Terms Flashcards

Question

What is the AWS Health Dashboard?

Answer 1

Provides alerts and remediation guidance when AWS is experiencing events that may impact you. AWS Health Dashboard (previously AWS Personal Health Dashboard) is the service that notifies AWS customers about abuse events once they are reported. AWS addresses many different types of potentially abusive activity such as phishing, malware, spam, and denial of service (DoS)/distributed denial of service (DDoS) incidents. When abuse is reported, AWS alerts customers so they can take the necessary remediation action. AWS Health Dashboard can also help customers build automation for handling abuse events and the actions to remediate them. When customers receive abuse notifications via e-mail only, it is challenging to manage the alerts because e-mails could be lost or could be sent to incorrect contacts on the account, or they might not be reviewed in a timely manner. AWS addressed those challenges by surfacing abuse alerts in the AWS Health Dashboard where customers are already monitoring the health of their AWS environments. The AWS Health Dashboard (previously AWS Personal Health Dashboard) is the single place to learn about the availability and operations of AWS services. You can view the overall status of all AWS services, and you can sign in to access a personalized view of the health of the specific services that are powering your workloads and applications. AWS Health Dashboard proactively notifies you when AWS experiences any events that may affect you, helping provide quick visibility and guidance to minimize the impact of events in progress, and plan for any scheduled changes, such as AWS hardware maintenance. The AWS Health Dashboard is the single place to learn about the availability and operations of AWS services. You can view the overall status of all AWS services, and you can sign in to access a personalized view of the health of the specific services that are powering your workloads and applications. AWS Health Dashboard proactively notifies you when AWS experiences any events that may affect you, helping provide quick visibility and guidance to minimize the impact of events in progress and plan for any scheduled changes, such as AWS hardware maintenance. With AWS Health Dashboard, alerts are triggered by changes in the health of AWS resources, giving you event visibility and guidance to help quickly diagnose and resolve issues.

Answer 2

Cost-efficient and resizable capacity. Amazon Relational Database Service (Amazon RDS) is used to set up and operate a relational database in the cloud. AWS RDS - Relational Database Services. Considered fault tolerant. Set up, scale and operate a number of different types of DBs. Auto mirrors to a different AZ for redundancy. All day-to-day DB tasks done by AWS. User org only needs to manage data. Part of abstracted services for which AWS is responsible for the security & infrastructure layer. Customers are responsible for data that is saved on these resources. Amazon RDS is not a storage service. Amazon RDS provides AWS-managed databases. Amazon RDS provides six database engines to choose from, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and Microsoft SQL Server. These engines are already installed and ready to be used. The customer does not install the actual database software on RDS, nor has access to the underlying host as it is a managed service. Amazon RDS for Oracle does not automatically replicate data. Amazon RDS supports six database engines (Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server). Amazon Aurora is the only database engine that replicates data automatically across three Availability Zones. For other database engines, you must enable the "Multi-AZ" feature manually. In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a standby copy of your data in a different Availability Zone. If a storage volume on your primary instance fails, Amazon RDS automatically initiates a failover to the up-to-date standby.

Answer 3

Amazon Redshift – the fully managed, petabyte-scale data warehouse service that enables fast and cost-effective data analysis using standard SQL and existing business intelligence tools. A managed data warehouse that lets you take large amounts of structured data from other relational databases and perform complex queries and analysis against that data. Query services like Amazon Athena, data warehouses like Amazon Redshift, and sophisticated data processing frameworks like Amazon EMR, all address different needs and use cases. Primary use case: Data Warehouse When to use: Pull data from many sources, format and organize it, store it, and support complex, high speed queries that produce business reports. Amazon Redshift provides the fastest query performance for enterprise reporting and business intelligence workloads, particularly those involving extremely complex SQL with multiple joins and sub-queries. Amazon Redshift is a data warehouse service. Amazon Redshift provides a fully managed data warehouse in the AWS Cloud. Amazon Redshift is a fully managed data warehouse service in the cloud. Redshift gives you access to structured data from the existing SQL, ODBC and JDBC. Amazon Redshift service is a data warehouse. Currently, Amazon Redshift only supports Single-AZ deployments.

Answer 4

AWS Regions are separate geographic areas around the world that AWS uses to provide its Cloud Services, including Regions in North America, South America, Europe, Asia Pacific, and the Middle East. Choosing a specific AWS Region depends on its proximity to end-users, data sovereignty, and costs. A physical location around the world where we cluster data centres. One Region is three or more Availability Zones.

Answer 5

Shield provides firewall protection to your resources. AWS Shield is a Distributed Denial of Service (DDoS) protection service that applies to applications running in the AWS environment. AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield Standard is automatically enabled to all AWS customers and provides always-on detection and automatic inline mitigations that minimize application downtime and latency. A Managed Distributed Denial of Service (DDoS) protection service. A Managed DDoS protection service. Standard - automatic protections for all customers at no charge. - Automatic protection from most frequently occurring attacks - Always on - Inline attack mitigation - built-in automated techniques and avoids latency AWS Shield provides always-on DDoS detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge. AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your web site or applications.

Answer 6

EC2 instances that can be purchased at a significant discount with the knowledge that they may be shut down at any time. Spare compute capacity in the AWS Cloud available to you at steep discounts compared to On-Demand prices. Spot instances may be more cost effective than On-Demand instances, but AWS does not guarantee the availability of the instances. Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks. Spot, Savings Plans, and Reserved instances are all cheaper than On-Demand instances.

Answer 7

AWS Trusted Advisor can help optimize resources within AWS cloud with respect to cost, security, performance, fault tolerance, and service limits. It does not provide historical data for configurational changes done to AWS resource. AWS Trusted Advisor will provide notification on AWS resources created within the account for cost optimization, security, fault tolerance, performance, and service limits. It will not provide notification for scheduled maintenance activities performed by AWS on its resources. An online tool that helps you follow AWS best practice. Not a human but an intelligent service based on AI. Security Groups Check is one of the core security checks provided by AWS Trusted Advisor. AWS Trusted Advisor continuously checks security groups for rules that allow unrestricted access to AWS resources. Unrestricted access increases opportunities for malicious activity (hacking, denial-of-service attacks, loss of data).

Answer 8

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. Filter malicious web traffic. AWS WAF is a web application firewall that lets you monitor the HTTP(S) requests that are forwarded to your protected web application resources. You can protect the following resource types: Amazon CloudFront distribution Amazon API Gateway REST API Application Load Balancer AWS AppSync GraphQL API Amazon Cognito user pool AWS WAF also lets you control access to your content. AWS WAF allows you to control the inbound traffic only (the traffic that can reach your applications), but not the outbound traffic. Security Groups and Network Access Control Lists (Network ACLs) are the features you can use to control the inbound and outbound traffic. AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that block malicious traffic. You use WAF rules in a web ACL to block web requests based on criteria like the following: - Scripts that are likely to be malicious. Attackers embed scripts that can exploit vulnerabilities in web applications. This is known as cross-site scripting (XSS). - Malicious requests from a set of IP addresses or address ranges. - SQL code that is likely to be malicious. Attackers try to extract data from your database by embedding malicious SQL code in a web request. This is known as SQL injection. AWS WAF allows you to control the inbound traffic only (the traffic that can reach your applications), but not the outbound traffic. Security Groups and Network Access Control Lists (Network ACLs) are the features you can use to control the inbound and outbound traffic.

Answer 9

Free tool to review your architectures against the 5 pillars of a well architected framework.

Answer 10

"Hybrid Cloud Architecture" can be defined as having each of these three environments (Public Cloud, Dedicated Cloud, and "On-premise" Cloud) in play and the "hybrid" is around the ability to interface between these different environments as necessary. A hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud. The most common method of hybrid deployment is between the cloud and existing on-premises infrastructure to extend, and grow, an organization’s infrastructure into the cloud while connecting cloud resources to the internal system.

Answer 11

Distribute incoming traffic: Elastic Load Balancing (ELB) is used to distribute traffic automatically across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. Elastic Load Balancing does not scale resources. Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. A service to automatically distribute traffic across multiple resources. Elastic load balancers help with high availability, as they distribute traffic (load) can recognise unhealthy EC2 instances, can send metrics to CloudWatch, triggers/notifications etc. Elastic Load Balancing is a service that can be used to distribute requests to multiple instances.

Answer 12

Cloud computing is the on-demand delivery of compute power, database storage, applications, and other IT resources through a cloud services platform via the Internet with pay-as-you-go pricing. Cloud computing provides a simple way to access servers, storage, databases, and a broad set of application services over the Internet. A cloud services platform such as Amazon Web Services owns and maintains the network-connected hardware required for these application services, while you provision and use what you need via a web application. 1. Access services (IT resources) on demand 2. Avoid large upfront investments

Answer 13

Run code in response to events. AWS Lambda lets you run code without provisioning or managing servers. Run or execute code without provisioning or managing the servers. You only pay for the compute time you consume. Lambda is not a storage service. It is a compute service to run your applications. AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume - there is no charge when your code is not running. With Lambda, you can run code for virtually any type of application or backend service - all with zero administration. Just upload your code, and Lambda takes care of everything required to run and scale your code with high availability. You can set up your code to automatically trigger from other AWS services, or you can call it directly from any web or mobile app. AWS Lambda allows you to run applications without managing or provisioning servers.

Answer 14

Amazon SNS is a publish/subscribe messaging service that enables you to decouple microservices, distributed systems, and serverless applications. Both Amazon SNS and Amazon EventBridge can be used to implement the publish-subscribe pattern. Amazon EventBridge includes direct integrations with software as a service (SaaS) applications and other AWS services. It’s ideal for publish-subscribe use cases involving these types of integrations. Alerting. Messages are published to topics.

Answer 15

AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Service (Amazon EKS). AWS Fargate allows customers to run containers without having to manage servers or clusters. A "serverless" container compute engine where you only pay for the resources required to run your containers. Suited for customers who do not want to worry about managing servers, handling capacity planning, or figuring out how to isolate container workloads for security. AWS customers who use AWS Fargate to run their containers do not have control over the underlying infrastructure. AWS Fargate is a serverless compute engine for Amazon ECS that allows customers to run containers without having to manage servers or clusters. AWS Fargate launch type is more suitable for customers who want to run containers without managing the underlying infrastructure. Fargate runs serverless containers. Used for spikey workloads. https://aws.amazon.com/fargate/ Part of abstracted services for which AWS is responsible for the security & infrastructure layer. Customers are responsible for data that is saved on these resources.

Answer 16

Amazon Elastic Container Service (Amazon ECS) is a highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS. Amazon ECS eliminates the need for you to install and operate your own container orchestration software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines. Run applications on a managed cluster. Amazon Elastic Container Service is used to run containerized applications in AWS. Amazon Elastic Container Service (ECS) is the service that can be used to run and manage Docker containers in AWS. Amazon ECS has only two modes: Fargate launch type (serverless) and EC2 launch type (server-based). Elastic Container Service, A Container Orchestrator. On both Amazon EKS and Amazon ECS, you have the option of running your containers on the following compute options: AWS Fargate — a "serverless" container compute engine where you only pay for the resources required to run your containers. Suited for customers who do not want to worry about managing servers, handling capacity planning, or figuring out how to isolate container workloads for security. EC2 instances — offers the widest choice of instance types, including processor, storage, and networking. Ideal for customers who want to manage or customize the underlying compute environment and host operating system. AWS Outposts — run your containers using AWS infrastructure on premises for a consistent hybrid experience. Suited for customers who require local data processing, data residency, and hybrid use cases. AWS Local Zones — an extension of an AWS Region. Suited for customers who need the ability to place resources in multiple locations closer to end users. AWS Wavelength — ultra-low-latency mobile edge computing. Suited for 5G applications, interactive and immersive experiences, and connected vehicles.

Answer 17

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that allows you to use Kubernetes to run and scale containerized applications in the cloud or on-premises. Amazon Elastic Kubernetes Services (EKS) – the fully managed Kubernetes service that enables you to run Kubernetes seamlessly on the Cloud. Kubernetes is an open-source container orchestration system that allows you to deploy and manage containerized applications at scale. AWS handles provisioning, scaling, and managing the Kubernetes instances in a highly available and secure configuration. This removes a significant operational burden and allows you to focus on building applications instead of managing AWS infrastructure. Elastic Kubernetes Service. Also a Container Orchestrator. Amazon Elastic Container Service for Kubernetes (EKS) is a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane. EKS is certified Kubernetes conformant, so existing applications running on upstream Kubernetes are compatible with Amazon EKS. EKS automatically manages the availability and scalability of the Kubernetes control plane nodes that are responsible for starting and stopping containers, scheduling containers on virtual machines, storing cluster data, and other tasks. EKS automatically detects and replaces unhealthy control plane nodes for each cluster. Generally available but only in limited regions currently. On both Amazon EKS and Amazon ECS, you have the option of running your containers on the following compute options: AWS Fargate — a "serverless" container compute engine where you only pay for the resources required to run your containers. Suited for customers who do not want to worry about managing servers, handling capacity planning, or figuring out how to isolate container workloads for security. EC2 instances — offers the widest choice of instance types, including processor, storage, and networking. Ideal for customers who want to manage or customize the underlying compute environment and host operating system. AWS Outposts — run your containers using AWS infrastructure on premises for a consistent hybrid experience. Suited for customers who require local data processing, data residency, and hybrid use cases. AWS Local Zones — an extension of an AWS Region. Suited for customers who need the ability to place resources in multiple locations closer to end users. AWS Wavelength — ultra-low-latency mobile edge computing. Suited for 5G applications, interactive and immersive experiences, and connected vehicles. https://aws.amazon.com/eks/features/ https://aws.amazon.com/kubernetes/

Answer 18

SNS is a service to notify SQS is a service to hold information

Answer 19

Understand if there are any Compliance requirements and the proximity to end customers.

Answer 20

CloudFront is a content distribution system. AWS Content Delivery and DNS Services This category of AWS services includes services for caching content around the world and providing intelligent Domain Name System (DNS) services for your applications. Amazon CloudFront is a content delivery network (CDN) that allows you to store (cache) your content at “edge locations” located around the world. This allows customers to access content more quickly and provides security against DDoS attacks. CloudFront can be used for data, videos, applications, and APIs. CloudFront benefits: Cache content at Edge Location for fast distribution to customers. Built-in Distributed Denial of Service (DDoS) attack protection. Integrates with many AWS services (S3, EC2, ELB, Route 53, Lambda). Origins and Distributions: An origin is the origin of the files that the CDN will distribute. Origins can be either an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53 – can also be external (non-AWS). To distribute content with CloudFront you need to create a distribution. CloudFront uses Edge Locations and Regional Edge Caches: An edge location is the location where content is cached (separate to AWS regions/AZs). Requests are automatically routed to the nearest edge location. Regional Edge Caches are located between origin web servers and global edge locations and have a larger cache. Regional Edge caches aim to get content closer to users. The diagram below shows where Regional Edge Caches and Edge Locations are placed in relation to end users Amazon CloudFront lets you securely deliver data, videos, applications, and APIs to your global customers with low latency and high transfer speed. CloudFront is a Caching service that is used to deliver content to end users with low latency. It caches content close to the end customers. CloudFront = Cache. Caching data that is mostly used or viewed close to the end users. An edge location content delivery mechanism to enable delivery to customers using low latency (as closer). Has lower rates for data transfer out. CloudFront is therefore essentially a caching and Content Delivery Network (CDN) service, not a storage service. It does not have the concept of volumes or storage classes. It speeds up the sharing of your dynamic and static web content such as .css, .html, and image files to your users (Network). Amazon CloudFront is a global service. CloudFront is not for storage.

Answer 21

Content Delivery Network

Answer 22

A serverless key value database providing fast and predictable performance.

Answer 23

A relational database engine. Available in RDS. Compatible with MySQL and Postgre. Amazon Aurora is a relational database service, not a cost management service. The name of the service that performs this function is AWS Cost Explorer. Amazon Aurora is a database service.

Answer 24

Provides you with a significant discount (up to 75%) compared to On-Demand instance pricing, and can be purchased for a 1-year or 3-year term. Can pay upfront for bigger discounts or monthly. Using Reserved instances requires a contract of at least one year. Amazon EC2 Reserved Instances provide a significant discount (up to 75%) compared to On-Demand pricing. Reserved instances can be purchased for a one or three-year term so you are committing to pay for them throughout this time period even if you don't use them. Spot, Savings Plans, and Reserved EC2 instances are all cheaper than On-Demand instances.

Answer 25

If you need additional flexibility, such as the ability to use different instance families, operating systems, or tenancies over the Reserved Instance term. Convertible Reserved Instances provide you with a significant discount (up to 54%) compared to On-Demand Instances and can be purchased for a 1-year or 3-year term. Spot, Savings Plans, and Reserved instances are all cheaper than On-Demand instances.

Answer 26

With On-Demand instances you only pay for the EC2 instances you use. You can configure and launch your EC2 instances in minutes. There is no free capacity for application testing. You can only have specific types of instances for free during the free tier period (12 months). With On-Demand instances, you pay for compute capacity by the hour or the second depending on which instances you run. No longer-term commitments or upfront payments are needed. You can increase or decrease your compute capacity depending on the demands of your application and only pay for what you use. The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. On-Demand instances also remove the need to buy “safety net” capacity to handle periodic traffic spikes.

Answer 27

Elastic Cloud Enterprise

Answer 28

Closed to the internet, hosted on provider hardware.

Answer 29

AWS' big data lake platform. AWS Lake Formation is a service that makes it easy to set up a secure data lake in days. A data lake is a centralised, curated, and secured repository that stores all your data, both in its original form and prepared for analysis. A data lake lets you break down data silos and combine different types of analytics to gain insights and guide better business decisions.

Answer 30

A fully functional local AWS cloud stack. Develop and test your cloud & serverless apps offline

Answer 31

A Cloud Machine Learning platform to create, train, and deploy machine learning models in the cloud.

Answer 32

Customer obsession Learn and be curious Earn trust Dive deep Invent and simplify Think big Bias for action Drive results

Answer 33

Analytics Application Integration AR and VR AWS Cost Management AWS Marketplace Blockchain Business Applications Compute Customer Engagement Database Desktop and App Streaming Developer Tools Game Tech Internet of Things Machine Learning Management and Governance Media Services Migration and Transfer Mobile Network and Content Delivery Robotics Satellite Security, Identity, and Compliance Storage

Answer 34

Customer - Responsible for security "IN" the Cloud AWS - Responsible for security "OF" the Cloud. AWS responsible for anything physical. AWS is responsible for the security and compliance of its physical infrastructure, including the PCI DSS requirements.

Answer 35

A geographic region containing multiple AZs. A Region is an area of 100km around a location e.g. a big city. Every Region has one or more AZs.

Answer 36

Develop, deploy, run, and scale workloads in the AWS Cloud.

Answer 37

A Virtual Private Cloud (VPC) is a virtual network on AWS dedicated to your AWS account. A VPC spans all the Availability Zones in the region. It can be divided into a public or private sub network. Therefore, Amazon VPC is a logically isolated network of the AWS Cloud. Amazon VP: - Logically isolated network - Created per Account per Region - Spans a single Region - Can use all AZs within one Region - Can peer with other VPCs - Internet and VPN Gateways - Numerous security mechanisms

Answer 38

A subnet is a range of IP addresses within a VPC. It allows you to partition your network inside your VPC (Availability Zone resource). A subnet is a section in a VPC in which you can place groups of isolated resources. A subnet can be public (accessible from outside the VPC) or private.

Answer 39

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacentre, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. Establish a physical connection between on-premises and AWS. The connection is private, secure, and fast. Goes over the private network and takes at least a month to establish. Dedicated Fibre. It does not use the internet. A direct dedicated connection between "On-premise" and an AWS Region. More secure.

Answer 40

Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Security groups can not be used to protect resources outside of AWS. The fundamental of network security in AWS. They control how traffic is allowed into or out of our EC2 instances. They only contain allow rules and can reference by IP or by security group. The firewall. A Security Group is a virtual firewall for an EC2 instance. It protects the EC2 instance and filters traffic. Security Groups perform stateful packet filtering. There have to be some instances associated with a Security Group to change a Security Group.

Answer 41

Network access control lists (Network ACLs) act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Network ACLs can not be used to protect resources outside of AWS. A virtual firewall for a subnet. Network ACLs perform stateless packet filtering.

Answer 42

Cache = Edge Location

Answer 43

Fully managed batch processing at any scale (Compute).

Answer 44

AWS Software Development Kit. Call other services such as S3.

Answer 45

AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. These events may include changes in state or an update, such as a user placing an item in a shopping cart on an ecommerce website. Part of serverless computing. Holds code that can be triggered in response to an event. For example a change to a file in an S3 bucket, by an API call etc.

Answer 46

The Performance Efficiency pillar includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

Answer 47

The Cost Optimisation pillar includes the ability to run systems to deliver business value at the lowest price point.

Answer 48

The Reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. A resilient workload quickly recovers from failures to meet business and customer demand. Key topics include distributed system design, recovery planning, and how to handle change.

Answer 49

The Security pillar encompasses the ability to protect data, systems, and assets to take advantage of cloud technologies to improve your security. The Security Pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. The security pillar provides an overview of design principles, best practices, and questions. You can find prescriptive guidance on implementation in the Security Pillar whitepaper. The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. Key topics include confidentiality and integrity of data, identifying and managing who can do what with privilege management, protecting systems, and establishing controls to detect security events.

Answer 50

The Operational Excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. Key topics include automating changes, responding to events, and defining standards to manage daily operations.

Answer 51

Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost effective to set up, manage, and scale a search solution for your website or application (Analytics).

Answer 52

Seamless and secure integration. Hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. AWS Storage Gateway is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. You can use the service for backup and archiving, disaster recovery, cloud data processing, storage tiering, and migration.

Answer 53

Data archiving and backup. Low cost storage service, high latency (storage). S3 Glacier is more expensive/not cheaper than S3 Glacier Deep Archive. You can use the Amazon S3 Glacier storage classes to backup large amounts of data at very low costs. You can store virtually any kind of data in any format (using Amazon Glacier). But your costs will be lower if you aggregate and compress your data. Glacier cannot be attached to EC2 instances. Glacier is a storage class of S3. Glacier is not for frequently accessed data. The storage service that AWS customers can use to attach storage volumes to an Amazon EC2 instance is Amazon EBS. An Amazon EBS volume is a durable, block-level storage device that you can attach to your EC2 instances. After you attach a volume to an instance, you can use it as you would use a physical hard drive. AWS recommends Amazon EBS for data that must be quickly accessible and requires long-term persistence. EBS volumes are particularly well-suited for use as the primary storage for operating systems, databases, or for any applications that require fine granular updates and access to raw, unformatted, block-level storage.

Answer 54

The storage service that allows any type and volume of data to be stored. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere – web sites and mobile apps, corporate applications, and data from IoT sensors or devices. Durable, scalable object storage. 99.99% availability 99.999999999% durability You can store any type of file in S3. S3 is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry. S3 provides comprehensive security and compliance capabilities that meet even the most stringent regulatory requirements. S3 gives customers flexibility in the way they manage data for cost optimization, access control, and compliance. Typical use cases include: Backup and Storage – Provide data backup and storage services for others. Application Hosting – Provide services that deploy, install, and manage web applications. Media Hosting – Build a redundant, scalable, and highly available infrastructure that hosts video, photo, or music uploads and downloads. Software Delivery – Host your software applications that customers can download. Static Website – you can configure a static website to run from an S3 bucket. S3 provides query-in-place functionality, allowing you to run powerful analytics directly on your data at rest in S3. And Amazon S3 is the most supported cloud storage service available, with integration from the largest community of third-party solutions, systems integrator partners, and other AWS services. Files can be anywhere from 0 bytes to 5 TB. There is unlimited storage available. Files are stored in buckets. Buckets are root level folders. Any subfolder within a bucket is known as a “folder”. S3 is a universal namespace so bucket names must be unique globally. There are seven S3 storage classes. S3 Standard (durable, immediately available, frequently accessed). S3 Intelligent-Tiering (automatically moves data to the most cost-effective tier). S3 Standard-IA (durable, immediately available, infrequently accessed). S3 One Zone-IA (lower cost for infrequently accessed data with less resilience). S3 Glacier Instant Retrieval (data that is rarely accessed and requires retrieval in milliseconds). S3 Glacier Flexible Retrieval (archived data, retrieval times in minutes or hours). S3 Glacier Deep Archive (lowest cost storage class for long term retention). When you successfully upload a file to S3 you receive a HTTP 200 code. S3 is a persistent, highly durable data store. Persistent data stores are non-volatile storage systems that retain data when powered off. This contrasts with transient data stores and ephemeral data stores which lose the data when powered off. Amazon S3 is a serverless data store service that stores customer data without requiring management of underlying storage infrastructure. Amazon S3 enables customers to offload the administrative burdens of operating and scaling storage to AWS so that they do not have to worry about hardware provisioning, operating system patching, or maintenance of the platform. AWS is responsible for most of the configuration and management tasks, but customers are still responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions. A serverless service is a service that does not require the customer to manage the infrastructure layer, the operating system layer, or the platform layer. A serverless service can be a compute service such as AWS Lambda, an integration service such as Amazon SQS, or a data store service such as Amazon S3. Infinitely scaling storage. Allows people to store objects (files) in buckets (directories). Simple Storage Solution (Storage). Managed cloud service Storage not associated with any particular server/EC2 instance Store unlimited number of objects Fine grained security control (S3 bucket, object level too) Objects have a key - common approach is to use keys that look like a folder+file structure. Must be suitable for use in URLs. Considered fault tolerant. https://awsexamplebucket/s3-us-west-2.amazonaws.com/docs/hello.txt awsexamplebucket - bucket name s3-us-west-2.amazonaws.com - Region-specific endpoint docs/hello.txt - object key USE OF BUCKETS IN S3 Buckets are used in S3 storage. Amazon S3 Bucket ACLs enable you to manage access to buckets. Each bucket has an ACL attached to it as a sub-resource. You can use Bucket ACLs to grant basic read/write permissions to other AWS accounts. Note: You have three options to control access to an Amazon S3 Bucket: 1- IAM Policies 2- Bucket Policies 3- Bucket ACLs Data is secured using ACLs and bucket policies.

Answer 55

File storage for Amazon EC2 instance. Amazon Elastic File System (Amazon EFS) provides a fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. A fully managed elastic NFS file system (Storage). Amazon EFS is a storage service.

Answer 56

A virtualized partition of a physical storage drive that’s not directly connected to the EC2 instance it’s associated with. Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. Amazon EBS volumes offer the consistent and low-latency performance needed to run your workloads. With Amazon EBS, you can scale your usage up or down within minutes – all while paying a low price for only what you provision. Raw block level storage attached to an Amazon EC2 Instance (Storage). Amazon EBS volumes are not suitable for data archive and faster retrieval. Amazon EBS is not a cost-effective solution for storing backups. Amazon EBS is a block level storage that can be used as a disk drive for Amazon EC2 or Amazon RDS instances. Amazon EBS is designed for application workloads that benefit from fine tuning for performance and capacity. Typical use cases of Amazon EBS include Big Data analytics engines (like the Hadoop/HDFS ecosystem and Amazon EMR clusters), relational and NoSQL databases (like Microsoft SQL Server and MySQL or Cassandra and MongoDB), stream and log processing applications (like Kafka and Splunk), and data warehousing applications (like Vertica and Teradata). Amazon EBS does not use buckets. Amazon EBS is a storage service, not a compute service. There are no reservations in Amazon EBS independent of Amazon EC2.

Answer 57

Virtual Private Cloud - VPC (Networking). Networking AWS service - lives within a region A private virtual network in the AWS cloud that uses the same concepts as on premise networking. Subnets to divide up the VPC. Subnets are where EC2 instances reside, but they do not actually control ingress and egress traffic themselves. Allows VPC to span multiple AZs Routing tables Internet gateway (IGW) + NAT gateway Network ACLs Allows complete control of network configuration (isolate and expose resources inside VPC) Offers several layers of security controls (allow/deny specific internet and internal traffic) Other AWS services deploy into the VPC (inherent security built in)

Answer 58

Amazon Route 53 helps AWS Customers improve their application’s performance for a global audience. Amazon Route 53 latency-based policy routes user requests to the closest AWS Region, which reduces latency and improves application performance. A DNS Web Service (Networking). Map a name to a destination on AWS. Helps with High Availability through DNS, geolocation routing, health checks, latency-based routing, and round robin. Route 53 is a global service.

Answer 59

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS (Network).

Answer 60

Amazon CloudWatch is mainly used to monitor the utilization of your AWS resources. A service that collects and monitors log, metric, and event data from AWS and non-AWS services and applications. You can search logs, visualize metric data, create alarms, and trigger actions based on specific events. Has been described as "Standard Out on Steroids". AWS Monitoring and Logging Services Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring (CloudTrail is for auditing). Used to collect and track metrics, collect, and monitor log files, and set alarms. Automatically react to changes in your AWS resources. Monitor resources such as: EC2 instances. DynamoDB tables. RDS DB instances. Custom metrics generated by applications and services. Any log files generated by your applications. Amazon CloudWatch is a monitoring service for resource utilization. Gain system-wide visibility into resource utilization. CloudWatch monitoring includes application performance. Monitor operational health. CloudWatch is accessed via API, command-line interface, AWS SDKs, and the AWS Management Console. CloudWatch integrates with IAM. Amazon CloudWatch Logs lets you monitor and troubleshoot your systems and applications using your existing system, application, and custom log files. CloudWatch Logs can be used for real time application and system monitoring as well as long term log retention. CloudWatch Logs keeps logs indefinitely by default. CloudTrail logs can be sent to CloudWatch Logs for real-time monitoring. CloudWatch Logs metric filters can evaluate CloudTrail logs for specific terms, phrases, or values. CloudWatch retains metric data as follows: Data points with a period of less than 60 seconds are available for 3 hours. These data points are high-resolution custom metrics. Data points with a period of 60 seconds (1 minute) are available for 15 days. Data points with a period of 300 seconds (5 minute) are available for 63 days. Data points with a period of 3600 seconds (1 hour) are available for 455 days (15 months). Dashboards allow you to create, customize, interact with, and save graphs of AWS resources and custom metrics. Alarms can be used to monitor any Amazon CloudWatch metric in your account. Events are a stream of system events describing changes in your AWS resources. Logs help you to aggregate, monitor and store logs. Basic monitoring = 5 mins (free for EC2 Instances, EBS volumes, ELBs and RDS DBs). Detailed monitoring = 1 min (chargeable). Metrics are provided automatically for several AWS products and services. There is no standard metric for memory usage on EC2 instances. A custom metric is any metric you provide to Amazon CloudWatch (e.g. time to load a web page or application performance). Options for storing logs: CloudWatch Logs. Centralized logging system (e.g. Splunk). Custom script and store on S3. Do not store logs on non-persistent disks: Best practice is to store logs in CloudWatch Logs or S3. CloudWatch Logs subscription can be used across multiple AWS accounts (using cross account access). Amazon CloudWatch uses Amazon SNS to send e-mail. Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real time. You can use CloudWatch to collect and track metrics, which are variables you can measure for your resources and applications. CloudWatch alarms send notifications or automatically make changes to the resources you are monitoring based on rules that you define. For example, you can monitor the CPU usage and disk reads and writes of your Amazon EC2 instances and then use this data to determine whether you should launch additional instances to handle increased load. You can also use this data to stop under-used instances to save money. In addition to monitoring the built-in metrics that come with AWS, you can monitor your own custom metrics. With CloudWatch, you gain system-wide visibility into resource utilization, application performance, and operational health. Monitoring service. Distributed statistics gathering system., Tracks metrics of your infrastructure. Can create and use custom metrics. Observability of your AWS resources and applications on AWS and on-premises (Monitoring). Near real-time stream of system events that describe changes in AWS resources. Collect and track metrics (e.g., standard ones like CPU utilisation or custom ones from your application), collect and monitor log files, set alarms and automatically react to changes (e.g., through SNS or trigger an autoscaling event). Example use case include responding to state changes in AWS resources. Amazon CloudWatch dashboards are used to monitor AWS system resources and infrastructure services, and are customizable and present information graphically.

Answer 61

With AWS Snowball (Snowball), you can transfer hundreds of terabytes or petabytes of data between your on-premises data centres and Amazon Simple Storage Service (Amazon S3). Snowball can import to S3 or export from S3. Import/export is when you send your own disks into AWS – this is being deprecated in favour of Snowball. Snowball must be ordered from and returned to the same region. To speed up data transfer it is recommended to run simultaneous instances of the AWS Snowball Client in multiple terminals and transfer small files as batches. Bulk data transfer, edge storage, and edge compute. Uses a secure storage device for physical transportation. AWS Snowball Client is software that is installed on a local computer and is used to identify, compress, encrypt, and transfer data. Uses 256-bit encryption (managed with the AWS KMS) and tamper-resistant enclosures with TPM. AWS uses storage transportation devices, like AWS Snowball and Snowmobile to allow companies to transfer data to the cloud. Petabyte-scale data transport with on-board storage and compute capabilities. It is well suited for local storage snd large scale data transfer (Migration & Transfer).

Answer 62

AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases. AWS Database Migration Service supports homogenous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle or Microsoft SQL Server to Amazon Aurora. With AWS Database Migration Service, you can continuously replicate your data with high availability and consolidate databases into a petabyte-scale data warehouse by streaming data to Amazon Redshift and Amazon S3. https://aws.amazon.com/dms/ AWS Database Migration Service is used to migrate your data to and from most of the widely used commercial and open source databases. Simplify migration of a database to AWS. Simple to use, minimal downtime, supports widely used databases. Low cost. Fast and easy to setup. Reliable. Replication Instance, Endpoint and Task are the three main components of DMS. Logging is not enabled by default.

Answer 63

Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale micro-services, distributed systems, and server-less applications. It can be considered fault tolerant as it is a distributed messaging system that can ensure the queue is always available. Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Amazon SQS offers a reliable, highly-scalable hosted queue for storing messages as they travel between applications or microservices. It moves data between distributed application components and helps you decouple these components.

Answer 64

Amazon SNS is a web service provided by the AWS. SNS stands for Simple Notification Service, and it manages and delivers the messages or notifications to the users and clients from any cloud platform. Messaging. Simple Notification Service. Flexible pub/sub messaging and mobile comms service. Coordinates delivery of messages to endpoints/clients. Decouple and scale micro-services, distributed systems and server-less applications. SNS is not used for monitoring. The service can be used in conjunction with CloudWatch to monitor and send notifications to your Email address. Using Amazon CloudWatch alarms, you can set up metric thresholds and send alerts to Amazon Simple Notification Service (SNS). SNS can send notifications using e-mail, HTTP(S) endpoints, and Short Message Service (SMS) messages to mobile phones.

Answer 65

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. Lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. The AWS service that uses Chef and Puppet is AWS OpsWorks.

Answer 66

AWS Config is a management service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continually monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. AWS config is used for evaluating configuration on the resources deployed in AWS cloud. It will not help for creating portfolios of resources for quick deployment. AWS Config cannot be used to monitor or set thresholds for your CPU usage. AWS Config enables you to review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.

Answer 67

AWS CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. AWS CloudFormation provides templates to provision and configure resources in AWS. AWS CloudFormation is a service for provisioning AWS resources using templates. It provides a declarative way of outlining your AWS Infrastructure, for any resources (most of them are supported). Then CloudFormation creates those for you in the right order with the exact configuration that you specify. AWS Cloud Formation provides a common language for you to model and provision AWS and third-party application resources in your cloud environment. Simplifies the task of repeatedly and predictably creating groups of related resources for your applications. Automates resource provisioning Create, update and delete resources (provisioned resources known as stacks) CloudFormation reads template files (JSON/YAML) and creates resources accordingly Templates can have conditions (variables) - useful for using templates for different environments (test vs production) This is an example of infrastructure as code. Can use CloudFormation Designer to help create the template.

Answer 68

Stream desktop applications securely securely to a browser (end user computing). AppStream 2.0 helps you move your existing desktop applications to AWS so that users can access them from anywhere. Amazon AppStream 2.0 doesn't provide any cost information. AppStream 2.0 helps you move your existing desktop applications to AWS so that users can access them from anywhere. Interactively streaming your application from the cloud provides several benefits: Instant-on: Streaming your application with Amazon AppStream 2.0 lets your users start using your application immediately, without the delays associated with large file downloads and time-consuming installations. Remove device constraints: You can leverage the compute power of AWS to deliver experiences that wouldn't normally be possible due to the GPU, CPU, memory, or physical storage constraints of local devices. Multi-platform support: You can take your existing applications and start streaming them to a computer without any modifications. Easy updates: Because your application is centrally managed by Amazon AppStream 2.0, updating your application is as simple as providing a new version of your application to Amazon AppStream 2.0. Interactively streaming your application from the cloud provides several benefits: 1- Instant-on: Streaming your application with Amazon AppStream 2.0 lets your users start using your application immediately, without the delays associated with large file downloads and time-consuming installations. 2- Remove device constraints: You can leverage the compute power of AWS to deliver experiences that wouldn’t normally be possible due to the GPU, CPU, memory, or physical storage constraints of local devices. 3- Multi-platform support: You can take your existing applications and start streaming them to a computer without any modifications. 4- Easy updates: Because your application is centrally managed by Amazon AppStream 2.0, updating your application is as simple as providing a new version of your application to Amazon AppStream 2.0.

Answer 69

AWS X-Ray is a service that collects data about requests that your application serves, and provides tools you can use to view, filter, and gain insights into that data to identify issues and opportunities for optimization. A developer tool. Analyse and debug production, distributed applications.

Answer 70

AWS Software Development Kit? Call other services such as S3.

Answer 71

MySQL and PostgreSQL compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases.

Answer 72

A cloud-based application is fully deployed in the cloud and all parts of the application run in the cloud. Applications in the cloud have either been created in the cloud or have been migrated from an existing infrastructure to take advantage of the benefits of cloud computing. Cloud-based applications can be built on low-level infrastructure pieces or can use higher level services that provide abstraction from the management, architecting, and scaling requirements of core infrastructure Public Cloud is connected to and accessible via the internet. Public Cloud offers rapidly available, flexible use, and secure technology capability. The 'Public' in Public Cloud relates to the services being available to the public without lengthy procurement processes - not that systems or data is publicly accessible. Whilst you can choose to expose your workload or data to the internet, many organisations do not - using Public cloud capacity only as a flexible pay-as-you-go extension to their own private networks. For example AWS Direct Connect and Azure Express Route.

Answer 73

Capital DEL (CDEL) - spending on items deemed capital in nature.

Answer 74

Resource DEL (RDEL) excluding depreciation - effectively current spending

Answer 75

Support from AWS Support Team

Answer 76

Dedicated Instances are Amazon EC2 instances that run in a VPC on hardware that's dedicated to a single customer.

Answer 77

Cloud provider deploying platform on customer hardware or some sort of custom built cloud environment. The deployment of resources on-premises, using virtualization and resource management tools, is sometimes called the “private cloud.” On-premises deployment doesn’t provide many of the benefits of cloud computing but is sometimes sought for its ability to provide dedicated resources. In most cases this deployment model is the same as legacy IT infrastructure while using application management and virtualization technologies to try and increase resource utilization.

Answer 78

With On-Demand instances you only pay for EC2 instances you use.

Answer 79

Amazon Managed Blockchain is a fully managed service that makes it easy to join public networks or create and manage scalable private networks using the popular open-source frameworks Hyperledger Fabric and Ethereum.

Answer 80

Amazon Kinesis Data Analytics is the easiest way to transform and analyse streaming data in real time using Apache Flink. Gain actionable insights from streaming data with server-less, fully managed Apache Flink. Amazon Kinesis Data Analytics is the easiest way to process and analyse real-time, streaming data. Can use standard SQL queries to process Kinesis data streams. Provides real-time analysis. Use cases: Generate time-series analytics. Feed real-time dashboards. Create real-time alerts and notifications. Quickly author and run powerful SQL code against streaming sources. Can ingest data from Kinesis Streams and Kinesis Firehose. Output to S3, RedShift, Elasticsearch and Kinesis Data Streams. Sits over Kinesis Data Streams and Kinesis Data Firehose.

Answer 81

AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools, to customer premises. It supports a hybrid architecture by giving companies the possibility to extend AWS infrastructure and AWS services to their own data centres. AWS Outposts is an AWS service that delivers the same AWS infrastructure, native AWS services, APIs, and tools to virtually any customer on premises facility. With AWS Outposts, customers can run AWS services locally on their Outpost, including EC2, EBS, ECS, EKS, and RDS, and also have full access to services available in the Region. Customers can use AWS Outposts to securely store and process data that needs to remain on premises or in countries where there is no AWS region. AWS Outposts is ideal for applications that have low latency or local data processing requirements, such as financial services, healthcare, etc. Run your containers using AWS infrastructure on premises for a consistent hybrid experience. Suited for customers who require local data processing, data residency, and hybrid use cases.

Answer 82

CloudHSM is a cryptographic service for creating and maintaining hardware security modules (HSMs) in an AWS environment. Not multi tenant like KMS.

Answer 83

PAYG. Broad selection of HW/SW, where to host. 1. Log into AWS console 2. Choose region 3. Launch EC2 Wizard 4. Select Amazon Machine Image - AMI (software platform - windows/Linux etc) 5. Select instance type (number of cores, RAM etc) 6. Configure network 7. Configure storage 8. Configure key pairs/tags (for connecting to instance after we launch it e.g. name) 9. Configure firewall security groups

Answer 84

1. Choose between HDD or SSD (SSD for performance e.g. recall, HDD for OS, log storage etc) 2. Persistent and customisable block storage for EC2 instances 3. Automatically replicated in same AZ 4. Backup using snapshots (and share these) 5. Easy/transparent encryption even within AWS centres 6. Elastic volume

Answer 85

Amazon Route 53 can be used for: • Registering domain names • DNS configuration and management • Configuring health checks to route traffic only to healthy endpoints • Managing global application traffic (cross-regions) through a variety of routing types. AWS Content Delivery and DNS Services This category of AWS services includes services for caching content around the world and providing intelligent Domain Name System (DNS) services for your applications. Amazon Route 53 is the AWS Domain Name Service. Route 53 performs three main functions: Domain registration – Route 53 allows you to register domain names. Domain Name Service (DNS) – Route 53 translates name to IP addresses using a global network of authoritative DNS servers. Health checking – Route 53 sends automated requests to your application to verify that it’s reachable, available, and functional. You can use any combination of these functions. Route 53 benefits: Domain registration. DNS service. Traffic Flow (send users to the best endpoint). Health checking. DNS failover (automatically change domain endpoint if system fails). Integrates with ELB, S3, and CloudFront as endpoints. Routing policies determine how Route 53 DNS responds to queries. Key functions of each type of routing policy Policy What it Does Simple Simple DNS response providing the IP address associated with a name Failover If primary is down (based on health checks), routes to secondary destination Geolocation Uses geographic location you’re in (e.g. Europe) to route you to the closest region Geoproximity Routes you to the closest region within a geographic area Latency Directs you based on the lowest latency route to resources Multivalue answer Returns several IP addresses and functions as a basic load balancer Weighted Uses the relative weights assigned to resources to determine which to route to

Answer 86

A mechanism is a complete process... a "virtuous cycle" that reinforces and improves itself as it operates. It takes controllable inputs and transforms them into ongoing outputs to address a recurring business challenge.

Answer 87

The combination of a "Regional Edge Cache" and "Edge Location"

Answer 88

On-Demand instances are offered at a set price by AWS Region.

Answer 89

Reserved Instances reserve capacity at a discounted rate. The customer commits to purchase a certain amount of compute.

Answer 90

Spot Instances are discounted more heavily when there is more capacity available in the Availability Zones. Spot, Savings Plans, and Reserved instances are all cheaper than On-Demand instances.

Answer 91

Reserved Instances reserve capacity at a discounted rate. The customer commits to purchase a certain amount of compute. With Convertible Reserved Instances, you can change the instance family, operating system and tenancies.

Answer 92

Spot Instances. Spot Instances are discounted more heavily when there is more capacity available in the Availability Zones.

Answer 93

Amazon Elastic File System (Amazon EFS)

Answer 94

It is a guide to help with the design of cloud architecture. It helps you to assess and improve architectures and understand how design decisions impact the business.

Answer 95

Security, Reliability, Performance efficiency, Cost optimisation and Operational excellence.

Answer 96

The ability of a system to remain in operation. Related to the built-in redundancy of an application's components.

Answer 97

A configuration that ensures application availability 100 percent or near-100 percent of the time. Refers to the entire system. Ensures that systems are generally functioning, and that downtime is minimised, with minimal human intervention. Minimal upfront investment for customers of AWS.

Answer 98

Tools from AWS and partners Encryption in transit with Transport Layer Security (TLS) Built in firewalls Private/dedicated connections Distributed Denial of Service (DDOS) protection

Answer 99

Amazon Simple Queue Service. A distributed messaging system. Can ensure queue is always available. Amazon Simple Storage Service (S3). Amazon Relational Database Service.

Answer 100

Static IPs designed for dynamic cloud computing, can mask failures if they occur. Helps with High Availability.

Answer 101

Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple. A way to provide identity to your web and mobile applications users. Amazon Cognito can be used to control access to AWS resources from an application. Mobile-based auth and identity, where you can have the user management like, create, modify, delete and reset password done for you. You can also have external web-based identity providers integrated. Web applications usually allow a valid username and password combination for successful sign into the application. Modern authentication flows incorporate more approaches to ensure user authentication. When using AWS, this is no exception, thanks to the abilities and features offered by AWS Cognito. Amazon Cognito service is designed to provide APIs and infrastructure for key features in the user management space such as authentication, authorization, and managing the user repository with different operations for your web and mobile apps.

Answer 102

Inventory and config management tools for managing settings over time. Deployment tools. Templates definition/management tools.

Answer 103

Encryption capabilities. Key management options (AWS Key Management). Hardware based cryptographic key storage options (CloudHSM)

Answer 104

IAM Multi-factor authentication (2FA etc) Integration and federation with corporate directories (to reduce admin overhead) Amazon Cognito - a simple user identity and data synchronisation service that helps you securely manage and synchronise app data for your users across their mobile devices. AWS SSO

Answer 105

User - named operator, could be human or machine Group - collection of users. Groups have multiple users and users can be in many groups Role - NOT your permissions. Authentication Method. A user is an operator - could be human could be machine. Role is operator - could be human could be machine. Permissions with a role are temporary. Role is authentication..

Answer 106

Physical - AWS do this. Network - AWS do this. Whilst they don't tell clients the things they do to make it secure, they do tell the people that certify. Hypervisor - uses a Zen based hypervisor with changes to make it secure and scalable. Guest OS - If you are running EC2 then there is a magic dividing line between that and the hypervisor. AWS don't have access to the OS. YOU are responsible for this and all things above it. Therefore, patching OS is your responsibility (Using Systems Manager Patch Manager). Application and User Data - AWS doesn't have access to this as it requires security keys.

Answer 107

CloudFront and Route53. Requests going to either of these services will be routed to the nearest edge location automatically S3 Transfer Acceleration traffic and API Gateway traffic also use Edge Network.

Answer 108

Allow customers to host sensitive Controlled Unclassified Information and other types of regulated workloads. Only operated by employees who are US citizens on US soil.

Answer 109

Managed Desktop as a Service (DaaS) solution to easily provision Windows or Linux desktops. Helps eliminate management of on-premise Virtual Desktop Infrastructure. Pay as you go service with monthly or hourly rates.

Answer 110

Globally unique name (across all regions and all accounts) 1. No uppercase 2. No underscores 3. 3063 characters long 4. Not an IP 5. Must start with a lowercase letter or number

Answer 111

1. Trade capital expense for variable expense Instead of having to invest heavily in data centres and servers before you know how you’re going to use them, you can pay only when you consume computing resources, and pay only for how much you consume. 2. Benefit from massive economies of scale By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale, which translates into lower pay as-you-go price. 3. Stop guessing capacity Eliminate guessing on your infrastructure capacity needs. When you make a capacity decision prior to deploying an application, you often end up either sitting on expensive idle resources or dealing with limited capacity. With cloud computing, these problems go away. You can access as much or as little capacity as you need and scale up and down as required with only a few minutes’ notice. 4. Increase speed and agility In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization since the cost and time it takes to experiment and develop is significantly lower. 5. Stop spending money on running and maintaining data centres Focus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on your own customers, rather than on the heavy lifting of racking, stacking, and powering servers. 6. Go global in minutes Easily deploy your application in multiple regions around the world with just a few clicks. This means you can provide lower latency and a better experience for your customers at minimal cost.

Answer 112

Gives an idea of future costs.

Answer 113

The more you use, the more you save.

Answer 114

Consolidated Billing because it combines usage across all organization accounts.

Answer 115

A tool to visualize, understand, and manage your AWS costs and usage over time. Default reports and custom reports. Can filter and group.

Answer 116

One bill for all your accounts. For billing, AWS treats all accounts in an organization as if they were one account. You can designate one master account. No extra charge.

Answer 117

1. Cost Optimization 2. Performance 3. Security 4. Fault Tolerance 5. Service Limits

Answer 118

1. Synchronous communications (application to application) 2. Asynchronous / Event based (application to queue to application)

Answer 119

Infrastructure

Answer 120

SSH (Secure Shell) - log into a Linux instance

Answer 121

1. Renting virtual machines (EC2) 2. Storing data on virtual drives (EBS) 3. Distributing load across machines (ELB) 4. Scaling the services using an auto-scaling group (ASG)

Answer 122

HTTPS - access secured websites

Answer 123

Pay for what you use. The trick then is to use what you really need. Linux: billing per second, after the first minute All other operating systems: billing per hour

Answer 124

So you can see the metrics of many services at once. This is referring to the AWS CloudWatch logs dashboard. You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources. CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service. You can then easily view them, search them for specific error codes or patterns, filter them based on specific fields, or archive them securely for future analysis. By default, logs are kept indefinitely and never expire. You can adjust the retention policy for each log group, keeping the indefinite retention, or choosing a retention periods between 10 years and one day.

Answer 125

AWS offers managed databases. Meaning they handle operations, upgrades, patches, monitoring, alerts, and backups.

Answer 126

Global, but buckets are created in a region.

Answer 127

List of text key / value pairs - system or user metadata

Answer 128

A software you install on your computer to manage your Snow Family Device

Answer 129

Finer grain at object level

Answer 130

Region level

Answer 131

Yes it can host static websites.

Answer 132

Multiple customers can share the same infrastructure and applications with security and privacy.

Answer 133

Define the permissions of the users.

Answer 134

1. Vertical Scalability 2. Horizontal Scalability (= elasticity)

Answer 135

No, but they are linked.

Answer 136

Means increasing/decreasing the size of the instance. There is usually a limit.

Answer 137

Means running your application / system in at least 2 AZs.

Answer 138

Means increasing/decreasing the number of instances/systems for your application. Implies distributed systems and is very common for web applications.

Answer 139

To survive a data centre loss (disaster).

Answer 140

Horizontal

Answer 141

Scalability: ability to accommodate a larger load by making the hardware stronger (scale up), or by adding nodes (scale out). Elasticity: once a system is scalable, elasticity means that there will be some 'auto-scaling' so that the system can scale based on the load. This is the 'cloud-friendly': pay-per-use, match demand, optimize costs. Elasticity will not have positive effects on storage, cost or design agility.

Answer 142

Automatically convert speech into text. Uses a deep learning process called automatic speech recognition (ASR) to convert speech to text quickly and accurately.

Answer 143

Turning text into lifelike speech using deep learning.

Answer 144

Only US entities and root account holders who pass a screening process

Answer 145

Hover over account, my billing dashboard, billing preferences

Answer 146

There are 3 common types of cloud computing model: Infrastructure as a service (IaaS). Platform as a service (PaaS). Software as a service (SaaS). Software as a Service (SaaS) provides you with a completed product that is run and managed by the service provider. In most cases, people referring to Software as a Service are referring to end-user applications. With a SaaS offering you do not have to think about how the service is maintained or how the underlying infrastructure is managed; you only need to think about how you will use that piece of software. A common example of a SaaS application is web-based email which you can use to send and receive email without having to manage feature additions to the email product or maintain the servers and operating systems that the email program is running on. SaaS provides high availability, fault tolerance, scalability an elasticity. Software as a service, a completed product that is run and managed by the service provider. Like g-mail. IaaS, PaaS, and SaaS are not deployment models. They represent the different use cases of Cloud Computing, and the different levels of control customers need over their IT resources. Software as a Service (SaaS) provides you with a completed product that is run and managed by the service provider. In most cases, people referring to Software as a Service are referring to end-user applications. With a SaaS offering you do not have to think about how the service is maintained or how the underlying infrastructure is managed; you only need to think about how you will use that particular piece software. A common example of a SaaS application is the web-based email where you can send and receive email without having to manage feature additions to the email product or maintaining the servers and operating systems that the email program is running on.

Answer 147

Someone else owns the servers, hires the IT people, pays for the real estate. You are responsible for configuring cloud services and code, someone else takes care of the rest.

Answer 148

You own the servers, hire the IT people, pay or rent the real estate, and take all the risk

Answer 149

There are 3 common types of cloud computing: - Infrastructure as a service (IaaS). - Platform as a service (PaaS). - Software as a service (SaaS). Platform as a Service (PaaS) removes the need for your organization to manage the underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications. This helps you be more efficient as you don’t need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application. Platform as a service removes the need for your organization to manage the underlying infrastructure. Focus on deployment and management of your application. Like heroku. IaaS, PaaS, and SaaS are not deployment models. They represent the different use cases of Cloud Computing, and the different levels of control customers need over their IT resources. Platform as a Service (PaaS) removes the need for organizations to manage the underlying infrastructure (usually hardware and operating systems) and allow you to focus on the deployment and management of your applications. This helps you be more efficient as you don’t need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application.

Answer 150

There are 3 common types of cloud computing: - Infrastructure as a service (IaaS). - Platform as a service (PaaS). - Software as a service (SaaS). Infrastructure as a Service (IaaS) contains the basic building blocks for cloud IT and typically provide access to networking features, computers (virtual or on dedicated hardware), and data storage space. IaaS provides you with the highest level of flexibility and management control over your IT resources and is very similar to the existing IT resources that many IT departments and developers are familiar with today. Infrastructure as a service. The basic building blocks for cloud IT. Provides access to networking features, computers, and data storage space. Like AWS. IaaS, PaaS, and SaaS are not deployment models. They represent the different use cases of Cloud Computing, and the different levels of control customers need over their IT resources. Infrastructure as a Service, sometimes abbreviated as IaaS, contains the basic building blocks for cloud IT and typically provides access to networking features, computers (virtual or on dedicated hardware), and data storage space. Infrastructure as a Service provides you with the highest level of flexibility and management control over your IT resources and is most similar to existing IT resources that many IT departments and developers are familiar with today.

