diff --git a/practice-exam/exams.md b/practice-exam/exams.md index fc5698d..4c2c1f3 100644 --- a/practice-exam/exams.md +++ b/practice-exam/exams.md @@ -21,5 +21,21 @@ If this guide has been helpful to you please share it with others and react to t - [Practice Exam - 9](./practice-exam-9.md) - [Practice Exam - 10](./practice-exam-10.md) - [Practice Exam - 11](./practice-exam-11.md) +- [Practice Exam - 12](./practice-exam-12.md) +- [Practice Exam - 13](./practice-exam-13.md) +- [Practice Exam - 14](./practice-exam-14.md) +- [Practice Exam - 15](./practice-exam-15.md) +- [Practice Exam - 16](./practice-exam-16.md) +- [Practice Exam - 17](./practice-exam-17.md) +- [Practice Exam - 18](./practice-exam-18.md) +- [Practice Exam - 19](./practice-exam-19.md) +- [Practice Exam - 20](./practice-exam-20.md) +- [Practice Exam - 21](./practice-exam-21.md) +- [Practice Exam - 22](./practice-exam-22.md) +- [Practice Exam - 23](./practice-exam-23.md) -#### We will be adding more practice exam +#### Credits + +I have referred to the GitHub directory [“AWS-Cloud-Practitioner-CLF-C01-Exam-Questions-Answers”](https://github.com/Ditectrev/AWS-Cloud-Practitioner-CLF-C01-Exam-Questions-Answers) for the questions for first 12 tests. + +The directory contains a collection of questions and answers related to the AWS Cloud Practitioner (CLF-C01) exam. I would like to give credit to the author of this repository for creating such a helpful resource. diff --git a/practice-exam/practice-exam-1.md b/practice-exam/practice-exam-1.md index e6f5efa..ae9a400 100644 --- a/practice-exam/practice-exam-1.md +++ b/practice-exam/practice-exam-1.md @@ -6,684 +6,516 @@ If this practice exam has been helpful to you please share it with others and re --- -1. The use of what AWS feature or service allows companies to track and categorize spending on a detailed level? - - A. Cost allocation tags - - B. Consolidated billing - - C. AWS Budgets - - D. AWS Marketplace - -
Answer - - Correct Answer: A - - Explanation: +1. AWS allows users to manage their resources using a web based user interface. What is the name of this interface? + - A. AWS CLI. + - B. AWS API. + - C. AWS SDK. + - D. AWS Management Console. +
Answer + Correct answer: D
-1. Which service stores objects, provides real-time access to those objects, and offers versioning and lifecycle capabilities? - - A. Amazon Glacier - - B. AWS Storage Gateway - - C. Amazon S3 - - D. Amazon EBS - -
Answer - - Correct Answer: C - - Explanation: +2. Which of the following is an example of horizontal scaling in the AWS Cloud? + - A. Replacing an existing EC2 instance with a larger, more powerful one. + - B. Increasing the compute capacity of a single EC< instance to address the growing demands of an application. + - C. Adding more RAM capacity to an EC2 instance. + - D. Adding more EC2 instances of the same size to handle an increase in traffic. +
Answer + Correct answer: D
-1. What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty practice area ? - - A. AWS Enterprise Support - - B. AWS Solutions Architects - - C. AWS Professional Services - - D. AWS Account Managers - -
Answer - - Correct Answer: C - - Explanation: +3. You have noticed that several critical Amazon EC2 instances have been terminated. Which of the following AWS services would help you determine who took this action? + - A. Amazon Inspector. + - B. AWS CloudTrail. + - C. AWS Trusted Advisor. + - D. EC2 Instance Usage Report. +
Answer + Correct answer: B
-1. A customer would like to design and build a new workload on AWS Cloud but does not have the AWS- related software technical expertise in-hous.
Which of the following AWS programs can a customer take advantage of to achieve that outcome? - - A. AWS Partner Network Technology Partners - - B. AWS Marketplace - - C. AWS Partner Network Consulting Partners - - D. AWS Service Catalog - -
Answer - - Correct Answer: C +4. Which of the below options are related to the reliability of AWS? (Choose TWO) + - A. Applying the principle of least privilege to all AWS resources. + - B. Automatically provisioning new resources to meet demand. + - C. All AWS services are considered Global Services, and this design helps customers serve their international users. + - D. Providing compensation to customers if issues occur. + - E. Ability to recover quickly from failures. +
Answer + Correct answer: B, E
-1. Distributing workloads across multiple Availability Zones supports which cloud architecture design principle? - - A. Implement automation. - - B. Design for agility. - - C. Design for failure. - - D. Implement elasticity. - -
Answer - - Correct Answer: C +5. Which statement is true regarding the AWS Shared Responsibility Model? + - A. Responsibilities vary depending on the services used. + - B. Security of the IaaS services is the responsibility of AWS. + - C. Patching the guest OS is always the responsibility of AWS. + - D. Security of the managed services is the responsibility of the customer. +
Answer + Correct answer: A
-1. Which AWS services can host a Microsoft SQL Server database? (Select TWO) - - A. Amazon EC2 - - B. Amazon Relational Database Service (Amazon RDS) - - C. Amazon Aurora - - D. Amazon Redshift - - E. Amazon S3 - -
Answer - - Correct Answer: AB - - Explanation: +6. You have set up consolidated billing for several AWS accounts. One of the accounts has purchased a number of reserved instances for 3 years. Which of the following is true regarding this scenario? + - A. The Reserved Instance discounts can only be shared with the master account. + - B. All accounts can receive the hourly cost benefit of the Reserved Instances (Comect). + - C. The purchased instances will have better performance than On-demand instances. + - D. There are no cost benefits from using consolidated billing; It is for informational purposes only. +
Answer + Correct answer: B
-1. Which of the following inspects AWS environments to find opportunities that can save money for users and also improve system performance ? - - A. AWS Cost Explorer - - B. AWS Trusted Advisor - - C. Consolidated billing - - D. Detailed billing - -
Answer - - Correct Answer: B +7. A company has developed an eCommerce web application in AWS. What should they do to ensure that the application has the highest level of availability? + - A. Deploy the application across multiple Availability Zones and Edge locations. + - B. Deploy the application across multiple Availability Zones and subnets. + - C. Deploy the application across multiple Regions and Availability Zones (Co ). + - D. Deploy the application across multiple VPC’s and subnets. +
Answer + Correct answer: C
-1. Which of the following Amazon EC2 pricing models allow customers to use existing server-bound software license ? - - A. Spot Instances - - B. Reserved Instances - - C. Dedicated Hosts - - D. On-Demand Instances - -
Answer - - Correct Answer: C - - Explanation: +8. What does AWS Snowball provide? (Choose TWO) + - A. Built-in computing capabilities that allow customers to process data locally. + - B. A catalog of third-party software solutions that customers need to build solutions and run their businesses. + - C. A hybrid cloud storage between on-premises environments and the AWS Cloud. + - D. An Exabyte-scale data transfer service that allows you to move extremely large amounts of data to AWS. + - E. Secure transfer of large amounts of data into and out of the AWS. +
Answer + Correct answer: A, E
-1. Which AWS characteristics make AWS cost effective for a workload with dynamic user demand? (Select TWO) - - A. High availability - - B. Shared security model - - C. Elasticity - - D. Pay-as-you-go pricing - - E. Reliability - -
Answer - - Correct Answer: CD +9. A company has an AWS Enterprise Support plan. They want quick and efficient guidance with their billing and account inquiries. Which of the following should the company use? + - A. AWS Health Dashboard. + - B. AWS Support Concierge. + - C. AWS Customer Service. + - D. AWS Operations Support. +
Answer + Correct answer: B
-1. Which service enables risk auditing by continuously monitoring and logging account activity, including user actions in the AWS Management Console and AWS SDKs? - - A. Amazon CloudWatch - - B. AWS CloudTrail - - C. AWS Config - - D. AWS Health - -
Answer - - Correct Answer: B - - Explanation: +10. A Japanese company hosts their applications on Amazon EC2 instances in the Tokyo Region. The company has opened new branches in the United States, and the US users are complaining of high latency. What can the company do to reduce latency for the users in the US while minimizing costs? + - A. Applying the Amazon Connect latency-based routing policy. + - B. Registering a new US domain name to serve the users in the US. + - C. Building a new data center in the US and implementing a hybrid model. + - D. Deploying new Amazon EC2 instances in a Region located in the US. +
Answer + Correct answer: D
-1. Which of the following are characteristics of Amazon S3? (Select TWO.) - - A. A global file system - - B. An object store - - C. A local file store - - D. A network file system - - E. A durable storage system - -
Answer - - Correct Answer: BE +11. An organization has a large number of technical employees who operate their AWS Cloud infrastructure. What does AWS provide to help organize them into teams and then assign the appropriate permissions for each team? + - A. IAM roles. + - B. IAM users. + - C. IAM user groups. + - D. AWS Organizations. +
Answer + Correct answer: C
-1. Which services can be used across hybrid AWS Cloud architectures? (Select TWO.) - - A. Amazon Route 53 - - B. Virtual Private Gateway - - C. Classic Load Balancer - - D. Auto Scaling - - E. Amazon CloudWatch default metrics - -
Answer - - Correct Answer: AE - - Explanation: - - - - You can also use CloudWatch in hybrid cloud architectures by using the CloudWatch Agent or API to monitor your on-premises resources +12. A company has decided to migrate its Oracle database to AWS. Which AWS service can help achieve this without negatively impacting the functionality of the source database? + - A. AWS OpsWorks. + - B. AWS Database Migration Service. + - C. AWS Server Migration Service. + - D. AWS Application Discovery Service. +
Answer + Correct answer: B
-1. What costs are included when comparing AWS Total Cost of Ownership (TCO) with on-premises TCO? - - A. Project management - - B. Antivirus software licensing - - C. Data center security - - D. Software development - -
Answer - - Correct Answer: C - - Explanation: +13. Adjusting compute capacity dynamically to reduce cost is an implementation of which AWS cloud best practice? + - A. Build security in every layer. + - B. Parallelize tasks. + - C. Implement elasticity. + - D. Adopt monolithic architecture. +
Answer + Correct answer: C
-1. A company is considering using AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes.
Which service should the company use? - - A. Amazon Redshift - - B. Amazon DynamoDB - - C. Amazon Elastic Compute Cloud (Amazon EC2) with Amazon EC2 instance store - - D. Amazon EC2 with Amazon Elastic Block Store (Amazon EBS) - -
Answer - - Correct Answer: D +14. What are the benefits of having infrastructure hosted in AWS? (Choose TWO) + - A. Increasing speed and agility. + - B. There is no need to worry about security. + - C. Gaining complete control over the physical infrastructure. + - D. Operating applications on behalf of customers. + - E. All of the physical security and most of the data/network security are taken care of for you. +
Answer + Correct answer: A, E
-1. Which of the following is a correct relationship between regions, Availability Zones, and edge locations? - - A. Data centers contain regions. - - B. Regions contain Availability Zones. - - C. Availability Zones contain edge locations. - - D. Edge locations contain regions. - -
Answer - - Correct Answer: B - - Explanation: +15. What is the advantage of the AWS-recommended practice of "decoupling" applications? + - A. Allows treating an application as a single, cohesive unit. + - B. Reduces inter-dependencies so that failures do not impact other components of the application. + - C. Allows updates of any monolithic application quickly and easily. + - D. Allows tracking of any API call made to any AWS service. +
Answer + Correct answer: B
-1. Which AWS tools assist with estimating costs? (Select three.) - - A. Detailed billing report - - B. Cost allocation tags - - C. AWS Simple Monthly Calculator - - D. AWS Total Cost of Ownership (TCO) Calculator - - E. Cost Eliminator - -
Answer - - Correct Answer: BCD - - Explanation: +16. Which of the following helps a customer view the Amazon EC2 billing activity for the past month? + - A. AWS Budgets. + - B. AWS Pricing Calculator. + - C. AWS Systems Manager. + - D. AWS Cost & Usage Reports. +
Answer + Correct answer: D
-1. Which of the following are advantages of AWS consolidated billing? (Select TWO.) - - A. The ability to receive one bill for multiple accounts - - B. Service limits increasing by default in all accounts - - C. A fixed discount on the monthly bill - - D. Potential volume discounts, as usage in all accounts is combined - - E. The automatic extension of the master account's AWS support plan to all accounts - -
Answer - - Correct Answer: AD - - Explanation: +17. What do you gain from setting up consolidated billing for five different AWS accounts under another master account? + - A. AWS services’ costs will be reduced to half the original price. + - B. The consolidated billing feature is just for organizational purpose. + - C. Each AWS account gets volume discounts. + - D. Each AWS account gets five times the free-tier services capacity. +
Answer + Correct answer: C
-1. Which of the following Reserved Instance (RI) pricing models provides the highest average savings compared to On-Demand pricing? - - A. One-year, No Upfront, Standard RI pricing - - B. One-year, All Upfront, Convertible RI pricing - - C. Three-year, All Upfront, Standard RI pricing - - D. Three-year, No Upfront, Convertible RI pricing - -
Answer - - Correct Answer: C - - Explanation: +18. What should you do in order to keep the data on EBS volumes safe? (Choose TWO) + - A. Regularly update firmware on EBS devices. + - B. Create EBS snapshots. + - C. Ensure that EBS data is encrypted at rest. + - D. Store a backup daily in an external drive. + - E. Prevent any unauthorized access to AWS data centers. +
Answer + Correct answer: B, C
-1. Compared with costs in traditional and virtualized data centers, AWS has: - - A. greater variable costs and greater upfront costs. - - B. fixed usage costs and lower upfront costs. - - C. lower variable costs and greater upfront costs. - - D. lower variable costs and lower upfront costs. - -
Answer - - Correct Answer: D - - Explanation: (10) +19. One of the most important AWS best-practices to follow is the cloud architecture principle of elasticity. How does this principle improve your architecture’s design? + - A. By automatically scaling your on-premises resources based on changes in demand. + - B. By automatically scaling your AWS resources using an Elastic Load Balancer. + - C. By reducing interdependencies between application components wherever possible. + - D. By automatically provisioning the required AWS resources based on changes in demand. +
Answer + Correct answer: D
-1. A characteristic of edge locations is that they: - - A. host Amazon EC2 instances closer to users. - - B. help lower latency and improve performance for users. - - C. cache frequently changing data without reaching the origin server. - - D. refresh data changes daily. - -
Answer - - Correct Answer: B +20. A startup company is operating on limited funds and is extremely concerned about cost overruns. Which of the below options can be used to notify the company when their monthly AWS bill exceeds $2000? (Choose TWO) + - A. Setup a CloudWatch billing alarm that triggers an SNS notification when the threshold is exceeded. + - B. Configure the Amazon Simple Email Service to send billing alerts to their email address on a daily basis. + - C. Configure the AWS Budgets Service to alert the company when the threshold is exceeded. + - D. Configure AWS CloudTrail to automatically delete all AWS resources when the threshold is exceeded. + - E. Configure the Amazon Connect Service to alert the company when the threshold is exceeded. +
Answer + Correct answer: A, C
-1. Which of the following can limit Amazon Storage Service (Amazon S3) bucket access to specific users? - - A. A public and private key-pair - - B. Amazon Inspector - - C. AWS Identity and Access Management (IAM) policies - - D. Security Groups - -
Answer - - Correct Answer: C - - Explanation: +21. What does Amazon CloudFront use to distribute content to global users with low latency? + - A. AWS Global Accelerator. + - B. AWS Regions. + - C. AWS Edge Locations. + - D. AWS Availability Zones. +
Answer + Correct answer: C
-1. Which of the following security-related actions are available at no cost? - - A. Calling AWS Support - - B. Contacting AWS Professional Services to request a workshop - - C. Accessing forums, blogs, and whitepapers - - D. Attending AWS classes at a local university - -
Answer - - Correct Answer: C +22. What does the "Principle of Least Privilege" refer to? + - A. You should grant your users only the permissions they need when they need them and nothing more. + - B. AllIAM users should have at least the necessary permissions to access the core AWS services. + - C. All trusted IAM users should have access to any AWS service in the respective AWS account. + - D. IAM users should not be granted any permissions; to keep your account safe. +
Answer + Correct answer: A
-1. Which of the Reserved Instance (RI) pricing models can change the attributes of the RI as long as the exchange results in the creation of RIs of equal or greater value? - - A. Dedicated RIs - - B. Scheduled RIs - - C. Convertible RIs - - D. Standard RIs - -
Answer - - Correct Answer: C - - Explanation: +23. Which of the following does NOT belong to the AWS Cloud Computing models? + - A. Platform as a Service (PaaS). + - B. Infrastructure as a Service (1aaS). + - C. Software as a Service (SaaS). + - D. Networking as a Service (NaaS). +
Answer + Correct answer: D
-1. Which AWS feature will reduce the customer's total cost of ownership (TCO)? - - A. Shared responsibility security model - - B. Single tenancy - - C. Elastic computing - - D. Encryption - -
Answer - - Correct Answer: C +24. The identification process of an online financial services company requires that new users must complete an online interview with their security team. The completed recorded interviews are only required in the event of a legal issue or a regulatory compliance breach. What is the most cost-effective service to store the recorded videos? + - A. S3 Intelligent-Tiering. + - B. AWS Marketplace. + - C. Amazon S3 Glacier Deep Archive. + - D. Amazon EBS. +
Answer + Correct answer: C
-1. Which of the following services will automatically scale with an expected increase in web traffic? - - A. AWS CodePipeline - - B. Elastic Load Balancing - - C. Amazon EBS - - D. AWS Direct Connect - -
Answer - - Correct Answer: B - - Explanation: +25. Which service provides DNS in the AWS cloud? + - A. Route 53. + - B. AWS Config. + - C. Amazon CloudFront. + - D. Amazon EMR. +
Answer + Correct answer: A
-1. Where are AWS compliance documents, such as an SOC 1 report, located? - - A. Amazon Inspector - - B. AWS CloudTrail - - C. AWS Artifact - - D. AWS Certificate Manager - -
Answer - - Correct Answer: C - - Explanation: +26. Hundreds of thousands of DDoS attacks are recorded every month worldwide. What service does AWS provide to help protect AWS Customers from these attacks? (Choose TWO) + - A. AWS Shield. + - B. AWS Config. + - C. Amazon Cognito. + - D. AWS WAF. + - E. AWS KMS. +
Answer + Correct answer: A, D
-1. Under the AWS shared responsibility model, which of the following activities are the customer's responsibility? (Select TWO.) - - A. Patching operating system components for Amazon Relational Database Server (Amazon RDS) - - B. Encrypting data on the client-side - - C. Training the data center staff - - D. Configuring Network Access Control Lists (ACL) - - E. Maintaining environmental controls within a data center - -
Answer - - Correct Answer: BD - - Explanation: +27. A company is deploying a new two-tier web application in AWS. Where should the most frequently accessed data be stored so that the application’s response time is optimal? + - A. AWS OpsWorks. + - B. AWS Storage Gateway. + - C. Amazon EBS volume. + - D. Amazon ElastiCache. +
Answer + Correct answer: D
-1. Which is a recommended pattern for designing a highly available architecture on AWS? - - A. Ensure that components have low-latency network connectivity. - - B. Run enough Amazon EC2 instances to operate at peak load. - - C. Ensure that the application is designed to accommodate failure of any single component. - - D. Use a monolithic application that handles all operations. - -
Answer - - Correct Answer: C +28. You want to run a questionnaire application for only one day (without interruption), which Amazon EC2 purchase option should you use? + - A. Reserved instances. + - B. Spot instances. + - C. Dedicated instances. + - D. On-demand instances. +
Answer + Correct answer: D
-1. According to best practices, how should an application be designed to run in the AWS Cloud? - - A. Use tighly coupled components. - - B. Use loosely coupled components. - - C. Use infrequently coupled components. - - D. Use frequently coupled components. - -
Answer - - Correct Answer: B - - Explanation: +29. You are working on a project that involves creating thumbnails of millions of images. Consistent uptime is not an issue, and continuous processing is not required. Which EC2 buying option would be the most cost-effective? + - A. Reserved Instances. + - B. On-demand Instances. + - C. Dedicated Instances. + - D. Spot Instances. +
Answer + Correct answer: D
-1. AWS supports which of the following methods to add security to Identity and Access Management (IAM) users? (Select TWO.) - - A. Implementing Amazon Rekognition - - B. Using AWS Shield-protected resources - - C. Blocking access with Security Groups - - D. Using Multi-Factor Authentication (MFA) - - E. Enforcing password strength and expiration - -
Answer - - Correct Answer: DE +30. Which of the following can be described as a global content delivery network (CDN) service? + - A. AWS VPN. + - B. AWS Direct Connect. + - C. AWS Regions. + - D. Amazon CloudFront. +
Answer + Correct answer: D
-1. Which AWS services should be used for read/write of constantly changing data? (Select TWO.) - - A. Amazon Glacier - - B. Amazon RDS - - C. AWS Snowball - - D. Amazon Redshift - - E. Amazon EFS - -
Answer - - Correct Answer: BE +31. Which of the following services allows customers to manage their agreements with AWS? + - A. AWS Artifact. + - B. AWS Certificate Manager. + - C. AWS Systems Manager. + - D. AWS Organizations. +
Answer + Correct answer: A
-1. What is one of the advantages of the Amazon Relational Database Service (Amazon RDS)? - - A. It simplifies relational database administration tasks. - - B. It provides 99.99999999999% reliability and durability. - - C. It automatically scales databases for loads. - - D. It enabled users to dynamically adjust CPU and RAM resources. - -
Answer - - Correct Answer: A - - Explanation: - - In the main RDS page though, Lower administrative burden is listed as part of the benefits. - - +32. Which of the following are examples of AWS-Managed Services, where AWS is responsible for the operational and maintenance burdens of running the service? (Choose TWO) + - A. Amazon VPC. + - B. Amazon DynamoDB. + - C. Amazon Elastic MapReduce. + - D. AWS IAM. + - E. Amazon Elastic Compute Cloud. +
Answer + Correct answer: B, C
-1. A customer needs to run a MySQL database that easily scales.
Which AWS service should they use? - - A. Amazon Aurora - - B. Amazon Redshift - - C. Amazon DynamoDB - - D. Amazon ElastiCache - -
Answer - - Correct Answer: A - - Explanation: +33. Your company has a data store application that requires access to a NoSQL database. Which AWS database offering would meet this requirement? + - A. Amazon Aurora. + - B. Amazon DynamoDB. + - C. Amazon Elastic Block Store. + - D. Amazon Redshift. +
Answer + Correct answer: B
-1. Which of the following components of the AWS Global Infrastructure consists of one or more discrete data centers interconnected through low latency links? - - A. Availability Zone - - B. Edge location - - C. Region - - D. Private networking - -
Answer - - Correct Answer: A - - Explanation: +34. As part of the Enterprise support plan, who is the primary point of contact for ongoing support needs? + - A. AWS Identity and Access Management (IAM) user. + - B. Infrastructure Event Management (IEM) engineer. + - C. AWS Consulting Partners. + - D. Technical Account Manager (TAM). +
Answer + Correct answer: D
-1. Which of the following is a shared control between the customer and AWS? - - A. Providing a key for Amazon S3 client-side encryption - - B. Configuration of an Amazon EC2 instance - - C. Environmental controls of physical AWS data centers - - D. Awareness and training - -
Answer - - Correct Answer: D - - Explanation: +35. How can you view the distribution of AWS spending in one of your AWS accounts? + - A. By using Amazon VPC console. + - B. By contacting the AWS Support team. + - C. By using AWS Cost Explorer. + - D. By contacting the AWS Finance team. +
Answer + Correct answer: C
-1. How many Availability Zones should compute resources be provisioned across to achieve high availability? - - A. A minimum of one - - B. A minimum of two - - C. A minimum of three - - D. A minimum of four or more - -
Answer - - Correct Answer: B +36. Which of the following must an IAM user provide to interact with AWS services using the AWS Command Line Interface (AWS CLI)? + - A. Access keys. + - B. Secret token. + - C. UserID. + - D. User name and password. +
Answer + Correct answer: A
-1. One of the advantages to moving infrastructure from an on-premises data center to the AWS Cloud is: - - A. it allows the business to eliminate IT bills. - - B. it allows the business to put a server in each customer's data center. - - C. it allows the business to focus on business activities. - - D. it allows the business to leave servers unpatched. - -
Answer - - Correct Answer: C +37. You have AWS Basic support, and you have discovered that some AWS resources are being used maliciously, and those resources could potentially compromise your data. What should you do? + - A. Contact the AWS Customer Service team. + - B. Contact the AWS Abuse team. + - C. Contact the AWS Concierge team. + - D. Contact the AWS Security team. +
Answer + Correct answer: B
-1. What is the lowest-cost, durable storage option for retaining database backups for immediate retrieval? - - A. Amazon S3 - - B. Amazon Glacier - - C. Amazon EBS - - D. Amazon EC2 Instance Store - -
Answer - - Correct Answer: A +38. Select TWO examples of the AWS shared controls. + - A. Patch Management. + - B. IAM Management. + - C. VPC Management. + - D. Configuration Management. + - E. Data Center operations. +
Answer + Correct answer: A, D
-1. Which AWS IAM feature allows developers to access AWS services through the AWS CLI? - - A. API keys - - B. Access keys - - C. User names/Passwords - - D. SSH keys - -
Answer - - Correct Answer: B - - Explanation: +39. In order to implement best practices when dealing with a “Single Point of Failure,” you should attempt to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help? (Choose TWO) + - A. ELB. + - B. Auto Scaling. + - C. Amazon Athen. + - D. ECR. + - E. Amazon EC2. +
Answer + Correct answer: A, B
-1. Which of the following is a fast and reliable NoSQL database service? - - A. Amazon Redshift - - B. Amazon RDS - - C. Amazon DynamoDB - - D. Amazon S3 - -
Answer - - Correct Answer: C - - Explanation: +40. A company is planning to host an educational website on AWS. Their video courses will be streamed all around the world. Which of the following AWS services will help achieve high transfer speeds? + - A. Amazon SNS. + - B. Amazon Kinesis Video Streams. + - C. AWS CloudFormation. + - D. Amazon CloudFront. +
Answer + Correct answer: D
-1. What is an example of agility in the AWS Cloud? - - A. Access to multiple instance types - - B. Access to managed services - - C. Using Consolidated Billing to produce one bill - - D. Decreased acquisition time for new compute resources - -
Answer - - Correct Answer: D - - Explanation: +41. A developer is planning to build a two-tier web application that has a MySQL database layer. Which of the following AWS database services would provide automated backups for the application? + - A. A MySQL database installed on an EC2 instance. + - B. Amazon Aurora. + - C. Amazon DynamoDB. + - D. Amazon Neptune. +
Answer + Correct answer: B
-1. Which service should a customer use to consolidate and centrally manage multiple AWS accounts? - - A. AWS IAM - - B. AWS Organizations - - C. AWS Schema Conversion Tool - - D. AWS Config - -
Answer - - Correct Answer: B - - Explanation: +42. What is the AWS service that enables AWS architects to manage infrastructure as code? + - A. AWS CloudFormation. + - B. AWS Config. + - C. Amazon SES. + - D. Amazon EMR. +
Answer + Correct answer: A
-1. What approach to transcoding a large number of individual video files adheres to AWS architecture principles? - - A. Using many instances in parallel - - B. Using a single large instance during off-peak hours - - C. Using dedicated hardware - - D. Using a large GPU instance type - -
Answer - - Correct Answer: A - - Explanation: +43. Under the shared responsibility model, which of the following is the responsibility of AWS? + - A. Client-side encryption. + - B. Configuring infrastructure devices. + - C. Server-side encryption. + - D. Filtering traffic with Security Groups. +
Answer + Correct answer: B
-1. For which auditing process does AWS have sole responsibility? - - A. AWS IAM policies - - B. Physical security - - C. Amazon S3 bucket policies - - D. AWS CloudTrail Logs - -
Answer - - Correct Answer: B +44. What does the AWS Health Dashboard provide? (Choose TWO) + - A. Detailed troubleshooting guidance to address AWS events impacting your resources. + - B. Health checks for Auto Scaling instances. + - C. Recommendations for Cost Optimization. + - D. A dashboard detailing vulnerabilities in your applications. + - E. Personalized view of AWS service health. +
Answer + Correct answer: A, E
-1. Which feature of the AWS Cloud will support an international company's requirement for low latency to all of its customers? - - A. Fault tolerance - - B. Global reach - - C. Pay-as-you-go pricing - - D. High availability - -
Answer - - Correct Answer: B - - Explanation: - - Global Reach will support an international company using Cloud-Front. +45. You have deployed your application on multiple Amazon EC2 instances. Your customers complain that sometimes they can’t reach your application. Which AWS service allows you to monitor the performance of your EC2 instances to assist in troubleshooting these issues? + - A. AWS Lambda. + - B. AWS Config. + - C. Amazon CloudWatch. + - D. AWS CloudTrail. +
Answer + Correct answer: C
-1. Which of the following is the customer's responsibility under the AWS shared responsibility model? - - A. Patching underlying infrastructure - - B. Physical security - - C. Patching Amazon EC2 instances - - D. Patching network infrastructure - -
Answer - - Correct Answer: C - - Explanation: +46. Your company is developing a critical web application in AWS, and the security of the application is a top priority. Which of the following AWS services will provide infrastructure security optimization recommendations? + - A. AWS Shield. + - B. AWS Management Console. + - C. AWS Secrets Manager. + - D. AWS Trusted Advisor. +
Answer + Correct answer: D
-1. A customer is using multiple AWS accounts with separate billing.
