Studied by 5 people
What do you need to log into the AWS console?
Certificate
User name and password
Access key and secret ID
Key pair
User name and password
Where are Amazon EBS snapshots stored?
On an Amazon EBS instance store
On Amazon S3
On an Amazon EFS filesystem
Within the EBS block store
On Amazon S3
Under the AWS Shared Responsibility Model, who is responsible for what? (Select TWO.)
AWS are responsible for networking infrastructure
Customers are responsible for networking traffic protection
AWS are responsible for network and firewall configuration
Customers are responsible for compute infrastructure
Customers are responsible for edge locations
AWS are responsible for networking infrastructure
Customers are responsible for networking traffic protection
What is the easiest way to store a backup of an EBS volume on Amazon S3?
Use Amazon Kinesis to process the data and store the results in S3
Create a snapshot of the volume
Use S3 lifecycle actions to backup the volume
Write a custom script to copy the data into a bucket
Create a snapshot of the volume
Which AWS support plans provide 24×7 access to customer service?
Basic
Business
All plans
Developer
All plans
What type of cloud computing service type do AWS Elastic Beanstalk and Amazon RDS correspond to?
Hybrid
SaaS
PaaS
IaaS
PaaS
Which of the statements below does NOT characterize cloud computing?
Cloud computing is the on-demand delivery of compute power
Cloud computing allows you to swap variable expense for capital expense
With cloud computing you get to benefit from massive economies of scale
With cloud computing you can increase your speed and agility
Cloud computing allows you to swap variable expense for capital expense
Which AWS database service is schema-less and can be scaled dynamically without incurring downtime?
Amazon RDS
Amazon Aurora
Amazon RedShift
Amazon DynamoDB
Amazon DynamoDB
According to the AWS Shared Responsibility Model, which of the following is a shared control?
Operating system patching
Awareness and training
Protection of infrastructure
Client-side data encryption
Awareness and training
Which AWS service or feature helps restrict the AWS service, resources, and individual API actions the users and roles in each member account can access?
AWS Firewall Manager
AWS Shield
AWS Organizations
Amazon Cognito
AWS Organizations
How can a database administrator reduce operational overhead for a MySQL database?
Migrate the database onto an EC2 instance
Migrate the database onto an Amazon RDS instance
Migrate the database onto AWS Lambda
Use AWS CloudFormation to manage operations
Migrate the database onto an Amazon RDS instance
Which AWS service is designed to be used for operational analytics?
Amazon EMR
Amazon Athena
Amazon Elasticsearch Service
Amazon QuickSight
Amazon Elasticsearch Service
Which AWS Cloud design principles can help increase reliability? (Select TWO.)
Measuring overall efficiency
Testing recovery procedures
Adopting a consumption model
Using monolithic architecture
Automatically recovering from failure
Testing recovery procedures
Automatically recovering from failure
Which AWS technology enables you to group resources that share one or more tags?
Consolidation groups
Tag groups
Organization groups
Resource groups
Resource groups
Which AWS service can be used to run Docker containers?
Amazon RedShift
Amazon ECR
AWS Fargate
Amazon AMI
AWS Fargate
What advantages does the AWS cloud provide in relation to cost? (Select TWO.)
One-off payments for on-demand resources
Fine-grained billing
Ability to turn off resources and not pay for them
Enterprise licensing discounts
Itemized power costs
Fine-grained billing
Ability to turn off resources and not pay for them
Which type of AWS database is ideally suited to analytics using SQL queries?
Amazon DynamoDB
Amazon RedShift
Amazon RDS
Amazon S3
Amazon RedShift
A startup eCommerce company needs to quickly deliver new website features in an iterative manner, minimizing the time to market.
Which AWS Cloud feature allows this?
Elasticity
High availability
Agility
Reliability
Agility
What is an example of scaling vertically?
