AWS CCP Practice Exam 6

AWS cert exam 6

What do you need to log into the AWS console?

\
* Certificate
* User name and password
* Access key and secret ID
* Key pair

User name and password

Where are Amazon EBS snapshots stored?

\
* On an Amazon EBS instance store
* On Amazon S3
* On an Amazon EFS filesystem
* Within the EBS block store

On Amazon S3

Under the AWS Shared Responsibility Model, who is responsible for what? (Select TWO.)

\
* AWS are responsible for networking infrastructure
* Customers are responsible for networking traffic protection
* AWS are responsible for network and firewall configuration
* Customers are responsible for compute infrastructure
* Customers are responsible for edge locations

* **AWS are responsible for networking infrastructure**
* **Customers are responsible for networking traffic protection**

What is the easiest way to store a backup of an EBS volume on Amazon S3?

\
* Use Amazon Kinesis to process the data and store the results in S3
* Create a snapshot of the volume
* Use S3 lifecycle actions to backup the volume
* Write a custom script to copy the data into a bucket

Create a snapshot of the volume

Which AWS support plans provide 24×7 access to customer service?

\
* Basic
* Business
* All plans
* Developer

All plans

What type of cloud computing service type do AWS Elastic Beanstalk and Amazon RDS correspond to?

\
* Hybrid
* SaaS
* PaaS
* IaaS

PaaS

Which of the statements below does NOT characterize cloud computing?

\
* Cloud computing is the on-demand delivery of compute power
* Cloud computing allows you to swap variable expense for capital expense
* With cloud computing you get to benefit from massive economies of scale
* With cloud computing you can increase your speed and agility

Cloud computing allows you to swap variable expense for capital expense

Which AWS database service is schema-less and can be scaled dynamically without incurring downtime?

\
* Amazon RDS
* Amazon Aurora
* Amazon RedShift
* Amazon DynamoDB

Amazon DynamoDB

According to the AWS Shared Responsibility Model, which of the following is a shared control?

\
* Operating system patching
* Awareness and training
* Protection of infrastructure
* Client-side data encryption

Awareness and training

Which AWS service or feature helps restrict the AWS service, resources, and individual API actions the users and roles in each member account can access?

\
* AWS Firewall Manager
* AWS Shield
* AWS Organizations
* Amazon Cognito

AWS Organizations

How can a database administrator reduce operational overhead for a MySQL database?

\
* Migrate the database onto an EC2 instance
* Migrate the database onto an Amazon RDS instance
* Migrate the database onto AWS Lambda
* Use AWS CloudFormation to manage operations

Migrate the database onto an Amazon RDS instance

Which AWS service is designed to be used for operational analytics?

\
* Amazon EMR
* Amazon Athena
* Amazon Elasticsearch Service
* Amazon QuickSight

Amazon Elasticsearch Service

Which AWS Cloud design principles can help increase reliability? (Select TWO.)

\
* Measuring overall efficiency
* Testing recovery procedures
* Adopting a consumption model
* Using monolithic architecture
* Automatically recovering from failure

* Testing recovery procedures
* Automatically recovering from failure

Which AWS technology enables you to group resources that share one or more tags?

\
* Consolidation groups
* Tag groups
* Organization groups
* Resource groups

Resource groups

Which AWS service can be used to run Docker containers?

\
* Amazon RedShift
* Amazon ECR
* AWS Fargate
* Amazon AMI

AWS Fargate

What advantages does the AWS cloud provide in relation to cost? (Select TWO.)

\
* One-off payments for on-demand resources
* Fine-grained billing
* Ability to turn off resources and not pay for them
* Enterprise licensing discounts
* Itemized power costs

* **Fine-grained billing**
* **Ability to turn off resources and not pay for them**

Which type of AWS database is ideally suited to analytics using SQL queries?

\
* Amazon DynamoDB
* Amazon RedShift
* Amazon RDS
* Amazon S3

Amazon RedShift

A startup eCommerce company needs to quickly deliver new website features in an iterative manner, minimizing the time to market.

Which AWS Cloud feature allows this?

\
* Elasticity
* High availability
* Agility
* Reliability

Agility

What is an example of scaling vertically?