How can the customer take advantage of volume discounts with minimal impact to the AWS resources? - - A. Create one global AWS acount and move all AWS resources to tha account. - - B. Sign up for three years of Reserved Instance pricing up front. - - C. Use the consolidated billing feature from AWS Organizations. - - D. Sign up for the AWS Enterprise support plan to get volume discounts. - -
Answer - - Correct Answer: C - - Explanation: +47. Which of the following is not a benefit of Amazon S3? (Choose TWO) + - A. Amazon S3 provides unlimited storage for any type of data. + - B. Amazon S3 can run any type of application or backend system. + - C. Amazon S3 stores any number of objects, but with object size limits. + - D. Amazon S3 can be scaled manually to store and retrieve any amount of data from anywhere. + - E. Amazon S3 provides 99.999999999% (11 9’s) of data durability. +
Answer + Correct answer: B, D
-1. Which of the following are features of Amazon CloudWatch Logs? (Select TWO.) - - A. Summaries by Amazon Simple Notification Service (Amazon SNS) - - B. Free Amazon Elasticsearch Service analytics - - C. Provided at no charge - - D. Real-time monitoring - - E. Adjustable retention - -
Answer - - Correct Answer: DE +48. In the AWS Shared responsibility Model, which of the following are the responsibility of the customer? (Choose TWO) + - A. Disk disposal. + - B. Controlling physical access to compute resources. + - C. Patching the Network infrastructure. + - D. Setting password complexity rules. + - E. Configuring network access rules. +
Answer + Correct answer: D, E
-1. Which of the following is an AWS managed Domain Name System (DNS) web service? - - A. Amazon Route 53 - - B. Amazon Neptune - - C. Amazon SageMaker - - D. Amazon Lightsail - -
Answer - - Correct Answer: A - - Explanation: +49. What does AWS provide to deploy popular technologies such as IBM MQ on AWS with the least amount of effort and time? + - A. Amazon Aurora. + - B. Amazon CloudWatch. + - C. AWS Quick Start reference deployments. + - D. AWS OpsWorks. +
Answer + Correct answer: C
-1. A customer is deploying a new application and needs to choose an AWS Region.
Which of the following factors could influence the customer's decision? (Select TWO.) - - A. Reduced latency to users - - B. The application's presentation in the local language - - C. Data sovereignty compliance - - D. Cooling costs in hotter climates - - E. Proximity to the customer's office for on-site visits - -
Answer - - Correct Answer: AC +50. An organization has decided to purchase an Amazon EC2 Reserved Instance (RI) for three years in order to reduce costs. It is possible that the application workloads could change during the reservation period. What is the EC2 Reserved Instance (RI) type that will allow the company to exchange the purchased reserved instance for another reserved instance with higher computing power if they need to? + - A. Elastic RI. + - B. Premium RI. + - C. Standard RI. + - D. Convertible RI. +
Answer + Correct answer: D
Please feel free to comment below if any information is inaccurate or if any answers need correction. diff --git a/practice-exam/practice-exam-10.md b/practice-exam/practice-exam-10.md index bf80924..7a55126 100644 --- a/practice-exam/practice-exam-10.md +++ b/practice-exam/practice-exam-10.md @@ -6,654 +6,515 @@ If this practice exam has been helpful to you please share it with others and re --- -1. A company operating in the AWS Cloud requires separate invoices for specific environments, such as development, testing, and production.
How can this be achieved? - - A. Use multiple AWS accounts - - B. Use resource tagging - - C. Use multiple VPCs - - D. Use Cost Explorer - -
Answer - - Correct Answer: B +1. Which of the following can an AWS customer use to launch a new Amazon Relational Database Service (Amazon RDS) cluster? (Select TWO) + - A. AWS Concierge. + - B. AWS CloudFormation. + - C. Amazon Simple Storage Service (Amazon S3). + - D. Amazon EC2 Auto Scaling. + - E. AWS Management Console. +
Answer + Correct answer: B, E
-2. Which AWS service can be used in the application deployment process? - - A. AWS AppSync - - B. AWS Batch - - C. AWS CodePipeline - - D. AWS DataSync - -
Answer - - Correct Answer: C +2. Which of the following Reserved Instance (RI) pricing models provides the highest average savings compared to On-Demand pricing? + - A. One-year, No Upfront, Standard RI pricing. + - B. One-year, All Upfront, Convertible RI pricing. + - C. Three-year, All Upfront, Standard RI pricing. + - D. Three-year, No Upfront, Convertible RI pricing. +
Answer + Correct answer: C
-3. What can be used to reduce the cost of running Amazon EC2 instances? (Choose two.) - - A. Spot Instances for stateless and flexible workloads - - B. Memory optimized instances for high-compute workloads - - C. On-Demand Instances for high-cost and sustained workloads - - D. Reserved Instances for sustained workloads - - E. Spend limits set using AWS Budgets - -
Answer - - Correct Answer: AD +3. Which of the following are features of Amazon CloudWatch Logs? (Select TWO) + - A. Summaries by Amazon Simple Notification Service (Amazon SNS). + - B. Free Amazon Elasticsearch Service analytics. + - C. Provided at no charge. + - D. Real-time monitoring. + - E. Adjustable retention. +
Answer + Correct answer: D, E
-4. A company is launching an e-commerce site that will store and process credit card data. The company requires information about AWS compliance reports and AWS agreements.
Which AWS service provides on-demand access to these items? - - A. AWS Certificate Manager - - B. AWS Config - - C. AWS Artifact - - D. AWS CloudTrail - -
Answer - - Correct Answer: C +4. Which of the following is an AWS-managed compute service? + - A. Amazon SWF. + - B. Amazon EC2. + - C. AWS Lambda. + - D. Amazon Aurora. +
Answer + Correct answer: B
-5. Which AWS service or feature allows the user to manager cross-region application traffic? - - A. Amazon AppStream 2.0 - - B. Amazon VPC - - C. Elastic Load Balancer - - D. Amazon Route 53 - -
Answer - - Correct Answer: A +5. A company wants to reduce the physical compute footprint that developers use to run code. Which service would meet that need by enabling serverless architectures? + - A. Amazon Elastic Compute Cloud (Amazon EC2). + - B. AWS Lambda. + - C. Amazon DynamoDB. + - D. AWS CodeCommit. +
Answer + Correct answer: B
-6. Which AWS service can be used to track unauthorized API calls? - - A. AWS Config - - B. AWS CloudTrail - - C. AWS Trusted Advisor - - D. Amazon Inspector - -
Answer - - Correct Answer: B +6. Which of the following is the customer’s responsibility under the AWS shared responsibility model? + - A. Patching underlying infrastructure + - B. Physical security + - C. Patching Amazon EC2 instances + - D. Patching network infrastructure +
Answer + Correct answer: C
-7. A user needs to regularly audit and evaluate the setup of all AWS resources, identify non-compliant accounts, and be notified when a resource changes.
Which AWS service can be used to meet these requirements? - - A. AWS Trusted Advisor - - B. AWS Config - - C. AWS Resource Access Manager - - D. AWS Systems Manager - -
Answer - - Correct Answer: B +7. According to the AWS shared responsibility model who is responsible for configuration management? + - A. It is solely the responsibility of the customer. + - B. It is solely the responsibility of AWS. + - C. It is shared between AWS and the customer. + - D. It is not part of the AWS shared responsibility model. +
Answer + Correct answer: C
-8. A user is planning to launch two additional Amazon EC2 instances to increase availability.
Which action should the user take? - - A. Launch the instances across multiple Availability Zones in a single AWS Region. - - B. Launch the instances as EC2 Reserved Instances in the same AWS Region and the same Availability Zone. - - C. Launch the instances in multiple AWS Regions, but in the same Availability Zone. - - D. Launch the instances as EC2 Spot Instances in the same AWS Region, but in different Availability Zones. - -
Answer - - Correct Answer: A - -
- -9. A company must store critical business data in Amazon S3 with a backup to another AWS Region.
How can this be achieved? - - A. Use an Amazon CloudFront Content Delivery Network (CDN) to cache data globally - - B. Set up Amazon S3 cross-region replication to another AWS Region - - C. Configure the AWS Backup service to back up to the data to another AWS Region - - D. Take Amazon S3 bucket snapshots and copy that data to another AWS Region - -
Answer - - Correct Answer: B - -
- -10. Which AWS Cloud service can send alerts to customers if custom spending thresholds are exceeded? - - A. AWS Budgets - - B. AWS Cost Explorer - - C. AWS Cost Allocation Tags - - D. AWS Organizations - -
Answer - - Correct Answer: A - -
- -11. What is the recommended method to request penetration testing on AWS resources? - - A. Open a support case - - B. Fill out the Penetration Testing Request Form - - C. Request a penetration test from your technical account manager - - D. Contact your AWS sales representative - -
Answer - - Correct Answer: B - -
- -12. A user needs to automatically discover, classify, and protect sensitive data stored in Amazon S3.
Which AWS service can meet these requirements? - - A. Amazon Inspector - - B. Amazon Macie - - C. Amazon GuardDuty - - D. AWS Secrets Manager - -
Answer - - Correct Answer: B - -
- -13. Which components are required to build a successful site-to-site VPN connection on AWS? (Choose two.) - - A. Internet gateway - - B. NAT gateway - - C. Customer gateway - - D. Transit gateway - - E. Virtual private gateway - -
Answer - - Correct Answer: CD - -
- -14. Which Amazon EC2 pricing option is best suited for applications with short-term, spiky, or unpredictable workloads that cannot be interrupted? - - A. Spot Instances - - B. Dedicated Hosts - - C. On-Demand Instances - - D. Reserved Instances - -
Answer - - Correct Answer: C - -
- -15. Which AWS cloud architecture principle states that systems should reduce interdependencies? - - A. Scalability - - B. Services, not servers - - C. Removing single points of failure - - D. Loose coupling - -
Answer - - Correct Answer: D - -
- -16. What is the MOST effective resource for staying up to date on AWS security announcements? - - A. AWS Personal Health Dashboard - - B. AWS Secrets Manager - - C. AWS Security Bulletins - - D. Amazon Inspector - -
Answer - - Correct Answer: C - -
- -17. Which AWS service offers persistent storage for a file system? - - A. Amazon S3 - - B. Amazon EC2 instance store - - C. Amazon Elastic Block Store (Amazon EBS) - - D. Amazon ElastiCache - -
Answer - - Correct Answer: C - -
- -18. Which of the following allows AWS users to manage cost allocations for billing? - - A. Tagging resources - - B. Limiting who can create resources - - C. Adding a secondary payment method - - D. Running all operations on a single AWS account - -
Answer - - Correct Answer: A - -
- -19. Which AWS service allows users to download security and compliance reports about the AWS infrastructure on demand? - - A. Amazon GuardDuty - - B. AWS Security Hub - - C. AWS Artifact - - D. AWS Shield - -
Answer - - Correct Answer: C - -
- -20. Which of the following AWS services are serverless? (Choose two.) - - A. AWS Lambda - - B. Amazon Elasticsearch Service - - C. AWS Elastic Beanstalk - - D. Amazon DynamoDB - - E. Amazon Redshift - -
Answer - - Correct Answer: AD - -
- -21. Which AWS managed services can be used to extend an on-premises data center to the AWS network? (Choose two.) - - A. AWS VPN - - B. NAT gateway - - C. AWS Direct Connect - - D. Amazon Connect - - E. Amazon Route 53 - -
Answer - - Correct Answer: AC - -
- -22. Which requirement must be met for a member account to be unlinked from an AWS Organizations account? - - A. The linked account must be actively compliant with AWS System and Organization Controls (SOC). - - B. The payer and the linked account must both create AWS Support cases to request that the member account be unlinked from the organization. - - C. The member account must meet the requirements of a standalone account. - - D. The payer account must be used to remove the linked account from the organization. - -
Answer - - Correct Answer: C - -
- -23. What AWS benefit refers to a customer's ability to deploy applications that scale up and down the meet variable demand? - - A. Elasticity - - B. Agility - - C. Security - - D. Scalability - -
Answer - - Correct Answer: D - -
- -24. During a compliance review, one of the auditors requires a copy of the AWS SOC 2 report.
Which service should be used to submit this request? - - A. AWS Personal Health Dashboard - - B. AWS Trusted Advisor - - C. AWS Artifact - - D. Amazon S3 - -
Answer - - Correct Answer: C - -
- -25. A company wants to set up a highly available workload in AWS with a disaster recovery plan that will allow the company to recover in case of a regional service interruption.
Which configuration will meet these requirements? - - A. Run on two Availability Zones in one AWS Region, using the additional Availability Zones in the AWS Region for the disaster recovery site. - - B. Run on two Availability Zones in one AWS Region, using another AWS Region for the disaster recovery site. - - C. Run on two Availability Zones in one AWS Region, using a local AWS Region for the disaster recovery site. - - D. Run across two AWS Regions, using a third AWS Region for the disaster recovery site. - -
Answer - - Correct Answer: D - - Explanation: - -
- -26. A company has a 500 TB image repository that needs to be transported to AWS for processing.
Which AWS service can import this data MOST cost-effectively? - - A. AWS Snowball - - B. AWS Direct Connect - - C. AWS VPN - - D. Amazon S3 - -
Answer - - Correct Answer: A - - Explanation: - -
- -27. Which AWS service can run a managed PostgreSQL database that provides online transaction processing (OLTP)? - - A. Amazon DynamoDB - - B. Amazon Athena - - C. Amazon RDS - - D. Amazon EMR - -
Answer - - Correct Answer: C - - Explanation: - -
- -28. Which of the following assist in identifying costs by department? (Choose two.) - - A. Using tags on resources - - B. Using multiple AWS accounts - - C. Using an account manager - - D. Using AWS Trusted Advisor - - E. Using Consolidated Billing - -
Answer - - Correct Answer: AB - -
- -29. A company wants to allow full access to an Amazon S3 bucket for a particular user.
Which element in the S3 bucket policy holds the user details that describe who needs access to the S3 bucket? - - A. Principal - - B. Action - - C. Resource - - D. Statement - -
Answer - - Correct Answer: A - - Explanation: - -
- -30. Which AWS service allows for effective cost management of multiple AWS accounts? - - A. AWS Organizations - - B. AWS Trusted Advisor - - C. AWS Direct Connect - - D. Amazon Connect - -
Answer - - Correct Answer: A - - Explanation: - -
- -31. A company is piloting a new customer-facing application on Amazon Elastic Compute Cloud (Amazon EC2) for one month.
What pricing model is appropriate? - - A. Reserved Instances - - B. Spot Instances - - C. On-Demand Instances - - D. Dedicated Hosts - -
Answer - - Correct Answer: C - - Explanation: - -
- -32. Which AWS tools automatically forecast future AWS costs? - - A. AWS Support Center - - B. AWS Total Cost of Ownership (TCO) Calculator - - C. AWS Simple Monthly Calculator - - D. Cost Explorer - -
Answer - - Correct Answer: D - - Explanation: - -
- -33. Under the AWS shared responsibility model, which of the following is a responsibility of AWS? - - A. Enabling server-side encryption for objects stored in S3 - - B. Applying AWS IAM security policies - - C. Patching the operating system on an Amazon EC2 instance - - D. Applying updates to the hypervisor - -
Answer - - Correct Answer: D - - Explanation: - -
- -34. A user is able to set up a master payer account to view consolidated billing reports through: - - A. AWS Budgets. +8. Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS? + - A. Amazon GuardDuty. - B. Amazon Macie. - - C. Amazon QuickSight. - - D. AWS Organizations. - -
Answer - - Correct Answer: D - - Explanation: + - C. Amazon Inspector. + - D. AWS Shield. +
Answer + Correct answer: A
-35. Performing operations as code is a design principle that supports which pillar of the AWS Well-Architected Framework? - - A. Performance efficiency - - B. Operational excellence - - C. Reliability - - D. Security - -
Answer - - Correct Answer: B - - Explanation: +9. Which of the following BEST describe the AWS pricing model? (Select TWO) + - A. Fixed-term. + - B. Pay-as-you-go. + - C. Colocation. + - D. Planned. + - E. Variable cost. +
Answer + Correct answer: B, E
-36. Which design principle is achieved by following the reliability pillar of the AWS Well-Architected Framework? - - A. Vertical scaling - - B. Manual failure recovery - - C. Testing recovery procedures - - D. Changing infrastructure manually - -
Answer - - Correct Answer: C - - Explanation: +10. Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Select TWO) + - A. Ensuring that application data is encrypted at rest. + - B. Ensuring that AWS NTP servers are set to the correct time. + - C. Ensuring that users have received security training in the use of AWS services. + - D. Ensuring that access to data centers is restricted. + - E. Ensuring that hardware is disposed of properly. +
Answer + Correct answer: A, C
-37. What is a characteristic of Convertible Reserved Instances (RIs)? - - A. Users can exchange Convertible RIs for other Convertible RIs from a different instance family. - - B. Users can exchange Convertible RIs for other Convertible RIs in different AWS Regions. - - C. Users can sell and buy Convertible RIs on the AWS Marketplace. - - D. Users can shorten the term of their Convertible RIs by merging them with other Convertible RIs. - -
Answer - - Correct Answer: A - - Explanation: +11. A customer is using multiple AWS accounts with separate billing. How can the customer take advantage of volume discounts with minimal impact to the AWS resources? + - A. Create one global AWS account and move all AWS resources to tha account. + - B. Sign up for three years of Reserved Instance pricing up front. + - C. Use the consolidated billing feature from AWS Organizations. + - D. Sign up for the AWS Enterprise support plan to get volume discounts. +
Answer + Correct answer: C
-38. The user is fully responsible for which action when running workloads on AWS? - - A. Patching the infrastructure components - - B. Implementing controls to route application traffic - - C. Maintaining physical and environmental controls - - D. Maintaining the underlying infrastructure components - -
Answer - - Correct Answer: B +12. Which Amazon EC2 pricing model offers the MOST significant discount when compared to OnDemand Instances? + - A. A Partial Upfront Reserved Instances for a 1-year term. + - B. All Upfront Reserved instances for a 1 year form. + - C. All Upfront Reserved Instances for a 3 year term. + - D. No Upfront Reserved Instances for a 3 year term. +
Answer + Correct answer: C
-39. An architecture design includes Amazon EC2, an Elastic Load Balancer, and Amazon RDS.
What is the BEST way to get a monthly cost estimation for this architecture? - - A. Open an AWS Support case, provide the architecture proposal, and ask for a monthly cost estimation. - - B. Collect the published prices of the AWS services and calculate the monthly estimate. - - C. Use the AWS Simple Monthly Calculator to estimate the monthly cost. - - D. Use the AWS Total Cost of Ownership (TCO) Calculator to estimate the monthly cost. - -
Answer - - Correct Answer: C - - Explanation: +13. Which AWS services should be used for read/write of constantly changing data? (Select TWO) + - A. Amazon Glacier. + - B. Amazon RDS. + - C. AWS Snowball. + - D. Amazon Redshift. + - E. Amazon EFS. +
Answer + Correct answer: B, E
-40. Which are benefits of using Amazon RDS over Amazon EC2 when running relational databases on AWS? (Choose two.) - - A. Automated backups - - B. Schema management - - C. Indexing of tables - - D. Software patching - - E. Extract, transform, and load (ETL) management - -
Answer - - Correct Answer: AD - - Explanation: +14. Which AWS service allows users to identify the changes made to a resource over time? + - A. Amazon Inspector. + - B. AWS Config. + - C. AWS Service Catalog. + - D. AWS IAM. +
Answer + Correct answer: B
-41. What does the Amazon S3 Intelligent-Tiering storage class offer? - - A. Payment flexibility by reserving storage capacity - - B. Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store (Amazon EBS) volume - - C. Automatic cost savings by moving objects between tiers based on access pattern changes - - D. Secure, durable, and lowest cost storage for data archival - -
Answer - - Correct Answer: C - - Explanation: +15. According to best practices, how should an application be designed to run in the AWS Cloud? + - A. Use tighly coupled components. + - B. Use loosely coupled components. + - C. Use infrequently coupled components. + - D. Use frequently coupled components. +
Answer + Correct answer: B
-42. A company has multiple data sources across the organization and wants to consolidate data into one data warehouse.
Which AWS service can be used to meet this requirement? - - A. Amazon DynamoDB - - B. Amazon Redshift - - C. Amazon Athena - - D. Amazon QuickSight - -
Answer - - Correct Answer: B - - Explanation: +16. Which benefits are included with the AWS Business Support plan? (Select TWO) + - A. 24/7 assistance by way of live chat or a telephone call. + - B. Support from a dedicated AWS Technical Account Manager. + - C. An unlimited number of cases and contacts. + - D. 15-minute response time for production system interruption cases. + - E. Annual operational reviews with AWS Solutions Architects. +
Answer + Correct answer: A, C
-43. Which AWS service can be used to track resource changes and establish compliance? - - A. Amazon CloudWatch - - B. AWS Config - - C. AWS CloudTrail - - D. AWS Trusted Advisor - -
Answer - - Correct Answer: B - - Explanation: +17. Which of the following is an AWS managed Domain Name System (DNS) web service? + - A. Amazon Route 53. + - B. Amazon Neptune. + - C. Amazon SageMaker. + - D. Amazon Lightsail. +
Answer + Correct answer: A
-44. A user has underutilized on-premises resources.
Which AWS Cloud concept can BEST address this issue? - - A. High availability - - B. Elasticity - - C. Security - - D. Loose coupling - -
Answer - - Correct Answer: B - - Explanation: +18. A user must meet compliance and software licensing requirements that state a workload must be hosted on a physical server. When Amazon EC2 instance pricing option will meet these requirements? + - A. Dedicated Hosts. + - B. Dedicated Instances. + - C. Spot Instances. + - D. Reserved Instances. +
Answer + Correct answer: A
-45. A user has a stateful workload that will run on Amazon EC2 for the next 3 years.
What is the MOST cost-effective pricing model for this workload? - - A. On-Demand Instances - - B. Reserved Instances - - C. Dedicated Instances - - D. Spot Instances - -
Answer - - Correct Answer: B +19. Which of the Reserved Instance (RI) pricing models can change the attributes of the RI as long as the exchange results in the creation of RIs of equal or greater value? + - A. Dedicated RIs. + - B. Scheduled RIs. + - C. Convertible RIs. + - D. Standard RIs. +
Answer + Correct answer: C
-46. A cloud practitioner needs an Amazon EC2 instance to launch and run for 7 hours without interruptions.
What is the most suitable and cost-effective option for this task? - - A. On-Demand Instance - - B. Reserved Instance - - C. Dedicated Host - - D. Spot Instance - -
Answer - - Correct Answer: A +20. Which service is best for storing common database query results, which helps to alleviate database access load? + - A. Amazon Machine Learning. + - B. Amazon SQS. + - C. Amazon ElastiCache. + - D. Amazon EC2 Instance Store. +
Answer + Correct answer: C
-47. Which of the following are benefits of using AWS Trusted Advisor? (Choose two.) - - A. Providing high-performance container orchestration - - B. Creating and rotating encryption keys - - C. Detecting underutilized resources to save costs - - D. Improving security by proactively monitoring the AWS environment - - E. Implementing enforced tagging across AWS resources - -
Answer - - Correct Answer: CD - - Explanation: +21. When should a company consider using Amazon EC2 Spot Instances? (Select TWO) + - A. For non-production applications. + - B. For stateful workloads. + - C. For applications that cannot have interruptions. + - D. For fault-tolerant flexible applications. + - E. For sensitive database applications. +
Answer + Correct answer: A, D
-48. A developer has been hired by a large company and needs AWS credentials.