Increasing the instance size with Amazon RDS
Adding read replicas to an Amazon RDS database
AWS Lambda adding concurrently executing functions
AWS Auto Scaling adding more EC2 instances
Increasing the instance size with Amazon RDS
How can a company configure automatic, asynchronous copying of objects in Amazon S3 buckets across regions?
This is done by default by AWS
Using cross-region replication
By configuring multi-master replication
Using lifecycle actions
Using cross-region replication
You are evaluating AWS services that can assist with creating scalable application environments. Which of the statements below best describes the Elastic Load Balancer service?
Helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application
A highly available and scalable Domain Name System (DNS) service
A network service that provides an alternative to using the Internet to connect customers’ on-premise sites to AWS
Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses
Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses
How can a company facilitate the sharing of data over private connections between two accounts they own within a region?
Create an internal ELB
Create a subnet peering connection
Create a VPC peering connection
Configure matching CIDR address ranges
Create a VPC peering connection
Which HTTP code indicates a successful upload of an object to Amazon S3?
500
400
300
200
200
What are the advantages of running a database service such as Amazon RDS in the cloud versus deploying on-premise? (Select TWO.)
You have full control of the operating system and can install your own operational tools
Scalability is improved as it is quicker to implement and there is an abundance of capacity
You can use any database software you like, allowing greater flexibility
High availability is easier to implement due to built-in functionality for deploying read replicas and multi-AZ
There are no costs for replicating data between DBs in different data centers or regions
Scalability is improved as it is quicker to implement and there is an abundance of capacity
High availability is easier to implement due to built-in functionality for deploying read replicas and multi-AZ
According to the AWS Well-Architected Framework, what change management steps should be taken to achieve reliability in the AWS Cloud? (Select TWO.)
Use AWS Certificate Manager to create a catalog of approved services
Use Amazon GuardDuty to record API activity to an S3 bucket
Use service limits to prevent users from creating or making changes to AWS resources
Use AWS Config to generate an inventory of AWS resources
Use AWS CloudTrail to record AWS API calls into an auditable log file
Use AWS Config to generate an inventory of AWS resources
Use AWS CloudTrail to record AWS API calls into an auditable log file
Which AWS service makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow?
Amazon SES
AWS Step Functions
Amazon SNS
Amazon SWF
AWS Step Functions
The AWS Cost Management tools give users the ability to do which of the following? (Select TWO.)
Create budgets and receive notifications if current or forecasted usage exceeds the budgets
Break down AWS costs by day, service, and linked AWS account
Switch automatically to Reserved Instances or Spot Instances, whichever is most cost-effective
Move data stored in Amazon S3 to a more cost-effective storage class
Terminate any AWS resource automatically if budget thresholds are exceeded
Create budgets and receive notifications if current or forecasted usage exceeds the budgets
Break down AWS costs by day, service, and linked AWS account
Which service allows you to monitor and troubleshoot systems using system and application log files generated by those systems?
CloudTrail Metrics
CloudWatch Logs
CloudTrail Logs
CloudWatch Metrics
CloudWatch Logs
Which type of Elastic Load Balancer operates at the TCP connection level?
Classic Load Balancer (CLB)
Network Load Balancer (NLB)
Application Load Balancer (ALB)
Amazon Route 53 Load Balancer
Network Load Balancer (NLB)
Which of the following are pillars from the five pillars of the AWS Well-Architected Framework? (Select TWO.)
Economics
Resilience
Operational excellence
Performance efficiency
Confidentiality
Operational excellence
Performance efficiency
Which AWS service provides the ability to detect inadvertent data leaks of personally identifiable information (PII) and user credential data?
Amazon Macie
Amazon GuardDuty
Amazon Inspector
AWS Shield
Amazon Macie
Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Select TWO.)