Answer 151

Availability zones

Answer 152

Usually 3 Min 2 Max 6

Answer 153

A cluster of data centres.

Answer 154

A discrete data centre with redundant power, networking, and connectivity.

Answer 155

Build across data centres.

Answer 156

Automatically and quickly acquire and dispose of resources when needed.

Answer 157

Virtual servers, storage, databases, and networking with low and predictable pricing. Amazon Lightsail provides a low-cost Virtual Private Server (VPS) in the cloud. Lightsail plans include everything you need to jumpstart your project – virtual machines, containers, databases, CDN, load balancers, SSD-based storage, DNS management, etc. – for a low, predictable monthly price.

Answer 158

For people with little cloud experience. No auto-scaling, but has high availability.

Answer 159

API Gateway

Answer 160

There are no servers.

Answer 161

Server-less is a new paradigm in which the developers don't have to manage servers anymore. Includes anything that is managed.

Answer 162

No, you just don't manage/provision/see them.

Answer 163

1. Amazon S3 2. DynamoDB 3. Fargate 4. Lambda

Answer 164

Managed Apache ActiveMQ

Answer 165

Decouple your applications.

Answer 166

Messages are deleted after they are read by consumers.

Answer 167

An Elastic Block Store Volume is a network drive you can attach to your instances while they run. Think of as a network USB stick.

Answer 168

One (at the CCP level) Though technically with EBS Multi-Attach you can attach to multiple but this is out of scope for cloud pract. Exam.

Answer 169

Allow your instances to persist data, even after their termination.

Answer 170

Third party services that help you perform server configuration automatically, or repetitive actions.

Answer 171

A graphic tool for creating, viewing, and modifying AWS CloudFormation templates.

Answer 172

No, it runs on a dedicated machine.

Answer 173

Same technology that powers Alexa. Automated Speech Recognition to convert speech to text. Natural Language Understanding to recognize the intent of text, callers. Helps build chatbots and call centre bots.

Answer 174

You can't SSH into your Instance.

Answer 175

Create and run virtual reality, augmented reality, and 3D apps. Easy to use and accessible via a web-browser

Answer 176

AWS CodeCommit is mainly used for software version control, not for managing encryption keys. Additional information: AWS CodeCommit is designed for software developers who need a secure, reliable, and scalable source control system to store and version their code. In addition, AWS CodeCommit can be used by anyone looking for an easy to use, fully managed data store that is version controlled. For example, IT administrators can use AWS CodeCommit to store their scripts and configurations. Web designers can use AWS CodeCommit to store HTML pages and images. AWS version of Github. Git based repositories.

Answer 177

An availability zone.

Answer 178

Happens when needed.

Answer 179

Caching Content in Edge Locations

Answer 180

Desktop Application Streaming Service. Deliver to any computer without acquiring, provisioning infrastructure. App delivered from within the web browser. Amazon AppStream 2.0 can be used to provide access to applications or a non-persistent desktop from any location.

Answer 181

North Virginia

Answer 182

A fully managed service that tests your web and mobile apps against desktop browsers, real mobile devices, and tablets. Run tests concurrently on multiple devices. Ability to configure device settings.

Answer 183

Used to convert media files stored in S3 into media files in the formats required by consumer playback devices.

Answer 184

CloudEndure Disaster Recovery is an agent-based solution that replicates entire virtual machines, including the operating system, all installed applications, and all databases, into a staging area located in your target AWS Region. The staging area contains low-cost resources that are automatically provisioned and managed by CloudEndure Disaster Recovery. This allows you to quickly and easily recover your physical, virtual, and cloud-based servers into AWS. Continuous block-level replication for your servers. Protect your data from ransomware attacks.

Answer 185

Elastic Transcoder.

Answer 186

AppStream2.0.

Answer 187

WorkSpaces

Answer 188

IoT stands for Internet of Things. The network of internet connected devices that are able to collect and transfer data. Core allows you to easily connect IoT devices to the AWS Cloud. Server-less, secure, and scalable.

Answer 189

AppStream2.0: stream a desktop app to web browsers. Works with any device (that has a browser). Allow to configure an instance type per application type. Workspaces: fully managed Virtual Desktop Infrastructure (VDI) and desktop available. Users connect to the VDI and open native or WorkSpaces Application Manager (WAM) apps. Are "on-demand" and "always-on" For more information on Amazon WorkSpaces, refer to the following URL: https://aws.amazon.com/workspaces/features/

Answer 190

5TB (5000GB)

Answer 191

Multi-part upload.

Answer 192

List of text key / value pairs - system or user metadata.

Answer 193

Only if versioning is enabled.

Answer 194

1. User based 2. Resource based 3. Encryption

Answer 195

S3 bucket policy that allows cross-account access.

Answer 196

It is a JSON based policy with: 1. Resources: buckets and objects 2. Actions: Set of API to Allow or Deny 3. Effect: Allow / Deny 4. Principle: The account or user to apply the policy to

Answer 197

1. Grant public access to the bucket 2. Force objects to be encrypted at upload 3. Grant access to another account (Cross Account)

Answer 198

No, there are settings created to prevent company data leaks.

Answer 199

1. Protect against unintended deletes (ability to restore a version) 2. Easy roll back to previous version

Answer 200

S3 Cross-Region Replication (CRR) is an Amazon S3 feature that enables customers to replicate data across different AWS Regions; to minimize latency for global users and\or meet compliance requirements. Disabling S3 Cross-Region Replication (CRR) does not help protect data from accidental deletion. Cross Region Replication - used for compliance, lower latency access, replication across accounts. Cross-Region Replication (CRR) is an Amazon S3 feature that enables customers to replicate data across different AWS Regions; to minimize latency for global users and\or meet compliance requirements.

Answer 201

Same Region Replication - log aggregation, live replication between production and test accounts.

Answer 202

Connect two VPC, privately using AWS' network. Make them behave as if they are on the same network. VPC Peering connection is not transitive (must be established for each VPC that need to communicate with one another).

Answer 203

A VPC endpoint enables customers to privately connect to supported AWS services and VPC endpoint services powered by AWS PrivateLink. Amazon VPC instances do not require public IP addresses to communicate with resources of the service. Traffic between an Amazon VPC and a service does not leave the Amazon network. VPC endpoints are virtual devices. They are horizontally scaled, redundant, and highly available Amazon VPC components that allow communication between instances in an Amazon VPC and services without imposing availability risks or bandwidth constraints on network traffic. There are two types of VPC endpoints: interface endpoints gateway endpoints Endpoints therefore allow you to connect to AWS Services using a private network instead of the public www network. This gives you better security and lower latency.

Answer 204

1. VPC Endpoint Gateway: S3 & DynamoDB 2. VPC Endpoint Interface: the rest of the services

Answer 205

AWS Site-to-Site VPN provides an internet-based connection that enables customers to connect their on-premises network or branch office site to AWS. Internet-based connectivity can have unpredictable performance and despite being encrypted, can present security concerns. Connect an on-premises VPN to AWS. The connection is automatically encrypted and goes over the public internet. Only a few minutes to make. AWS Direct Connect bypasses the public Internet and uses a standard Ethernet fiber-optic cable to establish a secure, dedicated, and more consistent connectivity from on-premises data centres into AWS. Transferring large data sets over the Internet can be time consuming and expensive. AWS VPN is an internet-based connection and does not meet the requirement of consistent connectivity. Additional information: Unlike AWS Direct Connect, VPN Connections can be configured in minutes and are a good solution if customers have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity.

Answer 206

NAT Gateway NAT devices (NAT Gateway, NAT Instance) allow instances in private subnets to connect to the internet, other VPCs, or on-premises networks. It is deployed in a public subnet.

Answer 207

Internet Gateway. An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. Internet Gateways provide access for a VPC and subnet to reach the internet. They are not directly attached to EC2 instances.

Answer 208

AWS Direct Connect

Answer 209

VPC Peering

Answer 210

Transit Gateway

Answer 211

Network Access Control List (NACL)

Answer 212

Scalability Disposable Resources Automation Loose Coupling Think in services not servers

Answer 213

Cost Optimization

Answer 214

Better fault tolerance

Answer 215

CloudFormation

Answer 216

APN Services Partner

Answer 217

Go global in minutes and experiment more often

Answer 218

Horizontal

Answer 219

AWS Navigate - Partner enablement arm in the partner network. Provides partners guidance of how to specialise with AWS. Help Partners become better Partners.

Answer 220

AWS Competencies are granted to APN Partners who have demonstrated technical proficiency and proven customer success in specialized solution areas.

Answer 221

Can help you learn AWS

Answer 222

Consulting Partner – organisation who helps organisations migrate to and work within the cloud. Professional services firm to help build on AWS

Answer 223

Technology Partner – organisation who builds software to be made available to multiple organisations via AWS. Providing hardware, connectivity, and software.

Answer 224

Spot Instance, On-Demand Instances, Reserved Instances. EC2 instances offers the widest choice of instance types, including processor, storage, and networking. Ideal for customers who want to manage or customize the underlying compute environment and host operating system.

Answer 225

You can bid on unused EC2 capacity by using a spot instance, but a spot instance can be stopped and unallocated by AWS at any point in time.

Answer 226

You pay for EC2 capacity and you are guaranteed to be able to use this capacity when you need it, even if the AWS region is at 100% capacity. EC2 or RDS instances that can be purchased over long periods of time at significant savings. Payment can be up-front, not up-front, or partial up-front. See also on-demand instances and spot instances.

Answer 227

The ability to rent cloud resources to meet a specific need, exactly when the need arises. You use what you need and pay as you go. See also reserved instances and spot instances.

Answer 228

No a better choice here would be on-demand instance.

Answer 229

It is a global service with regional storage. Data is stored across multiple AZs within a single region, 3 or more AZ's.

Answer 230

Route53 operates from AWS edge locations.

Answer 231

Regional, ELBs are deployed to one or more AZ's in a region.

Answer 232

You get two nodes, leader and a data node, giving 160GB.

Answer 233

No, you do not get to select the disk size. You do get to select the overall size of the Redshift cluster, through a slider in the console or parameter in CLI & API. AWS will then figure the number of disks in each data node.

Answer 234

You have two options, you can scale up or out. Scaling up means you can change the size of the instance or you can add more nodes by scaling out.

Answer 235

- ODBC - JDBC - Postgres

Answer 236

AWS Postgress, AWS separated the storage from the query engine and then replaced the storage engine with a columnar database.

Answer 237

Data Warehouse Analytics

Answer 238

Yes, RedShift has a service called RedShift Spectrum, the data in S3 must be in a CVS format.

Answer 239

TLS 1.2, other protocols are considered weak, such as, TLS 1.1, TLS 1.0, SSL3.0 and SSL 2.0

Answer 240

A subnet that is accessible from the internet

Answer 241

A subnet that is not accessible from the internet

Answer 242

Used to define access to the internet and between subnets

Answer 243

A VPC resource that allows EC2 instances to obtain a public IP address and access the internet. Helps our VPC instances connect with the internet

Answer 244

Allow your instances in your private subnets to access the internet while remaining private

Answer 245

A logical firewall that operates at the subnet level. A firewall which controls traffic from and to a subnet. Can have allow and deny rules. Are attached to a subnet and rules only include IP addresses

Answer 246

A firewall that controls traffic to and from an Elastic Network Interface (ENI) / an EC2 Instance. Can only have allow rules, rules include IP address and other security groups

Answer 247

Subnet level

Answer 248

Instance level

Answer 249

Capture information about IP traffic going to your instances. Helps to monitor and troubleshoot connectivity issues.

Answer 250

S3 or CloudWatch Logs

Answer 251

For having transitive peering between thousands of VPC and on-premises, hub-and-spoke (star) connection. One single gateway to provide this functionality. Works with Direct Connect Gateway and VPN connections

Answer 252

1. Renting virtual machines (EC2) 2. Storing data on virtual drives (EBS) 3. Distributing load across machines (ELB) 4. Scaling the services using an auto-scaling group (ASG)

Answer 253

1. Operating System: Linux, Windows, Mac 2. How much compute power and cores (CPU) 3. How much random-access memory (RAM) 4. How much storage space: Network-attached (EBS & EFS) / hardware (EC2 Instance Store) 5. Network card: speed of the card, Public IP address 6. Firewall rules: security group 7. Bootstrap script (configure at first launch): EC2 User Data

Answer 254

Used to bootstrap our instances. Runs only once at the instance first start

Answer 255

Amazon Machine Image

Answer 256

1 or 3 years

Answer 257

The customer

Answer 258

Security Groups

Answer 259

Spot Instances

Answer 260

AMI (OS) + Instance Size (CPU + RAM) + Storage + security groups + EC2 User Data

Answer 261

1. Security Groups rules 2. Operating-system patches and updates 3. Software and utilities installed on the EC2 instance 4. IAM Roles assigned to EC2 & IAM user access management 5. Data security on your instance

Answer 262

1. Infrastructure (global network security) 2. Isolation on physical hosts 3. Replacing faulty hardware 4. Compliance validation

Answer 263

Instances running on hardware that's dedicated to you. May share hardware with other instances in same account. No control over instance placement (can move hardware after Stop / Start). Soft version of Dedicated Host

Answer 264

Useful for software that have complicated licensing model (BYOL - Bring Your Own License) or for companies that have strong regulatory or compliance needs

Answer 265

A physical server with EC2 instance capacity fully dedicated to your use. Can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses.

Answer 266

EC2 Spot Instances

Answer 267

Any time your max price is less than the current spot price

Answer 268

Up to 90% off compared to On Demand

Answer 269

When you require a fraction of a day / week / month

Answer 270

Launch within a time window you reserved.

Answer 271

Up to 54% off compared to On Demand

Answer 272

Allows you to change instance type

Answer 273

Steady-state usage applications (think databases)

Answer 274

1. No upfront 2. Partial upfront = + discount 3. All upfront = ++ discount

Answer 275

Up to 75% off compared to On Demand

Answer 276

1. 1 year =+ discount 2. 3 years = +++ discount

Answer 277

Short-term and un-interrupted workloads where you can't predict how the application will behave

Answer 278

Pay for what you use. Linux: billing per second, after the first minute All other operating systems: billing per hour

Answer 279

1. On-Demand: short workloads, predictable pricing 2. Reserved: minimum 1 year 3. Spot Instances: short workloads, cheap, can lose instance (less reliable) 4. Dedicated Hosts: book an entire physical server, control instance placement

Answer 280

Mac, Linux, Windows <10, Windows >= 10

Answer 281

Windows <10 and Windows >=10

Answer 282

Mac, Linux, Windows >= 10

Answer 283

RDP (Remote Desktop Protocol) - log into a Windows instance

Answer 284

HTTP - access unsecured websites

Answer 285

SSH (Secure Shell) port - 22 is used to get CLI access to Linux instances. Allowing inbound traffic from all external IP addresses to SSH port is vulnerable to banner grabbing and brute force attack. It is a best practice to restrict access from specific IP addresses to port 22. SFTP (Secure File Transport Protocol) - upload files using SSH SSH (Secure Shell) - log into a Linux instance

Answer 286

FTP (File Transport Protocol) - upload files into a file share

Answer 287

authorized

Answer 288

No, it's is an application error or it's not launched

Answer 289

1. Access to Ports 2. Authorized IP ranges - IPv4 and IPv6 3. Control of inbound network (from other to the instance) 4. Control of outbound network (from the instance to other)

Answer 290

Kinesis data streams enable you to inject data from thousands of sources, Kinesis data streams scales based on the number of shards you create. Kinesis data streams buffer the data for 24hrs by default and enable one or more consumers to read form the stream.

Answer 291

You are creating the stream in the region you have selected as Kinesis data stream is not a global service.

Answer 292

It is a family of products for data stream processing, this means injection, analysis/process and store.

Answer 293

it is the entity that puts data into the stream, - IOT device - Mobile device - Application device - EC2 device - On-prem server

Answer 294

This is the entity that takes data out of the stream.

Answer 295

You can have: - EC2 using Kinesis Customer library (KCL) - Lambda - Kinesis Firehose

Answer 296

- Data streams - Video streams

Answer 297

24hrs (you can increase this to 7 days for an extra charge)

Answer 298

A kinesis stream is a collection of shards.

Answer 299

Read at 2mb per second Write at 1mb per second

Answer 300

You need 10

Answer 301

100 per shard

Answer 302

It is used to select the shard to use when writing the data.

Answer 303

Yes 100%, you can use SSE-KMS with AWS keys or SSE-KMS encryption with client keys.

Answer 304

You can use cloud watch to monitor shard level metrics like incoming bytes, outgoing bytes, etc

Answer 305

VPC endpoints.

Answer 306

Through VPC endpoints

Answer 307

It means that you select a consumer to be given more of the bandwidth.

Answer 308

It enables you to take data from a Kinesis stream and push it to a datastore like: - Elasticsearch - S3 - Redshift - Splunk

Answer 309

- Kinesis - Direct, send records direct to Kinesis Firehose.

Answer 310

Kinesis Firehose can take Direct input from these sources.

Answer 311

Kinesis Firehose can take Direct input from these sources.

Answer 312

Kinesis Firehose has the option to transform data using Lambda.

Answer 313

Kinesis streaming Kinesis Firehose Kinesis Analytics

Answer 314

Yes you can take an input stream and when delivering it you can encrypt and compress it.

Answer 315

Take an input stream, transforms if and stores it while optionally compressing and encrypting it to a number of destinations like S3, Redshift, Redshift and Elastic search.

Answer 316

Direct PUTS from sources like IoT, etc Kinesis

Answer 317

You can have Kinesis Streams and Kinesis Firehose

Answer 318

Kinesis Analytics has the ability to use Lambda as a pre-processor.

Answer 319

Kinesis Streams and Kinesis Firehose

Answer 320

You can use the reference table to supply the reference data.

Answer 321

Input stream form Kinesis Streams or Firehose to Input table, select query and output to the application output stream and then data passed to Kinesis Streams or Firehose.

Answer 322

Run analytics on stolen content

Answer 323

Hybrid Cloud

Answer 324

The Shared Responsibility Model

Answer 325

On-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user

Answer 326

Two or more Availability Zones

Answer 327

Train your employees less

Answer 328

Capacity availability

Answer 329

Compute, Storage, and data transfer out of the AWS Cloud

Answer 330

Dedicated Support Agent to help you destroy applications

Answer 331

Availability zones

Answer 332

Amazon QuickSight is a machine learning-powered business intelligence (BI) service built for the cloud. QuickSight lets you easily create and publish interactive BI dashboards that include Machine Learning-powered insights. QuickSight dashboards can be accessed from any device, and seamlessly embedded into your applications, portals, and websites. Unlike traditional BI or data discovery solutions, getting started with Amazon QuickSight is simple and fast. When you log in, Amazon QuickSight seamlessly discovers your data sources in AWS services such as Amazon Redshift, Amazon RDS, Amazon Athena, and Amazon Simple Storage Service (Amazon S3). You can connect to any of the data sources discovered by Amazon QuickSight and get insights from this data in minutes. Amazon QuickSight supports rich data discovery and business analytics capabilities to help customers derive valuable insights from their data without worrying about provisioning or managing infrastructure. Amazon QuickSight is a cloud-scale business intelligence (BI) service that you can use to deliver easy-to-understand insights to the people who you work with, wherever they are. Amazon QuickSight connects to your data in the cloud and combines data from many different sources. In a single data dashboard, QuickSight can include AWS data, third-party data, big data, spreadsheet data, SaaS data, B2B data, and more. As a fully managed cloud-based service, Amazon QuickSight provides enterprise-grade security, global availability, and built-in redundancy. It also provides the user-management tools that you need to scale from 10 users to 10,000, all with no infrastructure to deploy or manage. QuickSight gives decision-makers the opportunity to explore and interpret information in an interactive visual environment. They have secure access to dashboards from any device on your network and from mobile devices.

Answer 333

Amazon EventBridge is a serverless event bus service that you can use to connect your applications with data from a variety of sources. EventBridge delivers a stream of real-time data from your applications, software as a service (SaaS) applications, and AWS services to targets such as AWS Lambda functions, HTTP invocation endpoints using API destinations, or event buses in other AWS accounts. Amazon EventBridge (also called Amazon CloudWatch Events): Amazon EventBridge is a serverless event bus service that makes it easy for you to build event-driven application architectures. Amazon EventBridge helps you accelerate modernizing and re-orchestrating your architecture with decoupled services and applications. With EventBridge, you can speed up your organization’s development process by allowing teams to iterate on features without explicit dependencies between systems.

Answer 334

Amazon Managed Blockchain allows you to easily create and manage scalable blockchain networks. Is a fully managed service that makes it easy to join public networks or create and manage scalable private networks using the popular open-source frameworks Hyperledger Fabric and Ethereum.

Answer 335

The AWS Snowball is a service that uses physical storage devices to transfer large amounts of data between Amazon’s Simple Storage Service (popularly known as an S3 bucket) and your on-premise data storage location at faster speed than the Internet. Amazon claims that it can save you time and money. Snowball offers a powerful interface that you can use to create jobs, track data, and track your jobs’ status through to completion. Snowball is a physically rugged device that can be protected by the AWS Key Management Service (AWS KMS). They secure and protect your data in transit—regional shipping carriers transport Snowballs between Amazon S3 and your on-premise data storage location. Generally, Snowball used when there is a data migration project; when there is a vast amount of data stored locally, and a need to move that Data to the cloud. However, there may be petabytes of information; the Internet is not a viable option because of its speed issues, security concerns, and networking complexities.

Answer 336

SUMMARY Amazon Detective is the service that helps AWS customers analyse, investigate, and quickly identify the root cause of potential security issues or suspicious activities. DETAIL Amazon Detective makes it easy to analyse, investigate, and quickly identify the root cause of security findings or suspicious activities. Detective automatically collects log data from your AWS resources. It then uses machine learning, statistical analysis, and graph theory to generate visualizations that help you to conduct faster and more efficient security investigations. The Detective prebuilt data aggregations, summaries, and context help you to quickly analyse and determine the nature and extent of possible security issues. Detective maintains up to a year of historical event data. This data is easily available through a set of visualizations that show changes in the type and volume of activity over a selected time window. Detective links those changes to GuardDuty findings. How does Amazon Detective differ from Amazon GuardDuty? Amazon GuardDuty is helpful in alerting you when something is wrong and pointing out where to go to fix it. But sometimes, there might be a security finding where you need to dig a lot deeper and analyse more information to isolate the root cause and take action. Amazon Detective simplifies this process by enabling you to easily investigate and quickly get to the root cause of a security finding. Amazon Detective analyzes trillions of events from multiple data sources such as Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail logs, and automatically creates a unified view of user and resource interactions over time, with all the context and details in one place to help you quickly analyse and get to the root cause of a security finding. For example, an Amazon GuardDuty finding, like an unusual Console Login API call, can be quickly investigated in Amazon Detective with details about the API call trends over time, and user login attempts on a geolocation map. These details enable you to quickly identify if you think it is legitimate or an indication of a compromised AWS resource.

Answer 337

AWS Snowcone is the smallest member of the AWS Snow Family of devices—a collection of physical devices designed for environments outside of traditional data centres that lack consistent network connectivity, space, power, cooling, and/or require portability. From the suitcase-sized 50 pound AWS Snowball to the 45-foot long shipping container AWS Snowmobile, the Snow services collect and process data, run local computing applications, and move large volumes of data, such as digital media, genomic data, and sensor data to AWS. Weighing less than 5 pounds and able to fit in a standard mailbox or a small backpack, Amazon Web Services (AWS) has launched a new small, ultra-portable, rugged, and secure edge computing and data transfer device called AWS Snowcone. The smallest device in the range that is best suited for outside the data centre.

Answer 338

AWS uses storage transportation devices, like AWS Snowball and Snowmobile to allow companies to transfer data to the cloud. A literal shipping container full of storage (up to 100PB) and a truck to transport it. AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS, including video libraries, image repositories, or even a complete data center migration. Customers can transfer up to 100 PetaBytes per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. AWS Snowmobile is the service that can be used to transfer Exabyte-scale data from on-premises data centres into AWS. AWS Snowmobile is an Exabyte-scale data migration device and data transfer service used to move extremely large amounts of data to AWS. Migrate up to 100PB in a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck.

Answer 339

Amazon Quantum Ledger Database (QLDB) is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log.

Answer 340

The AWS Command Line Interface (AWS CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

Answer 341

AWS CodeStar is a cloud-based service for creating, managing, and working with software development projects on AWS. You can quickly develop, build, and deploy applications on AWS with an AWS CodeStar project. An AWS CodeStar project creates and integrates AWS services for your project development toolchain. Depending on your choice of AWS CodeStar project template, that toolchain might include source control, build, deployment, virtual servers or serverless resources, and more. AWS CodeStar also manages the permissions required for project users (called team members). By adding users as team members to an AWS CodeStar project, project owners can quickly and simply grant each team member role-appropriate access to a project and its resources.

Answer 342

Amazon Neptune is a fast, reliable, fully managed graph database service that makes it easy to build and run applications that work with highly connected datasets. With Amazon Neptune, you can create sophisticated, interactive graph applications that can query billions of relationships in milliseconds. SQL queries for highly connected data are complex and hard to tune for performance. Instead, Amazon Neptune allows you to use the popular graph query languages Apache TinkerPop Gremlin and W3C’s SPARQL to execute powerful queries that are easy to write and perform well on connected data. The core of Neptune is a purpose-built, high-performance graph database engine. This engine is optimized for storing billions of relationships and querying the graph with milliseconds latency. Neptune supports the popular graph query languages Apache TinkerPop Gremlin, the W3C’s SPARQL, and Neo4j's openCypher, enabling you to build queries that efficiently navigate highly connected datasets. Neptune powers graph use cases such as recommendation engines, fraud detection, knowledge graphs, drug discovery, and network security. Neptune is highly available, with read replicas, point-in-time recovery, continuous backup to Amazon S3, and replication across Availability Zones. Neptune provides data security features, with support for encryption at rest and in transit. Neptune is fully managed, so you no longer need to worry about database management tasks like hardware provisioning, software patching, setup, configuration, or backups. https://aws.amazon.com/neptune/features/

Answer 343

The AWS Schema Conversion Tool (AWS SCT) makes heterogeneous database migrations predictable. It automatically converts the source database schema and a majority of the database code objects, including views, stored procedures, and functions, to a format compatible with the target database. Any objects that cannot be automatically converted are clearly marked so that they can be manually converted to complete the migration. SCT can also scan your application source code for embedded SQL statements and convert them as part of a database-schema-conversion project. During this process, SCT performs cloud-native code optimization by converting legacy Oracle and SQL Server functions to their equivalent AWS service, helping you modernize the applications at the same time of database migration. Once schema conversion is complete, SCT can help migrate data from a range of data warehouses to Amazon Redshift using built-in data migration agents.

Answer 344

Parameter Store, a capability of AWS Systems Manager, provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values. You can store values as plain text or encrypted data. You can reference Systems Manager parameters in your scripts, commands, SSM documents, and configuration and automation workflows by using the unique name that you specified when you created the parameter. To get started with Parameter Store, open the Systems Manager console. In the navigation pane, choose Parameter Store. Parameter Store is also integrated with Secrets Manager. You can retrieve Secrets Manager secrets when using other AWS services that already support references to Parameter Store parameters. For more information, see Referencing AWS Secrets Manager secrets from Parameter Store parameters.

Answer 345

AWS Software Development Kit (SDK)

Answer 346

Virtual Private Cloud

Answer 347

AWS Trusted Advisor

Answer 348

Auto Scaling and ELB You should attempt to build as much automation as possible in both detecting and reacting to failure. You can use services like ELB and Amazon Route53 to configure health checks and mask failure by only routing traffic to healthy endpoints. In addition, Auto Scaling can be configured to automatically replace unhealthy nodes. You can also replace unhealthy nodes using the Amazon EC2 auto-recovery feature or services such as AWS OpsWorks and AWS Elastic Beanstalk. It won’t be possible to predict every possible failure scenario on day one. Make sure you collect enough logs and metrics to understand normal system behaviour. After you understand that, you will be able to set up alarms that trigger automated response or manual intervention.

Answer 349

AWS Management Console The AWS Management Console allows you to access and manage Amazon Web Services through a simple and intuitive web-based user interface. You can also use the AWS Console mobile app to quickly view resources on the go.

Answer 350

1. Ability to recover quickly from failures. 2. Automatically provisioning new resources to meet demand. The reliability term encompasses the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. The automatic provisioning of resources and the ability to recover from failures meet these criteria.

Answer 351

All of the physical security and most of the data/network security are taken care of for you Increasing speed and agility

Answer 352

By automatically provisioning the required AWS resources based on changes in demand. Before cloud computing, you had to overprovision infrastructure to ensure you had enough capacity to handle your business operations at the peak level of activity. Now, you can provision the amount of resources that you actually need, knowing you can instantly scale up or down with the needs of your business. This reduces costs and improves your ability to meet your users’ demands. The concept of Elasticity involves the ability of a service to scale its resources out or in (up or down) based on changes in demand. For example, Amazon EC2 Autoscaling can help automate the process of adding or removing Amazon EC2 instances as demand increases or decreases.

Answer 353

Spot Instances Spot instances provide a discount (up to 90%) off the On-Demand price. The Spot price is determined by long-term trends in supply and demand for EC2 spare capacity. If the Spot price exceeds the maximum price you specify for a given instance or if capacity is no longer available, your instance will automatically be interrupted. Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if you don't mind if your applications get interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks.

Answer 354

Implement Elasticity. The concept of Elasticity is the means of an Application having the ability to scale up and scale down based on demand. An example of such a service is the Autoscaling service. The benefit of Elasticity is therefore creating systems that scale to the required capacity based on changes in demand.

Answer 355

Deploying new Amazon EC2 Instances in a Region located in the US. The only way to reduce latency for the US users is to provision new Amazon EC2 instances in a Region closer to or in the US, OR by using Amazon CloudFront to cache copies of the content in edge locations close to the US users. In both cases, user requests will travel a shorter distance over the network, and the performance will improve.

Answer 356

Availability Zones and Elastic Load Balancing Each AWS Region is a separate geographic area. Each AWS Region has multiple, isolated locations known as Availability Zones. When designing your AWS Cloud architecture, you should make sure that your system will continue to run even if failures happen. You can achieve this by deploying your AWS resources in multiple Availability zones. Availability zones are isolated from each other; therefore, if one availability zone goes down, the other Availability Zones will still be up and running, and hence your application will be more fault-tolerant. In addition to availability zones, you can build a disaster recovery solution by deploying your AWS resources in other regions. If an entire region goes down, you will still have resources in another region able to continue to provide a solution. Finally, you can use the Elastic Load Balancing service to regularly perform health checks and distribute traffic only to healthy instances.

Answer 357

AWS Support Concierge The AWS Support Concierge Service assists customers with account and billing enquiries.

Answer 358

Infrastructure Event Management AWS Infrastructure Event Management is a short-term engagement with AWS Support, included in the Enterprise-level Support product offering, and available for additional purchase for Business-level Support subscribers. AWS Infrastructure Event Management partners with your technical and project resources to gain a deep understanding of your use case and provide architectural and scaling guidance for an event. Common use-case examples for AWS Event Management include advertising launches, new product launches, and infrastructure migrations to AWS.

Answer 359

1. Ensure that EBS data is encrypted at rest. 2. Create EBS snapshots.

Answer 360

AWS Artifact

Answer 361

Amazon DynamoDB

Answer 362

By using AWS Cost Explorer.

Answer 363

AWS Auto Scaling

Answer 364

IAM Groups

Answer 365

Each AWS account gets volume discounts

Answer 366

AWS Partner Solutions (formerly AWS Quick Start reference deployments). AWS Partner Solutions (formerly AWS Quick Starts) outline the architectures for popular enterprise solutions on AWS and provide AWS CloudFormation templates to automate their deployment. Each Partner Solution launches, configures, and runs the AWS compute, network, storage, and other services required to deploy a specific workload on AWS, using AWS best practices for security and availability. AWS Partner Solutions are automated reference deployments built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices. These accelerators reduce hundreds of manual installation and configuration procedures into just a few steps, so you can build your production environment quickly and start using it immediately.

Answer 367

Configuration Management Patch Management

Answer 368

Amazon Inspector and AWS Trusted Advisor

Answer 369

Contact the AWS Abuse team

Answer 370

AWS Organisations

Answer 371

Reduces inter-dependencies so that failures do not impact other components of the application

Answer 372

Horizontal

Answer 373

Deploy the application across multiple Regions and Availability Zones

Answer 374

Access keys

Answer 375

Amazon Elastic MapReduce Amazon DynamoDB

Answer 376

AWS Cost & Usage Reports

Answer 377

Amazon Aurora. Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud. Amazon Aurora combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases. It delivers up to five times the throughput of standard MySQL and up to three times the throughput of standard PostgreSQL. Amazon Aurora is designed to be compatible with MySQL and with PostgreSQL, so that existing applications and tools can run without requiring modification. It is available through Amazon Relational Database Service (RDS), freeing you from time-consuming administrative tasks such as provisioning, patching, backup, recovery, failure detection, and repair.

Answer 378

Amazon DynamoDB

Answer 379

Amazon RDS

Answer 380

Amazon VPC

Answer 381

1. Secure transfer of large amounts of data into and out of the AWS Cloud. 2. Built-in computing capabilities that allow customers to process data locally.

Answer 382

Amazon S3 Intelligent-Tiering The S3 Intelligent-Tiering storage class is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. It works by storing objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. For a small monthly monitoring and automation fee per object, Amazon S3 monitors access patterns of the objects in S3 Intelligent-Tiering, and moves the ones that have not been accessed for 30 consecutive days to the infrequent access tier. If an object in the infrequent access tier is accessed, it is automatically moved back to the frequent access tier. There are no retrieval fees when using the S3 Intelligent-Tiering storage class, and no additional tiering fees when objects are moved between access tiers. It is the ideal storage class for long-lived data with access patterns that are unknown or unpredictable.

Answer 383

IAM Users IAM Roles An IAM user is uniquely associated with only one person, however a role is intended to be assumable by anyone who is authorized to use it. An IAM user has permanent credentials associated with it, however a role has temporary credentials associated with it. AWS IAM and its features are offered at no additional charge.

Answer 384

AWS CloudFormation

Answer 385

2 hours, 5 minutes and 9 seconds for the Linux instance and 5 hours for the CentOs instance

Answer 386

AWS Pricing Calculator

Answer 387

Amazon RDS Amazon Elastic Compute Cloud Amazon Web Services offers the flexibility to run Microsoft SQL Server as either a self-managed component inside of EC2, or as a managed service via Amazon RDS. Using SQL Server on Amazon EC2 gives customers complete control over the database, just like when it’s installed on-premises. Amazon RDS is a fully managed service where AWS manages the maintenance, backups, and patching.

Answer 388

AWS Software Development Kit The AWS Software Development Kit (AWS SDK) can simplify using AWS services in your applications with an API tailored to your programming language or platform. Programming languages supported include Java, .NET, Node.js, PHP, Python, Ruby, Go, and C++.

Answer 389

Controls that apply to both the infrastructure layer and customer layers Shared Controls are controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: - Patch Management – AWS is responsible for patching the underlying hosts and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. - Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. - Awareness & Training - AWS trains AWS employees, but a customer must train their own employees.

Answer 390

Amazon Textract is a machine learning (ML) service that automatically extracts text, handwriting, and data from scanned documents. It goes beyond simple optical character recognition (OCR) to identify, understand, and extract data from forms and tables.

Answer 391

Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find meaning and insights in text. Customers can use Amazon Comprehend to identify the language of the text, extract key phrases, places, people, brands, or events, understand sentiment about products or services, and identify the main topics from a library of documents. The source of this text could be web pages, social media feeds, e-mails, or articles. Amazon Comprehend is fully managed, so there are no servers to provision, and no machine learning models to build, train, or deploy. Amazon Comprehend is a natural-language processing (NLP) service that uses machine learning to uncover valuable insights and connections in text. Note: Natural language processing (NLP) is an artificial intelligence technology that helps computers identify, understand, and manipulate human language.

Answer 392

It is a Business Intelligence Tool.

Answer 393

Athena Aurora Redshift S3 Sparc 2.0 MariaDB MS SQL 2012+ MySQL 51+

Answer 394

No, you sign up for a subscription.

Answer 395

- Paying for storage - Read/Write capacity

Answer 396

Amazon DynamoDB is integrated with AWS Lambda so that you can create triggers, that is, pieces of code that automatically respond to events in DynamoDB Streams. With triggers, you can build applications that react to data modifications in DynamoDB tables. This is where an item changes in the DynamoDB and a trigger fires and lambda is called.

Answer 397

You can purchase reserved capacity

Answer 398

It is a dropbox type service.

Answer 399

Web Mobile Native But no linux

Answer 400

Open ID connect

Answer 401

Java web token

Answer 402

Kinesis and a Kinesis worker.

Answer 403

4.45 - 5pm

Answer 404

IKE is an Internet Key Exchange and is used to set up the security associations. There are two IKE version IKEv1 and IKEv2.

Answer 405

Amazon S3.

Answer 406

Dedicated Hosts.

Answer 407

Dedicated Hosts are physically isolated Amazon EC2 servers that support bring-your-own-license and compliance use cases. An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses, including Windows Server, Microsoft SQL Server, SUSE, and Linux Enterprise Server.

Answer 408

S3 Transfer Acceleration

Answer 409

Patching applications installed on Amazon EC2. Protecting the confidentiality of data in transit in Amazon S3.

Answer 410

Amazon S3 Amazon S3 is an object level storage built to store and retrieve any amount of data from anywhere – web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry.

Answer 411

AWS CloudTrail AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

Answer 412

You should grant your users only the permissions they need when they need them and nothing more The principle of least privilege is one of the most important security practices and it means granting users the required permissions to perform the tasks entrusted to them and nothing more. The security administrator determines what tasks users need to perform and then attaches the policies that allow them to perform only those tasks. You should start with a minimum set of permissions and grant additional permissions when necessary. Doing so is more secure than starting with permissions that are too lenient and then trying to tighten them down.

Answer 413

Convertible RI When your needs change, you can exchange your Convertible Reserved Instances and continue to benefit from the reservation's pricing discount. With Convertible RIs, you can exchange one or more Reserved Instances for another Reserved Instance with a different configuration, including instance family, operating system, and tenancy. There are no limits to how many times you perform an exchange, as long as the new Convertible Reserved Instance is of an equal or higher value than the original Convertible Reserved Instances that you are exchanging.

Answer 414

Amazon CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. The use cases of Amazon CloudFront include: 1- Accelerate static website content delivery. CloudFront can speed up the delivery of your static content (for example, images, style sheets, JavaScript, and so on) to viewers across the globe. By using CloudFront, you can take advantage of the AWS backbone network and CloudFront edge servers to give your viewers a fast, safe, and reliable experience when they visit your website. 2- Live & on-demand video streaming. The Amazon CloudFront CDN offers multiple options for streaming your media – both pre-recorded files and live events – at sustained, high throughput required for 4K delivery to global viewers. 3- Security. CloudFront integrates seamlessly with AWS Shield for Layer 3/4 DDoS mitigation and AWS WAF for Layer 7 protection. 4- Customizable content delivery with Lambda@Edge. Lambda@Edge is a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency.

Answer 415

AWS Database Migration Service AWS Database Migration Service (DMS) helps you migrate databases to AWS easily and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases. The service supports homogeneous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle to Amazon Aurora or Microsoft SQL Server to MySQL. It also allows you to stream data to Amazon Redshift from any of the supported sources including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, SAP ASE, and SQL Server, enabling consolidation and easy analysis of data in the petabyte-scale data warehouse. AWS Database Migration Service can also be used for continuous data replication with high availability.

Answer 416

Amazon DynamoDB Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models. Its flexible data model, reliable performance, and automatic scaling of throughput capacity, makes it a great fit for mobile, web, gaming, ad tech, IoT, and many other applications.

Answer 417

Route 53 Amazon Route 53 is a global service that provides highly available and scalable Domain Name System (DNS) services, domain name registration, and health-checking web services. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like example.com into the numeric IP addresses, such as 192.0.2.1, that computers use to connect to each other. Route 53 also simplifies the hybrid cloud by providing recursive DNS for your Amazon VPC and on-premises networks over AWS Direct Connect or AWS VPN.

Answer 418

Configuring infrastructure devices Under the shared responsibility model, AWS is responsible for the hardware and software that run AWS services. This includes patching the infrastructure software and configuring infrastructure devices. As a customer, you are responsible for implementing best practices for data encryption, patching guest operating system and applications, identity and access management, and network & firewall configurations.

Answer 419

Reduces inter-dependencies so that failures do not impact other components of the application As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components. On the other hand if the components of an application are tightly coupled and one component fails, the entire application will also fail. Therefore when designing your application, you should always decouple its components.

Answer 420

Amazon SQS Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available. SQS lets you decouple application components so that they run independently, increasing the overall fault tolerance of the system. Multiple copies of every message are stored redundantly across multiple availability zones so that they are available whenever needed.

Answer 421

Technical Account Manager (TAM) TAM refers to the AWS technical account manager. You have been tasked with auditing the security of your VPC. As part of this process, you need to start by analysing what inbound and outbound traffic is allowed on your EC2 instances. What two parts of the VPC do you need to check to accomplish this task? For Enterprise-level customers, a TAM (Technical Account Manager) provides technical expertise for the full range of AWS services and obtains a detailed understanding of your use case and technology architecture. TAMs work with AWS Solution Architects to help you launch new projects and give best practices recommendations throughout the implementation life cycle. Your TAM is the primary point of contact for ongoing support needs, and you have a direct telephone line to your TAM. Proactive Technical Account Management is only available for AWS customers who have an Enterprise On-Ramp or Enterprise support plan. A Technical Account Manager (TAM) is your designated technical point of contact who provides advocacy and guidance to help plan and build solutions using best practices, coordinate access to subject matter experts and product teams, and proactively keep your AWS environment operationally healthy.

Answer 422

Amazon DynamoDB Amazon DynamoDB is a NoSQL database service. NoSQL databases are used for non-structured data that are typically stored in JSON-like, key-value documents.

Answer 423

AWS Trusted Advisor AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. AWS Trusted Advisor offers a rich set of best practice checks and recommendations across five categories: cost optimization; security; fault tolerance; performance; and service limits (also referred to as service quotas). AWS Trusted Advisor improves the security of your application by closing gaps, enabling various AWS security features, and examining your permissions.

Answer 424

Increasing speed and agility All of the physical security and most of the data/network security are taken care of for you. All of the physical security are taken care of for you. Amazon data centres are surrounded by three physical layers of security. “Nothing can go in or out without setting off an alarm”. It’s important to keep bad guys out, but equally important to keep the data in which is why Amazon monitors incoming gear, tracking every disk that enters the facility. And “if it breaks we don’t return the disk for warranty. The only way a disk leaves our data centre is when it’s confetti.” Most (not all) data and network security are taken care of for you. When we talk about the data/network security, AWS has a “shared responsibility model” where AWS and the customer share the responsibility of securing them. For example, the customer is responsible for creating rules to secure their network traffic using the security groups and is also responsible for protecting data with encryption. "Increasing speed and agility" is also a correct answer because in a cloud computing environment, new IT resources are only a click away, which means it requires less time to make those resources available to developers - from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.

Answer 425

No. Responsibilities vary depending on the services used. Customers should be aware that their responsibilities may vary depending on the AWS services chosen. For example, when using Amazon EC2, you are responsible for applying operating system and application security patches regularly. However, such patches are applied automatically when using Amazon RDS.

Answer 426

Implement elasticity In the traditional data centre-based model of IT, once infrastructure is deployed, it typically runs whether it is needed or not, and all the capacity is paid for, regardless of how much it gets used. In the cloud, resources are elastic, meaning they can instantly grow (to maintain performance) or shrink ( to reduce costs).

Answer 427

2. Elasticity

Answer 428

3. Use AWS Inspector Amazon Inspector is a vulnerability management service that continuously scans your AWS workloads for vulnerabilities. Amazon Inspector automatically discovers and scans Amazon EC2 instances and container images residing in Amazon Elastic Container Registry (Amazon ECR) for software vulnerabilities and unintended network exposure.

Answer 429

3. Security Groups and 4. Subnets can be configured from within the VPC console.

Answer 430

4. Elasticity of the AWS Cloud. Elasticity means that your infrastructure scales based on actual usage.

Answer 431

4. Enterprise.

Answer 432

1. Implement loose coupling. As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces interdependencies - a change or a failure in one component should not cascade to other components. Where possible horizontal scaling should be used with loose coupling. Loose Coupling does not eliminate the need for Change Management. Change Management is the process responsible for controlling the Lifecycle of all Changes made in an AWS account. The primary objective of Change Management is to enable beneficial changes to be made, with minimum disruption to IT Services. An erroneous configuration or misstep in a process can frequently lead to infrastructure or service disruptions. Creating and implementing a change management strategy will help reduce the risk of failure by monitoring all changes and rolling back failed changes.

Answer 433

Vertical scaling means adding resources such as CPU and memory to an existing application or instance.

Answer 434

2. AWS Snowmobile. You can move up to 100PB per snowmobile.

Answer 435

1. It spans all the Availability Zones within a region

Answer 436

4. Server uptime and 5. Data storage

Answer 437

4. AWS CloudHSM AWS CloudHSM is a cloud-based hardware security module (HSM) that allows you to easily add secure key storage and high-performance crypto operations to your AWS applications.

Answer 438

2. Bootstrapping. Bootstrapping is the execution of automated actions to services such as EC2 and RDS. This is typically in the form of scripts that run when the instances are launched.

Answer 439

AWS Security Hub is a cloud security posture management service that performs automated, continuous security best practice checks against your AWS resources. AWS Security Hub aggregates, organizes, and prioritizes security alerts and findings from multiple AWS security services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, and supported third-party partners to help you analyse your security trends and identify the highest priority security issues.

Answer 440

Amazon GuardDuty is a threat detection service for responding to and identifying potential threats. that continuously monitors for malicious activity and unauthorized behaviour to protect your AWS accounts, EC2 workloads, container applications, and data stored in Amazon Simple Storage Service (S3). Amazon GuardDuty offers threat detection that enables you to continuously monitor and protect your AWS accounts and workloads. GuardDuty analyzes continuous streams of meta-data generated from your account and network activity found in AWS CloudTrail Events, Amazon VPC Flow Logs, and DNS Logs. It also uses integrated threat intelligence such as known malicious IP addresses, anomaly detection, and machine learning to identify threats more accurately. For further information see: https://aws.amazon.com/products/security/detection-and-response/ https://aws.amazon.com/guardduty/

Answer 441

Elastic Network Interface. An elastic network interface is a logical networking component in a VPC that represents a virtual network card.

Answer 442

Run containers on your on-premises infrastructure. Amazon Elastic Container Service (ECS) Anywhere is a feature of Amazon ECS that lets you run and manage container workloads on your infrastructure. This feature helps you meet compliance requirements and scale your business without sacrificing your on-premises investments. Run a familiar, in-region ECS control plane so you can reduce operational overhead and focus on innovation. Ensure a simple and consistent experience no matter where your container-based applications are running. Streamline software management on premises and on AWS with a standardized container orchestrator.

Answer 443

Red Hat OpenShift Service on AWS. Managed OpenShift integration in the cloud. Red Hat OpenShift Service on AWS (ROSA) provides an integrated experience with OpenShift. You can use the wide range of AWS compute, database, analytics, machine learning (ML), networking, mobile, and other services to build secure and scalable applications faster. Use the production-ready OpenShift integration to adjust workloads on AWS as business needs change. Build applications faster with self-service provisioning, automatic security enforcement, and streamlined deployment. Pay as you go with flexible pricing and an on-demand hourly or annual billing model.

Answer 444

B. Create systems that scale to the required capacity based on changes in demand The concept of Elasticity is the means of an application having the ability to scale up and scale down based on demand. An example of such a service is the Autoscaling service For more information on AWS Autoscaling service, please refer to the below URL: https://aws.amazon.com/autoscaling/

Answer 445

D. AWS Cost Explorer The AWS Documentation mentions the following. Cost Explorer is a free tool that you can use to view your costs. You can view data up to the last 12 months. You can forecast how much you are likely to spend for the next 12 months and get recommendations for what Reserved Instances to purchase. You can use Cost Explorer to see patterns in how much you spend on AWS resources over time, identify areas that need further inquiry, and see trends that you can use to understand your costs. You also can specify time ranges for the data and view time data by day or by month.

Answer 446

A. Amazon QuickSight Amazon QuickSight is the most appropriate service in the scenario. It is a fully-managed service that allows for insightful business intelligence reporting with creative data delivery methods, including graphical and interactive dashboards. QuickSight includes machine learning that allows users to discover inconspicuous trends and patterns on their datasets.

Answer 447

C. Amazon S3 Transfer Acceleration The AWS Documentation mentions the following. Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path. For more information on S3 transfer acceleration, please visit the Link: http://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html

Answer 448

B. Users should be granted permission to access only resources they need to do their assigned job. The principle means giving a user account only those privileges which are essential to perform its intended function. For example, a user account for the sole purpose of creating backups does not need to install the software. Hence, it has rights only to run backup and backup-related applications. For more information on the principle of least privilege, please refer to the following link: https://en.wikipedia.org/wiki/Principle_of_least_privilege

Answer 449

D. AWS Certificate Manager The AWS Certificate Manager allows the web administrator to maintain one or several SSL/TLS certificates, both private and public certificates including their update and renewal so that the administrator does not worry about the imminent expiry of certificates. AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. AWS Certificate Manager is a service that lets you provision, manage, and deploy (SSL/TLS) certificates for use with AWS services and your internal connected resources. For example, AWS Certificate Manager can be used to import third-party SSL/TLS certificates that can be used to deploy on Amazon Elastic Load Balancer. https://aws.amazon.com/certificate-manager/

Answer 450

B. Create EBS snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved. When you create an EBS volume based on a snapshot, the new volume begins as an exact replica of the original volume that was used to create the snapshot. The replicated volume loads data in the background so that you can begin using it immediately.