\
* Increasing the instance size with Amazon RDS
* Adding read replicas to an Amazon RDS database
* AWS Lambda adding concurrently executing functions
* AWS Auto Scaling adding more EC2 instances

Increasing the instance size with Amazon RDS

How can a company configure automatic, asynchronous copying of objects in Amazon S3 buckets across regions?

\
* This is done by default by AWS
* Using cross-region replication
* By configuring multi-master replication
* Using lifecycle actions

Using cross-region replication

You are evaluating AWS services that can assist with creating scalable application environments. Which of the statements below best describes the Elastic Load Balancer service?

\
* Helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application
* A highly available and scalable Domain Name System (DNS) service
* A network service that provides an alternative to using the Internet to connect customers’ on-premise sites to AWS
* Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses

Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses

How can a company facilitate the sharing of data over private connections between two accounts they own within a region?

\
* Create an internal ELB
* Create a subnet peering connection
* Create a VPC peering connection
* Configure matching CIDR address ranges

Create a VPC peering connection

Which HTTP code indicates a successful upload of an object to Amazon S3?

\
* 500
* 400
* 300
* 200

200

What are the advantages of running a database service such as Amazon RDS in the cloud versus deploying on-premise? (Select TWO.)

\
* You have full control of the operating system and can install your own operational tools
* Scalability is improved as it is quicker to implement and there is an abundance of capacity
* You can use any database software you like, allowing greater flexibility
* High availability is easier to implement due to built-in functionality for deploying read replicas and multi-AZ
* There are no costs for replicating data between DBs in different data centers or regions

* Scalability is improved as it is quicker to implement and there is an abundance of capacity
* High availability is easier to implement due to built-in functionality for deploying read replicas and multi-AZ

According to the AWS Well-Architected Framework, what change management steps should be taken to achieve reliability in the AWS Cloud? (Select TWO.)

\
* Use AWS Certificate Manager to create a catalog of approved services
* Use Amazon GuardDuty to record API activity to an S3 bucket
* Use service limits to prevent users from creating or making changes to AWS resources
* Use AWS Config to generate an inventory of AWS resources
* Use AWS CloudTrail to record AWS API calls into an auditable log file

* **Use AWS Config to generate an inventory of AWS resources**
* **Use AWS CloudTrail to record AWS API calls into an auditable log file**

Which AWS service makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow?

\
* Amazon SES
* AWS Step Functions
* Amazon SNS
* Amazon SWF

AWS Step Functions

The AWS Cost Management tools give users the ability to do which of the following? (Select TWO.)

\
* Create budgets and receive notifications if current or forecasted usage exceeds the budgets
* Break down AWS costs by day, service, and linked AWS account
* Switch automatically to Reserved Instances or Spot Instances, whichever is most cost-effective
* Move data stored in Amazon S3 to a more cost-effective storage class
* Terminate any AWS resource automatically if budget thresholds are exceeded

* **Create budgets and receive notifications if current or forecasted usage exceeds the budgets**
* **Break down AWS costs by day, service, and linked AWS account**

Which service allows you to monitor and troubleshoot systems using system and application log files generated by those systems?

\
* CloudTrail Metrics
* CloudWatch Logs
* CloudTrail Logs
* CloudWatch Metrics

CloudWatch Logs

Which type of Elastic Load Balancer operates at the TCP connection level?

\
* Classic Load Balancer (CLB)
* Network Load Balancer (NLB)
* Application Load Balancer (ALB)
* Amazon Route 53 Load Balancer

**Network Load Balancer (NLB)**

Which of the following are pillars from the five pillars of the AWS Well-Architected Framework? (Select TWO.)

\
* Economics
* Resilience
* Operational excellence
* Performance efficiency
* Confidentiality

* **Operational excellence**
* **Performance efficiency**

Which AWS service provides the ability to detect inadvertent data leaks of personally identifiable information (PII) and user credential data?

\
* Amazon Macie
* Amazon GuardDuty
* Amazon Inspector
* AWS Shield

Amazon Macie

Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Select TWO.)

