ITNW 1309 Final

Which statement about AWS Pricing is incorrect?

All inbound data transfers are charged

When you invest in Reserved Capacity like Amazon EC2 or Amazon RDS, what three pricing options are available?

AURI, NURI, PURI

Which pricing option offers you the opportunity to try various AWS services for free as long as you keep within specified thresholds of usage?

AWS Free Tier

Which of the following AWS services are offered at no charge? Choose three.

Amazon VPC, Elastic Beanstalk, IAM

Which AWS tool can you use to estimate your monthly costs for deploying resources on AWS?

AWS Pricing Calculator

What minimal level of support gives you access to a Technical Account Manager (TAM)?

Enterprise

Who can act as a dedicated voice for you within AWS and serve as your technical point of contact and advocate?

TAM

Which AWS support plans offer FULL Trusted Advisor benefits? Choose two.

Enterprise, Business

Which AWS support personnel can address all non-technical billing and account level inquiries?

AWS Support Concierge

Your finance team would like to be alerted when the cost of using a new AWS test/dev account is about to reach the approved budget for an upcoming project. Which AWS tool can you use to help you achieve this need?

AWS Budgets

What are the different severity levels associated with support services? Choose all that apply.

Low, Normal, High, Urgent, Critical

Which tool will enable you to view your AWS costs associated with the EC2 service from four months ago?

Cost Explorer

Your organization has multiple AWS Accounts for different purposes. Each account has its own set of services and incurs charges. Which AWS service can you use to take advantage of volume discounts by clubbing your Accounts together?

Consolidated Billing

What are characteristics of Business support plan? Choose three.

24/7 access via email, chat and phone, Access to full Trusted Advisor benefits, Unlimited contacts may open a case

Which of the following is NOT part of the AWS pricing philosophy?

Pay more when you use less

What are the different methods of accessing AWS services? Choose two.

AWS Command Line Interface, Software Development Kits (SDKs)

Which component of the AWS Global infrastructure does Amazon CloudFront use for low-latency delivery?

AWS edge locations

What is true about Availability Zones? Choose two.

AZs within a region are interconnected using high-speed private links, Each availability zone is designed as an independent failure zone

What are some of the important considerations for choosing an AWS Region for deploying your applications? Choose two.

Availability of services within the region, To meet regional compliance and data residency requirements

What service category does CloudFront fall under?

Networking and Content Delivery

True or False. Resources in one AWS region are automatically replicated to other regions

False

The AWS Shared Responsibility model divides security responsibilities between which two parties?

AWS, The AWS customer

What are two examples of AWS's responsibility in the Shared Responsibility mode.?

Physical security of the data center, Virtualization software on the host

Which of the following security actions are performed by customers of AWS? Choose two.

Implementing password policies, Patching the OS on an Amazon EC2 instance

What can be used to provide an application running on an EC2 instance, temporary credentials to access other resources within AWS?

IAM Roles

What type of credentials do you need to provide programmatic access to AWS services?

Access key ID and secret access key

How would a system administrator add an additional layer of login security to a user's AWS Management Console?

Enable Multi-Factor Authentication

Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud instance is terminated?

AWS CloudTrail

What is an AWS root user account?

The email address used to set up the AWS account and always has full administrator access

What are the recommended best practices when assigning IAM permissions to users? Choose two.

Always follow the principle of least privilege, When assigning the same set of permissions to multiple IAM users, put the users in a group and attach the permissions to the group instead

What format are IAM policies written in?

JSON

True or False. IAM is a global service. It applies across all regions.

True

Which AWS service can be used to generate historical configuration change records for your AWS resources?

AWS Config

What are the recommended best practices for AWS root user account? Choose two.

Delete the root user access keys after login, The root user account should always be secured with MFA

Which of the following elements is NOT a part of the statement in an IAM policy document?

Key

IAM policies can be assigned in two ways

identity-based or resource-based

Using AWS shared security model, which of the following are customer responsibilities? Choose two.

Encrypting data, Configuring security groups

Where will you find a compliance document such as a PCI or SOC report?

AWS Artifact

Which is a managed DDOS protection service that safeguards applications running on AWS?

AWS Shield

Which AWS service enables you to create and manage encryption keys, and to control the use of encryption across a wide range of AWS services and your applications?

Amazon KMS

In VPCs with private and public subnets, database servers should be launched into:

private subnet

What component can you use to connect your VPC to the public Internet?

IGW

What would you use if you have multiple VPCs in your AWS account and you need to communicate between them without using the public Internet?

VPC peering

What two protocols are commonly permitted in security groups in order to permit remote administration of instances? Choose two.

RDP, SSH

You want to establish a private connection from the EC2 instance in your VPC to an S3 bucket. What will you use?

VPC endpoint

You have launched a Database server within the private subnet of your VPC. You need to allow the server to access the Internet for downloading patches. What do you need?

NAT Gateway

Which characteristics related to Amazon VPC are true? Choose two.

Each subnet in a VPC maps to a single Availability Zone, It is not possible to change the size of the VPC once it has been created

A Solutions Architect is designing a two-tier application architecture in an Amazon VPC. The web servers are deployed on EC2 instances and the web tier must read and write data to a database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements?

Public subnets for the web tier and NAT Gateway, and private subnets for the database cluster

You have launched a Linux-based EC2 instance in the public subnet of your Test VPC. What will enable you to login to the instance via SSH?

Key pair

What is the difference between security groups and NACLs? Choose two.

For security groups, all rules are evaluated before the decision is made to allow traffic. For network ACLs, rules are evaluated in order of their numbers, Security groups can be configured to only use ALLOW rules whereas NACLs support both ALLOW and DENY rules

What is Amazon Route 53?

a highly available and scalable DNS service in AWS cloud

You are building a solution to extend a customer's on-premise data center to their AWS VPC . The customer has asked for a faster and more secure alternative to using the Internet. Which AWS product or feature satisfies this requirement?

AWS Direct Connect

For each subnet in a VPC, how many IP addresses are reserved by AWS?

5

Which of the following is true regarding peering VPCs in the same region?

The two VPCs cannot use overlapping address spaces

You have a subnet with a CIDR block 10.0.0.0/24 in your AWS VPC. Which of the following IPv4 addresses are available to you for use?

10.0.0.4

Your company has hundreds of VPCs distributed across multiple AWS accounts and Regions. As the company continues to grow, you anticipate that the VCP-to-VCP connections will grow quickly making management more complex and expensive. What solution can you propose to simplify your model?

Using AWS Transit Gateway

What is the contract length for Reserved instances (RI)?

1 to 3 years

You wish to deploy EC2 Instances in the Amazon AWS Cloud and utilize your existing Microsoft Volume Licenses to reduce costs. Which EC2 pricing option allows you to use your existing server licenses?

Dedicated Hosts

Which EC2 Instances are now billed on a per second basis?

Amazon Linux and Ubuntu

Which two types of root volume are available for Amazon EC2?

EBS, EC2 Instance store

______________ is a compute service that lets you run code without provisioning or managing servers.

AWS Lambda

Which of the following is a method for bidding on unused EC2 capacity?

Spot instance

You have a video encoding application. Currently there is a huge backlog of videos which needs to be processed. You need to add more instances, but you need these instances only until your backlog is reduced. Which of these would be an efficient way to do it?