Answer 451

B. AWS WAF AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. The AWS Documentation mentions the following: AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront or an Application Load Balancer. AWS WAF also lets you control access to your content. AWS Snowball, a part of the AWS Snow Family, is an edge computing, data migration, and edge storage device that comes in two options. Snowball Edge Storage Optimized devices provide both block storage and Amazon S3-compatible object storage, and 40 vCPUs. For more information on AWS WAF, please refer to the below URL:https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html https://aws.amazon.com/snowball/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc

Answer 452

B. Decoupling The entire concept of decoupling components ensures that the different components of applications can be managed and maintained separately. If all components are tightly coupled, the entire application would go down when one component goes down. Hence it is always a better practice to decouple application components. For more information on a decoupled architecture, please refer to the below URL: http://whatis.techtarget.com/definition/decoupled-architecture

Answer 453

B. AWS Personal Health Dashboard AWS Personal Health Dashboard provides alerts for AWS services availability & performance which may impact resources deployed in your account. Customers get e-mails & mobile notifications for scheduled maintenance activities which might impact services on these AWS resources. For more information on the AWS Organizations, please refer to the below URL: https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

Answer 454

D. AWS Config AWS Config can be used to audit and evaluate configurations of AWS resources. If there are any operational issues, AWS config can be used to retrieve configurational changes made to AWS resources that may have caused these issues. AWS Config and AWS CloudTrail are change management tools that help AWS customers audit and monitor all resource and configuration changes in their AWS environment. AWS Config provides information about the changes made to a resource, and AWS CloudTrail provides information about who made those changes. These capabilities enable customers to discover any misconfigurations, fix them, and protect their workloads from failures. For more information on AWS Config, refer to the following URL:https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html

Answer 455

A. You can change a Security Group associated with an instance if the instance is in the running state. AWS documentation mentions it in the section called “Changing an Instance’s Security Group” using the following sentence: “After you launch an instance into a VPC, you can change the security groups that are associated with the instance. You can change the security groups for an instance when the instance is in the running or stopped state.” Reference: https://docs.aws.amazon.com/en_pv/vpc/latest/userguide/VPC_SecurityGroups.html

Answer 456

B. Multi-AZ The AWS Documentation mentions the following. If you are looking to use replication to increase database availability while protecting your latest database updates against unplanned outages, consider running your DB instance as a Multi-AZ deployment. Deploying an Amazon EC2 instance in a multiple AZ might enhance application availability but will not reduce operational expenses. For more information on AWS RDS, please visit the FAQ Link:https://aws.amazon.com/rds/faqs/

Answer 457

A. AWS Database Migration Service The AWS Documentation mentions the following. AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from the most widely used commercial and open-source databases. For more information on AWS Database migration, please refer to the below URL:https://aws.amazon.com/dms/

Answer 458

B. AWS Inspector The AWS Documentation mentions the following. Amazon Inspector enables you to analyze the behavior of your AWS resources and helps you to identify potential security issues. Using Amazon Inspector, you can define a collection of AWS resources that you want to include in an assessment target. You can then create an assessment template and launch a security assessment run of this target. For more information on AWS Inspector, please refer to the below URL:https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html

Answer 459

A. Amazon CloudFront Amazon CloudFront supports country-level location-based web content personalization with a feature called Geolocation Headers. You can configure CloudFront to add additional geolocation headers that provide more granularity in your caching and origin request policies. The new headers give you more granular control of cache behavior and your origin access to the viewer’s country name, region, city, postal code, latitude, and longitude, all based on the viewer’s IP address. https://aws.amazon.com/about-aws/whats-new/2020/07/cloudfront-geolocation-headers/ https://aws.amazon.com/blogs/networking-and-content-delivery/leverage-amazon-cloudfront-geolocation-headers-for-state-level-geo-targeting/

Answer 460

C. AWS Shield D. AWS Shield Advanced AWS Shield is a managed Distributed Denial of Service (DDoS) protection service. The AWS Documentation mentions the following: AWS Shield – All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge. AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your web site or applications AWS Shield Advanced – For higher levels of protection against attacks targeting your web applications running on Amazon EC2, Elastic Load Balancing (ELB), CloudFront, and Route 53 resources, you can subscribe to AWS Shield Advanced. AWS Shield Advanced provides expanded DDoS attack protection for these resources. For more information on AWS Shield, please refer to the below URL:https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html

Answer 461

C. Database Servers As Database servers contain confidential information, from a security perspective, they should be deployed in a Private Subnet. Amazon Virtual Private Cloud (Amazon VPC) enables the user to launch AWS resources into a virtual network that a user has defined. For more information on AWS VPC, please refer to the below URL:https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Networking.html https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat.html https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/

Answer 462

B. S3 Glacier Deep Archive (Storage) S3 Glacier Deep Archive offers low-cost storage and is appropriate for use when retrieval time doesn’t matter for the company. For fast retrieval time then S3 Glacier is appropriate. S3 Glacier Deep Archive offers the lowest cost storage in the cloud, at prices lower than storing and maintaining data in on-premises magnetic tape libraries or archiving data offsite. Amazon S3 Glacier Deep Archive does not provide immediate retrieval. With S3 Glacier Deep Archive, the minimum retrieval period is 12 hours. S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class that supports long-term retention and digital preservation for data that may be accessed once or twice in a year. It expands our data archiving offerings, enabling you to select the optimal storage class based on storage and retrieval costs, and retrieval times. With S3 Glacier, customers can store their data cost-effectively for months, years, or even decades. S3 Glacier enables customers to offload the administrative burdens of operating and scaling storage to AWS, so they don’t have to worry about capacity planning, hardware provisioning, data replication, hardware failure detection, and recovery, or time-consuming hardware migrations. Amazon S3 Glacier for archiving data that might infrequently need to be restored within a few hours S3 Glacier Deep Archive for archiving long-term backup cycle data that might infrequently need to be restored within 12 hours Storage class Expedited Standard Bulk Amazon S3 Glacier 1–5 minutes 3–5 hours 5–12 hours S3 Glacier Deep Archive Not available Within 12 hours Within 48 hours Reference: https://docs.aws.amazon.com/amazonglacier/latest/dev/introduction.html https://docs.aws.amazon.com/prescriptive-guidance/latest/backup-recovery/amazon-s3-glacier.html https://aws.amazon.com/s3/storage-classes/

Answer 463

B. DynamoDB DynamoDB is a fully managed NoSQL offering provided by AWS. It is now available in most regions for users to consume. For more information on AWS DynamoDB, please refer to the below URL:http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html

Answer 464

C. Amazon EC2 Amazon EC2 is an Infrastructure as a Service (IaaS) for which customers are responsible for the security and the management of guest operating systems. For more information on the Shared responsibility model, refer to the following URL:https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 465

B. Amazon Machine Images (AMIs) and E. Policies and configuration In the shared responsibility model, AWS is primarily responsible for “Security of the Cloud.” The customer is responsible for “Security in the Cloud.” In this scenario, the mentioned AWS product is IAAS (Amazon EC2) and AWS manages the security of the following assets: – Facilities – Physical security of hardware – Network infrastructure – Virtualization infrastructure Customers are responsible for the security of the following assets: – Amazon Machine Images (AMIs) – Operating systems – Applications – Data in transit – Data at rest – Data stores – Credentials – Policies and configuration https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html https://aws.amazon.com/architecture/well-architected/?wa-lens-whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-whitepapers.sort-order=desc

Answer 466

B. Savings Plans are available for all the regions. For China Regions, savings plans are not available. Spot, Savings Plans, and Reserved instances are all cheaper than On-Demand instances. Using Savings Plans requires a contract of at least one year. Savings Plans is a flexible pricing model that offers low prices on EC2, Lambda, and Fargate usage, in exchange for a commitment to a consistent amount of compute usage (measured in $/hour) for a one or three-year term. https://docs.aws.amazon.com/savingsplans/latest/userguide/what-is-savings-plans.html#sp-ris

Answer 467

B. Amazon EFS. EFS is a regional service. https://aws.amazon.com/efs/ https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/

Answer 468

C. Upgrade to EC2 “Upgrade to EC2” is the feature that allows customers to “create a copy of the LightSail instance in EC2”. To get started, you need to export your Lightsail instance manual snapshot. You’ll then use the Upgrade to EC2 wizard to create an instance in EC2. Customers who are comfortable with EC2 can then use the EC2 creation wizard or API to create a new EC2 instance as they would from an existing EC2 AMI. https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-exporting-snapshots-to-amazon-ec2 https://aws.amazon.com/lightsail/features/upgrade-to-ec2/

Answer 469

B. High Quality Audio Amazon Connect is an omnichannel cloud contact centre which can be setup easily & with low cost. It has following features which helps to provide customers a superior service: - Telephone as a service - High quality Audio - Omnichannel routing - Web & Mobile Chat - Task management - Contact Centre automation - Rules Engine. For more information on Amazon Connect, refer to the following URL: https://aws.amazon.com/connect/features/

Answer 470

C. Amazon WorkSpaces Amazon WorkSpaces provides a secure managed service for virtual desktops for remote users. It supports both Windows & Linux based virtual desktops for a large number of users. For more information on Amazon WorkSpaces, refer to the following URL: https://aws.amazon.com/workspaces/features/

Answer 471

C. AWS Service Catalog AWS Service Catalog is used to create and manage catalogs of IT services that are approved for use on AWS. This helps you achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need. AWS Service Catalog can be used to create & deploy portfolio of products within AWS infrastructure. This helps to create consistent resources within AWS infrastructure with quick deployment. These catalogues can be used for deployment of single resource or a multi-tier web application consisting of web, application, & database layer resources. For more information on AWS Service Catalog, refer to the following URL: https://aws.amazon.com/servicecatalog/features/

Answer 472

A. Deploy Amazon EC2 instance with Auto-scaling Using Amazon EC2 Auto-Scaling helps to match the workload on the application with the optimum number of the Amazon EC2 instance. Due to this, during low load on application, Amazon EC2 instances are terminated which reduces operational cost. For more information on reducing cost using AWS cloud , refer to the following URL: https://aws.amazon.com/economics/

Answer 473

A. Troubleshooting API issues and D. Third-party application configuration on AWS resources As a part of AWS Support following activities are performed, Queries regarding all AWS Services & features. Best Practices to integrate, deploy & manage applications in the AWS cloud. Troubleshooting API & SDK issues. Troubleshooting operational issues. Issues related to any AWS Tools. Problems detected by EC2 health checks Third-Party application configuration on AWS resources & products. AWS Support does not include: Code development Debugging custom software Performing system administration tasks Database query tuning Cross-Account Support Code Development is not in the scope of AWS Support. This needs to be taken care of by the customer. Debugging custom software is not in the scope of AWS Support. This needs to be taken care of by the customer. Database query tuning is not in the scope of AWS Support. This needs to be taken care of by the customer. For more information on AWS Support, refer to the following URL: https://aws.amazon.com/premiumsupport/

Answer 474

The AWS Lifecycle Manager creates life cycle policies for specified resources to automate operations. https://docs.aws.amazon.com/dlm/?id=docs_gateway

Answer 475

AWS License Manager serves the purpose of differentiating, maintaining third-party software provisioning vendor licenses. It also decreases the risk of license expirations and the penalties. https://docs.aws.amazon.com/license-manager/?id=docs_gateway

Answer 476

AWS Firewall Manager aids in the administration of Web Application Firewall (WAF), by presenting a centralised point of setting firewall rules across different web resources. https://docs.aws.amazon.com/firewall-manager/?id=docs_gateway

Answer 477

The AWS Service Health Dashboard displays the general status of all AWS services & will not display scheduled maintenance activities.

Answer 478

A server whose purpose is to provide access (SSH access) to a private network from an external network, such as the Internet. It is deployed in a public subnet. A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet. Because of its exposure to potential attack, a bastion host must minimize the chances of penetration.

Answer 479

Amazon Pinpoint is an AWS service that you can use to engage with your customers across multiple messaging channels. You can use Amazon Pinpoint to send push notifications, in-app notifications, e-mails, text messages, voice messages, and messages over custom channels.

Answer 480

Amazon Connect Lets You Build Reliable and Inexpensive Automatic Calling Services. Try Now. Amazon Connect's Pay-as-You-Go Pricing Model Allows You to Build According to Your Needs. Safe, Secure. Flexible, Low Cost. Built-In Intelligence. Automated & Easy. Push Notification is not a feature of Amazon Connect.

Answer 481

Simple E-mail Service. Get reliable, scalable e-mail to communicate with customers at the lowest industry prices. Features include: Mailbox Simulator Reputation Dashboard Deliver high-volume e-mail campaigns with the service that sends hundreds of billions of e-mails per year. Reach customers’ inboxes as a trusted sender with secure e-mail authentication. Improve your bottom line with transparent pricing designed for bulk e-mail. Stay compliant from day one with HIPAA-eligible and FedRAMP-, GDPR-, and ISO-certified options. Amazon Simple E-mail Service (SES) lets you reach customers confidently without an on-premises Simple Mail Transfer Protocol (SMTP) system. Why Amazon SES? Amazon SES is a cloud e-mail service provider that can integrate into any application for bulk e-mail sending. Whether you send transactional or marketing e-mails, you pay only for what you use. Amazon SES also supports a variety of deployments including dedicated, shared, or owned IP addresses. Reports on sender statistics and a deliverability dashboard help businesses make every e-mail count.

Answer 482

Amazon WorkLink can be used by internal employees to securely access internal websites & applications using mobile phones.

Answer 483

AWS CodeDeploy is a managed service for automating software deployment on AWS resources & on-premise systems. It is not suitable for creating portfolios of resources for quick deployment. AWS CodeDeploy is a service that automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises, and is not used for managing encryption keys.

Answer 484

A cluster placement group is a logical grouping of instances within a single Availability Zone. A cluster placement group can span peered virtual private networks (VPCs) in the same Region. Instances in the same cluster placement group enjoy a higher per-flow throughput limit for TCP/IP traffic and are placed in the same high-bisection bandwidth segment of the network. A cluster placement group will help to have low latency between instances but will not reduce operational expenses.

Answer 485

The root device for an instance launched from the AMI is an instance store volume created from a template stored in Amazon S3.

Answer 486

An Amazon Machine Image (AMI) is a supported and maintained image provided by AWS that provides the information required to launch an instance. You must specify an AMI when you launch an instance. You can launch multiple instances from a single AMI when you require multiple instances with the same configuration.

Answer 487

C – The ability to launch instances on demand when needed allows users to launch and terminate instances in response to a varying workload. This is a more economical practice than purchasing enough on-premises servers to handle the peak load.

Answer 488

B – AWS DMS helps users migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. AWS DMS can migrate data to and from most widely used commercial and open-source databases.

Answer 489

D – AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that makes it easy to find, test, buy, and deploy software that runs on AWS.

Answer 490

D – Amazon VPC lets users provision a logically isolated section of the AWS Cloud where users can launch AWS resources in a virtual network that they define.

Answer 491

B – Maintaining physical hardware is an AWS responsibility under the AWS shared responsibility model.

Answer 492

B – To deliver content to users with lower latency, Amazon CloudFront uses a global network of points of presence (edge locations and regional edge caches) worldwide.

Answer 493

C – Multi-factor authentication (MFA) is a simple best practice that adds an extra layer of protection on top of a username and password. With MFA enabled, when a user signs in to an AWS Management Console, they will be prompted for their username and password (the first factor—what they know), as well as for an authentication code from their MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for AWS account settings and resources.

Answer 494

B – AWS CloudTrail helps users enable governance, compliance, and operational and risk auditing of their AWS accounts. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface (CLI), and AWS SDKs and APIs. AWS Config and AWS CloudTrail are change management tools that help AWS customers audit and monitor all resource and configuration changes in their AWS environment. AWS Config provides information about the changes made to a resource, and AWS CloudTrail provides information about who made those changes. These capabilities enable customers to discover any misconfigurations, fix them, and protect their workloads from failures.

Answer 495

A – Amazon SNS and Amazon CloudWatch are integrated so users can collect, view, and analyze metrics for every active SNS. Once users have configured CloudWatch for Amazon SNS, they can gain better insight into the performance of their Amazon SNS topics, push notifications, and SMS deliveries.

Answer 496

D – The AWS Acceptable Use Policy provides information regarding prohibited actions on the AWS infrastructure.

Answer 497

3. Amazon Elasticache for Redis Amazon ElastiCache for Redis is a blazing fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications. Built on open-source Redis and compatible with the Redis APIs, ElastiCache for Redis works with your Redis clients and uses the open Redis data format to store your data. Your self-managed Redis applications can work seamlessly with ElastiCache for Redis without any code changes. ElastiCache for Redis combines the speed, simplicity, and versatility of open-source Redis with manageability, security, and scalability from Amazon to power the most demanding real-time applications in Gaming, Ad-Tech, E-Commerce, Healthcare, Financial Services, and IoT.

Answer 498

AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. It includes a code editor, debugger, and terminal. Cloud9 comes pre-packaged with essential tools for popular programming languages, including JavaScript, Python, PHP, and more, so you don’t need to install files or configure your development machine to start new projects. AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. It includes a code editor, debugger, and terminal.

Answer 499

3. AWS IAM AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to access and use AWS resources.

Answer 500

Federation is an AWS feature that enables users to access and use AWS resources using their existing corporate credentials.

Answer 501

2. RDS Multi-AZ When you enable Multi-AZ, Amazon Relational Database Service (Amazon RDS) maintains a redundant and consistent standby copy of your data. If you encounter problems with the primary copy, Amazon RDS automatically switches to the standby copy (or to a read replica in the case of Amazon Aurora) to provide continued availability to the data. The two copies are maintained in different Availability Zones (AZs), hence the name “Multi-AZ.” Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. Having separate Availability Zones greatly reduces the likelihood that both copies will concurrently be affected by most types of disturbances. RDS Single-AZ is not an Amazon RDS Feature.

Answer 502

RDS snapshots are user-initiated backups of your instance.

Answer 503

Amazon RDS can be configured to use Read Replicas to scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads.

Answer 504

3. Enables you to easily run and scale Apache Spark, Hadoop, and other Big Data Frameworks and 5. Enables you to analyse and process extremely large amounts of data in a timely manner Amazon Elastic Map Reduce (Amazon EMR) is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. It utilizes a hosted Hadoop framework running on the web-scale infrastructure of Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3). Amazon EMR is ideal for problems that necessitate the fast and efficient processing of large amounts of data. EMR securely and reliably handles a broad set of big data use cases, including log analysis, web indexing, data transformations (ETL), machine learning, financial analysis, scientific simulation, and bioinformatics. Amazon EMR lets you focus on crunching or analyzing your data without having to worry about time-consuming set-up, management or tuning of Hadoop clusters or the compute capacity upon which they sit. EMR is not a storage service.

Answer 505

1. Amazon EC2 If an AWS customer needs full control over a database, AWS provides a wide range of Amazon EC2 instances - with different hardware characteristics - on which they can install and run their custom relational database software. If EC2 is used instead of RDS to run a relational database, the customer is responsible for managing everything related to this database.

Answer 506

3. Enable S3 Encryption and 5. Encrypt the data prior to uploading it Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon data centres). You can protect data in transit by using SSL/TLS or by using client-side encryption. Also, you have the following options of protecting data at rest in Amazon S3. 1- Use Server-Side Encryption – You configure Amazon S3 to encrypt your object before saving it on disks in its data centres and decrypt it when you download the objects. 2- Use Client-Side Encryption – You can encrypt your data on the client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools. AWS does not encrypt the customer data automatically unless it is configured to do so. The customer is responsible for everything related to their data - access management, encryption, validation, lifecycle management, etc. You should also restrict access to the S3 buckets using IAM policies. https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html

Answer 507

3. AWS Server Migration Service. AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS. AWS SMS allows you to automate, schedule, and track incremental replications of live server volumes, making it easier for you to coordinate large-scale server migrations. AWS Server Migration Service currently supports virtual machine migrations from VMware vSphere, Windows Hyper-V, or Microsoft Azure to AWS. Each server volume migrated is saved as a new Amazon Machine Image (AMI), which can be launched as an EC2 instance (virtual machine) in the AWS cloud. https://aws.amazon.com/server-migration-service/

Answer 508

AWS Application Discovery Service is used to discover on-premises server inventory and behaviour. This service is very useful when creating a migration plan to AWS.

Answer 509

AWS File Transfer Acceleration is an S3 feature that enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.

Answer 510

4. Amazon S3 Standard-Infrequent Access Amazon S3 has a wide variety of storage classes to cover different workloads and use cases. The S3 storage class you choose primarily depends upon two factors: accessibility and cost. If you need immediate access to your data, then you want to use either S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access, S3 One Zone-IA, or Amazon S3 Glacier Instant Retrieval. S3 Standard-Infrequent Access (S3 Standard-IA) is for data that is accessed less frequently, but requires rapid access when needed. S3 Standard-IA offers the high durability, high throughput, and low latency of S3 Standard, with a low per GB storage price and per GB retrieval charge. This combination of low cost and high performance make S3 Standard-IA ideal for long-term storage, backups, and as a data store for disaster recovery files. Database backup is an important operation to consider for any database system. Taking backups not only enables data restore on database failure but also enables recovery from data corruption. Amazon S3 Standard-Infrequent Access is the best choice because it provides immediate access to your database backups while reducing costs. S3 Standard-IA is ideal for data that is accessed less frequently (like database backups), but requires immediate access when needed. https://aws.amazon.com/s3/storage-classes/ https://aws.amazon.com/s3/

Answer 511

An Instance Store is a storage volume that acts as a physical hard drive. It provides temporary storage for an Amazon EC2 instance. The data in an instance store persists during the lifetime of its instance. If an instance reboots, data in the instance store will persist. When the instance hibernates or terminates, you lose any data in the instance store. Instance Store can only be used to store temporary data such as buffers, caches, scratch data, and other temporary content. You cannot rely on an instance store for valuable, long-term data because data in the instance store is lost if the instance stops, terminates or if the underlying disk drive fails. An instance store provides temporary block-level storage for EC2 instances. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content. An instance store provides temporary block-level storage for EC2 instances. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content.

Answer 512

3. Amazon CloudWatch Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. https://aws.amazon.com/cloudwatch

Answer 513

1. Auto Scaling AWS Auto Scaling is a service that can help you optimize your utilization and cost efficiencies when consuming AWS services so you only pay for the resources you actually need. When demand decreases, Auto Scaling shuts down unused resources automatically to reduce costs. When demand increases, Auto Scaling provisions new resources automatically to meet demand and maintain performance. https://d1.awsstatic.com/whitepapers/aws-overview.pdf

Answer 514

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. Amazon Route 53 is not used for storing data. It is a globally available, cloud-based Domain Name System (DNS) web service not tied to Availability Zones. Amazon Route 53: - Register Domains - Use AWS nameservers - Public and Private DNS zones - Automated via API - Health checks - Different routing methods: * Latency * Geographic * Failover * Weighted Sets

Answer 515

3. With the Server-based Architectures, compute resources continue to run all the time but with serverless architecture, compute resources are only used when code is being executed. Serverless architectures can reduce costs because you do not have to manage or pay for underutilized servers, or provision redundant infrastructure to implement high availability. For example, you can upload your code to the AWS Lambda compute service, and the service can run the code on your behalf using AWS infrastructure. With AWS Lambda, you are charged for every 100ms your code executes and the number of times your code is triggered. AWS uses the same devices for both server-based and serverless architectures. With Serverless Architecture, you do not have to worry about scaling compute capacity. AWS handles that for you. There are no reservations when using Serverless Architectures. https://aws.amazon.com/serverless/

Answer 516

2. Using the AWS Cost & Usage Report The AWS Cost & Usage Report is your one-stop shop for accessing the most detailed information available about your AWS costs and usage. The AWS Cost & Usage Report lists AWS usage for each service category used by an account and its IAM users in hourly or daily line items, as well as any tags that you have activated for cost allocation purposes. Amazon VPC dashboard doesn’t provide any cost information. https://aws.amazon.com/aws-cost-management/aws-cost-and-usage-reporting/

Answer 517

3. With AWS, you replace large capital expenses with low variable payments. AWS does not require minimum spend commitments or long-term contracts. You replace large fixed upfront expenses with low variable payments that only apply based on what you use. For example, when using On-demand instances you pay only for the hours\seconds they are running and nothing more. https://aws.amazon.com/pricing/

Answer 518

3. AWS Resource Groups Resource Groups help you organize multiple AWS resources in groups. By default, the AWS Management Console is organized by AWS service. But with the Resource Groups tool, you can create a custom console that organizes and consolidates information based on your project and the resources that you use. If you work with multiple resources in multiple environments, you might find it useful to manage all the resources in each environment as a group rather than move from one AWS service to another for each task. Resource Groups help you do just that. By default, the AWS Management Console is organized by AWS service. But with the Resource Groups tool, you can create a custom console that organizes and consolidates information based on your project and the resources that you use. Resource Groups help you organize multiple AWS resources in groups. By default, the AWS Management Console is organized by AWS service. But with the Resource Groups tool, you can create a custom console that organizes and consolidates information based on your project and the resources that you use. https://docs.aws.amazon.com/ARG/latest/APIReference/Welcome.html

Answer 519

AWS Tag Editor is used to add, edit, or delete tags from AWS resources.

Answer 520

Placement Groups are logical groupings or clusters of EC2 instances within a single Availability Zone. Placement Groups are logical groupings or clusters of EC2 instances within a single Availability Zone. Placement groups are recommended for applications that require low network latency, high network throughput, or both. https://docs.aws.amazon.com/ARG/latest/APIReference/Welcome.html

Answer 521

2. AWS CodeDeploy AWS CodeDeploy is a service that automates application deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during deployment, and handles the complexity of updating your applications. You can use AWS CodeDeploy to automate deployments, eliminating the need for error-prone manual operations, and the service scales with your infrastructure so you can easily deploy to one instance or thousands. You can also use AWS OpsWorks to automate application deployments to any instance, including Amazon EC2 instances and instances running on-premises. OpsWorks is a service that helps you automate operational tasks like code deployment, software configurations, package installations, database setups, and server scaling using Chef and Puppet. https://aws.amazon.com/codedeploy/ https://aws.amazon.com/about-aws/whats-new/2015/04/aws-codedeploy-supports-on-premises-instances/ https://aws.amazon.com/about-aws/whats-new/2014/12/08/aws-opsworks-supports-existing-ec2-instances-and-on-premises-servers/

Answer 522

3. AWS Auto Scaling AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, you maintain optimal application performance and availability, even when workloads are periodic, unpredictable, or continuously changing. When demand spikes, AWS Auto Scaling automatically increases the compute capacity, so you maintain performance. When demand subsides, AWS Auto Scaling automatically decreases the compute capacity, so you pay only for the resources you actually need. https://aws.amazon.com/autoscaling/

Answer 523

1. AWS Direct Connect AWS Direct Connect makes it easy for businesses to establish a dedicated network connection from their on-premises datacentres to AWS. Using AWS Direct Connect, customers can establish private connectivity between AWS and their datacentre, office, or co-location environment, which in many cases can reduce their network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. https://aws.amazon.com/directconnect/

Answer 524

3. AWS KMS and 4. CloudHSM AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses FIPS 140-2 validated hardware security modules to protect the security of your keys. AWS Key Management Service is integrated with most other AWS services to help you protect the data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. CloudHSM offers you the flexibility to integrate with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries. https://aws.amazon.com/kms/ https://aws.amazon.com/cloudhsm/

Answer 525

2. Management of the operating system and 5. Database setup In relation to Amazon RDS databases: AWS is responsible for: 1- Managing the underlying infrastructure and foundation services. 2- Managing the operating system. 3- Database setup. 4- Patching and backups. The customer is still responsible for: 1- Protecting the data stored in databases (through encryption and IAM access control). 2- Managing the database settings that are specific to the application. 3- Building the relational schema. 4- Network traffic protection. The customer is responsible for managing access to all AWS services and resources. The customer is responsible for managing firewall rules using security groups. The customer is responsible for protecting network traffic using security groups, Network ACLs and AWS WAFs. Amazon RDS for Oracle does not automatically replicate data. Amazon RDS supports six database engines (Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server). Amazon Aurora is the only database engine that replicates data automatically across three Availability Zones. For other database engines, you must enable the "Multi-AZ" feature manually. In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a standby copy of your data in a different Availability Zone. If a storage volume on your primary instance fails, Amazon RDS automatically initiates a failover to the up-to-date standby. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html

Answer 526

1. Data Transfer Out charges and 5. Compute charges The factors that have the greatest impact on cost include: Compute, Storage and Data Transfer Out. Their pricing differs according to the service you use. It does not matter how many AWS services you are using. Each AWS service has its own pricing details, and many of them are free to use. There is no charge for inbound data transfer (also called Data Transfer IN) across all services in all Regions. Data transfer from AWS to the internet (Data Transfer OUT) is charged per service, with rates specific to the originating Region. IAM and all of its features are free to use. https://aws.amazon.com/pricing/

Answer 527

3. Amazon Connect Amazon Connect is a cloud-based contact centre solution. Amazon Connect makes it easy to set up and manage a customer contact centre and provide reliable customer engagement at any scale. You can set up a contact centre in just a few steps, add agents from anywhere, and start to engage with your customers right away. Amazon Connect provides rich metrics and real-time reporting that allow you to optimize contact routing. You can also resolve customer issues more efficiently by putting customers in touch with the right agents. Amazon Connect integrates with your existing systems and business applications to provide visibility and insight into all of your customer interactions. https://aws.amazon.com/connect/

Answer 528

AWS PrivateLink enables you to securely connect your VPCs to supported AWS services: to your own services on AWS, to services hosted by other AWS accounts, and to third-party services on AWS Marketplace. With AWS PrivateLink, traffic between AWS resources, VPCs, and third-party services stays on the global AWS backbone and never traverses the public internet, reducing exposure to brute force and distributed denial-of-service attacks, along with other threats. For example, customers who want to use a SaaS application offered by an independent software vendor in the AWS Marketplace have to choose between allowing Internet access from their VPC, which puts the VPC resources at risk, and not using these applications at all. With AWS PrivateLink, customers can connect to AWS services and SaaS applications from their VPC in a private, secure, and scalable manner and without traversing the public internet.

Answer 529

2. Amazon ElasticSearch Amazon ElasticSearch service is a fully managed service that makes it easy for you to deploy, secure, operate, and scale ElasticSearch to search, analyse and visualise data in real-time. ElasticSearch is based on open source software.

Answer 530

It is the ability to recover from a failure, an example is having a second server that you failover to.

Answer 531

RPO is the recovery point, this is the time between the last backup and the outage. RTO is recovery time, this is the time taken to recover from an outage.

Answer 532

AWS provides multiple support plans to meet the different support requirements of its customers. There are four main support plans in AWS: 1. Developer 2. Basic 3. Business 4. Enterprise

Answer 533

Answer: C. Ensuring that data is encrypted at rest.

Answer 534

Answer: C. AWS Budgets.

Answer 535

Answer: C. Amazon S3.

Answer 536

Answer: C. AWS Professional Services. AWS Professional Services is the service that helps organizations achieve their desired business outcomes with AWS. AWS Professional Services is the service that helps organizations design and travel an accelerated path to successful cloud adoption.

Answer 537

Answer: C. AWS Partner Network Consulting Partners.

Answer 538

Answer: C. Design for failure.

Answer 539

A. Amazon EC2 and B. Amazon Relational Database Service (Amazon RDS).

Answer 540

B. AWS Trusted Advisor

Answer 541

C. Dedicated Hosts

Answer 542

C. Elasticity and D. Pay-as-you-go pricing

Answer 543

D. Amazon CloudFront

Answer 544

B. Reliability

Answer 545

A. Operational resilience and C. Business agility.

Answer 546

B. Performance efficiency.

Answer 547

B. Cost Explorer.

Answer 548

B. Availability Zone

Answer 549

A. Security inside of code and D. Writing and updating of code

Answer 550

B. EC2 Amazon Machine Images (AMIs) and C. Amazon Elastic Block Store (Amazon EBS) snapshots

Answer 551

B. Increased global reach and agility and D. Elimination of the cost of IT staff members

Answer 552

B. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to run on Spot Instances. Spot, Savings Plans, and Reserved instances are all cheaper than On-Demand instances.

Answer 553

B. Amazon Simple Storage Storage (Amazon S3) and C. Amazon Elastic Block Store (Amazon EBS)

Answer 554

B. Amazon CloudFront

Answer 555

B. Paying only for what you use

Answer 556

C. AWS Trusted Advisor

Answer 557

C. Amazon Cloud Watch

Answer 558

D. AWS Cloud Trail Logs

Answer 559

A. Amazon Route 53

Answer 560

A. Cloud resources can be managed programatically

Answer 561

C. AWS Batch AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS. AWS Batch dynamically provisions the optimal quantity and type of compute resources (e.g., CPU or memory-optimized instances) based on the volume and specific resource requirements of the batch jobs submitted. With AWS Batch, there is no need to install and manage batch computing software or server clusters that you use to run your jobs, allowing you to focus on analyzing results and solving problems. AWS Batch plans, schedules, and executes your batch computing workloads across the full range of AWS compute services and features, such as Amazon EC2 and Spot Instances.

Answer 562

Lambda@Edge is a feature of Amazon CloudFront that lets you run code closer to your global end-users, which improves performance and reduces latency.

Answer 563

C. Number of requests to your functions and D. Compute time consumed With AWS Lambda, you pay only for what you use. You are charged based on the number of requests for your functions and the time it takes for your code to execute.

Answer 564

D. AWS Lambda provides resizable compute capacity in the cloud "AWS Lambda provides resizable compute capacity in the cloud" is not a benefit of AWS Lambda, so is the correct choice. AWS Lambda automatically runs your code without requiring you to adjust capacity or manage servers. AWS Lambda automatically scales your application by running code in response to each trigger. Your code runs in parallel and processes each trigger individually, scaling precisely with the size of the workload.

Answer 565

B. It allows individual application components or services to be modified without affecting other components As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces interdependencies - a change or a failure in one component should not cascade to other components. The AWS services that can help you build loosely-coupled applications include: 1- Amazon Simple Queue Service (Amazon SQS): Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Amazon SQS offers a reliable, highly-scalable hosted queue for storing messages as they travel between applications or microservices. It moves data between distributed application components and helps you decouple these components. 2- Amazon EventBridge (also called Amazon CloudWatch Events): Amazon EventBridge is a serverless event bus service that makes it easy for you to build event-driven application architectures. Amazon EventBridge helps you accelerate modernizing and re-orchestrating your architecture with decoupled services and applications. With EventBridge, you can speed up your organization’s development process by allowing teams to iterate on features without explicit dependencies between systems. 3- Amazon SNS: Amazon SNS is a publish/subscribe messaging service that enables you to decouple microservices, distributed systems, and serverless applications. Both Amazon SNS and Amazon EventBridge can be used to implement the publish-subscribe pattern. Amazon EventBridge includes direct integrations with software as a service (SaaS) applications and other AWS services. It’s ideal for publish-subscribe use cases involving these types of integrations.

Answer 566

A. It is a distinct location within a region that is insulated from failures in other Availability Zones Availability Zones are distinct locations within a region that are insulated from failures in other Availability Zones. Note: Although Availability Zones are insulated from failures in other Availability Zones, they are connected through private, low-latency links to other Availability Zones in the same region. An Availability Zone is a collection of data centres located in one AWS Region. An Availability Zone consists of one or more discrete data centres located in one AWS Region.

Answer 567

A Local Zone is an extension of an AWS Region in geographic proximity to your users. With AWS Local Zones, you can easily run highly-demanding applications that require single-digit millisecond latencies to your end-users, such as real-time gaming, hybrid migrations, AR/VR, and machine learning. AWS Local Zones enable you to comply with state and local data residency requirements in sectors such as healthcare, financial services, iGaming, and government. AWS Local Zones are connected to the parent region via Amazon’s redundant and very high bandwidth private network, giving applications running in AWS Local Zones fast, secure, and seamless access to the full range of in-region services through the same APIs and tool sets. An extension of an AWS Region. Suited for customers who need the ability to place resources in multiple locations closer to end users.

Answer 568

D. Securing regions and edge locations All other options represent responsibilities of the customer. According to the Shared Security Model, AWS’ responsibility is the Security of the Cloud. AWS is responsible for protecting the infrastructure that runs the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

Answer 569

C. Add the accounts to an AWS Organisation and use Consolidated Billing Consolidated billing has the following benefits: 1- One bill – You get one bill for multiple accounts. 2- Easy tracking – You can track each account's charges, and download the cost data in .csv format. 3- Combined usage – If you have multiple standalone accounts, your charges might decrease if you add the accounts to an organization. AWS combines usage from all accounts in the organization to qualify you for volume pricing discounts. 4- No extra fee – Consolidated billing is offered at no additional cost. Removing accounts or resources depends on your needs. Tracking the AWS charges will not decrease your charges. AWS tiered-pricing is applied for every AWS account regardless of whether it is part of an organization or not. With AWS, you can get volume-based discounts and realize important savings as your usage increases. For services such as S3 and data transfer OUT from EC2, pricing is tiered, meaning the more you use, the less you pay per GB. But if you have multiple AWS accounts, you can achieve even more discounts by adding them to an Organization and enable consolidated billing (because in that case, AWS will treat all the accounts as one account).

Answer 570

D. An IAM user has permanent credentials associated with it, however a role has temporary credentials associated with it and E. An IAM user is uniquely associated with only one person, however a role is intended to be assumable by anyone who needs it. An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it (as long as they are authorized to do so). Also, a role does not have standard long-term credentials (password or access keys) associated with it. Instead, if a user assumes a role, temporary security credentials are created dynamically and provided to the user.

Answer 571

C. S3 and E. Amazon Aurora For S3 Standard, S3 Standard-IA, and S3 Glacier storage classes, your objects are automatically stored across multiple devices spanning a minimum of three Availability Zones, each on different power grids within an AWS Region. This means your data is available when needed and protected against AZ failures. Amazon Aurora is an Amazon RDS database engine. All of your data in Amazon Aurora is automatically replicated across three Availability Zones within an AWS region, providing built-in high availability and data durability. Other Amazon RDS database engines (PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server) do not replicate data automatically. To protect from data loss when using any of these engines, you need to manually enable the Multi-AZ feature. In a Multi-AZ Deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. If you encounter problems with the primary copy, Amazon RDS automatically switches to the standby copy to provide continued availability to the data.

Answer 572

B. Cloud There are three Cloud Computing Deployment Models: 1- Cloud: A cloud-based application is fully deployed in the cloud and all parts of the application run in the cloud. This Cloud Computing deployment model eliminates the need to run and maintain physical data centres. 2- Hybrid: A hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud (On-premises data centres). 3- On-premises: Deploying resources on-premises, using virtualization and resource management tools, is sometimes called “private cloud”. On-premises deployment does not provide many of the benefits of cloud computing but is sometimes sought for its ability to provide dedicated resources

Answer 573

A. Change the e-mail address and password of the root user account and enable MFA. and B. Rotate all access keys. To protect your AWS infrastructure in this situation you should lock down your root user account and all IAM user accounts that the administrator had access to. To protect your AWS infrastructure you should: 1- Change the e-mail address and the password of the root user account 2- Enable MFA on the root user account 4- Rotate (change) all access keys for all accounts 3- Change the user name and password of all IAM users 5- Enable MFA on all IAM user accounts Deleting all IAM accounts is not necessary, and it could cause disruption to your operations. IAM policies are used to authorize users to perform actions on AWS resources. Downloading them save you some time if they were deleted, but it is not an immediate first step to take to protect your AWS infrastructure. CloudTrail is the service that gives you a complete history of the API calls that have been made in your account from all users, not CloudWatch.

Answer 574

C. Amazon CloudFront Amazon CloudFront, AWS Shield, and AWS Web Application Firewall (AWS WAF) work seamlessly together to create a flexible, layered security perimeter against multiple types of attacks including network and application layer DDoS attacks. These services are co-resident at the AWS edge location and provide a scalable, reliable, and high-performance security perimeter for your applications and content. All CloudFront distributions are defended by default against the most frequently occurring DDoS attacks that target your websites or applications with AWS Shield Standard. To defend against more complex attacks, you can add a flexible, layered security perimeter by integrating CloudFront with AWS Shield Advanced and AWS Web Application Firewall (AWS WAF).

Answer 575

AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. With Systems Manager, you can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS instances, by application, view operational data for monitoring and troubleshooting, and execute actions on your groups of resources. Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and makes it easy to operate and manage your infrastructure at scale. AWS Systems Manager helps you select and deploy operating system and software patches automatically across large groups of Amazon EC2 or on-premises instances. Through patch baselines, you can set rules to auto-approve select categories of patches to be installed, such as operating system or high severity patches. Systems Manager helps ensure that your software is up-to-date and meets your compliance policies.

Answer 576

AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily store, rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text.

Answer 577

B. Pick the right Glacier class based on your retrieval needs AWS customers use Amazon Glacier to backup large amounts of data at very low costs. There are three different storage classes for Amazon Glacier: Amazon S3 Glacier Instant Retrieval, Amazon S3 Glacier Flexible Retrieval, and Amazon S3 Glacier Deep Archive. Choosing between S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, or S3 Glacier Deep Archive depends on how quickly you must retrieve your data. S3 Glacier Instant Retrieval delivers the fastest access to archive storage, with the same throughput and milliseconds access as the S3 Standard and S3 Standard-IA storage classes. With S3 Glacier Flexible Retrieval, you can retrieve your data within a few minutes to several hours (1-5 minutes to 12 hours), whereas with S3 Glacier Deep Archive, the minimum retrieval period is 12 hours. For archive data that needs immediate access, such as medical images, news media assets, or genomics data, choose the S3 Glacier Instant Retrieval storage class. For archive data that does not require immediate access but needs the flexibility to retrieve large sets of data at no cost, such as backup or disaster recovery use cases, choose S3 Glacier Flexible Retrieval (formerly S3 Glacier), with retrieval in minutes or free bulk retrievals in 5 - 12 hours. To save even more on long-lived archive storage such as compliance archives and digital media preservation, choose S3 Glacier Deep Archive, the lowest cost storage in the cloud with data retrieval from 12 - 48 hours.

Answer 578

C. Provide an in-memory data storage service and E. Improve web application performance Amazon ElastiCache improves the performance of web applications by allowing you to retrieve information from a fast, managed, in-memory data store, instead of relying entirely on slower disk-based databases. Querying a database is always slower and more expensive than locating a copy of that data in a cache. By caching (storing) common database query results, you can quickly retrieve the data multiple times without having to re-execute the query. ElastiCache is not “Chef-compatible”. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. The AWS service that uses Chef and Puppet is AWS OpsWorks.

Answer 579

C. AWS WAF AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that block traffic based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection, and cross-site scripting. AWS WAF is integrated with Amazon CloudFront, which supports custom origins outside of AWS. Therefore, AWS WAF can help you protect websites not hosted on AWS.

Answer 580

AWS Ground Station is a fully managed service that lets you control satellite communications, process satellite data, and scale your satellite operations. With AWS Ground Station, you no longer have to build or manage your own ground station infrastructure.

Answer 581

D. You can increase or decrease your compute capacity depending on the demands of your application and E. They remove the need to buy "safety net" capacity to handle periodic traffic spikes. With On-Demand instances, you pay for compute capacity by the hour or the second depending on which instances you run. No longer-term commitments or upfront payments are needed. You can increase or decrease your compute capacity depending on the demands of your application and only pay for what you use. The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. On-Demand instances also remove the need to buy “safety net” capacity to handle periodic traffic spikes. Spot, Savings Plans, and Reserved instances are all cheaper than On-Demand instances.

Answer 582

D. AWS customers are responsible for patching any database software running on Amazon EC2 AWS customers have two options to host their databases on AWS: 1- Using a managed database: AWS Customers can use managed databases such as Amazon RDS to host their databases. In this case, AWS is responsible for performing all database management tasks such as hardware provisioning, patching, setup, configuration, backups, or recovery. 2- Installing a database software on Amazon EC2: Instead of using a managed database, AWS customers can install any database software they want on Amazon EC2 and host their databases. In this case, Customers are responsible for performing all of the necessary configuration and management tasks. Note: For Amazon RDS, all security patches and updates are applied automatically to the database software once they are released. But for databases installed on Amazon EC2, customers are required to apply the security patches and the updates manually or use the AWS Systems Manager service to apply them on a scheduled basis (every week, for example). It is the responsibility of the customer to build secure applications. It is the responsibility of the customer to encrypt data either on the client side or on the server side.

Answer 583

B. Traffic Distribution. and C. Number of Requests. Amazon CloudFront charges are based on the data transfer out of AWS and requests used to deliver content to your customers. There are no upfront payments or fixed platform fees, no long-term commitments, no premiums for dynamic content, and no requirements for professional services to get started. To estimate the costs of an Amazon CloudFront distribution consider the following: - Traffic Distribution: Data transfer and request pricing varies across geographic regions, and pricing is based on the edge location through which your content is served. - Requests: The number and type of requests (HTTP or HTTPS) made and the geographic region in which the requests are made. - Data Transfer OUT: The amount of data transferred out of your Amazon CloudFront edge locations. Note: Data Transfer IN is free. There is no charge for inbound data transferred from AWS services such as Amazon S3 or Elastic Load Balancing. Instance type is a factor that affects Amazon EC2 costs, not Amazon CloudFront costs.

Answer 584

C. On-Demand Instances. On Demand instances would help provision any extra capacity that the application may need without any interruptions. Spot instances may be more cost effective, but AWS does not guarantee the availability of the instances. Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks. Using Savings Plans requires a contract of at least one year. Savings Plans is a flexible pricing model that offers low prices on EC2, Lambda, and Fargate usage, in exchange for a commitment to a consistent amount of compute usage (measured in $/hour) for a one or three-year term.

Answer 585

B. Amazon Elastic File System Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. It offers a simple interface that allows you to create and configure file systems quickly and easily. Amazon EFS is built to elastically scale on demand without disrupting applications, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. Amazon EFS is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS that scale as a file system grows, with consistent low latencies. As a regional service, Amazon EFS is designed for high availability and durability storing data redundantly across multiple Availability Zones. With these capabilities, Amazon EFS is well suited to support a broad spectrum of use cases, including web serving and content management, enterprise applications, media and entertainment processing workflows, home directories, database backups, developer tools, container storage, and big data analytics workloads. S3 is an object level storage. S3 cannot be attached to compute resources.

Answer 586

Big data applications require shared access to hundreds or thousands of EC2 instances in multiple Availability Zones. Amazon EBS Multi-Attach lets you share access to an EBS data volume between up to 16 Nitro-based EC2 instances within the same Availability Zone (AZ).

Answer 587

C. Enterprise and D. Business For Technical Support, each of the Business, Enterprise On-Ramp, and Enterprise support plans provides 24x7 phone, email, and chat access to Support Engineers. Premium and Standard are not valid support plans on AWS. The Developer plan does not include phone support 24/7.

Answer 588

A. Regions. Businesses are using the AWS cloud to enable faster disaster recovery of their critical IT systems without incurring the infrastructure expense of a second physical site. The AWS cloud supports many popular disaster recovery architectures from “pilot light” environments that may be suitable for small customer workload data centre failures to “hot standby” environments that enable rapid failover at scale. With data centres in Regions all around the world, AWS provides a set of cloud-based disaster recovery services that enable rapid recovery of your IT infrastructure and data.

Answer 589

C. AWS Acceptable Use Policy The AWS Acceptable Use Policy describes prohibited uses of the web services offered by AWS. For example, any activities that are illegal, that violate the rights of others, or that may be harmful to others are prohibited. If a customer violates the policy or authorizes or helps others to do so, AWS may suspend or terminate their use of the services.

Answer 590

AWS Service Control Policies (SCPs) or AWS Organizations Policies are a type of organization policy that you can use to manage permissions for all accounts in your organization. SCPs offer central control over the maximum available permissions for all member accounts in your organization. SCPs help you to ensure member accounts stay within your organization's access control guidelines. In SCPs, you can restrict which AWS services, resources, and individual API actions the users and roles in each member account can access.

Answer 591

B. AWS CodeCommit AWS CodeCommit is designed for software developers who need a secure, reliable, and scalable source control system to store and version their code. In addition, AWS CodeCommit can be used by anyone looking for an easy to use, fully managed data store that is version controlled. For example, IT administrators can use AWS CodeCommit to store their scripts and configurations. Web designers can use AWS CodeCommit to store HTML pages and images. AWS CodeCommit makes it easy for companies to host secure and highly available private Git repositories. Customers can use AWS CodeCommit to securely store anything from source code to binaries.

Answer 592

AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.

Answer 593

Amazon CodeGuru is a developer tool that provides intelligent recommendations to improve code quality and identifying an application’s most expensive lines of code.

Answer 594

Amazon Kinesis Data Firehose provides the facility of loading data streams into AWS data stores. Kinesis Data Firehose provides the simplest approach for capturing, transforming, and loading data streams into AWS data stores. Kinesis Data Firehose is the easiest way to load streaming data into data stores and analytics tools. Captures, transforms, and loads streaming data. Enables near real-time analytics with existing business intelligence tools and dashboards. Kinesis Data Streams can be used as the source(s) to Kinesis Data Firehose. You can configure Kinesis Data Firehose to transform your data before delivering it. With Kinesis Data Firehose you don’t need to write an application or manage resources. Firehose can batch, compress, and encrypt data before loading it. Firehose synchronously replicates data across three AZs as it is transported to destinations. Each delivery stream stores data records for up to 24 hours.

Answer 595

Amazon Kinesis Data Streams is the real-time data streaming service in Amazon Kinesis with high scalability and durability. It can help in continuously capturing multiple gigabytes of data every second from multiple sources. The higher customizability with Kinesis Data Streams is also one of the profound highlights. Kinesis Data Streams enables you to build custom applications that process or analyse streaming data for specialised needs. Kinesis Data Streams enables real-time processing of streaming big data. Kinesis Data Streams is useful for rapidly moving data off data producers and then continuously processing the data. Kinesis Data Streams stores data for later processing by applications (key difference with Firehose which delivers data directly to AWS services). Common use cases include: Accelerated log and data feed intake. Real-time metrics and reporting. Real-time data analytics. Complex stream processing.

Answer 596

Increase or decrease number of instances: Amazon EC2 Auto Scaling helps you maintain application availability and lets you automatically add or remove EC2 instances using scaling policies that you define. Dynamic or predictive scaling policies let you add or remove EC2 instance capacity to service established or real-time demand patterns. The fleet management features of Amazon EC2 Auto Scaling help maintain the health and availability of your fleet.

Answer 597

A. Security Groups and Network ACLs Security Groups and Network Access Control Lists (Network ACLs) are the two parts of the VPC Security Layer. Security Groups are a firewall at the instance layer, and Network ACLs are a firewall at the subnet layer. Traffic manager is an Azure service, not an AWS service. Internet Gateways provide access for a VPC and subnet to reach the internet. They are not directly attached to EC2 instances. Subnets are where EC2 instances reside, but they do not actually control ingress and egress traffic themselves.

Answer 598

B. AWS KMS Amazon EBS encryption offers a straight-forward encryption solution for your EBS volumes that does not require you to build, maintain, and secure your own key management infrastructure. You can configure Amazon EBS to use the AWS Key Management Service (AWS KMS) to create and control the encryption keys used to encrypt your data. AWS Key Management Service is also integrated with other AWS services including Amazon S3, and Amazon Redshift, to make it simple to encrypt and decrypt your data.

Answer 599

B. Virtually unlimited storage The total volume of data and number of objects you can store are unlimited. Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes.

Answer 600

D. Federation With Federation, you can use single sign-on (SSO) to access your AWS accounts using credentials from your corporate directory. Federation uses open standards, such as Security Assertion Markup Language 2.0 (SAML), to exchange identity and security information between an identity provider (IdP) and an application. AWS offers multiple options for federating your identities in AWS: 1- AWS Identity and Access Management (IAM): You can use AWS Identity and Access Management (IAM) to enable users to sign in to their AWS accounts with their existing corporate credentials. 2- AWS IAM Identity Centre (Successor to AWS Single Sign-On): AWS IAM Identity Centre makes it easy to centrally manage federated access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place. 3- AWS Directory Service: AWS Directory Service for Microsoft Active Directory, also known as AWS Microsoft AD, uses secure Windows trusts to enable users to sign in to the AWS Management Console, AWS Command Line Interface (CLI), and Windows applications running on AWS using their existing corporate Microsoft Active Directory credentials. IAM Permissions let you specify the desired access to AWS resources. Permissions are granted to IAM entities (users, user groups, and roles) and by default these entities start with no permissions. In other words, IAM entities can do nothing in AWS until you grant them your desired permissions.

Answer 601

Access keys are long-term credentials for an AWS IAM user or the AWS account root user. Access keys are not used for signing in to your account. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).

Answer 602

C. AWS CloudHSM AWS CloudHSM is a cloud-based Hardware Security Module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

Answer 603

C. AWS Tagging Amazon Web Services (AWS) allows customers to assign metadata to their AWS resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources. Although there are no inherent types of tags, they enable customers to categorize resources by purpose, owner, environment, or other criteria.

Answer 604

AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud.

Answer 605

C. Basic & Developer Support AWS Trusted Advisor offers a rich set of best practice checks and recommendations across five categories: cost optimization, security, fault tolerance, performance, and service limits. AWS Basic Support and AWS Developer Support customers get access to 6 core security checks (S3 Bucket Permissions, Security Groups - Specific Ports Unrestricted, IAM Use, MFA on Root Account, EBS Public Snapshots, RDS Public Snapshots) and 50 service limit checks. AWS Business, Enterprise On-Ramp, and Enterprise Support customers get access to ALL 115 Trusted Advisor checks (14 cost optimization, 17 security, 24 fault tolerance, 10 performance, and 50 service limits).

Answer 606

C. Use IAM roles to grant temporary access instead of long-term credentials and D. Enable real-time traceability There are seven design principles for security in the cloud: 1- Implement a strong identity foundation: Implement the principle of least privilege and enforce separation of duties with appropriate authorization for each interaction with your AWS resources. Centralize privilege management and reduce or even eliminate reliance on long-term credentials. 2- Enable traceability: Monitor, alert, and audit actions and changes to your environment in real time. Integrate logs and metrics with systems to automatically respond and take action. 3- Apply security at all layers: Rather than just focusing on protection of a single outer layer, apply a defence-in-depth approach with other security controls. Apply to all layers (e.g., edge network, VPC, subnet, load balancer, every instance, operating system, and application). 4- Automate security best practices: Automated software-based security mechanisms improve your ability to securely scale more rapidly and cost effectively. Create secure architectures, including the implementation of controls that are defined and managed as code in version-controlled templates. 5- Protect data in transit and at rest: Classify your data into sensitivity levels and use mechanisms, such as encryption, tokenization, and access control where appropriate. 6- Keep people away from data: Create mechanisms and tools to reduce or eliminate the need for direct access or manual processing of data. This reduces the risk of loss or modification and human error when handling sensitive data. 7- Prepare for security events: Prepare for an incident by having an incident management process that aligns to your organizational requirements. Run incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery. Protecting from networking failures due to hardware issues or mis-configuration is not related to security. Protecting from failures and scaling horizontally are much more related to the reliability of your system. AWS provides encryption and access control tools that allow you to easily encrypt your data in transit and at rest and help ensure that only authorized users can access it. Automating security tasks on AWS enables you to be more secure. For example, you can automate infrastructure and application security checks to continually enforce your security and compliance controls and help ensure confidentiality, integrity, and availability at all times.

Answer 607

D. Use Serverless Computing whenever possible and E. Use Amazon EC2 Auto Scaling Another way you can save money with AWS is by taking advantage of the platform’s elasticity. Elasticity means the ability to scale up or down when needed. This concept is most closely associated with the AWS auto scaling which monitors your applications and automatically adjusts capacity (up or down) to maintain steady, predictable performance at the lowest possible cost. Serverless Computing provides the highest level of elasticity. Serverless enables you to build modern applications with increased agility and lower total cost of ownership. Serverless allows you to run applications and services without thinking about servers. It eliminates infrastructure management tasks such as server or cluster provisioning, patching, operating system maintenance, and capacity provisioning. With serverless computing, everything required to run and scale your application with high availability is handled for you. You may want to deploy your resources in another region to enable faster disaster recovery. Also, deploying your resources in multiple regions worldwide to reduce latency to global users. Deploying your resources across multiple Availability Zones helps you maintain high availability of your infrastructure.

Answer 608

A. AWS Security Blog and B. AWS Bulletins The AWS free security resources include the AWS Security Blog, Whitepapers, AWS Developer Forums, Articles and Tutorials, Training, Security Bulletins, Compliance Resources and Testimonials. AWS provides live classes (Classroom Training) with accredited AWS instructors who teach you in-demand cloud skills and best practices using a mix of presentations, discussion, and hands-on labs. AWS Classroom Training is not free. AWS Support API is available for AWS customers who have a Business, Enterprise On-Ramp, or Enterprise support plan. The AWS Support API provides programmatic access to AWS Support Centre features to create, manage, and close support cases. A Technical Account Manager (TAM) is your designated technical point of contact who provides advocacy and guidance to help plan and build solutions using best practices and proactively keep your AWS environment operationally healthy and secure. TAM is available only for AWS customers who have an Enterprise On-Ramp or Enterprise support plan.

Answer 609

A. Continuously monitors AWS infrastructure and helps detect threats such as attacker reconnaissance or account compromise and B. Initiates automated remediation actions against discovered security issues Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behaviour to protect your AWS accounts and workloads. Amazon GuardDuty integrates with Amazon CloudWatch Events and AWS Lambda to allow you to set up automated remediation actions against discovered security issues. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time-consuming for security teams to continuously analyse event log data for potential threats. GuardDuty analyzes tens of billions of events across multiple AWS data sources, such as AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs. With GuardDuty, you now have an intelligent and cost-effective option for continuous threat detection in the AWS Cloud. The service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. Amazon GuardDuty provides broad protection of your AWS accounts, workloads, and data by helping to identify threats such as attacker reconnaissance, instance compromise, and account compromise.

Answer 610

A. Durability Durability refers to the ability of a system to assure data is stored and data remains consistent in the system as long as it is not changed by legitimate access. This means that data should not become corrupted or disappear due to a system malfunction. Durability is used to measure the likelihood of data loss. For example, assume you have confidential data stored in your Laptop. If you make a copy of it and store it in a secure place, you have just improved the durability of that data. It is much less likely that all copies will be simultaneously destroyed. Amazon EBS volume data is replicated across multiple servers in an Availability Zone to prevent the loss of data from the failure of any single component. The replication of data makes EBS volumes 20 times more durable than typical commodity disk drives, which fail with an AFR (annual failure rate) of around 4%. For example, if you have 1,000 EBS volumes running for 1 year, you should expect 1 to 2 will have a failure. Additional information: Amazon S3 is also considered a durable storage service. Amazon S3 is designed for 99.999999999% (11 9’s) durability. This means that if you store 100 billion objects in S3, you will lose one object at most.