Which are security best practices that should be followed? (Choose two.) - - A. Grant the developer access to only the AWS resources needed to perform the job. - - B. Share the AWS account root user credentials with the developer. - - C. Add the developer to the administrator's group in AWS IAM. - - D. Configure a password policy that ensures the developer's password cannot be changed. - - E. Ensure the account password policy requires a minimum length. - -
Answer - - Correct Answer: AE +22. Which AWS tools assist with estimating costs? (Select three) + - A. Detailed billing report. + - B. Cost allocation tags. + - C. AWS Simple Monthly Calculator. + - D. AWS Total Cost of Ownership (TCO) Calculator. + - E. Cost Estimator. +
Answer + Correct answer: B, C, D
-49. Which AWS storage service is designed to transfer petabytes of data in and out of the cloud? - - A. AWS Storage Gateway - - B. Amazon S3 Glacier Deep Archive - - C. Amazon Lightsail - - D. AWS Snowball - -
Answer - - Correct Answer: D - - Explanation: +23. A company wants to focus on business activities instead of managing compute and capacity. Which AWS service can be used to automatically add or remove Amazon EC2 instances based on demand? + - A. Elastic Load Balancer. + - B. Amazon EC2 Auto Scaling. + - C. Amazon Route 53. + - D. Amazon CloudFront. +
Answer + Correct answer: B
-50. Which service provides a user the ability to warehouse data in the AWS Cloud? - - A. Amazon EFS - - B. Amazon Redshift - - C. Amazon RDS - - D. Amazon VPC +24. Which is the minimum AWS Support plan that includes Infrastructure Event Management without additional costs? + - A. Enterprise. + - B. Business. + - C. Developer. + - D. Basic. -
Answer +
Answer + Correct answer: A +
- Correct Answer: B +25. Access keys in AWS Identity and Access Management (IM1) are used to: + - A. Log in to the AWS Management Console. + - B. Make programmatic calls to AWS from AWS APIs. + - C. Log in to Amazon EC2 instances. + - D. Authenticate to AWS CodeCommit repositories. - Explanation: +
Answer + Correct answer: B +
+26. Which AWS service can be used to query stored datasets directly from Amazon S3 using standard SQL? + - A. AWS Glue. + - B. AWS Data Pipeline. + - C. Amazon CloudSearch. + - D. Amazon Athena. + +
Answer + Correct answer: D +
+ +27. How does AWS shorten the time to provision IT resources? + - A. It supplies an online IT ticketing platform for resource requests. + - B. It supports automatic code validation services. + - C. It provides the ability to programmatically provision existing resources. + - D. It automates the resource request process from a company’s IT vendor list. + +
Answer + Correct answer: C +
+ +28. Which AWS services can be used to gather information about AWS account activity? (Select TWO) + - A. Amazon CloudFront. + - B. AWS Cloud9. + - C. AWS CloudTrail. + - D. AWS CloudHSM. + - E. Amazon CloudWatch. + +
Answer + Correct answer: A, E +
+ +29. Which of the following are characteristics of Amazon S3? (Select TWO) + - A. A global file system. + - B. An object store. + - C. A local file store. + - D. A network file system. + - E. A durable storage system. + +
Answer + Correct answer: B, E +
+ +30. A user wants guidance on possible savings when migrating from on-premises to AWS. Which tool is suitable for this scenario? + - A. AWS Budgets. + - B. Cost Explorer. + - C. AWS Total Cost of Ownership (TCO) Calculator. + - D. AWS Well-Architected Tool. + +
Answer + Correct answer: C +
+ +31. Which of the following services is in the category of AWS serverless platform? + - A. Amazon EMR. + - B. Elastic Load Balancing. + - C. AWS Lambda. + - D. AWS Mobile Hub. + +
Answer + Correct answer: C +
+ +32. The use of what AWS feature or service allows companies to track and categorize spending on a detailed level? + - A. Cost allocation tags. + - B. Consolidated billing. + - C. AWS Budgets. + - D. AWS Marketplace. + +
Answer + Correct answer: A +
+ +33. Which of the following inspects AWS environments to find opportunities that can save money for users and also improve system performance? + - A. AWS Cost Explorer. + - B. AWS Trusted Advisor. + - C. Consolidated billing. + - D. Detailed billing. + +
Answer + Correct answer: B +
+ +34. Web servers running on Amazon EC2 access a legacy application running in a corporate data center. What term would describe this model? + - A. Cloud-native. + - B. Partner network. + - C. Hybrid architecture. + - D. Infrastructure as a service. + +
Answer + Correct answer: C +
+ +35. What technology enables compute capacity to adjust as loads change? + - A. Load balancing. + - B. Automatic failover. + - C. Round robin. + - D. Auto Scaling. + +
Answer + Correct answer: D +
+ +36. Which AWS service is a managed NoSQL database? + - A. Amazon Redshift. + - B. Amazon DynamoDB. + - C. Amazon Aurora. + - D. Amazon RDS for ManaDB. + +
Answer + Correct answer: B +
+ +37. Which of the following is a correct relationship between regions, Availability Zones, and edge locations? + - A. Data centers contain regions. + - B. Regions contain Availability Zones. + - C. Availability Zones contain edge locations. + - D. Edge locations contain regions. + +
Answer + Correct answer: B +
+ +38. What approach to transcoding a large number of individual video files adheres to AWS architecture principles? + - A. Using many instances in parallel. + - B. Using a single large instance during off-peak hours. + - C. Using dedicated hardware. + - D. Using a large GPU instance type. + +
Answer + Correct answer: A +
+ +39. Which AWS services can host a Microsoft SQL Server database? (Select TWO) + - A. Amazon EC2. + - B. Amazon Relational Database Service (Amazon RDS). + - C. Amazon Aurora. + - D. Amazon Redshift. + - E. Amazon S3. + +
Answer + Correct answer: A, B +
+ +40. Which AWS IAM feature allows developers to access AWS services through the AWS CLI? + - A. API keys. + - B. Access keys. + - C. User names/Passwords. + - D. SSH keys. + +
Answer + Correct answer: B +
+ +41. The user is fully responsible for which action when running workloads on AWS? + - A. Patching the infrastructure components. + - B. Maintaining the underlying infrastructure components. + - C. Maintaining physical and environmental controls. + - D. Implementing controls to route application traffic. + +
Answer + Correct answer: A +
+ +42. Which AWS support plan includes a dedicated Technical Account Manager? + - A. Developer. + - B. Enterprise. + - C. Business. + - D. Basic. + +
Answer + Correct answer: B +
+ +43. What time-savings advantage is offered with the use of Amazon Rekognition? + - A. Amazon Rekognition provides automatic watermarking of images. + - B. Amazon Rekognition provides automatic detection of objects appearing in pictures. + - C. Amazon Recognition provides the ability to resize millions of images automatically. + - D. Amazon Rekognition uses Amazon Mechanical Turk to allow humans to bid on object detection jobs. + +
Answer + Correct answer: B +
+ +44. Which AWS service can be used to automatically scale an application up and down without making capacity planning decisions? + - A. Amazon EBS. + - B. Amazon Redshift. + - C. AWS CloudTrail. + - D. AWS Lambda. + +
Answer + Correct answer: D +
+ +45. Amazon Relational Database Service (Amazon RDS) offers which of the following benefits over traditional database management? + - A. AWS manages the data stored in Amazon RDS tables. + - B. AWS manages the maintenance of the operating system. + - C. AWS automatically scales up instance types on demand. + - D. AWS manages the database type. + +
Answer + Correct answer: C +
+ +46. A company’s web application currently has light dependencies on underlying components so when one component fails the entire web application fails. Applying which AWS Cloud design principle will address the current design issue? + - A. Implementing elasticity enabling the application to scale up or scale down as demand changes. + - B. Enabling several EC2 instances to run in parallel to achieve better performance. + - C. Focusing on decoupling components by isolating them and ensuring individual components can function when other components. + - D. Doubling EC2 computing resources to increase system fault tolerance. + +
Answer + Correct answer: C +
+ +47. A customer would like to design and build a new workload on AWS Cloud but does not have the AWS-related software technical expertise in-house. Which of the following AWS programs can a customer take advantage of to achieve that outcome? + - A. AWS Partner Network Technology Partners. + - B. AWS Marketplace. + - C. AWS Partner Network Consulting Partners. + - D. AWS Service Catalog. + +
Answer + Correct answer: C +
+ +48. Which service stores objects, provides real-time access to those objects, and offers versioning and lifecycle capabilities? + - A. Amazon Glacier. + - B. AWS Storage Gateway. + - C. Amazon S3. + - D. Amazon EBS. + +
Answer + Correct answer: C +
+ +49. Distributing workloads across multiple Availability Zones supports which cloud architecture design principle? + - A. Implement automation. + - B. Design for agility. + - C. Design for failure. + - D. Implement elasticity. + +
Answer + Correct answer: C +
+ +50. Which service should a customer use to consolidate and centrally manage multiple AWS accounts? + - A. AWS IAM. + - B. AWS Organizations. + - C. AWS Schema Conversion Tool. + - D. AWS Config. + +
Answer + Correct answer: B
Please feel free to comment below if any information is inaccurate or if any answers need correction. diff --git a/practice-exam/practice-exam-11.md b/practice-exam/practice-exam-11.md index 11ce4c0..bc082d3 100644 --- a/practice-exam/practice-exam-11.md +++ b/practice-exam/practice-exam-11.md @@ -6,705 +6,516 @@ If this practice exam has been helpful to you please share it with others and re --- -1. A user is planning to migrate an application workload to the AWS Cloud.
Which control becomes the responsibility of AWS once the migration is complete? - - A. Patching the guest operating system - - B. Maintaining physical and environmental controls - - C. Protecting communications and maintaining zone security - - D. Patching specific applications - -
Answer - - Correct Answer: B +1. How can a company reduce its Total Cost of Ownership (TCO) using AWS? + - A. By minimizing large capital expenditures. + - B. By having no responsibility for third-party license costs. + - C. By having no operational expenditures. + - D. By having AWS manage applications. +
Answer + Correct answer: A
-2. Which services can be used to deploy applications on AWS? (Choose two.) - - A. AWS Elastic Beanstalk - - B. AWS Config - - C. AWS OpsWorks - - D. AWS Application Discovery Service - - E. Amazon Kinesis - -
Answer - - Correct Answer: AC - - Explanation: +2. Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Select TWO) + - A. AWS Trusted Advisor. + - B. AWS Online Tech Talks. + - C. AWS Blog. + - D. AWS Forums. + - E. AWS Classroom Training. +
Answer + Correct answer: B, E
-3. Which AWS service can be used to provide an on-demand, cloud-based contact center? - - A. AWS Direct Connect - - B. Amazon Connect - - C. AWS Support Center - - D. AWS Managed Services - -
Answer - - Correct Answer: B - - Explanation: +3. Which of the following will enhance the security of access to the AWS Management Console’? (Select TWO) + - A. AWS Secrets Manager. + - B. AWS Certificate Manager. + - C. AWS Multi-Factor Authentication (AWS MFA). + - D. Security groups. + - E. Password policies. +
Answer + Correct answer: C, E
-4. What tool enables customers without an AWS account to estimate costs for almost all AWS services? - - A. Cost Explorer - - B. TCO Calculator - - C. AWS Budgets - - D. Simple Monthly Calculator - -
Answer - - Correct Answer: A - - Explanation: +4. Which of the following features can be configured through the Amazon Virtual Private Cloud (Amazon VPC) Dashboard? (Select TWO) + - A. Amazon CloudFront distributions. + - B. Amazon Route 53. + - C. Security Groups. + - D. Subnets. + - E. Elastic Load Balancing. +
Answer + Correct answer: C, D
-5. Which component must be attached to a VPC to enable inbound Internet access? - - A. NAT gateway - - B. VPC endpoint - - C. VPN connection - - D. Internet gateway - -
Answer - - Correct Answer: D - - Explanation: +5. For which auditing process does AWS have sole responsibility? + - A. AWS IAM policies. + - B. Physical security. + - C. Amazon S3 bucket policies. + - D. AWS CloudTrail Logs. +
Answer + Correct answer: B
-6. Which pricing model would result in maximum Amazon Elastic Compute Cloud (Amazon EC2) savings for a database server that must be online for one year? - - A. Spot Instance - - B. On-Demand Instance - - C. Partial Upfront Reserved Instance - - D. No Upfront Reserved Instance - -
Answer - - Correct Answer: C - - Explanation: +6. Which of the following are advantages of AWS consolidated billing? (Select TWO) + - A. The ability to receive one bill for multiple accounts. + - B. Service limits increasing by default in all accounts. + - C. A fixed discount on the monthly bill. + - D. Potential volume discounts, as usage in all accounts is combined. + - E. The automatic extension of the master account’s AWS support plan to all accounts. +
Answer + Correct answer: A, D
-7. A company has a MySQL database running on a single Amazon EC2 instance. The company now requires higher availability in the event of an outage.
Which set of tasks would meet this requirement? - - A. Add an Application Load Balancer in front of the EC2 instance - - B. Configure EC2 Auto Recovery to move the instance to another Availability Zone - - C. Migrate to Amazon RDS and enable Multi-AZ - - D. Enable termination protection for the EC2 instance to avoid outages - -
Answer - - Correct Answer: C - - Explanation: +7. Which of the following common IT tasks can AWS cover to free up company IT resources? (Select TWO) + - A. Patching databases software. + - B. Testing application releases. + - C. Backing up databases. + - D. Creating database schema. + - E. Running penetration tests. +
Answer + Correct answer: A, C
-8. A company wants to ensure that AWS Management Console users are meeting password complexity requirements.
How can the company configure password complexity? - - A. Using an AWS IAM user policy - - B. Using an AWS Organizations service control policy (SCP) - - C. Using an AWS IAM account password policy - - D. Using an AWS Security Hub managed insight - -
Answer - - Correct Answer: C - - Explanation: +8. A company wants to expand from one AWS Region into a second AWS Region. What does the company need to do to start supporting the new Region? + - A. Contact an AWS Account Manager to sign a new contract. + - B. Move an Availability Zone to the new Region. + - C. Begin deploying resources in the second Region. + - D. Download the AWS Management Console for the new Region. +
Answer + Correct answer: B
-9. Under the AWS shared responsibility model, which of the following is the customer's responsibility? - - A. Patching guest OS and applications - - B. Patching and fixing flaws in the infrastructure - - C. Physical and environmental controls - - D. Configuration of AWS infrastructure devices - -
Answer - - Correct Answer: A +9. Why is it beneficial to use Elastic Load Balancers with applications? + - A. They allow for the conversion from Application Load. + - B. Balancers to Classic Load Balancers. + - C. They are capable of handling constant changes in network traffic patterns. + - D. They automatically adjust capacity. They are provided at no charge to users. +
Answer + Correct answer: B
-10. Which of the following tasks is required to deploy a PCI-compliant workload on AWS? - - A. Use any AWS service and implement PCI controls at the application layer - - B. Use an AWS service that is in-scope for PCI compliance and raise an AWS support ticket to enable PCI compliance at the application layer - - C. Use any AWS service and raise an AWS support ticket to enable PCI compliance on that service - - D. Use an AWS service that is in scope for PCI compliance and apply PCI controls at the application layer - -
Answer - - Correct Answer: D - - Explanation: +10. Which is the MINIMUM AWS Support plan that allows for one-hour target response time for support cases? + - A. Enterprise. + - B. Business. + - C. Developer + - D. Basic +
Answer + Correct answer:
-11. A company is building an application that requires the ability to send, store, and receive messages between application components. The company has another requirement to process messages in first-in, first-out (FIFO) order.
Which AWS service should the company use? - - A. AWS Step Functions - - B. Amazon Simple Notification Service (Amazon SNS) - - C. Amazon Kinesis Data Streams - - D. Amazon Simple Queue Service (Amazon SQS) - -
Answer - - Correct Answer: D - - Explanation: +11. What is the lowest-cost, durable storage option for retaining database backups for immediate retrieval? + - A. Amazon S3. + - B. Amazon Glacier. + - C. Amazon EBS. + - D. Amazon EC2 Instance Store. +
Answer + Correct answer: A
-12. AnyCompany recently purchased Example Corp. Both companies use AWS resources, and AnyCompany wants a single aggregated bill.
Which option allows AnyCompany to receive a single bill? - - A. Example Corp. must submit a request to its AWS solutions architect or AWS technical account manager to link the accounts and consolidate billing. - - B. AnyCompany must create a new support case in the AWS Support Center requesting that both bills be combined. - - C. Send an invitation to join the organization from AnyCompany's AWS Organizations master account to Example Corp. - - D. Migrate the Example Corp. VPCs, Amazon EC2 instances, and other resources into the AnyCompany AWS account. - -
Answer - - Correct Answer: A - - Explanation: +12. What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty practice areas? + - A. AWS Enterprise Support. + - B. AWS Solutions Architects. + - C. AWS Professional Services. + - D. AWS Account Managers. +
Answer + Correct answer: C
-13. Which tool can be used to create alerts when the actual or forecasted cost of AWS services exceeds a certain threshold? - - A. Cost Explorer - - B. AWS Budgets - - C. AWS Cost and Usage Report - - D. AWS CloudTrail - -
Answer - - Correct Answer: B - - Explanation: +13. A company needs 24/7 phone email and chat access with a response time of less than 1 hour if a production system has a service interruption Which AWS Support plan meets these requirements at the LOWEST cost? + - A. Basic. + - B. Developer. + - C. Business. + - D. Enterprise. +
Answer + Correct answer: D
-14. A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in the AWS Cloud.
Which service should be used to deploy the application? - - A. AWS CloudFormation - - B. AWS Elastic Beanstalk - - C. Amazon EC2 - - D. AWS OpsWorks - -
Answer - - Correct Answer: B - - Explanation: +14. If a customer needs to audit the change management of AWS resources, which of the following AWS services should the customer use? + - A. AWS Config. + - B. AWS Trusted Advisor. + - C. Amazon CloudWatch. + - D. Amazon Inspector. +
Answer + Correct answer: A
-15. Which AWS Trusted Advisor check is available to all AWS users? - - A. Core checks - - B. All checks - - C. Cost optimization checks - - D. Fault tolerance checks - -
Answer - - Correct Answer: A - - Explanation: +15. How does AWS Trusted Advisor provide guidance to users of the AWS Cloud? (Select TWO) + - A. It identifies software vulnerabilities in applications running on AWS. + - B. It provides a list of cost optimization recommendations based on current AWS usage. + - C. It detects potential security vulnerabilities caused by permissions settings on account resources. + - D. It automatically corrects potential security issues caused by permissions settings on account resources. + - E. It provides proactive alerting whenever an Amazon EC2 instance has been compromised. +
Answer + Correct answer: B, C
-16. A web developer is concerned that a DDoS attack could target an application.
Which AWS services or features can help protect against such an attack? (Choose two.) - - A. AWS Shield - - B. AWS CloudTrail - - C. Amazon CloudFront - - D. AWS Support Center - - E. AWS Service Health Dashboard - -
Answer - - Correct Answer: AC - - Explanation: +16. Which AWS managed service is used to host databases? + - A. AWS Batch. + - B. AWS Artifact. + - C. AWS Data Pipeline. + - D. Amazon RDS. +
Answer + Correct answer: D
-17. Which AWS service gives users on-demand, self-service access to AWS compliance control reports? - - A. AWS Config - - B. Amazon GuardDuty - - C. AWS Trusted Advisor - - D. AWS Artifact - -
Answer - - Correct Answer: D - - Explanation: +17. Which of the following Identity and Access Management (IAM) entities is associated with an access key ID and secret access key when using AWS Command Line Interface (AWS CLI)? + - A. IAM group. + - B. IAM user. + - C. IAM role. + - D. IAM policy. +
Answer + Correct answer: B
-18. A company wants to provide one of its employees with access to Amazon RDS. The company also wants to limit the interaction to only the AWS CLI and AWS software development kits (SDKs).
Which combination of actions should the company take to meet these requirements while following the principles of least privilege? (Choose two.) - - A. Create an IAM user and provide AWS Management Console access only. - - B. Create an IAM user and provide programmatic access only. - - C. Create an IAM role and provide AWS Management Console access only. - - D. Create an IAM policy with administrator access and attach it to the IAM user. - - E. Create an IAM policy with Amazon RDS access and attach it to the IAM user. - -
Answer - - Correct Answer: BE +18. Under the shared responsibility model, which of the following is the customer responsible for? + - A. Ensuring that disk drives are wiped after use. + - B. Ensuring that firmware is updated on hardware devices. + - C. Ensuring that data is encrypted at rest. + - D. Ensuring that network cables are category six or higher. +
Answer + Correct answer: C
-19. A company has a compliance requirement to record and evaluate configuration changes, as well as perform remediation actions on AWS resources.
Which AWS service should the company use? - - A. AWS Config - - B. AWS Secrets Manager - - C. AWS CloudTrail - - D. AWS Trusted Advisor - -
Answer - - Correct Answer: A - - Explanation: +19. Which AWS service provides a simple and scalable shared file storage solution for use with Linux-based AWS and on-premises servers? + - A. Amazon S3. + - B. Amazon Glacier. + - C. Amazon EBS. + - D. Amazon EFS. +
Answer + Correct answer: D
-20. What are the advantages of deploying an application with Amazon EC2 instances in multiple Availability Zones? (Choose two.) - - A. Preventing a single point of failure - - B. Reducing the operational costs of the application - - C. Allowing the application to serve cross-region users with low latency - - D. Increasing the availability of the application - - E. Increasing the load of the application - -
Answer - - Correct Answer: AD - - Explanation: +20. What credential components are required to gain programmatic access to an AWS account? (Select TWO) + - A. An access key ID. + - B. A primary key. + - C. A secret access key. + - D. A user ID. + - E. A secondary key. +
Answer + Correct answer: A, C
-21. A workload on AWS will run for the foreseeable future by using a consistent number of Amazon EC2 instances.
What pricing model will minimize cost while ensuring that compute resources remain available? +21. Which of the following is a shared control between the customer and AWS? + - A. Providing a key for Amazon S3 client-side encryption. + - B. Configuration of an Amazon EC2 instance. + - C. Environmental controls of physical AWS data centers. + - D. Awareness. + +
Answer + Correct answer: D +
+ +22. Which type of AWS storage is ephemeral and is deleted when an instance is stopped Of terminated? + - A. Amazon EBS. + - B. Amazon EC2 instance store. + - C. Amazon EFS. + - D. Amazon S3. + +
Answer + Correct answer: B +
+ +23. Which of the following is an advantage of consolidated billing on AWS? + - A. Volume pricing qualification. + - B. Shared access permissions. + - C. Multiple bills per account. + - D. Eliminates the need for tagging. + +
Answer + Correct answer: A +
+ +24. Which services are parts of the AWS serverless platform? + - A. Amazon EC2, Amazon S3, Amazon Athena. + - B. Amazon Kinesis, Amazon SQS, Amazon EMR. + - C. AWS Step Functions, Amazon DynamoDB, Amazon SNS. + - D. Amazon Athena, Amazon Cognito, Amazon EC2. + +
Answer + Correct answer: C +
+ +25. Which of the following Amazon EC2 pricing models allow customers to use existing server-bound software licenses? + - A. Spot Instances. + - B. Reserved Instances. + - C. Dedicated Hosts. + - D. On-Demand Instances. + +
Answer + Correct answer: C +
+ +26. Which of the following security measures protect access to an AWS account? (Select TWO) + - A. Enable AWS CloudTrail. + - B. Grant least privilege access to IAM users. + - C. Create one IAM user and share with many developers and users. + - D. Enable Amazon CloudFront. + - E. Activate multi-factor authentication (MFA) for privileged users. + +
Answer + Correct answer: B, E +
+ +27. Which AWS service provides the ability to manage infrastructure as code? + - A. AWS CodePipeline. + - B. AWS CodeDeploy. + - C. AWS Direct Connect. + - D. AWS CloudFormation. + +
Answer + Correct answer: D +
+ +28. What is an advantage of deploying an application across multiple Availability Zones? + - A. There is a lower risk of service failure if a natural disaster causes a service disruption in a given AWS Region. + - B. The application will have higher availability because it can withstand a service disruption in one Availability Zone. + - C. There will be better coverage as Availability Zones are geographical^ distant and can serve a wider area. + - D. There will be decreased application latency that will improve the user experience. + +
Answer + Correct answer: B +
+ +29. A customer needs to run a MySQL database that easily scales. Which AWS service should they use? + - A. Amazon Aurora. + - B. Amazon Redshift. + - C. Amazon DynamoDB. + - D. Amazon ElastiCache. + +
Answer + Correct answer: A +
+ +30. Which of the following is an AWS Cloud architecture design principle? + - A. Implement single points of failure. + - B. Implement loose coupling. + - C. Implement monolithic design. + - D. Implement vertical scaling. + +
Answer + Correct answer: B +
+ +31. AWS Enterprise Support users have access to which service or feature that is not available to users with other AWS Support plans? + - A. AWS Trusted Advisor. + - B. AWS Support case. + - C. Concierge team. + - D. Amazon Connect. + +
Answer + Correct answer: D +
+ +32. A company will be moving from an on-premises data center to the AWS Cloud. What would be one financial difference after the move? + - A. Moving from variable operational expense ( opex ) to upfront capital expense (capex). + - B. Moving from upfront capital expense (capex) to variable capital expense (capex). + - C. Moving from upfront capital expense (capex) to variable operational expense ( opex ). + - D. Elimination of upfront capital expense (capex) and elimination of variable operational expense ( opex ). + +
Answer + Correct answer: C +
+ +33. When performing a cost analysis that supports physical isolation of a customer workload, which compute hosting model should be accounted for in the Total Cost of Ownership (TCO)? - A. Dedicated Hosts - - B. On-Demand Instances - - C. Spot Instances - - D. Reserved Instances - -
Answer - - Correct Answer: D - - Explanation: + - B. Reserved Instances + - C. On-Demand Instances + - D. No Upfront Reserved Instances +
Answer + Correct answer: A
-22. Which tool can be used to identify scheduled changes to the AWS infrastructure? - - A. AWS Personal Health Dashboard - - B. AWS Trusted Advisor - - C. Billing Dashboard - - D. AWS Config - -
Answer - - Correct Answer: A - - Explanation: +34. Which AWS service should be used for long-term, low-cost storage of data backups? + - A. Amazon RDS. + - B. Amazon Glacier. + - C. AWS Snowball. + - D. AWS EBS. +
Answer + Correct answer: B
-23. Which of the following is the customer's responsibility when using Amazon RDS? - - A. Patching the operating system of underlying hardware - - B. Controlling traffic to and from the database through security groups - - C. Running backups that enable point-in-time recovery of a DB instance - - D. Replacing failed DB instances - -
Answer - - Correct Answer: B - - Explanation: +35. Which is the MINIMUM AWS Support plan that provides technical support through phone calls? + - A. Enterprise. + - B. Business. + - C. Developer. + - D. Basic. +
Answer + Correct answer: B
-24. What is the customer's responsibility when using AWS Lambda? - - A. Operating system configuration - - B. Application management - - C. Platform management - - D. Code encryption - -
Answer - - Correct Answer: D - - Explanation: +36. Which Amazon EC2 instance pricing model can provide discounts of up to 90%? + - A. Reserved Instances. + - B. On-Demand. + - C. Dedicated Hosts. + - D. Spot Instances. +
Answer + Correct answer: D
-25. A company wants to be notified when its AWS Cloud costs or usage exceed defined thresholds.
Which AWS service will support these requirements? - - A. AWS Budgets - - B. Cost Explorer - - C. AWS CloudTrail - - D. Amazon Macie - -
Answer - - Correct Answer: A - - Explanation: +37. Which of the following AWS services can be used to serve large amounts of online video content with the lowest possible latency? (Select TWO) + - A. appGateway. + - B. Amazon S3. + - C. Amazon Elastic File System (EFS). + - D. Amazon Glacier. + - E. Amazom CloudFront. +
Answer + Correct answer: B, E
-26. Which AWS service provides the ability to host a NoSQL database in the AWS Cloud? - - A. Amazon Aurora - - B. Amazon DynamoDB - - C. Amazon RDS - - D. Amazon Redshift - -
Answer - - Correct Answer: B - - Explanation: +38. What can AWS edge locations be used for? (Select TWO) + - A. Hosting applications. + - B. Delivering content closer to users. + - C. Running NoSQL database caching services. + - D. Reducing traffic on the server by caching responses. + - E. Sending notification messages to end users. +
Answer + Correct answer: B, D
-27. Which AWS service allows customers to purchase unused Amazon EC2 capacity at an often discounted rate? - - A. Reserved Instances - - B. On-Demand Instances - - C. Dedicated Instances - - D. Spot Instances - -
Answer - - Correct Answer: D - - Explanation: +39. A company is planning to migrate from on-premises to the AWS Cloud. When AWS tool or service provides detailed reports on estimated cost savings after migration? + - A. AWS Total Cost of Ownership (TCO) Calculator. + - B. Cost Explorer. + - C. AWS Budgets. + - D. AWS Migration Hub. +
Answer + Correct answer: C
-28. Which AWS service or feature requires an internet service provider (ISP) and a colocation facility to be implemented? - - A. AWS VPN - - B. Amazon Connect - - C. AWS Direct Connect - - D. Internet gateway - -
Answer - - Correct Answer: C - - Explanation: +40. Which AWS service provides a customized view of the health of specific AWS services that power a customer’s workloads running on AWS? + - A. AWS Service Health Dashboard. + - B. AWS X-Ray. + - C. AWS Personal Health Dashboard. + - D. Amazon CloudWatch. +
Answer + Correct answer: C
-29. Which AWS services offer compute capabilities? (Choose two.) - - A. Amazon EC2 - - B. Amazon S3 - - C. Amazon Elastic Block Store (Amazon EBS) - - D. Amazon Cognito - - E. AWS Lambda - -
Answer - - Correct Answer: AE - - Explanation: +41. One of the advantages to moving infrastructure from an on-premises data center to the AWS Cloud is: + - A. It allows the business to eliminate IT bills. + - B. It allows the business to put a server in each customer’s data center. + - C. It allows the business to focus on business activities. + - D. It allows the business to leave servers unpatched. +
Answer + Correct answer: C
-30. Which AWS service can be used to privately store and manage versions of source code? - - A. AWS CodeBuild - - B. AWS CodeCommit - - C. AWS CodePipeline - - D. AWS CodeStar - -
Answer - - Correct Answer: B - - Explanation: +42. How can an AWS user with an AWS Basic Support plan obtain technical assistance from AWS? + - A. AWS Senior Support Engineers. + - B. AWS Technical Account Managers. + - C. AWS Trusted Advisor. + - D. AWS Discussion Forums. +
Answer + Correct answer: C
-31. Which AWS service should a cloud practitioner use to identify security vulnerabilities of an AWS account? - - A. AWS Secrets Manager - - B. Amazon Cognito - - C. Amazon Macie - - D. AWS Trusted Advisor - -
Answer - - Correct Answer: D - - Explanation: +43. How can a user protect against AWS service disruptions if a natural disaster affects an entire geographic area? + - A. Deploy applications across multiple Availability Zones within an AWS Region. + - B. Use a hybrid cloud computing deployment model within the geographic area. + - C. Deploy applications across multiple AWS Regions. + - D. Store application artifacts using AWS Artifact and replicate them across multiple AWS Regions. +
Answer + Correct answer: C
-32. A company wants to ensure its infrastructure is designed for fault tolerance and business continuity in the event of an environmental disruption.
