Wrong Answers 1

Question 1

Which of the following would not be allowed in an S3 bucket policy?

Answer 1

Only allow access from a specific CIDR range

Question 2

Which of the following has the longest retrieval latency in Glacier?

Bulk retrieval
Anything stored in Glacier Deep Archive
Expedited retrieval
Standard retrieval

Answer 2

Anything stored in Glacier Deep Archive

Question 3

Which type of resource-based policy is immutable after a 24-hour grace period?

Glacier vault policy
API gateway resource policy
S3 bucket policy
Glacier vault lock policy

Answer 3

Glacier vault lock policy

Question 4

Of the following VPC resources that are charged hourly and for traffic throughput, which one is likely to cost the most?

Virtual private gateway
VPC transit gateway
VPC peering connection
VPC interface endpoint

Answer 4

VPC transit gateway

Question 5

What mechanism can be used to integrate S3 buckets and Lambda functions?

S3 block public access
S3 lifecycle policy
S3 event notifications
S3 bucket policy

Answer 5

S3 bucket policy

Question 6

Which two RDS database engines support Transparent Data Encryption (TDE)? (Select two.)

Postgres
Oracle DB
MySQL
SQL Server

Answer 6

Postgres

Oracle DB

Question 7

When deploying a cross-region VPC peering connection, what performance can you expect?

10Gbps
Provisioned throughput depending on requirements
<5ms latency
Throughput dependent on source/destination region

Answer 7

Provisioned throughput depending on requirements

Question 8

The VPC peering connection resource is best described as which of the following?

None of these
Fault tolerant
Not highly available
Highly available

Answer 8

None of these

Question 9

Which of the following best explains synchronous communication?

Two-way communication between two applications that require a response to each request

Two-way communication between a client and an app or between two apps that require a response to each request

One-way communication using message-passing where a response is not required

One-way communication using message-passing where responses are required

Answer 9

Two-way communication between two applications that require a response to each request

Question 10

How can you design for end-to-end encryption at rest on an Elastic Load Balancing resource?

Configure a secure listener using TLS.
You can’t. The ELB does not support encryption of data at rest.
Enable it by using the root credentials.
It is enabled by default.

Answer 10

You can’t. The ELB does not support encryption of data at rest.

Question 11

Of the following services, which one will experience a documented performance impact if you enable encryption?

RDS
RedShift
EBS
S3

Answer 11

EBS

Question 12

Which of these is an availability-zone-scoped resource?

S3 bucket
VPC subnet
VPC network
SNS topic

Answer 12

VPC network

Question 13

What is the maximum throughput for S3 PUT/POST/COPY/DELETE operations on a per-prefix basis?

4500
3500
5500
2500

Answer 13

3500

Question 14

What is the maximum throughput possible for an EFS file system?

3Gbps
1Gbps
5Gbps
10Gbps

Answer 14

10Gbps

Question 15

What is the documented S3 latency for either full delivery (for small objects) or first byte-out (for large objects)?

100 to 200ms
50 to 100ms
200 to 300ms
300 to 400ms

Answer 15

100 to 200ms

Question 16

Which of the following would be a good example of an Organizations SCP statement to implement least privilege?

An allow statement granting full S3 access
A deny statement rejecting all AWS actions
A deny statement rejecting changes to S3 bucket policies
An allow statement granting full EC2 access except for instance termination

Answer 16

A deny statement rejecting all AWS actions

Question 17

Which of the following VPC security features shows up on a monthly bill?

Security group
VPC traffic mirroring
IAM policies for VPC access
Network access control list (NACL)

Answer 17

Security group

Question 18

When deploying an inline gateway into a VPC, which of these is not a possible downside to the architecture?

The inline gateway can perform deep packet inspection on the instances that use it.
The inline gateway could become a network bottleneck.
The inline gateway could become a single point of failure.
The inline gateway increases the operational overhead of the infrastructure.

Answer 18

The inline gateway can perform deep packet inspection on the instances that use it.