Answer 611

A. Changing the type of the volume and D. Deleting unnecessary snapshots With Amazon EBS, it is important to keep in mind that you are paying for provisioned capacity and performance, even if the volume is unattached or has very low write activity. To optimize storage performance and costs for Amazon EBS, monitor volumes periodically to identify unattached, underutilized or overutilized volumes, and adjust provisioning to match actual usage. When you want to reduce the costs of Amazon EBS consider the following: 1- Delete Unattached Amazon EBS Volumes: An easy way to reduce wasted spend is to find and delete unattached volumes. However, when EC2 instances are stopped or terminated, attached EBS volumes are not automatically deleted and will continue to accrue charges since they are still operating. 2- Resize or Change the EBS Volume Type: Another way to optimize storage costs is to identify volumes that are underutilized and downsize them or change the volume type. 3- Delete Stale Amazon EBS Snapshots: If you have a backup policy that takes EBS volume snapshots daily or weekly, you will quickly accumulate snapshots. Check for stale snapshots that are over 30 days old and delete them to reduce storage costs.

Answer 612

A. Controls what IP address ranges can connect to your database instance In Amazon RDS, security groups are used to control which IP address ranges can connect to your databases on a DB instance. When you initially create a DB instance, its firewall prevents any database access except through rules specified by an associated security group.

Answer 613

C. Consolidate billing across multiple AWS accounts and D. Control access to AWS services AWS Organizations has five main benefits: 1) Centrally manage access polices across multiple AWS accounts. 2) Automate AWS account creation and management. 3) Control access to AWS services. 4) Consolidate billing across multiple AWS accounts. 5) Configure AWS services across multiple accounts. ** Control access to AWS services: AWS Organizations allows you to restrict what services and actions are allowed in your accounts. You can use Service Control Policies (SCPs) to apply permission guardrails on AWS Identity and Access Management (IAM) users and roles. For example, you can apply an SCP that restricts users in accounts in your organization from launching any resources in regions that you do not explicitly allow. ** Consolidate billing across multiple AWS accounts: You can use AWS Organizations to set up a single payment method for all the AWS accounts in your organization through consolidated billing. With consolidated billing, you can see a combined view of charges incurred by all your accounts, as well as take advantage of pricing benefits from aggregated usage, such as volume discounts for Amazon EC2 and Amazon S3.

Answer 614

AWS Billing and Cost Management is the service that allows you to manage your organization’s payment methods.

Answer 615

C. Apply cost allocation tags to segment AWS costs by different projects and departments A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a value. A key can have more than one value. You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS uses the cost allocation tags to organize your resource costs on your cost allocation report, to make it easier for you to categorize and track AWS costs across different departments. Amazon Aurora is a relational database service, not a cost management service. The name of the service that performs this function is AWS Cost Explorer. The AWS Price List API is used to know the prices of AWS services. The AWS Price List API does not send billing updates to AWS Customers. AWS Pricing Calculator does not record any information about your AWS cost and usage. AWS Pricing Calculator is just a tool for estimating your monthly AWS bill based on your expected usage. For example, to estimate your monthly AWS CloudFront bill, you just enter your expected CloudFront usage (Data Transfer Out, Number of requests, etc.) and AWS Pricing Calculator provides an estimate of your monthly bill for CloudFront.

Answer 616

The AWS Price List API is used to know the prices of AWS services.

Answer 617

B. Use CloudWatch Alarms to monitor the CPU and alert when the CPU usage is >= 60% Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real time. You can use CloudWatch to collect and track metrics, which are variables you can measure for your resources and applications. CloudWatch alarms send notifications or automatically make changes to the resources you are monitoring based on rules that you define. For example, you can monitor the CPU usage and disk reads and writes of your Amazon EC2 instances and then use this data to determine whether you should launch additional instances to handle increased load. You can also use this data to stop under-used instances to save money. In addition to monitoring the built-in metrics that come with AWS, you can monitor your own custom metrics. With CloudWatch, you gain system-wide visibility into resource utilization, application performance, and operational health.

Answer 618

A. By enabling S3 Versioning Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. With versioning, you can recover more easily from both unintended user actions and application failures. Versioning-enabled buckets can help you recover objects from accidental deletion or overwrite. For example, if you delete an object, instead of removing it permanently, Amazon S3 inserts a delete marker, which becomes the current object version. Also, If you overwrite an object, it results in a new object version in the bucket. You can always restore the previous version.

Answer 619

With S3 Lifecycle configuration rules, you can tell Amazon S3 to transition objects to less expensive storage classes, or archive or delete them. In order to reduce your Amazon S3 costs, you should create a lifecycle policy to automatically move old (or infrequently accessed) files to less expensive storage tiers, or to automatically delete them after a specified duration. The S3 Lifecycle feature is not meant to protect from accidental deletion of data.

Answer 620

A bucket policy is a resource-based AWS Identity and Access Management (IAM) policy. You add a bucket policy to a bucket to grant other AWS accounts or IAM users access permissions for the bucket and the objects in it. A Bucket Policy defines who can access a bucket, but does not help if an authorized user accidentally deleted objects in that bucket.

Answer 621

D. Performance Efficiency The AWS Well-Architected Framework describes the key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. The six Pillars of the AWS Well-Architected Framework: (IMPORTANT) 1- Operational Excellence 2- Security 3- Reliability 4- Performance Efficiency 5- Cost Optimization 6- Sustainability The correct answer is: Performance Efficiency The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve. The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. A resilient workload quickly recovers from failures to meet business and customer demand. Key topics include distributed system design, recovery planning, and how to handle change. The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. Key topics include automating changes, responding to events, and defining standards to manage daily operations. The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. Key topics include confidentiality and integrity of data, identifying and managing who can do what with privilege management, protecting systems, and establishing controls to detect security events.

Answer 622

B. AWS DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. DynamoDB enables customers to offload the administrative burdens of operating and scaling distributed databases to AWS so that they do not have to worry about hardware provisioning, setup and configuration, throughput capacity planning, replication, software patching, or cluster scaling.

Answer 623

A. EC2 launch type Amazon Elastic Container Service (Amazon ECS) has two modes: Fargate launch type (serverless) and EC2 launch type (server-based). The Fargate launch type allows you to run containers without having to manage servers or clusters. The EC2 launch type allows you to have server-level, more granular control over the infrastructure that runs your container applications.

Answer 624

A. Protects customers by performing periodic security checks on listed products and B. Provides flexible pricing options that suit most customer needs The AWS Marketplace is a curated digital catalogue that makes it easy for customers to find, buy, and immediately start using the software and services that customers need to build solutions and run their businesses. The AWS Marketplace includes thousands of software listings from popular categories such as security, networking, storage, machine learning, business intelligence, database, and DevOps. AWS Marketplace is designed for Independent Software Vendors (ISVs), Value-Added Resellers (VARs), and Systems Integrators (SIs) who have software products they want to offer to customers in the cloud. Partners use AWS Marketplace to be up and running in days and offer their software products to customers around the world. The AWS Marketplace provides value to buyers in several ways: 1- It simplifies software licensing and procurement with flexible pricing options and multiple deployment methods. Flexible pricing options include free trial, hourly, monthly, annual, multi-year, and BYOL. 2- Customers can quickly launch pre-configured software with just a few clicks, and choose software solutions in AMI and SaaS formats, as well as other formats. 3- It ensures that products are scanned periodically for known vulnerabilities, malware, default passwords, and other security-related concerns. The AWS marketplace cannot be used to buy Amazon EC2 on-demand instances. The AWS Marketplace provides software solutions that run on AWS only. The AWS marketplace pricing options include free trial, hourly, monthly, annual, multi-year, and BYOL. Per-second billing is found on AWS resources and services only. It is not found in the marketplace.

Answer 625

B. Amazon Aurora and E. S3 For S3 Standard, S3 Standard-IA, and S3 Glacier storage classes, your objects are automatically stored across multiple devices spanning a minimum of three Availability Zones, each on different power grids within an AWS Region. This means your data is available when needed and protected against AZ failures. Amazon Aurora is an Amazon RDS database engine. All of your data in Amazon Aurora is automatically replicated across three Availability Zones within an AWS region, providing built-in high availability and data durability. Other Amazon RDS database engines (PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server) do not replicate data automatically. To protect from data loss when using any of these engines, you need to manually enable the Multi-AZ feature. In a Multi-AZ Deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. If you encounter problems with the primary copy, Amazon RDS automatically switches to the standby copy to provide continued availability to the data.

Answer 626

C. They remove the need to buy "safety net" capacity to handle periodic traffic spikes and E. You can increase or decrease your compute capacity depending on the demands of your application With On-Demand instances, you pay for compute capacity by the hour or the second depending on which instances you run. No longer-term commitments or upfront payments are needed. You can increase or decrease your compute capacity depending on the demands of your application and only pay for what you use. The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. On-Demand instances also remove the need to buy “safety net” capacity to handle periodic traffic spikes.

Answer 627

A. AWS account root user and B. IAM user An IAM user group and an IAM role represent other IAM Identities that serve different purposes in the AWS IAM. TAM refers to the AWS technical account manager. An AWS IAM user might need to make API calls or use the AWS CLI. In that case, you need to create an access key (access key ID and a secret access key) for that user. You can create IAM user access keys with the IAM console, AWS CLI, or AWS API. To create access keys for your AWS account root user, you must use the AWS Management Console. Note: Having access keys for your root user is not considered best practice. Anyone who has root user access keys for your AWS account has unrestricted access to all the resources in your account, including billing information. If you don't already have an access key for your AWS account root user, don't create one unless you absolutely need to. The following tasks can only be performed if you have root user credentials: 1- Change your account settings. This includes the account name, root user password, and email address. 2- Activate IAM access to the Billing and Cost Management console. 3- Close your AWS account. 4- Change your AWS Support plan or Cancel your AWS Support plan. 5- Register as a seller in the Reserved Instance Marketplace. 6- Configure an Amazon S3 bucket to enable MFA (multi-factor authentication) Delete. The AWS account owner (root account) configure MFA delete on a bucket to help ensure that the data in their bucket cannot be accidentally deleted. For a full list of the tasks that require root user credentials visit this link: https://docs.aws.amazon.com/accounts/latest/reference/root-user-tasks.html

Answer 628

A. Security Groups and Network ACLs Security Groups and Network Access Control Lists (Network ACLs) are the two parts of the VPC Security Layer. Security Groups are a firewall at the instance layer, and Network ACLs are a firewall at the subnet layer. Traffic manager is an Azure service, not an AWS service. Internet Gateways provide access for a VPC and subnet to reach the internet. They are not directly attached to EC2 instances. Subnets are where EC2 instances reside, but they do not actually control ingress and egress traffic themselves.

Answer 629

D. AWS has many common assurance certifications such as ISO9001 and HIPAA AWS environments are continuously audited, and its infrastructure and services are approved to operate under several compliance standards and industry certifications across geographies and industries, including PCI DSS, ISO 2700, ISO 9001, and HIPAA. You can use these certifications to validate the implementation and effectiveness of AWS security controls. For example, AWS companies that use AWS products and services to handle credit card information can rely on AWS technology infrastructure as they manage their PCI DSS compliance certification. In all cases, customers operating in the cloud remain responsible for complying with applicable laws and regulations. AWS services are assessed regularly to comply with common compliance standards NOT with local laws and regulations. AWS environments are continuously audited, and its infrastructure and services are approved to operate under several compliance standards and industry certifications across geographies and industries. For example, AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure AWS environment to process, maintain, and store protected health information.

Answer 630

A. Amazon Route 53 Amazon Route 53 helps AWS Customers improve their application’s performance for a global audience. Amazon Route 53 latency-based policy routes user requests to the closest AWS Region, which reduces latency and improves application performance. AWS Systems Manager Session Manager does not route traffic.

Answer 631

AWS Systems Manager Session Manager is an AWS Systems Manager capability that allows users to connect to an EC2 instance with just one click from the browser (or AWS CLI) without having to provide SSH Key Pairs. Session Manager helps you improve your security posture by letting you close SSH inbound ports, freeing you from managing SSH keys, and bastion hosts.

Answer 632

A. Access to the full set of Trusted Advisor checks and C. AWS Health API AWS recommend Business Support if you have production workloads on AWS and want 24x7 access to technical support and architectural guidance in the context of your specific use-cases. The AWS Business support plan provides 1-hour response time support if your production system goes down. If you want less than 15-minutes response time, you must subscribe to the AWS Enterprise or Enterprise On-Ramp support plan. In addition to what is available with Basic Support, Business Support provides: 1- AWS Trusted Advisor - Access to the full set of Trusted Advisor checks and guidance to provision your resources following best practices to help reduce costs, increase performance and fault tolerance, and improve security. 2- AWS Health Dashboard - A personalized view of the health of AWS services, and alerts when your resources are impacted. Also includes the AWS Health API for integration with your existing management systems. AWS Health API is available only for AWS customers who have a Business, Enterprise On-Ramp, or Enterprise support plan. 3- Enhanced Technical Support – 24x7 access to Cloud Support Engineers via phone, chat, and email. You can have an unlimited number of contacts that can open an unlimited amount of cases. Response times are as follows: - General Guidance - < 24 hours - System Impaired - < 12 hours - Production System Impaired - < 4 hours - Production System Down - < 1 hour 4- Architecture Support – Contextual guidance on how services fit together to meet your specific use-case, workload, or application. 5- AWS Support API - Programmatic access to AWS Support Center features to create, manage, and close your support cases, and operationally manage your Trusted Advisor check requests and status. 6- Access to Proactive Support Programs – Ability to purchase Infrastructure Event Management for an additional fee. This provides Architecture and scaling guidance, and real-time operational support during the preparation and execution of planned events, product launches, and migrations. AWS support plans differ on what level of architectural support each of them provides. - The AWS Enterprise On-Ramp and Enterprise support plans provide consultative review and guidance based on your applications. - The AWS Business Support provides contextual architectural guidance on what AWS products, features, and services to use to best support your specific use-case, workload, or application. - The AWS Developer Support provides general architectural guidance on how to use AWS products, features, and services together to best support your specific use-case, workload, or application. Proactive Technical Account Management is only available for AWS customers who have an Enterprise On-Ramp or Enterprise support plan. A Technical Account Manager (TAM) is your designated technical point of contact who provides advocacy and guidance to help plan and build solutions using best practices, coordinate access to subject matter experts and product teams, and proactively keep your AWS environment operationally healthy.

Answer 633

B. Amazon EBS Amazon EBS provides durable, block-level storage volumes that you can attach to a running EC2 instance. You can use Amazon EBS as a primary storage device for data that requires frequent and granular updates. Amazon EBS is the recommended storage option when you run a database on an EC2 instance. You can install and run any database software you want on Amazon EC2. In this case, you are responsible for managing everything related to this database.

Answer 634

C. AWS Marketplace The AWS Marketplace is a curated digital catalogue that makes it easy for customers to find, buy, deploy, and manage third-party software and services that customers need to build solutions and run their businesses. The AWS Marketplace includes thousands of software listings from popular categories such as security, networking, storage, machine learning, business intelligence, database, and DevOps. The AWS Marketplace also simplifies software licensing and procurement with flexible pricing options and multiple deployment methods. Customers can quickly launch pre-configured software with just a few clicks, and choose software solutions in AMI and SaaS formats, as well as other formats. Flexible pricing options include free trial, hourly, monthly, annual, multi-year, and BYOL. AWS Amplify is not a software marketplace.

Answer 635

AWS Application Discovery Service helps AWS customers quickly and reliably plan application migration projects by automatically identifying applications running in on-premises data centres, their associated dependencies, and their performance profiles. Planning data centre migrations can involve thousands of workloads that are often deeply interdependent. Application discovery and dependency mapping are important early first steps in the migration process, but these tasks are difficult to perform at scale due to the lack of automated tools. AWS Application Discovery Service automatically collects configuration and usage data from servers, storage, and networking equipment to develop a list of applications, how they perform, and how they are interdependent. This information helps reduce the complexity and time in planning your cloud migration.

Answer 636

AWS Amplify consists of a set of tools (open-source framework, admin UI, console) and services that makes it quick and easy for front-end web and mobile developers build full-stack applications on AWS, with the flexibility to leverage the breadth of AWS services to further customize applications. Amplify supports popular languages, frameworks, and platforms, including JavaScript, React, Angular, Vue, and Next.js for web apps, and Android, iOS, React Native, Ionic, and Flutter for mobile apps.

Answer 637

C. Ensure that AWS services are configured properly to meet all PCI DSS standards and D. Restrict any access to cardholder data and create a policy that addresses information security for all personnel. The Payment Card Industry Data Security Standard (PCI DSS) helps ensure that companies maintain a secure environment for storing, processing, and transmitting credit card information or sensitive authentication data (SAD). AWS customers who use AWS services to store, process, or transmit cardholder data can rely on AWS infrastructure as they manage their own PCI DSS compliance certification. Security and compliance are important shared responsibilities between AWS and the customer. It is the customer’s responsibility to maintain their PCI DSS cardholder data environment (CDE) and scope, and be able to demonstrate compliance of all PCI controls, but customers are not alone in this journey. The use of PCI DSS compliant AWS services can facilitate customer compliance, and the AWS Security Assurance Services team can assist customers with additional information specific to demonstrating the PCI DSS compliance of their AWS workloads. AWS Services listed as PCI DSS compliant means that they can be configured by customers to meet their PCI DSS requirements. It does not mean that any use of that service is automatically compliant. A good rule-of-thumb is that if a customer can set a particular configuration, they are responsible for setting it appropriately to meet PCI DSS requirements. AWS customers are also responsible for creating a policy that addresses information security for all personnel, and implementing strong access controls to restrict any access to cardholder data. Only certain AWS services are in-scope for PCI compliance. You can find a full list of in-scope services here. https://aws.amazon.com/compliance/services-in-scope/

Answer 638

A. Amazon Athena and D. Amazon Redshift Spectrum Amazon Athena is an analytics service that makes it easy to query data in Amazon S3 using standard SQL commands. With Athena, there’s no need for complex ETL jobs to prepare your data for analysis. This makes it easy for anyone with SQL skills to quickly analyse large-scale datasets. Athena is serverless, so there is no infrastructure to setup or manage, and you can start analysing your data immediately. Amazon Redshift Spectrum is a feature of Amazon Redshift that enables you to run SQL queries against exabytes of data in Amazon S3, with no loading or ETL required. This enables you to use your data to acquire new insights for your business and customers.

Answer 639

D. Deploy the application in multiple Availability Zones in multiple AWS regions Since you are targeting a global audience, you should leverage AWS global regions to serve content to your users. The deployment option that gives you the highest redundancy is to deploy the application in multiple Availability Zones within multiple AWS regions. This redundancy will also increase the fault tolerance of the application because if there is an outage in a single Availability Zone, the other Availability Zones can handle requests. Additional information: It is important to understand that the AWS Cloud infrastructure is built around Regions and Availability Zones (AZs). A Region is a geographical location that contains multiple Availability Zones. Each AWS Region is designed to be completely isolated from the other AWS Regions. This achieves the greatest possible fault tolerance and stability. An Availability Zone is a data centre, or data centres, that are completely isolated from the other Availability Zones. Each AWS Region has at least two Availability Zones; most have three. Each Availability Zone is engineered to be independent from failures in other Availability Zones. Deploying your resources across multiple Availability Zones offers you the ability to operate production applications and databases that are more resilient, highly available, and scalable than would be possible from a single data centre.

Answer 640

A. AWS Control Tower You can use AWS Control Tower or AWS Organizations to set up and manage a secure, well-architected, multi-account AWS environment. With AWS Organizations, you build your environment from the ground up, which requires more upfront effort with full control over every aspect of your environment. AWS Control Tower provides built-in best-practice blueprints, guardrails, and automation features that help you build your multi-account environment quickly and easily. If you're a customer with multiple AWS accounts and teams, cloud setup and governance can be complex and time-consuming, slowing down the very innovation you're trying to speed up. AWS Control Tower provides the easiest way to set up a secure, multi-account AWS environment. For ongoing governance, you can enable pre-configured guardrails, which are clearly defined rules for security, operations, and compliance. Guardrails help prevent deployment of resources that don't conform to policies and continuously monitor deployed resources for non-conformance. The AWS Control Tower dashboard provides centralized visibility into the multi-account AWS environment, including accounts provisioned, guardrails enabled, and the compliance status of accounts. Q: What is the difference between AWS Control Tower and AWS Organizations? AWS Control Tower creates an abstraction or orchestration layer that combines and integrates the capabilities of several other AWS services, including AWS Organizations, AWS Single Sign-on, and AWS Service Catalog. AWS Control Tower offers an abstracted, automated, and prescriptive experience on top of AWS Organizations. It automatically sets up AWS Organizations as the underlying AWS service to organize accounts and implements preventive guardrails using service control policies (SCPs).

Answer 641

Kinesis Video Streams makes it easy to securely stream video from connected devices to AWS for analytics, machine learning (ML), and other processing. Durably stores, encrypts, and indexes video data streams, and allows access to data through easy-to-use APIs. Producers provide data streams. Stores data for 24 hours by default, up to 7 days. Consumers receive and process data. Can have multiple shards in a stream. Supports encryption at rest with server-side encryption (KMS) with a customer master key.

Answer 642

The are several AWS Analytics services and these include: Amazon Athena Amazon EMR Amazon CloudSearch Amazon Opensearch Service Amazon Kinesis Amazon QuickSight Amazon Data Pipeline AWS Glue AWS Lake Formation Amazon MSK

Answer 643

Public Cloud – e.g. AWS, Microsoft Azure, Google Cloud Platform (GCP). Hybrid Cloud – a mixture of public and private clouds. Private Cloud (on-premises) – a cloud managed in your own data centre, e.g. Hyper-V, OpenStack, VMware.

Answer 644

Names must be unique across all of AWS. Names must be 3 to 63 characters in length. Names can only contain lowercase letters, numbers, and hyphens. Names cannot be formatted as an IP address.

Answer 645

Names must be unique across all of AWS. Names must be 3 to 63 characters in length. Names can only contain lowercase letters, numbers, and hyphens. Names cannot be formatted as an IP address. Encryption can be enabled for a bucket. When you create a bucket you need to select the region where it will be created. It is a best practice to create buckets in regions that are physically closest to your users to reduce latency.

Answer 646

Key (name of the object). Value (data made up of a sequence of bytes). Version ID (used for versioning). Metadata (data about the data that is stored). Subresources: Access control lists. Torrent. Object sharing – the ability to make any object publicly available via a URL. Lifecycle management – set rules to transfer objects between storage classes at defined time intervals. Versioning – automatically keep multiple versions of an object (when enabled).

Answer 647

Storage. Requests. Storage management pricing. Data transfer pricing. Transfer acceleration.

Answer 648

See image.

Answer 649

To make Extract Transform and Load (ETL) easier. Allows you to visually compose data transformation workflows and seamlessly run them on AWS Glue’s Apache Spark-based serverless ETL engine.

Answer 650

See image.

Answer 651

See image.

Answer 652

The hourly price for a Spot Instance is called a Spot Price. A Spot Instance is an instance that uses spare EC2 capacity that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs significantly. A Spot Price varies based upon demand.

Answer 653

Route traffic to multiple resources based upon user location.

Answer 654

Divert traffic in proportions to multiple resources.

Answer 655

Amazon Cognito User Pools is a managed service which can be used to manage user authentication to mobile applications. It can scale up to millions of users. It supports direct user sign in as well as federated users using social and enterprise identity providers.

Answer 656

Amazon Cognito Identity Pools are used to provide privilege credentials for accessing AWS services. Amazon Cognito User pools are used for authenticating users while identity pools will provide authorisation for accessing AWS resources.

Answer 657

AWS Single Sign-On is best suited for authenticating employees for accessing AWS services & is not useful for authenticating users to access mobile applications.

Answer 658

A. AWS Detective - for responding to and identifying potential threats AWS Detective is a persistent machine learning-driven service that automatically collates log data from all AWS resources. This log data is then applied into machine learning algorithms to derive data patterns between AWS services and resources, graph theory and statistical analysis. This information allows the user to proactively visualise their AWS environment from a security standpoint, thereby allowing them to quickly and efficiently conduct security investigations when incidents occur. AWS Macie primarily matches and discovers sensitive data such as personally identifiable information (PII) but does not have the capability to keep track of data behaviours between AWS services to detect anomalies. AWS Shield is a Distributed Denial of Service (DDoS) protection service that applies to applications running in the AWS environment. The services does not have machine learning capability to keep track of data behaviours between AWS services. Amazon CloudWatch Anomaly Detection is a machine learning feature limited to Amazon CloudWatch metrics. It does not extend to all the AWS services. For further information, see: https://aws.amazon.com/products/security/detection-and-response/ https://aws.amazon.com/detective/

Answer 659

A machine learning feature limited to Amazon CloudWatch metrics.

Answer 660

The key components of a VPC include at least one subnet, security groups, network access control lists (NACLs), and internet gateways.

Answer 661

Frees AWS account managers up to produce new services (there are just too many customers otherwise). Customers will likely need support and guidance through the various AWS services available. Many of challenges are non-technical – e.g. culture and process change in procurement and management.

Answer 662

1. Elastic - Scale capacity as computing requirements change 2. Flexible - Resize compute capacity 3. Secure - Configure security and network access 4. Reduced cost - Pay only for capacity used

Answer 663

1. Elastic - Scale file storage as requirements change 2. Flexible - Choose volume types 3. Secure - Encrypt and replicate to protect data 4. Reduced cost - Pay only for storage used A reliable, scalable, and secure place for data.

Answer 664

AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions. Using Migration Hub allows you to choose the AWS and partner migration tools that best fit your needs, while providing visibility into the status of migrations across your portfolio of applications. For example, you might use AWS Database Migration Service, AWS Server Migration Service, and partner migration tools such as ATADATA ATAmotion, CloudEndure Live Migration, or RiverMeadow Server Migration SaaS to migrate an application comprised of a database, virtualized web servers, and a bare metal server. Using Migration Hub, you can view the migration progress of all the resources in the application. https://aws.amazon.com/migration-hub/features/

Answer 665

The sheer scale and geographic redundancy of the physical and networking resources owned by AWS mean that the company is able to guarantee a level of reliability and availability that would be hard to reproduce in any other environment.

Answer 666

Access to cloud infrastructure – sometimes for pennies per hour – makes it possible to experiment, sandbox, and regularly reassess and update application stacks.

Answer 667

AWS Support Concierge The AWS Support Concierge Service assists customers with account and billing enquiries.

Answer 668

The AWS Knowledge Centre helps answer the questions most frequently asked by AWS customers. It is available for everyone free of charge. It is not part of the Enterprise Support Plan. It also does not provide guidance on a case-by-case basis.

Answer 669

2. Reduced Capital Expenditure (CapEx) Capital expenditures (CapEx) are a company's major, long-term expenses, while operating expenses (OpEx) are a company's day-to-day expenses. Examples of CapEx include physical assets such as buildings, equipment, and machinery. Examples of OpEx include employee salaries, rent, utilities, and property taxes. AWS enables businesses to leverage high-end technologies and infrastructure needs with low CapEx and low OpEx. The AWS pay-as-you-go model reduces investments in large capital expenditures. In addition, you can reduce the operating expense (OpEx) costs involved with the management and maintenance of data. This frees up budget, allowing you to quickly act on innovative initiatives that can’t be easily pursued when managing physical data centres. Enterprise customers require access to technical support and other AWS support features. These support features are available only for paid support plans. Data protection is a customer responsibility. AWS customers have to decide which data should be public or private, set up how their data will be accessed, and decide whether this data will be encrypted or not and so on. AWS customers are responsible for building, deploying, and managing their applications.

Answer 670

4. Edge locations are used by CloudFront to distribute traffic across multiple instances to reduce latency AWS Edge Locations are not used to distribute traffic. Edge Locations are used in conjunction with the CloudFront service to cache common responses and deliver content to end-users with low latency. With Amazon CloudFront, your users can also benefit from accelerated content uploads. As the data arrives at an edge location, data is routed to AWS storage services over an optimized network path. The AWS service that is used to distribute load is the AWS Elastic Load Balancing (ELB) service. https://aws.amazon.com/cloudfront/features/

Answer 671

2. Multi-AZ Deployment and 3. Read Replicas In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups. Running a DB instance with high availability can enhance availability during planned system maintenance, and help protect your databases against DB instance failure and Availability Zone disruption. Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This feature makes it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas provide a complementary availability mechanism to Amazon RDS Multi-AZ Deployments. You can promote a read replica if the source DB instance fails. You can also replicate DB instances across AWS Regions as part of your disaster recovery strategy. This functionality complements the synchronous replication, automatic failure detection, and failover provided with Multi-AZ deployments. Edge Locations are not a feature of Amazon RDS. Edge locations are used by the CloudFront service to distribute content globally. The purpose of patching is to resolve functionality issues, improve security or add new features. AWS Regions are not a feature of Amazon RDS. AWS Regions are separate geographic areas around the world that AWS uses to provide its Cloud Services, including Regions in North America, South America, Europe, Asia Pacific, and the Middle East. Choosing a specific AWS Region depends on its proximity to end-users, data sovereignty, and costs.

Answer 672

3. Deploy AWS resources to another AWS Region and implement an Active-Active disaster recovery strategy. Disaster recovery is about preparing for and recovering from events that have a negative impact on your business continuity or finances. This could be a natural disaster, hardware or software failure, a network outage, a power outage, physical damage to a building like fire or flooding, or some other significant disaster. In AWS, customers have the flexibility to choose the disaster recovery approach that fits their budget. The approaches could be as a minimum backup and restore from another AWS Region or a full-scale multi-region Active-Active solution. With the multi-region Active-Active solution, your workload is deployed to, and actively serving traffic from, multiple AWS Regions. If an entire Region goes down because of a natural disaster or any other reason, the other Regions will still be available and able to serve user requests. A natural disaster may affect an entire Region, including all Availability Zones within that Region. Edge locations are not used for disaster recovery. Edge locations are used by CloudFront to cache and distribute content from a geographical location close to users. A subnet is a range of IP addresses within a VPC. https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/wellarchitected-reliability-pillar.pdf#plan-for-disaster-recovery-dr

Answer 673

4. Amazon ECS and 5. Amazon Elastic Kubernetes Service Amazon Elastic Container Service (Amazon ECS) is a highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS. Amazon ECS eliminates the need for you to install and operate your own container orchestration software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines. Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that allows you to use Kubernetes to run and scale containerized applications in the cloud or on-premises. Kubernetes is an open-source container orchestration system that allows you to deploy and manage containerized applications at scale. AWS handles provisioning, scaling, and managing the Kubernetes instances in a highly available and secure configuration. This removes a significant operational burden and allows you to focus on building applications instead of managing AWS infrastructure.

Answer 674

Ultra-low-latency mobile edge computing. Suited for 5G applications, interactive and immersive experiences, and connected vehicles

Answer 675

AWS Data Pipeline is a web service that makes it easy to schedule regular data movement and data processing activities in the AWS cloud.

Answer 676

Delegation is when we access another AWS account from an AWS account and federation is when we SSO or access resources on an AWS account using an external identity such as web (google, FB) or idP (SAML).

Answer 677

You can use a “Cost and Usage Report”, you can set this report up to deliver to S3. The costs and usage reports show you your monthly spend by service.

Answer 678

• For Java use Beanstalk or autoscaled EC2 or Kubernetes, this meets the autoscaling requirement • Use DynamoDB for scalable and highly available backend • Use X-Ray for tracing • Use CloudWatch logs for log visibility • Use CloudWatch metrics for performance visibility

Answer 679

I can use CloudWatch events to trigger an event to run lambda functions.

Answer 680

Stop guessing your capacity needs Test systems at production scale Automate to make architectural experimentation easier Allow for evolutionary architectures Drive architectures using data Improve through game days

Answer 681

Scalability Disposable Resources Automation Loose Coupling Think in services not servers

Answer 682

A free tool to review your architectures against the 5 pillars of the well architected framework

Answer 683

IoT stands for Internet of Things. The network of internet connected devices that are able to collect and transfer data. Core allows you to easily connect IoT devices to the AWS Cloud. Server-less, secure, and scalable

Answer 684

Create and run virtual reality, augmented reality, and 3D apps. Easy to use and accessible via a web-browser

Answer 685

Used to convert media files stored in S3 into media files in the formats required by consumer playback devices

Answer 686

Docker Repositories Public: Docker Hub Private: Amazon ECR (Elastic Container Registry)

Answer 687

Pay per request and compute time Free tier of 1 million AWS Lambda requests and 400k GBs of compute time Event-driven: functions get invoked by AWS when needed Integrated with many programming languages Easy monitoring through AWS CloudWatch Easy to get more resources per functions (up to 3GB of RAM) Increasing RAM will also improve CPU and network

Answer 688

API Gateway

Answer 689

Elastic Container Registry

Answer 690

Definition of a maximum and minimum of EC2 Instances running

Answer 691

There are no servers

Answer 692

Happens when needed

Answer 693

Per call and per duration

Answer 694

For people with little cloud experience. No auto-scaling, but has high availability

Answer 695

Virtual servers, storage, databases, and networking with low and predictable pricing.

Answer 696

Lambda: time limit, limited runtime, limited temporary disk space, server-less Batch: no time limit, any runtime as long as it’s packaged as a docker image, rely on EBS / instance store for disk space, relies on EC2 (can be managed by AWS)

Answer 697

Big cost savings and less focus on infrastructure

Answer 698

A job with a start and an end (as opposed to continuous). Will dynamically launch EC2 Instances or Spot Instances. Defined as Docker Images and run on ECS

Answer 699

Fully managed batch processing at any scale

Answer 700

Client uses REST API to ask for data Request hits API Gateway Proxy request goes to lambda Crud to DynamoDB proxy request goes to API Gateway Response goes to client

Answer 701

Fully managed service for developers to easily create, publish, maintain, monitor, and secure APIs. Server-less and scalable. Supports RESTful APIs and WebSocket APIs. Support for security, user auth, API throttling, API keys, monitoring…

Answer 702

Pay for call, with first million free Pay for duration (in increment of 1 ms). Very cheap

Answer 703

Allows you to run docker container images on top of lambda. EC2 and Fargate is preferred for running arbitrary Docker images

Answer 704

No functions to manage Limited by time - short executions Run on-demand Scaling is automated

Answer 705

Amazon S3 DynamoDB Fargate Lambda

Answer 706

No, you just don’t manage / provision / see them

Answer 707

Server-less is a new paradigm in which the developers don’t have to manage servers anymore. Includes anything that is managed.

Answer 708

Elastic Container Registry. Private Docker Registry on AWS. You store your images here so you can run them on ECS or Fargate

Answer 709

Used to launch docker containers on AWS, but you do not need to provision the infrastructure. (server-less)

Answer 710

AWS takes care of starting/stopping containers

Answer 711

You must provision and maintain the infrastructure (the EC2 instances)

Answer 712

Elastic Container Service. Used to launch docker containers on AWS

Answer 713

Docker is a software development platform to deploy apps. Scales up and down

Answer 714

If someone gains access, they could do some serious damage

Answer 715

Decreased latency Disaster Recovery Attack protection

Answer 716

Regions AZs Edge Locations

Answer 717

A collection of rules and records which helps clients understand how to reach a server through URLs

Answer 718

An application deployed in multiple geographies

Answer 719

Simple Routing Policy Weighted Routing Policy Latency Routing Policy Failover Routing Policy

Answer 720

Run an on-demand EC2 instance only when necessary.

Answer 721

Scalability

Answer 722

False: You can always check the status of services on the AWS Service Health Dashboard.

Answer 723

The Basic plan is free.

Answer 724

Amazon S3 Glacier

Answer 725

Amazon’s online documentation, where the URL will usually follow this format: aws.amazon.com//pricing/

Answer 726

False: Even though Lambda and similar services are described as “serverless,” the servers running their code are simply “hidden” from the customer view.

Answer 727

Yes, using VPC Peering

Answer 728

A network access control list (ACL)

Answer 729

Yes, using Amazon WorkSpaces

Answer 730

Yes, using an AWS Storage Gateway appliance

Answer 731

A virtual private cloud (VPC)

Answer 732

Amazon Athena

Answer 733

Assign your users to groups so you only need to edit group permissions.

Answer 734

Purchase an EC2 reserved instance.

Answer 735

One full year

Answer 736

AWS white papers

Answer 737

Software development kits (SDKs)

Answer 738

Apply resource tags consistently.

Answer 739

Using resource groups (through AWS Systems Manager)

Answer 740

AWS has the money and expertise to achieve security best practices.

Answer 741

Enable Multi-AZ to replicate your data.

Answer 742

Using Amazon Elastic Map Reduce (EMR)

Answer 743

A set of visualization tools and wizards designed to guide users through the creation of machine learning models

Answer 744

AWS Simple Notification Service

Answer 745

AWS Artifact

Answer 746

AWS Cost Explorer

Answer 747

Developer Tools

Answer 748

Yes, using AWS Direct Connect

Answer 749

False: PaaS services (like Elastic Beanstalk) do simplify infrastructure administration, but they still offer significant control over the application environment.

Answer 750

No. Customers are responsible for the security and maintenance of their applications.

Answer 751

Amazon Elastic Container Service (ECS—and its Fargate subset) and Amazon Elastic Container Service for Kubernetes (EKS)

Answer 752

Amazon Machine Images (AMIs)

Answer 753

Elastic Beanstalk

Answer 754

AWS Simple Email Service

Answer 755

AWS Trusted Advisor

Answer 756

AWS CloudTrail

Answer 757

AWS CodeBuild

Answer 758

Virtualized servers and enormous operational scale

Answer 759

Capturing and analysing very large volumes of data streaming generated by multiple log, transaction, and social media sources

Answer 760

The AWS CLI

Answer 761

EC2 instance store volumes

Answer 762

AWS Budgets

Answer 763

Any deployment that includes multiple classes of resources. Combining front-end EC2 web servers, an RDS database instance, and an Elastic Load Balancer would be a common example.

Answer 764

Amazon ElastiCache

Answer 765

AWS Organizations

Answer 766

The self-service, pay-per-use payment model allows for a high level of automation.

Answer 767

Amazon Elastic Transcoder

Answer 768

False: AZs within a single Region are connected directly over a low-latency network.

Answer 769

Yes, using VPC Peering

Answer 770

AWS Cost and Usage Reports. The costs and usage reports show you your monthly spend by service.

Answer 771

AWS CloudFormation

Answer 772

The Security Credentials Dashboard

Answer 773

The Region currently selected in the console is not the same Region where your instance is running.

Answer 774

Instance type

Answer 775

An internet gateway

Answer 776

Accounts with either Business- or Enterprise-level support subscriptions

Answer 777

Amazon Aurora

Answer 778

A security group

Answer 779

A single, unified interface through which you can monitor and automate the administration of resources running in multiple AWS services account-wide

Answer 780

The AWS Simple Monthly Calculator

Answer 781

$4,200 (7 percent of $60,000)

Answer 782

Multifactor authentication (MFA)

Answer 783

False: S3 is an object storage system. Elastic Block Storage (EBS) is the better choice for file systems.

Answer 784

S3 Standard-IA, offering 99.9 percent availability against 99.5 percent for S3 One Zone-IA

Answer 785

Data retrieval can be slow, sometimes measured in hours.

Answer 786

An Elastic Block Store (EBS) volume

Answer 787

A fast and scalable data warehouse service

Answer 788

Relational or Structured Query Language (SQL)

Answer 789

By enabling Lifecycle Management

Answer 790

Connectivity

Answer 791

Input/output operations per second (IOPS)

Answer 792

A Git-compatible software code repository that’s integrated with other AWS services

Answer 793

AWS Auto Scaling

Answer 794

AWS CloudWatch

Answer 795

Container virtualization

Answer 796

AWS Snowball

Answer 797

AWS Key Management Service

Answer 798

Free access to lightweight versions of many core services

Answer 799

AWS CodePipeline

Answer 800

A tool for directly managing user sign-up and sign-in for your website or mobile apps

Answer 801

False: There are default limits to the volume of service resources consumed by customers.

Answer 802

The Burstable Performance instance class

Answer 803

A managed service allowing you to share file system objects between EC2 instances across your AWS account and, through AWS Direct Connect or AWS VPN connections, with on-premises infrastructure

Answer 804

AWS Config

Answer 805

Federation (Identity Providers)

Answer 806

1. They can help you confirm that your deployment infrastructure is compliant with regulatory standards. and 2. They can provide insight into various regulatory and industry standards that represent best practices. AWS Artifact documents are about AWS infrastructure compliance with external standards. They tangentially can also provide insight into best practices. They do not represent internal AWS design or policies.

Answer 807

4. Standard The Standard retrieval option typically takes 3 to 5 hours to complete. Expedited takes 1 to 5 minutes, and Bulk takes 5 to 12 hours. There is no Provisioned retrieval option, but you can purchase provisioned capacity to ensure Expedited retrievals complete in a timely manner.

Answer 808

C. A virtualized partition of a physical storage drive that’s not directly connected to the EC2 instance it’s associated with A virtualized partition of a physical storage drive that is directly connected to the EC2 instance it’s associated with is known as an instance store volume. A software stack archive packaged to make it easy to copy and deploy to an EC2 instance describes an EC2 AMI. It’s possible to encrypt EBS volumes, but encryption doesn’t define them.

Answer 809

B. 1 An item stored in a DynamoDB table must have one primary key.

Answer 810

D. CloudFormation CloudFormation templates can represent complex resource stacks that can be used to launch precisely defined environments involving the full range of AWS resources.

Answer 811

D. ELB An Auto Scaling group can use an ELB health check to determine whether an instance is healthy. There is no such thing as an S3 health check, a VPC health check, or an SNS health check.

Answer 812

C. It must have a key. Each resource tag you create must have a key, but a value is optional. Tags don’t have to be unique within an account, and they are case-sensitive.

Answer 813

D. Federation Single sign-on defines a user’s authorization status after authentication. IAM roles define the access allowed to a process. MFA is an authentication method.

Answer 814

B. Business. Only the Business and Enterprise plans include help with troubleshooting interoperability between AWS resources and third-party software and operating systems. The Business plan is the least expensive that will get you this level of support.

Answer 815

A. By routing traffic away from failed instances An application load balancer can use health checks to identify failed instances and remove them from load balancing. This can prevent a user from ever reaching a failed instance. A load balancer can’t replace a failed instance, but Auto Scaling can. An application load balancer distributes traffic to instances using a round-robin algorithm, not based on how busy those instances are. An application load balancer doesn’t cache content.

Answer 816

A. Dynamic scaling policies Dynamic scaling policies terminate instances that aren’t needed, thus saving on costs.

Answer 817

A. The AWS SDKs allow you to use popular programming languages to write applications that interact with AWS services. and B. The AWS CLI allows you to interact with AWS services from a terminal. The AWS CLI is a program that runs on Linux, macOS, or Windows and allows you to interact with AWS services from a terminal. The AWS SDKs let you use your favourite programming language to write applications that interact with AWS services.

Answer 818

A. STANDARD_IA and C. GLACIER STANDARD_IA and GLACIER storage classes offer the highest levels of redundancy and are replicated across at least three Availability Zones. Due to their low level of availability (99.9 and 99.5 percent, respectively), they’re the most cost-effective for infrequently accessed data. ONEZONE_IA stores objects in only one Availability Zone, so the loss of that zone could result in the loss of all objects. The STANDARD and INTELLIGENT_TIERING classes provide the highest levels of durability and cross-zone replication but are also the least cost-effective for this use case.

Answer 819

A. The MSI installer and D. Using Python and pip You can use Python and the pip package manager or (with the exception of Windows Server 2008) the MSI installer to install the AWS CLI on Windows. AWS SDKs don’t include the AWS CLI. Yum and Aptitude are package managers for Linux only.

Answer 820

A. Allow customizing a stack without changing the template. Parameters let you input customizations when creating a CloudFormation stack without having to modify the underlying template. Parameters don’t prevent stack updates or unauthorized changes. A template can be used to create multiple stacks, regardless of whether it uses parameters.

Answer 821

A. Requests for raising the available service limit Pricing will normally change based on the volume of service units you consume and, often, between AWS Regions.

Answer 822

A. 99.99 percent The minimum monthly availability for DynamoDB is 99.99 percent in a single Region. It’s not 99.95 percent, 99.9 percent, or 99.0 percent.

Answer 823

D. $2,310 The Business plan—when monthly consumption falls between $10,000 and $80,000—costs the greater of $100 or 7 percent of the monthly usage. In this case, 7 percent of a single month’s usage ($11,000) is $770. The three month total would, therefore, be $2,310.

Answer 824

A. $2,800 The Business support tier is billed at 7 percent when costs fall between $10,000 and $80,000. A company using the Enterprise support tier would pay the monthly minimum of $15,000 for a spend of $40,000.

Answer 825

B. Cost optimization Instance reservations let you save money over on-demand pricing.

Answer 826

A. Bucket policies and B. User policies Bucket policies and user policies can be used to control access to objects stored in an S3 bucket. Security groups are not used with S3. There’s no such thing as an access control lock.

Answer 827

B. Connecting an EC2 instance to a virtual private network (VPN) A VPC provides the network backbone for many, but not all AWS services. EC2 instances must reside in VPCs, and hence any network connectivity to or from an EC2 instance involves using a VPC. The other options don’t involve a VPC.

Answer 828

A. Glacier Amazon Glacier can reliably store large amounts of data for a very low price but requires CLI or SDK administration access, and retrieving your data can take hours.

Answer 829

D. Nonrelational A nonrelational database such as DynamoDB doesn’t use SQL. Relational databases such as Amazon Aurora and Redshift do use SQL.

Answer 830

B. build.general1.medium and D. build.general1.large Build.general1.medium and build.general1.large support Windows and Linux operating systems. Build.general1.small supports Linux only. The other compute types don’t exist.

Answer 831

A. 15 minutes While the maximum time was, at one point, 5 minutes, that’s been changed to 15.

Answer 832

B. YAML and D. JSON CloudFormation templates are written in the YAML or JSON format.

Answer 833

B. Experiments with multiple configuration options are now cost-effective. and D. Full-stack applications are possible without the need to invest in capital expenses. Security and scalability are important cloud elements but are not related to metered pricing.

Answer 834

B. Assign users requiring similar permissions to IAM groups. While assigning permissions and policy-based roles will work, it’s not nearly as efficient as using groups, where you need to set or update permissions only once for multiple users.

Answer 835

B. More than 150 There are more than 150 edge locations throughout the world.

Answer 836

B. 12 hours Once you’re logged in, your session will remain active for 12 hours. After that, it’ll expire and log you out to protect your account.

Answer 837

D. 99.99 percent The availability of a DynamoDB table in a single Region is 99.99 percent.

Answer 838

B. HTTP S3 supports HTTP for static website hosting, although you can use CloudFront to add HTTPS (TLS) encryption for your static site.

Answer 839

C. 5 There are five pillars: reliability, performance efficiency, security, cost optimization, and operational excellence.

Answer 840

B. 10 GB of data retrievals from Amazon Glacier per month and D. 10 custom monitoring metrics and 10 alarms on Amazon CloudWatch The API calls/month and ECR free storage are available only under the Free Tier.

Answer 841

A. The tax implications of a cloud deployment The calculator covers all significant costs associated with an on-premises deployment but doesn’t include local or national tax implications.

Answer 842

B. A subnet must have a CIDR that’s a subset of the CIDR of the VPC in which it resides. and C. A subnet spans one Availability Zone. A subnet exists in only one Availability Zone, and it must have a CIDR that’s a subset of CIDR of the VPC in which it resides. There’s no requirement for a VPC to have two subnets, but it must have at least one. CIDR = Classless Inter-Domain Routing

Answer 843

B. INSERT The SQL INSERT statement can be used to add data to a relational database. The QUERY command is used to read data. CREATE can be used to create a table but not add data to it. WRITE is not a valid SQL command.

Answer 844

A. DynamoDB databases, B. Elastic Block Store (EBS) volumes and D. Objects in S3 buckets Elastic Beanstalk resources cannot be encrypted using normal tools like KMS.

Answer 845

B. Logically partitioning physical compute and storage devices into multiple smaller virtual devices Sharding, aggregating remote resources, and abstracting complex infrastructure can all be accomplished using virtualization techniques, but they aren’t, of themselves, virtualization.

Answer 846

B. 6 CloudFront has edge locations on six continents (Antarctica is a hard place to get to).

Answer 847

A. A Direct Connect connection offers predictable latency because it doesn’t traverse the internet. and B. A VPN connection uses the internet for transport. A Direct Connect link uses a dedicated link rather than the internet to provide predictable latency. Direct Connect doesn’t use encryption but provides some security by means of a private link. A VPN connection uses the internet for transport, encrypting data with AES 128- or 256-bit encryption. A VPN connection doesn’t require proprietary hardware.

Answer 848

A. The content served is not encrypted in transit. Websites hosted in S3 are served using unencrypted HTTP, not secure HTTPS. The content is publicly readable, but that doesn’t mean the public can modify it. You don’t have to use a custom domain name, as S3 provides an endpoint URL for you. A website hosted in S3 is stored in a bucket, and a bucket exists in only one Region.

Answer 849

B. VMware ESXi The AWS Storage Gateway virtual machine can run on VMware ESXi and Microsoft Hyper-V. It can’t run on Xen or KVM. There’s no such thing as Microsoft Hyper-C.

Answer 850

D. Identity and Access Management (IAM) username You can sign in as the root user or as an IAM user. Although you need to specify the account alias or account ID to log in as an IAM user, those are not credentials. You can’t log in to the console using an access key ID.

Answer 851

A. A failure in one geographic region will trigger an automatic failover to resources in a different region. and D. Spikes in user demand are met through automatically increasing resources. Security and virtualization are both important characteristics of successful cloud workloads, but neither will directly impact availability.

Answer 852

D. Customer master key A client-side master key is used to encrypt objects before they reach AWS (specifically S3). There are no keys commonly known as either SSH or KMS master keys.

Answer 853

B. Compute Optimized with GPU The Snowball Edge - Compute Optimized with GPU option is optimized for machine learning and high-performance computing applications. Although the Compute Optimized and Storage Optimized options could work, they aren’t the best choices. There’s no Network Optimized option.

Answer 854

D. Automation document An Automation document can perform administrative tasks on AWS, such as starting or stopping an instance. A Command document can execute commands on an EC2 instance. There is no such thing as a Script document or a Run document.

Answer 855

B. IAM and C. CloudFront The Relational Database Service (RDS) and Elastic Compute Cloud (EC2) both provide instances in a single Region—unlike IAM and CloudFront, which are Region-independent.

Answer 856

B. PostgreSQL and D. Amazon Aurora PostgreSQL and Amazon Aurora are options for RDS database engines. IBM dBase and the nonrelational databases DynamoDB and Redis are not available as RDS database engines.

Answer 857

C. JavaScript object notation (JSON) The AWS CLI can display output in JSON, text, or table formats. It doesn’t support CSV or TSV.

Answer 858

A. Require at least one uppercase letter.,B. Require at least one number. andD. Require at least one nonalphanumeric character. Including a space or null character is not a password policy option.

Answer 859

D. The current state of security of your IAM users’ access credentials. The credential report focuses only on your users’ passwords, access keys, and MFA status. It doesn’t cover actual activities or general security settings.

Answer 860

B. Tape gateway and D. Volume gateway The tape gateway and volume gateway types let you connect to iSCSI storage. The file gateway supports NFS. There’s no such thing as a cached gateway.

Answer 861

A. Elastic Beanstalk and B. Lightsail EBS provides storage volumes for EC2 instances. Docker is a container technology that’s independent of AWS.

Answer 862

C. A schemaless nonrelational database A no-SQL database is another term for a nonrelational database. By definition, nonrelational databases are schemaless and must use primary keys. There’s no such thing as a schemaless relational database. No-SQL is never used to describe a relational database of any kind.

Answer 863

C. Securely erase the customer’s data from the device If AWS detects any signs of tampering or damage, it will not replace the TPM chip or transfer customer data from the device. Instead, AWS will securely erase it.

Answer 864

A. Improved infrastructure reliability and D. Improved data security Amazon’s size and scale allow it to implement best security and reliability practices. Its size alone is, however, unlikely to directly impact your team’s code commit or communication processes.

Answer 865

A. An identity used by a process to perform an action against an AWS resource Identities used by one or more logged-in users are either “user” or “group” identities. The account owner identity is known as the root user. Roles are generally assumed by processes, not users

Answer 866

B. Origins A CloudFront origin is the location that a distribution sources content from. Content is stored in edge locations. A distribution defines the edge locations and origins to use.

Answer 867

C. Simple All Route 53 routing policies except for Simple can use health checks.

Answer 868

B. It’s a private connection between two VPCs. A VPC peering connection is a private connection between only two VPCs. It uses the private AWS network, and not the public internet. A VPC peering connection is different than a VPN connection.

Answer 869

A. Availability Zone An Availability Zone is one of two or more physical data centres located within a single AWS Region.

Answer 870

A. Deleting old object versions, B. Moving objects to Glacier and D. Deleting old objects Object life cycle configurations can perform transition or expiration actions based on an object’s age. Transition actions can move objects between storage classes, such as between STANDARD and GLACIER. Expiration actions can delete objects and object versions. Object life cycle configurations can’t delete buckets or move objects to an EBS volume.

Answer 871

B. Cost optimization Instance reservations let you save money over on-demand pricing.

Answer 872

B. Issue the aws configure command. The aws configure command walks you through setting up the AWS CLI to specify the default Region you want to use as well as your access key ID and secret key. The aws --version command displays the version of the AWS CLI installed, but running this command isn’t necessary to use the AWS CLI to manage your resources. Rebooting is also not necessary. Using your root user to manage your AWS resources is insecure, so there’s no need to generate a new access key ID for your root user.

Answer 873

The ability to automatically add or remove resources to fit changing application demands.

Answer 874

The percent of time an object will be available for retrieval.

Answer 875

A unified command-line-based tool to manage your AWS resources.

Answer 876

A mobile application that can manage your AWS account and resources from a smartphone running iOS 7.0+ or Android 4.0+.

Answer 877

A collection of services that allows Internet of Things (IoT) devices to interact with AWS services, applications, and other devices. You can centrally onboard, manage, and monitor a fleet of IoT devices.

Answer 878

A web interface you can use to manage all of your AWS cloud resources.

Answer 879

The image definition used by a Lightsail image

Answer 880

An RDS licensing model that requires you to provide your own license for the database engine.

Answer 881

A region-specific container for objects stored in S3. It functions as a flat file system.

Answer 882

The maximum available resources associated with an AWS object.

Answer 883

Up-front infrastructure expenses associated primarily with building non-cloud application services.

Answer 884

A network routing protocol for allocating and managing IP addresses.

Answer 885

A process that encrypts data objects before they reach a cloud storage facility.

Answer 886

Fragments of programming or scripting code (usually provided as illustrative examples).