Which AWS infrastructure component should the company replicate across? - - A. Edge locations - - B. Availability Zones - - C. Regions - - D. Amazon Route 53 - -
Answer - - Correct Answer: B - - Explanation: +44. Which activity is a customer responsibility in the AWS Cloud according to the AWS shared responsibility model? + - A. Ensuring network connectivity from AWS to the internet. + - B. Patching and fixing flaws within the AWS Cloud infrastructure. + - C. Ensuring the physical security of cloud data centers. + - D. Ensuring Amazon EBS volumes are backed up. +
Answer + Correct answer: D
-33. Which AWS service or feature is used to send both text and email messages from distributed applications? - - A. Amazon Simple Notification Service (Amazon SNS) - - B. Amazon Simple Email Service (Amazon SES) - - C. Amazon CloudWatch alerts - - D. Amazon Simple Queue Service (Amazon SQS) - -
Answer - - Correct Answer: A - - Explanation: +45. In which scenario should Amazon EC2 Spot Instances be used? + - A. A company wants to move its main website to AWS from an on-premises web server. + - B. A company has a number of application services whose Service Level Agreement (SLA) requires 99.999% uptime. + - C. A company’s heavily used legacy database is currently running on-premises. + - D. A company has a number of infrequent, interruptible jobs that are currently using On-Demand Instances. +
Answer + Correct answer: D
-34. Which AWS Cloud design principles can help increase reliability? (Choose two.) - - A. Using monolithic architecture - - B. Measuring overall efficiency - - C. Testing recovery procedures - - D. Adopting a consumption model - - E. Automatically recovering from failure - -
Answer - - Correct Answer: CE - - Explanation: +46. A customer is deploying a new application and needs to choose an AWS Region. Which of the following factors could influence the customer’s decision? (Select TWO) + - A. Reduced latency to users. + - B. The application’s presentation in the local language. + - C. Data sovereignty compliance. + - D. Cooling costs in hotter climates. + - E. Proximity to the customer’s office for on-site visits. +
Answer + Correct answer: A, C
-35. A company is planning to launch an ecommerce site in a single AWS Region to a worldwide user base.
Which AWS services will allow the company to reach users and provide low latency and high transfer speeds? (Choose two.) - - A. Application Load Balancer - - B. AWS Global Accelerator - - C. AWS Direct Connect - - D. Amazon CloudFront - - E. AWS Lambda - -
Answer - - Correct Answer: AD - - Explanation: +47. Which AWS service provides alerts when an AWS event may impact a company’s AWS resources? + - A. AWS Personal Health Dashboard. + - B. AWS Service Health Dashboard. + - C. AWS Trusted Advisor. + - D. AWS Infrastructure Event Management. +
Answer + Correct answer: A
-36. A company wants to connect to AWS over a private, low-latency connection from its remote office.
What is the recommended method to meet these requirements? - - A. Create a VPN tunnel - - B. Connect across the public internet - - C. Use VPC peering to create a connection. - - D. Use AWS Direct Connect. - -
Answer - - Correct Answer: D - - Explanation: +48. Which disaster recovery scenario offers the lowest probability of down time? + - A. Backup and restore. + - B. Pilot light. + - C. Warm standby. + - D. Multi-site active-active. +
Answer + Correct answer: D
-37. Which AWS service can be used to retrieve compliance reports on demand? - - A. AWS Secrets Manager - - B. AWS Artifact - - C. AWS Security Hub - - D. AWS Certificate Manager - -
Answer - - Correct Answer: B - - Explanation: +49. Which service’s PRIMARY purpose is software version control? + - A. Amazon CodeStar. + - B. AWS Command Line Interface (AWS CLI). + - C. Amazon Cognito. + - D. AWS CodeCommit. +
Answer + Correct answer: D
-38. A company has an AWS-hosted website located behind an Application Load Balancer. The company wants to safeguard the website from SQL injection or cross-site scripting.
Which AWS service should the company use? - - A. Amazon GuardDuty - - B. AWS WAF - - C. AWS Trusted Advisor - - D. Amazon Inspector - -
Answer - - Correct Answer: B - - Explanation: - -
- -39. How should a web application be deployed to ensure high availability in the AWS Cloud? - - A. Deploy multiple instances of the application in multiple Availability Zones. - - B. Deploy multiple instances of the application in a single Availability Zone. - - C. Deploy the application to a compute-optimized Amazon EC2 instance in a single Availability Zone. - - D. Deploy the application in one Amazon EC2 instance in an Auto Scaling group. - -
Answer - - Correct Answer: A - - Explanation: - -
- -40. A company is running a self-managed Oracle database directly on Amazon EC2 for its steady-state database. The company wants to reduce compute costs.
Which option should the company use to maximize savings over a 3-year term? - - A. EC2 Dedicated Instances - - B. EC2 Spot Instances - - C. EC2 Reserved Instances - - D. EC2 On-Demand Instances - -
Answer - - Correct Answer: C - - Explanation: - -
- -41. An external auditor has requested that a company provide a list of all its IAM users, including the status of users' credentials and access keys.
What it the SIMPLEST way to provide this information? - - A. Create an IAM user account for the auditor, granting the auditor administrator permissions. - - B. Take a screenshot of each user's page in the AWS Management Console, then provide the screenshots to the auditor. - - C. Download the IAM credential report, then provide the report to the auditor. - - D. Download the AWS Trusted Advisor report, then provide the report to the auditor. - -
Answer - - Correct Answer: C - - Explanation: - -
- -42. What are the benefits of consolidated billing for AWS Cloud services? (Choose two.) - - A. Volume discounts - - B. A minimal additional fee for use - - C. One bill for multiple accounts - - D. Installment payment options - - E. Custom cost and usage budget creation - -
Answer - - Correct Answer: AC - - Explanation: - -
- -43. A company is expecting a short-term spike in internet traffic for its application. During the traffic increase, the application cannot be interrupted. The company also needs to minimize cost and maximize flexibility.
Which Amazon EC2 instance type should the company use to meet these requirements? - - A. On-Demand Instances - - B. Spot Instances - - C. Reserved Instances - - D. Dedicated Hosts - -
Answer - - Correct Answer: B - - Explanation: - -
- -44. A company wants to track AWS resource configuration changes for compliance reasons.
Which AWS feature can be used to meet this requirement? - - A. AWS Cost and Usage Report - - B. AWS Organizations service control policies (SCPs) - - C. AWS Config rules - - D. VPC Flow Logs - -
Answer - - Correct Answer: C - - Explanation: - -
- -45. A company is building an application that needs to deliver images and videos globally with minimal latency.
Which approach can the company use to accomplish this in a cost effective manner? - - A. Deliver the content through Amazon CloudFront. - - B. Store the content on Amazon S3 and enable S3 cross-region replication. - - C. Implement a VPN across multiple AWS Regions. - - D. Deliver the content through AWS PrivateLink. - -
Answer - - Correct Answer: A - - Explanation: - -
- -46. The AWS IAM best practice for granting least privilege is to: - - A. apply an IAM policy to an IAM group and limit the size of the group. - - B. require multi-factor authentication (MFA) for all IAM users. - - C. require each IAM user who has different permissions to have multiple passwords. - - D. apply an IAM policy only to IAM users who require it. - -
Answer - - Correct Answer: D - - Explanation: - -
- -47. Which cloud computing benefit does AWS demonstrate with its ability to offer lower variable costs as a result of high purchase volumes? - - A. Pay-as-you-go pricing - - B. High availability - - C. Global reach - - D. Economies of scale - -
Answer - - Correct Answer: D - - Explanation: - -
- -48. A pharmaceutical company operates its infrastructure in a single AWS Region. The company has thousands of VPCs in a various AWS accounts that it wants to interconnect.
Which AWS service or feature should the company use to help simplify management and reduce operational costs? - - A. VPC endpoint - - B. AWS Direct Connect - - C. AWS Transit Gateway - - D. VPC peering - -
Answer - - Correct Answer: C - - Explanation: - -
- -49. How can AWS enable a company to control expenses as an application's usage changes unpredictably? - - A. AWS will refund the cost difference if a customer moves to larger servers. - - B. The application can be built to scale up or down automatically as resources are needed - - C. Spot instances will automatically be used if the price is lower than on-demand instances. - - D. Amazon CloudWatch will automatically predict what resources are needed. - -
Answer - - Correct Answer: B - -
- -50. Which AWS service or feature can be used to prevent SQL injection attacks? - - A. Security groups - - B. Network ACLs - - C. AWS WAF - - D. IAM policy - -
Answer - - Correct Answer: C - - Explanation: - +50. How can a customer increase security to AWS account logons? (Select TWO) + - A. Configure AWS Certificate Manager + - B. Enable Multi-Factor Authentication (MFA) + - C. Use Amazon Cognito to manage access + - D. Configure a strong password policy + - E. Enable AWS Organizations +
Answer + Correct answer: B, D
Please feel free to comment below if any information is inaccurate or if any answers need correction. diff --git a/practice-exam/practice-exam-12.md b/practice-exam/practice-exam-12.md new file mode 100644 index 0000000..fe01834 --- /dev/null +++ b/practice-exam/practice-exam-12.md @@ -0,0 +1,475 @@ +# Practice Exam 12 + +Click on the **Answer** button for the correct answer and its explanation. + +If this practice exam has been helpful to you please share it with others and react to this below. + +--- + +1. Which of the following components of the AWS Global Infrastructure consists of one or more discrete data centers interconnected through low latency links? + - A. Availability Zone + - B. Edge location + - C. Region + - D. Private networking + +
Answer + Correct answer: A +
+ +2. One benefit of On-Demand Amazon Elastic Compute Cloud (Amazon EC2) pricing is: + - A. The ability to bid for a lower hourly cost. + - B. Paying a daily rate regardless of time used. + - C. Paying only for time used. + - D. Pre-paying for instances and paying a lower hourly rate. + +
Answer + Correct answer: C +
+ +3. What can assist in evaluating an application for migration to the cloud? (Select TWO) + - A. AWS Trusted Advisor. + - B. AWS Professional Services. + - C. AWS Systems Manager. + - D. AWS Partner Network (APN). + - E. AWS Secrets Manager. + +
Answer + Correct answer: B, D +
+ +4. A characteristic of edge locations is that they: + - A. Host Amazon EC2 instances closer to users. + - B. Help lower latency and improve performance for users. + - C. Cache frequently changing data without reaching the origin server. + - D. Refresh data changes daily. + +
Answer + Correct answer: C +
+ +5. Which of the following are valid ways for a customer to interact with AWS services? (Select TWO) + - A. Command line interface. + - B. On-premises. + - C. Software Development Kits. + - D. Software-as-a-service. + - E. Hybrid. + +
Answer + Correct answer: A, C +
+ +6. What is a value proposition of the AWS Cloud? + - A. AWS is responsible for security in the AWS Cloud. + - B. No long-term contract is required. + - C. Provision new servers in days. + - D. AWS manages user applications in the AWS Cloud. + +
Answer + Correct answer: A +
+ +7. A company is migrating an application that is running non-interruptible workloads for a three-year time frame. Which pricing construct would provide the MOST cost-effective solution? + - A. Amazon EC2 Spot Instances. + - B. Amazon EC2 Dedicated Instances. + - C. Amazon EC2 On-Demand Instances. + - D. Amazon EC2 Reserved Instances. + +
Answer + Correct answer: D +
+ +8. Which AWS service is used to track record, and audit configuration changes made to AWS resources? + - A. AWS Shield. + - B. AWS Config. + - C. AWS IAM. + - D. Amazon Inspector. + +
Answer + Correct answer: B +
+ +9. Which feature of the AWS Cloud will support an international company’s requirement for low latency to all of its customers? + - A. Fault tolerance. + - B. Global reach. + - C. Pay-as-you-go pricing. + - D. High availability. + +
Answer + Correct answer: B +
+ +10. How can one AWS account use Reserved Instances from another AWS account? + - A. By using Amazon EC2 Dedicated Instances. + - B. By using AWS Organizations consolidated billing. + - C. By using the AWS Cost Explorer tool. + - D. By using AWS Budgets. + +
Answer + Correct answer: B +
+ +11. What are the benefits of developing and running a new application in the AWS Cloud compared to on-premises? (Select TWO) + - A. AWS automatically distributes the data globally for higher durability. + - B. AWS will take care of operating the application. + - C. AWS makes it easy to architect for high availability. + - D. AWS can easily accommodate application demand changes. + - E. AWS takes care of application security patching. + +
Answer + Correct answer: C, E +
+ +12. Which of the following services falls under the responsibility of the customer to maintain operating system configuration, security patching, and networking? + - A. Amazon RDS. + - B. Amazon EC2. + - C. Amazon ElastiCache. + - D. AWS Fargate. + +
Answer + Correct answer: B +
+ +13. AWS supports which of the following methods to add security to Identity and Access Management (IAM) users? (Select TWO) + - A. Implementing Amazon Rekognition. + - B. Using AWS Shield-protected resources. + - C. Blocking access with Security Groups. + - D. Using Multi-Factor Authentication (MFA). + - E. Enforcing password strength and expiration. + +
Answer + Correct answer: D, E +
+ +14. Which service provides a hybrid storage service that enables on-premises applications to seamlessly use cloud storage? + - A. Amazon Glacier + - B. AWS Snowball + - C. AWS Storage Gateway + - D. Amazon Elastic Block Storage (Amazon EBS) + +
Answer + Correct answer: C +
+ +15. Where should a company go to search software listings from independent software vendors to find, test, buy and deploy software that runs on AWS? + - A. AWS Marketplace. + - B. Amazon Lumberyard. + - C. AWS Artifact. + - D. Amazon CloudSearch. + +
Answer + Correct answer: A +
+ +16. Which of the following is a component of the AWS Global Infrastructure? + - A. Amazon Alexa. + - B. AWS Regions. + - C. Amazon Lightsail. + - D. AWS Organizations. + +
Answer + Correct answer: B +
+ +17. Which Amazon EC2 pricing model adjusts based on supply and demand of EC2 instances? + - A. On-Demand Instances. + - B. Reserved Instances. + - C. Spot Instances. + - D. Convertible Reserved Instances. + +
Answer + Correct answer: C +
+ +18. A company wants to migrate its applications to a VPC on AWS These applications will need to access on-premises resources. What combination of actions will enable the company to accomplish this goals? (Select TWO) + - A. Use the AWS Service Catalog to identify a list of on-premises resources that can be migrated + - B. Build a VPN connection between an on-premises device and a virtual private gateway in the new VPC + - C. Use Amazon Athena to query data from the on-premises database servers + - D. Connect the company’s on-premises data center to AWS using AWS Direct Connect + - E. Leverage Amazon CloudFront to restrict access to static web content provided through the company’s on-premises web servers + +
Answer + Correct answer: A, B +
+ +19. A Cloud Practitioner must determine if any security groups in an AW account have been provisioned to allow unrestricted access for specific ports What is the SIMPLEST way to do this? + - A. Review the inbound rules for each security group in the Amazon EC2 management console to check for port 0.0.0.0/0. + - B. Run AWS Trusted Advisor and review the findings. + - C. Open the AWS IAM console and check the inbound rule filters for open access. + - D. In AWS Config, create a custom rule that invokes an AWS Lambda function to review firewall rules for inbound access. + +
Answer + Correct answer: B +
+ +20. Which of the following security-related services does AWS offer? (Select TWO) + - A. Multi-factor authentication physical tokens. + - B. AWS Trusted Advisor security checks. + - C. Data encryption. + - D. Automated penetration testing. + - E. Amazon S3 copyrighted content detection. + +
Answer + Correct answer: B, C +
+ +21. Which of the following services have Distributed Denial of Service (DDoS) mitigation features? (Select TWO) + - A. AWS WAF. + - B. Amazon DynamoDB. + - C. Amazon EC2. + - D. Amazon CloudFront. + - E. Amazon Inspector. + +
Answer + Correct answer: A, D +
+ +22. Which of the following AWS features enables a user to launch a pre-configured Amazon Elastic Compute Cloud (Amazon EC2) instance? + - A. Amazon Elastic Block Store (Amazon EBS). + - B. Amazon Machine Image. + - C. Amazon EC2 Systems Manager. + - D. Amazon AppStream 2.0. + +
Answer + Correct answer: B +
+ +23. A solution that is able to support growth in users, traffic, or data size with no drop in performance aligns with which cloud architecture principle? + - A. Think parallel. + - B. Implement elasticity. + - C. Decouple your components. + - D. Design for failure. + +
Answer + Correct answer: B +
+ +24. Which AWS Cloud benefit eliminates the need for users to try estimating future infrastructure usage? + - A. Easy and fast deployment of applications in multiple Regions around the world. + - B. Security of the AWS Cloud. + - C. Elasticity of the AWS Cloud. + - D. Lower variable costs due to massive economies of scale. + +
Answer + Correct answer: C +
+ +25. What can users access from AWS Artifact? + - A. AWS security and compliance documents. + - B. A download of configuration management details for all AWS resources. + - C. Training materials for AWS services. + - D. A security assessment of the applications deployed in the AWS Cloud. + +
Answer + Correct answer: A +
+ +26. Compared with costs in traditional and virtualized data centers, AWS has: + - A. Greater variable costs and greater upfront costs. + - B. Fixed usage costs and lower upfront costs. + - C. Lower variable costs and greater upfront costs. + - D. Lower variable costs and lower upfront costs. + +
Answer + Correct answer: D +
+ +27. Which AWS service would a customer use with a static website to achieve tower latency and high transfer speeds? + - A. AWS Lambda. + - B. Amazon DynamoDB Accelerator. + - C. Amazon Route 53. + - D. Amazon CloudFront. + +
Answer + Correct answer: D +
+ +28. How do Amazon EC2 Auto Scaling groups help achieve high availability for a web application? + - A. They automatically add more instances across multiple AWS Regions based on global demand of the application. + - B. They automatically add or replace instances across multiple Availability Zones when the application needs it. + - C. They enable the application’s stalk: content to reside closer to end users. + - D. They are able to distribute incoming requests across a tier of web server instances. + +
Answer + Correct answer: B +
+ +29. Which of the following can limit Amazon Simple Storage Service (Amazon S3) bucket access to specific users? + - A. A public and private key-pair. + - B. Amazon Inspector. + - C. AWS Identity and Access Management (IAM) policies. + - D. Security Groups. + +
Answer + Correct answer: C +
+ +30. How should a customer forecast the future costs for running a new web application? + - A. Amazon Aurora Backtrack. + - B. Amazon CloudWatch Billing Alarms. + - C. AWS Simple Monthly Calculator. + - D. AWS Cost and Usage report. + +
Answer + Correct answer: C +
+ +31. Where are AWS compliance documents, such as an SOC 1 report, located? + - A. Amazon Inspector. + - B. AWS CloudTrail. + - C. AWS Artifact. + - D. AWS Certificate Manager. + +
Answer + Correct answer: C +
+ +32. Which of the following tasks is the responsibility of AWS? + - A. Encrypting client-side data. + - B. Configuring AWS Identity and Access Management (IAM) roles. + - C. Securing the Amazon EC2 hypervisor. + - D. Setting user password policies. + +
Answer + Correct answer: C +
+ +33. Under the shared responsibility model which of the following areas are the customer’s responsibility? (Select TWO) + - A. Firmware upgrades of network infrastructure. + - B. Patching of operating systems. + - C. Patching of the underlying hypervisor. + - D. Physical security of data centers. + - E. Configuration of the security group. + +
Answer + Correct answer: B, C +
+ +34. A company is looking for a scalable data warehouse solution. Which of the following AWS solutions would meet the company’s needs? + - A. Amazon Simple Storage Service (Amazon S3). + - B. Amazon DynamoDB. + - C. Amazon Kinesis. + - D. Amazon Redshift. + +
Answer + Correct answer: D +
+ +35. Much AWS services provide a way to extend an on-premises architecture to the AWS Cloud? (Select TWO) + - A. Amazon EBS. + - B. AWS Direct Connect. + - C. Amazon CloudFront. + - D. AWS Storage Gateway. + - E. Amazon Connect. + +
Answer + Correct answer: B, D +
+ +36. What are the advantages of the AWS Cloud (Select TWO) + - A. Fixed rate monthly cost. + - B. No need to guess capacity requirements. + - C. Increased speed to market. + - D. Increased upfront capital expenditure. + - E. Physical access to cloud data centers. + +
Answer + Correct answer: B, D +
+ +37. How can the AWS Cloud increase user workforce productivity after migration from an on-premises data center? + - A. Users do not have to wait for infrastructure provisioning. + - B. The AWS Cloud infrastructure is much faster than an on-premises data center infrastructure. + - C. AWS takes over application configuration management on behalf of users. + - D. Users do not need to address security and compliance issues. + +
Answer + Correct answer: A +
+ +38. Which of the following services could be used to deploy an application to servers running on-premises? (Select TWO) + - A. AWS Elastic Beanstalk. + - B. AWS OpsWorks. + - C. AWS CodeDeploy. + - D. AWS Batch. + - E. AWS X-Ray. + +
Answer + Correct answer: B, C +
+ +39. What is an example of agility in the AWS Cloud? + - A. Access to multiple instance types. + - B. Access to managed services. + - C. Using Consolidated Billing to produce one bill. + - D. Decreased acquisition time for new compute resources. + +
Answer + Correct answer: D +
+ +40. Which AWS security service protects applications from distributed denial of service attacks with always-on detection and automatic inline mitigations? + - A. Amazon Inspector. + - B. AWS Web Application Firewall (AWS WAF). + - C. Elastic Load Balancing (ELB). + - D. AWS Shield. + +
Answer + Correct answer: B +
+ +41. Which of the following are advantages of AWS consolidated billing? (Choose two) + - A. The ability to receive one bill for multiple accounts. + - B. Service limits increasing by default in all accounts. + - C. A fixed discount on the monthly bill. + - D. Potential volume discounts, as usage in all accounts is combined. + - E. The automatic extension of the master account’s AWS support plan to all accounts. + +
Answer + Correct answer: A, D +
+ +42. A company is considering using AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes. Which service should the company use? + - A. Amazon Redshift. + - B. Amazon DynamoDB. + - C. Amazon Elastic Compute Cloud (Amazon EC2) with Amazon EC2 instance store. + - D. Amazon EC2 with Amazon Elastic Block Store (Amazon EBS). + +
Answer + Correct answer: D +
+ +43. Which type of mirroring does SPAN technology perform? + - A. Remote mirroring over Layer 2. + - B. Remote mirroring over Layer 3. + - C. Local mirroring over Layer 2. + - D. Local mirroring over Layer 3. + +
Answer + Correct answer: C +
+ +44. Your customer wants to grant restricted proxy rights to their HR Department to act on behalf of employees belonging to their legal entity. How can you perform this requirement? There are 2 correct answers to this question. + - A. Use the Manage Permission Roles tool to grant proxy rights to the HR Department. + - B. Fill the PROXY column of the Basic Import template to match the requirements and import the file using the Import Employee Data tool. + - C. Use the Proxy Management tool to configure the requested proxy assignments. + - D. Fill the Basic Import template with the requested proxy configuration and import the file using the Import and Export Data tool. + +
Answer + Correct answer: B, C +
+ +45. Which two statements about configuring a traffic monitoring session are true? (Choose two) + - A. You can set a local VM as a traffic destination. + - B. You can have up to two active monitoring sessions simultaneously. + - C. An unlimited number of monitoring session can be stored. + - D. A newly created monitoring session is enabled by default. + - E. A destination port can also be a source port within the same session. + - F. A vHBA can be a source for either an Ethernet or Fibre Channel monitoring session, but not both. + +
Answer + Correct answer: B, F +
+ +Please feel free to comment below if any information is inaccurate or if any answers need correction. + +[ Exam List](../practice-exam/exams.md) diff --git a/practice-exam/practice-exam-13.md b/practice-exam/practice-exam-13.md new file mode 100644 index 0000000..8686361 --- /dev/null +++ b/practice-exam/practice-exam-13.md @@ -0,0 +1,691 @@ +# Practice Exam 13 + +Click on the **Answer** button for the correct answer and its explanation. + +If this practice exam has been helpful to you please share it with others and react to this below. + +--- + +1. The use of what AWS feature or service allows companies to track and categorize spending on a detailed level? + - A. Cost allocation tags + - B. Consolidated billing + - C. AWS Budgets + - D. AWS Marketplace + +
Answer + + Correct Answer: A + + Explanation: + +
+ +1. Which service stores objects, provides real-time access to those objects, and offers versioning and lifecycle capabilities? + - A. Amazon Glacier + - B. AWS Storage Gateway + - C. Amazon S3 + - D. Amazon EBS + +
Answer + + Correct Answer: C + + Explanation: + +
+ +1. What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty practice area ? + - A. AWS Enterprise Support + - B. AWS Solutions Architects + - C. AWS Professional Services + - D. AWS Account Managers + +
Answer + + Correct Answer: C + + Explanation: + +
+ +1. A customer would like to design and build a new workload on AWS Cloud but does not have the AWS- related software technical expertise in-hous.