Question 19

Which S3 storage class exhibits the lowest availability?

Glacier
Standard
Infrequent Access
One Zone-Infrequent Access

Answer 19

One Zone-Infrequent Access

Question 20

When implementing file system storage using EFS, how can you enable at-rest encryption?

EFS doesn’t support encryption at rest.
It is set by default.
Upon file system creation, check the Encrypted File System option.
It can be enabled at any time during or after file system creation.

Answer 20

It can be enabled at any time during or after file system creation.

Question 21

Which of the following services are not able to accommodate a vanity wildcard certificate for TLS?

Elastic Load Balancing
CloudFront
API Gateway
S3

Answer 21

S3

Question 22

What is a difference in the RedShift pricing model as compared to RDS and Aurora?

RedShift does not charge for data storage resources.
RedShift is priced similarly to Aurora for compute and storage resources.
RedShift is priced similarly to RDS for compute and storage resources.
RedShift does not charge for compute resources.

Answer 22

RedShift does not charge for data storage resources.

Question 23

Which of the following AWS offerings can be used to store RDS database credentials in an encrypted manner?

Secrets Manager
All of these
S3
SSM Parameter Store

Answer 23

All of these

Question 24

Which of the following VPC resources is highly available but not fault tolerant?

NAT gateway
Internet gateway
VPC gateway endpoint
VPC peering connection

Answer 24

VPC peering connection

Question 25

An AWS Organizations SCP can be used for _____________ for the member accounts. explicit allow and deny permissions setting permission boundaries explicitly allow permissions limiting root credential login

Answer 25

setting permission boundaries

Question 26

What charges would you expect for traffic originating in a VPC and traversing a cross-region VPC peering connection to another VPC? No hourly charge, no throughput charge No hourly charge but throughput charge Hourly charge but no throughput charge Hourly charge and throughput charge

Answer 26

Hourly charge and throughput charge

Question 27

What cost would you expect on your monthly bill for data throughput from traffic generated between EC2 and an S3 bucket in the same region, assuming that the EC2 instances are in public subnets? The cost will depend on throughput. There will be no cost whatsoever. There will be no throughput charges, but there will be S3 access charges. There will be throughput charges and S3 access charges.

Answer 27

There will be no throughput charges, but there will be S3 access charges.

Question 28

When designing a VPC network for least-privilege security, what type of subnet could be appropriate for a back-end application server? Private without Internet access None of these Public Private with Internet access

Answer 28

Private with Internet access

Question 29

For which EBS volume type are you charged for the size of the volume and for the consumed IOPS? ``` piops sc1 gp2 st1 Standard ```

Answer 29

Standard

Question 30

What are the two performance modes for EFS file systems? (Select two.) Provisioned IOPS MaxIO General Purpose Throughput-optimized

Answer 30

MaxIO | General Purpose

Question 31

When deploying Aurora Serverless versus RDS, what is one cost consideration that should be reviewed strategically before implementation? Aurora Serverless is always less expensive than RDS. Aurora Serverless is always more expensive than RDS. Aurora Serverless compute and storage resources are static and predictable. Aurora Serverless compute and storage resources are dynamic and auto-scaled.

Answer 31

Aurora Serverless compute and storage resources are dynamic and auto-scaled.

Question 32

Which EC2 pricing model would be appropriate for an application that requires a large number of short-term instances to run a job that can be split into individual tasks? ``` Spot On-demand Dedicated instance Dedicated host Reservation ```

Answer 32

Reservation

Question 33

Which resource-based policy is required to exist in order to use a resource? S3 bucket policy Lambda function access policy SNS access policy SQS queue policy

Answer 33

SNS access policy

Question 34

Which of the following is the definition of the term redundancy? The system will continue to function without degradation in performance despite the complete failure of any component of the architecture. Redundancy involves multiple resources dedicated to performing the same task. Redundancy is determined by percentage uptime, in 9s. The system will continue to function despite the complete failure of any component of the architecture.

Answer 34

Redundancy involves multiple resources dedicated to performing the same task.