Answer 887

A virtualization paradigm that defines and packages software resources an application will need, while allowing for sharing underlying resources with a host operating environment. Docker is a prominent example of such a technology.

Answer 888

A software development practice that integrates continuous integration but adds deployment of the application to production after a manual approval.

Answer 889

The practice of running code through a build or test process as soon as it’s checked into a repository.

Answer 890

Identification tags that can be associated with AWS resources to permit detailed cost tracking.

Answer 891

A physical server that’s fully dedicated to the use of a single EC2 customer.

Answer 892

A physical server that’s fully dedicated to a single instance. It won’t even be shared with a second instance owned by the same account.

Answer 893

A Redshift compute node type that stores up to 326 TB of data on magnetic disks.

Answer 894

A Redshift compute node type that stores up to 2 PB of data on SSDs.

Answer 895

A data type that can store structured data such as JSON documents and lists.

Answer 896

The percent likelihood that an object won’t be lost over the course of a year.

Answer 897

The process of rendering text-based data unreadable to protect it from any person or process that doesn’t have access to a decryption key.

Answer 898

The ability to automatically shift away from an application’s underlying resource that fails to an equally powerful alternate resource.

Answer 899

An architectural approach that defines infrastructure and its configurations as code.

Answer 900

A measure of how fast you can read from and write to a volume.

Answer 901

Profiles defining the storage and CPU capacity to be associated with an EC2 instance. Instance types can, for example, be compute or memory optimized.

Answer 902

A label for a resource tag.

Answer 903

An AWS service for creating and administrating encryption keys to be used to protect resources running within (or in connection to) AWS services.

Answer 904

An RDS licensing model in which the pricing for database engine licensing is included with each instance.

Answer 905

The costs associated with the use of proprietary software with an AWS resources (example: an AWS EC2 instance running the Windows OS).

Answer 906

The ability to define how the resources on multiple servers will be used to respond to incoming application requests.

Answer 907

Particularly stable versions of an OS (example: Ubuntu 18.04) that are supported for extended periods of time (often five years or more).

Answer 908

The ability to pay for the use of a cloud resource based on actual incremental usage. Charged units of such payments would usually span seconds or minutes rather than months.

Answer 909

A variable containing a time-ordered set of data points, each containing a timestamp, value, and (optionally) unit of measure. Metrics are used by CloudWatch to store performance data from AWS and non-AWS resources.

Answer 910

The incorporation of multiple tests of ownership before authentication is granted.

Answer 911

A logical firewall that operates at the subnet level.

Answer 912

Type of databases for storing data that is unstructured or schemaless.

Answer 913

Files stored in an S3 bucket. Objects consist of a key up to 1,024 bytes long and content. Each object can be up to 5 TB in size.

Answer 914

The ability to rent cloud resources to meet a specific need, exactly when the need arises. See also reserved instances and spot instances.

Answer 915

The ongoing costs of running cloud application services. See also capital expenses.

Answer 916

The security-based principle that users should be given no more access to a resource than is absolutely necessary.

Answer 917

A subnet with a default route to an internet gateway.

Answer 918

1. Treat as disposable. 2. "Immutable infrastructure". 3. Treat logs as streams. 4. Leverage roles. 5. Automate deployments. 6. Monitor with CloudWatch. 7. Enable scaling and self-healing with Auto Scaling.

Answer 919

RDS instances that perform only reads from the database.

Answer 920

How much data loss you can sustain in the event of a failure.

Answer 921

The maintenance of multiple, parallel instances of a resource as backup should the active resource fail.

Answer 922

EC2 or RDS instances that can be purchased over long periods of time at significant savings. Payment can be up-front, not up-front, or partial up-front. See also on-demand instances and spot instances.

Answer 923

Identification tags that can contain metadata and be associated with AWS resources to permit detailed tracking.

Answer 924

A data type that has only one value, such as a number, string, binary, or Boolean.

Answer 925

A data type that has only one value, such as a number, string, binary, or Boolean.

Answer 926

Data that doesn’t have a well-defined, predictable structure.

Answer 927

An open standard for managing federated authentication between multiple providers.

Answer 928

A logical firewall that determines what network traffic can pass into and out of an instance.

Answer 929

A. A publicly resolvable DNS hostname An application load balancer includes a publicly resolvable DNS hostname that resolves to the public IP address of the load balancer. The rest are not created with the load balancer, although you must specify an existing security group when creating a load balancer.

Answer 930

D. Launch template A launch template can be used to launch instances manually and with EC2 Auto Scaling. A launch configuration can’t be used to launch instances manually. An instance role is used to grant permissions to applications running on an instance. Auto Scaling can’t provision instances using a CloudFormation template.

Answer 931

A. STANDARD The STANDARD storage class offers the highest level of durability and availability. The other options offer a lower level of availability.

Answer 932

C. Access keys MFA and passwords are most commonly used for manual, direct logins to the AWS Management Console. SSH key pairs are used for SSH login sessions to EC2 instances. Access keys are generally incorporated into AWS CLI or coded access via an AWS API.

Answer 933

A. Do nothing, as CloudTrail logs store logs indefinitely. and D. Export the logs to an S3 bucket. CloudTrail logs store logs indefinitely, but you can set a retention policy between 1 day and 10 years. You can also export the logs to an S3 bucket for long-term storage. CloudTrail logs don’t offer the ability to replicate logs to another Region.

Answer 934

B. ssh -i mykey.pem ec2-user@54.7.35.103 The -i argument should point to the name (and location) of the key stored on the local (client) machine. By default, the admin user on an Amazon Linux instance is named ec2-user.

Answer 935

C. Whatever the customer can control (application code and/or configuration settings) is the customer’s responsibility. There’s no one easy answer, as some managed services are pretty much entirely within Amazon’s sphere, and others leave lots of responsibility with the customer. Remember, “if you can edit it, you own it.”

Answer 936

A. An alert for a service state that was actually intentional An OK status for a failed state is a false negative. There is no single status icon indicating that your account is completely compliant in Trusted Advisor.

Answer 937

A. Maximum and D. Minimum The maximum and minimum group size values limit the number of instances in an Auto Scaling group. The desired capacity (also known as the group size) is the number of instances that Auto Scaling will generally maintain, but Auto Scaling can launch or terminate instances if dynamic scaling calls for it.

Answer 938

A. It enforces encryption at rest. and B. It uses a Trusted Platform Module (TPM) chip. AWS Snowball enforces encryption at rest and in transit. It also uses a TPM chip to detect unauthorized changes to the hardware or software. Snowball doesn’t use NFS encryption, and it doesn’t have tamper-resistant network ports.

Answer 939

A. Multi-AZ Multi-AZ lets your database withstand the failure of an RDS instance, even if the failure is due to an entire Availability Zone failing. Read replicas are a way to achieve horizontal scaling to improve performance of database reads but don’t increase availability. Point-in-time recovery allows you to restore a database up to a point in time but doesn’t increase availability.

Answer 940

D. To make tracking the billing impact of running resources easier Unlike resource tags (which are meant to help you identify running resources within many contexts), cost allocation tags focus exclusively on the costs incurred by resources.

Answer 941

C. Help with making a bill payment to AWS Basic plan customers are given customer support access only for account management issues and not for technical support or security breaches.

Answer 942

A. $120 The Developer plan costs the greater of $29 or 3 percent of the monthly usage. In this case, 3 percent of the month’s usage is $120.

Answer 943

A. Elastic Beanstalk and C. Relational Database Service While RDS is a managed service, it’s not as fully managed as Beanstalk. EC2 gives you control over nearly the entire infrastructure powering your instance.

Answer 944

A. You’ve selected the wrong region in the navigation bar. If a resource that should be visible appears to be missing, you may have the wrong Region selected. Since you’re logged in as the root, you have view access to all resources in your account. You don’t need an access key to use the console. You can’t select an Availability Zone in the navigation bar.

Answer 945

The ability to run programming code in the cloud without having to manually provision the underlying server infrastructure.

Answer 946

A process that encrypts data objects only when they’re within a cloud storage facility. See also client-side encryption.

Answer 947

A data type that can contain multiple unique scalar values.

Answer 948

A managed service that enables applications, users, and devices to send and receive notifications from AWS.

Answer 949

A file storage service you can use to store and retrieve unlimited amounts of data anywhere and anytime.

Answer 950

An infrastructure design weakness where resources can theoretically crash upon the failure of a single instance tier.

Answer 951

An environment that permits a user to authenticate a single time for multiple resources.

Answer 952

Software interfaces that permit easy programmatic integration with remote, API-based resources.

Answer 953

EC2 instances that can be purchased at a significant discount with the knowledge that they may be shut down at any time. See also on-demand instances and reserved instances.

Answer 954

A container that organizes the resources CloudFormation creates.

Answer 955

The standard language relational databases use to create databases and tables, read and write data, and perform tuning and maintenance tasks.

Answer 956

A block of IP addresses that can be strategically allocated to enhance network isolation and access.

Answer 957

A relational database structure that stores records consisting of a defined set of attributes per table.

Answer 958

A JSON- or YAML-formatted file that defines AWS resources for CloudFormation to create.

Answer 959

A communication channel SNS uses to send notifications from publishers to subscribers.

Answer 960

Logs produced by an AWS service that can be streamed to CloudWatch Logs.

Answer 961

A metric unit used to describe the compute power of an EC2 instance type.

Answer 962

A private, point-to-point connection between only two VPCs that allows resources in different VPCs to communicate with each other over the private AWS network instead of the internet.

Answer 963

A set of principles that AWS recommends as a way of evaluating the pros and cons of designing and implementing applications in the cloud.

Answer 964

D. ec2.eu-west-2.amazonaws.com The correct designation for Elastic Compute Cloud resources is ec2, the London Region is known as eu-west-2, and all endpoints have an amazonaws.com suffix.

Answer 965

A. Docker and B. Kubernetes Both Lambda and Lightsail are compute services that—while they might possibly make use of containers under the hood—are not themselves container technologies.

Answer 966

A. Deleting unused S3 objects and C. Deleting unused application load balancers Deleting unused S3 objects and unused application load balancers can reduce costs since you’re charged for both. Deleting unused VPCs and empty S3 buckets won’t reduce costs since they don’t cost anything.

Answer 967

D. Route 53 Lambda Edge is part of Amazon’s serverless platform. CloudFront is a content distribution system. Shield provides firewall protection to your resources.

Answer 968

D. Customer master key A client-side master key is used to encrypt objects before they reach AWS (specifically S3). There are no keys commonly known as either SSH or KMS master keys.

Answer 969

C. My AMIs The Quick Start AMIs tab includes the more popular official images. The Marketplace contains vendor-supported AMI providing third-party software stacks. Community AMIs include many freely available but unsupported images.

Answer 970

B. Use a custom domain name. Purchasing and using a custom domain name is the best option for a friendly URL. You need to name the bucket the same as the domain name. Creating a bucket name with only words is unlikely to work, regardless of Region, as bucket names must be globally unique. A bucket name can’t start with a number.

Answer 971

D. CloudFront CloudFront is a content delivery network (CDN) that distributes content through its global network of edge locations.

Answer 972

B. Client-side encryption Decryption is the restoration of data to its original, readable state. Server-side encryption describes data encrypted once it’s already on AWS infrastructure, and “in transit” describes data during the uploading process.

Answer 973

A. Name resolution Name resolution is the process of translating domain names to IP addresses.

Answer 974

B. https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html The correct URL is https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html.

Answer 975

A. CodeCommit CodeCommit is a Git-compliant version control service for integrating your source code with AWS resources.

Answer 976

B. CodeBuild CodeBuild uses temporary Docker containers to create a build environment.

Answer 977

D. Continuous integration Continuous integration is the practice of running code through a build or test process as soon as it’s checked into a repository. Continuous delivery and continuous deployment include continuous integration but add deployment to the process. Differencing only shows the differences between different versions of a file but doesn’t perform any testing.

Answer 978

C. OpsWorks layer Only an OpsWorks layer contains at least one EC2 instance. There’s no such thing as an EC2 Auto Scaling layer.

Answer 979

A. Performance efficiency and C. Operational excellence The five pillars are reliability, performance efficiency, security, cost optimization, and operational excellence. Resiliency, cost reduction, and secure computing are not pillars of the framework.

Answer 980

A. Elastic Container Service and C. Elastic Beanstalk While you could, in theory at least, manually install Docker Engine on either a Lightsail or EC2 instance, that’s not their primary function.

Answer 981

C. 40 TB A Glacier archive can be between 1 byte and 40 TB.

Answer 982

A. The ability to automatically increase available compute resources to meet growing user demand A scalable deployment will automatically “scale up” its capacity to meet growing user demand without the need for manual interference.

Answer 983

B. A data warehouse Redshift is a managed relational database designed to function as a data warehouse.

Answer 984

C. The block of IP addresses assigned for use within a single Availability Zone Imposing virtual networking limits on an instance would be the job of a security group or access control list. IP address blocks are not assigned at the Region level. Customers have no access to or control over AWS networking hardware.

Answer 985

C. Elastic Compute Cloud (EC2) You can administrate EC2 instances using techniques that are similar to the way you’d work with physical servers.

Answer 986

B. AWS Acceptable Use Policy The correct document (and web page https://aws.amazon.com/aup/) for this information is the AWS Acceptable Use Policy.

Answer 987

A. Clicking the Export to CSV button and C. Clicking the Save and Share button The Estimate tab will display your results, but they will be visible only from your browser session. There is no direct way to save the results to PDF. You can save the results to the Comma Separated Values (CSV) spreadsheet format and send the file to colleagues, or you can click Save and Share to get a unique URL through which others can access your results.

Answer 988

A. Charges for any instances you run matching the reserved instance type will be covered by the reservation. There’s no real need for guaranteed available capacity since it’s extremely rare for AWS to run out. You choose how you’ll pay for a reserved instance. All Upfront, Partial Upfront, and No Upfront are available options, and there is no automatic billing. An instance would never be launched automatically in this context.

Answer 989

A. Client-side encryption End-to-end encryption that protects data at every step of its life cycle is called client-side encryption.

Answer 990

A. Existing AWS Elastic Block Store volumes You can only encrypt an EBS volume at creation, not later.

Answer 991

B. Data warehouse A data warehouse stores large amounts of structured data from other relational databases. It’s not called a data storehouse or a report cluster. Dense storage node is a type of Redshift compute node.

Answer 992

B. A website hosted on S3 A static website serves content just as it’s stored without changing the content on the fly. A WordPress blog, a social media website, and a web-based email application all compile content from a database and mix it in with static content before serving it up to the user.

Answer 993

D. vCPUs represent an instance type’s compute power compared to the number of processors on a physical machine. A virtual central processing unit (vCPU) is a metric that roughly measures an instance type’s compute power in terms of the number of processors on a physical server. It has nothing to do with resilience to high traffic, system memory, or the underlying AMI.

Answer 994

B. Subnet ACLs can be used to control access to a subnet but don’t define the environment itself. A data centre is a collection of physical infrastructure resources. There’s no such thing as a network instance in the AWS world.

Answer 995

C. Business The Basic plan won’t provide any personalized support. The Developer plan is cheaper, but there is limited access to support professionals. The Business plan does offer 24/7 email, chat, and phone access to an engineer, so until you actually deploy, this will make the most sense. At a $15,000 monthly minimum, the Enterprise plan won’t be cost effective.

Answer 996

C. It lets you create multiple separate AWS environments using a single template. CloudFormation can create AWS resources and manages them collectively in a stack. Templates are written in the CloudFormation language, not Python. CloudFormation can’t create resources outside of AWS. It also doesn’t prevent manual changes to resources in a stack.

Answer 997

C. Enable MFA. and D. Create a strong password. The root user should not be used for day-to-day admin tasks—even as part of an “admin” group. The goal is to protect root as much as possible.

Answer 998

C. Services that give you direct control over underlying compute and storage resources PaaS products mask complexity, SaaS products provide end-user services, and serverless architectures (like AWS Lambda) let developers run code on cloud servers.

Answer 999

C. AWS online documentation relating to a particular service Wikipedia pages aren’t updated or detailed enough to be helpful in this respect. The AWS CLI isn’t likely to have much (if any) pricing information. The TCO Calculator shouldn’t be used for specific and up-to-date information about service pricing.

Answer 1000

B. It will launch one new instance. Auto Scaling will use self-healing to replace the failed instance to maintain the desired capacity of 7. Terminating an instance or failing to replace the failed one will result in 6 instances. Auto Scaling won’t ever change the desired capacity in response to a failed instance.

Answer 1001

C. Network You may have control over your VPC, but the rest of the network between your application and users on the internet is not under your control. Compute, storage, and any database your application uses are, or at least theoretically could be, under your control.

Answer 1002

D. EC2 health checks EC2 Auto Scaling uses EC2 health checks to determine the health of an instance. If you’re using a load balancer, you can use an ELB health check instead. EC2 Auto Scaling can’t use Route 53 health checks. CloudFormation doesn’t have health checks.

Answer 1003

D. Reduced latency access to your content no matter where your end users live CloudFront can’t protect against spam and, while it can complement your application’s existing redundancy and encryption, those aren’t its primary purpose.

Answer 1004

B. Configuring applications to be easily resizable without manual intervention Automation is a key characteristic of elasticity. Maintaining multiple copies is redundancy. Pay-as-you-go access to resources is a contributing element of elasticity, but it’s not its best description.

Answer 1005

B. Kindle and C. HTML Although DOC and DocBook are both popular and useful formats, neither is used by AWS for its documentation.

Answer 1006

C. Customer rental of the use of measured units of a provider’s physical compute, storage, and networking resources IaaS is a model that gives customers access to virtualized units of a provider’s physical resources. IaaS customers manage their infrastructure much the way they would local, physical servers.

Answer 1007

D. Enterprise The lower three support tiers provide limited access to only lower-level support professionals, while the Enterprise plan provides full access to senior engineers and dedicates a technical account manager (TAM) as your resource for all your AWS needs.

Answer 1008

A. Resources CloudFormation creates are organized into stacks and can be managed as a single unit. and B. CloudFormation stack updates help ensure that changes to one resource won’t break another. Resources CloudFormation creates are organized into stacks. When you update a stack, CloudFormation analyzes the relationships among resources in the stack and updates dependent resources as necessary. This does not, however, mean that any resource you create using CloudFormation will work as you expect. Provisioning resources using CloudFormation is not necessarily faster than using the AWS CLI.

Answer 1009

A. The ability of an application to automatically add preconfigured compute resources to meet increasing demand Increasing or decreasing compute resources better describes elasticity. Efficient use of virtualized resources and billing models aren’t related directly to scalability.

Answer 1010

B. Dense compute Dense compute nodes use magnetic disks. Dense storage nodes use SSDs. There are no such nodes as dense memory or cost-optimized.

Answer 1011

B. Database optimized While there are instance types that have been optimized for use with intensive database operations (such as the X1e instance, for example), there is no instance type family that’s called database optimized.

Answer 1012

A. Versioning and C. Differencing CodeCommit is a private Git repository that offers versioning and differencing. It does not perform deployments.

Answer 1013

B. https://console.aws.amazon.com The URL for signing in to the AWS Management Console is https://console.aws.amazon.com, regardless of whether you’re logging in as an IAM user or the root user.

Answer 1014

B. CloudWatch logs CloudWatch logs can receive and store VPC flow logs that contain information about network connections to an EC2 instance in a VPC. The VPC service can generate VPC flow logs but doesn’t store them. CloudWatch metrics store only numeric metrics, not logs. CloudTrail stores information about action that occur against your AWS resources, but not network connections to EC2 instances.

Answer 1015

D. Reserved Reserved instances will work here because your “base” instances will need to run 24/7 over the long term. Spot and spot fleet instances are unreliable for this sort of usage since they can be shut down unexpectedly. On-demand instances will incur unnecessarily high costs over such a long period.

Answer 1016

B. A security group operates at the instance level. and D. A network access control list operates at the subnet level. A network access control list is a firewall that operates at the subnet level. A security group is a firewall that operates at the instance level.

Answer 1017

D. A metric that exceeds a given threshold A CloudWatch alarm monitors a metric and triggers when that metric exceeds a specified threshold. It will not trigger if the metric doesn’t change. Termination of an EC2 instance is an event, and you can’t create a CloudWatch alarm to trigger based on an event. You also can’t create an alarm to trigger based on the presence of an IP address in a web server log. But you could create a metric filter to look for a specific IP address in the log and increment a custom metric when that IP address appears in the log.

Answer 1018

B. Relational A relational database stores data in columns called attributes and rows called records. Nonrelational databases—including key-value stores and document stores—store data in collections or items but don’t use columns or rows.

Answer 1019

D. Access keys AWS CLI requests are authenticated through access keys.

Answer 1020

C. It can send an SNS notification when an IAM user logs in to the AWS Management Console. and D. It can shut down an EC2 instance at a specific time. CloudWatch Events monitors events that cause changes in your AWS resources as well as AWS Management Console sign-in events. In response to an event, CloudWatch Events can take an action including sending an SNS notification or rebooting an EC2 instance. CloudWatch Events can also perform actions on a schedule. It doesn’t monitor logs or metrics.

Answer 1021

B. Managing domain name registration and traffic routing. Countering the threat of DDoS attacks is the job of AWS Shield. Protecting web applications from web-based threats is done by AWS Web Application Firewall. Using Lambda to customize CloudFront behaviour is for Lambda Edge.

Answer 1022

A. EC2 instance and B. A public S3 bucket An origin can be an EC2 instance or a public S3 bucket. You can’t use a private S3 bucket as an origin.

Answer 1023

A. A service that can manage authentication and authorization for your public-facing applications Amazon Cognito can manage authentication and authorization for your public-facing applications.

Answer 1024

B. Route 53 Route 53 is Amazon’s DNS service that provides domain registration. VPC and CloudFront don’t. There’s no such service as Domain Watch.

Answer 1025

C. Latest AWS documentation web pages will include the word latest in the URL if they’re the most recent version.

Answer 1026

A. Because those resources are run on a physical device, and that device must live somewhere Sharing a single resource among Regions wouldn’t cause any particular security, networking, or latency problems. It’s a simple matter of finding a single physical host device to run on.

Answer 1027

C. SAML 2.0 and D. Active Directory Secure Shell (SSH) is an encrypted remote connectivity protocol, and SSO (single sign-on) is an interface feature—neither is a standard for federated identities.

Answer 1028

C. Dynamic website hosting S3 doesn’t provide dynamic website hosting.

Answer 1029

A. AdministratorAccess Your admin user will need broad access to be effective, so AmazonS3FullAccess and AmazonEC2FullAccess—which open up only S3 and EC2, respectively—won’t be enough. There is no AdminAccess policy.

Answer 1030

Security via isolation, High Availability, Fault Tolerance, Performance.

Answer 1031

- Enterprise applications - Web servers - Relational databases - NoSQL databases - Video transcoding - Batch processing - Container orchestration - Code repos/Build servers

Answer 1032

- Virtual machines (instance) - Your choice of Linux or Windows - Xen or Nitro hypervisor - Bare metal is available - Combinations of CPU, memory, disk, IO - Launch "one" to "thousands" (within service limits) - Different billing models to fit our needs - Hourly fee includes OS license - AWS Marketplace offers canned solutions

Answer 1033

- Treat as disposable - "Immutable Infrastructure" - Treat logs as streams - Leverage roles - Automate deployments - Monitor with CloudWatch - Enable scaling and self-healing with Auto Scaling

Answer 1034

- Static HTML - CSS, javascript - Images - Audio & video - PDF, ebooks - Software downloads - Log collection - Data lakes

Answer 1035

- NoSQL data store - Fully managed service - Exclusively backed by SSD volumes - Entire system designed to achieve a single digit millisecond response time (at any scale, no matter the amount of data or requested throughput in terms of reads and writes per second) - Built-in security, resilience, fault tolerance, durability - Data is replicated across multiple AZs - No limits to storage or throughput - Provisioned throughput: ** Reads ** Writes ** Can auto-scale

Answer 1036

- Ad impression/clicks - Gaming leaderboards - Shopping carts - Session/state storage - Operational state/history

Answer 1037

- Petabyte scale data warehouse - Fully managed like RDS - Fork of PostgreSQL 8.0.2 - SQL compliant - Connect with JDBC, ODBC - Parallel queries - Ideal for OLAP & BI applications - Not suited for transactional applications

Answer 1038

- "Serverless Infrastructure" - Great for: ** Scheduled tasks ** Microservices ** Event handlers - Pay for compute time per 100ms - Create functions: ** Inline editor ** Upload ZIP - Invoke functions: ** CLI or SDK (programmatically) ** Events - AWS handles: ** Infrastructure ** Deployment ** Scaling

Answer 1039

Amazon FSx lets you optimize your price and performance to support a broad spectrum of use cases, from small user shares to the most demanding compute-intensive workloads. Amazon FSx offers SSD or HDD storage options and lets you provision and scale throughput performance independently from storage capacity.

Answer 1040

D. The AWS CLI requires a randomly generated secret access key. The AWS CLI requires an access key ID and a randomly generated secret access key. It doesn’t require MFA or rotating access keys.

Answer 1041

A. http://mygreatwebsite.s3-website-us-east-1.amazonaws.com The format of the URL is the bucket name, followed by s3-website-, the Region identifier, and then amazonaws.com.

Answer 1042

A. When you accidentally delete the default VPC in a Region When you create an AWS account, AWS creates a default VPC for you in every Region. The default VPC has subnets in each Availability Zone in the Region. But it’s possible to delete the default VPC in any Region. In that case, you can create a new default VPC.

Answer 1043

C. rds.us-east-1.amazonaws.com The correct syntax for an endpoint is ˂service-designation˃.˂region-designation˃.amazonaws.com - meaning, in this case, rds.us-east-1.amazonaws.com.

Answer 1044

B. us-west-2 The letter (a, b...) at the end of a designation indicates an Availability Zone. us-east-1 would never be used for a Region in the western part of the United States.

Answer 1045

A. Virtualization allows cloud customers direct access to a wide range of compute choices. It’s true that virtualized environments can sometimes allow for enhanced hardware utilization and security, but that’s not primarily a benefit that’s specific to the cloud. Virtualization has very little to do with enhanced software choices.

Answer 1046

B. Amazon Aurora Amazon Aurora uses a shared storage volume that automatically expands up to 64 TB. The Microsoft SQL Server and Oracle database engines don’t offer this. Amazon Athena is not a database engine.

Answer 1047

A. Weighted A Weighted routing policy lets you distribute traffic to endpoints according to a ratio that you define. None of the other routing policies allows this.

Answer 1048

B. Virtual private cloud (VPC) A VPC is an isolated networking environment into which you can launch compute resources while closely controlling network access.

Answer 1049

B. Credential report Encryption protects your data from unauthorized use. Federation and single sign-on are used to control account access. The credential report provides insight into who has access to your account resources.

Answer 1050

B. Developer Using the public documentation available through the Basic plan won’t be enough to address your specific needs. The Business and Enterprise plans are not necessary as you don’t yet have production deployments.

Answer 1051

C. Resiliency The five pillars of the Well-Architected Framework are reliability, performance efficiency, security, cost optimization, and operational excellence. Resiliency is not one of them.

Answer 1052

B. Configuring infrastructure devices Under the shared responsibility model, AWS is responsible for the hardware and software that run AWS services. This includes patching the infrastructure software and configuring infrastructure devices. As a customer, you are responsible for implementing best practices for data encryption, patching guest operating system and applications, identity and access management, and network & firewall configurations. The AWS Customer is responsible for all network and firewall configurations, including the configuration of Security Groups, Network Access Control Lists (Network ACLs), and Routing tables. According to the AWS Shared Responsibility Model, AWS Customers are responsible for Client-side encryption and Server-side encryption. However, for some AWS fully managed services such as Amazon DynamoDB and Amazon S3, server-side encryption is automatically done by AWS. Amazon DynamoDB transparently encrypts and decrypts all tables when they are written to disk. There is no option to enable or disable Server-side encryption in Amazon DynamoDB. Also, for Amazon S3, starting January 5, 2023, all new object uploads to Amazon S3 will be automatically encrypted at no additional cost. Additional information: AWS offers a lot of services and features that help AWS customers protect their data in the cloud. Customers can protect their data by encrypting it in transit and at rest. They can use CloudTrail to log API and user activity, including who, what, and from where calls were made. They can also use the AWS Identity and Access Management (IAM) to control who can access or edit their data. References: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 1053

A. Secure transfer of large amounts of data into and out of the AWS Cloud and E. Built-in computing capabilities that allow customers to process data locally. AWS Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers, including high network costs, long transfer times, and security concerns. AWS Customers use Snowball to migrate analytics data, genomics data, video libraries, image repositories, and backups. Transferring data with Snowball is simple, fast, secure, and can cost as little as one-fifth the cost of using high-speed internet. Additionally, With AWS Snowball, you can access the compute power of the AWS Cloud locally and cost-effectively in places where connecting to the internet might not be an option. AWS Snowball is a perfect choice if you need to run computing in rugged, austere, mobile, or disconnected (or intermittently connected) environments. With AWS Snowball, you have the choice of two devices, Snowball Edge Compute Optimized with more computing capabilities, suited for higher performance workloads, or Snowball Edge Storage Optimized with more storage, which is suited for large-scale data migrations and capacity-oriented workloads. Snowball Edge Storage Optimized is the optimal choice if you need to securely and quickly transfer dozens of terabytes to petabytes of data to AWS. It is also a good fit for running general purpose analysis such as IoT data aggregation and transformation. Snowball Edge Compute Optimized is the optimal choice if you need powerful compute and high-speed storage for data processing. Examples include high-resolution video processing, advanced IoT data analytics, and real-time optimization of machine learning models. AWS Marketplace is the service that provides the catalog. AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS. AWS Marketplace includes software listings from categories such as security, networking, storage, machine learning, business intelligence, database, and DevOps. AWS Storage Gateway is the service that enables your on-premises applications to seamlessly use AWS cloud storage. AWS Snowmobile is the exabyte-scale data migration service that allows you to move very large datasets from on-premises to AWS.

Answer 1054

C. Personalised view of AWS service health and D. Detailed troubleshooting guidance to address AWS events impacting your resources The AWS Health Dashboard (previously AWS Personal Health Dashboard) is the single place to learn about the availability and operations of AWS services. You can view the overall status of all AWS services, and you can sign in to access a personalized view of the health of the specific services that are powering your workloads and applications. AWS Health Dashboard proactively notifies you when AWS experiences any events that may affect you, helping provide quick visibility and guidance to minimize the impact of events in progress, and plan for any scheduled changes, such as AWS hardware maintenance. The benefits of the AWS Health Dashboard include: **A personalized View of Service Health: Personal Health Dashboard gives you a personalized view of the status of the AWS services that power your applications, enabling you to quickly see when AWS is experiencing issues that may impact you. For example, in the event of a lost EBS volume associated with one of your EC2 instances, you would gain quick visibility into the status of the specific service you are using, helping save precious time troubleshooting to determine root cause. **Proactive Notifications: The dashboard also provides forward looking notifications, and you can set up alerts across multiple channels, including email and mobile notifications, so you receive timely and relevant information to help plan for scheduled changes that may affect you. In the event of AWS hardware maintenance activities that may impact one of your EC2 instances, for example, you would receive an alert with information to help you plan for, and proactively address any issues associated with the upcoming change. **Detailed Troubleshooting Guidance: When you get an alert, it includes remediation details and specific guidance to enable you to take immediate action to address AWS events impacting your resources. For example, in the event of an AWS hardware failure impacting one of your EBS volumes, your alert would include a list of your affected resources, a recommendation to restore your volume, and links to the steps to help you restore it from a snapshot. This targeted and actionable information reduces the time needed to resolve issues. You can check your applications for vulnerabilities using other services such as Amazon Inspector. You can get help about cost optimization using other services such as the AWS Trusted Advisor. AWS Health Dashboard does not provide instance health checks. Amazon EC2 Auto Scaling can determine the health status of an instance by using one or more of the following health checks: 1- Amazon EC2 status checks and scheduled events: Checks that the instance is running; checks for underlying hardware or software issues that might impair the instance. 2- Elastic Load Balancing health checks: Checks whether the load balancer reports the instance as healthy, confirming whether the instance is available to handle requests. 3- Custom health checks: Checks for any other problems that might indicate instance health issues, according to your custom health checks. The health status of an Auto Scaling instance indicates whether it is healthy or unhealthy. All instances in your Auto Scaling group start in the healthy state. Instances are assumed to be healthy unless Amazon EC2 Auto Scaling receives notification that they are unhealthy. This notification can come from sources such as Amazon EC2, Elastic Load Balancing, or custom health checks. When Amazon EC2 Auto Scaling detects an unhealthy instance, it terminates it and launches a new one. References: https://aws.amazon.com/premiumsupport/technology/aws-health-dashboard/

Answer 1055

A. Run redundant resources in multiple Availability Zones. and B. Incorporate Auto Scaling into your design. While geolocation and a good CDN can improve performance, they won’t have a direct impact on reliability.

Answer 1056

B. Cost Optimization Performance identifies configuration settings that might be blocking performance improvements. Service Limits identifies resource usage that’s approaching AWS Region or service limits. There is no Replication category.

Answer 1057

A. An EC2 t2.micro instance and two 10 GB EBS volumes running 24/7 for 12 months Two 10 GB EBS volumes are within the Free Tier limit of 20 GB. The Free Tier only allows 5 GB of S3 storage and 500 MB of images in ECR.

Answer 1058

A. CodeCommit CodeCommit is Amazon’s service that hosts private Git repositories. GitHub hosts Git repositories, but it’s not an AWS service. CodeDeploy and S3 can’t function as Git repositories.

Answer 1059

D. Region EC2 instances will automatically launch into the Region you currently have selected. You can manually select the subnet that’s associated with a particular Availability Zone for your new EC2 instance, but there’s no default choice.

Answer 1060

B. Multivalue Answer A Multivalue Answer routing policy can return a set of multiple values, sorted randomly. A simple record returns a single value. A Failover routing policy always routes users to the primary resource unless it’s down, in which case it routes users to the secondary resource. A Latency routing policy sends users to the resource in the AWS Region that provides the least latency.

Answer 1061

A. RDS and C. EC2 Relational Database Service (RDS) and EC2 both use resources that can exist in only one Region. Route 53 and CloudFront are truly global services in that they’re not located in or restricted to any single AWS Region.

Answer 1062

A. Create a private AMI out of the prototype. It could sometimes technically work to utilize copies of an EBS volume or raw data dumps in S3, but it’ll be nowhere near as easy and efficient as it would be to simply create a private AMI.

Answer 1063

A. 10.0.0.0/28 A VPC or subnet CIDR can have a size between /16 and /28 inclusive, so 10.0.0.0/28 would be the only valid CIDR.

Answer 1064

C. Platform as a service Because AWS manages all underlying infrastructure invisibly, Elastic Beanstalk is considered a platform-as-a-service (PaaS) environment. IaaS leaves most infrastructure administration in your hands. SaaS doesn’t allow the level of customization you find in Beanstalk, and a serverless tool (like Lambda) doesn’t provision a dedicated instance for your code the way Beanstalk does.

Answer 1065

D. AWS Trusted Advisor AWS Trusted Advisor offers specific recommendations for securing your AWS resources.

Answer 1066

A. Enable bucket hosting in the S3 service console. To have S3 host your static website, you need to enable bucket hosting in the S3 service console. It’s not necessary to disable or enable default encryption or object versioning. There’s also no need to make all objects in the bucket public, but only those that you want S3 to serve up.

Answer 1067

B. Understanding what code change introduced a bug Differencing lets you see the differences between two versions of a file, which can be useful when figuring out what change introduced a bug. Versioning, not differencing, is what allows reverting to an older version of a file. Differencing doesn’t identify duplicate lines of code or tell you when an application was deployed.

Answer 1068

B. On-demand Spot instances are unreliable for this sort of usage since they can be shut down unexpectedly. Reserved instances make economic sense where they’ll be used 24/7 over long stretches of time. “Dedicated” isn’t a pricing model.

Answer 1069

A. Short Message Service (SMS) text message and C. Simple Queue Service (SQS) SNS supports the SMS and SQS protocols for sending notifications. You can’t send a notification to a CloudWatch event. There is no such thing as a mobile pull notification.

Answer 1070

B. A software application stack and C. An operating system. AMIs can be created that provide both a base operating system and a pre-installed application. They would not, however, include any networking or hardware profile information—those are largely determined by the instance type.

Answer 1071

AWS Backup is a cost-effective, fully managed, policy-based service that simplifies data protection at scale. Use Cases include: Cloud-native backup Hybrid data protection Centralised data protection policies Data protection compliance

Answer 1072

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

Answer 1073

Parameter Store, a capability of AWS Systems Manager, provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values. You can store values as plain text or encrypted data. You can reference Systems Manager parameters in your scripts, commands, SSM documents, and configuration and automation workflows by using the unique name that you specified when you created the parameter. To get started with Parameter Store, open the Systems Manager console. In the navigation pane, choose Parameter Store. Parameter Store is also integrated with Secrets Manager. You can retrieve Secrets Manager secrets when using other AWS services that already support references to Parameter Store parameters. For more information, see Referencing AWS Secrets Manager secrets from Parameter Store parameters. Parameter Store offers these benefits: Use a secure, scalable, hosted secrets management service with no servers to manage. Improve your security posture by separating your data from your code. Store configuration data and encrypted strings in hierarchies and track versions. Control and audit access at granular levels. Store parameters reliably because Parameter Store is hosted in multiple Availability Zones in an AWS Region. Who should use Parameter Store? Any AWS customer who wants to have a centralized way to manage configuration data. Software developers who want to store different logins and reference streams. Administrators who want to receive notifications when their secrets and passwords are or aren't changed.

Answer 1074

Your AWS account has default quotas, formerly referred to as limits, for each AWS service. Unless otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other quotas cannot be increased. Service Quotas is an AWS service that helps you manage your quotas for many AWS services, from one location. Along with looking up the quota values, you can also request a quota increase from the Service Quotas console. AWS Support might approve, deny, or partially approve your requests.

Answer 1075

C. Using on-demand delivery of IT resources and applications through the internet

Answer 1076

C. Private cloud deployment

Answer 1077

B. The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.

Answer 1078

Compute Savings Plans are ideal for workloads that involve a consistent amount of compute usage over a 1-year or 3-year term. Spot Instances are ideal for workloads with flexible start and end times, or that can withstand interruptions.

Answer 1079

B. Compute optimized

Answer 1080

A. 1 year and C. 3 years

Answer 1081

D. Spot Instance

Answer 1082

A. Amazon Simple Notification Service (Amazon SNS)

Answer 1083

D. A Region consists of two or more Availability Zones.

Answer 1084

A. Compliance with data governance and legal requirements and B. Proximity to your customers

Answer 1085

D. A global content delivery service

Answer 1086

A. Edge location

Answer 1087

C. Extend AWS infrastructure and services to your on-premises data centre

Answer 1088

Network access control lists are virtual firewalls for subnets. They perform stateless packet filtering. Security groups are virtual firewalls for Amazon EC2 instances. They perform stateful packet filtering.

Answer 1089

C. AWS Direct Connect

Answer 1090

B. They are stateful and deny all inbound traffic by default.

Answer 1091

A. Internet gateway

Answer 1092

D. Amazon Route 53

Answer 1093

D. Translating a domain name to an IP address

Answer 1094

Instance stores are ideal for temporary data not kept long term. Amazon EBS volumes are ideal for data that requires retention.

Answer 1095

C. S3 Standard-IA

Answer 1096

B. S3 Glacier and D. S3 Glacier Deep Archive

Answer 1097

A. EBS volumes store data in a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones.

Answer 1098

D. Amazon Simple Storage Service (Amazon S3)

Answer 1099

B. A serverless key-value database service

Answer 1100

D. Amazon Redshift

Answer 1101

C. An individual member account and E. An organizational unit (OU)

Answer 1102

A. Access AWS compliance reports on-demand and E. Review, accept, and manage agreements with AWS

Answer 1103

A. Granting each AWS user their own IAM username and password and D. Enabling S3 versioning Security is about protecting the confidentiality, integrity, and availability of data. Granting each AWS user their own IAM username and password makes it possible to ensure the confidentiality of data. Enabling S3 versioning protects the integrity of data by maintaining a backup of an object. Deleting an empty S3 bucket doesn’t help with any of these. It’s not possible to create a security group rule that denies access to unused ports since security groups deny any traffic that’s not explicitly allowed.

Answer 1104

B. Developer Since you’re not running anything in production, you’re not likely to need the 24/7 support offered by Business and Enterprise support levels just yet, but it would be helpful having the advice of AWS cloud support associates when necessary.

Answer 1105

B. Read replicas Read replicas can improve performance by taking some of the demand off the master RDS instance. Multi-AZ and snapshots are for disaster recovery but don’t improve performance. Auto Scaling is not a feature of RDS.

Answer 1106

Amazon GuardDuty provides intelligent threat detection for AWS products and services.

Answer 1107

B. A document that grants or denies permissions to AWS services and resources

Answer 1108

B. Set the maximum group size to 5. The maximum group size limits the number of instances in the group. Setting the group size (also known as the desired capacity) or minimum group size to 5 would increase the number of instances to 5 but would not stop Auto Scaling from subsequently adding more instances. Deleting the target tracking policy would not necessarily prevent the number of instances in the group from growing, as another process such as a scheduled scaling policy could add more instances to the group.

Answer 1109

C. Snowball Edge AWS Snowball Edge can run Lambda functions. AWS Snowball and AWS Storage Gateway can’t. There’s no device called Snowball Compute.

Answer 1110

D. You can create and delete resources as a group. CloudFormation lets you create and delete resources as a group. It doesn’t prevent accidental deletion of individual resources, although stack policies can be used to prevent or restrict stack updates. CloudFormation is free, but the resources it creates are billed the same as if they were created manually. You can’t use CloudFormation to create on-premises resources.

Answer 1111

D. Items in a table don’t have to have all the same attributes. Items in a DynamoDB table can have different attributes. For example, one item can have five attributes, while another has only one. A table can store items containing multiple data types. There’s no need to predefine the number of items in a table. Items in a table can’t have duplicate primary keys.

Answer 1112

C. Endpoint An Endpoint health check works by connecting to the monitored endpoint via HTTP, HTTPS, or TCP. A CloudWatch alarm health check simply reflects the status of a CloudWatch alarm. A Calculated health check derives its status from multiple other health checks. There is no such thing as a Simple health check.

Answer 1113

A. AWS Storage Gateway—file gateway, B. iSCSI, D. SMB and E. AWS Storage Gateway—volume gateway The AWS Storage Gateway allows transferring files from on-premises servers to S3 using industry-standard storage protocols. The AWS Storage Gateway functioning as a file gateway supports the SMB and NFS protocols. As a volume gateway, it supports the iSCSI protocol. AWS Snowball and the AWS CLI also provide ways to transfer data to S3, but using them requires installing third-party software.

Answer 1114

B. AWS creates a default VPC in each Region. and D. By default, each default VPC is available to one AWS account. For each account, AWS creates a default VPC in each Region. A VPC spans all Availability Zones within a Region. VPCs do not span Regions.

Answer 1115

C. Launch templates EC2 Auto Scaling uses launch templates to provision new instances. It doesn’t use Git repositories or automation documents. There’s no such thing as a dynamic healing policy.

Answer 1116

A. Cost Optimization and C. Fault Tolerance The Service Limits category and many Security alerts are available for all AWS customers.

Answer 1117

C. IAM role

Answer 1118

B. Granting only the permissions that are needed to perform specific tasks

Answer 1119

D. AWS Shield

Answer 1120

C. Create cryptographic keys

Answer 1121

B. Track user activities and API requests throughout your AWS infrastructure and D. Filter logs to assist with operational analysis and troubleshooting

Answer 1122

A. Monitor your resources’ usage and performance and D. Access metrics from a single dashboard

Answer 1123

C. AWS Trusted Advisor

Answer 1124

B. Performance and E. Fault tolerance

Answer 1125

D. 12 months

Answer 1126

A. Business

Answer 1127

C. Combine usage across accounts to receive volume pricing discounts

Answer 1128

C. AWS Cost Explorer

Answer 1129

B. AWS Budgets

Answer 1130

C. Enterprise

Answer 1131

A. AWS Marketplace

Answer 1132

B. Platform perspective

Answer 1133

D. Repurchasing

Answer 1134

B. Security perspective

Answer 1135

B. Retaining and E. Rehosting

Answer 1136

D. Reliability

Answer 1137

A. Launching resources in the wrong Region can negatively impact connectivity and access. and B. Launching resources in the wrong Region can negatively impact the performance experienced by users in certain geographical areas. Using the wrong AWS Region will normally have no major impact on either costs or reliability.

Answer 1138

B. It lets you assert that no CloudTrail log files have been deleted from S3. Log file integrity validation uses cryptographic hashing to help you assert that no CloudTrail log files have been deleted from S3. It doesn’t prevent tampering or deletion and can’t tell you how a file has been tampered with. Log file integrity validation has nothing to do with CloudWatch.

Answer 1139

D. You don’t have to define all the types of data that a table can store before adding data to it. A nonrelational database is schemaless, meaning that there’s no need to predefine all the types of data you’ll store in a table. This doesn’t preclude you from storing data with a fixed structure, as nonrelational databases can store virtually any kind of data. A primary key is required to uniquely identify each item in a table. Creating multiple tables is allowed, but most applications that use nonrelational databases use only one table.

Answer 1140

Physical security: - Facilities/data centres - Edge locations - Rack and chassis Network APIs (keeping it secure) Hypervisor ("") Managed Services: - Storage - Databases

Answer 1141

Operating System Network & firewall configuration Identity and access: - Credentials - Permissions Applications Data Encryption: - At rest - In transit

Answer 1142

AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. AWS Service Catalog allows you to centrally manage commonly deployed IT services, and helps you achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need. It therefore simplifies organising and governing commonly deployed IT services. AWS Service Catalog doesn’t contain catalogs by default. Each customer creates their own service catalog. You can find description and use cases for any service by visiting the landing page of the service (or the related documentation), not via AWS Service Catalog.

Answer 1143

AWS Cloud Development Kit (AWS CDK) is the service that allows developers to model and deploy infrastructure on AWS using familiar programming languages. The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework for defining cloud infrastructure as code with modern programming languages and deploying it through AWS CloudFormation. AW CDK enables you to use your existing programming skills and tools, and apply those to the task of building cloud infrastructure. AWS CDK is generally available in JavaScript, TypeScript, Python, Java, and C#. Additional Information: What is the relationship between AWS CDK and AWS CloudFormation? You can think of the AWS CDK as a developer-centric toolkit that leverages the full power of modern programming languages to define your AWS infrastructure as code. The CDK actually builds on AWS CloudFormation and uses it as the engine for provisioning AWS resources. Rather than using a declarative language like JSON or YAML to define your infrastructure (as is the case with CloudFormation), the CDK lets you do that in your favourite imperative programming language. This includes languages such as JavaScript, TypeScript, Java, C#, and Python. When AWS CDK applications are run, they compile down to fully formed CloudFormation JSON/YAML templates that are then submitted to the CloudFormation service for provisioning.

Answer 1144

B. Enterprise Support Support Concierge is only available for the AWS Enterprise or Enterprise On-Ramp support plan. The Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts. They will quickly and efficiently assist you with your billing and account inquiries, and work with you to implement billing and account best practices so that you can focus on what matters: running your business. https://aws.amazon.com/premiumsupport/features/

Answer 1145

B. On-Demand Instances The most cost-effective option for this scenario is to use On-Demand Instances. AWS Spot instances can be interrupted at any time by AWS. You should only choose Spot instances if the question clearly stated that the application can handle interruptions or if continuous processing is not required. Usually Spot instances are used for batch processing jobs or for non-production applications, such as development and test servers, where occasional downtime is acceptable. Since the duration is just for two months, we should use On-demand instances. Reserved instances require a purchase term of at least one year. https://aws.amazon.com/ec2/pricing/on-demand/

Answer 1146

A. Amazon Relational Database Service (RDS) RDS lets you purchase reserved instances to save money. Lambda, S3 and Fargate don't use instances.

Answer 1147

A. The ability to automatically increase available compute resources to meet growing user demand A scalable deployment will automatically “scale up” its capacity to meet growing user demand without the need for manual interference.

Answer 1148

C. Customer rental of the use of measured units of a provider’s physical compute, storage, and networking resources. IaaS is a model that gives customers access to virtualized units of a provider’s physical resources. IaaS customers manage their infrastructure much the way they would local, physical servers.

Answer 1149

B. AWS imposes default limits on the use of its service resources but allows customers to request higher limits. AWS applies usage limits on most features of its services. However, in many cases, you can apply for a limit to be lifted.

Answer 1150

D. You get free lightweight access to many core AWS services for a full 12 months. The Free Tier offers you free lightweight access to many core AWS services for a full 12 months.

Answer 1151

B. Business and Enterprise. B. “Production system down” support within one hour is available only to subscribers to the Business or Enterprise support plans.

Answer 1152

D. Developer, Business, and Enterprise. All support plans come with full access to Trusted Advisor except for the (free) Basic plan.

Answer 1153

B. The underlying integrity and security of AWS physical resources According to the Shared Responsibility Model, AWS is responsible for the underlying integrity and security of AWS physical resources, but not the integrity of the data and configurations added by customers.

Answer 1154

A. Availability Zone An Availability Zone is one of two or more physical data centres located within a single AWS Region.

Answer 1155

C. Through the use of specially created users, groups, and roles, each given the fewest permissions necessary. Team members should each be given identities (as users, groups, and/or roles) configured with exactly the permissions necessary to do their jobs and no more. This is the principle of least privilege.

Answer 1156

A. Client-side encryption End-to-end encryption that protects data at every step of its life cycle is called client-side encryption.

Answer 1157

B. Tags make it easier to identify and administrate running resources in a busy AWS account. Resource tags—especially when applied with consistent naming patterns—can make it easier to visualize and administrate resources on busy accounts.

Answer 1158

C. The Amazon Machine Image (AMI) you select. The AMI you select while configuring your new instance defines the base OS.

Answer 1159

C. Elastic Compute Cloud (EC2) You can administrate EC2 instances using techniques that are similar to the way you’d work with physical servers.

Answer 1160

D. Saving to an AWS Snowball device You can transfer large data stores to the AWS cloud (to S3 buckets) by having Amazon send you a Snowball device to which you copy your data and which you then ship back to Amazon.

Answer 1161

A. Relational Database Service (RDS) RDS offers a managed and highly scalable database environment for most popular relational database engines (including MySQL, MariaDB, and Oracle).

Answer 1162

C. Enable Multi-AZ. Multi-AZ will automatically replicate your database in a second Availability Zone for greater reliability. It will, of course, also double your costs.

Answer 1163

B. Virtual private cloud (VPC) A VPC is an isolated networking environment into which you can launch compute resources while closely controlling network access.

Answer 1164

D. CloudFront CloudFront is a content delivery network (CDN) that distributes content through its global network of edge locations.

Answer 1165

D. CloudFormation CloudFormation templates can represent complex resource stacks that can be used to launch precisely defined environments involving the full range of AWS resources.

Answer 1166

A. A service that permits queries against data stored in Amazon S3 Amazon Athena is a managed service that permits queries against S3-stored data.

Answer 1167

B. A service that permits processing and analysing of real-time video and data streams Amazon Kinesis allows processing and analysing of real time video and data streams.

Answer 1168

The sheer scale and geographic redundancy of the physical compute and networking resources owned by AWS mean that the company is able to guarantee a level of reliability and availability that would be hard to reproduce in any other environment.

Answer 1169

Access to cloud infrastructure—sometimes for pennies per hour—makes it possible to experiment, sandbox, and regularly reassess and update application stacks.

Answer 1170

IaaS gives you near-full control over virtualized hardware resources, closely emulating the way you would administrate actual physical servers. PaaS products abstract the underlying infrastructure, providing a simplified interface for you to add your application code. SaaS products provide services over a public network directly to end users.

Answer 1171

Serverless services like AWS Lambda allow you access to AWS compute power for up to 15 minutes for a single function. This lets you operate code in response to real-time event triggers.

Answer 1172

A cloud-optimized application allows for automated provisioning of server instances that are designed from scratch to perform a needed compute function within an appropriate network environment.

Answer 1173

The scaling services of a cloud provider—like AWS Auto Scaling—should be configured to force compliance with your budget and application needs. You set the upper and lower limits, and the scaler handles the startups and shutdowns to optimize operations in between those limits.

Answer 1174

C. Deep experience in the retail sphere Having globally distributed infrastructure and experienced security engineers makes a provider’s infrastructure more reliable. Metered pricing makes a wider range of workloads possible.

Answer 1175

A. A failure in one geographic region will trigger an automatic failover to resources in a different region. and D. Spikes in user demand are met through automatically increasing resources. Security and virtualization are both important characteristics of successful cloud workloads, but neither will directly impact availability.

Answer 1176

A hypervisor is a software that you can use to run multiple virtual machines on a single physical machine. Every virtual machine has its own operating system and applications. The hypervisor allocates the underlying physical computing resources such as CPU and memory to individual virtual machines as required. Thus, it supports the optimal use of physical IT infrastructure

Answer 1177

A. Fast resource provisioning and launching and B. Efficient (high-density) use of resources Security and elasticity are important but are not directly related to server virtualization.

Answer 1178

D. Software used to administrate virtualized resources run on physical infrastructure A hypervisor is software (not hardware) that administrates virtualized operations.

Answer 1179

B. Logically partitioning physical compute and storage devices into multiple smaller virtual devices Sharding, aggregating remote resources, and abstracting complex infrastructure can all be accomplished using virtualization techniques, but they aren’t, of themselves, virtualization.

Answer 1180

C. Services that give you direct control over underlying compute and storage resources PaaS products mask complexity, SaaS products provide end-user services, and serverless architectures (like AWS Lambda) let developers run code on cloud servers.

Answer 1181

A. Services that hide infrastructure complexity behind a simple interface. IaaS products provide full infrastructure access, SaaS products provide end-user services, and serverless architectures (like AWS Lambda) let developers run code on cloud servers.

Answer 1182

The Free Tier lets you run light services such as the t2.micro EC2 instance type and a 30 GB SSH EBS volume. The goal is to get you comfortable with the AWS environment so you can learn how it can be used to host your applications.

Answer 1183

Low-volume consumption includes the retrieval of up to 10 GB of stored objects from Glacier or 62,000 outbound e-mails through Amazon SES. The goal is to give you the opportunity to launch proof-of-concept deployments.

Answer 1184

To accurately calculate the true costs of an AWS deployment, you must understand the pricing for the particular level of resource you launch within a particular AWS Region. Each service resource (like an EC2 instance) is billed by metrics unique to its characteristics.