Which of the following AWS programs can a customer take advantage of to achieve that outcome? + - A. AWS Partner Network Technology Partners + - B. AWS Marketplace + - C. AWS Partner Network Consulting Partners + - D. AWS Service Catalog + +
Answer + + Correct Answer: C + +
+ +1. Distributing workloads across multiple Availability Zones supports which cloud architecture design principle? + - A. Implement automation. + - B. Design for agility. + - C. Design for failure. + - D. Implement elasticity. + +
Answer + + Correct Answer: C + +
+ +1. Which AWS services can host a Microsoft SQL Server database? (Select TWO) + - A. Amazon EC2 + - B. Amazon Relational Database Service (Amazon RDS) + - C. Amazon Aurora + - D. Amazon Redshift + - E. Amazon S3 + +
Answer + + Correct Answer: AB + + Explanation: + +
+ +1. Which of the following inspects AWS environments to find opportunities that can save money for users and also improve system performance ? + - A. AWS Cost Explorer + - B. AWS Trusted Advisor + - C. Consolidated billing + - D. Detailed billing + +
Answer + + Correct Answer: B + +
+ +1. Which of the following Amazon EC2 pricing models allow customers to use existing server-bound software license ? + - A. Spot Instances + - B. Reserved Instances + - C. Dedicated Hosts + - D. On-Demand Instances + +
Answer + + Correct Answer: C + + Explanation: + +
+ +1. Which AWS characteristics make AWS cost effective for a workload with dynamic user demand? (Select TWO) + - A. High availability + - B. Shared security model + - C. Elasticity + - D. Pay-as-you-go pricing + - E. Reliability + +
Answer + + Correct Answer: CD + +
+ +1. Which service enables risk auditing by continuously monitoring and logging account activity, including user actions in the AWS Management Console and AWS SDKs? + - A. Amazon CloudWatch + - B. AWS CloudTrail + - C. AWS Config + - D. AWS Health + +
Answer + + Correct Answer: B + + Explanation: + +
+ +1. Which of the following are characteristics of Amazon S3? (Select TWO.) + - A. A global file system + - B. An object store + - C. A local file store + - D. A network file system + - E. A durable storage system + +
Answer + + Correct Answer: BE + +
+ +1. Which services can be used across hybrid AWS Cloud architectures? (Select TWO.) + - A. Amazon Route 53 + - B. Virtual Private Gateway + - C. Classic Load Balancer + - D. Auto Scaling + - E. Amazon CloudWatch default metrics + +
Answer + + Correct Answer: AE + + Explanation: + - + - You can also use CloudWatch in hybrid cloud architectures by using the CloudWatch Agent or API to monitor your on-premises resources + +
+ +1. What costs are included when comparing AWS Total Cost of Ownership (TCO) with on-premises TCO? + - A. Project management + - B. Antivirus software licensing + - C. Data center security + - D. Software development + +
Answer + + Correct Answer: C + + Explanation: + +
+ +1. A company is considering using AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes.
Which service should the company use? + - A. Amazon Redshift + - B. Amazon DynamoDB + - C. Amazon Elastic Compute Cloud (Amazon EC2) with Amazon EC2 instance store + - D. Amazon EC2 with Amazon Elastic Block Store (Amazon EBS) + +
Answer + + Correct Answer: D + +
+ +1. Which of the following is a correct relationship between regions, Availability Zones, and edge locations? + - A. Data centers contain regions. + - B. Regions contain Availability Zones. + - C. Availability Zones contain edge locations. + - D. Edge locations contain regions. + +
Answer + + Correct Answer: B + + Explanation: + +
+ +1. Which AWS tools assist with estimating costs? (Select three.) + - A. Detailed billing report + - B. Cost allocation tags + - C. AWS Simple Monthly Calculator + - D. AWS Total Cost of Ownership (TCO) Calculator + - E. Cost Eliminator + +
Answer + + Correct Answer: BCD + + Explanation: + +
+ +1. Which of the following are advantages of AWS consolidated billing? (Select TWO.) + - A. The ability to receive one bill for multiple accounts + - B. Service limits increasing by default in all accounts + - C. A fixed discount on the monthly bill + - D. Potential volume discounts, as usage in all accounts is combined + - E. The automatic extension of the master account's AWS support plan to all accounts + +
Answer + + Correct Answer: AD + + Explanation: + +
+ +1. Which of the following Reserved Instance (RI) pricing models provides the highest average savings compared to On-Demand pricing? + - A. One-year, No Upfront, Standard RI pricing + - B. One-year, All Upfront, Convertible RI pricing + - C. Three-year, All Upfront, Standard RI pricing + - D. Three-year, No Upfront, Convertible RI pricing + +
Answer + + Correct Answer: C + + Explanation: + +
+ +1. Compared with costs in traditional and virtualized data centers, AWS has: + - A. greater variable costs and greater upfront costs. + - B. fixed usage costs and lower upfront costs. + - C. lower variable costs and greater upfront costs. + - D. lower variable costs and lower upfront costs. + +
Answer + + Correct Answer: D + + Explanation: (10) + +
+ +1. A characteristic of edge locations is that they: + - A. host Amazon EC2 instances closer to users. + - B. help lower latency and improve performance for users. + - C. cache frequently changing data without reaching the origin server. + - D. refresh data changes daily. + +
Answer + + Correct Answer: B + +
+ +1. Which of the following can limit Amazon Storage Service (Amazon S3) bucket access to specific users? + - A. A public and private key-pair + - B. Amazon Inspector + - C. AWS Identity and Access Management (IAM) policies + - D. Security Groups + +
Answer + + Correct Answer: C + + Explanation: + +
+ +1. Which of the following security-related actions are available at no cost? + - A. Calling AWS Support + - B. Contacting AWS Professional Services to request a workshop + - C. Accessing forums, blogs, and whitepapers + - D. Attending AWS classes at a local university + +
Answer + + Correct Answer: C + +
+ +1. Which of the Reserved Instance (RI) pricing models can change the attributes of the RI as long as the exchange results in the creation of RIs of equal or greater value? + - A. Dedicated RIs + - B. Scheduled RIs + - C. Convertible RIs + - D. Standard RIs + +
Answer + + Correct Answer: C + + Explanation: + +
+ +1. Which AWS feature will reduce the customer's total cost of ownership (TCO)? + - A. Shared responsibility security model + - B. Single tenancy + - C. Elastic computing + - D. Encryption + +
Answer + + Correct Answer: C + +
+ +1. Which of the following services will automatically scale with an expected increase in web traffic? + - A. AWS CodePipeline + - B. Elastic Load Balancing + - C. Amazon EBS + - D. AWS Direct Connect + +
Answer + + Correct Answer: B + + Explanation: + +
+ +1. Where are AWS compliance documents, such as an SOC 1 report, located? + - A. Amazon Inspector + - B. AWS CloudTrail + - C. AWS Artifact + - D. AWS Certificate Manager + +
Answer + + Correct Answer: C + + Explanation: + +
+ +1. Under the AWS shared responsibility model, which of the following activities are the customer's responsibility? (Select TWO.) + - A. Patching operating system components for Amazon Relational Database Server (Amazon RDS) + - B. Encrypting data on the client-side + - C. Training the data center staff + - D. Configuring Network Access Control Lists (ACL) + - E. Maintaining environmental controls within a data center + +
Answer + + Correct Answer: BD + + Explanation: + +
+ +1. Which is a recommended pattern for designing a highly available architecture on AWS? + - A. Ensure that components have low-latency network connectivity. + - B. Run enough Amazon EC2 instances to operate at peak load. + - C. Ensure that the application is designed to accommodate failure of any single component. + - D. Use a monolithic application that handles all operations. + +
Answer + + Correct Answer: C + +
+ +1. According to best practices, how should an application be designed to run in the AWS Cloud? + - A. Use tighly coupled components. + - B. Use loosely coupled components. + - C. Use infrequently coupled components. + - D. Use frequently coupled components. + +
Answer + + Correct Answer: B + + Explanation: + +
+ +1. AWS supports which of the following methods to add security to Identity and Access Management (IAM) users? (Select TWO.) + - A. Implementing Amazon Rekognition + - B. Using AWS Shield-protected resources + - C. Blocking access with Security Groups + - D. Using Multi-Factor Authentication (MFA) + - E. Enforcing password strength and expiration + +
Answer + + Correct Answer: DE + +
+ +1. Which AWS services should be used for read/write of constantly changing data? (Select TWO.) + - A. Amazon Glacier + - B. Amazon RDS + - C. AWS Snowball + - D. Amazon Redshift + - E. Amazon EFS + +
Answer + + Correct Answer: BE + +
+ +1. What is one of the advantages of the Amazon Relational Database Service (Amazon RDS)? + - A. It simplifies relational database administration tasks. + - B. It provides 99.99999999999% reliability and durability. + - C. It automatically scales databases for loads. + - D. It enabled users to dynamically adjust CPU and RAM resources. + +
Answer + + Correct Answer: A + + Explanation: + - In the main RDS page though, Lower administrative burden is listed as part of the benefits. + - + +
+ +1. A customer needs to run a MySQL database that easily scales.
Which AWS service should they use? + - A. Amazon Aurora + - B. Amazon Redshift + - C. Amazon DynamoDB + - D. Amazon ElastiCache + +
Answer + + Correct Answer: A + + Explanation: + +
+ +1. Which of the following components of the AWS Global Infrastructure consists of one or more discrete data centers interconnected through low latency links? + - A. Availability Zone + - B. Edge location + - C. Region + - D. Private networking + +
Answer + + Correct Answer: A + + Explanation: + +
+ +1. Which of the following is a shared control between the customer and AWS? + - A. Providing a key for Amazon S3 client-side encryption + - B. Configuration of an Amazon EC2 instance + - C. Environmental controls of physical AWS data centers + - D. Awareness and training + +
Answer + + Correct Answer: D + + Explanation: + +
+ +1. How many Availability Zones should compute resources be provisioned across to achieve high availability? + - A. A minimum of one + - B. A minimum of two + - C. A minimum of three + - D. A minimum of four or more + +
Answer + + Correct Answer: B + +
+ +1. One of the advantages to moving infrastructure from an on-premises data center to the AWS Cloud is: + - A. it allows the business to eliminate IT bills. + - B. it allows the business to put a server in each customer's data center. + - C. it allows the business to focus on business activities. + - D. it allows the business to leave servers unpatched. + +
Answer + + Correct Answer: C + +
+ +1. What is the lowest-cost, durable storage option for retaining database backups for immediate retrieval? + - A. Amazon S3 + - B. Amazon Glacier + - C. Amazon EBS + - D. Amazon EC2 Instance Store + +
Answer + + Correct Answer: A + +
+ +1. Which AWS IAM feature allows developers to access AWS services through the AWS CLI? + - A. API keys + - B. Access keys + - C. User names/Passwords + - D. SSH keys + +
Answer + + Correct Answer: B + + Explanation: + +
+ +1. Which of the following is a fast and reliable NoSQL database service? + - A. Amazon Redshift + - B. Amazon RDS + - C. Amazon DynamoDB + - D. Amazon S3 + +
Answer + + Correct Answer: C + + Explanation: + +
+ +1. What is an example of agility in the AWS Cloud? + - A. Access to multiple instance types + - B. Access to managed services + - C. Using Consolidated Billing to produce one bill + - D. Decreased acquisition time for new compute resources + +
Answer + + Correct Answer: D + + Explanation: + +
+ +1. Which service should a customer use to consolidate and centrally manage multiple AWS accounts? + - A. AWS IAM + - B. AWS Organizations + - C. AWS Schema Conversion Tool + - D. AWS Config + +
Answer + + Correct Answer: B + + Explanation: + +
+ +1. What approach to transcoding a large number of individual video files adheres to AWS architecture principles? + - A. Using many instances in parallel + - B. Using a single large instance during off-peak hours + - C. Using dedicated hardware + - D. Using a large GPU instance type + +
Answer + + Correct Answer: A + + Explanation: + +
+ +1. For which auditing process does AWS have sole responsibility? + - A. AWS IAM policies + - B. Physical security + - C. Amazon S3 bucket policies + - D. AWS CloudTrail Logs + +
Answer + + Correct Answer: B + +
+ +1. Which feature of the AWS Cloud will support an international company's requirement for low latency to all of its customers? + - A. Fault tolerance + - B. Global reach + - C. Pay-as-you-go pricing + - D. High availability + +
Answer + + Correct Answer: B + + Explanation: + - Global Reach will support an international company using Cloud-Front. + +
+ +1. Which of the following is the customer's responsibility under the AWS shared responsibility model? + - A. Patching underlying infrastructure + - B. Physical security + - C. Patching Amazon EC2 instances + - D. Patching network infrastructure + +
Answer + + Correct Answer: C + + Explanation: + +
+ +1. A customer is using multiple AWS accounts with separate billing.
How can the customer take advantage of volume discounts with minimal impact to the AWS resources? + - A. Create one global AWS acount and move all AWS resources to tha account. + - B. Sign up for three years of Reserved Instance pricing up front. + - C. Use the consolidated billing feature from AWS Organizations. + - D. Sign up for the AWS Enterprise support plan to get volume discounts. + +
Answer + + Correct Answer: C + + Explanation: + +
+ +1. Which of the following are features of Amazon CloudWatch Logs? (Select TWO.) + - A. Summaries by Amazon Simple Notification Service (Amazon SNS) + - B. Free Amazon Elasticsearch Service analytics + - C. Provided at no charge + - D. Real-time monitoring + - E. Adjustable retention + +
Answer + + Correct Answer: DE + +
+ +1. Which of the following is an AWS managed Domain Name System (DNS) web service? + - A. Amazon Route 53 + - B. Amazon Neptune + - C. Amazon SageMaker + - D. Amazon Lightsail + +
Answer + + Correct Answer: A + + Explanation: + +
+ +1. A customer is deploying a new application and needs to choose an AWS Region.
Which of the following factors could influence the customer's decision? (Select TWO.) + - A. Reduced latency to users + - B. The application's presentation in the local language + - C. Data sovereignty compliance + - D. Cooling costs in hotter climates + - E. Proximity to the customer's office for on-site visits + +
Answer + + Correct Answer: AC + +
+ +Please feel free to comment below if any information is inaccurate or if any answers need correction. + +[ Exam List](../practice-exam/exams.md) diff --git a/practice-exam/practice-exam-14.md b/practice-exam/practice-exam-14.md new file mode 100644 index 0000000..7f64a4b --- /dev/null +++ b/practice-exam/practice-exam-14.md @@ -0,0 +1,854 @@ +# Practice Exam 14 + +Click on the **Answer** button for the correct answer and its explanation. + +If this practice exam has been helpful to you please share it with others and react to this below. + +--- + +1. Which storage service can be used as a low-cost option for hosting static websites? + - A. Amazon Glacier + - B. Amazon DynamoDB + - C. Amazon Elastic File System (Amazon EFS) + - D. Amazon Simple Storage Service (Amazon S3) + +
Answer + + Correct Answer: D + + Explanation: + +
+ +2. Which Amazon EC2 instance pricing model can provide discounts of up to 90%? + - A. Reserved Instances + - B. On-Demand + - C. Dedicated Hosts + - D. Spot Instances + +
Answer + + Correct Answer: D + + Explanation: + +
+ +3. What is the AWS customer responsible for according to the AWS shared responsibility model? + - A. Physical access controls + - B. Data encryption + - C. Secure disposal of storage devices + - D. Environmental risk management + +
Answer + + Correct Answer: B + +
+ +4. Which of the following AWS Cloud services can be used to run a customer-managed relational database? + - A. Amazon EC2 + - B. Amazon Route 53 + - C. Amazon ElastiCache + - D. Amazon DynamoDB + +
Answer + + Correct Answer: A + +
+ +5. A company is looking for a scalable data warehouse solution.
Which of the following AWS solutions would meet the company's needs? + - A. Amazon Simple Storage Service (Amazon S3) + - B. Amazon DynamoDB + - C. Amazon Kinesis + - D. Amazon Redshift + +
Answer + + Correct Answer: D + + Explanation: + +
+ +6. Which statement best describes Elastic Load Balancing? + - A. It translates a domain name into an IP address using DNS. + - B. It distributes incoming application traffic across one or more Amazon EC2 instances. + - C. It collects metrics on connected Amazon EC2 instances. + - D. It automatically adjusts the number of Amazon EC2 instances to support incoming traffic. + +
Answer + + Correct Answer: B + + Explanation: + +
+ +7. Which of the following are valid ways for a customer to interact with AWS services? (Select TWO.) + - A. Command line interface + - B. On-premises + - C. Software Development Kits + - D. Software-as-a-service + - E. Hybrid + +
Answer + + Correct Answer: AC + +
+ +8. The AWS Cloud's multiple Regions are an example of: + - A. agility. + - B. global infrastructure. + - C. elasticity. + - D. pay-as-you-go pricing. + +
Answer + + Correct Answer: B + +
+ +9. Which of the following AWS services can be used to serve large amounts of online video content with the lowest possible latency? (Select TWO.) + - A. AWS Storage Gateway + - B. Amazon S3 + - C. Amazon Elastic File System (EFS) + - D. Amazon Glacier + - E. Amazon CloudFront + +
Answer + + Correct Answer: BE + + Explanation: + - + - + +
+ +10. Web servers running on Amazon EC2 access a legacy application running in a corporate data center.
What term would describe this model? + - A. Cloud-native + - B. Partner network + - C. Hybrid architecture + - D. Infrastructure as a service + +
Answer + + Correct Answer: C + + Explanation: + +
+ +11. What is the benefit of using AWS managed services, such as Amazon ElastiCache and Amazon Relational Database Service (Amazon RDS)? + - A. They require the customer to monitor and replace failing instances. + - B. They have better performance than customer-managed services. + - C. They simplify patching and updating underlying OSs. + - D. They do not require the customer to optimize instance type or size selections. + +
Answer + + Correct Answer: D + + Explanation: + - + - Amazon RDS provides a selection of instance types optimized to fit different relational database use cases. + - Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your database. + - Each instance type includes several instance sizes, allowing you to scale your database to the requirements of your target workload. + +
+ +12. Which service provides a virtually unlimited amount of online highly durable object storage? + - A. Amazon Redshift + - B. Amazon Elastic File System (Amazon EFS) + - C. Amazon Elastic Container Service (Amazon ECS) + - D. Amazon S3 + +
Answer + + Correct Answer: D + + Explanation: + +
+ +13. Which of the following Identity and Access Management (IAM) entities is associated with an access key ID and secret access key when using AWS Command Line Interface (AWS CLI)? + - A. IAM group + - B. IAM user + - C. IAM role + - D. IAM policy + +
Answer + + Correct Answer: B + + Explanation: + - Access keys are long-term credentials for an IAM user or the AWS account root user. + - You can use access keys to sign programmatic requests to the AWS CLI or API (directly or using the AWS SDK). + - For more information, see Signing AWS API Requests in the Amazon Web Services General Reference. + +
+ +14. Which of the following security-related services does AWS offer? (Select TWO.) + - A. Multi-factor authentication physical tokens + - B. AWS Trusted Advisor security checks + - C. Data encryption + - D. Automated penetration testing + - E. Amazon S3 copyrighted content detection + +
Answer + + Correct Answer: BC + + Explanation: + - Penetration testing is not correct, because it can be done by customers on their own resources. + +
+ +15. Which AWS managed service is used to host databases? + - A. AWS Batch + - B. AWS Artifact + - C. AWS Data Pipeline + - D. Amazon RDS + +
Answer + + Correct Answer: D + + Explanation: + - Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. + - It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. + - It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. + + Reference: + +
+ +16. Which AWS service provides a simple and scalable shared file storage solution for use with Linux-based AWS and on-premises servers? + - A. Amazon S3 + - B. Amazon Glacier + - C. Amazon EBS + - D. Amazon EFS + +
Answer + + Correct Answer: D + + Explanation: + - Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. + - It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. + - Amazon EFS is designed to provide the throughput, IOPS, and low latency needed for Linux workloads. + - Throughput and IOPS scale as a file system grows and can burst to higher throughput levels for short periods of time to support the unpredictable performance needs of file workloads. + - For the most demanding workloads, Amazon EFS can support performance over 10 GB/sec and up to 500,000 IOPS. + +
+ +17. When architecting cloud applications, which of the following are a key design principle? + - A. Use the largest instance possible + - B. Provision capacity for peak load + - C. Use the Scrum development process + - D. Implement elasticity + +
Answer + + Correct Answer: D + + Explanation: + - "Provisioning for peaks" is a characteristic of a traditional computing environment, per the AWS Best Practices: "you provision capacity based on an estimate of a theoretical maximum peak." + - + +
+ +18. Which AWS service should be used for long-term, low-cost storage of data backups? + - A. Amazon RDS + - B. Amazon Glacier + - C. AWS Snowball + - D. AWS EBS + +
Answer + + Correct Answer: B + + Explanation: + - Amazon S3 Glacier is a secure, durable, and low-cost storage class of S3 for data archiving and long-term backup. Customers can store large or small amounts of data for as little as $0.004 per gigabyte per month. + - The S3 Glacier storage class is ideal for archives where data is regularly retrieved and some of the data may be needed in minutes. + - Amazon RDS is a relational database service that hosts databases. It helps you create and manage databases. + - Amazon Snowball is a petabyte-scale data transfer service that provides cost efficient data transfer to AWS from tamper proof physical devices. Similarly, Elastic block storage offers persistent block storage volumes for EC2 instances. + + Reference: + +
+ +19. Which task is AWS responsible for in the shared responsibility model for security and compliance? + - A. Granting access to individuals and services + - B. Encrypting data in transit + - C. Updating Amazon EC2 host firmware + - D. Updating operating systems + +
Answer + + Correct Answer: B + + Explanation: + - AWS Compliance enables customers to establish and operate in an AWS security control environment The shared responsibility model is part of AWS Compliance + - The Security of the cloud is managed by Amazon AWS provider + - The Security in the cloud is responsibility of the customer + - The customer is responsible for their information and data, their secure transmission, integrity, and encryption Also, the customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2 + - AWS customers retain control and ownership of their data + - The AWS network provides significant protection against traditional network security issues and the customer can implement further protection + + Reference: + +
+ +20. Where should a company go to search software listings from independent software vendors to find, test, buy and deploy software that runs on AWS? + - A. AWS Marketplace + - B. Amazon Lumberyard + - C. AWS Artifact + - D. Amazon CloudSearch + +
Answer + + Correct Answer: A + + Explanation: + - AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS. + + Reference: + +
+ +21. Which of the following is a benefit of using the AWS Cloud? + - A. Permissive security removes the administrative burden. + - B. Ability to focus on revenue-generating activities. + - C. Control over cloud network hardware. + - D. Choice of specific cloud hardware vendors. + +
Answer + + Correct Answer: B + + Explanation: + - Developer and IT staff productivity accounted for nearly 30% of overall financial benefits. + - The remaining benefits were driven by the flexibility and agility of Amazon cloud infrastructure services, which make it easier to trial new business models, support revenue-generating applications, and provide more reliable services to end users. + + Reference: + +
+ +22. When performing a cost analysis that supports physical isolation of a customer workload, which compute hosting model should be accounted for in the Total Cost of Ownership (TCO)? + - A. Dedicated Hosts + - B. Reserved Instances + - C. On-Demand Instances + - D. No Upfront Reserved Instances + +
Answer + + Correct Answer: A + + Explanation: + - Use Dedicated Hosts to launch Amazon EC2 instances on physical servers that are dedicated for your use. + - Dedicated Hosts give you additional visibility and control over how instances are placed on a physical server, and you can reliably use the same physical server over time. + - As a result, Dedicated Hosts enable you to use your existing server-bound software licenses like Windows Server and address corporate compliance and regulatory requirements. + +
+ +23. Which AWS service provides the ability to manage infrastructure as code? + - A. AWS CodePipeline + - B. AWS CodeDeploy + - C. AWS Direct Connect + - D. AWS CloudFormation + +
Answer + + Correct Answer: D + + Explanation: + - AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. + - CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. + - This file serves as the single source of truth for your cloud environment. + + Reference: + +
+ +24. If a customer needs to audit the change management of AWS resources, which of the following AWS services should the customer use? + - A. AWS Config + - B. AWS Trusted Advisor + - C. Amazon CloudWatch + - D. Amazon Inspector + +
Answer + + Correct Answer: A + + Explanation: + - AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. + - Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. + - With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. + - This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. + + Reference: + +
+ +25. What is Amazon CloudWatch? + - A. A code repository with customizable build and team commit features. + - B. A metrics repository with customizable notification thresholds and channels. + - C. A security configuration repository with threat analytics. + - D. A rule repository of a web application firewall with automated vulnerability prevention features. + +
Answer + + Correct Answer: B + + Explanation: + - Amazon CloudWatch is basically a metrics repository. + - An AWS service -- such as Amazon EC2 -- puts metrics into the repository, and you retrieve statistics based on those metrics. + - If you put your own custom metrics into the repository, you can retrieve statistics on these metrics as well. + + Reference: cloudwatch_architecture.html + +
+ +26. Which service allows a company with multiple AWS accounts to combine its usage to obtain volume discounts? + - A. AWS Server Migration Service + - B. AWS Organizations + - C. AWS Budgets + - D. AWS Trusted Advisor + +
Answer + + Correct Answer: B + + Explanation: + - use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. + - Every organization in AWS Organizations has a master account that pays the charges of all the member accounts. + - Consolidated billing has the following benefits: + - One bill You get one bill for multiple accounts. + - Easy tracking You can track the charges across multiple accounts and download the combined cost and usage data. + - Combined usage You can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with individual standalone accounts. For more information, see Volume Discounts. + - No extra fee Consolidated billing is offered at no additional cost. + +
+ +27. Which of the following services could be used to deploy an application to servers running on-premises? (Select TWO.) + - A. AWS Elastic Beanstalk + - B. AWS OpsWorks + - C. AWS CodeDeploy + - D. AWS Batch + - E. AWS X-Ray + +
Answer + + Correct Answer: BC + + Explanation: + - + - + +
+ +28. Which Amazon EC2 pricing model adjusts based on supply and demand of EC2 instances? + - A. On-Demand Instances + - B. Reserved Instances + - C. Spot Instances + - D. Convertible Reserved Instances + +
Answer + + Correct Answer: C + + Explanation: + - In the new model, the Spot prices are more predictable, updated less frequently, and are determined by supply and demand for Amazon EC2 spare capacity, not bid prices. + + Reference: + +
+ +29. Which design principles for cloud architecture are recommended when re-architecting a large monolithic application? (Select TWO.) + - A. Use manual monitoring. + - B. Use fixed servers. + - C. Implement loose coupling. + - D. Rely on individual components. + - E. Design for scalability. + +
Answer + + Correct Answer: CE + +
+ +30. Which is the MINIMUM AWS Support plan that allows for one-hour target response time for support cases? + - A. Enterprise + - B. Business + - C. Developer + - D. Basic + +
Answer + + Correct Answer: B + + Explanation: + +
+ +31. Where can AWS compliance and certification reports be downloaded? + - A. AWS Artifact + - B. AWS Concierge + - C. AWS Certificate Manager + - D. AWS Trusted Advisor + +
