans
CC Exam
flashcards
Decks in class (1)
# Cards