Answer 1185

Pricing for all variations of the core AWS services is prebuilt into the calculator, allowing you to model pricing for multiple resource configurations.

Answer 1186

You can conveniently compare apples to apples - capital expenses for on-premises versus operating expenses for cloud - to know whether the AWS cloud is really right for your workload.

Answer 1187

Access to all service resources is restricted by default limits. In many cases, you can manually request limit increases from AWS support.

Answer 1188

AWS budgets can be configured to send alerts when your resource consumption approaches or passes a preset limit. Cost Explorer provides visualizations to more easily monitor historical and current costs. Cost and usage reports can send in-depth and ongoing CSV-formatted data to Redshift or QuickSight for analysis. You can use cost allocation tags to more effectively track and manage the source of account costs. The security and operations of multiple AWS accounts controlled by a single company can be managed through AWS Organizations.

Answer 1189

D. t2.micro EC2 instance type instances for a total of 750 hours per month Only the t2.micro instance type is Free Tier–eligible, and any combination of t2.micro instances can be run up to a total of 750 hours per month.

Answer 1190

B. Services that provide a service to end users through a public network IaaS products provide full infrastructure access, PaaS products mask complexity, and serverless architectures (like AWS Lambda) let developers run code on cloud servers.

Answer 1191

C. The ability of an application to increase or decrease compute resources to match changing demand Preconfiguring compute instances before they’re used to scale up an application is an element of scalability rather than elasticity. Efficient use of virtualized resources and billing models aren’t related directly to elasticity.

Answer 1192

A. The enormous number of servers it operates and D. Its highly automated infrastructure administration systems. Capitalized assets and geographic reach are important but don’t have a direct impact on operational scalability.

Answer 1193

The more complex and expensive your AWS deployments get, the more costly a configuration mistake becomes. You can think about more expensive AWS support levels much the same way you already think about hiring experienced and reliable admins. Whatever it takes to design and deploy a lean and security-hardened application is a justifiable business expense.

Answer 1194

The ongoing, personalized attention your account deployments receive from a TAM can make a significant difference in the quality of support. There’s nothing like having an expert insider involved in the planning and execution of your complex infrastructure.

Answer 1195

The AWS user guides are available in multiple formats (including HTML, PDF, Kindle, and, on GitHub, MarkDown) and methodically explain practical usage for AWS services at all levels. The Knowledge Centre is a large collection of FAQs covering hundreds of common problems and their solutions.

Answer 1196

The Trusted Advisor alerts are divided into five categories: Cost Optimization, Performance, Security, Fault Tolerance, and Services Limits. You should set up an administration routine that includes regular visits to the Trusted Advisor to see whether any important status checks have changed.

Answer 1197

A. Automated email alerts when activity approaches the Free Tier limits and B. The Top Free Tier Services by Usage section on the Billing & Cost Management Dashboard There is no Top Free Tier Services Dashboard or, for that matter, a Billing Preferences Dashboard.

Answer 1198

C. AWS online documentation relating to a particular service Wikipedia pages aren’t updated or detailed enough to be helpful in this respect. The AWS CLI isn’t likely to have much (if any) pricing information. The TCO Calculator shouldn’t be used for specific and up-to-date information about service pricing.

Answer 1199

A. Requests for raising the available service limit Pricing will normally change based on the volume of service units you consume and, often, between AWS Regions

Answer 1200

B. Not all AWS services are included. You can, in fact, calculate costs for a multiservice stack. The calculator pricing is kept up-to-date. You can specify very detailed configuration parameters.

Answer 1201

C. Free Usage Tier and D. Choose Region Calculate By Month Or Year is not an option, and since the calculator calculates only cost by usage, Include Multiple Organizations wouldn’t be a useful option.

Answer 1202

A. The tax implications of a cloud deployment The calculator covers all significant costs associated with an on-premises deployment but doesn’t include local or national tax implications.

Answer 1203

D. Number of servers The currency you choose to use will have little impact on price—it’s all relative, of course. The guest OS and region will make a difference, but it’s relatively minor.

Answer 1204

B. https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html

Answer 1205

A. To prevent individual customers from accidentally launching a crippling level of resource consumption Resource limits exist only within individual regions; the limits in one region don’t impact another. There’s no logistical reason that customers can’t scale up deployments at any rate. There are, in fact, no logical limits to the ability of AWS resources to scale upward.

Answer 1206

D. No. Some service limits are hard. While most service limits are soft and can be raised on request, there are some service limits that are absolute.

Answer 1207

D. Billing & Cost Management Dashboard The Cost Explorer and Cost and Usage Reports pages provide more in-depth and/or customized details. Budgets allow you to set alerts based on usage.

Answer 1208

C. To track particular categories of resource consumption Reservation budgets track the status of any active reserved instances on your account. Cost budgets monitor costs being incurred against your account. There is no budget type that correlates usage per unit cost to understand your account cost efficiency.

Answer 1209

D. Owner (username of resource owner) You can configure the period, instance type, and start/stop dates for a budget, but you can’t filter by resource owner.

Answer 1210

A. Cost Explorer displays visualizations of high-level historical and current account costs, while cost and usage reports generate granular usage reports in CSV format. Billing events aren’t triggers for alerts. Nothing about intrusion events is relevant.

Answer 1211

C. To help you identify resources for the purpose of tracking your account spending Tags are passive, so they can’t automatically trigger anything. Resource tags—not cost allocation tags—are meant to help you understand and control deployments. Tags aren’t associated with particular billing periods.

Answer 1212

A. A single company with multiple AWS accounts that wants a single place to administrate everything and C. A company that’s integrated some operations with an upstream vendor Companies with multiple users of resources in a single AWS account would not benefit from AWS Organizations, nor would a company with completely separated units. The value of AWS Organizations is in integrating the administration of related accounts.

Answer 1213

B. Cost Explorer Budgets are used to set alerts. Reports provide CSV-formatted data for offline processing. Consolidated Billing (now migrated to AWS Organizations) is for administrating resources across multiple AWS accounts.

Answer 1214

B. Developer Using the public documentation available through the Basic plan won’t be enough to address your specific needs. The Business and Enterprise plans are not necessary as you don’t yet have production deployments.

Answer 1215

D. Enterprise The lower three support tiers provide limited access to only lower-level support professionals, while the Enterprise plan provides full access to senior engineers and dedicates a technical account manager (TAM) as your resource for all your AWS needs.

Answer 1216

C. Help with making a bill payment to AWS Basic plan customers are given customer support access only for account management issues and not for technical support or security breaches.

Answer 1217

B. Provide deployment guidance and advocacy for Enterprise Support customers The TAM is available only for Enterprise Support customers. The primary function is one of guidance and advocacy.

Answer 1218

B. Business. Only the Business and Enterprise plans include help with troubleshooting interoperability between AWS resources and third-party software and operating systems. The Business plan is the least expensive that will get you this level of support.

Answer 1219

A. $120 The Developer plan costs the greater of $29 or 3 percent of the monthly usage. In this case, 3 percent of the month’s usage is $120.

Answer 1220

D. $2,310 The Business plan—when monthly consumption falls between $10,000 and $80,000 - costs the greater of $100 or 7 percent of the monthly usage. In this case, 7 percent of a single month’s usage ($11,000) is $770. The three month total would, therefore, be $2,310

Answer 1221

C. AWS Partner Network The AWS Professional Services site includes tech talk webinars, white papers, and blog posts. The Basic Support plan includes AWS documentation resources. The Knowledge Centre consists of FAQ documentation.

Answer 1222

A. The Professional Services product helps AWS Partner Network cloud professionals work alongside your own team to help you administrate your cloud infrastructure. The TAM is a cloud professional employed by AWS to guide you through the planning and execution of your infrastructure.

Answer 1223

B. Kindle and C. HTML Although DOC and DocBook are both popular and useful formats, neither is used by AWS for its documentation.

Answer 1224

A. https://aws.amazon.com/premiumsupport/knowledge-center and C. https://docs.aws.amazon.com The compare-plans page provides general information about support plans, and the professional-services site describes accessing that particular resource. Neither directly includes technical guides.

Answer 1225

D. To present solutions to commonly encountered technical problems using AWS infrastructure The Knowledge Centre is a FAQ for technical problems and their solutions. The main documentation site is much better suited to introduction-level guides. The https:// forums.aws.amazon.com site is the discussion forum for AWS users.

Answer 1226

B. https://aws.amazon.com/security/security-resources The Knowledge Center is a general FAQ for technical problems and their solutions. The docs.aws.amazon.com site is for general documentation. There is no https://aws.amazon.com/security/encryption page.

Answer 1227

A. The page URL will include the word latest. Version numbers are not publicly available, and the word Current isn’t used in this context.

Answer 1228

C. Replication Replication is, effectively, a subset of Fault Tolerance and therefore would not require its own category.

Answer 1229

A. Fault Tolerance Performance identifies configuration settings that might be blocking performance improvements. Security identifies any failures to use security best-practice configurations. Cost Optimization identifies any resources that are running and unnecessarily costing you money.

Answer 1230

B. Load Balancer Optimization and D. IAM Access Key Rotation Both the MFA and Service Limits checks are available for all accounts.

Answer 1231

Properly placing your cloud resources within the right region and Availability Zone - along with carefully setting appropriate access controls - can improve both application security and performance.

Answer 1232

The scalability of AWS resources means you can automate the process of increasing or decreasing the scale of a deployment based on need. This can automate application recovery after a crash.

Answer 1233

The ability to automatically redirect incoming requests away from a non-functioning instance and to a backup replacement is managed by a load balancer.

Answer 1234

AWS handles security and administration for its underlying physical infrastructure and for the full stack of all its managed services, while customers are responsible for everything else.

Answer 1235

Using AWS resources to commit crimes or launch attacks against any individual or organization will result in account suspension or termination.

Answer 1236

D. AWS GovCloud D. The AWS GovCloud Region is restricted to authorized customers only. Asia Pacific (Tokyo) is a normal Region. AWS Admin and US-DOD don’t exist (as far as we know, at any rate).

Answer 1237

B. It can make applications available to end users with lower latency. and C. It can make applications more compliant with local regulations. For most uses, distributing your application infrastructure between multiple AZs within a single Region gives them sufficient fault tolerance. While AWS services do enjoy a significant economy of scale - bring prices down - little of that is due to the structure of their Regions. Lower latency and compliance are the biggest benefits from this list.

Answer 1238

B. Launch parallel, load-balanced instances in multiple Availability Zones within a single AWS Region. Auto Scaling is an important working element of application high availability, but it’s not what most directly drives it (that’s load balancing). The most effective and efficient way to get the job done is through parallel, load-balanced instances in multiple Availability Zones, not Regions.

Answer 1239

A. One or more independently powered data centres running a wide range of hardware host types “Data centres running uniform host types” would describe an edge location. The data centres within a “broad geographic area” would more closely describe an AWS Region. AZs aren’t restricted to a single data centre.

Answer 1240

C. The block of IP addresses assigned for use within a single Availability Zone Imposing virtual networking limits on an instance would be the job of a security group or access control list. IP address blocks are not assigned at the Region level. Customers have no access to or control over AWS networking hardware.

Answer 1241

B. They (appear) to be displayed in random order. AWS displays AZs in (apparently) random order to prevent too many resources from being launched in too few zones.

Answer 1242

D. To ensure that a predefined service level is maintained regardless of external demand or instance failures Auto Scaling doesn’t focus on any one resource (physical or virtual) because it’s interested only in the appropriate availability and quality of the overall service. The job of orchestration is for load balancers, not auto-scalers.

Answer 1243

C. Resource redundancy Resource isolation can play an important role in security, but not reliability. Automation can improve administration processes, but neither it, nor geolocation, is the most effective reliability strategy.

Answer 1244

A. RDS and C. Elastic Block Store (EBS) RDS database instances and Lambda functions are not qualified CloudFront origins. EC2 load balancers can be used as CloudFront origins.

Answer 1245

D. Reduced latency access to your content no matter where your end users live CloudFront can’t protect against spam and, while it can complement your application’s existing redundancy and encryption, those aren’t its primary purpose.

Answer 1246

B. Managing domain name registration and traffic routing Countering the threat of DDoS attacks is the job of AWS Shield. Protecting web applications from web-based threats is done by AWS Web Application Firewall. Using Lambda to customize CloudFront behaviour is for Lambda Edge.

Answer 1247

A. The security of the cloud and B. Patching underlying virtualization software running in AWS data centres What’s in the cloud is your responsibility - it includes the administration of EC2-based operating systems.

Answer 1248

C. Whatever the customer can control (application code and/or configuration settings) is the customer’s responsibility. There’s no one easy answer, as some managed services are pretty much entirely within Amazon’s sphere, and others leave lots of responsibility with the customer. Remember, “if you can edit it, you own it.”

Answer 1249

D. Service Health Dashboard The AWS Billing Dashboard is focused on your account billing issues. Neither the AWS Acceptable Use Monitor nor the Service Status Dashboard actually exists. But nice try.

Answer 1250

B. AWS Acceptable Use Policy The correct document (and web page https://aws.amazon.com/aup/) for this information is the AWS Acceptable Use Policy.

Answer 1251

Make sure your root user has a strong password that is MFA-enabled and is never used for day-to-day administration tasks.

Answer 1252

Set an IAM password policy to force longer passwords using uppercase and lowercase letters, numbers, and nonstandard characters.

Answer 1253

Whether you’re looking to secure terminal connections to your EC2 servers, API access, or the privacy of your data, you’ll need to make use of AWS encryption services of one sort or another.

Answer 1254

Using standards such as SAML 2.0 and Microsoft’s Active Directory, you can incorporate external authentication into your AWS infrastructure, making it easy, for instance, for users of your mobile application to retrieve data from a DynamoDB database.

Answer 1255

KMS-managed keys are used across a wide range of AWS services, including EBS, RDS, DynamoDB, and S3.

Answer 1256

AWS Artifact provides access to official documentation on the compliance of AWS infrastructure relating to any one of dozens of government or industry security standards.

Answer 1257

A. Identity and access management Identity and Access Management (IAM) is primarily focused on helping you control access to your AWS resources. KMS handles access keys. EC2 manages SSH key pairs. While IAM does touch on federated management, that’s not its primary purpose.

Answer 1258

A. Require at least one uppercase letter., B. Require at least one number. and D. Require at least one nonalphanumeric character. Including a space or null character is not a password policy option.

Answer 1259

C. Enable MFA. and D. Create a strong password. The root user should not be used for day-to-day admin tasks—even as part of an “admin” group. The goal is to protect root as much as possible.

Answer 1260

D. Users authenticate using a password and also either a physical or virtual MFA device. MFA requires at least two (“multi”) authentication methods. Those will normally include a password (something you know) and a token sent to either a virtual or physical MFA device (something you have).

Answer 1261

B. Assign users requiring similar permissions to IAM groups. While assigning permissions and policy-based roles will work, it’s not nearly as efficient as using groups, where you need to set or update permissions only once for multiple users

Answer 1262

C. Permissions granted a trusted entity over specified AWS resources An IAM role is meant to be assigned to a trusted entity (like another AWS service or a federated identity). A “set of permissions” could refer to a policy. A set of IAM users could describe a group.

Answer 1263

A. You can provide users authenticated through a third-party identity provider access to backend resources used by your mobile app. and D. You can provide admins authenticated through AWS Microsoft AD with access to a Microsoft SharePoint farm running on AWS. Federated identities are for permitting authenticated entities access to AWS resources and data. They’re not for importing anything from external accounts—neither data nor guidance.

Answer 1264

D. The current state of security of your IAM users’ access credentials The credential report focuses only on your users’ passwords, access keys, and MFA status. It doesn’t cover actual activities or general security settings.

Answer 1265

B. CSV The credential report is saved to the comma-separated values (spreadsheet) format.

Answer 1266

The Management Console is required if you want to use the point-and-click interface and want to view visual elements such as CloudWatch graphs or Cost Explorer graphs. You can log into the Management Console using an e-mail address and password for the root account. If you’re logging in as an IAM user, you’ll need the account alias or number, IAM username, and password. If MFA is set up, you’ll be prompted for an MFA one-time passcode. The AWS CLI is what you’ll use to manage your AWS resources manually from the command line or using scripts. It’s good for repetitive or bulk tasks that would take a long time using the Web. To use the CLI, you need an access key ID and secret key.

Answer 1267

Resource tags are keys associated with your AWS resources. A key can optionally contain a value. You can use tags to label your resources according to whatever you like, be it owner, business unit, or environment. You can group resources into a resource group according to resource tags or CloudFormation stacks.

Answer 1268

CloudWatch can collect logs and metrics from AWS and non-AWS services. Many AWS services such as EC2 automatically send metric data to CloudWatch. You can create alarms to trigger when a metric falls above or below a threshold. In response to an alarm, you can send a notification using SNS, or you can take an action using an Auto Scaling action or EC2 action. You can also graph metrics to view trends visually. CloudWatch Logs lets you aggregate and search log files. Some services, such as VPC and Route 53, can be configured to stream vended logs to CloudWatch logs. You can extract metrics from these logs using metric filters. CloudWatch events let you take actions in response to specific events that occur with your AWS resources, such as launching an EC2 instance or creating an S3 bucket. Unlike alarms that are triggered by metrics crossing a threshold, CloudWatch Events acts in response to specific API operations.

Answer 1269

AWS offers SDKs for a variety of programming languages and platforms. You can use the SDKs to quickly develop desktop, server, web-based, or mobile apps that use AWS services. Although many AWS services offer the HTTPS-based AWS Query API that you can interface with directly, the SDKs handle the heavy lifting of request authentication, serialization, and connection management, freeing you up to write your application without having to learn the nitty-gritty API details of every AWS service you want to use.

Answer 1270

CloudTrail logs management and data operations on your account. By default, it logs 90 days of management events per region. If you want to log more than this or customize which events it logs, you can create a trail to log those events and store them in an S3 bucket. You can optionally stream CloudTrail logs to CloudWatch for storage, searching, and analysis.

Answer 1271

An instance requires a base OS (AMI) and - optionally - an application stack, an instance type for its hardware profile, and either an EBS or an instance volume for storage.

Answer 1272

The Quick Start and Marketplace AMIs are supported by Amazon or a recognized third-party vendor, which may not be true of AMIs selected from the Community collection. In any case, you should confirm whether using a particular AMI will incur extra charges beyond the normal EC2 usage.

Answer 1273

Instance types are divided into type families, each of which focuses on a functional niche (general purpose, compute optimized, memory optimized, accelerated computing, and storage optimized). Your application needs and budget will determine which instance type you choose.

Answer 1274

EBS volumes are versatile (they can, for instance, be converted into AMIs) and will survive an instance shutdown. Instance store volumes, on the other hand, provide faster reads and writes and can be more secure for some purposes. Which storage you use will often depend on the instance type you choose.

Answer 1275

On-demand is the most expensive way to consume EC2 instances, but it’s also flexible and reliable (you control when an instance starts or stops). Reserved instances work well for instances that must remain running for longer periods of time. Spot instances are the least expensive but can be shut down with only a two-minute warning.

Answer 1276

Amazon Lightsail provides blueprints for simplified flat-rate deployments using EC2 resources under the hood. Lightsail deployments can, if needed, be transferred to regular EC2 infrastructure without service interruption. Elastic Beanstalk manages the underlying infrastructure for your application and automatically scales according to demand.

Answer 1277

Containers - like Docker - share the OS kernel and device drivers with their host and share common software layers with each other to produce fast and lightweight applications. ECS and EKS are AWS services focused on simplifying Docker orchestration within the EC2 framework. Lambda functions are designed to respond to event triggers to launch short-lived operations.

Answer 1278

Durability is the likelihood that an object won’t be lost over the course of a year. Availability is the percentage of time an object will be accessible during the year.

Answer 1279

S3 offers six storage classes. STANDARD has the highest availability at 99.99 percent, replicates objects across at least three zones, and is the most expensive in terms of monthly storage cost per gigabyte. ONEZONE_IA has the lowest availability at 99.5 percent and stores objects in only one zone, and its monthly per-gigabyte storage cost is less than half that of the STANDARD storage class.

Answer 1280

You can upload or download an object by using the S3 service console, by using the AWS CLI, or by directly accessing the object’s URL. AWS Storage Gateway lets your on-premises servers use industry-standard storage protocols such as iSCSI, NFS, and SMB to transfer data to and from S3. AWS Snowball and Snowball Edge allow secure physical transport of data to and from S3.

Answer 1281

Use bucket policies or ACLs to grant anonymous access to objects, such as webpages or images you want made public. Use user policies to grant specific IAM principals in your account access to objects.

Answer 1282

S3 offers highly available, real-time retrieval of objects. Retrieving data from Glacier is a two-step process that requires first requesting an archive using the Expedited, Standard, or Bulk retrieval option and then downloading the archive once the retrieval is complete.

Answer 1283

S3 offers server-side and client-side encryption to protect objects at rest from unauthorized access. Versioning helps protect against object overwrites and deletions. Object life cycle configurations let you delete objects or move them to different storage classes after they reach a certain age.

Answer 1284

File gateways offer access to S3 via the NFS and SMB storage protocols. Volume gateways and tape gateways offer access via the iSCSI block storage protocol, but tape gateways are specifically designed to work with common backup applications.

Answer 1285

Relational databases are designed for structured data that contains a defined number of attributes per record. They let you perform complex queries against a variety of dimensions, making them ideal for reporting and analytics. Nonrelational databases are designed for data that doesn’t follow a predictable structure. Each item in a nonrelational database must have a primary key, and you can query based on that key.

Answer 1286

You can scale an RDS instance vertically by upgrading to a larger instance class to give it more processing power, memory, or disk or network throughput. You can also select provisioned IOPS SSD storage to ensure your instance always achieves the storage performance it needs. For horizontal scaling of reads, your only option is to use read replicas.

Answer 1287

An RDS deployment consists of at least one instance. You must select an instance class that defines the vCPUs and memory for the instance. You must also select a database engine. For storage, you must select general-purpose or provisioned IOPS SSD. Magnetic storage is a legacy option that’s not available for new deployments. You can also add read replicas to scale horizontally to improve read performance. In a multi-AZ deployment, you can add additional secondary instances that the primary synchronously replicates data to.

Answer 1288

You can schedule automatic snapshots for your RDS instance to occur daily during a 30-minute backup window of your choice. Backups are retained between 1 day and 35 days. Enabling automatic backups also enables point-in-time recovery, allowing the restoration of a failed database up to 5 minutes prior to failure. Restoring from a snapshot entails creating a new instance from the snapshot. You can also take a manual snapshot at any time.

Answer 1289

DynamoDB stores data as items in tables. Each item must have primary key whose values are unique within the table. This is how DynamoDB uniquely identifies an item. The primary key’s name and data type must be defined when the table is created. When you create an item, you can also add other attributes in addition to the primary key. DynamoDB uses the primary key to distribute items across different partitions. The number of partitions allocated to a table depends on the number of WCU and RCU you configure.

Answer 1290

Redshift is a data-warehousing service for storing and analysing structured data from multiple sources, including relational databases and S3. Redshift can store much more data than RDS, up to 2 PB!

Answer 1291

The key components of a VPC include at least one subnet, security groups, network access control lists (NACLs), and internet gateways.

Answer 1292

You can connect to resources in a VPC over the internet, a Direct Connect link, a VPC peering connection, or a virtual private network (VPN) connection.

Answer 1293

A public hosted zone allows anyone on the internet to resolve records for the associated domain name. A private hosted zone allows resolution only from resources within the associated VPCs.

Answer 1294

All routing policies except the Simple routing policy can use health checks to route around failures. If you want to direct traffic to any available resource, Failover, Weighted, and Multivalue Answer routing policies will suffice. If performance is a concern, choose a Latency routing policy. If you need to direct users based on their specific location, use a Geolocation routing policy.

Answer 1295

CloudFront caches objects in edge locations around the world and automatically directs users to the edge location that will give them the best performance at any given time.

Answer 1296

CloudFront is designed to give users the fastest possible access to content regardless of their physical location. By caching content in edge locations that are distributed around the world, CloudFront helps ensure that your content is always close to your users.

Answer 1297

CloudFormation can automatically deploy, change, and even delete AWS resources in one fell swoop.

Answer 1298

They can help automate some or all of the software development, testing, and deployment process.

Answer 1299

EC2 Auto Scaling automatically provisions a set number of EC2 instances. You can optionally have it scale in or out according to demand or a schedule.

Answer 1300

Systems Manager Command documents let you automate tasks against your instance operating systems, such as patching, installing software, enforcing configuration settings, and collecting inventory. Automation documents let you automate many administrative AWS tasks that would otherwise require using the management console or CLI.

Answer 1301

OpsWorks for Puppet Enterprise and OpsWorks for Chef Automate also let you configure your instances and deploy software but do so using the declarative language of Puppet modules or Chef recipes.

Answer 1302

OpsWorks Stacks can automate the build and deployment of an application and its supporting infrastructure.

Answer 1303

Automation allows common, repetitive tasks to be executed faster than doing them manually and reduces the risk of human error. When you automate infrastructure builds using code, the code simultaneously serves as de facto documentation. Code can be placed into version control, making it easy to track changes and even roll back when necessary.

Answer 1304

The practice of continuous integration involves developers regularly checking in code as they create or change it. An automated process performs build and test actions against it. This immediate feedback loop allows developers to fix problems quickly and early.

Answer 1305

Continuous delivery expands upon continuous integration but includes deploying the application to production after a manual approval. This effectively enables push-button deployment of an application to production.

Answer 1306

The five pillars are reliability, performance efficiency, security, cost optimization, and operational excellence. AWS describes these pillars at length in the AWS Well-Architected Framework white paper that you can find at https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf. You don’t need to read the entire white paper for the exam, but you must know the five pillars.

Answer 1307

Architecting AWS infrastructure from the ground up is beyond the scope of the exam. But you should be able to look at an AWS Solution Architect’s diagram and explain some of the ways the resources achieve reliability, cost optimization, performance efficiency, security, or operational excellence.

Answer 1308

If given two different implementation options for a given scenario, be able to identify some of the advantages and disadvantages of each. For example, you should know some of the trade-offs between using spot pricing for an EC2 instance versus on-demand pricing.

Answer 1309

If given two different implementation options for a given scenario, be able to identify some of the advantages and disadvantages of each. For example, you should know some of the trade-offs between using spot pricing for an EC2 instance versus on-demand pricing.

Answer 1310

Athena lets you use SQL queries to find data stored in S3. If you have data stored in CSV, JSON, ORC, Avro, or Parquet format, simply upload it to S3 and use Athena to query it. Athena is serverless, so there’s no need to provision your own database or import your data into it. For more information, visit https://aws.amazon.com/athena/.

Answer 1311

AWS Backup lets you centrally configure backup policies and monitor backup activity for all of your data stored on AWS. It supports EBS volumes, RDS databases, DynamoDB tables, EFS file systems, and Storage Gateway volumes. For more information, visit https://aws.amazon.com/backup/.

Answer 1312

Data can live in a variety of places on AWS. AWS Glue can discover, clean, and bring this data together in one place for analysis using the Apache Spark big data framework. It can extract and analyse data from S3 objects and relational databases such as MySQL, Oracle, and Microsoft SQL Server. For more information, visit https://aws.amazon.com/glue/.

Answer 1313

Batch computing jobs are used for performing complex analysis on large data sets. Some examples of batch computing include financial risk modelling, graphics processing, simulations, and even analysing genomes. Batch allows you to run thousands of batch computing jobs on AWS without having to build any infrastructure. Simply define your batch job as a Docker container and submit it, and AWS takes care of the rest. For more information, visit https://docs.aws.amazon.com/batch/.

Answer 1314

Cognito lets you add user access control to your application. Cognito integrates with many identity providers including Amazon, Google, Microsoft Active Directory, and Facebook. You can also use Cognito to provide your users access to AWS resources without having to give them their own IAM credentials. For more information, visit https://aws.amazon.com/cognito/.

Answer 1315

Database Migration Service (DMS) makes it easy to migrate data from one database to another, whether it’s in the cloud or on-premises. DMS supports both relational databases such as Aurora, Oracle, Microsoft SQL Server, MariaDB, and PostgreSQL, as well as nonrelational databases including MongoDB, DocumentDB, and DynamoDB. DMS also supports migrating data to S3, Elasticsearch, and Kinesis Data Streams. For more information, visit https://docs.aws.amazon.com/dms/.

Answer 1316

The Elastic File System (EFS) is a scalable file system for Linux instances. You can attach multiple instances to a single EFS volume so that they can all share the same files. EFS volumes are highly available, spanning multiple Availability Zones in a single VPC. EFS can scale up to petabytes in size without disruption and automatically scales down so you’re not charged for space you’re not using. Unused files are automatically moved to a cost-optimized storage class. For more information, visit https://aws.amazon.com/efs/.

Answer 1317

Elastic MapReduce (EMR) lets you analyse enormous amounts of data stored in the cloud. EMR supports the Apache Hadoop, Apache Spark, HBase, Presto, and Flink big data platforms. For more information, visit https://aws.amazon.com/emr/.

Answer 1318

Inspector analyzes your EC2 instances for security vulnerabilities and common misconfigurations. For more information, visit https://aws.amazon.com/inspector/.

Answer 1319

Kinesis can ingest and process large amounts of data in real time. It’s useful for analysing large amounts of streaming data including access logs, video, audio, and telemetry. For more information, visit https://aws.amazon.com/kinesis/.

Answer 1320

Macie automatically finds and classifies sensitive data stored in AWS. It uses machine learning to recognize sensitive data such as personally identifiable information or trade secrets and shows you how that data is being used in AWS. For more information, visit https://aws.amazon.com/macie/.

Answer 1321

Neptune is a graph database that you can use to store and query highly connected data sets. It’s useful for recommendation engines, social networks, fraud detection, and network security. For more information, visit https://aws.amazon.com/neptune/.

Answer 1322

Simple Queue Service (SQS) enables developers to create decoupled, distributed applications in the cloud. SQS is a message broker that different components of your application can use to send messages to each other. SQS scales automatically to accommodate any volume. For more information, visit https://aws.amazon.com/sqs/

Answer 1323

WorkDocs is a secure content sharing and collaboration service. You can store any type of file in WorkDocs, and it provides preview and commenting functionality for documents such as Microsoft Office files, PDFs, and text files. For more information, visit https:// aws.amazon.com/workdocs/.

Answer 1324

Workspaces lets you provision Linux or Windows virtual desktops in the cloud. AWS manages the operating system, patching, and virtual desktop infrastructure. Users can connect to their virtual desktops from any PC and a variety of mobile devices. For more information, visit https://aws.amazon.com/workspaces/.

Answer 1325

A. AdministratorAccess Your admin user will need broad access to be effective, so AmazonS3FullAccess and AmazonEC2FullAccess - which open up only S3 and EC2, respectively - won’t be enough. There is no AdminAccess policy.

Answer 1326

D. An access key ID and secret access key “Programmatic access” users don’t sign in through the AWS Management Console; they access through APIs or the AWS CLI. They would therefore not need passwords or MFA. An access key ID alone without a matching secret access key is worthless.

Answer 1327

B. Their username and password When the correct login page (such as https://291976716973.signin.aws.amazon.com/console) is loaded, an IAM user only needs to enter a username and a valid password. Account numbers and secret access keys are not used for this kind of authentication.

Answer 1328

C. A client-side master key In-transit encryption requires that the data be encrypted on the remote client before uploading. Server-side encryption (either SSE-S3 or SSE-KMS) only encrypts data within S3 buckets. DynamoDB is a NoSQL database service.

Answer 1329

A. Existing AWS Elastic Block Store volumes You can only encrypt an EBS volume at creation, not later.

Answer 1330

D. Customer master key A client-side master key is used to encrypt objects before they reach AWS (specifically S3). There are no keys commonly known as either SSH or KMS master keys.

Answer 1331

C. PCI DSS SSE-KMS are KMS-managed server-side keys. FedRAMP is the U.S. government’s Federal Risk and Authorization Management Program (within which transaction data protection plays only a relatively minor role). ARPA is the Australian Prudential Regulation Authority.

Answer 1332

B. They attest to AWS infrastructure compliance with data accountability standards like Sarbanes–Oxley. SOC isn’t primarily about guidance or risk assessment, and it’s definitely not a guarantee of the state of your own deployments. SOC reports are reports of audits on AWS infrastructure that you can use as part of your own reporting requirements.

Answer 1333

A. They can help you confirm that your deployment infrastructure is compliant with regulatory standards. and B. They can provide insight into various regulatory and industry standards that represent best practices. AWS Artifact documents are about AWS infrastructure compliance with external standards. They tangentially can also provide insight into best practices. They do not represent internal AWS design or policies.

Answer 1334

D. Identity and Access Management (IAM) username You can sign in as the root user or as an IAM user. Although you need to specify the account alias or account ID to log in as an IAM user, those are not credentials. You can’t log in to the console using an access key ID.

Answer 1335

A. You’ve selected the wrong region in the navigation bar. If a resource that should be visible appears to be missing, you may have the wrong Region selected. Since you’re logged in as the root, you have view access to all resources in your account. You don’t need an access key to use the console. You can’t select an Availability Zone in the navigation bar.

Answer 1336

A. A secret key The AWS CLI requires an access key ID and secret key. You can use those of an IAM user or the root user. Outbound network access to TCP port 443 is required, not port 80. Linux is also not required, although you can use the AWS CLI with Linux, macOS, or Windows. You also can use the AWS Console Mobile Application with Android or iOS devices.

Answer 1337

A. The MSI installer and D. Using Python and pip You can use Python and the pip package manager or (with the exception of Windows Server 2008) the MSI installer to install the AWS CLI on Windows. AWS SDKs don’t include the AWS CLI. Yum and Aptitude are package managers for Linux only.

Answer 1338

B. JavaScript, D. Java and E. PHP AWS offers SDKs for JavaScript, Java, and PHP. There are no SDKs for Fortran. JSON is a format for representing data, not a programming language.

Answer 1339

A. AWS Mobile SDK for Unity and B. AWS Mobile SDK for .NET and Xamarin The AWS Mobile SDK for Unity and the AWS Mobile SDK for .NET and Xamarin let you create mobile applications for both Android and Apple iOS devices. The AWS SDK for Go doesn’t enable development of mobile applications for these devices. The AWS Mobile SDK for iOS supports development of applications for Apple iOS devices but not Android.

Answer 1340

A. JavaScript and B. C++ AWS IoT device SDKs are available for C++, Python, Java, JavaScript, and Embedded C. There isn’t one available for Ruby or Swift.

Answer 1341

A. The AWS SDKs allow you to use popular programming languages to write applications that interact with AWS services. and B. The AWS CLI allows you to interact with AWS services from a terminal. The AWS CLI is a program that runs on Linux, macOS, or Windows and allows you to interact with AWS services from a terminal. The AWS SDKs let you use your favourite programming language to write applications that interact with AWS services.

Answer 1342

B. Metrics CloudWatch metrics store performance data from AWS services. Logs store text-based logs from applications and AWS services. Events are actions that occur against your AWS resources. Alarms monitor metrics. Metric filters extract metric information from logs.

Answer 1343

B. Viewing an S3 bucket from the AWS Management Console and D. Listing IAM users from the AWS Command Line Interface (CLI) Viewing an AWS resource triggers an API action regardless of whether it’s done using the AWS Management Console or the AWS CLI. Configuring the AWS CLI doesn’t trigger any API actions. Logging into the AWS Management Console doesn’t trigger an API action

Answer 1344

A. Use CloudTrail event history. The CloudTrail event history log stores the last 90 days of management events for each Region. Creating a trail is overkill and not as cost-effective since it would involve storing logs in an S3 bucket. Streaming CloudTrail logs to CloudWatch would require creating a trail. CloudWatch Events doesn’t log management events.

Answer 1345

A. Stream CloudTrail logs to CloudWatch Logs. and D. Create a trail to log S3 data events. Creating a trail in the Region where the bucket exists will generate CloudTrail logs, which you can then stream to CloudWatch for viewing and searching. CloudTrail event history doesn’t log data events. CloudTrail logs global service events by default, but S3 data events are not included.

Answer 1346

B. It lets you assert that no CloudTrail log files have been deleted from S3. Log file integrity validation uses cryptographic hashing to help you assert that no CloudTrail log files have been deleted from S3. It doesn’t prevent tampering or deletion and can’t tell you how a file has been tampered with. Log file integrity validation has nothing to do with CloudWatch.

Answer 1347

D. Costs and usage reports The costs and usage reports show you your monthly spend by service. The reserved instances reports and reserved instance recommendations don’t show actual monthly costs.

Answer 1348

A. Amazon Relational Database Service (RDS) RDS lets you purchase reserved instances to save money. Lambda, S3, and Fargate don’t use instances.

Answer 1349

D. Your instances are already covered by reservations. Cost Explorer will make reservation recommendations for EC2, RDS, ElastiCache, Redshift, and Elasticsearch instances. You need to select the service you want it to analyse for recommendations. But Cost Explorer will not make recommendations for instances that are already covered by reservations. Because your Elasticsearch instances have been running continuously for at least the past seven days, that usage would be analysed.

Answer 1350

C. To serve as a source image from which an instance’s primary storage volume is built. An instance’s hardware profile is defined by the instance type. High-volume (or low volume) data processing operations and data streams can be handled using any storage volume or on any instance (although some may be better optimized than others).

Answer 1351

A. AWS Marketplace The Quick Start includes only the few dozen most popular AMIs. The Community tab includes thousands of publicly available AMIs—whether verified or not. The My AMIs tab only includes AMIs created from your account

Answer 1352

B. Compute optimized and D. Accelerated computing c5d.18xlarge and t2.micro are the names of EC2 instance types, not instance type families.

Answer 1353

A. An EC2 instance running on a physical host reserved for the exclusive use of a single AWS account An EC2 instance that runs on a physical host reserved for and controlled by a single AWS account is called a dedicated host. A dedicated host is not an AMI, nor is it an instance type.

Answer 1354

C. A virtualized partition of a physical storage drive that’s not directly connected to the EC2 instance it’s associated with A virtualized partition of a physical storage drive that is directly connected to the EC2 instance it’s associated with is known as an instance store volume. A software stack archive packaged to make it easy to copy and deploy to an EC2 instance describes an EC2 AMI. It’s possible to encrypt EBS volumes, but encryption doesn’t define them.

Answer 1355

C. Instance store volumes provide faster data read/write performance. and D. Instance store volumes are connected directly to your EC2 instance. Instance store volumes cannot be encrypted, nor will their data survive an instance shutdown. Those are features of EBS volumes.

Answer 1356

B. On-demand Spot instances are unreliable for this sort of usage since they can be shut down unexpectedly. Reserved instances make economic sense where they’ll be used 24/7 over long stretches of time. “Dedicated” isn’t a pricing model.

Answer 1357

A. Charges for any instances you run matching the reserved instance type will be covered by the reservation. There’s no real need for guaranteed available capacity since it’s extremely rare for AWS to run out. You choose how you’ll pay for a reserved instance. All Upfront, Partial Upfront, and No Upfront are available options, and there is no automatic billing. An instance would never be launched automatically in this context.

Answer 1358

A. Big data processing workloads and C. Continuous integration development environments. Because spot instances can be shut down, they’re not recommended for applications that provide any kind of always-on service.

Answer 1359

C. Elastic Beanstalk and D. Lightsail Elastic Block Store provides storage volumes for Lightsail and Beanstalk (and for EC2, for that matter). Elastic Compute Cloud (EC2) provides application deployment, but no one ever accused it of being simple.

Answer 1360

A. Lightsail Beanstalk, EC2 (non-reserved instances), and RDS all bill according to actual usage.

Answer 1361

B. Gitlab and D. LAMP Ubuntu is an OS, not a stack. WordPress is an application, not a stack.

Answer 1362

B. Lightsail and C. Elastic Beanstalk Elastic Block Store is, for practical purposes, an EC2 resource. RDS is largely built on its own infrastructure.

Answer 1363

A. Elastic Container Service and C. Elastic Beanstalk While you could, in theory at least, manually install Docker Engine on either a Lightsail or EC2 instance, that’s not their primary function.

Answer 1364

A. Docker and B. Kubernetes Both Lambda and Lightsail are compute services that - while they might possibly make use of containers under the hood - are not themselves container technologies.

Answer 1365

D. It can be set as the runtime environment for a function. Python is, indeed, a valid choice for a function’s runtime environment. There is no one “primary” language for Lambda API calls.

Answer 1366

A. 15 minutes A. While the maximum time was, at one point, 5 minutes, that’s been changed to 15.

Answer 1367

B. Use a globally unique bucket name. Bucket names must be globally unique across AWS, irrespective of Region. The length of the bucket name isn’t an issue since it’s between 3 and 63 characters long. Storage classes are configured on a per-object basis and have no impact on bucket naming.

Answer 1368

A. EBS stores volumes. and D. S3 stores objects. S3 is an object storage service, while EBS is a block storage service that stores volumes. EBS snapshots are stored in S3. S3 doesn’t store volumes, and EBS doesn’t store objects.

Answer 1369

A. Bucket policies and B. Access control lists You can use bucket policies or access control lists (ACLs) to grant anonymous users access to an object in S3. You can’t use user policies to do this, although you can use them to grant IAM principals access to objects. Security groups control access to resources in a virtual private cloud (VPC) and aren’t used to control access to objects in S3.

Answer 1370

C. S3 Glacier, and D. Glacier is the most cost effective. Both S3 and Glacier are designed for durable, long-term storage and offer the same level of durability. Data stored in Glacier can be reliably retrieved within eight hours using the Expedited or Standard retrieval options. Data stored in S3 can be retrieved even faster than Glacier. S3 can store objects up to 5 TB in size, and Glacier can store archives up to 40 TB. Both S3 or Glacier will meet the given requirements, but Glacier is the more cost-effective solution.

Answer 1371

B. Create a vault You can create or delete vaults from the Glacier service console. You can’t upload, download, or delete archives. To perform archive actions, you must use the AWS Command Line Interface, an AWS SDK, or a third-party program. Glacier doesn’t use buckets.

Answer 1372

D. Standard The Standard retrieval option typically takes 3 to 5 hours to complete. Expedited takes 1 to 5 minutes, and Bulk takes 5 to 12 hours. There is no Provisioned retrieval option, but you can purchase provisioned capacity to ensure Expedited retrievals complete in a timely manner.

Answer 1373

A. 1 byte A Glacier archive can be as small as 1 byte and as large as 40 TB. You can’t have a zero-byte archive.

Answer 1374

B. Tape gateway and D. Volume gateway The tape gateway and volume gateway types let you connect to iSCSI storage. The file gateway supports NFS. There’s no such thing as a cached gateway.

Answer 1375

B. S3 buckets All AWS Storage Gateway types - file, volume, and tape gateways primarily store data in S3 buckets. From there, data can be stored in Glacier or EBS snapshots, which can be instantiated as EBS volumes.

Answer 1376

A. AWS Storage Gateway—file gateway, B. iSCSI, D. SMB, and E. AWS Storage Gateway—volume gateway. The AWS Storage Gateway allows transferring files from on-premises servers to S3 using industry-standard storage protocols. The AWS Storage Gateway functioning as a file gateway supports the SMB and NFS protocols. As a volume gateway, it supports the iSCSI protocol. AWS Snowball and the AWS CLI also provide ways to transfer data to S3, but using them requires installing third-party software.

Answer 1377

A. Stored volumes asynchronously back up data to S3 as EBS snapshots., C. Cached volumes locally store only a frequently used subset of data., E. Cached volumes can be up to 32 TB in size. The volume gateway type offers two configurations: stored volumes and cached volumes. Stored volumes store all data locally and asynchronously back up that data to S3 as EBS snapshots. Stored volumes can be up to 16 TB in size. In contrast, cached volumes locally store only a frequently used subset of data but do not asynchronously back up the data to S3 as EBS snapshots. Cached volumes can be up to 32 TB in size.

Answer 1378

C. 72 TB The 80 TB Snowball device offers 72 TB of usable storage and is the largest available. The 50 TB Snowball offers 42 TB of usable space.

Answer 1379

A. It enforces encryption at rest. and B. It uses a Trusted Platform Module (TPM) chip. AWS Snowball enforces encryption at rest and in transit. It also uses a TPM chip to detect unauthorized changes to the hardware or software. Snowball doesn’t use NFS encryption, and it doesn’t have tamper-resistant network ports.

Answer 1380

B. The Snowball Client The Snowball Client lets you transfer files to or from a Snowball using a machine running Windows, Linux, or macOS. It requires no coding knowledge, but the S3 SDK Adapter for Snowball does. Snowball doesn’t support the NFS, iSCSI, or SMB storage protocols.

Answer 1381

A. Snowball Edge supports copying files using NFS., and D. Snowball Edge can run EC2 instances. Snowball Edge offers compute power to run EC2 instances and supports copying files using the NFSv3 and NFSv4 protocols. Snowball devices can’t be clustered and don’t have a QFSP+ port.

Answer 1382

B. Compute Optimized with GPU The Snowball Edge - Compute Optimized with GPU option is optimized for machine learning and high-performance computing applications. Although the Compute Optimized and Storage Optimized options could work, they aren’t the best choices. There’s no Network Optimized option.

Answer 1383

B. Snowball Edge with the Compute Optimized configuration Snowball Edge with the Compute Optimized configuration includes a QSFP+ network interface that supports up to 100 Gbps. The Storage Optimized configuration has a QSFP+ port that supports only up to 40 Gbps. The 80 TB Snowball supports only up to 10 Gbps. A storage gateway is a virtual machine, not a hardware device.

Answer 1384

B. Relational A relational database stores data in columns called attributes and rows called records. Nonrelational databases - including key-value stores and document stores - store data in collections or items but don’t use columns or rows.

Answer 1385

C. A schemaless nonrelational database A no-SQL database is another term for a nonrelational database. By definition, nonrelational databases are schemaless and must use primary keys. There’s no such thing as a schemaless relational database. No-SQL is never used to describe a relational database of any kind.

Answer 1386

B. Elastic Block Store (EBS) volumes RDS instances use EBS volumes for storage. They no longer can use magnetic storage. Instance volumes are for temporary, not database storage. You can take a snapshot of a database instance and restore it to a new instance with a new EBS volume, but an RDS instance can’t use a snapshot directly for database storage.

Answer 1387

A. MySQL and B. PostgreSQL Aurora is Amazon’s proprietary database engine that works with existing PostgreSQL and MySQL databases. Aurora doesn’t support MariaDB, Oracle, or Microsoft SQL Server.

Answer 1388

B. Multi-AZ and C. Snapshots Multi-AZ and snapshots can protect your data in the event of an Availability Zone failure. Read replicas don’t use synchronous replication and may lose some data. IOPS is a measurement of storage throughput. Vertical scaling refers to changing the instance class but has nothing to do with preventing data loss.

Answer 1389

B. Amazon Aurora Amazon Aurora uses a shared storage volume that automatically expands up to 64 TB. The Microsoft SQL Server and Oracle database engines don’t offer this. Amazon Athena is not a database engine.

Answer 1390

A. Multi-AZ Multi-AZ lets your database withstand the failure of an RDS instance, even if the failure is due to an entire Availability Zone failing. Read replicas are a way to achieve horizontal scaling to improve performance of database reads but don’t increase availability. Point-in-time recovery allows you to restore a database up to a point in time but doesn’t increase availability.

Answer 1391

B. It’s backed by solid-state drives., and D. It’s replicated across multiple Availability Zones. A partition is an allocation of storage backed by solid-state drives and replicated across multiple Availability Zones. Tables are stored across partitions, but tables do not contain partitions. A primary key, not a partition, is used to uniquely identify an item in a table.

Answer 1392

D. Items in a table don’t have to have all the same attributes. Items in a DynamoDB table can have different attributes. For example, one item can have five attributes, while another has only one. A table can store items containing multiple data types. There’s no need to predefine the number of items in a table. Items in a table can’t have duplicate primary keys.

Answer 1393

C. Increase write capacity units (WCU) and E. Enable DynamoDB Auto Scaling. Increasing WCU or enabling Auto Scaling will improve write performance against a table. Increasing or decreasing RCU won’t improve performance for writes. Decreasing WCU will make write performance worse.

Answer 1394

C. Scan A scan requires reading every partition on which the table is stored. A query occurs against the primary key, enabling DynamoDB to read only the partition where the matching item is stored. Writing and updating an item are not read-intensive operations.

Answer 1395

D. A randomly generated customer ID number A primary key must be unique within a table. A full name, phone number, or city may not be unique, as some customers may share the same name or phone number. A randomly generated customer ID number would be unique and appropriate for use as a primary key.

Answer 1396

B. Dense compute Dense compute nodes use magnetic disks. Dense storage nodes use SSDs. There are no such nodes as dense memory or cost-optimized.

Answer 1397

A. Redshift Spectrum Redshift Spectrum can analyse structured data stored in S3. There is no such service as Redshift S3. Amazon Athena can analyse structured data in S3, but it’s not a feature of Redshift. Amazon RDS doesn’t analyse data stored in S3.

Answer 1398

B. Data warehouse A data warehouse stores large amounts of structured data from other relational databases. It’s not called a data storehouse or a report cluster. Dense storage node is a type of Redshift compute node.

Answer 1399

A. 2 PB Dense storage nodes can be used in a cluster to store up to 2 PB of data. Dense compute nodes can be used to store up to 326 TB of data.

Answer 1400

A. 10.0.0.0/28 A VPC or subnet CIDR can have a size between /16 and /28 inclusive, so 10.0.0.0/28 would be the only valid CIDR.

Answer 1401

B. A subnet must have a CIDR that’s a subset of the CIDR of the VPC in which it resides., and C. A subnet spans one Availability Zone. A subnet exists in only one Availability Zone, and it must have a CIDR that’s a subset of CIDR of the VPC in which it resides. There’s no requirement for a VPC to have two subnets, but it must have at least one.

Answer 1402

C. It contains an outbound rule allowing access to any IP address. When you create a security group, it contains an outbound rule that allows access to any IP address. It doesn’t contain an inbound rule by default. Security group rules can only permit access, not deny it, so any traffic not explicitly allowed will be denied.

Answer 1403

B. A security group operates at the instance level., and D. A network access control list operates at the subnet level. A network access control list is a firewall that operates at the subnet level. A security group is a firewall that operates at the instance level.

Answer 1404

A. A Direct Connect connection offers predictable latency because it doesn’t traverse the internet., and B. A VPN connection uses the internet for transport. A Direct Connect link uses a dedicated link rather than the internet to provide predictable latency. Direct Connect doesn’t use encryption but provides some security by means of a private link. A VPN connection uses the internet for transport, encrypting data with AES 128- or 256-bit encryption. A VPN connection doesn’t require proprietary hardware.

Answer 1405

B. You can register a domain name for a term of up to 10 years., and D. Route 53 creates a public hosted zone for the domain.. When you register a domain name, you can choose a term between 1 year and 10 years. If you use Route 53, it will automatically create a public hosted zone for the domain. The registrar and DNS hosting provider don’t have to be the same entity, but often are.

Answer 1406

B. Multivalue Answer A Multivalue Answer routing policy can return a set of multiple values, sorted randomly. A simple record returns a single value. A Failover routing policy always routes users to the primary resource unless it’s down, in which case it routes users to the secondary resource. A Latency routing policy sends users to the resource in the AWS Region that provides the least latency.

Answer 1407

C. Simple All Route 53 routing policies except for Simple can use health checks.

Answer 1408

C. Endpoint An Endpoint health check works by connecting to the monitored endpoint via HTTP, HTTPS, or TCP. A CloudWatch alarm health check simply reflects the status of a CloudWatch alarm. A Calculated health check derives its status from multiple other health checks. There is no such thing as a Simple health check.

Answer 1409

A. Weighted A Weighted routing policy lets you distribute traffic to endpoints according to a ratio that you define. None of the other routing policies allows this.

Answer 1410

B. A private hosted zone A private hosted zone is associated with a VPC and allows resources in the VPC to resolve private domain names. A public hosted zone is accessible by anyone on the internet. Domain name registration is for public domain names. Health checks aren’t necessary for name resolution to work.

Answer 1411

A. 1 Route 53 private hosted zones provide DNS resolution for a single domain name within multiple VPCs. Therefore, to support resolution of one domain names for two VPCs, you’d need one private hosted zone.

Answer 1412

B. Origins A CloudFront origin is the location that a distribution sources content from. Content is stored in edge locations. A distribution defines the edge locations and origins to use.

Answer 1413

B. RTMP The RTMP distribution type is for delivering streaming content and requires you to provide a media player. A Web distribution can also stream audio or video content but doesn’t require you to provide a media player. Streaming and Edge are not distribution types.

Answer 1414

A. United States, Canada, and Europe The more edge locations you use for a distribution, the more you’ll pay. Selecting the minimum number of locations will be the most cost effective.

Answer 1415

B. More than 150 There are more than 150 edge locations throughout the world.

Answer 1416

A. EC2 instance, and B. A public S3 bucket An origin can be an EC2 instance or a public S3 bucket. You can’t use a private S3 bucket as an origin.

Answer 1417

C. It lets you create multiple separate AWS environments using a single template. CloudFormation can create AWS resources and manages them collectively in a stack. Templates are written in the CloudFormation language, not Python. CloudFormation can’t create resources outside of AWS. It also doesn’t prevent manual changes to resources in a stack.

Answer 1418

A. Resources CloudFormation creates are organized into stacks and can be managed as a single unit., and B. CloudFormation stack updates help ensure that changes to one resource won’t break another. Resources CloudFormation creates are organized into stacks. When you update a stack, CloudFormation analyzes the relationships among resources in the stack and updates dependent resources as necessary. This does not, however, mean that any resource you create using CloudFormation will work as you expect. Provisioning resources using CloudFormation is not necessarily faster than using the AWS CLI.

Answer 1419

B. Understanding what code change introduced a bug Differencing lets you see the differences between two versions of a file, which can be useful when figuring out what change introduced a bug. Versioning, not differencing, is what allows reverting to an older version of a file. Differencing doesn’t identify duplicate lines of code or tell you when an application was deployed.

Answer 1420

A. An operating system and B. A Docker image A CodeBuild build environment always contains an operating system and a Docker image. It may contain the other components but doesn’t have to.

Answer 1421

A. Deploy an application to an on-premises Windows instance, B. Deploy a Docker container to the Elastic Container Service, and C. Upgrade an application on an EC2 instance running Red Hat Enterprise Linux. CodeDeploy can deploy application files to Linux or Windows EC2 instances and Docker containers to ECS. It can’t deploy an application to smartphones, and it can’t deploy files to an S3 bucket.