Answer + + Correct Answer: A + + Explanation: + - WS Artifact is your go-to, central resource for compliance-related information that matters to you. + - It provides on-demand access to AWS's security and compliance reports and select online agreements. + - The AWS SOC 2 report is particularly helpful for completing questionnaires because it provides a comprehensive description of the implementation and operating effectiveness of AWS security controls. + - Another useful document is the Executive Briefing within the AWS FedRAMP Partner Package. + + Reference: + +
+ +32. Which AWS service provides a customized view of the health of specific AWS services that power a customer's workloads running on AWS? + - A. AWS Service Health Dashboard + - B. AWS X-Ray + - C. AWS Personal Health Dashboard + - D. Amazon CloudWatch + +
Answer + + Correct Answer: C + +
+ +33. Which of the following is an advantage of consolidated billing on AWS? + - A. Volume pricing qualification + - B. Shared access permissions + - C. Multiple bills per account + - D. Eliminates the need for tagging + +
Answer + + Correct Answer: A + + Explanation: + - If you have multiple standalone accounts, your charges might decrease if you add the accounts to an organization. + - AWS combines usage from all accounts in the organization to qualify you for volume pricing discounts. + + Reference: + +
+ +34. Which of the following steps should be taken by a customer when conducting penetration testing on AWS? + - A. Conduct penetration testing using Amazon Inspector, and then notify AWS support. + - B. Request and wait for approval from the customer's internal security team, and then conduct testing. + - C. Notify AWS support, and then conduct testing immediately. + - D. Request and wait for approval from AWS support, and then conduct testing. + +
Answer + + Correct Answer: B + + Explanation: + - AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services. + + Reference: + +
+ +35. Which of the following AWS features enables a user to launch a pre-configured Amazon Elastic Compute Cloud (Amazon EC2) instance? + - A. Amazon Elastic Block Store (Amazon EBS) + - B. Amazon Machine Image + - C. Amazon EC2 Systems Manager + - D. Amazon AppStream 2.0 + +
Answer + + Correct Answer: B + + Explanation: + - To use Amazon EC2, you simply: + - Select a pre-configured, templated Amazon Machine Image (AMI) to get up and running immediately. Or create an AMI containing your applications, libraries, data, and associated configuration settings. + - Configure security and network access on your Amazon EC2 instance. + - Choose which instance type(s) you want, then start, terminate, and monitor as many instances of your AMI as needed, using the web service APIs or the variety of management tools provided. + - Determine whether you want to run in multiple locations, utilize static IP endpoints, or attach persistent block storage to your instances. + - Pay only for the resources that you actually consume, like instance-hours or data transfer. + + Reference: + +
+ +36. How would an AWS customer easily apply common access controls to a large set of users? + - A. Apply an IAM policy to an IAM group. + - B. Apply an IAM policy to an IAM role. + - C. Apply the same IAM policy to all IAM users with access to the same workload. + - D. Apply an IAM policy to an Amazon Cognito user pool. + +
Answer + + Correct Answer: A + + Explanation: + - Instead of defining permissions for individual IAM users, it's usually more convenient to create groups that relate to job functions (administrators, developers, accounting, etc.). + - Next, define the relevant permissions for each group. Finally, assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group. + - That way, you can make changes for everyone in a group in just one place. As people move around in your company, you can + simply change what IAM group their IAM user belongs to. + + Reference: + +
+ +37. Which AWS Cost Management tool allows you to view the most granular data about your AWS bill? + - A. AWS Cost Explorer + - B. AWS Budgets + - C. AWS Cost and Usage report + - D. AWS Billing dashboard + +
Answer + + Correct Answer: C + + Explanation: + - The Cost & Usage Report is your one-stop-shop for accessing the most granular data about your AWS costs and usage. + - You can also load your cost and usage information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice. + + Reference: + +
+ +38. Which of the following can an AWS customer use to launch a new Amazon Relational Database Service (Amazon RDS) cluster? (Select TWO.) + - A. AWS Concierge + - B. AWS CloudFormation + - C. Amazon Simple Storage Service (Amazon S3) + - D. Amazon EC2 Auto Scaling + - E. AWS Management Console + +
Answer + + Correct Answer: BE + +
+ +39. Which of the following is an AWS Cloud architecture design principle? + - A. Implement single points of failure. + - B. Implement loose coupling. + - C. Implement monolithic design. + - D. Implement vertical scaling. + +
Answer + + Correct Answer: B + + Explanation: + - Loose coupling between services can also be done through asynchronous integration. It involves one component that generates events and another that consumes them. + - The two components do not integrate through direct point-to-point interaction, but usually through an intermediate durable storage layer. + - This approach decouples the two components and introduces additional resiliency. + - So, for example, if a process that is reading messages from the queue fails, messages can still be added to the queue to be processed when the system recovers. + + Reference: + +
+ +40. Which of the following security measures protect access to an AWS account? (Select TWO.) + - A. Enable AWS CloudTrail. + - B. Grant least privilege access to IAM users. + - C. Create one IAM user and share with many developers and users. + - D. Enable Amazon CloudFront. + - E. Activate multi-factor authentication (MFA) for privileged users. + +
Answer + + Correct Answer: BE + + Explanation: + - If you decided to create service accounts (that is, accounts used for programmatic access by applications running outside of the AWS environment) and generate access keys for them, you should create a dedicated service account for each use case. + - This will allow you to restrict the associated policy to only the permissions needed for the particular use case, limiting the blast radius if the credentials are compromised. + - For example, if a monitoring tool and a release management tool both require access to your AWS environment, create two separate service accounts with two separate policies that define the minimum set of permissions for each tool. + + Reference: + +
+ +41. Which service provides a hybrid storage service that enables on-premises applications to seamlessly use cloud storage? + - A. Amazon Glacier + - B. AWS Snowball + - C. AWS Storage Gateway + - D. Amazon Elastic Block Storage (Amazon EBS) + +
Answer + + Correct Answer: C + + Explanation: + - AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. + - These include moving tape backups to the cloud, reducing on-premises storage with cloud-backed file shares, providing low latency access to data in AWS for on- premises applications, as well as various migration, archiving, + processing, and disaster recovery use cases. + + Reference: + +
+ +42. Which of the following services falls under the responsibility of the customer to maintain operating system configuration, security patching, and networking? + - A. Amazon RDS + - B. Amazon EC2 + - C. Amazon ElastiCache + - D. AWS Fargate + +
Answer + + Correct Answer: B + + Explanation: + - The customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2. + + Reference: + +
+ +43. Which of the following is an important architectural design principle when designing cloud applications? + - A. Use multiple Availability Zones. + - B. Use tightly coupled components. + - C. Use open source software. + - D. Provision extra capacity. + +
Answer + + Correct Answer: A + + Explanation: + - Data Center resilience is practiced through Availability Zones across data centers that reduce the impact of failures. + - Fault isolation improvement can be made to traditional horizontal scaling by sharding (a method of grouping instances into groups called shards, instead of sending the traffic from all users to every node like in the traditional IT structure.) + + Reference: + +
+ +44. Which AWS support plan includes a dedicated Technical Account Manager? + - A. Developer + - B. Enterprise + - C. Business + - D. Basic + +
Answer + + Correct Answer: B + + Explanation: + - The enterprise support plans supports technical account manager. Developer and business support plans are devoid of this facility. + + Reference: + +
+ +45. Amazon Relational Database Service (Amazon RDS) offers which of the following benefits over traditional database management? + - A. AWS manages the data stored in Amazon RDS tables. + - B. AWS manages the maintenance of the operating system. + - C. AWS automatically scales up instance types on demand. + - D. AWS manages the database type. +
Answer + + Correct Answer: B + +
+ +46. Which service is best for storing common database query results, which helps to alleviate database access load? + - A. Amazon Machine Learning + - B. Amazon SQS + - C. Amazon ElastiCache + - D. Amazon EC2 Instance Store + +
Answer + + Correct Answer: C + + Explanation: + - Amazon ElastiCache for Redis is a great choice for implementing a highly available, distributed, and secure in-memory cache to decrease access latency, increase throughput, and ease the load off your relational or NoSQL databases and applications. + - ElastiCache can serve frequently requested items at sub- millisecond response times, and enables you to easily scale for higher loads without growing the costlier backend databases. + - Database query results caching, persistent session caching, and full-page caching are all popular examples of caching with ElastiCache for Redis. + + Reference: + +
+ +47. Which of the following is a component of the shared responsibility model managed entirely by AWS? + - A. Patching operating system software + - B. Encrypting data + - C. Enforcing multi-factor authentication + - D. Auditing physical data center assets + +
Answer + + Correct Answer: D + + Explanation: + - Of course, Amazon is responsible for auditing physical data center assets and resources since it is the property of Amazon Inc. Customers have no access to physical sites, hence they are not responsible for maintaining physical data center assets. + +
+ +48. Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Select TWO.) + - A. AWS Trusted Advisor + - B. AWS Online Tech Talks + - C. AWS Blog + - D. AWS Forums + - E. AWS Classroom Training + +
Answer + + Correct Answer: CE + + Explanation: + - AWS Training and Certification builds your competence, confidence, and credibility through practical cloud skills that help you innovate and build your future. + - Our content is built by experts at AWS and updated regularly so you're always learning the latest and keeping your cloud skills fresh. + - Amazon offer both digital and classroom training including private on-site training. You can choose to learn online at your own pace or learn from an accredited AWS instructor. + - Whether you're just starting out, building on existing IT skills, or sharpening your cloud knowledge, AWS Training and Certification can help you be more effective and do more in the cloud. + + Reference: + +
+ +49. Which of the following features can be configured through the Amazon Virtual Private Cloud (Amazon VPC) Dashboard? (Select TWO.) + - A. Amazon CloudFront distributions + - B. Amazon Route 53 + - C. Security Groups + - D. Subnets + - E. Elastic Load Balancing + +
Answer + + Correct Answer: CD + + Explanation: + - Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. + - You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. + - You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications. + - You can easily customize the network configuration for your Amazon VPC. + - For example, you can create a public-facing subnet for your web servers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. + - You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet. + + Reference: + +
+ +50. If each department within a company has its own AWS account, what is one way to enable consolidated billing? + - A. Use AWS Budgets on each account to pay only to budget. + - B. Contact AWS Support for a monthly bill. + - C. Create an AWS Organization from the payer account and invite the other accounts to join. + - D. Put all invoices into one Amazon Simple Storage Service (Amazon S3) bucket, load data into Amazon Redshift, and then run a billing report. + +
Answer + + Correct Answer: C + + Explanation: + +
+ +Please feel free to comment below if any information is inaccurate or if any answers need correction. + +[ Exam List](../practice-exam/exams.md) diff --git a/practice-exam/practice-exam-15.md b/practice-exam/practice-exam-15.md new file mode 100644 index 0000000..cd39373 --- /dev/null +++ b/practice-exam/practice-exam-15.md @@ -0,0 +1,891 @@ +# Practice Exam 15 + +Click on the **Answer** button for the correct answer and its explanation. + +If this practice exam has been helpful to you please share it with others and react to this below. + +--- + +1. How do customers benefit from Amazon's massive economies of scale? + - A. Periodic price reductions as the result of Amazon's operational efficiencies + - B. New Amazon EC2 instance types providing the latest hardware + - C. The ability to scale up and down when needed + - D. Increased reliability in the underlying hardware of Amazon EC2 instances + +
Answer + + Correct Answer: A + +
+ +2. Which AWS services can be used to gather information about AWS account activity? (Select TWO.) + - A. Amazon CloudFront + - B. AWS Cloud9 + - C. AWS CloudTrail + - D. AWS CloudHSM + - E. Amazon CloudWatch + +
Answer + + Correct Answer: CE + + Explanation: + - AWS offers a solution that uses AWS CloudTrail to log account activity, Amazon Kinesis to compute and stream metrics in real-time, and Amazon DynamoDB to durably store the computed data. + - Metrics are calculated for create, modify, and delete API calls for more than 60 supported AWS services. + - The solution also features a dashboard that visualizes your account activity in real-time. + + Reference: + +
+ +3. Which of the following common IT tasks can AWS cover to free up company IT resources? (Select TWO.) + - A. Patching databases software + - B. Testing application releases + - C. Backing up databases + - D. Creating database schema + - E. Running penetration tests + +
Answer + + Correct Answer: AC + +
+ +4. In which scenario should Amazon EC2 Spot Instances be used? + - A. A company wants to move its main website to AWS from an on-premises web server. + - B. A company has a number of application services whose Service Level Agreement (SLA) requires 99.999% uptime. + - C. A company's heavily used legacy database is currently running on-premises. + - D. A company has a number of infrequent, interruptible jobs that are currently using On-Demand Instances. + +
Answer + + Correct Answer: D + + Explanation: + +
+ +5. Which AWS feature should a customer leverage to achieve high availability of an application? + - A. AWS Direct Connect + - B. Availability Zones + - C. Data centers + - D. Amazon Virtual Private Cloud (Amazon VPC) + +
Answer + + Correct Answer: B + + Explanation: + - This is to achieve High Availability for any web application (in this case SwiftCode) deployed in AWS. + - The following features will be present: + - High availability across multiple instances/multiple availability zones. + - Auto Scaling of instances (scale up and scale down) based on number of requests coming in + - Additional Security to the instances/database that are in production + - No impact to end users during newer version of code deployment + - No Impact during patching the instances + +
+ +6. Which is the minimum AWS Support plan that includes Infrastructure Event Management without additional costs? + - A. Enterprise + - B. Business + - C. Developer + - D. Basic + +
Answer + + Correct Answer: B + + Explanation: + +
+ +7. Which AWS service can serve a static website? + - A. Amazon S3 + - B. Amazon Route 53 + - C. Amazon QuickSight + - D. AWS X-Ray + +
Answer + + Correct Answer: A + + Explanation: + - You can host a static website on Amazon Simple Storage Service (Amazon S3). On a static website, individual webpages include static content. + - They might also contain client-side scripts. By contrast, a dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting. + + Reference: + +
+ +8. How does AWS shorten the time to provision IT resources? + - A. It supplies an online IT ticketing platform for resource requests. + - B. It supports automatic code validation services. + - C. It provides the ability to programmatically provision existing resources. + - D. It automates the resource request process from a company's IT vendor list. + +
Answer + + Correct Answer: C + +
+ +9. What can AWS edge locations be used for? (Select TWO.) + - A. Hosting applications + - B. Delivering content closer to users + - C. Running NoSQL database caching services + - D. Reducing traffic on the server by caching responses + - E. Sending notification messages to end users + +
Answer + + Correct Answer: BD + + Explanation: + - CloudFront delivers your content through a worldwide network of data centers called edge locations. + When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. + + Reference: + +
+ +10. Which of the following can limit Amazon Simple Storage Service (Amazon S3) bucket access to specific users? + - A. A public and private key-pair + - B. Amazon Inspector + - C. AWS Identity and Access Management (IAM) policies + - D. Security Groups + +
Answer + + Correct Answer: C + + Explanation: + - To allow users to perform S3 actions on the bucket from the VPC endpoints or IP addresses, you must explicitly grant those user-level permissions. + - You can grant user-level permissions on either an AWS Identity and Access Management (IAM) policy or another statement in the bucket policy. + + Reference: + +
+ +11. A solution that is able to support growth in users, traffic, or data size with no drop in performance aligns with which cloud architecture principle? + - A. Think parallel + - B. Implement elasticity + - C. Decouple your components + - D. Design for failure + +
Answer + + Correct Answer: B + + Explanation: + +
+ +12. Which of the following tasks is the responsibility of AWS? + - A. Encrypting client-side data + - B. Configuring AWS Identity and Access Management (IAM) roles + - C. Securing the Amazon EC2 hypervisor + - D. Setting user password policies + +
Answer + + Correct Answer: C + + Explanation: + - In EC2, the AWS IaaS offering, everything from the hypervisor layer down is AWS's responsibility. + - A customer's poorly coded applications, misconfigured operating systems, or insecure firewall settings will not affect the hypervisor, it will only affect the customer's virtual machines running on that hypervisor. + + Reference: - the-cloud/ + +
+ +13. One benefit of On-Demand Amazon Elastic Compute Cloud (Amazon EC2) pricing is: + - A. the ability to bid for a lower hourly cost. + - B. paying a daily rate regardless of time used. + - C. paying only for time used. + - D. pre-paying for instances and paying a lower hourly rate. + +
Answer + + Correct Answer: C + + Explanation: + - On-Demand Capacity Reservations are priced exactly the same as their equivalent (On-Demand) instance usage. + - If a Capacity Reservation is fully utilized, you only pay for instance usage and nothing towards the Capacity Reservation + - If a Capacity Reservation is partially utilized, you pay for the instance usage and for the unused portion of the Capacity Reservation. + + Reference: + +
+ +14. An administrator needs to rapidly deploy a popular IT solution and start using it immediately.
Where can the administrator find assistance? + - A. AWS Well-Architected Framework documentation + - B. Amazon CloudFront + - C. AWS CodeCommit + - D. AWS Quick Start reference deployments + +
Answer + + Correct Answer: D + + Explanation: + - Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. + - These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately. + + Reference: + +
+ +15. Which of the following services is in the category of AWS serverless platform? + - A. Amazon EMR + - B. Elastic Load Balancing + - C. AWS Lambda + - D. AWS Mobile Hub + +
Answer + + Correct Answer: C + + Explanation: + - AWS provides a set of fully managed services that you can use to build and run serverless applications. + - Serverless applications don't require provisioning, maintaining, and administering servers for backend components such as compute, databases, storage, stream processing, message queueing, and more. + - You also no longer need to worry about ensuring application fault tolerance and availability. + - Instead, AWS handles all of these capabilities for you. Serverless platform includes: AWS lambda, Amazon S3, DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and services. + + Reference: + +
+ +16. Which services are parts of the AWS serverless platform? + - A. Amazon EC2, Amazon S3, Amazon Athena + - B. Amazon Kinesis, Amazon SQS, Amazon EMR + - C. AWS Step Functions, Amazon DynamoDB, Amazon SNS + - D. Amazon Athena, Amazon Cognito, Amazon EC2 + +
Answer + + Correct Answer: C + + Explanation: + - AWS provides a set of fully managed services that you can use to build and run serverless applications. + - Serverless applications don't require provisioning, maintaining, and administering servers for backend components such as compute, databases, storage, stream processing, message queueing, and more. You also no longer need to worry about ensuring application fault tolerance and availability. + - Instead, AWS handles all of these capabilities for you. + - Serverless platform includes: AWS lambda, Amazon S3, DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and services. + + Reference: + +
+ +17. Under the shared responsibility model, which of the following is a shared control between a customer and AWS? + - A. Physical controls + - B. Patch management + - C. Zone security + - D. Data center auditing + +
Answer + + Correct Answer: B + + Explanation: + + - Shared Controls Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. + - In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. + - Examples include: + - Patch Management AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. + - Configuration Management AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. + - Awareness & Training AWS trains AWS employees, but a customer must train their own employees. + - Customer Specific Controls which are solely the responsibility of the customer based on the application they are deploying within AWS services. + - Service and Communications Protection or Zone Security which may require a customer to route or zone data within specific security environments. + + Reference: + +
+ +18. What can AWS edge locations be used for? (Select TWO.) + - A. Hosting applications + - B. Delivering content closer to users + - C. Running NoSQL database caching services + - D. Reducing traffic on the server by caching responses + - E. Sending notification messages to end users + +
Answer + + Correct Answer: BD + + Explanation: + + - CloudFront delivers your content through a worldwide network of data centers called edge locations. + - When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. + + Reference: + +
+ +19. What technology enables compute capacity to adjust as loads change? + - A. Load balancing + - B. Automatic failover + - C. Round robin + - D. Auto Scaling + +
Answer + + Correct Answer: D + + Explanation: + - AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. + - Using AWS Auto Scaling, it's easy to setup application scaling for multiple resources across multiple services in minutes. - The service provides a simple, powerful user interface that lets you build scaling plans for resources including Amazon EC2 instances and Spot Fleets, Amazon ECS tasks, Amazon DynamoDB tables and indexes, and Amazon Aurora Replicas. + - AWS Auto Scaling makes scaling simple with recommendations that allow you to optimize performance, costs, or balance + between them. + - If you're already using Amazon EC2 Auto Scaling to dynamically scale your Amazon EC2 instances, you can now combine it with AWS Auto Scaling to scale additional resources for other AWS services. + - With AWS Auto Scaling, your applications always have the right resources at the right time. + + Reference: + +
+ +20. Which AWS services are defined as global instead of regional? (Select TWO.) + - A. Amazon Route 53 + - B. Amazon EC2 + - C. Amazon S3 + - D. Amazon CloudFront + - E. Amazon DynamoDB + +
Answer + + Correct Answer: AD + + Explanation: + +
+ +21. Which AWS service would you use to obtain compliance reports and certificates? + - A. AWS Artifact + - B. AWS Lambda + - C. Amazon Inspector + - D. AWS Certificate Manager + +
Answer + + Correct Answer: A + + Explanation: + - AWS Artifact is your go-to, central resource for compliance-related information that matters to you. + - It provides on-demand access to AWS' security and compliance reports and select online agreements. + - Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. + - Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). + + Reference: + +
+ +22. Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Select TWO.) + - A. Ensuring that application data is encrypted at rest + - B. Ensuring that AWS NTP servers are set to the correct time + - C. Ensuring that users have received security training in the use of AWS services + - D. Ensuring that access to data centers is restricted + - E. Ensuring that hardware is disposed of properly + +
Answer + + Correct Answer: AC + + Explanation: + +
+ +23. Which AWS service can be used to manually launch instances based on resource requirements? + - A. Amazon EBS + - B. Amazon S3 + - C. Amazon EC2 + - D. Amazon ECS + +
Answer + + Correct Answer: C + +
+ +24. A company is migrating an application that is running non-interruptible workloads for a three-year time frame.
Which pricing construct would provide the MOST cost-effective solution? + - A. Amazon EC2 Spot Instances + - B. Amazon EC2 Dedicated Instances + - C. Amazon EC2 On-Demand Instances + - D. Amazon EC2 Reserved Instances + +
Answer + + Correct Answer: D + +
+ +25. The financial benefits of using AWS are: (Select TWO.) + - A. reduced Total Cost of Ownership (TCO). + - B. increased capital expenditure (capex). + - C. reduced operational expenditure (opex). + - D. deferred payment plans for startups. + - E. business credit lines for stratups. + +
Answer + + Correct Answer: AC + +
+ +26. Which of the following is entirely the responsibility of AWS, according to the AWS shared responsibility model? + - A. Patching of the guest operating system + - B. Security awareness and training + - C. Physical and environmental controls + - D. Development of an IAM password policy + +
Answer + + Correct Answer: C + +
+ +27. Which AWS service allows companies to connect an Amazon VPC to an on-premises data center? + - A. AWS VPN + - B. Amazon Redshift + - C. API Gateway + - D. Amazon Direct Connect + +
Answer + + Correct Answer: D + + Explanation: + + - AWS Direct Connect enables you to securely connect your AWS environment to your on-premises data center or office location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic connection. + - AWS Direct Connect offers dedicated high speed, low latency connection, which bypasses internet service providers in your + network path. + - An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. + - AWS Direct Connect allows you to logically partition the fiber-optic connections into multiple logical connections called Virtual Local Area Networks (VLAN). + - You can take advantage of these logical connections to improve security, differentiate traffic, and achieve compliance requirements. + + Reference: + +
+ +28. A company wants to reduce the physical compute footprint that developers use to run code.
Which service would meet that need by enabling serverless architectures? + - A. Amazon Elastic Compute Cloud (Amazon EC2) + - B. AWS Lambda + - C. Amazon DynamoDB + - D. AWS CodeCommit + +
Answer + + Correct Answer: B + + Explanation: + + - AWS Lambda is an integral part of coding on AWS. It reduces physical compute footprint by utilizing aws cloud services to run code. + +
+ +29. Which AWS service provides alerts when an AWS event may impact a company's AWS resources? + - A. AWS Personal Health Dashboard + - B. AWS Service Health Dashboard + - C. AWS Trusted Advisor + - D. AWS Infrastructure Event Management + +
Answer + + Correct Answer: A + + Explanation: + + - AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. + - While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. + + Reference: + +
+ +30. Which of the following are categories of AWS Trusted Advisor? (Select TWO.) + - A. Fault Tolerance + - B. Instance Usage + - C. Infrastructure + - D. Performance + - E. Storage Capacity + +
Answer + + Correct Answer: AD + + Explanation: + + - Like your customized cloud expert, AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: cost optimization, performance, security, fault tolerance and service limits. + + Reference: + +
+ +31. Which of the following services falls under the responsibility of the customer to maintain operating system configuration, security patching, and networking? - A. Amazon RDS + - B. Amazon EC2 + - C. Amazon ElastiCache + - D. AWS Fargate + +
Answer + + Correct Answer: B + + Explanation: + + - The customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2. + + Reference: + +
+ +32. A company will be moving from an on-premises data center to the AWS Cloud.