\
* Ensuring that AWS NTP servers are set to the correct time
* Ensuring that application data is encrypted at rest
* Ensuring that users have received security training in the use of AWS services
* Ensuring that hardware is disposed of properly
* Ensuring that access to data centers is restricted

* **Ensuring that application data is encrypted at rest**
* **Ensuring that users have received security training in the use of AWS services**

You need to connect your company’s on-premise network into AWS and would like to establish an AWS managed VPN service. Which of the following configuration items needs to be setup on the Amazon VPC side of the connection?

\
* A Virtual Private Gateway
* A Customer Gateway
* A Network Address Translation device
* A Firewall

A Virtual Private Gateway

Which of the following is NOT a best practice for protecting the root user of an AWS account?

\
* Don’t share the root user credentials
* Enable MFA
* Remove administrative permissions
* Lock away the AWS root user access keys

Remove administrative permissions

Which AWS Glacier data access option retrieves data from an archive in 1-5 minutes?

\
* Expedited
* Accelerated
* Express
* Standard

Expedited

Which feature of Amazon S3 enables you to create rules to control the transfer of objects between different storage classes?

\
* Lifecycle management
* Versioning
* Object sharing
* Bucket policies

Lifecycle management

How can a systems administrator specify a script to be run on an EC2 instance during launch?

\
* Metadata
* AWS Config
* User Data
* Run Command

User Data

Under the AWS shared responsibility model, which of the following are customer responsibilities? (Select TWO.)

\
* Setting up server-side encryption on an Amazon S3 bucket
* Compute capacity availability
* Network and firewall configurations
* Physical security of data center facilities
* Amazon RDS instance patching

* Setting up server-side encryption on an Amazon S3 bucket
* Network and firewall configurations

Which AWS security tool uses an agent installed in EC2 instances and assesses applications for vulnerabilities and deviations from best practices?

\
* AWS Trusted Advisor
* AWS Personal Health Dashboard
* AWS Inspector
* AWS TCO Calculator

AWS Inspector

What is the name for the top-level container used to hold objects within Amazon S3?

\
* Directory
* Folder
* Bucket
* Instance Store

Bucket

Which AWS service can serve a static website?

\
* Amazon S3
* AWS X-Ray
* Amazon Route 53
* Amazon QuickSight

Amazon S3

Which of the following acts as a virtual firewall at the Amazon EC2 instance level to control traffic for one or more instances?

\
* Network Access Control Lists (ACL)
* Security groups
* Virtual private gateways (VPG)
* Route table

Security groups

Which AWS service is suitable for an event-driven workload?

\
* Amazon Open 3D Engine
* AWS Lambda
* AWS Elastic Beanstalk
* Amazon EC2

AWS Lambda

Your manager has asked you to explain some of the security features available in the AWS cloud. How can you describe the function of Amazon CloudHSM?

\
* It provides server-side encryption for S3 objects
* It is a Public Key Infrastructure (PKI)
* It can be used to generate, use and manage encryption keys in the cloud
* it is a firewall for use with web applications

It can be used to generate, use and manage encryption keys in the cloud

Based on the shared responsibility model, which of the following security and compliance tasks is AWS responsible for?

\
* Granting access to individuals and services
* Encrypting data in transit
* Updating Amazon EC2 host firmware
* Updating operating systems

Updating Amazon EC2 host firmware

What methods are available for scaling an Amazon RDS database? (Select TWO.)

\
* You can scale out by implementing Elastic Load Balancing
* You can scale up automatically using AWS Auto Scaling
* You can scale up by increasing storage capacity
* You can scale out automatically with EC2 Auto Scaling
* You can scale up by moving to a larger instance size

* You can scale up by increasing storage capacity
* You can scale up by moving to a larger instance size

Which of the following are examples of horizontal scaling? (Select TWO.)

\
* Automatic scaling using services such as AWS Auto Scaling
* Scalability is limited by maximum instance size
* Requires a restart to scale up or down
* Add more instances as demand increases
* Add more CPU/RAM to existing instances as demand increases

* Automatic scaling using services such as AWS Auto Scaling
* Add more instances as demand increases

A web application running on AWS has been received malicious requests from the same set of IP addresses.

Which AWS service can help secure the application and block the malicious traffic?