Answer 1422

B. 2 At the very least, a CodePipeline must consist of a source stage and a deploy stage

Answer 1423

A. Maximum and D. Minimum The maximum and minimum group size values limit the number of instances in an Auto Scaling group. The desired capacity (also known as the group size) is the number of instances that Auto Scaling will generally maintain, but Auto Scaling can launch or terminate instances if dynamic scaling calls for it.

Answer 1424

A. Predictive scaling Predictive scaling creates a scheduled scaling action based on past usage patterns. Scheduled scaling and dynamic scaling do not create scheduled scaling actions. There is no such thing as pattern scaling.

Answer 1425

B. Command document A Command document can execute commands on an EC2 instance. An Automation document can perform administrative tasks on AWS, such as starting or stopping an instance. There is no such thing as a Script document or a Run document.

Answer 1426

D. Automation document An Automation document can perform administrative tasks on AWS, such as starting or stopping an instance. A Command document can execute commands on an EC2 instance. There is no such thing as a Script document or a Run document.

Answer 1427

B. AWS OpsWorks Stacks AWS OpsWorks Stacks uses Chef recipes, while AWS OpsWorks for Puppet Enterprise uses Puppet modules. There is no service called AWS OpsWorks Layers or AWS OpsWorks for Automation.

Answer 1428

B. Puppet Enterprise and D. Chef OpsWorks supports the Puppet Enterprise and Chef configuration management platforms. It doesn’t support SaltStack, Ansible, or CFEngine.

Answer 1429

C. OpsWorks layer Only an OpsWorks layer contains at least one EC2 instance. There’s no such thing as an EC2 Auto Scaling layer.

Answer 1430

C. Resiliency The five pillars of the Well-Architected Framework are reliability, performance efficiency, security, cost optimization, and operational excellence. Resiliency is not one of them.

Answer 1431

C. Implementing policies to prevent the accidental termination of EC2 instances in the same Auto Scaling group and D. Using CloudFront. Preventing the accidental termination of an EC2 instance in the Auto Scaling group can avoid overburdening and causing performance issues on the remaining instance, especially during busy times. Using CloudFront can help improve performance for end users by caching the content in an edge location close to them. Doubling the number of instances might improve performance, but because performance is already acceptable, doing this would be inefficient. Monitoring for unauthorized access alone won’t improve performance or performance efficiency.

Answer 1432

B. Automating manual processes Operational excellence is concerned with strengthening the other four pillars of reliability, performance efficiency, security, and cost optimization; automation is the key to achieving each of these. Improving bad processes and making people work longer hours run counter to achieving operational excellence. Adding more security personnel may be a good idea, but it isn’t a key component of operational excellence.

Answer 1433

1. Amazon DynamoDB and 4. Amazon Simple Storage Service The Multi-AZ principle involves deploying an AWS resource in multiple Availability Zones to achieve high availability for that resource. DynamoDB automatically spreads the data and traffic for your tables over a sufficient number of servers to handle your throughput and storage requirements, while maintaining consistent and fast performance. All of your data is stored on solid-state disks (SSDs) and is automatically replicated across multiple Availability Zones in an AWS Region, providing built-in fault tolerance in the event of a server failure or Availability Zone outage. Amazon S3 provides durable infrastructure to store important data and is designed for durability of 99.999999999% of objects. Data in all Amazon S3 storage classes is redundantly stored across multiple Availability Zones (except S3 One Zone-IA). Currently, Amazon Redshift only supports Single-AZ deployments. AWS Snowball is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using storage devices designed to be secure for physical transport. Amazon EBS volume data is replicated across multiple servers within the same Availability Zone. Note: Amazon EFS data is redundantly stored across multiple Availability Zones providing better durability compared to EBS volumes. References: https://aws.amazon.com/dynamodb/ https://aws.amazon.com/s3/storage-classes/

Answer 1434

4. The ability to monitor systems and improve supporting processes and procedures The 6 Pillars of the AWS Well-Architected Framework: 1- Operational Excellence: The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. 2- Security: The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. 3- Reliability: The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. 4- Performance Efficiency: The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve. 5- Cost Optimization: The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or sub-optimal resources. 6- Sustainability: The discipline of sustainability addresses the long-term environmental, economic, and societal impact of your business activities. Your business or organization can have negative environmental impacts like direct or indirect carbon emissions, unrecyclable waste, and damage to shared resources like clean water. When building cloud workloads, the practice of sustainability is understanding the impacts of the services used, quantifying impacts through the entire workload lifecycle, and applying design principles and best practices to reduce these impacts. Additional information: Creating a software system is a lot like constructing a building. If the foundation is not solid, structural problems can undermine the integrity and function of the building. When architecting technology solutions on Amazon Web Services (AWS), if you neglect the five pillars of operational excellence, security, reliability, performance efficiency, and cost optimization, it can become challenging to build a system that delivers on your expectations and requirements. Incorporating these pillars into your architecture helps produce stable and efficient systems. This allows you to focus on the other aspects of design, such as functional requirements. The AWS Well-Architected Framework helps cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications. "The ability of a system to recover gracefully from failure" is incorrect. This statement is much more related to the Reliability pillar. "The efficient use of computing resources to meet requirements" is incorrect. This statement is much more related to the Performance Efficiency pillar. "The ability to manage datacenter operations more efficiently" is incorrect. Managing datacenter operations is not related to any pillar. It is something that AWS is responsible for, NOT the customer. References: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

Answer 1435

2. Load balancing and 4. Instance type EC2 instance pricing varies depending on many variables: - The buying option (On-demand, Savings Plans, Reserved, Spot, Dedicated) - Selected instance type - Selected Region - Number of instances - Load balancing - Allocated Elastic IP Addresses Load balancing: The number of hours the Elastic Load Balancer runs and the amount of data it processes contribute to the EC2 monthly cost. Instance type: Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity. The other options are incorrect: "The Availability Zone where the instance is provisioned" is incorrect. Prices of the Amazon EC2 instances may vary depending on the Region where the instances are provisioned. Amazon EC2 instances provisioned in different Availability Zones within the same Region have the same price. "Number of private IPs" is incorrect. There is no charge for private IPs. Additional information: The number of allocated Elastic IPs is the factor that may affect Amazon EC2 charges. To ensure efficient use of Elastic IP addresses, AWS imposes a small hourly charge if an Elastic IP address is not associated with a running instance, or if it is associated with a stopped instance. While the instance is running, you are not charged for one Elastic IP address associated with the instance, but additional Elastic IPs are not free. "Number of buckets" is incorrect. A bucket is an Amazon S3 resource, not an Amazon EC2 resource. Additional information: To upload your data (photos, videos, documents, etc.) to Amazon S3, you must first create an S3 bucket (which is like a file folder) in one of the AWS Regions. You can then upload any number of objects to the bucket. The customer is charged based on the total size of the objects (in GB) stored in their S3 bucket, not for the bucket itself. References: https://docs.aws.amazon.com/whitepapers/latest/how-aws-pricing-works/how-aws-pricing-works.pdf

Answer 1436

3. APN Consulting Partners APN Consulting Partners are professional services firms that help customers design, architect, build, migrate, and manage their workloads and applications on AWS. Consulting Partners include System Integrators, Strategic Consultancies, Agencies, Managed Service Providers, and Value-Added Resellers. AWS supports the APN Consulting Partners by providing a wide range of resources and training to support their customers. The other options are incorrect: "APN Technology Partners" is incorrect. APN Technology Partners provide software solutions that are either hosted on, or integrated with, the AWS platform. APN Technology Partners include Independent Software Vendors (ISVs), SaaS, PaaS, Developer Tools, Management and Security Vendors. "AWS Professional Services" is incorrect. AWS Professional Services shares a collection of offerings to help you achieve specific outcomes related to enterprise cloud adoption. AWS Professional Services also trains your team with specialized skills and provides global specialty practices to support your efforts in focused areas of enterprise cloud computing. "AWS TAM" is incorrect. A Technical Account Manager (TAM) is your designated technical point of contact who provides advocacy and guidance to help plan and build solutions using best practices and proactively keep your AWS environment operationally healthy. TAM is available only for two AWS support plans: Enterprise On-Ramp and Enterprise. References: https://aws.amazon.com/blogs/apn/joining-the-aws-partner-network-apn-strengthens-your-capabilities-to-better-serve-customers/

Answer 1437

B. 3 In a default VPC, AWS creates a subnet for each Availability Zone in the Region. Hence, if there are three subnets in the default VPC, there must be three Availability Zones.

Answer 1438

A. The application load balancer listener Application load balancer listeners use security groups to control inbound access, so you need to apply a security group that has an inbound rule allowing HTTP access. Applying the security group rule to the database instance won’t help, since users don’t connect directly to the database instance. You can’t apply a security group to a subnet, only a network access control list.

Answer 1439

A. By routing traffic away from failed instances An application load balancer can use health checks to identify failed instances and remove them from load balancing. This can prevent a user from ever reaching a failed instance. A load balancer can’t replace a failed instance, but Auto Scaling can. An application load balancer distributes traffic to instances using a round-robin algorithm, not based on how busy those instances are. An application load balancer doesn’t cache content.

Answer 1440

D. Launch template A launch template tells Auto Scaling how to configure the instances it provisions. A dynamic scaling policy controls how Auto Scaling scales in and out based on CloudWatch metrics. There’s no such thing as a launch directive. Auto Scaling does not reference a CloudFormation template, but you can use a CloudFormation template to create a stack that contains a launch template.

Answer 1441

B. A website hosted on S3 A static website serves content just as it’s stored without changing the content on the fly. A WordPress blog, a social media website, and a web-based email application all compile content from a database and mix it in with static content before serving it up to the user.

Answer 1442

A. Objects in S3 are not public by default, and C. By default, S3 removes ACLs that allow public read access to objects. Objects you upload to an S3 bucket are not public by default, nor are they accessible to all AWS users. Even if you try to make an object public using an ACL, S3 will immediately remove the ACL, but you can disable this behavior. S3 never removes objects by default.

Answer 1443

A. Enable bucket hosting in the S3 service console. To have S3 host your static website, you need to enable bucket hosting in the S3 service console. It’s not necessary to disable or enable default encryption or object versioning. There’s also no need to make all objects in the bucket public, but only those that you want S3 to serve up.

Answer 1444

B. Use a custom domain name. Purchasing and using a custom domain name is the best option for a friendly URL. You need to name the bucket the same as the domain name. Creating a bucket name with only words is unlikely to work, regardless of Region, as bucket names must be globally unique. A bucket name can’t start with a number.

Answer 1445

A. The content served is not encrypted in transit. Websites hosted in S3 are served using unencrypted HTTP, not secure HTTPS. The content is publicly readable, but that doesn’t mean the public can modify it. You don’t have to use a custom domain name, as S3 provides an endpoint URL for you. A website hosted in S3 is stored in a bucket, and a bucket exists in only one Region.

Answer 1446

C. Not replacing a misconfigured resource that the application depends on. The reliability of an application can be impacted by the failure of resources the application depends on. One way a resource can fail is if it’s misconfigured. Taking EBS snapshots of an instance or provisioning more instances than you need won’t impact reliability. The user interface being difficult to use might be an annoyance for the user but doesn’t affect the actual reliability of the application.

Answer 1447

C. Network You may have control over your VPC, but the rest of the network between your application and users on the internet is not under your control. Compute, storage, and any database your application uses are, or at least theoretically could be, under your control.

Answer 1448

B. You’re responsible for S3 charges. You’re responsible for S3 charges related to your static website. You’re not charged for compute with S3. No one may modify the content of your site unless you give them permission. The S3 Standard storage class keeps objects in multiple Availability Zones, so the outage of one won’t affect the site

Answer 1449

3. Edge locations are used by CloudFront to distribute traffic across multiple instances to reduce latency AWS Edge Locations are not used to distribute traffic. Edge Locations are used in conjunction with the CloudFront service to cache common responses and deliver content to end-users with low latency. With Amazon CloudFront, your users can also benefit from accelerated content uploads. As the data arrives at an edge location, data is routed to AWS storage services over an optimized network path. The AWS service that is used to distribute load is the AWS Elastic Load Balancing (ELB) service.

Answer 1450

2. Read Replicas and 4. Multi-AZ Deployment In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups. Running a DB instance with high availability can enhance availability during planned system maintenance, and help protect your databases against DB instance failure and Availability Zone disruption. Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This feature makes it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. You can create one or more replicas of a given source DB Instance and serve high-volume application read traffic from multiple copies of your data, thereby increasing aggregate read throughput. Read replicas provide a complementary availability mechanism to Amazon RDS Multi-AZ Deployments. You can promote a read replica if the source DB instance fails. You can also replicate DB instances across AWS Regions as part of your disaster recovery strategy. This functionality complements the synchronous replication, automatic failure detection, and failover provided with Multi-AZ deployments. The other options are incorrect: "Edge Locations" is incorrect. Edge Locations are not a feature of Amazon RDS. Edge locations are used by the CloudFront service to distribute content globally. "Automatic patching" is incorrect. The purpose of patching is to resolve functionality issues, improve security or add new features. "AWS Regions" is incorrect. AWS Regions are not a feature of Amazon RDS. AWS Regions are separate geographic areas around the world that AWS uses to provide its Cloud Services, including Regions in North America, South America, Europe, Asia Pacific, and the Middle East. Choosing a specific AWS Region depends on its proximity to end-users, data sovereignty, and costs. References: https://aws.amazon.com/rds/details/multi-az/ https://aws.amazon.com/rds/details/read-replicas/

Answer 1451

2. Amazon CloudFront and 3. AWS Global Accelerator AWS Global Accelerator and CloudFront are two separate services that use the AWS global network and its edge locations around the world. Amazon CloudFront improves performance for global applications by caching content at the closest Edge Location to end-users. AWS Global Accelerator improves performance for global applications by routing end-user requests to the closest AWS Region. Amazon CloudFront improves performance for both cacheable (e.g., images and videos) and dynamic content (e.g. dynamic site delivery). Global Accelerator is a good fit for specific use cases, such as gaming, IoT or Voice over IP. Note: AWS Global accelerator does not cache content at edge locations like Amazon CloudFront. AWS Global accelerator uses the AWS edge locations to receive end-user requests and then routes these requests to the closest AWS Region over the AWS global network. The other options are incorrect: "AWS KMS" is incorrect. AWS KMS is a key management service that makes it easy for you to create and manage encryption keys and control their use across a wide range of AWS services and in your applications. "AWS Direct Connect" is incorrect. AWS Direct Connect is a cloud service solution that is used to establish a dedicated network connection from your premises to AWS. “AWS Glue” is incorrect. AWS Glue is a fully-managed, Extract, Transform, and Load (ETL) service that automates the time-consuming steps of data preparation for analytics. Extract, Transform, and Load (ETL) is the process of extracting (collecting) data from various sources (from different databases for example), transform the data depending on business rules/needs (This step helps in preparing the data for analytics and decision making) and load the data into a destination database, often a data warehouse. References: https://aws.amazon.com/cloudfront/ https://aws.amazon.com/global-accelerator/features/

Answer 1452

2. Building the relational database schema and 4. Managing the database settings Amazon RDS manages the work involved in setting up a relational database, from provisioning the infrastructure capacity you request to installing the database software. Once your database is up and running, Amazon RDS automates common administrative tasks such as performing backups and patching the software that powers your database. With optional Multi-AZ deployments, Amazon RDS also manages synchronous data replication across Availability Zones with automatic failover. Since Amazon RDS provides native database access, you interact with the relational database software as you normally would. This means you're still responsible for managing the database settings that are specific to your application. You'll need to build the relational schema that best fits your use case and are responsible for any performance tuning to optimize your database for your application’s workflow. The other options are incorrect: "Installing the database software" is incorrect. Installing the database software is AWS’ responsibility. "Performing backups" is incorrect. Performing backups is AWS’ responsibility. "Patching the database software" is incorrect. Patching the database software is AWS’ responsibility. References: https://aws.amazon.com/rds/faqs/ https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 1453

4. Eliminating Single Points of Failure (SPOFs) and 5. Distributed infrastructure Explanation These are things that traditional web hosting cannot provide: **High-availability (eliminating single points of failure): A system is highly available when it can withstand the failure of an individual component or multiple components, such as hard disks, servers, and network links. The best way to understand and avoid the single point of failure is to begin by making a list of all major points of your architecture. You need to break the points down and understand them further. Then, review each of these points and think what would happen if any of these failed. AWS gives you the opportunity to automate recovery and reduce disruption at every layer of your architecture. Additionally, AWS provides fully managed services that enable customers to offload the administrative burdens of operating and scaling the infrastructure to AWS so that they don’t have to worry about high availability or Single Point of Failures. For example, AWS Lambda and DynamoDB are serverless services; there are no servers to provision, patch, or manage and no software to install, maintain, or operate. Availability and fault tolerance are built-in, eliminating the need to architect your applications for these capabilities. **Distributed infrastructure: The AWS Cloud operates in over 75 Availability Zones within over 20 geographic Regions around the world, with announced plans for more Availability Zones and Regions, allowing you to reduce latency to users from all around the world. **On-demand infrastructure for scaling applications or tasks: AWS allows you to provision the required resources for your application in minutes and also allows you to stop them when you don’t need them. **Cost savings: You don't have to run your own data center for internal or private servers, so your IT department doesn't have to make bulk purchases of servers which may never get used, or may be inadequate. The “pay as you go” model from AWS allows you to pay only for what you use and the ability to scale down to avoid over-spending. With AWS you don't have to pay an entire IT department to maintain that hardware -- you don't even have to pay an accountant to figure out how much hardware you can afford or how much you need to purchase. The other options are incorrect. Both cloud computing and traditional data centers can provide virtualized compute resources, dedicated hosting and reserved Compute capacity. References: https://aws.amazon.com/what-is-cloud-computing/

Answer 1454

2. AMI An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). This pre-configured template save time and avoid errors when configuring settings to create new instances. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need. The other options are incorrect: "IAM" is incorrect. IAM refers to the AWS Identity and Access Management. "EBS Snapshot" is incorrect. An EBS snapshot is a point-in-time copy of your Amazon EBS volume. "An internet gateway" is incorrect. An internet gateway is a VPC component that allows communication between instances in your VPC and the internet. References: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html

Answer 1455

4. Physical controls and 5. Environmental controls AWS is responsible for physical controls and environmental controls. Customers inherit these controls from AWS. As mentioned in the AWS Shared Responsibility Model page, Inherited Controls are controls which a customer fully inherits from AWS such as physical controls and environmental controls. As a customer deploying an application on AWS infrastructure, you inherit security controls pertaining to the AWS physical, environmental and media protection, and no longer need to provide a detailed description of how you comply with these control families. For example: Let’s say you have built an application in AWS for customers to securely store their data. But your customers are concerned about the security of the data and ensuring compliance requirements are met. To address this, you assure your customer that “our company does not host customer data in its corporate or remote offices, but rather in AWS data centers that have been certified to meet industry security standards.” That includes physical and environmental controls to secure the data, which is the responsibility of Amazon. Companies do not have physical access to the AWS data centers, and as such, they fully inherit the physical and environmental security controls from AWS. You can read more about AWS’ data center controls here: https://aws.amazon.com/compliance/data-center/controls/ The other options are incorrect: "Patch management controls" is incorrect. Patch Management belongs to the shared controls. AWS is responsible for patching the underlying hosts and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. "Database controls" is incorrect. Database controls belongs to the shared controls. AWS maintains the configuration of its infrastructure devices that run the database, but customers are responsible for configuring their own databases, and applications. "Awareness & Training" is incorrect. Awareness & Training belongs to the shared controls. AWS trains AWS employees, but customers must train their own employees. References: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 1456

4. Right-size before and after migration Right-sizing is the process of matching instance types and sizes to your workload performance and capacity requirements at the lowest possible cost. By right-sizing before migration, you can significantly reduce your infrastructure costs. If you skip right-sizing to save time, your migration speed might be faster, but you will end up with higher cloud infrastructure spend for a potentially long time. Because your resource needs are always changing, right-sizing must become an ongoing process to continually achieve cost optimization. It’s important to right-size when you first consider moving to the cloud and calculate the total cost of ownership. However, it’s equally important to right-size periodically once you’re in the cloud to ensure ongoing cost-performance optimization. Picking an Amazon RDS instance for a given workload means finding the instance family that most closely matches the CPU, disk I/O, and memory needs of your workload. Amazon RDS provides a wide selection of instances, which gives you lots of flexibility to right-size your resources to match capacity needs at the lowest cost. The other options are incorrect: “Use a Multi-Region Active-Active architecture” is incorrect. With the Multi-Region Active-Active solution, your workload is deployed to, and actively serving traffic from, multiple AWS Regions. AWS Customers use this approach to reduce latency for global users and achieve the highest level of availability. Using a Multi-Region Active-Active architecture will increase infrastructure costs, including Amazon RDS costs. “Use a Multi-Region Active-Passive architecture” is incorrect. With Multi-Region Active-Passive architecture, your workload is deployed to two AWS Regions (a primary Region and a standby Region). In this architecture, user requests are served from the primary Region only. If the primary Region goes down because of a natural disaster or any other reason, the other Region will still be available and serve user requests. AWS customers use this approach for disaster recovery purposes. Using a Multi-Region Active-Passive architecture will increase infrastructure costs, including Amazon RDS costs. “Combine On-demand Capacity Reservations with Saving Plans” is incorrect. When you combine On-demand Capacity Reservations with Saving Plans, you will be able to reduce costs significantly. But, On-demand Capacity Reservations is available only for Amazon EC2. For more information about On-demand Capacity Reservations, check this link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html References: https://docs.aws.amazon.com/whitepapers/latest/cost-optimization-right-sizing/right-size-before-migrating.html https://docs.aws.amazon.com/whitepapers/latest/cost-optimization-right-sizing/conclusion.html

Answer 1457

1. AWS Lambda and 4. Amazon EC2 Savings Plans are a flexible pricing model that offers low prices on EC2, Lambda, and Fargate usage, in exchange for a commitment to a consistent amount of usage (measured in $/hour) for a 1 or 3 year term. When you sign up for Savings Plans, you will be charged the discounted Savings Plans price for your usage up to your commitment. For example, if you commit to $10 of compute usage an hour, you will get the Savings Plans prices on that usage up to $10 and any usage beyond the commitment will be charged On Demand rates. Additional information: What is the difference between Amazon EC2 Savings Plans and Amazon EC2 Reserved instances? Reserved Instances are a billing discount applied to the use of On-Demand Compute Instances in your account. These On-Demand Instances must match certain attributes, such as instance type and Region to benefit from the billing discount. For example, let say you have a t2.medium instance running as an On-Demand Instance and you purchase a Reserved Instance that matches the configuration of this particular t2.medium instance. At the time of purchase, the billing mode for the existing instance changes to the Reserved Instance discounted rate. The existing t2.medium instance doesn't need replacing or migrating to get the discount. After the reservation expires, the instance is charged as an On-Demand Instance. You can repurchase the Reserved Instance to continue the discounted rate on your instance. Reserved Instances act as an automatic discount on new or existing On-Demand Instances in your account. Savings Plans also offer significant savings on your Amazon EC2 costs compared to On-Demand Instance pricing. With Savings Plans, you make a commitment to a consistent usage amount, measured in USD per hour. This provides you with the flexibility to use the instance configurations that best meet your needs, instead of making a commitment to a specific instance configuration (as is the case with reserved instances). For example, with Compute Savings Plans, if you commit to $10 of compute usage an hour, you can use as many instances as you need (of any type) and you will get the Savings Plans prices on that usage up to $10 and any usage beyond the commitment will be charged On Demand rates. The other options are incorrect: "AWS Batch" is incorrect. Savings Plans are not available for AWS Batch. AWS Batch is a compute service that allows you to run hundreds of thousands of batch computing jobs on AWS. AWS Batch dynamically provisions the optimal quantity and type of compute resources (e.g., CPU or memory optimized instances) based on the volume and specific resource requirements of the batch jobs submitted. "AWS Outposts" is incorrect. Savings Plans are not available for AWS Outposts. AWS Outposts is an AWS service that delivers the same AWS infrastructure, native AWS services, APIs, and tools to virtually any customer on-premises facility. With AWS Outposts, customers can run AWS services locally on their Outpost, including EC2, EBS, ECS, EKS, and RDS, and also have full access to services available in the Region. Customers can use AWS Outposts to securely store and process data that needs to remain on-premises or in countries where there is no AWS region. AWS Outposts is ideal for applications that have low latency or local data processing requirements, such as financial services, healthcare, etc. “Amazon Lightsail” is incorrect. Savings Plans are not available for Amazon Lightsail. Amazon Lightsail provides a low-cost Virtual Private Server (VPS) in the cloud. References: https://aws.amazon.com/savingsplans/

Answer 1458

2. Hardware maintenance and 4. Creating hypervisors AWS is responsible for items such as the physical security of its data centers, creating hypervisors, replacement of old disk drives, and patch management of the infrastructure. The customers are responsible for items such as building application schema, analyzing network performance, configuring security groups and network ACLs and encrypting their data. References: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 1459

3. EC2 instances will be billed on one second increments, with a minimum of one minute Pricing is per instance-hour consumed for each instance, from the time an instance is launched until it is terminated or stopped. Each partial instance-hour consumed will be billed per-second (minimum of 1 minute) for Linux, Windows, or Ubuntu Instances and as a full hour for all other instance types. Examples for Linux, Windows, or Ubuntu based instances: 1- If you run a Linux instance for 4 seconds or 20 seconds or 59 seconds, you will be charged for one minute. (this is what we mean by minimum of 1 minute) 2- If you run a Linux instance for 1 minute and 3 seconds, you will be charged for 1 minute and 3 seconds. 3- If you run a Linux instance for 3 hours, 25 minutes and 7 seconds, you will be charged for 3 hours, 25 minutes and 7 seconds. Examples for instances launched in other operating systems such as Red Hat, Kali, or CentOS: 1- If you run an instance for 4 seconds or 20 seconds or 59 seconds, you will be charged for one hour. 2- If you run an instance for 1 minute and 3 seconds, you will be charged for one hour. 3- If you run an instance for 3 hours, 25 minutes and 7 seconds, you will be charged for 4 hours. Per-second billing is available for instances launched in: - On-Demand, Reserved and Spot forms - All regions and Availability Zones - Amazon Linux, Windows, and Ubuntu References: https://aws.amazon.com/ec2/pricing/

Answer 1460

1. Amazon Simple Queue Service Amazon SQS is a highly reliable, scalable message queuing service that enables asynchronous message-based communication between distributed components of an application. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available. "Amazon Simple Storage Service" is incorrect. Amazon Simple Storage Service (Amazon S3) is an object storage service. "Amazon Simple Email Service" is incorrect. Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails. "AWS Storage Gateway" is incorrect. AWS Storage Gateway is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. The gateway connects to AWS storage services - such as Amazon S3 and Amazon EBS - and provides storage for files, volumes, snapshots, and virtual tapes in AWS. References: https://aws.amazon.com/sqs/

Answer 1461

2. AWS Config and 4. AWS CloudTrail Change management is defined as “the Process responsible for controlling the Lifecycle of all Changes. The primary objective of Change Management is to enable beneficial changes to be made, with minimum disruption to IT Services. Despite all of the investments in software and hardware, an erroneous configuration or misstep in a process can frequently undo these efforts and lead to failure. AWS Config and AWS CloudTrail are change management tools that help AWS customers audit and monitor all resource and configuration changes in their AWS environment Customers can use AWS Config to answer “What did my AWS resource look like?” at a point in time. Customers can use AWS CloudTrail to answer “Who made an API call to modify this resource?” For example, a customer can use the AWS Management Console for AWS Config to detect that the security group “Production-DB” was incorrectly configured in the past. Using the integrated AWS CloudTrail information, they can pinpoint which user misconfigured the “Production-DB” security group. In brief, AWS Config provides information about the changes made to a resource, and AWS CloudTrail provides information about who made those changes. These capabilities enable customers to discover any misconfigurations, fix them, and protect their workloads from failures. The other options are incorrect: “AWS Transit Gateway” is incorrect. AWS Transit Gateway is a network transit hub that customers can use to interconnect their virtual private clouds (VPCs) and their on-premises networks. AWS transit gateway simplifies how customers interconnect all of their VPCs, across thousands of AWS accounts and into their on-premises networks. “AWS X-Ray” is incorrect. AWS X-Ray is a debugging service that helps developers understand how their application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. “Amazon Comprehend” is incorrect. Amazon Comprehend is a Natural Language Processing (NLP) service that uses machine learning to find meaning and insights in text. Customers can use Amazon Comprehend to identify the language of the text, extract key phrases, places, people, brands, or events, understand sentiment about products or services, and identify the main topics from a library of documents. The source of this text could be web pages, social media feeds, emails, or articles. Amazon Comprehend is fully managed, so there are no servers to provision, and no machine learning models to build, train, or deploy. Note: Natural language processing (NLP) is an artificial intelligence technology that helps computers identify, understand, and manipulate human language. References: https://d1.awsstatic.com/whitepapers/aws-overview.pdf

Answer 1462

1. It means that AWS will continuously lower costs as it grows By using cloud computing, you can achieve a lower variable cost than you would get on your own. Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale, which translates into lower pay as-you-go prices. For example, AWS has reduced the per GB storage price of S3 by 80% since the service was first introduced in 2006. The other options are incorrect: "It means that you save more when you consume more" is incorrect. It is correct that you can save more by using more but this describes the AWS tiered pricing not “Economies of scale”. "It means that you have the ability to pay as you go" is incorrect. It is correct that AWS gives you the ability to pay as you go so you can increase or decrease your spending as your company’s requirements change, but this does not describe “Economies of scale”. "It means as more time passes using AWS, you pay more for its services" is incorrect. This statement should be “The more time passes using AWS, the less you pay for its services”. This corrected statement now describes “Economies of scale”. AWS Economies of Scale refers to the discounts that you get over time as AWS grows. References: https://docs.aws.amazon.com/aws-technical-content/latest/aws-overview/six-advantages-of-cloud-computing.html

Answer 1463

4. Highly accurate cost forecasts for up to 12 months ahead AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. Cost Explorer’s cost forecast capabilities use machine learning to learn each customer’s historical spend patterns and use that information to forecast expected costs. Cost Explorer’s forecasting enables you to get a better idea of what your costs and usage may look like in the future, so that you can plan ahead. Customers can use AWS Cost Explorer to estimate their cost and usage in a custom time range within the next 3 months (DAILY forecasts) or within the next 12 months (MONTHLY forecasts). The other options are incorrect: "Accurate estimates of AWS service costs based on your expected usage" is incorrect. AWS Cost Explorer forecasts your future costs based on your past usage; NOT based on your expected usage. The AWS tool that can provide accurate estimates of AWS service costs based on your expected usage is the AWS Pricing Calculator. For example, if you are planning to use 500 GB of S3 storage, you can input this value directly in the AWS Pricing Calculator interface and the calculator provides an estimate of what you will pay monthly for this amount of storage. "Detailed reports about the utilization of on-premises servers" is incorrect. AWS Cost Explorer does not provide reports about the utilization of your on-premises servers. AWS Cost Explorer provides reports about your overall Amazon EC2 usage and a detailed report about the utilization of Amazon EC2 Reserved Instances. "Cost comparisons between AWS Cloud environments and on-premises environments" is incorrect. The AWS tool that provides cost comparisons between AWS Cloud environments and on-premises environments is AWS Migration Evaluator. References: https://aws.amazon.com/aws-cost-management/aws-cost-explorer/ https://aws.amazon.com/about-aws/whats-new/2018/11/enhanced-forecasting-now-available-in-aws-cost-explorer/

Answer 1464

B. AWS X-Ray AWS X-Ray helps you identify performance bottlenecks. X-Ray’s service maps let you see relationships between services and resources in your application in real time. You can easily detect where high latencies are occurring, visualize node and edge latency distribution for services, and then drill down into the specific services and paths impacting application performance. The other options are incorrect: "Amazon Detective" is incorrect. Amazon Detective is a security service that allows customers to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Amazon Detective cannot detect performance issues. "AWS Security Hub" is incorrect. AWS Security Hub aggregates, organizes, and prioritizes security alerts and findings from multiple AWS security services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, and supported third-party partners to help you analyze your security trends and identify the highest priority security issues. "AWS Shield" is incorrect. AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield Standard is automatically enabled to all AWS customers and provides always-on detection and automatic inline mitigations that minimize application downtime and latency. References: https://aws.amazon.com/xray/

Answer 1465

B. Management of the operating system and C. Database setup In relation to Amazon RDS databases: AWS is responsible for: 1- Managing the underlying infrastructure and foundation services. 2- Managing the operating system. 3- Database setup. 4- Patching and backups. The customer is still responsible for: 1- Protecting the data stored in databases (through encryption and IAM access control). 2- Managing the database settings that are specific to the application. 3- Building the relational schema. 4- Network traffic protection.

Answer 1466

A. It automates the updating and provisioning of your infrastructure in a safe and controlled manner and D. It allows you to model your entire infrastructure in just a text file Explanation The benefits of using AWS CloudFormation include: 1- CloudFormation allows you to model your entire infrastructure in a text file. This template becomes the single source of truth for your infrastructure. This helps you to standardize infrastructure components used across your organization, enabling configuration compliance and faster troubleshooting. 2- AWS CloudFormation provisions your resources in a safe, repeatable manner, allowing you to build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts. CloudFormation takes care of determining the right operations to perform when managing your stack, and rolls back changes automatically if errors are detected. 3- Codifying your infrastructure allows you to treat your infrastructure as just code. You can author it with any code editor, check it into a version control system, and review the files with team members before deploying into production. 4- CloudFormation allows you to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. The other options are incorrect: "It applies advanced IAM security features automatically" is incorrect. IAM features are not applied automatically. It is the customer's responsibility to manually apply the necessary IAM features to secure their AWS resources. "It helps AWS customers deploy their applications without worrying about the underlying infrastructure" is incorrect. Services like AWS Elastic Beanstalk, Lambda, and Fargate allow you to deploy your applications without needing to worry about the underlying infrastructure. For example, with AWS Elastic Beanstalk, customers can simply upload their code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. "It compiles and builds application code in a timely manner" is incorrect. AWS CloudFormation is not used to compile or build application code. The name of the service that performs this function is AWS CodeBuild. References: https://aws.amazon.com/cloudformation/

Answer 1467

A. Run WordPress on an Amazon Lightsail instance Amazon Lightsail is designed to be the easiest way to launch and manage a Web server using AWS. Lightsail plans include everything you need to jumpstart your project – a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP address – for a low, predictable price. Amazon Lightsail is best for Websites built on common applications like WordPress, Joomla, Drupal, Magento. You can get started using Lightsail for your website with just a few clicks. Choose the operating system or application template that's best for your website, and your virtual private server is ready in less than a minute. You can easily manage your web server, DNS, and IP addresses directly from the Lightsail console. The other options are incorrect: "Use the Amazon S3 web hosting feature" is incorrect. The Amazon S3 web hosting feature enables you to host static websites only. You cannot use Amazon S3 to host dynamic websites such as WordPress websites. A dynamic website relies on server-side processing, and it uses server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting and cannot be used to host dynamic websites. "Install WordPress on an Amazon EC2 instance" is incorrect. Installing WordPress on an Amazon EC2 instance is not the easiest way to launch a WordPress website, especially for customers who are new to AWS. To learn more about how to use Amazon EC2 to host a WordPress website, visit this page: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hosting-wordpress.html "Host the website directly on AWS Cloud Development Kit (AWS CDK)" is incorrect. AWS Cloud Development Kit (AWS CDK) is not used for web hosting. The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework for defining cloud infrastructure as code with modern programming languages and deploying it through AWS CloudFormation. AW CDK enables you to use your existing programming skills and tools, and apply those to the task of building cloud infrastructure. AWS CDK is generally available in JavaScript, TypeScript, Python, Java, and C#. You can think of the AWS CDK as a developer-centric toolkit that leverages the full power of modern programming languages to define your AWS infrastructure as code. The CDK actually builds on AWS CloudFormation and uses it as the engine for provisioning AWS resources. Rather than using a declarative language like JSON or YAML to define your infrastructure (as is the case with CloudFormation), the CDK lets you do that in your favorite imperative programming language. This includes languages such as JavaScript, TypeScript, Java, C#, and Python. When AWS CDK applications are run, they compile down to fully formed CloudFormation JSON/YAML templates that are then submitted to the CloudFormation service for provisioning. References: https://aws.amazon.com/lightsail/ https://aws.amazon.com/websites/

Answer 1468

B. AWS Global Accelerator AWS Global Accelerator is a networking service that improves the availability and performance of the applications that you offer to your global users. Today, if you deliver applications to your global users over the public internet, your users might face inconsistent availability and performance as they traverse through multiple public networks to reach your application. These public networks can be congested and each hop can introduce availability and performance risk. AWS Global Accelerator uses the highly available and congestion-free AWS global network to direct internet traffic from your users to your applications on AWS, making your users’ experience more consistent. To improve the availability of your application, you must monitor the health of your application endpoints and route traffic only to healthy endpoints. AWS Global Accelerator improves application availability by continuously monitoring the health of your application endpoints and routing traffic to the closest healthy endpoints. The other options are incorrect: "AWS Transfer Acceleration" is incorrect. Amazon S3 Transfer Acceleration is used to enable fast transfers of files over long distances between your client and an S3 bucket. You might want to use Transfer Acceleration on a bucket for various reasons, including the following: 1- You have customers that upload to a centralized bucket from all over the world. 2- You transfer gigabytes to terabytes of data on a regular basis across continents. 3- You are unable to utilize all of your available bandwidth over the Internet when uploading to Amazon S3. "AWS DAX Accelerator" is incorrect. Amazon DynamoDB Accelerator (DAX) is an in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second. "AWS Data Pipeline" is incorrect. AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals. AWS Data Pipeline helps you easily create complex data processing workloads that are fault tolerant, repeatable, and highly available. With AWS Data Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to AWS services such as Amazon S3, Amazon RDS, Amazon DynamoDB, and Amazon EMR. References: https://d0.awsstatic.com/whitepapers/aws-overview.pdf

Answer 1469

C. AWS Migration Evaluator A business case is the first step in your migration journey. Creating business cases on your own can be time-consuming and does not always identify the least expensive deployment and purchasing options. AWS Migration Evaluator is a migration assessment service that helps you create a directional business case for AWS cloud planning and migration. Migration Evaluator analyzes your on-premises compute footprint, including server configuration, utilization, annual costs to operate, eligibility for bring-your-own-license, and hundreds of other parameters. Following data collection, you will quickly receive an assessment including a projected cost estimate and savings of running your on-premises workloads in the AWS Cloud. After receiving your initial assessment, your organization can work with the Migration Evaluator team to create a directional business case that best fits your organization's requirements. The other options are incorrect: "AWS Migration Hub" is incorrect. AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions. "AWS Snowball Migration Service" is incorrect. Snowball is a petabyte-scale data transport solution that uses secure devices to transfer large amounts of data into and out of the AWS Cloud. "AWS DMS" is incorrect. AWS Database Migration Service (AWS DMS) is used to migrate your data to and from most widely used commercial and open-source databases. AWS DMS supports homogeneous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle or Microsoft SQL Server to Amazon Aurora. References: https://aws.amazon.com/migration-evaluator/

Answer 1470

A. Amazon S3 and E. AWS Lambda Amazon S3 and Amazon EFS are storage services that scale automatically in storage capacity without any intervention to meet increased demand. Also, AWS Lambda dynamically scales function execution in response to increased traffic. The other options are incorrect: Amazon EMR is incorrect. Amazon EMR doesn’t scale on its own. You have to configure the AWS Auto Scaling feature to scale EMR automatically. Amazon EC2 is incorrect. Amazon EC2 does scale automatically, but first you have to create an Auto Scaling system by creating a launch configuration, an auto scaling group, and determine the desired, minimum and maximum number of instances to provision. Amazon EBS is incorrect. Amazon Elastic Block Store (Amazon EBS) provides persistent block level storage volumes for use with Amazon EC2 instances in the AWS Cloud. References: https://d1.awsstatic.com/whitepapers/aws-overview.pdf

Answer 1471

B. AWS IAM Identity Centre AWS IAM Identity Center (Previously AWS Single Sign-On) expands the capabilities of AWS Identity and Access Management (IAM) to provide a central place that brings together the administration of users and their access to AWS accounts and cloud applications. AWS IAM Identity Center makes it easy to centrally manage access to multiple AWS accounts, business applications (such as Salesforce, Microsoft 365, and Box), and custom applications that support Security Assertion Markup Language (SAML) 2.0. AWS IAM Identity Center provides your workforce with single sign-on access to all assigned accounts and applications from one place. You can choose to manage access just to your AWS accounts, just to your cloud applications, or to both. The other options are incorrect: "Amazon Neptune" is incorrect. Amazon Neptune is a graph database service. "Amazon Elastic Kubernetes Service (Amazon EKS)" is incorrect. Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes. Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications. Amazon EKS simplifies using Kubernetes by automating time-consuming management tasks. For example: - Amazon EKS runs the Kubernetes management infrastructure for you across multiple AWS Availability Zones to ensure high availability. - Amazon EKS automatically scales control plane instances based on load and detects and replaces unhealthy control plane instances. "Amazon Cognito" is incorrect. Amazon Cognito lets you easily add user sign-up and authentication to your mobile and web apps. References: https://aws.amazon.com/iam/identity-center/

Answer 1472

A. Redshift Spectrum Redshift Spectrum can analyze structured data stored in S3. There is no such service as Redshift S3. Amazon Athena can analyze structured data in S3, but it’s not a feature of Redshift. Amazon RDS doesn’t analyze data stored in S3.

Answer 1473

B. Puppet Enterprise and D. Chef OpsWorks supports the Puppet Enterprise and Chef configuration management platforms. It doesn’t support SaltStack, Ansible, or CFEngine.

Answer 1474

D. To allow developers to integrate their applications with AWS services AWS SDKs allow developers to integrate their applications with AWS services. AWS SDKs don’t save developers from writing code. Developers can access public API endpoints without using an AWS SDK. AWS SDKs have nothing to do with the AWS CLI.

Answer 1475

A. AWS Storage Gateway—file gateway, B. iSCSI, D. SMB, E. AWS Storage Gateway—volume gateway The AWS Storage Gateway allows transferring files from on-premises servers to S3 using industry-standard storage protocols. The AWS Storage Gateway functioning as a file gateway supports the SMB and NFS protocols. As a volume Gateway, it supports the iSCSI protocol. AWS Snowball and the AWS CLI also provide ways to transfer data to S3, but using them requires installing third-party software.

Answer 1476

B. Monitor resource consumption. The Cost budget monitors account costs. The Reservation budget gives you status reports for your reservations (assuming there are any). Monitoring IAM users is outside the scope of AWS Budgets.

Answer 1477

B. To enable apples-to-apples comparisons of the costs of complex local versus AWS-based deployments The TCO Calculator provides cost estimates comparing AWS versus local deployments. You should not consider the actual AWS service prices to be 100 percent current, and the report will not reflect any real-time costs related to your account. Use the Simple Monthly Calculator for quick and accurate estimates of the costs of running any application stack.

Answer 1478

Access services on demand Avoid large upfront investments Provision computing resources as needed Pay only for what you use

Answer 1479

Cloud On premises Hybrid

Answer 1480

• Run all parts of the application in the cloud • Migrate existing applications to the cloud • Design and build new applications in the cloud

Answer 1481

• Use virtualization and resource management tools to deploy resources • Use application management and virtualization technologies to increase resource usage

Answer 1482

• Connect cloud-based resources to on-premises infrastructure • Integrate cloud-based resources with legacy IT applications

Answer 1483

From Upfront expenses where you Invest in technology resources before using them to Variable expenses, Pay only for what you use

Answer 1484

• Use secure, sizable compute capacity • Boot server instances in minutes • Pay only for what you use

Answer 1485

Launch an instance Connect to the instance Use the instance

Answer 1486

General purpose Compute optimized Memory optimized Accelerated computing Storage optimized

Answer 1487

Balances compute, memory, and networking resources Suitable for a broad range of workloads

Answer 1488

Offers high-performance processors Ideal for compute-intensive applications and batch processing workloads

Answer 1489

Delivers fast performance for memory-intensive workloads Well suited for high-performance databases

Answer 1490

Uses hardware accelerators to expedite data processing Ideal for application streaming and graphics workloads

Answer 1491

Offers low latency and high input/output operations per second (IOPS) Suitable for workloads such as distributed file systems and datawarehousing applications

Answer 1492

No upfront costs or minimum contracts Ideal for short-term, irregular workloads More expensive than spot or reserved

Answer 1493

Ideal for workloads with flexible start and end times and which can cope with interruption Offers savings over On-Demand prices

Answer 1494

Provides a billing discount over On-Demand pricing Requires a 1-year or 3-year term commitment

Answer 1495

Offer up to 66% savings over On-Demand costs for a consistent amount of compute usage Require a 1-year or 3-year term commitment

Answer 1496

An EC2 instance that runs in a VPC on hardware for a single customer Higher cost compared to standard Amazon EC2 instances

Answer 1497

A physical server with EC2 instance capacity for a single customer Most expensive Amazon EC2 option

Answer 1498

Scale capacity as computing requirements change Use dynamic scaling and predictive scaling

Answer 1499

Automatically distributes traffic across multiple resources Provides a single point of contact for your Auto Scaling group

Answer 1500

Removes unneeded Amazon EC2 instances when demand is low - Auto Scaling Adds a second Amazon EC2 instance during an online store’s popular sale - Auto Scaling Distributes a workload across several Amazon EC2 instances - Elastic Load Balancing Ensures that no single EC2 instance has to carry the full workload on its own - Elastic Load Balancing Automatically adjusts the number of Amazon EC2 instances to match demand - Auto Scaling Provides a single point of contact for traffic into an Auto Scaling group - Elastic Load Balancing

Answer 1501

Messages are published to topics. Subscribers immediately receive messages for their topics.

Answer 1502

Send, store, and receive messages between software components Queue messages without requiring other services to be available

Answer 1503

Run code without provisioning or managing servers Pay only for compute time while code is running Use other AWS services to automatically trigger code

Answer 1504

Upload code to Lambda. Set code to trigger from an event source. Code runs only when triggered. Pay only for the compute time you use.

Answer 1505

Amazon Elastic Container Service (Amazon ECS) - Run and scale containerized applications - Use simple API calls to control Docker-enabled applications Amazon Elastic Kubernetes Service (Amazon EKS) - Run and scale Kubernetes applications - Readily update applications with new features

Answer 1506

Run serverless containers with Amazon ECS or Amazon EKS Pay only for the resources you use

Answer 1507

Determine the right Region for your services, data, and applications based on: Compliance with data governance and legal requirements Proximity to your customers Available services within a Region Pricing

Answer 1508

Extend AWS infrastructure and services to your on-premises data centre

Answer 1509

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch resources in a virtual network that you define.

Answer 1510

A subnet is a section in a VPC in which you can place groups of isolated resources. A subnet can be public or private.

Answer 1511

A virtual private gateway is the VPN endpoint on the Amazon side of your Site-to-Site VPN connection that can be attached to a single VPC.

Answer 1512

A network access control list (network ACL) is a virtual firewall for a subnet. By default: • The default network ACL allows all inbound and outbound traffic. • Custom network ACLs deny all inbound and outbound traffic.

Answer 1513

Network ACLs perform stateless packet filtering. Before a packet can exit a subnet, it must be checked against the outbound rules.

Answer 1514

A security group is a virtual firewall for an Amazon EC2 instance. By default, a security group denies all inbound traffic and allows all outbound traffic

Answer 1515

Security groups perform stateful packet filtering. They remember previous decisions that were made for incoming packets.

Answer 1516

A. Desired capacity Desired capacity determines the number of instances that EC2 Auto Scaling strives to maintain.

Answer 1517

D. Developer, Business, and Enterprise. All support plans come with full access to Trusted Advisor except for the (free) Basic plan.

Answer 1518

D. To ensure that a predefined service level is maintained regardless of external demand or instance failures

Answer 1519

C. The larger the CIDR size, the fewer instances you can have. The larger the CIDR size, the fewer IP addresses are available in the VPC, and hence the fewer instances you can have.

Answer 1520

B. AWS Artifact The AWS Compliance service doesn’t actually exist. Nice try, though. PCI DSS is an industry standard for managing financial data. Service Organization Controls (SOC) is a set of audits of AWS infrastructure.

Answer 1521

A. A tool to centralize the administration of multiple AWS accounts AWS Organizations let you centralize the administration of multiple AWS accounts owned or controlled by a single company. It allows you to consolidate your billing operations, but it isn’t focused on billing automation, support settings, or resource collaboration.

Answer 1522

A. Virtualization and D. Automation Amazon’s distributed infrastructure and enhanced security are powerful but have little or no impact on lower customer costs. Virtualization and automation both permit greater usage of AWS physical hardware and, thus, drive costs down.

Answer 1523

A. https://aws.amazon.com/premiumsupport/knowledge-center and C. https://docs.aws.amazon.com

Answer 1524

C. us-east-2c Availability Zones use the full designation of the parent Region (us-east2, in this case) and a letter for the specific zone.

Answer 1525

D. Saving to an AWS Snowball device You can transfer large data stores to the AWS cloud (to S3 buckets) by having Amazon send you a Snowball device to which you copy your data and which you then ship back to Amazon.

Answer 1526

A. Access to a dedicated Technical Account Manager (TAM) General guidance within 24 hours is also available at the Developer and Business levels. Troubleshooting support is also available for Business customers. 24/7 access to engineers is available to Enterprise customers, but only within 15 minutes.

Answer 1527

C. Increasing the number of deployed resources to meet growing user demand One “scales” the resources serving an application either up or down to meet changing user demand. Maintaining copies is a redundant practice. Securing network access is not a function of scalability. Resizability is better described as elasticity.

Answer 1528

An instance type is a category that defines an instance’s hardware profile. A VPC is a network environment into which an instance will be launched. An EBS volume is a data drive that can be attached to an instance.

Answer 1529

C. Metered service payments and D. AWS Command Line Interface (CLI) access Metered payments and scripted (CLI) access are direct drivers of the efficiencies of automation. Elasticity and virtualization can be important pieces of the automation puzzle, but their contribution isn’t as direct.

Answer 1530

C. Deep experience in the retail sphere Having globally distributed infrastructure and experienced security engineers makes a provider’s infrastructure more reliable. Metered pricing makes a wider range of workloads possible.

Answer 1531

A. Services that hide infrastructure complexity behind a simple interface IaaS products provide full infrastructure access, SaaS products provide end-user services, and serverless architectures (like AWS Lambda) let developers run code on cloud servers.

Answer 1532

B. Load Balancer Optimization and D. IAM Access Key Rotation Both the MFA and Service Limits checks are available for all accounts.

Answer 1533

B. A t2.micro instance type EC2 instance and C. A 30 GB solid-state Elastic Block Store (EBS) drive S3 buckets—while available in such volumes under the Free Tier—are not necessary for an EC2 instance. Since the maximum total EBS space allowed by the Free Tier is 30 GB, two 20 GB would not be covered.

Answer 1534

B. Apply multifactor authentication (MFA). C. Set a complex password. and D. Delete associated access keys. Since the goal is to “lock down” the user, you will be better off deleting rather than creating access keys.

Answer 1535

A. A secret key The AWS CLI requires an access key ID and secret key. You can use those of an IAM user or the root user. Outbound network access to TCP port 443 is required, not port 80. Linux is also not required, although you can use the AWS CLI with Linux, macOS, or Windows. You also can use the AWS Console Mobile Application with Android or iOS devices.

Answer 1536

B. Its name must be globally unique. An S3 bucket’s name must be globally unique, and it must be between 3 and 63 characters in length. It can store practically unlimited amounts of data, well over 5 TB.

Answer 1537

A. United States, Canada, and Europe The more edge locations you use for a distribution, the more you’ll pay. Selecting the minimum number of locations will be the most cost effective.

Answer 1538

A. Deploy an application to an on-premises Windows instance., B. Deploy a Docker container to the Elastic Container Service. and C. Upgrade an application on an EC2 instance running Red Hat Enterprise Linux. CodeDeploy can deploy application files to Linux or Windows EC2 instances and Docker containers to ECS. It can’t deploy an application to smartphones, and it can’t deploy files to an S3 bucket.

Answer 1539

B. Limited access to Trusted Advisor and D. Access to AWS white papers Basic-level subscribers get only partial access to Trusted Advisor and all publicly available AWS documentation (including white papers). They do not get to speak with AWS cloud support associates.

Answer 1540

B. Increasing availability of web content CloudFront increases the availability of internet web content by storing it in edge locations.

Answer 1541

B. It’s backed by solid-state drives. and D. It’s replicated across multiple Availability Zones. A partition is an allocation of storage backed by solid-state drives and replicated across multiple Availability Zones. Tables are stored across partitions, but tables do not contain partitions. A primary key, not a partition, is used to uniquely identify an item in a table.

Answer 1542

D. CodeDeploy CodeDeploy is the only service of these that can create Lambda functions.

Answer 1543

C. A client-side master key In-transit encryption requires that the data be encrypted on the remote client before uploading. Server-side encryption (either SSE-S3 or SSE-KMS) only encrypts data within S3 buckets. DynamoDB is a NoSQL database service.

Answer 1544

A. Monthly Costs by Service The Monthly Costs by Service report shows you the top five services your organization has spent the most on over the past six months. The Monthly Costs by Linked Account and Daily Costs reports don’t show you a cost breakdown by service. The Monthly EC2 Running Hours Costs and Usage report shows you only costs associated with EC2 instances.

Answer 1545

B. Not all AWS services are included. You can, in fact, calculate costs for a multiservice stack. The calculator pricing is kept up-to-date. You can specify very detailed configuration parameters.

Answer 1546

B. RTMP The RTMP distribution type is for delivering streaming content and requires you to provide a media player. A Web distribution can also stream audio or video content but doesn’t require you to provide a media player. Streaming and Edge are not distribution types.

Answer 1547

A. RDS and C. Elastic Block Store (EBS) RDS database instances and Lambda functions are not qualified CloudFront origins. EC2 load balancers can be used as CloudFront origins.

Answer 1548

A. MySQL and B. PostgreSQL Aurora is Amazon’s proprietary database engine that works with existing PostgreSQL and MySQL databases. Aurora doesn’t support MariaDB, Oracle, or Microsoft SQL Server.

Answer 1549

A. Use an Elastic Block Store (EBS) volume for the instance. Instance Store volumes are ephemeral, meaning their data will be lost when the associated instance is shut down. While instance-based processes can—assuming they have the appropriate authentication permissions—access S3 data, the underlying OS file system must exist on a local drive.

Answer 1550

A. The page URL will include the word latest. Version numbers are not publicly available, and the word Current isn’t used in this context.