What would be one financial difference after the move? + - A. Moving from variable operational expense (opex) to upfront capital expense (capex). + - B. Moving from upfront capital expense (capex) to variable capital expense (capex). + - C. Moving from upfront capital expense (capex) to variable operational expense (opex). + - D. Elimination of upfront capital expense (capex) and elimination of variable operational expense (opex) + +
Answer + + Correct Answer: C + +
+ +33. How should a customer forecast the future costs for running a new web application? + - A. Amazon Aurora Backtrack + - B. Amazon CloudWatch Billing Alarms + - C. AWS Simple Monthly Calculator + - D. AWS Cost and Usage report + +
Answer + + Correct Answer: D + + Explanation: + + - You can use Cost explorer which is part of Cost and Usage report to forecast future costs of running an application. + + Reference: + +
+ +34. Which is the MINIMUM AWS Support plan that provides technical support through phone calls? + - A. Enterprise + - B. Business + - C. Developer + - D. Basic + +
Answer + + Correct Answer: B + + Explanation: + + + +
+ +35. According to the AWS shared responsibility model, what is the sole responsibility of AWS? + - A. Application security + - B. Edge location management + - C. Patch management + - D. Client-side data + +
Answer + + Correct Answer: B + + Explanation: + + - Client-side data, application security is the sole responsibility of the customer. + - Patch management is a shared responsibility. That leaves us with edge location management and since this out of the control of the customer, AWS is the one responsible for it. + + Reference: + +
+ +36. Which AWS IAM feature is used to associate a set of permissions with multiple users? + - A. Multi-factor authentication + - B. Groups + - C. Password policies + - D. Access keys + +
Answer + + Correct Answer: B + + Explanation: + + - An IAM group is a collection of IAM users. You can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. + - For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. + + Reference: + +
+ +37. Which of the following are benefits of the AWS Cloud? (Choose two.) + - A. Unlimited uptime + - B. Elasticity + - C. Agility + - D. Colocation + - E. Capital expenses + +
Answer + + Correct Answer: BC + + Explanation: + + - The most celebrated benefit of AWS cloud is elasticity since you can expand the services when you experience more traffic. + - Agile developments in AWS Cloud through strategies are day by day becoming more established within the enterprises across the world. + - With so much improvement and call for optimization in the cloud, it is necessary that these strategies get established from the ground up within the organizations. + - It is highly important as already enterprises have a lot of bequest, politics and hierarchies which act as barriers in their businesses. + + Reference: + +
+ +38. Which of the following can a customer use to enable single sign-on (SSO) to the AWS Console? + - A. Amazon Connect + - B. AWS Directory Service + - C. Amazon Pinpoint + - D. Amazon Rekognition + +
Answer + + Correct Answer: B + + Explanation: + + - Single sign-on only works when used on a computer that is joined to the AWS Directory Service directory. + - It cannot be used on computers that are not joined to the directory. + + Reference: + +
+ +39. What are the multiple, isolated locations within an AWS Region that are connected by low-latency networks called? + - A. AWS Direct Connects + - B. Amazon VPCs + - C. Edge locations + - D. Availability Zones + +
Answer + + Correct Answer: D + + Explanation: + + - Each Region is completely independent. Each Availability Zone is isolated, but the Availability Zones in a Region are connected through low-latency links. + - A Local Zone is an AWS infrastructure deployment that places select services closer to your end users. + - A Local Zone is an extension of a Region that is in a different location from your Region. + - It provides a high-bandwidth backbone to the AWS infrastructure and is ideal for latency-sensitive applications, for example machine learning. + + Reference: + +
+ +40. Which of the following benefits does the AWS Compliance program provide to AWS customers? (Choose two.) + - A. It verifies that hosted workloads are automatically compliant with the controls of supported compliance frameworks. + - B. AWS is responsible for the maintenance of common compliance framework documentation. + - C. It assures customers that AWS is maintaining physical security and data protection. + - D. It ensures the use of compliance frameworks that are being used by other cloud providers. + - E. It will adopt new compliance frameworks as they become relevant to customer workloads. + +
Answer + + Correct Answer: AB + + Explanation: + +
+ +41. Which of the following services provides on-demand access to AWS compliance reports? + - A. AWS IAM + - B. AWS Artifact + - C. Amazon GuardDuty + - D. AWS KMS + +
Answer + + Correct Answer: B + + Explanation: + + - AWS Artifact is your go-to, central resource for compliance-related information that matters to you. + - It provides on-demand access to AWS' security and compliance reports and select online agreements. + - Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. + - Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). + + Reference: + +
+ +42. As part of the AWS shared responsibility model, which of the following operational controls do users fully inherit from AWS? + - A. Security management of data center + - B. Patch management + - C. Configuration management + - D. User and access management + +
Answer + + Correct Answer: D + + Explanation: + +
+ +43. When comparing AWS Cloud with on-premises Total Cost of Ownership, which expenses must be considered? (Choose two.) + - A. Software development + - B. Project management + - C. Storage hardware + - D. Physical servers + - E. Antivirus software license + +
Answer + + Correct Answer: CD + + Explanation: + +
+ +44. Under the shared responsibility model, which of the following tasks are the responsibility of the customer? (Choose two.) + - A. Maintaining the underlying Amazon EC2 hardware. + - B. Managing the VPC network access control lists. + - C. Encrypting data in transit and at rest. + - D. Replacing failed hard disk drives. + - E. Deploying hardware in different Availability Zones. + +
Answer + + Correct Answer: BC + + Explanation: + + - The hardware related jobs is the prime responsibility of AWS. VPC network access control lists is something a customer has to do himself to secure the applications. + - Encrypting data in transit and at rest is a shared responsibility in which AWS plays a part. + - All hardware related jobs have nothing to do with the customer. + + Reference: + +
+ +45. Which scenarios represent the concept of elasticity on AWS? (Choose two.) + - A. Scaling the number of Amazon EC2 instances based on traffic. + - B. Resizing Amazon RDS instances as business needs change. + - C. Automatically directing traffic to less-utilized Amazon EC2 instances. + - D. Using AWS compliance documents to accelerate the compliance process. + - E. Having the ability to create and govern environments using code. + +
Answer + + Correct Answer: AB + + Explanation: + +
+ +46. When is it beneficial for a company to use a Spot Instance? + - A. When there is flexibility in when an application needs to run. + - B. When there are mission-critical workloads. + - C. When dedicated capacity is needed. + - D. When an instance should not be stopped. + +
Answer + + Correct Answer: A + + Explanation: + + - The key to understanding spot instances is to look at the way that cloud service providers such as Amazon Web Services (AWS) operate. + - Cloud service providers invest in hardware resources and then release those resources (often on a per-hour basis) to subscribers. + - One of the problems with this business model, however, is that at any given time, there are likely to be compute resources that are not being utilized. + - These resources represent hardware capacity that AWS has paid for but are sitting idle, and not making AWS any money at the moment. + - Rather than allowing these computing resources to go to waste, AWS offers them at a substantially discounted rate, with the understanding that if someone needs those resources for running a normal EC2 instance, that instance will take priority over spot instances that are using the hardware resources at a discounted rate. + - In fact, spot instances will be stopped if the resources are needed elsewhere. + + Reference: + +
+ +47. A company is considering moving its on-premises data center to AWS. What factors should be included in doing a Total Cost of Ownership (TCO) analysis? (Choose two.) + - A. Amazon EC2 instance availability + - B. Power consumption of the data center + - C. Labor costs to replace old servers + - D. Application developer time + - E. Database engine capacity + +
Answer + + Correct Answer: BC + +
+ +48. How does AWS charge for AWS Lambda? + - A. Users bid on the maximum price they are willing to pay per hour. + - B. Users choose a 1-, 3- or 5-year upfront payment term. + - C. Users pay for the required permanent storage on a file system or in a database. + - D. Users pay based on the number of requests and consumed compute resources. + +
Answer + + Correct Answer: D + + Explanation: + + - AWS Lambda is charging its users by the number of requests for their functions and by the duration, which is the time the code needs to execute. + - When code starts running in response to an event, AWS Lambda counts a request. + - It will charge the total number of requests across all of the functions used. + - Duration is calculated by the time when your code started executing until it returns or until it is terminated, rounded up near to 100ms. + - The AWS Lambda pricing depends on the amount of memory that the user used to allocate to the function. + + Reference: + +
+ +49. What function do security groups serve related Amazon Elastic Compute Cloud (Amazon EC2) instance security? + - A. Act as a virtual firewall for the Amazon EC2 instance. + - B. Secure AWS user accounts with AWS identity and Access Management (IAM) policies. + - C. Provide DDoS protection with AWS Shield. + - D. Use Amazon CloudFront to protect the Amazon EC2 instance. + +
Answer + + Correct Answer: A + + Explanation: + + - AWS Security Groups act like a firewall for your Amazon EC2 instances controlling both inbound and outbound traffic. + - When you launch an instance on Amazon EC2, you need to assign it to a particular security group. + - After that, you can set up ports and protocols, which remain open for users and computers over the internet. + - AWS Security Groups are very flexible. You can use the default security group and still customize it according to your liking (although we don't recommend this practice because groups should be named according to their purpose.) Or you can create a security group that you want for your specific applications. + - To do this, you can write the corresponding code or use the Amazon EC2 console to make the process easier. + + Reference: + +
+ +50. Which disaster recovery scenario offers the lowest probability of down time? + - A. Backup and restore + - B. Pilot light + - C. Warm standby + - D. Multi-site active-active + +
Answer + + Correct Answer: D + + Explanation: + + - Backup and Restore: a simple, straightforward, cost-effective method that backs up and restores data as needed. + - Keep in mind that because none of your data is on standby, this method, while cheap, can be quite time-consuming. + - Pilot Light: This method keeps critical applications and data at the ready so that it can be quickly retrieved if needed. + - Warm Standby: This method keeps a duplicate version of your business' core elements running on standby at all times, which makes for a little downtime and an almost seamless transition. + - Multi-Site Solution: Also known as a Hot Standby, this method fully replicates your company's data/ applications between two or more active locations and splits your traffic/usage between them. + - If a disaster strikes, everything is simply rerouted to the unaffected area, which means you'll suffer almost zero downtime. + - However, by running two separate environments simultaneously, you will obviously incur much higher costs. + + Reference: +
+ +Please feel free to comment below if any information is inaccurate or if any answers need correction. + +[ Exam List](../practice-exam/exams.md) diff --git a/practice-exam/practice-exam-16.md b/practice-exam/practice-exam-16.md new file mode 100644 index 0000000..8ceba08 --- /dev/null +++ b/practice-exam/practice-exam-16.md @@ -0,0 +1,891 @@ +# Practice Exam 16 + +Click on the **Answer** button for the correct answer and its explanation. + +If this practice exam has been helpful to you please share it with others and react to this below. + +--- + +1. What will help a company perform a cost benefit analysis of migrating to the AWS Cloud? + - A. Cost Explorer + - B. AWS Total Cost of Ownership (TCO) Calculator + - C. AWS Simple Monthly Calculator + - D. AWS Trusted Advisor + +
Answer + + Correct Answer: B + + Explanation: + - AWS TCO calculators allow you to estimate the cost savings when using AWS and provide a detailed set of reports that can be used in executive presentations. + - The calculators also give you the option to modify assumptions that best meet your business needs. + + Reference: + +
+ +2. Which of the following provides the ability to share the cost benefits of Reserved Instances across AWS accounts? + - A. AWS Cost Explorer between AWS accounts + - B. Linked accounts and consolidated billing + - C. Amazon Elastic Compute Cloud (Amazon EC2) Reserved Instance Utilization Report + - D. Amazon EC2 Instance Usage Report between AWS accounts + +
Answer + + Correct Answer: B + + Explanation: + - The way that Reserved Instance discounts apply to accounts in an organization's consolidated billing family depends on whether Reserved Instance sharing is turned on or off for the account. + - By default, Reserved Instance sharing for all accounts in an organization is turned on. + - You can change this setting by Turning Off Reserved Instance Sharing for an account. + - The capacity reservation for a Reserved Instance applies only to the account the Reserved Instance was purchased on, regardless of whether Reserved Instance sharing is turned on or off. + + Reference: + +
+ +3. A company has multiple AWS accounts and wants to simplify and consolidate its billing process.
Which AWS service will achieve this? + - A. AWS Cost and Usage Reports + - B. AWS Organizations + - C. AWS Cost Explorer + - D. AWS Budgets + +
Answer + + Correct Answer: B + + Explanation: + - You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. + - Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) + accounts. + + Reference: + +
+ +4. A company is designing an application hosted in a single AWS Region serving end-users spread across the world. The company wants to provide the end-users low latency access to the application data.
Which of the following services will help fulfill this requirement? + - A. Amazon CloudFront + - B. AWS Direct Connect + - C. Amazon Route 53 global DNS + - D. Amazon Simple Storage Service (Amazon S3) transfer acceleration + +
Answer + + Correct Answer: A + + Explanation: + - Amazon CloudFront is a content delivery network (CDN) service that distributes data from multiple locations worldwide, providing low-latency access to end-users. + +
+ +5. Which of the following deployment models enables customers to fully trade their capital IT expenses for operational expenses? + - A. On-premises + - B. Hybrid + - C. Cloud + - D. Platform as a service + +
Answer + + Correct Answer: C + + Explanation: + - The cloud allows you to trade capital expenses (such as data centers and physical servers) for variable expenses, and only pay for IT as you consume it. + - Plus, the variable expenses are much lower than what you would pay to do it yourself because of the economies of scale. + + Reference: + +
+ +6. How is asset management on AWS easier than asset management in a physical data center? + - A. AWS provides a Configuration Management Database that users can maintain. + - B. AWS performs infrastructure discovery scans on the customer's behalf. + - C. Amazon EC2 automatically generates an asset report and places it in the customer's specified Amazon S3 bucket. + - D. Users can gather asset metadata reliably with a few API calls. + +
Answer + + Correct Answer: B + + Explanation: + - AWS assets are centrally managed through an inventory management system that stores and tracks owner, location, status, maintenance, and descriptive information for AWS-owned assets. + - Following procurement, assets are scanned and tracked, and assets undergoing maintenance are checked and monitored for + ownership, status, and resolution. + + Reference: + +
+ +7. What feature of Amazon RDS helps to create globally redundant databases? + - A. Snapshots + - B. Automatic patching and updating + - C. Cross-Region read replicas + - D. Provisioned IOPS + +
Answer + + Correct Answer: A + + Explanation: + +
+ +8. Using AWS Identity and Access Management (IAM) to grant access only to the resources needed to perform a task is a concept known as: + - A. restricted access. + - B. as-needed access. + - C. least privilege access. + - D. token access. + +
Answer + + Correct Answer: C + + Explanation: + - When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. + - Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks. + + Reference: + +
+ +9. Which methods can be used to identify AWS costs by departments? (Choose two.) + - A. Enable multi-factor authentication for the AWS account root user. + - B. Create separate accounts for each department. + - C. Use Reserved Instances whenever possible. + - D. Use tags to associate each instance with a particular department. + - E. Pay bills using purchase orders. + +
Answer + + Correct Answer: BE + + Explanation: + - Tags are key-value pairs that allow you to organize your AWS resources into groups. You can use tags to: + - Visualize information about tagged resources in one place, in conjunction with Resource Groups. + - View billing information using Cost Explorer and the AWS Cost and Usage report. + - Send notifications about spending limits using AWS Budgets. + - Use logical groupings of your resources that make sense for your infrastructure or business. + - For example, you could organize your resources by: + - Project + - Cost center + - Development environment + - Application + - Department + + Reference: + +
+ +10. Under the AWS shared responsibility model, customer responsibilities include which one of the following? + - A. Securing the hardware, software, facilities, and networks that run all products and services. + - B. Providing certificates, reports, and other documentation directly to AWS customers under NDA. + - C. Configuring the operating system, network, and firewall. + - D. Obtaining industry certifications and independent third-party attestations. + +
Answer + + Correct Answer: C + + Explanation: + +
+ +11. Which managed AWS service provides real-time guidance on AWS security best practices? + - A. AWS X-Ray + - B. AWS Trusted Advisor + - C. Amazon CloudWatch + - D. AWS Systems Manager + +
Answer + + Correct Answer: B + + Explanation: + - AWS offers premium services such as AWS Trusted Advisor, which provides real-time guidance to help you reduce cost, increase performance, and improve security. + + Reference: + +
+ +12. Which feature adds elasticity to Amazon EC2 instances to handle the changing demand for workloads? + - A. Resource groups + - B. Lifecycle policies + - C. Application Load Balancer + - D. Amazon EC2 Auto Scaling + +
Answer + + Correct Answer: D + + Explanation: + - Support for monitoring the health of each service independently, as health checks are defined at the target group level and many CloudWatch metrics are reported at the target group level. + - Attaching a target group to an Auto Scaling group enables you to scale each service dynamically based on demand. + + Reference: + +
+ +13. Under the AWS shared responsibility model, customers are responsible for which aspects of security in the cloud? (Choose two.) + - A. Visualization management + - B. Hardware management + - C. Encryption management + - D. Facilities management + - E. Firewall management + +
Answer + + Correct Answer: CE + + Explanation: + - With the basic Cloud infrastructure secured and maintained by AWS, the responsibility for what goes into the cloud falls on you. This covers both client and server side encryption and network traffic protection, security of the operating system, network, and firewall configuration, followed by application security and identity and access management. + - Firewall configuration remains the responsibility of the end user, which integrates at the platform and application management level. For example, RDS utilizes security groups, which you would be responsible for configuring and implementing. + + Reference: + +
+ +14. Which AWS hybrid storage service enables on-premises applications to seamlessly use AWS Cloud storage through standard file-storage protocols? + - A. AWS Direct Connect + - B. AWS Snowball + - C. AWS Storage Gateway + - D. AWS Snowball Edge + +
Answer + + Correct Answer: C + + Explanation: + - The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS Cloud. + - It seamlessly integrates on-premises enterprise applications and workflows with Amazon's block and object cloud storage services through industry standard storage protocols. + - It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. + - It provides an optimized data transfer mechanism and bandwidth management, which tolerates unreliable networks and minimizes the amount of data being transferred. + - It brings the security, manageability, durability, and scalability of AWS to existing enterprise environments through native integration with AWS encryption, identity management, monitoring, and storage services. Typical use cases include backup and archiving, disaster recovery, moving data to S3 for in-cloud workloads, and tiered storage. + + Reference: + +
+ +15. What is a responsibility of AWS in the shared responsibility model? + - A. Updating the network ACLs to block traffic to vulnerable ports. + - B. Patching operating systems running on Amazon EC2 instances. + - C. Updating the firmware on the underlying EC2 hosts. + - D. Updating the security group rules to block traffic to the vulnerable ports. + +
Answer + + Correct Answer: C + + Explanation: + +
+ +16. Which architectural principle is used when deploying an Amazon Relational Database Service (Amazon RDS) instance in Multiple Availability Zone mode? + - A. Implement loose coupling. + - B. Design for failure. + - C. Automate everything that can be automated. + - D. Use services, not servers. + +
Answer + + Correct Answer: B + + Explanation: + - Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. + - When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). + - Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. + - In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. + - Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention. + + Reference: + +
+ +17. What does it mean to grant least privilege to AWS IAM users? + - A. It is granting permissions to a single user only. + - B. It is granting permissions using AWS IAM policies only. + - C. It is granting AdministratorAccess policy permissions to trustworthy users. + - D. It is granting only the permissions required to perform a given task. + +
Answer + + Correct Answer: D + + Explanation: + - When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. + - Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks. + + Reference: + +
+ +18. What is a benefit of loose coupling as a principle of cloud architecture design? + - A. It facilitates low-latency request handling. + - B. It allows applications to have dependent workflows. + - C. It prevents cascading failures between different components. + - D. It allows companies to focus on their physical data center operations. + +
Answer + + Correct Answer: C + + Explanation: + - IT systems should ideally be designed in a way that reduces inter-dependencies. + - Your components need to be loosely coupled to avoid changes or failure in one of the components from affecting others. + - Your infrastructure also needs to have well defined interfaces that allow the various components to interact with each other only through specific, technology-agnostic interfaces. + - Modifying any underlying operations without affecting other components should be made possible. + + Reference: + +
+ +19. A director has been tasked with investigating hybrid cloud architecture. The company currently accesses AWS over the public internet.
Which service will facilitate private hybrid connectivity? + - A. Amazon Virtual Private Cloud (Amazon VPC) NAT Gateway + - B. AWS Direct Connect + - C. Amazon Simple Storage Service (Amazon S3) Transfer Acceleration + - D. AWS Web Application Firewall (AWS WAF) + +
Answer + + Correct Answer: B + + Explanation: + - Amazon VPC provides multiple network connectivity options for you to leverage depending on your current network designs and requirements. + - These connectivity options include leveraging either the internet or an AWS Direct Connect connection as the network backbone and terminating the connection into either AWS or user-managed network endpoints. + - Additionally, with AWS, you can choose how network routing is delivered between Amazon VPC and your networks, leveraging either AWS or user-managed network equipment and routes. + + Reference: introduction.html + +
+ +20. A company's web application currently has tight dependencies on underlying components, so when one component fails the entire web application fails.
Applying which AWS Cloud design principle will address the current design issue? + - A. Implementing elasticity, enabling the application to scale up or scale down as demand changes. + - B. Enabling several EC2 instances to run in parallel to achieve better performance. + - C. Focusing on decoupling components by isolating them and ensuring individual components can function when other components fail. + - D. Doubling EC2 computing resources to increase system fault tolerance. + +
Answer + + Correct Answer: C + +
+ +21. How can a customer increase security to AWS account logons? (Choose two.) + - A. Configure AWS Certificate Manager + - B. Enable Multi-Factor Authentication (MFA) + - C. Use Amazon Cognito to manage access + - D. Configure a strong password policy + - E. Enable AWS Organizations + +
Answer + + Correct Answer: BC + + Explanation: + - Your root account should always be protected by Multi-Factor Authentication (MFA). + - This additional layer of security helps protect against unauthorized logins to your account by requiring two factors: something you know (a password) and something you have (for example, an MFA device). + - AWS supports virtual and hardware MFA devices and U2F security keys. + - Cognito can be used as an Identity Provider (IdP), where it stores and maintains users and credentials securely for your applications, or it can be integrated with OpenID Connect, SAML, and other popular web identity providers like Amazon.com. + - Using Amazon Cognito, you can generate temporary access credentials for your clients to access AWS services, eliminating the need to store long-term credentials in client applications. + + Reference: + +
+ +22. What AWS service would be used to centrally manage AWS access across multiple accounts? + - A. AWS Service Catalog + - B. AWS Config + - C. AWS Trusted Advisor + - D. AWS Organizations + +
Answer + + Correct Answer: D + + Explanation: + - To improve control over your AWS environment, you can use AWS Organizations to create groups of accounts, and then attach policies to a group to ensure the correct policies are applied across the accounts without requiring custom scripts and manual processes. + + Reference: + +
+ +23. Which AWS service can a customer use to set up an alert notification when the account is approaching a particular dollar amount? + - A. AWS Cost and Usage reports + - B. AWS Budgets + - C. AWS Cost Explorer + - D. AWS Trusted Advisor + +
Answer + + Correct Answer: B + + Explanation: + +
+ +24. What can users access from AWS Artifact? + - A. AWS security and compliance documents + - B. A download of configuration management details for all AWS resources + - C. Training materials for AWS services + - D. A security assessment of the applications deployed in the AWS Cloud + +
Answer + + Correct Answer: A + + Explanation: + - You can use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports. + + Reference: + +
+ +25. Which is the MINIMUM AWS Support plan that provides designated Technical Account Managers? + - A. Enterprise + - B. Business + - C. Developer + - D. Basic + +
Answer + + Correct Answer: A + + Explanation: + +
+ +26. Which of the following is an AWS Well-Architected Framework design principle related to reliability? + - A. Deployment to a single Availability Zone + - B. Ability to recover from failure + - C. Design for cost optimization + - D. Perform operations as code + +
Answer + + Correct Answer: B + + Explanation: + +
+ +27. Which type of AWS storage is ephemeral and is deleted when an instance is stopped or terminated? + - A. Amazon EBS + - B. Amazon EC2 instance store + - C. Amazon EFS + - D. Amazon S3 + +
Answer + + Correct Answer: B + + Explanation: + - When you stop or terminate an instance, every block of storage in the instance store is reset. + - Therefore, your data cannot be accessed through the instance store of another instance. + + Reference: + +
+ +28. What is an advantage of using the AWS Cloud over a traditional on-premises solution? + - A. Users do not have to guess about future capacity needs. + - B. Users can utilize existing hardware contracts for purchases. + - C. Users can fix costs no matter what their traffic is. + - D. Users can avoid audits by using reports from AWS. + +
Answer + + Correct Answer: AC + + Explanation: + +
+ +29. Which of the following is an AWS-managed compute service? + - A. Amazon SWF + - B. Amazon EC2 + - C. AWS Lambda + - D. Amazon Aurora + +
Answer + + Correct Answer: C + + Explanation: + +
+ +30. Which of the following is an important architectural principle when designing cloud applications? + - A. Store data and backups in the same region. + - B. Design tightly coupled system components. + - C. Avoid multi-threading. + - D. Design for failure + +
Answer + + Correct Answer: D + + Explanation: + - There are six design principles for operational excellence in the cloud: + - Perform operations as code + - Annotate documentation + - Make frequent, small, reversible changes + - Refine operations procedures frequently + - Anticipate failure + - Learn from all operational failures + + Reference: + +
+ +31. Which mechanism allows developers to access AWS services from application code? + - A. AWS Software Development Kit + - B. AWS Management Console + - C. AWS CodePipeline + - D. AWS Config + +
Answer + + Correct Answer: A + + Explanation: + +
+ +32. Which Amazon EC2 pricing model is the MOST cost efficient for an uninterruptible workload that runs once a year for 24 hours? + - A. On-Demand Instances + - B. Reserved Instances + - C. Spot Instances + - D. Dedicated Instances + +
Answer + + Correct Answer: A + + Explanation: + - With On-Demand instances, you pay for compute capacity by the hour or the second depending on which instances you run. + - No longer-term commitments or upfront payments are needed. + - You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified per hourly rates for the instance you use. + + Reference: + +
+ +33. Which of the following services is a MySQL-compatible database that automatically grows storage as needed? + - A. Amazon Elastic Compute Cloud (Amazon EC2) + - B. Amazon Relational Database Service (Amazon RDS) for MySQL + - C. Amazon Lightsail + - D. Amazon Aurora + +
Answer + + Correct Answer: D + + Explanation: + - Amazon Aurora is a relational database service that combines the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. + - The MySQL- compatible edition of Aurora delivers up to 5X the throughput of standard MySQL running on the same hardware, and enables existing MySQL applications and tools to run without requiring modification. + - Amazon Aurora will automatically grow the size of your database volume as your database storage needs grow. + - Your volume will grow in increments of 10 GB up to a maximum of 64 TB. You don't need to provision excess storage for your database to handle future growth. + + Reference: + +
+ +34. Which Amazon Virtual Private Cloud (Amazon VPC) feature enables users to connect two VPCs together? + - A. Amazon VPC endpoints + - B. Amazon Elastic Compute Cloud (Amazon EC2) ClassicLink + - C. Amazon VPC peering + - D. AWS Direct Connect + +
Answer + + Correct Answer: C + + Explanation: + - A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. + - Instances in either VPC can communicate with each other as if they are within the same network. + - You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. + - The VPCs can be in different regions (also known as an inter-region VPC peering connection). + + Reference: + +
+ +35. Which service's PRIMARY purpose is software version control? + - A. Amazon CodeStar + - B. AWS Command Line Interface (AWS CLI) + - C. Amazon Cognito + - D. AWS CodeCommit + +
Answer + + Correct Answer: D + + Explanation: + - AWS CodeCommit is a version control service hosted by Amazon Web Services that you can use to privately store and manage assets (such as documents, source code, and binary files) in the cloud. + + Reference: + +
+ +36. A company is considering migrating its applications to AWS. The company wants to compare the cost of running the workload on-premises to running the equivalent workload on the AWS platform.
Which tool can be used to perform this comparison? + - A. AWS Simple Monthly Calculator + - B. AWS Total Cost of Ownership (TCO) Calculator + - C. AWS Billing and Cost Management console + - D. Cost Explorer + +
Answer + + Correct Answer: B + + Explanation: + - TCO calculator compare the cost of running your applications in an on-premises or colocation environment to AWS. + + Reference: + +
+ +37. Which AWS service provides a secure, fast, and cost-effective way to migrate or transport exabyte-scale datasets into AWS? + - A. AWS Batch + - B. AWS Snowball + - C. AWS Migration Hub + - D. AWS Snowmobile + +
Answer + + Correct Answer: D + + Explanation: + - AWS Snowmobile is an exabyte-scale data transfer service that can move extremely large amounts of data to AWS in a fast, secure, and cost-effective manner. + - You can transfer up to 100PB per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. - Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration. + - All data is encrypted with 256-bit encryption and you can manage your encryption keys with AWS Key Management Service (AWS KMS). + - Snowmobile includes GPS tracking, alarm monitoring, 24/7 video surveillance and an optional escort security vehicle while in transit. + + Reference: - aws-snowmobile/ + +
+ +38. Which of the following BEST describe the AWS pricing model? (Choose two.) + - A. Fixed-term + - B. Pay-as-you-go + - C. Colocation + - D. Planned + - E. Variable cost + +
Answer + + Correct Answer: BE + + Explanation: + +
+ +39. Which load balancer types are available with Elastic Load Balancing (ELB)? (Choose two.) + - A. Public load balancers with AWS Application Auto Scaling capabilities + - B. F5 Big-IP and Citrix NetScaler load balancers + - C. Classic Load Balancers + - D. Cross-zone load balancers with public and private IPs + - E. Application Load Balancers + +
Answer + + Correct Answer: CE + + Explanation: + - Elastic Load Balancing supports the following types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers. + - Amazon ECS services can use either type of load balancer. + - Application Load Balancers are used to route HTTP/HTTPS (or Layer 7) traffic. + - Network Load Balancers and Classic Load Balancers are used to route TCP (or Layer 4) traffic. + + Reference: + +
+ +40. Why should a company choose AWS instead of a traditional data center? + - A. AWS provides users with full control over the underlying resources. + - B. AWS does not require long-term contracts and provides a pay-as-you-go model. + - C. AWS offers edge locations in every country, supporting global reach. + - D. AWS has no limits on the number of resources that can be created. + +
Answer + + Correct Answer: B + + Explanation: + - AWS offers you a pay-as-you-go approach for pricing for over 160 cloud services. + - With AWS you pay only for the individual services you need, for as long as you use them, and without requiring long-term contracts or complex licensing. + - AWS pricing is similar to how you pay for utilities like water and electricity. + - You only pay for the services you consume, and once you stop using them, there are no additional costs or termination fees. + + Reference: + +
+ +41. Which solution provides the FASTEST application response times to frequently accessed data to users in multiple AWS Regions? + - A. AWS CloudTrail across multiple Availability Zones + - B. Amazon CloudFront to edge locations + - C. AWS CloudFormation in multiple regions + - D. A virtual private gateway over AWS Direct Connect + +
Answer + + Correct Answer: B + + Explanation: + - You can deliver content and decrease end-user latency of your web application using Amazon CloudFront. + - CloudFront speeds up content delivery by leveraging its global network of data centers, known as edge locations, to reduce delivery time by caching your content close to your end users. + - CloudFront fetches your content from an origin, such as an Amazon S3 bucket, an Amazon EC2 instance, an Amazon Elastic Load + Balancing load balancer or your own web server, when it's not already in an edge location. + - CloudFront can be used to deliver your entire website or application, including dynamic, static, streaming, and interactive content. + + Reference: + +
+ +42. Which AWS service provides a self-service portal for on-demand access to AWS compliance reports? + - A. AWS Config + - B. AWS Certificate Manager + - C. Amazon Inspector + - D. AWS Artifact + +
Answer + + Correct Answer: D + + Explanation: + - AWS Artifact is your go-to, central resource for compliance-related information that matters to you. + - It provides on-demand access to AWS' security and compliance reports and select online agreements. + - Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. + - Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). + + Reference: + +
+ +43. Which of the following AWS services can be used to run a self-managed database? + - A. Amazon Route 53 + - B. AWS X-Ray + - C. AWS Snowmobile + - D. Amazon Elastic Compute Cloud (Amazon EC2) + +
Answer + + Correct Answer: D + + Explanation: + +
+ +44. What exclusive benefit is provided to users with Enterprise Support? + - A. Access to a Technical Project Manager + - B. Access to a Technical Account Manager + - C. Access to a Cloud Support Engineer + - D. Access to a Solutions Architect + +
Answer + + Correct Answer: B + + Explanation: + +
+ +45. How can a user protect against AWS service disruptions if a natural disaster affects an entire geographic area? + - A. Deploy applications across multiple Availability Zones within an AWS Region. + - B. Use a hybrid cloud computing deployment model within the geographic area. + - C. Deploy applications across multiple AWS Regions. + - D. Store application artifacts using AWS Artifact and replicate them across multiple AWS Regions. + +
Answer + + Correct Answer: C + + Explanation: + - An AWS Region is a geographic location where AWS provides multiple, physically separated and isolated Availability Zones which are connected with low latency, high throughput, and highly redundant networking. + + Reference: + +
+ +46. How does AWS MOST effectively reduce computing costs for a growing start-up company? + - A. It provides on-demand resources for peak usage. + - B. It automates the provisioning of individual developer environments. + - C. It automates customer relationship management. + - D. It implements a fixed monthly computing budget. + +
Answer + + Correct Answer: A + + Explanation: + - You can continue to optimize your spend and keep your development costs low by making sure you revisit your architecture often, to adjust to your startup growth. + - Manage your cost further by leveraging different options such as S3 CloudFront for caching & offloading to reduce cost of EC2 computing, as well as Elastic Load Balancing which prepares you for massive scale, high reliability and uninterrupted growth. + - Another way to keep costs down is to use AWS Identity and Access Management solutions (IAM) to manage governance of your cost drivers effectively and by the right teams. + + Reference: + +
+ +47. A startup is working on a new application that needs to go to market quickly. The application requirements may need to be adjusted in the near future.