\
* AWS IAM
* Amazon GuardDuty
* Amazon SNS
* AWS WAF

AWS WAF

Which pricing model will interrupt a running Amazon EC2 instance if capacity becomes temporarily unavailable?

\
* Standard Reserved Instances
* On-Demand Instances
* Spot Instances
* Convertible Reserved Instances

Spot Instances

Which type of scaling does Amazon EC2 Auto Scaling provide?

\
* Vertical
* Linear
* Horizontal
* Incremental

Horizontal

In which ways does AWS’ pricing model benefit organizations?

\
* Focus spend on capital expenditure, rather than operational expenditure
* Eliminates licensing costs
* Reduces the people cost of application development
* Reduce the cost of maintaining idle resources

Reduce the cost of maintaining idle resources

How can you deploy your EC2 instances so that if a single data center fails you still have instances available?

\
* Across regions
* Across VPCs
* Across subnets
* Across Availability Zone**s**

Across Availability Zones

Your company has recently migrated to AWS. How can your CTO monitor the organization’s costs?

\
* AWS Simple Monthly calculator
* AWS Consolidated Billing
* AWS CloudTrail
* AWS Cost Explorer

AWS Cost Explorer

A Cloud Practitioner is creating the business process workflows associated with an order fulfilment system. Which AWS service can assist with coordinating tasks across distributed application components?

\
* AWS STS
* Amazon SQS
* Amazon SNS
* Amazon SWF

Amazon SWF

You need to provision a single EBS volume that is 500 GiB in size and needs to support 20,000 IOPS. Which EBS volume type will you select?

\
* Provisioned IOPS SSD
* General Purpose SSD
* Throughput Optimized HDD
* Cold HDD

Provisioned IOPS SSD

To reduce cost, which of the following services support reservations? (Select TWO.)

\
* Amazon RedShift
* Amazon CloudFormation
* Amazon S3
* Amazon ElastiCache
* AWS Elastic Beanstalk

* Amazon RedShift
* Amazon ElastiCache

Where do Amazon Identity and Access Management (IAM) accounts need to be created for a global organization?

\
* In each region where the users are located
* Just create them once, as IAM is a global service
* In each geographical area where the users are located
* Create them globally, and then replicate them regionally

Just create them once, as IAM is a global service

Which of the following are NOT features of AWS IAM? (Select TWO.)

\
* Charged for what you use
* PCI DSS compliance
* Identity federation
* Logon using local user accounts
* Shared access to your AWS account

* Charged for what you use
* Logon using local user accounts

Which of the following statements about AWS’s pay-as-you-go pricing model is correct?

\
* It results in reduced capital expenditures
* It requires payment up front for AWS services
* It is relevant only for Amazon EC2, Amazon S3, and Amazon DynamoDB
* It reduces operational expenditures

It results in reduced capital expenditures

Your organization has offices around the world and some employees travel between offices. How should their accounts be setup?

\
* IAM is a global service, just create the users in one place
* Create a separate account in IAM within each region in which they will travel
* Set the user account as a “global” account when created
* Enable MFA for the accounts

IAM is a global service, just create the users in one place

A company is using the AWS CLI and programmatic access of AWS resources from its on-premises network.

What is a mandatory requirement in this scenario?

\
* Using an Amazon EC2 key pair
* Using Amazon API Gateway
* Using an AWS Direct Connect connection
* Using an AWS access key and a secret key

Using an AWS access key and a secret key

What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions?

\
* Use AWS Direct Connect
* Use AWS VPN
* Use AWS Client VPN
* Use an AWS Transit Gateway

Use an AWS Transit Gateway

Which types of scaling policies are available when using AWS Auto Scaling? (Select TWO.)

\
* Agile scaling
* Deferred scaling
* Simple scaling
* Step scaling
* Warm scaling

* **Simple scaling**
* **Step scaling**

Which AWS technology can be referred to as a “virtual hard disk in the cloud”?

\
* Amazon ENI
* Amazon EFS Filesystem
* Amazon S3 Bucket
* Amazon EBS volume

Amazon EBS volume

Which resource should you use to access AWS security and compliance reports?

\
* AWS Business Associate Addendum (BAA)
* AWS Artifact
* AWS IAM
* AWS Organizations

AWS Artifact