Ensuring that AWS NTP servers are set to the correct time
Ensuring that application data is encrypted at rest
Ensuring that users have received security training in the use of AWS services
Ensuring that hardware is disposed of properly
Ensuring that access to data centers is restricted
Ensuring that application data is encrypted at rest
Ensuring that users have received security training in the use of AWS services
You need to connect your company’s on-premise network into AWS and would like to establish an AWS managed VPN service. Which of the following configuration items needs to be setup on the Amazon VPC side of the connection?
A Virtual Private Gateway
A Customer Gateway
A Network Address Translation device
A Firewall
A Virtual Private Gateway
Which of the following is NOT a best practice for protecting the root user of an AWS account?
Don’t share the root user credentials
Enable MFA
Remove administrative permissions
Lock away the AWS root user access keys
Remove administrative permissions
Which AWS Glacier data access option retrieves data from an archive in 1-5 minutes?
Expedited
Accelerated
Express
Standard
Expedited
Which feature of Amazon S3 enables you to create rules to control the transfer of objects between different storage classes?
Lifecycle management
Versioning
Object sharing
Bucket policies
Lifecycle management
How can a systems administrator specify a script to be run on an EC2 instance during launch?
Metadata
AWS Config
User Data
Run Command
User Data
Under the AWS shared responsibility model, which of the following are customer responsibilities? (Select TWO.)
Setting up server-side encryption on an Amazon S3 bucket
Compute capacity availability
Network and firewall configurations
Physical security of data center facilities
Amazon RDS instance patching
Setting up server-side encryption on an Amazon S3 bucket
Network and firewall configurations
Which AWS security tool uses an agent installed in EC2 instances and assesses applications for vulnerabilities and deviations from best practices?
AWS Trusted Advisor
AWS Personal Health Dashboard
AWS Inspector
AWS TCO Calculator
AWS Inspector
What is the name for the top-level container used to hold objects within Amazon S3?
Directory
Folder
Bucket
Instance Store
Bucket
Which AWS service can serve a static website?
Amazon S3
AWS X-Ray
Amazon Route 53
Amazon QuickSight
Amazon S3
Which of the following acts as a virtual firewall at the Amazon EC2 instance level to control traffic for one or more instances?
Network Access Control Lists (ACL)
Security groups
Virtual private gateways (VPG)
Route table
Security groups
Which AWS service is suitable for an event-driven workload?
Amazon Open 3D Engine
AWS Lambda
AWS Elastic Beanstalk
Amazon EC2
AWS Lambda
Your manager has asked you to explain some of the security features available in the AWS cloud. How can you describe the function of Amazon CloudHSM?
It provides server-side encryption for S3 objects
It is a Public Key Infrastructure (PKI)
It can be used to generate, use and manage encryption keys in the cloud
it is a firewall for use with web applications
It can be used to generate, use and manage encryption keys in the cloud
Based on the shared responsibility model, which of the following security and compliance tasks is AWS responsible for?
Granting access to individuals and services
Encrypting data in transit
Updating Amazon EC2 host firmware
Updating operating systems
Updating Amazon EC2 host firmware
What methods are available for scaling an Amazon RDS database? (Select TWO.)
You can scale out by implementing Elastic Load Balancing
You can scale up automatically using AWS Auto Scaling
You can scale up by increasing storage capacity
You can scale out automatically with EC2 Auto Scaling
You can scale up by moving to a larger instance size
You can scale up by increasing storage capacity
You can scale up by moving to a larger instance size
Which of the following are examples of horizontal scaling? (Select TWO.)
Automatic scaling using services such as AWS Auto Scaling
Scalability is limited by maximum instance size
Requires a restart to scale up or down
Add more instances as demand increases
Add more CPU/RAM to existing instances as demand increases
Automatic scaling using services such as AWS Auto Scaling
Add more instances as demand increases
A web application running on AWS has been received malicious requests from the same set of IP addresses.
Which AWS service can help secure the application and block the malicious traffic?