Answer 1551

A. Amazon Relational Database Service (RDS) RDS lets you purchase reserved instances to save money. Lambda, S3, and Fargate don’t use instances.

Answer 1552

C. The Amazon Machine Image (AMI) you select. The AMI you select while configuring your new instance defines the base OS.

Answer 1553

A. The security of the cloud and B. Patching underlying virtualization software running in AWS data centers What’s in the cloud is your responsibility—it includes the administration of EC2-based operating systems.

Answer 1554

D. Users authenticate using a password and also either a physical or virtual MFA device. MFA requires at least two (“multi”) authentication methods. Those will normally include a password (something you know) and a token sent to either a virtual or physical MFA device (something you have).

Answer 1555

D. Routing policies Some routing policies let you direct a user to a specific resource based on the user’s location.

Answer 1556

B. You’re responsible for S3 charges. You’re responsible for S3 charges related to your static website. You’re not charged for compute with S3. No one may modify the content of your site unless you give them permission. The S3 Standard storage class keeps objects in multiple Availability Zones, so the outage of one won’t affect the site.

Answer 1557

D. Systems Manager Systems Manager lets you put Bash scripting commands in Command Documents that Systems Manager can execute automatically.

Answer 1558

B. Reservation Utilization The reservation utilization report shows how much you have saved using reserved instances. The reservation coverage report shows how much you could have potentially saved had you purchased reserved instances. The daily costs and monthly EC2 running hours costs and usage reports don’t know how much you’ve saved using reserved instances.

Answer 1559

A. Physical access to AWS data centers and D. The infrastructure powering AWS managed services

Answer 1560

B. Code describing AWS resources A CloudFormation template contains code describing AWS resources. It doesn’t contain AWS CLI commands. A CloudFormation template can be used to create a stack that contains AWS resources.

Answer 1561

D. Object life cycle configurations S3 object life cycle configurations can delete objects past a certain age. Bucket policies control access to S3 objects. Versioning is a feature that maintains versions of objects so that they’re not deleted or overwritten. Transition actions are object life cycle configurations that move objects from one storage class to another but don’t delete them.

Answer 1562

B. Fault Tolerance The Performance category identifies configuration settings that might be blocking performance improvements. The Service Limits category identifies resource usage that’s approaching AWS Region or service limits. The Security category identifies any failures to use security best-practice configurations.

Answer 1563

D. Scalar A scalar data type can store only one value. The document and set data types can store multiple values. There’s no such thing as a dynamic data type.

Answer 1564

D. A reserved instance to handle minimal demand times and as many on-demand instances as needed to meet demand spikes Reserved instances are best for instance workloads that must run 24/7 over the long-term, so they will be the obvious choice for keeping a base level of service running full time. Since you must meet demand spikes, however, spot instances—which can be unexpectedly shut down after a brief warning—are not going to work. On-demand instances are best for this task.

Answer 1565

B. Trusted platform module chip A trusted platform module chip on each Snowball detects tampering. The Snowball Client and SD Adapter for Snowball are used for transferring data to Snowball. The Snowball Edge has a QSFP+ network port, but it doesn’t detect tampering.

Answer 1566

A. CloudWatch alarms CloudWatch alarms monitor and alert in response to a metric. CloudWatch metrics collect and store metrics. CloudWatch dashboards let you visualize metrics. CloudTrail dashboards and CloudTrail alerts don’t exist.

Answer 1567

C. Free Usage Tier and D. Choose Region Calculate By Month Or Year is not an option, and since the calculator calculates only cost by usage, Include Multiple Organizations wouldn’t be a useful option.

Answer 1568

A. Outbound network access to TCP port 443 and D. An access key ID and a secret access key To use the AWS CLI, you need outbound network access to TCP port 443, an access key ID, and a secret access key. The AWS CLI doesn’t use TCP port 80. You can, but don’t have to, use an IAM user with an access key ID. You could just as easily use the root user’s access key ID, although AWS doesn’t recommend it.

Answer 1569

A. The application load balancer listener Application load balancer listeners use security groups to control inbound access, so you need to apply a security group that has an inbound rule allowing HTTP access. Applying the security group rule to the database instance won’t help, since users don’t connect directly to the database instance. You can’t apply a security group to a subnet, only a network access control list.

Answer 1570

A. Quick Start AMIs The Marketplace contains vendor-supported AMI providing third-party software stacks. My AMIs contains AMIs belonging to your account. Community AMIs include many freely available but unsupported images.

Answer 1571

D. Light versions of most AWS services available for free through an account’s first 12 months While some services provide a lightweight Free Tier indefinitely, for the most part, the tier is intended to help you spend 12 months getting to know the inner workings of as many services as possible.

Answer 1572

A. The infrastructure resources of one of at least two physical data centers within a single AWS Region There is no special term used to describe all the resources of an AWS Region. Availability Zones are made up of at least two data centers, not three. Network access to resources is controlled by security groups, IAM policies, or access control groups, not by “Availability Zones.”

Answer 1573

D. A randomly generated customer ID number A primary key must be unique within a table. A full name, phone number, or city may not be unique, as some customers may share the same name or phone number. A randomly generated customer ID number would be unique and appropriate for use as a primary key.

Answer 1574

B. Maintaining copies of application data across multiple physical locations Your assets are redundant when they’re replicated in a way that ensures they’ll survive the failure of one set. Increasing the number of deployed resources is known as horizontal scaling. Increasing the size of deployed resources is known as vertical scaling. Controlling network access is not a function of redundancy.

Answer 1575

B. Continuous delivery Continuous delivery is a software development practice that runs code through a build or test process as soon as it’s checked into a repository and deploys the application to production after a manual approval.

Answer 1576

C. Your registered credit card will automatically be billed for any usage above the Free Tier limit. Going over your Free Tier limit is in no way a breach of AWS rules; on the contrary, it’s a normal and expected practice. Therefore, your account would not be suspended. By default, you will be sent a warning e-mail before your usage goes past the Free Tier limit, not after. There is no “mercy” rule.

Answer 1577

A. Lightsail Beanstalk, EC2 (non-reserved instances), and RDS all bill according to actual usage.

Answer 1578

C. Amazon Redshift Spectrum Amazon Redshift Spectrum lets you analyze structured data stored in S3. Redshift, RDS, and DynamoDB can’t do this.

Answer 1579

A. Elastic Block Store (EBS) volume An RDS instance stores databases on an EBS volume. It stores snapshots in S3. DynamoDB is a nonrelational database service that stores data in tables that are stored on one or more partitions.

Answer 1580

Rules based content filtering Layer 7 content filtering Supports rules to block/allow/count Integrates with Amazon Cloudfront Protects against: - SQL injection - Cross-site Scripting (XSS) Can write rules that will block on: - IP addresses - HTTP headers/body - URI strings Rate limiting per client IP address Managed Rules for common threats: - OWASP - Bots - Common Vulnerabilities and Exposures (CVE)

Answer 1581

Distributed Denial of Service (DDoS) protection service Standard: - UDP reflection - SYN floods - SSL renegotiation - Slow loris attacks - Available for free to everyone - Included in your use of CloudFront or Elastic Load Balancing

Answer 1582

Additional detection/mitigation Near real-time visibility Integrates with AWS WAF Access to a dedicated DDoS Response Team

Answer 1583

AWS is responsible for: - Physical Security ** Facilities/Data Centres ** Edge locations ** Rack and chassis - Network - APIs - Hypervisor (e.g. Xen or Nitro) - Managed Services (underlying storage or databases)

Answer 1584

Customer is responsible for: - Operating system - Network & firewall configuration - Identity and access ** Credentials ** Permissions - Applications - Data - Encryption ** At rest ** In transit

Answer 1585

Inherited: ** Physical ** Environmental Shared: ** Patch management ** Configuration management ** Education Customer Specific: ** Application ** Zone security

Answer 1586

B. Amazon Elastic File System Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. It offers a simple interface that allows you to create and configure file systems quickly and easily. Amazon EFS is built to elastically scale on demand without disrupting applications, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. Amazon EFS is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS that scale as a file system grows, with consistent low latencies. As a regional service, Amazon EFS is designed for high availability and durability storing data redundantly across multiple Availability Zones. With these capabilities, Amazon EFS is well suited to support a broad spectrum of use cases, including web serving and content management, enterprise applications, media and entertainment processing workflows, home directories, database backups, developer tools, container storage, and big data analytics workloads. The other options are incorrect: Amazon Elastic Block Store is incorrect. Big data applications require shared access to hundreds or thousands of EC2 instances in multiple Availability Zones. Amazon EBS Multi-Attach lets you share access to an EBS data volume between up to 16 Nitro-based EC2 instances within the same Availability Zone (AZ). S3 is incorrect. S3 is an object level storage. S3 cannot be attached to compute resources. AWS Storage Gateway is incorrect. AWS Storage Gateway is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. You can use the service for backup and archiving, disaster recovery, cloud data processing, storage tiering, and migration. References: https://aws.amazon.com/efs/

Answer 1587

B. Data centre security controls and D. Environmental controls AWS is responsible for physical controls and environmental controls. Customers inherit these controls from AWS. As mentioned in the AWS Shared Responsibility Model page, Inherited Controls are controls which a customer fully inherits from AWS such as physical controls and environmental controls. As a customer deploying an application on AWS infrastructure, you inherit security controls pertaining to the AWS physical, environmental and media protection, and no longer need to provide a detailed description of how you comply with these control families. For example: You have built an application in AWS for customers to securely store their data, but your customers are concerned about the security of the data and ensuring compliance requirements are met. To address this, you assure your customer that “our company does not host customer data in its corporate or remote offices, but rather in AWS data centers that have been certified to meet industry security standards.” That includes physical and environmental controls to secure the data, which is the responsibility of Amazon. Customers of AWS do not have physical access to the AWS data centers, and as such, they fully inherit the physical and environmental security controls from AWS. You can read more about AWS’ data center controls here: https://aws.amazon.com/compliance/data-center/controls/ The other options are incorrect: "Communications controls" is incorrect. Communications controls are the responsibility of the customer. "Awareness and Training" is incorrect. Awareness and Training belongs to the AWS Shared Controls. AWS trains AWS employees, but a customer must train their own employees. "Resource Configuration Management" is incorrect. Configuration management belongs to the AWS Shared Controls. AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. References: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 1588

A. In another Region A Region is a physical location around the world where AWS clusters data centers. AWS calls each group of logical data centers an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate Availability Zones within a geographic area. Unlike other cloud providers, who often define a region as a single data center, the multiple Availability Zones design of every AWS Region offers advantages for customers. Each Availability Zone has independent power, cooling, and physical security and is connected via redundant, ultra-low-latency networks. AWS customers focused on high availability can design their applications to run in multiple Availability Zones to achieve even greater fault-tolerance. To save a backup to another geographical location, save it to a different AWS Region. The other options are incorrect. "In another Edge location" is incorrect. Edge locations are used in conjunction with the CloudFront service to cache and deliver content to global users with low latency. They are not used to store backups. "In another Availability Zone" is incorrect. Availability Zones exist within a Region and are in the same geographic area. "In another Local Zone" is incorrect. AWS Local Zones are not used to store backups. A Local Zone is an extension of an AWS Region in geographic proximity to your users. With AWS Local Zones, you can run highly-demanding applications that require single-digit millisecond latencies to your end-users, such as real-time gaming, hybrid migrations, AR/VR, and machine learning. References: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html

Answer 1589

B. Reports about the utilisation of Amazon EC2 Reserved Instances AWS Cost Explorer lets you dive deeper into your AWS cost and usage data to identify trends, pinpoint cost drivers, and detect anomalies. You can view data for up to the last 12 months, forecast how much you're likely to spend for the next 12 months, and get recommendations for what Savings Plans or Reserved Instances to purchase. AWS Cost Explorer reports include a breakdown of your top 5 cost-accruing AWS services, an analysis of your overall Amazon EC2 usage, an analysis of the total costs of your member accounts, and the Reserved Instance Utilization and Coverage reports. The other options are incorrect: "Detailed AWS usage reports delivered directly to an Amazon S3 bucket" is incorrect. The detailed AWS usage report that is delivered directly to an Amazon S3 bucket is called "AWS Cost & Usage Report", which is different than the reports provided by AWS Cost Explorer. The AWS Cost & Usage Report contains the most comprehensive set of AWS cost and usage data available. AWS delivers the AWS Cost & Usage Report to whichever Amazon S3 bucket you specify during setup, and updates the reports at least once per day. Using AWS Cost Management products, such as AWS Cost Explorer and AWS Budgets, you can gain greater visibility into your usage patterns and underlying cost drivers, as well as take action on any issues that you might see. However, if you are looking to build an enterprise-grade cost management solution in-house, you should strongly consider using the AWS Cost & Usage Reports as your foundation. The AWS Cost & Usage Report is best suited for organizations with complex cost management requirements, especially those who wish to establish dedicated query- or analytical-based systems in-house for cost reporting and analysis purposes. "Reports about historical on-premises spending" is incorrect. AWS Cost Explorer does not provide reports about historical on-premises spending. AWS Cost Explorer provides you with interactive graphical reports designed to make it easier for you to view and analyze your historical spending on AWS. "Reports about the results of AWS Trusted Advisor checks" is incorrect. AWS Cost Explorer does not provide reports about the results of AWS Trusted Advisor checks. These results can be found on the AWS Trusted Advisor dashboard. AWS Trusted Advisor is an online tool that offers a rich set of best practice checks and recommendations across five categories: cost optimization, security, fault tolerance, performance, and service quotas. References: https://aws.amazon.com/aws-cost-management/aws-cost-explorer/

Answer 1590

C. AWS Resource Groups If you work with multiple resources in multiple environments, you might find it useful to manage all the resources in each environment as a group rather than move from one AWS service to another for each task. Resource Groups help you do just that. By default, the AWS Management Console is organized by AWS service. But with the Resource Groups tool, you can create a custom console that organizes and consolidates information based on your project and the resources that you use. The other options are incorrect: "AWS Management Console" is incorrect. AWS Management Console lets you access and manage individual AWS resources through a web-based user interface. "AWS Tag Editor" is incorrect. AWS Tag Editor is used to add, edit, or delete tags from AWS resources. "AWS Placement Groups"is incorrect. Placement Groups are logical groupings or clusters of EC2 instances within a single Availability Zone. Placement groups are recommended for applications that require low network latency, high network throughput, or both. References: https://docs.aws.amazon.com/ARG/latest/APIReference/Welcome.html

Answer 1591

B. AWS Elastic Disaster Recovery and E. CloudEndure Disaster Recovery AWS Elastic Disaster Recovery is a disaster recovery solution that minimizes downtime and data loss by providing fast, reliable recovery of physical, virtual, and cloud-based servers into the AWS Cloud. AWS Elastic Disaster Recovery continuously replicates your machines (including operating system, system state configuration, databases, applications, and files) into a low-cost staging area in your target AWS account and preferred Region. In the case of a disaster (e.g., AWS Region outage, cyber-attack, power failure), you can instruct AWS Elastic Disaster Recovery to automatically launch thousands of your machines in their fully provisioned state in minutes. This will help you recover quickly from disasters and achieve your business continuity goals. AWS CloudEndure Disaster Recovery is an agent-based solution that lets you recover your environment from unexpected infrastructure or application outages, data corruption, ransomware, or other malicious attacks. AWS Elastic Disaster Recovery, the next generation of CloudEndure Disaster Recovery, is now the recommended service for disaster recovery to AWS. AWS recommends using CloudEndure Disaster Recovery only if you require one or more of the following capabilities: - Replication to an AWS GovCloud (US) or China Region - Replication and recovery into AWS Outposts The other options are incorrect: “AWS Application Migration Service” is incorrect. AWS Application Migration Service is a highly automated lift-and-shift (rehost) solution that simplifies the process of migrating applications from physical, virtual, and cloud-based infrastructure, ensuring that they are fully operational in any AWS Region without compatibility issues. “AWS Backup” is incorrect. AWS Backup can be used to copy backups to a different AWS Region, and recover from those backups in the new region in case of a disaster. But this Backup & Restore strategy requires hours to be implemented. “AWS Glue” is incorrect. AWS Glue is a fully-managed, Extract, Transform, and Load (ETL) service that automates the time-consuming steps of data preparation for analytics. Extract, Transform, and Load (ETL) is the process of extracting (collecting) data from various sources (from different databases for example), transform the data depending on business rules/needs (This step helps in preparing the data for analytics and decision making) and load the data into a destination database, often a data warehouse. References: https://aws.amazon.com/disaster-recovery/ https://aws.amazon.com/disaster-recovery/when-to-choose-aws-drs/

Answer 1592

A. At a minimum, upgrade to Business support plan Chat access to AWS Support Engineers is available at the Business, Enterprise On-Ramp, and Enterprise support tiers only. References: https://aws.amazon.com/premiumsupport/compare-plans/

Answer 1593

A. IAM Policy A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. Each policy consists of: 1- Principal: Who needs access. 2- Action: What action to allow or deny. 3- Resource: Which resource to allow or deny the action on. 4- Effect: What will be the effect when the user requests access - either allow or deny. 5- Condition: Which conditions must be present for the policy to take effect. For example, you might allow access only to the specific S3 buckets if the user is connecting from a specific IP range or has used multi-factor authentication at login. Note: Permissions are granted to IAM identities (users, user groups, and roles) to determine whether they are authorized to perform an action or not. The other options are incorrect: "IAM Role" is incorrect. An IAM role is an IAM identity that you can create in your account that has specific permissions. When you assume a role, it provides you with temporary security credentials for your role session. You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources. For example, you might want to grant users in your AWS account access to resources they don't usually have, or grant users in one AWS account access to resources in another account. "IAM User Group" is incorrect. You can use IAM user groups to apply policies to users, however the policies are not directly attached to the IAM user. To assign permissions directly to an IAM user, attach an IAM policy to that user. Additional information: What is an IAM User Group? An IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a user group called Admins and give that user group the types of permissions that administrators typically need. Any user in that user group automatically has the permissions that are assigned to the user group. If a new user joins your organization and needs administrator privileges, you can assign the appropriate permissions by adding the user to that user group. Similarly, if a person changes jobs in your organization, instead of editing that user's permissions, you can remove him or her from the old user groups and add him or her to the appropriate new user groups. "IAM Identity" is incorrect. You create IAM Identities to provide authentication for people and processes in your AWS account. IAM identities include users, roles and user groups. References: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html

Answer 1594

B. Amazon EC2 If an AWS customer needs full control over a database, AWS provides a wide range of Amazon EC2 instances - with different hardware characteristics - on which they can install and run their custom relational database software. If EC2 is used instead of RDS to run a relational database, the customer is responsible for managing everything related to this database. The other options are incorrect: "Amazon Inspector" is incorrect. Amazon Inspector is a security assessment service that automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. "Amazon Cognito" is incorrect. Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple. "Amazon RDS" is incorrect. Amazon RDS provides six database engines to choose from, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and Microsoft SQL Server. These engines are already installed and ready to be used. The customer does not install the actual database software on RDS, nor has access to the underlying host as it is a managed service. References: https://aws.amazon.com/ec2

Answer 1595

B. Management of the operating system and D. Database setup In relation to Amazon RDS databases: AWS is responsible for: 1- Managing the underlying infrastructure and foundation services. 2- Managing the operating system. 3- Database setup. 4- Patching and backups. The customer is still responsible for: 1- Protecting the data stored in databases (through encryption and IAM access control). 2- Managing the database settings that are specific to the application. 3- Building the relational schema. 4- Network traffic protection. The other options are incorrect: "Access management "is incorrect. The customer is responsible for managing access to all AWS services and resources. "Management of firewall rules" is incorrect. The customer is responsible for managing firewall rules using security groups. "Network traffic protection" is incorrect. The customer is responsible for protecting network traffic using security groups, Network ACLs and AWS WAFs. References: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html

Answer 1596

C. The storage class used for the objects stored and D. The total size in gigabytes of all objects stored S3 pricing is based on four factors: 1) Total amount of data (in GB) stored on S3 2) Storage class (S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access, S3 One Zone-IA, S3 Glacier, or S3 Glacier Deep Archive) 3) Amount of data transferred out of AWS from S3 4) Number of requests to S3 The other options are incorrect: "The number of Access control lists (ACLs) attached to your S3 buckets" is incorrect. Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects. Each bucket and object has an ACL attached to it as a subresource. You can use ACLs to grant basic read/write permissions to other AWS accounts. When a request is received against a resource, Amazon S3 checks the corresponding ACL to verify that the requester has the necessary access permissions. This option is incorrect because there is no additional charge for using Amazon S3 ACLs. Note: Amazon S3 ACLs are different than Network ACLs. A network access control list (Network ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. "Using default encryption for any number of S3 buckets" is incorrect. There are no extra charges for using default encryption for S3 buckets. "Creating and deleting S3 buckets" is incorrect. Creating or deleting S3 buckets is free but you will be charged for data that you store in those buckets. References: https://aws.amazon.com/s3/pricing/ https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html

Answer 1597

D. AWS CodeBuild AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. AWS CodeCommit vs. AWS CodeBuild vs. AWS CodeDeploy vs. AWS CodePipeline: - AWS CodeCommit is used to store and version source code. - AWS CodeBuild is used to compile and test source code, helping you find and fix bugs early in the development process when they are easy to fix. - AWS CodeDeploy is used to deploy application code to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers. - AWS CodePipeline is the glue that builds these steps together. AWS CodePipeline enables you to automate all phases of your release process, from committing the code into AWS CodeCommit all the way to deploying it with AWS CodeDeploy. You can also integrate your own custom tools into any stage of the release process to form an end-to-end continuous delivery solution. This enables you to deliver new features and updates rapidly and reliably. Another service that is worth mentioning is AWS CodeStar. If you are starting a new software project, you can use AWS CodeStar to set up your entire continuous delivery toolchain in minutes. AWS CodeStar uses AWS CodePipeline, AWS CodeCommit, AWS CodeBuild and AWS CodeDeploy to help you develop, build, and deploy applications in minutes. You can not use AWS CodeStar with existing applications. The other options are incorrect: "AWS CodeCommit" is incorrect. AWS CodeCommit is a source code control service that hosts secure Git-based repositories. AWS CodeCommit is designed for software developers who need a secure, reliable, and scalable source control system to store and version their code. "AWS CodeDeploy" is incorrect. AWS CodeDeploy is a fully managed service that automates application code deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers. "AWS CodeStar" is incorrect. AWS CodeStar is a cloud‑based development service that provides the tools you need to quickly develop, build, and deploy applications on AWS. AWS CodeStar provides a unified user interface, enabling you to easily manage your software development activities in one place. With AWS CodeStar, you can set up your entire continuous delivery toolchain in minutes, allowing you to start releasing code faster. If you are starting a new software project, you can use AWS CodeStar to set up your entire continuous delivery toolchain in minutes. AWS CodeStar uses AWS CodePipeline, AWS CodeCommit, AWS CodeBuild and AWS CodeDeploy to help you develop, build, and deploy applications in minutes. You can not use AWS CodeStar with existing applications. References: https://aws.amazon.com/codebuild/

Answer 1598

D. AWS Snowball AWS Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers, including high network costs, long transfer times, and security concerns. Transferring data with Snowball is simple, fast, secure, and can cost as little as one-fifth the cost of using high-speed internet. Additionally, With AWS Snowball, you can access the compute power of the AWS Cloud locally and cost-effectively in places where connecting to the internet might not be an option. AWS Snowball is a perfect choice if you need to run computing in rugged, austere, mobile, or disconnected (or intermittently connected) environments. With AWS Snowball, you have the choice of two devices, Snowball Edge Compute Optimized with more computing capabilities, suited for higher performance workloads, or Snowball Edge Storage Optimized with more storage, which is suited for large-scale data migrations and capacity-oriented workloads. Snowball Edge Storage Optimized devices provides up to 80 TB of usable storage. In our case, it is better (cost-effective) to use 3 snowball Edge Storage Optimized devices to transfer 200 TB instead of using the internet. 3 snowballs * 80TB = 240 TB There are many options for transferring your data into AWS. Snowball is intended for transferring large amounts of data. If you want to transfer less than 10 terabytes of data between your on-premises data centers and Amazon S3, Snowball might not be your most economical choice. "AWS DataSync" is incorrect. AWS DataSync is ideal for online data transfers, not offline data transfers. You can use DataSync to migrate active data from on-premises locations to AWS, transfer data to the cloud for analysis and processing, archive data to free up on-premises storage capacity, or replicate data to AWS for business continuity. "AWS Snowmobile" is incorrect. Snowmobile is not a cost effective solution here. AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can transfer up to 100 Petabytes (100,000 Terabytes) per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. "AWS DMS" is incorrect. AWS Database Migration Service (DMS) is used to migrate databases to AWS. References: https://aws.amazon.com/snowball/ https://aws.amazon.com/snowmobile/

Answer 1599

C. Delete root user access keys if you do not need them Anyone who has root user access keys for your AWS account has unrestricted access to all the resources in your account, including billing information. If you don't already have an access key for your AWS account root user, don't create one unless you absolutely need to. If you do have an access key for your AWS account root user, delete it. If you must keep it, rotate (change) the access key regularly. There are specific tasks that are restricted to the AWS account root user. For example, only the root user can perform the following tasks: (IMPORTANT) 1- Change your account settings. This includes the account name, root user password, and email address. 2- View certain tax invoices. 3- Close your AWS account. 4- Change your AWS Support plan or Cancel your AWS Support plan. 5- Activate IAM access to the Billing and Cost Management console. By default, IAM users and roles within an AWS account can't access the Billing console pages. The AWS account root user can allow IAM users and roles access to Billing console pages by using the Activate IAM Access setting. 6- Configure an Amazon S3 bucket to enable MFA (multi-factor authentication) Delete. The AWS account owner (root account) configure MFA delete on a bucket to help ensure that the data in their bucket cannot be accidentally deleted. For a full list of the tasks that require root user credentials, visit this link: https://docs.aws.amazon.com/accounts/latest/reference/root-user-tasks.html The other options are incorrect: "Access the root account only from your personal Mobile Phone" is incorrect. You can access your root account from any supported device, but make sure that no one else can access these devices or monitor them. "Only share your AWS account password or access keys with trusted persons" is incorrect. You should never share your AWS account password or access keys with anyone. Instead, create individual named users for anyone who needs access to your AWS account. By creating individual IAM users for people accessing your account, you can give each IAM user a unique set of security credentials. You can also grant different permissions to each IAM user. If necessary, you can change or revoke an IAM user's permissions any time. (If you give out your root user credentials, it can be difficult to revoke them, and it is impossible to restrict their permissions.). Additional information: Instead of defining permissions for individual IAM users, it's usually more convenient to create user groups that relate to job functions (administrators, developers, accounting, etc.). Next, define the relevant permissions for each user group. Finally, assign IAM users to those user groups. All the users in an IAM user group inherit the permissions assigned to the user group. That way, you can make changes for everyone in a user group in just one place. As people move around in your company, you can simply change what IAM user group their IAM user belongs to. "Apply MFA for the root account and use it for all of your work" is incorrect. AWS strongly recommends that you do not use the AWS account root user for day-to-day tasks, even administrative tasks. Instead, use the root user to create your first IAM user, then use this instead. Securely lock away the root user credentials and only use them for tasks that require root access. References: https://docs.aws.amazon.com/accounts/latest/reference/best-practices-root-user.html https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Answer 1600

B. Amazon EMR and C. Amazon Redshift Some AWS services provide the option to run workloads on serverless or on server-based compute options. For example, AWS customers have four Amazon EMR compute options to run their big data applications: Amazon EC2, Amazon EKS, AWS Outposts, or Amazon EMR Serverless. Amazon EMR Serverless is a new option in Amazon EMR that makes it easy for data analysts and engineers to run open-source big data analytics frameworks without configuring, managing, and scaling clusters or servers. You get all the features and benefits of Amazon EMR without the need for experts to plan and manage clusters. Amazon Redshift is a fully managed analytics service that offers both provisioned and serverless options, making it easy for customers to run and scale analytics without having to manage their data warehouse. AWS customers can choose the provisioned option for predictable workloads or go with the Amazon Redshift Serverless option to automatically provision and scale the data warehouse capacity to deliver high performance for demanding and unpredictable workloads. The other options are incorrect: "AWS Lambda" is incorrect. AWS Lambda is a serverless compute service. “AWS Fargate” is incorrect. AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Service (Amazon EKS). AWS Fargate allows customers to run containers without having to manage servers or clusters. "Amazon DynamoDB" is incorrect. Amazon DynamoDB is a fully managed, serverless, key-value NoSQL database designed to run high-performance applications at any scale. With DynamoDB, there are no servers to provision, patch, or manage and no software to install, maintain, or operate. DynamoDB automatically scales tables up and down to adjust for capacity and maintain performance. References: https://d1.awsstatic.com/whitepapers/aws-overview.pdf https://aws.amazon.com/serverless/

Answer 1601

D. Use existing third-party software licenses on AWS AWS Customers who have already purchased software licenses - from vendors such as Microsoft and Oracle - can reuse these licenses on AWS instead of buying new licenses. For software that consumes licenses on a per-core or per-socket basis, such as Windows Server and SQL Server, AWS customers may need to migrate their workloads to a dedicated host to use this type of software license. The other options are incorrect: “Use servers instead of managed services” is incorrect. AWS recommends the use of managed services instead of servers where possible. AWS offers a broad set of compute, storage, database, analytics, application, and deployment services that help organizations move faster and lower IT costs. Architectures that do not leverage that breadth (e.g., if they use only Amazon EC2) might not be making the most of cloud computing and might be missing an opportunity to reduce costs and increase operational efficiency. AWS managed services provide building blocks that developers can consume to power their applications. These managed services include databases, machine learning, analytics, queuing, search, email, notifications, and more. For example, with Amazon SQS you can offload the administrative burden of operating a highly available, scalable messaging cluster, while paying a low price for only what you use. The same applies to Amazon S3, which enables you to store as much data as you want and access it when you need it, without having to think about capacity, hard disk configurations, replication, and other administrative issues. “Migrate production workloads to AWS edge locations instead of AWS Regions” is incorrect. Edge locations do not have the compute, storage, networking required to run an entire workload. An Edge location is a site that CloudFront uses to cache copies of your content for faster delivery to users at any location. “Use AWS Outposts to run all workloads in a cost-optimized environment” is incorrect. AWS Outposts is used by customers who must store and process data locally at their own data center. AWS Outposts allows customers to securely store and process customer data that needs to remain on-premises or in countries where there is no AWS region. This may help address requirements of companies in highly regulated industries and or those located in countries with data residency requirements. AWS Outposts is an AWS service that delivers the same AWS infrastructure, native AWS services, APIs, and tools to virtually any customer on-premises facility. With AWS Outposts, customers can run AWS services locally on their Outpost, including EC2, EBS, ECS, EKS, and Amazon RDS. References: https://aws.amazon.com/ec2/dedicated-hosts/

Answer 1602

A. Number of Hosted Zones and D. Number of security groups There are no associated costs for "EC2 Security Groups" or "Hosted Zones" and thus are correct answers. EC2 Security groups are free to use. Hosted Zones are not free, but they are not related to Amazon EC2 costs. Hosted Zones is one of the factors of the Amazon Route 53 costs. The other options represent factors you should consider when estimating the cost of Amazon EC2 and are therefore incorrect. When you begin to estimate the cost of using Amazon EC2, consider the following: 1- Clock hours of server time: The amount of time that the instances will be running has a direct bearing on the overall price, as EC2 instances are charged either by the hour or by the second, depending on which AMI is used. 2- Instance type: Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity. 3- Pricing model: On-Demand, Reserved, Spot, Savings Plans, and Dedicated 4- Number of instances: You can provision multiple instances of your Amazon EC2 and Amazon EBS resources to handle peak loads. 5- Load balancing: The number of hours the Elastic Load Balancer runs and the amount of data it processes contribute to the EC2 monthly cost. 6- Elastic IP addresses: To ensure efficient use of Elastic IP addresses, AWS imposes a small hourly charge if an Elastic IP address is not associated with a running instance, or if it is associated with a stopped instance. While the instance is running, you are not charged for one Elastic IP address associated with the instance, but additional Elastic IPs are not free. 7- Operating systems and software packages: Operating system prices are included in instance prices, unless you choose to bring your own licenses. References: https://docs.aws.amazon.com/whitepapers/latest/how-aws-pricing-works/how-aws-pricing-works.pdf page 10, 11

Answer 1603

B. FIDO Security Key AWS multi-factor authentication (AWS MFA) provides an extra level of security that customers can apply to their AWS environment. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their user name and password (the first factor—what they know), as well as for an authentication code from their AWS MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for the AWS account resources. AWS supports several MFA device options including Virtual MFA devices, FIDO security key, and Hardware MFA devices. The other options are incorrect: "Access Keys" is incorrect. Access keys are long-term credentials for an IAM user or the AWS account root user. Customers can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). "AWS Key Pair" is incorrect. The AWS Key pair cryptography enables customers to securely access their Amazon EC2 instances using a private key instead of a password. "AWS CloudHSM" is incorrect. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables customers to easily generate and use their own encryption keys on the AWS Cloud. References: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html

Answer 1604

B. An AWS Availability Zone is an isolated location within an AWS Region, however edge locations are located in multiple cities worldwide In AWS, each Region has multiple, isolated locations known as Availability Zones. Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities. Edge locations may or may not exist within a region. They are located in most major cities around the world. Edge locations are specifically used by CloudFront (CDN) to distribute content to global users with low latency. The other options are incorrect: "An availability zone exists within an edge location to distribute content globally with low latency" is incorrect. An availability zone exists within an AWS Region, not within an edge location "Edge locations are located in separate Availability Zones worldwide to serve global customers" is incorrect. Edge locations are located in most major cities around the world. Edge locations may or may not exist within a given AWS Region. "An Availability Zone is a geographic location where AWS provides multiple, physically separated and isolated edge locations" is incorrect. An availability zone exists within an AWS Region. Edge locations are located in most major cities around the world. Edge locations may or may not exist within a given AWS Region. References: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/ https://aws.amazon.com/cloudfront/features/

Answer 1605

AWS Serverless Services include: Compute: AWS Lambda, AWS Fargate Messaging: Amazon SNS, Amazon SQS Database: Amazon DynamoDB, Amazon Aurora Serverless Orchestration: AWS Step Functions

Answer 1606

C. Savings Plans and E. Reserved Instances For Customers who can commit to using EC2 over a 1 or 3-year term, it is better to use Amazon EC2 Reserved Instances or AWS Savings Plans. Reserved Instances and AWS Savings Plans provide a significant discount (up to 72%) compared to On-Demand instance pricing. Reserved Instances: Amazon EC2 Reserved Instances provide a significant discount compared to On-Demand pricing for customers who can commit to using EC2 over a 1- or 3-year term to reduce their total computing costs. Depending on the term of commitment and the amount paid up-front, discounts as high as 72% can be attained vs. On-Demand pricing. Savings Plans: Savings Plans offer significant savings over On Demand, just like EC2 Reserved Instances, in exchange for a commitment to use a specific amount of compute power (measured in $/hour) for a one or three year period. The difference between AWS Savings Plans and Reserved Instances is that Savings Plans provides you with the flexibility to use the instance configurations that best meet your needs, instead of making a commitment to a specific instance configuration (as is the case with reserved instances). For example, with Compute Savings Plans, if you commit to $10 of compute usage an hour, you can use as many instances as you need (of any type) and you will get the Savings Plans prices on that usage up to $10 and any usage beyond the commitment will be charged On Demand rates. The other options are incorrect: "On-demand Instances" is incorrect. With On-Demand instances, customers pay for compute capacity by the hour or the second depending on which instances they run. No longer-term commitments or upfront payments are needed. They can increase or decrease the compute capacity depending on the demands of their application and only pay for what they use. On-demand is recommended for customers who need consistent performance for a short period of time. On-demand instances are significantly less cost-effective than reserved instances. "Spot Instances" is incorrect. Spot instances allow customers to take advantage of excess AWS EC2 capacity by paying a lower hourly price than the On-Demand price. Spot instances are not well suited for production workloads by themselves because the instance can be interrupted at any time if capacity is no longer available. Use cases of Spot instances include batch processing tasks and background jobs. "Dedicated Hosts" is incorrect. Amazon EC2 Dedicated Hosts are used to help meet corporate compliance requirements and save money on licensing costs by enabling customers to use their existing software licenses from vendors such as Microsoft and Oracle on Amazon EC2. References: https://aws.amazon.com/ec2/pricing/ https://aws.amazon.com/ec2/pricing/reserved-instances/ https://aws.amazon.com/savingsplans/

Answer 1607

A. AWS Identity and Access Management (IAM) and E. AWS CLI You can use the AWS IAM console, the AWS CLI, or the AWS API to enable a virtual MFA device for an IAM user in your account. The other options are incorrect: "AWS Secrets Manager" is incorrect. AWS Secrets Manager can not be used to enable MFA. AWS Secrets Manager helps you rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. "Amazon SNS" is incorrect. Amazon Simple Notification Service (Amazon SNS) is a messaging service that makes it easy to set up, operate, and send notifications from AWS. Amazon SNS follows the “publish / subscribe” (pub/sub) messaging paradigm, with notifications being delivered to clients using a “push” mechanism. "Amazon Connect" is incorrect. Amazon Connect is a cloud-based contact center service. References: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_cliapi.html

Answer 1608

B. Change your AWS root account password and the passwords of any IAM users and E. Open an investigation and delete any potentially compromised IAM users If you suspect that your account has been compromised, or if you have received a notification from AWS that the account has been compromised, perform the following tasks: 1- Change your AWS root account password and the passwords of all IAM users. 2- Delete or rotate all root and AWS Identity and Access Management (IAM) access keys. 3- Delete any potentially compromised IAM users. 4- Delete any resources on your account you didn’t create, such as EC2 instances and AMIs, EBS volumes and snapshots, and IAM users. 5- Respond to any notifications you received from AWS Support through the AWS Support Center. The other options are incorrect: "Give your root account password to AWS Support so that they can assist in troubleshooting and securing the account" is incorrect. While AWS support can assist in troubleshooting and securing the account, customers should NOT give their root account password to AWS Support (or anyone) for any reason. "Check the AWS CloudTrail logs and delete all IAM users that have access to your resources" is incorrect. It is a good idea to check the CloudTrail logs that are aggregated recently, however you should not delete all IAM users that have access to your resources. Doing so, will break all the relationships and permissions you have made and may bring down all systems in your account. Instead, you should open an investigation, check the AWS CloudTrail logs, and delete all potentially compromised IAM users. "Stop all running services, and open an investigation" is incorrect. Stopping all running services is not required when investigating such issues. References: https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/

Answer 1609

C. Deploy the application to at least two Availability Zones Each AWS Region contains multiple distinct locations, or Availability Zones. Each Availability Zone is engineered to be independent from failures in other Availability Zones. Deploying your application to multiple Availability Zones will increase the availability of your application. If one availability zone encounters an issue, the other availability zones can still serve your application. The other options are incorrect: "Use Elastic Load Balancing (ELB) across multiple AWS Regions" is incorrect. Elastic Load Balancing (ELB) is a regional service, not a global service. Elastic Load Balancing can only be used to distribute traffic across multiple Availability Zones within the same AWS Region. "Deploy the application code on at least two servers in the same Availability Zone" is incorrect. Using more AWS servers in the same Availability Zone would help with performance so long as the Availability Zone had no issues, but being deployed to only one Availability Zone constitutes a single point of failure and is therefore not a best practice. "Rewrite the application code to handle all incoming requests" is incorrect. There is no relation between the application code and “high availability”. Even perfectly written code that never crashes will become unavailable if the infrastructure it runs on fails. References: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/

Answer 1610

D. Use code to provision and operate your AWS infrastructure In the cloud, you can apply the same engineering discipline that you use for application code to your entire environment. You can define your entire workload (applications, infrastructure) as code and update it with code. You can implement your operations procedures as code and automate their execution by triggering them in response to events. By performing operations as code, you limit human error and enable consistent responses to events. You can define your infrastructure as code using approaches such as AWS CloudFormation templates. The use of templates allows you to build and rebuild your infrastructure, without having to perform manual actions or write custom scripts. Codifying your infrastructure in a template allows you to treat your infrastructure as just code. You can author it with any code editor, check it into a version control system, and review the files with team members before deploying into production. This gives developers an easy way to build and update their entire AWS environment in a timely fashion. The other options are incorrect. "Use AWS CodeDeploy to build and automate your AWS environment" is incorrect. AWS CodeDeploy cannot be used to manage the AWS infrastructure. AWS CodeDeploy is a service that automates application code deployments to Amazon EC2 instances and instances running on-premises. "Use Software test automation tools" is incorrect. Software test automation tools enable you to simplify testing and reduce time to release by automating functional tests for your applications. "Migrate all of your applications to a dedicated host" is incorrect. Dedicated Hosts provide you with EC2 instance capacity on physical servers dedicated to your use. You may need to migrate your applications to a dedicated host to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2 so that you get the flexibility and cost-effectiveness of using your own licenses, but with the resiliency, simplicity, and elasticity of AWS. Amazon EC2 Dedicated Hosts can also help address corporate compliance requirements because they are dedicated only to a single customer. References: https://docs.aws.amazon.com/wellarchitected/latest/framework/wellarchitected-framework.pdf https://aws.amazon.com/cloudformation/

Answer 1611

B. Amazon Route53 Amazon Route 53 provides highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like example.com into the numeric IP addresses, such as 192.0.2.1, that computers use to connect to each other. Route 53 also offers health checks to monitor the health and performance of your application as well as your web servers and other resources. Route 53 can be configured to route traffic only to the healthy endpoints to achieve greater levels of fault tolerance in your applications. Note: The Elastic Load Balancing service also performs health checks on Amazon EC2 instances and distribute traffic only to the healthy ones. The other options are incorrect: Amazon Aurora is incorrect. Amazon Aurora is a relational database service. Amazon Chime is incorrect. Amazon Chime is a communications service for online meetings. AWS CloudFormation is incorrect. AWS CloudFormation allows you to use programming languages or a simple text file (template) to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. References: https://aws.amazon.com/route53/

Answer 1612

D. AWS Pricing Calculator The AWS Pricing Calculator helps you estimate your monthly AWS bill more efficiently. The calculator can be used to determine your best and worst case scenarios and identify areas of development to reduce your monthly costs. The AWS Pricing Calculator is continuously updated with the latest pricing for all AWS services in all Regions. The AWS Pricing Calculator is available at: https://calculator.aws/ The other options are incorrect. "AWS Budgets" is incorrect. AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also set up AWS Budgets to alert you when your reservation utilization drops below the threshold you define. "AWS Cost & Usage Report" is incorrect. The AWS Cost & Usage Report does not estimate costs. The AWS Cost & Usage Report enables customers to access detailed information related to their AWS costs and usage. This information can help them analyze their cost drivers and usage trends. "AWS Cost Explorer" is incorrect. AWS Cost Explorer is used to explore and analyze your historical spend and usage. AWS Cost Explorer allows you to have visibility into your consumption patterns, such as, mapping the most commonly used services, and identifying unexpected anomalies or expenses. AWS Cost Explorer can also be used to estimate AWS services costs, but it calculates these estimates based on your previous AWS consumption (meaning AWS Cost Explorer is suitable for existing projects only). In the above scenario, AWS Pricing Calculator is the right choice because it can be used to estimate the costs of both existing and new projects (in our case, it is a new project). AWS Pricing Calculator enables you to estimate the monthly cost of AWS services for your use case based on your expected usage (not based on previous consumption as is the case with AWS Cost Explorer). For example, if you expect to use 500 GB of S3 Standard storage, you can simply enter this value in the appropriate field and the calculator provides an estimate of your monthly bill. Additional information: AWS Cost Explorer Forecasting provides an estimate of what your AWS bill will be, based on your past usage. AWS Cost Explorer segments your historical data based on distinct charge types (e.g., on-demand usage, reserved instance usage, and more) and uses a combination of machine learning and rules-based models to predict spend across all of those charge types individually. References: https://docs.aws.amazon.com/pricing-calculator/latest/userguide/what-is-pricing-calculator.html https://calculator.aws/

Answer 1613

D. One hour Customers with AWS Business, Enterprise On-Ramp, or Enterprise support plans can open a "Production System Down" support case. The response time for this type of support case is one hour. Similarly, the response time for the "Business-critical system down" support case is 15 minutes. But, AWS customers must have an Enterprise support plan to be able to open this support case. References: https://docs.aws.amazon.com/awssupport/latest/user/case-management.html https://aws.amazon.com/premiumsupport/compare-plans/

Answer 1614

A. Amazon Neptune and C. Amazon RDS for MySQL AWS-managed databases are a database as a service offering from AWS where AWS manages the underlying hardware, storage, networking, backups, and patching. Users of AWS-managed databases simply connect to the database endpoint, and do not have to concern themselves with any aspects of managing the database. Examples of AWS-managed databases include: Amazon RDS ( Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and Microsoft SQL Server), Amazon Neptune, Amazon DocumentDB, Amazon Redshift, and Amazon DynamoDB. Amazon Neptune is a fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets, such as social networking, recommendation engines, and knowledge graphs. Amazon Neptune is fully managed and handles the time-consuming tasks such as provisioning, patching, backup, recovery, failure detection and repair. Amazon RDS for MySQL is a managed service that makes it easy to set up, operate, and scale a MySQL database in the cloud. Amazon RDS for MySQL frees you up to focus on application development by managing time-consuming database administration tasks including backups, software patching, monitoring, scaling and replication. The other options are incorrect: "Microsoft SQL Server on Amazon EC2" and "MySQL on Amazon EC2" are incorrect. Microsoft SQL Server on Amazon EC2 and MySQL on Amazon EC2 are customer-managed databases, not AWS-managed databases. Any database that is running on EC2 is managed by the customer, and not by AWS. Note: Customers can install and run any database engine - or any Software - on Amazon EC2, but in this case, the customer is responsible for managing the software, not AWS. "Amazon CloudSearch" is incorrect. Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application. References: https://aws.amazon.com/neptune/getting-started/ https://aws.amazon.com/rds/mysql/ https://aws.amazon.com/sql/ https://aws.amazon.com/rds/mysql/what-is-mysql/

Answer 1615

B. Amazon Cloud Directory allows the organisation of hierarchies of data across multiple dimensions Explanation Amazon Cloud Directory is a cloud-native, highly scalable, high-performance directory service that provides web-based directories to make it easy for you to organize and manage all your application resources such as users, groups, locations, devices, and policies, and the rich relationships between them. Unlike existing traditional directory systems, Cloud Directory does not limit organizing directory objects in a single fixed hierarchy. In Cloud Directory, you can organize directory objects into multiple hierarchies to support multiple organizational pivots and relationships across directory information. For example, a directory of users may provide a hierarchical view based on reporting structure, location, and project affiliation. Similarly, a directory of devices may have multiple hierarchical views based on its manufacturer, current owner, and physical location. With Cloud Directory, you can create directories for a variety of use cases, such as organizational charts, course catalogs, and device registries. The other options are incorrect: "Amazon Cloud Directory allows users to access AWS with their existing Active Directory credentials" is incorrect. Amazon Cloud Directory and AWS Directory Service are two different services. AWS Directory Service is the service that provides single sign-on (SSO) to applications and services on AWS. AWS Directory Service uses secure Windows trusts to enable users to sign in to the AWS Management Console and the AWS Command Line Interface (CLI) using their existing corporate Microsoft Active Directory credentials. "Amazon Cloud Directory enables the analysis of data streams in real time" is incorrect. The AWS Service that enables the analysis of data streams in real time is Amazon Kinesis Data Analytics. Amazon Kinesis Data Analytics is an analytics service that helps AWS customers query, analyze, and gain actionable insights from streaming data in real-time. "Amazon Cloud Directory allows for registration and management of domain names" is incorrect. Amazon Route 53 is the AWS Service that allows for registration and management of domain names. References: https://aws.amazon.com/cloud-directory/

Answer 1616

B. Running EC2 instances in parallel Explanation One of the core principles of the AWS Well-Architected Framework is that of scaling horizontally. Horizontal scaling means adding several smaller instances when workloads increase, instead of adding additional CPU, memory, or disk capacity to a single instance. In the syntax of this question, running several EC2 instances in parallel achieves horizontal scalability and is the correct answer. AWS recommends that customers should scale resources horizontally to increase aggregate system availability. Replacing a large resource with multiple small resources in parallel will reduce the impact of a single failure on the overall system. For example, if a customer wants to convert a large number of binary files to text files or transcode a large number of video files to another format, it is recommended that they use multiple EC2 instances in parallel instead of using one large instance. The other options are incorrect: "Vertically scaling EC2 instances" is incorrect. Horizontal scaling is recommended over vertical scaling. "Vertically scaling RDS instances" and "Running RDS instances in parallel" are incorrect. RDS instances are used to store and run databases and would not be used for file processing. References: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

Answer 1617

B. Data sovereignty and C. Cost Per AWS Best Practices, proximity to your end users, regulatory compliance, data residency constraints, and cost are all factors you have to consider when choosing the most suitable AWS Region. The other options are incorrect: "The planned number of VPCs" is incorrect. The number of VPCs a customer can have in a given region is the same irrespective of which AWS Region the customer is using. "The AWS Region’s security level" is incorrect. The level of security is almost identical for all AWS regions. "Geographic proximity to the company's location" is incorrect. To achieve the lowest network latency and the quickest response, the best practice is to choose the closest AWS region to the end-users (not to the company's location). For example, if an application is developed in Japan but is primarily accessed by users in North America, the customers will have a better experience (lower application latency) if the application is deployed to AWS Regions in North America than if it were deployed to the Tokyo Region. References: https://aws.amazon.com/blogs/architecture/what-to-consider-when-selecting-a-region-for-your-workloads/ https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html

Answer 1618

D. Amazon RDS and E. Amazon Elastic Compute cloud Amazon Web Services offers the flexibility to run Microsoft SQL Server as either a self-managed component inside of EC2, or as a managed service via Amazon RDS. Using SQL Server on Amazon EC2 gives customers complete control over the database, just like when it’s installed on-premises. Amazon RDS is a fully managed service where AWS manages the maintenance, backups, and patching. The other options are incorrect: AWS Database Migration Service (DMS) is incorrect. AWS Database Migration service (DMS) is an AWS Service designed to assist customers in migrating their databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases. It is important to note that while DMS can be used to migrate the data, it has nothing to do with running the database. AWS Fargate is incorrect. AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Service (Amazon EKS). AWS Fargate allows customers to run containers without having to manage servers or clusters. AWS Lambda is incorrect. AWS Lambda is a compute service that lets you run code without provisioning or managing servers (serverless). References: https://aws.amazon.com/sql/

Answer 1619

A. Access to the Infrastructure Event Management feature for additional fee and D. 24x7 access to customer service Explanation All AWS support plans (including the Business plan) provide 24x7 access to AWS Customer Service. The Business support plan provides access to Infrastructure Event Management for additional fee. AWS Infrastructure Event Management is a structured program available to Enterprise Support customers (and Business Support customers for an additional fee) that helps customers plan for large-scale events such as product or application launches, infrastructure migrations, and marketing events. The other options are incorrect: "24x7 access to the TAM feature" is incorrect. The Technical Account Manager (TAM) feature is available only for AWS customers who have an Enterprise On-Ramp or Enterprise support plan. "Access to Cloud Support Engineers via email only during business hours" is incorrect. The Business support plan provides 24x7 access to Cloud Support Engineers via phone, email, and chat. "Partial access to the core Trusted Advisor checks" is incorrect. AWS Business, Enterprise On-Ramp, and Enterprise Support customers get access to all Trusted Advisor checks. AWS Basic Support and AWS Developer Support customers get access to 6 security checks (S3 Bucket Permissions, Security Groups - Specific Ports Unrestricted, IAM Use, MFA on Root Account, EBS Public Snapshots, RDS Public Snapshots) and 50 service limit checks. AWS Business, Enterprise On-Ramp, and Enterprise Support customers get access to all 115 Trusted Advisor checks (14 cost optimization, 17 security, 24 fault tolerance, 10 performance, and 50 service limits) and recommendations. References: https://aws.amazon.com/premiumsupport/compare-plans/

Answer 1620

Unlock data across organizational boundaries with built-in governance.

Answer 1621

Amazon SageMaker Data Wrangler (Data Wrangler) is a feature of Amazon SageMaker Studio that provides an end-to-end solution to import, prepare, transform, featurize, and analyze data. AWS solution to talk to Athena from a (J) Notebook

Answer 1622

Amazon CodeWhisperer is an AI coding companion that generates whole line and full function code suggestions in your IDE to help you get more done faster.

Answer 1623

Amazon Verified Permissions. Amazon Verified Permissions is a scalable, fine-grained permissions management and authorization service for custom applications.

Answer 1624

An AWS Config Rule is a specific configuration policy that you can define to evaluate whether your AWS resources comply with desired configurations and best practices. These rules help enforce compliance with organizational policies, regulatory requirements, and security standards by continuously monitoring resource configurations. Key aspects of AWS Config Rules include: Evaluation of Resources: AWS Config Rules can evaluate the configurations of various AWS resources, such as EC2 instances, S3 buckets, IAM roles, and more, against predefined criteria. Managed and Custom Rules: AWS provides a set of managed rules that cover common compliance checks and best practices. Additionally, users can create custom rules using AWS Lambda functions to address specific compliance requirements unique to their environment. Continuous Monitoring: AWS Config Rules continuously monitor resource configurations and evaluate them in real-time or on a scheduled basis, ensuring that any changes are checked against the defined rules. Compliance Status: Each rule can have a compliance status of "Compliant," "Non-Compliant," or "Not Applicable," providing insights into the overall compliance posture of the AWS environment. Remediation Actions: For non-compliant resources, you can set up remediation actions to automatically correct the issues or trigger notifications to inform the relevant stakeholders.

Answer 1625

AWS SonarQube is a cloud-based service that leverages SonarQube, an open-source platform for continuous inspection of code quality. It helps developers detect and fix issues in their code, such as bugs, vulnerabilities, and code smells. By integrating with AWS, it provides a scalable and managed environment for teams to analyse their codebases, ensuring adherence to coding standards and improving overall software quality. It also supports various programming languages and integrates with CI/CD pipelines for automated quality checks. SonarQube is a static code scanning tool. It helps detect vulnerabilities. It doesn’t address Malicious Code Detection – virus, worms, etc.

Answer 1626

Can create S3 Table buckets, namespaces and tables. Can work with S3 Tables through Amazon Athena, AWS Glue, and Amazon EMR. Essential maintenance operations include compaction, snapshot management, and orphaned file removal.

Terms Flashcards

(1730 cards)