AWS IAM
Amazon GuardDuty
Amazon SNS
AWS WAF
AWS WAF
Which pricing model will interrupt a running Amazon EC2 instance if capacity becomes temporarily unavailable?
Standard Reserved Instances
On-Demand Instances
Spot Instances
Convertible Reserved Instances
Spot Instances
Which type of scaling does Amazon EC2 Auto Scaling provide?
Vertical
Linear
Horizontal
Incremental
Horizontal
In which ways does AWS’ pricing model benefit organizations?
Focus spend on capital expenditure, rather than operational expenditure
Eliminates licensing costs
Reduces the people cost of application development
Reduce the cost of maintaining idle resources
Reduce the cost of maintaining idle resources
How can you deploy your EC2 instances so that if a single data center fails you still have instances available?
Across regions
Across VPCs
Across subnets
Across Availability Zones
Across Availability Zones
Your company has recently migrated to AWS. How can your CTO monitor the organization’s costs?
AWS Simple Monthly calculator
AWS Consolidated Billing
AWS CloudTrail
AWS Cost Explorer
AWS Cost Explorer
A Cloud Practitioner is creating the business process workflows associated with an order fulfilment system. Which AWS service can assist with coordinating tasks across distributed application components?
AWS STS
Amazon SQS
Amazon SNS
Amazon SWF
Amazon SWF
You need to provision a single EBS volume that is 500 GiB in size and needs to support 20,000 IOPS. Which EBS volume type will you select?
Provisioned IOPS SSD
General Purpose SSD
Throughput Optimized HDD
Cold HDD
Provisioned IOPS SSD
To reduce cost, which of the following services support reservations? (Select TWO.)
Amazon RedShift
Amazon CloudFormation
Amazon S3
Amazon ElastiCache
AWS Elastic Beanstalk
Amazon RedShift
Amazon ElastiCache
Where do Amazon Identity and Access Management (IAM) accounts need to be created for a global organization?
In each region where the users are located
Just create them once, as IAM is a global service
In each geographical area where the users are located
Create them globally, and then replicate them regionally
Just create them once, as IAM is a global service
Which of the following are NOT features of AWS IAM? (Select TWO.)
Charged for what you use
PCI DSS compliance
Identity federation
Logon using local user accounts
Shared access to your AWS account
Charged for what you use
Logon using local user accounts
Which of the following statements about AWS’s pay-as-you-go pricing model is correct?
It results in reduced capital expenditures
It requires payment up front for AWS services
It is relevant only for Amazon EC2, Amazon S3, and Amazon DynamoDB
It reduces operational expenditures
It results in reduced capital expenditures
Your organization has offices around the world and some employees travel between offices. How should their accounts be setup?
IAM is a global service, just create the users in one place
Create a separate account in IAM within each region in which they will travel
Set the user account as a “global” account when created
Enable MFA for the accounts
IAM is a global service, just create the users in one place
A company is using the AWS CLI and programmatic access of AWS resources from its on-premises network.
What is a mandatory requirement in this scenario?
Using an Amazon EC2 key pair
Using Amazon API Gateway
Using an AWS Direct Connect connection
Using an AWS access key and a secret key
Using an AWS access key and a secret key
What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions?
Use AWS Direct Connect
Use AWS VPN
Use AWS Client VPN
Use an AWS Transit Gateway
Use an AWS Transit Gateway
Which types of scaling policies are available when using AWS Auto Scaling? (Select TWO.)
Agile scaling
Deferred scaling
Simple scaling
Step scaling
Warm scaling
Simple scaling
Step scaling
Which AWS technology can be referred to as a “virtual hard disk in the cloud”?
Amazon ENI
Amazon EFS Filesystem
Amazon S3 Bucket
Amazon EBS volume
Amazon EBS volume
Which resource should you use to access AWS security and compliance reports?
AWS Business Associate Addendum (BAA)
AWS Artifact
AWS IAM
AWS Organizations
AWS Artifact
Note 
Flashcard (55)