Which of the following is a characteristic of the AWS Cloud that would meet this specific need? + - A. Elasticity + - B. Reliability + - C. Performance + - D. Agility + +
Answer + + Correct Answer: D + + Explanation: + - Agile is a time boxed, iterative approach to software delivery that builds software incrementally from the start of the project, instead of trying to deliver it all at once near the end. + + Reference: + +
+ +48. Which AWS Support plan provides a full set of AWS Trusted Advisor checks? + - A. Business and Developer Support + - B. Business and Basic Support + - C. Enterprise and Developer Support + - D. Enterprise and Business Support + +
Answer + + Correct Answer: D + + Explanation: + +
+ +49. Which of the following services have Distributed Denial of Service (DDoS) mitigation features? (Choose two.) + - A. AWS WAF + - B. Amazon DynamoDB + - C. Amazon EC2 + - D. Amazon CloudFront + - E. Amazon Inspector + +
Answer + + Correct Answer: AD + + Explanation: + +
+ +50. When building a cloud Total Cost of Ownership (TCO) model, which cost elements should be considered for workloads running on AWS? (Choose three.) + - A. Compute costs + - B. Facilities costs + - C. Storage costs + - D. Data transfer costs + - E. Network infrastructure costs + - F. Hardware lifecycle costs + +
Answer + + Correct Answer: ACE + + Explanation: + + +
+ +Please feel free to comment below if any information is inaccurate or if any answers need correction. + +[ Exam List](../practice-exam/exams.md) diff --git a/practice-exam/practice-exam-17.md b/practice-exam/practice-exam-17.md new file mode 100644 index 0000000..ec51c5e --- /dev/null +++ b/practice-exam/practice-exam-17.md @@ -0,0 +1,829 @@ +# Practice Exam 17 + +Click on the **Answer** button for the correct answer and its explanation. + +If this practice exam has been helpful to you please share it with others and react to this below. + +--- + +1. What time-savings advantage is offered with the use of Amazon Rekognition? + - A. Amazon Rekognition provides automatic watermarking of images. + - B. Amazon Rekognition provides automatic detection of objects appearing in pictures. + - C. Amazon Rekognition provides the ability to resize millions of images automatically. + - D. Amazon Rekognition uses Amazon Mechanical Turk to allow humans to bid on object detection jobs. + +
Answer + + Correct Answer: B + + Explanation: + - Rekognition Image is an image recognition service that detects objects, scenes, and faces; extracts text; recognizes celebrities; and identifies inappropriate content in images. + - It also allows you to search and compare faces. + - Rekognition Image is based on the same proven, highly scalable, deep learning technology developed by Amazon's computer vision scientists to analyze billions of images daily for Prime Photos. + + Reference: + +
+ +2. When comparing AWS with on-premises Total Cost of Ownership (TCO), what costs are included? + - A. Data center security + - B. Business analysis + - C. Project management + - D. Operating system administration + +
Answer + + Correct Answer: A + + Explanation: + +
+ +3. According to the AWS shared responsibility model, what is AWS responsible for? + - A. Configuring Amazon VPC + - B. Managing application code + - C. Maintaining application traffic + - D. Managing the network infrastructure + +
Answer + + Correct Answer: D + + Explanation: + +
+ +4. Which service should be used to estimate the costs of running a new project on AWS? + - A. AWS TCO Calculator + - B. AWS Simple Monthly Calculator + - C. AWS Cost Explorer API + - D. AWS Budgets + +
Answer + + Correct Answer: C + + Explanation: + - To forecast your costs, use the AWS Cost Explorer. + - Use cost allocation tags to divide your resources into groups, and then estimate the costs for each group. + + Reference: + +
+ +5. Which AWS tool will identify security groups that grant unrestricted Internet access to a limited list of ports? + - A. AWS Organizations + - B. AWS Trusted Advisor + - C. AWS Usage Report + - D. Amazon EC2 dashboard + +
Answer + + Correct Answer: D + + Explanation: + +
+ +6. Which AWS service can be used to generate alerts based on an estimated monthly bill? + - A. AWS Config + - B. Amazon CloudWatch + - C. AWS X-Ray + - D. AWS CloudTrail + +
Answer + + Correct Answer: B + + Explanation: + - You can monitor your estimated AWS charges by using Amazon CloudWatch. + - When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data. + - Billing metric data is stored in the US East (N. Virginia) Region and represents worldwide charges. + - This data includes the estimated charges for every service in AWS that you use, in addition to the estimated overall total of your AWS charges. + + Reference: + +
+ +7. Which Amazon EC2 pricing model offers the MOST significant discount when compared to On-Demand Instances? + - A. Partial Upfront Reserved Instances for a 1-year term + - B. All Upfront Reserved Instances for a 1-year term + - C. All Upfront Reserved Instances for a 3-year term + - D. No Upfront Reserved Instances for a 3-year term + +
Answer + + Correct Answer: C + + Explanation: + +
+ +8. Which of the following is the responsibility of AWS? + - A. Setting up AWS Identity and Access Management (IAM) users and groups + - B. Physically destroying storage media at end of life + - C. Patching guest operating systems + - D. Configuring security settings on Amazon EC2 instances + +
Answer + + Correct Answer: B + + Explanation: + - Media storage devices used to store customer data are classified by AWS as Critical and treated accordingly, as high impact, throughout their life-cycles. + - AWS has exacting standards on how to install, service, and eventually destroy the devices when they are no longer useful. - When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. + - Media that stored customer data is not removed from AWS control until it has been securely decommissioned. + + Reference: + +
+ +9. Which of the following is an advantage of using AWS? + - A. AWS audits user data. + - B. Data is automatically secure. + - C. There is no guessing on capacity needs. + - D. AWS manages compliance needs. + +
Answer + + Correct Answer: D + + Explanation: + - AWS manages dozens of compliance programs in its infrastructure. + - This means that segments of your compliance have already been completed. + + Reference: + +
+ +10. Which AWS service would a customer use with a static website to achieve lower latency and high transfer speeds? + - A. AWS Lambda + - B. Amazon DynamoDB Accelerator + - C. Amazon Route 53 + - D. Amazon CloudFront + +
Answer + + Correct Answer: D + + Explanation: + - Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer- friendly environment. + - CloudFront is integrated with AWS both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. + + Reference: + +
+ +11. Which services manage and automate application deployments on AWS? (Choose two.) + - A. AWS Elastic Beanstalk + - B. AWS CodeCommit + - C. AWS Data Pipeline + - D. AWS CloudFormation + - E. AWS Config + +
Answer + + Correct Answer: BC + + Explanation: + +
+ +12. A user wants guidance on possible savings when migrating from on-premises to AWS.
Which tool is suitable for this scenario? + - A. AWS Budgets + - B. Cost Explorer + - C. AWS Total Cost of Ownership (TCO) Calculator + - D. AWS Well-Architected Tool + +
Answer + + Correct Answer: C + + Explanation: + - The TCO Calculator provides directional guidance on possible realized savings when deploying AWS. + - This tool is built on an underlying calculation model, that generates a fair assessment of value that a customer may achieve given the data provided by the user. + + Reference: + +
+ +13. Which principles are used to architect applications for reliability on the AWS Cloud? (Choose two.) + - A. Design for automated failure recovery + - B. Use multiple Availability Zones + - C. Manage changes via documented processes + - D. Test for moderate demand to ensure reliability + - E. Backup recovery to an on-premises environment + +
Answer + + Correct Answer: AC + + Explanation: + +
+ +14. What tasks should a customer perform when that customer suspects an AWS account has been compromised? (Choose two.) + - A. Rotate passwords and access keys. + - B. Remove MFA tokens. + - C. Move resources to a different AWS Region. + - D. Delete AWS CloudTrail Resources. + - E. Contact AWS Support. + +
Answer + + Correct Answer: AE + + Explanation: + +
+ +15. What is an example of high availability in the AWS Cloud? + - A. Consulting AWS technical support at any time day or night + - B. Ensuring an application remains accessible, even if a resource fails + - C. Making any AWS service available for use by paying on demand + - D. Deploying in any part of the world using AWS Regions + +
Answer + + Correct Answer: B + + Explanation: + +
+ +16. Which AWS security service protects applications from distributed denial of service attacks with always-on detection and automatic inline mitigations? + - A. Amazon Inspector + - B. AWS Web Application Firewall (AWS WAF) + - C. Elastic Load Balancing (ELB) + - D. AWS Shield + +
Answer + + Correct Answer: D + + Explanation: + - AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. + - AWS Shield provides always-on detection and automatic inline mitigation's that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. + - There are two tiers of AWS Shield - Standard and Advanced. + + Reference: + +
+ +17. A company wants to monitor the CPU usage of its Amazon EC2 resources.
Which AWS service should the company use? + - A. AWS CloudTrail + - B. Amazon CloudWatch + - C. AWS Cost and Usage report + - D. Amazon Simple Notification Service (Amazon SNS) + +
Answer + + Correct Answer: B + + Explanation: + - With Basic monitoring you get data on your cloudwatch metrics every 5 minutes. + - Enabling detailed monitoring, you will get the data every one minute. + - To check if detailed monitoring is enabled, on your EC2 Console, Select the instance, on the lower plane, Select Monitoring. + + Reference: + +
+ +18. What is an AWS Identity and Access Management (IAM) role? + - A. A user associated with an AWS resource + - B. A group associated with an AWS resource + - C. An entity that defines a set of permissions for use with an AWS resource + - D. An authentication credential associated with a multi-factor authentication (MFA) token + +
Answer + + Correct Answer: C + + Explanation: + - AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. + - Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. + + Reference: + +
+ +19. What are the advantages of Reserved Instances? (Choose two.) + - A. They provide a discount over on-demand pricing. + - B. They provide access to additional instance types. + - C. They provide additional networking capability. + - D. Customers can upgrade instances as new types become available. + - E. Customers can reserve capacity in an Availability Zone. + +
Answer + + Correct Answer: AE + + Explanation: + +
+ +20. How do Amazon EC2 Auto Scaling groups help achieve high availability for a web application? + - A. They automatically add more instances across multiple AWS Regions based on global demand of the application. + - B. They automatically add or replace instances across multiple Availability Zones when the application needs it. + - C. They enable the application's static content to reside closer to end users. + - D. They are able to distribute incoming requests across a tier of web server instances. + +
Answer + + Correct Answer: B + + Explanation: + - When the unhealthy Availability Zone returns to a healthy state, Auto Scaling automatically redistributes the application instances evenly across all of the designated Availability Zones. + + Reference: + +
+ +21. How can one AWS account use Reserved Instances from another AWS account? + - A. By using Amazon EC2 Dedicated Instances + - B. By using AWS Organizations consolidated billing + - C. By using the AWS Cost Explorer tool + - D. By using AWS Budgets + +
Answer + + Correct Answer: B + + Explanation: + - The account that originally purchased the Reserved Instance receives the discount first. + - If the purchasing account doesn't have any instances that match the terms of the Reserved Instance, the discount for the Reserved Instance is assigned to any matching usage on another account in the organization. + + Reference: + +
+ +22. A customer runs an On-Demand Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6 seconds.
For how much time will the customer be billed? + - A. 3 hours, 5 minutes + - B. 3 hours, 5 minutes, and 6 seconds + - C. 3 hours, 6 minutes + - D. 4 hours + +
Answer + + Correct Answer: D + + Explanation: + +
+ +23. Which of the following AWS services provide compute resources? (Choose two.) + - A. AWS Lambda + - B. Amazon Elastic Container Service (Amazon ECS) + - C. AWS CodeDeploy + - D. Amazon Glacier + - E. AWS Organizations + +
Answer + + Correct Answer: AB + + Explanation: + +
+ +24. Which AWS service enables users to deploy infrastructure as code by automating the process of provisioning resources? + - A. Amazon GameLift + - B. AWS CloudFormation + - C. AWS Data Pipeline + - D. AWS Glue + +
Answer + + Correct Answer: B + + Explanation: + - AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. + - AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. + - This gives you a single source of truth for your AWS and third party resources. + + Reference: + +
+ +25. Which AWS services provide a way to extend an on-premises architecture to the AWS Cloud? (Choose two.) + - A. Amazon EBS + - B. AWS Direct Connect + - C. Amazon CloudFront + - D. AWS Storage Gateway + - E. Amazon Connect + +
Answer + + Correct Answer: BD + + Explanation: + +
+ +26. Which of the following allows users to provision a dedicated network connection from their internal network to AWS? + - A. AWS CloudHSM + - B. AWS Direct Connect + - C. AWS VPN + - D. Amazon Connect + +
Answer + + Correct Answer: B + + Explanation: + - AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. + - Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple virtual interfaces. + - This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. + - Virtual interfaces can be reconfigured at any time to meet your changing needs. + + Reference: + +
+ +27. Which services use AWS edge locations? (Choose two.) + - A. Amazon CloudFront + - B. AWS Shield + - C. Amazon EC2 + - D. Amazon RDS + - E. Amazon ElastiCache + +
Answer + + Correct Answer: AC + + Explanation: + +
+ +28. Which service would provide network connectivity in a hybrid architecture that includes the AWS Cloud? + - A. Amazon VPC + - B. AWS Direct Connect + - C. AWS Directory Service + - D. Amazon API Gateway + +
Answer + + Correct Answer: A + + Explanation: + - Amazon Virtual Private Cloud (Amazon VPC) is a logically isolated, private section of the AWS Cloud to launch resources in a virtual data center in the cloud. + - Amazon VPC allows you to leverage multiple Availability Zones (AZ) within a region so that you can build greater fault tolerance within your workloads. + - You have complete control. + + Reference: + +
+ +29. Which tool can be used to compare the costs of running a web application in a traditional hosting environment to running it on AWS? + - A. AWS Cost Explorer + - B. AWS Budgets + - C. AWS Cost and Usage report + - D. AWS Total Cost of Ownership (TCO) Calculator + +
Answer + + Correct Answer: D + + Explanation: + +
+ +30. What is the value of using third-party software from AWS Marketplace instead of installing third-party software on Amazon EC2? (Choose two.) + - A. Users pay for software by the hour or month depending on licensing. + - B. AWS Marketplace enables the user to launch applications with 1-Click. + - C. AWS Marketplace data encryption is managed by a third-party vendor. + - D. AWS Marketplace eliminates the need to upgrade to newer software versions. + - E. Users can deploy third-party software without testing. + +
Answer + + Correct Answer: AB + + Explanation: + +
+ +31. Which of the following is a cloud architectural design principle? + - A. Scale up, not out. + - B. Loosely couple components. + - C. Build monolithic systems. + - D. Use commercial database software. + +
Answer + + Correct Answer: B + + Explanation: + - Loosely coupled architectures reduce interdependencies, so that a change or failure in a component does not cascade to other components. + +
+ +32. Under the shared responsibility model; which of the following areas are the customer's responsibility? (Choose two.) + - A. Firmware upgrades of network infrastructure + - B. Patching of operating systems + - C. Patching of the underlying hypervisor + - D. Physical security of data centers + - E. Configuration of the security group + +
Answer + + Correct Answer: BE + + Explanation: + +
+ +33. Which service enables customers to audit and monitor changes in AWS resources? + - A. AWS Trusted Advisor + - B. Amazon GuardDuty + - C. Amazon Inspector + - D. AWS Config + +
Answer + + Correct Answer: D + + Explanation: + - AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. + - Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. + - With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. + - This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. + + Reference: + +
+ +34. Which AWS service identifies security groups that allow unrestricted access to a user's AWS resources? + - A. AWS CloudTrail + - B. AWS Trusted Advisor + - C. Amazon CloudWatch + - D. Amazon Inspector + +
Answer + + Correct Answer: B + +
+ +35. According to the AWS shared responsibility model, who is responsible for configuration management? + - A. It is solely the responsibility of the customer. + - B. It is solely the responsibility of AWS. + - C. It is shared between AWS and the customer. + - D. It is not part of the AWS shared responsibility model. + +
Answer + + Correct Answer: C + + Explanation: + - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. + + Reference: + +
+ +36. Which AWS service is a content delivery network that securely delivers data, video, and applications to users globally with low latency and high speeds? + - A. AWS CloudFormation + - B. AWS Direct Connect + - C. Amazon CloudFront + - D. Amazon Pinpoint + +
Answer + + Correct Answer: C + + Explanation: + - Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer- friendly environment. + - CloudFront is integrated with AWS both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. + + Reference: + +
+ +37. Which benefit of the AWS Cloud supports matching the supply of resources with changing workload demands? + - A. Security + - B. Reliability + - C. Elasticity + - D. High availability + +
Answer + + Correct Answer: C + + Explanation: + +
+ +38. A user is running an application on AWS and notices that one or more AWS-owned IP addresses is involved in a distributed denial-of-service (DDoS) attack.
Who should the user contact FIRST about this situation? + - A. AWS Premium Support + - B. AWS Technical Account Manager + - C. AWS Solutions Architect + - D. AWS Abuse team + +
Answer + + Correct Answer: D + + Explanation: + +
+ +39. Which of the following are benefits of hosting infrastructure in the AWS Cloud? (Choose two.) + - A. There are no upfront commitments. + - B. AWS manages all security in the cloud. + - C. Users have the ability to provision resources on demand. + - D. Users have access to free and unlimited storage. + - E. Users have control over the physical infrastructure. + +
Answer + + Correct Answer: BC + +
+ +40. What AWS service would be used to centrally manage AWS access policies across multiple accounts? + - A. AWS Service Catalog + - B. AWS Config + - C. AWS Trusted Advisor + - D. AWS Organizations + +
Answer + + Correct Answer: D + + Explanation: + - AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. + - Whether you are a growing startup or a large enterprise, Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts. + + Reference: + +
+ +41. What is AWS Trusted Advisor? + - A. It is an AWS staff member who provides recommendations and best practices on how to use AWS. + - B. It is a network of AWS partners who provide recommendations and best practices on how to use AWS. + - C. It is an online tool with a set of automated checks that provides recommendations on cost optimization, performance, and security. + - D. It is another name for AWS Technical Account Managers who provide recommendations on cost optimization, performance, and security. + +
Answer + + Correct Answer: C + + Explanation: + - AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. + - Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally. + + Reference: + +
+ +42. Which AWS service or feature allows a company to visualize, understand, and manage AWS costs and usage over time? + - A. AWS Budgets + - B. AWS Cost Explorer + - C. AWS Organizations + - D. Consolidated billing + +
Answer + + Correct Answer: B + + Explanation: + - AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. + + Reference: + +
+ +43. Which AWS service offers on-demand access to AWS security and compliance reports? + - A. AWS CloudTrail + - B. AWS Artifact + - C. AWS Health + - D. Amazon CloudWatch + +
Answer + + Correct Answer: B + + Explanation: + - AWS Artifact is your go-to, central resource for compliance-related information that matters to you. + - It provides on-demand access to AWS' security and compliance reports and select online agreements. + - Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. + - Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). + + Reference: + +
+ +44. What are the benefits of using the AWS Cloud for companies with customers in many countries around the world? (Choose two.) + - A. Companies can deploy applications in multiple AWS Regions to reduce latency. + - B. Amazon Translate automatically translates third-party website interfaces into multiple languages. + - C. Amazon CloudFront has multiple edge locations around the world to reduce latency. + - D. Amazon Comprehend allows users to build applications that can respond to user requests in many languages. + - E. Elastic Load Balancing can distribute application web traffic to multiple AWS Regions around the world, which reduces latency. + +
Answer + + Correct Answer: CD + + Explanation: + - + - + +
+ +45. Which AWS service handles the deployment details of capacity provisioning, load balancing, Auto Scaling, and application health monitoring? + - A. AWS Config + - B. AWS Elastic Beanstalk + - C. Amazon Route 53 + - D. Amazon CloudFront + +
Answer + + Correct Answer: B + + Explanation: + - Upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. + - At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time. + + Reference: + +
+ +46. Which AWS service provides inbound and outbound network ACLs to harden external connectivity to Amazon EC2? + - A. AWS IAM + - B. Amazon Connect + - C. Amazon VPC + - D. Amazon API Gateway + +
Answer + + Correct Answer: C + + Explanation: + +
+ +47. When a company provisions web servers in multiple AWS Regions, what is being increased? + - A. Coupling + - B. Availability + - C. Security + - D. Durability + +
Answer + + Correct Answer: B + + Explanation: + +
+ +48. The pay-as-you-go pricing model for AWS services: + - A. reduces capital expenditures. + - B. requires payment up front for AWS services. + - C. is relevant only for Amazon EC2, Amazon S3, and Amazon RDS. + - D. reduces operational expenditures. + +
Answer + + Correct Answer: A + + Explanation: + +
+ +49. Under the AWS shared responsibility model, AWS is responsible for which security-related task? + - A. Lifecycle management of IAM credentials + - B. Physical security of global infrastructure + - C. Encryption of Amazon EBS volumes + - D. Firewall configuration + +
Answer + + Correct Answer: B + + Explanation: + +
+ +50. Which AWS service enables users to consolidate billing across multiple accounts? + - A. Amazon QuickSight + - B. AWS Organizations + - C. AWS Budgets + - D. Amazon Forecast + +
Answer + + Correct Answer: B + + Explanation: + - You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. + - Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) + accounts. + + Reference: + +
+ +Please feel free to comment below if any information is inaccurate or if any answers need correction. + +[ Exam List](../practice-exam/exams.md) diff --git a/practice-exam/practice-exam-18.md b/practice-exam/practice-exam-18.md new file mode 100644 index 0000000..24cf9f1 --- /dev/null +++ b/practice-exam/practice-exam-18.md @@ -0,0 +1,786 @@ +# Practice Exam 18 + +Click on the **Answer** button for the correct answer and its explanation. + +If this practice exam has been helpful to you please share it with others and react to this below. + +--- + +1. Under the AWS shared responsibility model, which of the following is an example of security in the AWS Cloud? + - A. Managing edge locations + - B. Physical security + - C. Firewall configuration + - D. Global infrastructure + +
Answer + + Correct Answer: B + + Explanation: + +
+ +2. How can an AWS user with an AWS Basic Support plan obtain technical assistance from AWS? + - A. AWS Senior Support Engineers + - B. AWS Technical Account Managers + - C. AWS Trusted Advisor + - D. AWS Discussion Forums + +
Answer + + Correct Answer: C + + Explanation: + +
+ +3. Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.) + - A. Multiple Availability Zones + - B. Performance efficiency + - C. Security + - D. Encryption usage + - E. High availability + +
Answer + + Correct Answer: BC + + Explanation: + +
+ +4. After selecting an Amazon EC2 Dedicated Host reservation, which pricing option would provide the largest discount? + - A. No upfront payment + - B. Hourly on-demand payment + - C. Partial upfront payment + - D. All upfront payment + +
Answer + + Correct Answer: D + + Explanation: + +
+ +5. What is an advantage of deploying an application across multiple Availability Zones? + - A. There is a lower risk of service failure if a natural disaster causes a service disruption in a given AWS Region. + - B. The application will have higher availability because it can withstand a service disruption in one Availability Zone. + - C. There will be better coverage as Availability Zones are geographically distant and can serve a wider area. + - D. There will be decreased application latency that will improve the user experience. + +
Answer + + Correct Answer: B + + Explanation: + +
+ +6. A Cloud Practitioner is asked how to estimate the cost of using a new application on AWS.
What is the MOST appropriate response? + - A. Inform the user that AWS pricing allows for on-demand pricing. + - B. Direct the user to the AWS Simple Monthly Calculator for an estimate. + - C. Use Amazon QuickSight to analyze current spending on-premises. + - D. Use Amazon AppStream 2.0 for real-time pricing analytics. + +
Answer + + Correct Answer: B + + Explanation: + +
+ +7. A company wants to migrate its applications to a VPC on AWS. These applications will need to access on-premises resources.
What combination of actions will enable the company to accomplish this goal? (Choose two.) + - A. Use the AWS Service Catalog to identify a list of on-premises resources that can be migrated. + - B. Build a VPN connection between an on-premises device and a virtual private gateway in the new VPC. + - C. Use Amazon Athena to query data from the on-premises database servers. + - D. Connect the company's on-premises data center to AWS using AWS Direct Connect. + - E. Leverage Amazon CloudFront to restrict access to static web content provided through the company's on-premises web servers. + +
Answer + + Correct Answer: BD + + Explanation: + +
+ +8. A web application running on AWS has been spammed with malicious requests from a recurring set of IP addresses.
Which AWS service can help secure the application and block the malicious traffic? + - A. AWS IAM + - B. Amazon GuardDuty + - C. Amazon Simple Notification Service (Amazon SNS) + - D. AWS WAF + +
Answer + + Correct Answer: D + + Explanation: + - AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. + - You can use AWS WAF to define customizable web security rules that control which traffic accesses your web applications. + - If you use AWS Shield Advanced, you can use AWS WAF at no extra cost for those protected resources and can engage the DRT to create WAF rules. + + Reference: + +
+ +9. Treating infrastructure as code in the AWS Cloud allows users to: + - A. automate migration of on-premises hardware to AWS data centers. + - B. let a third party automate an audit of the AWS infrastructure. + - C. turn over application code to AWS so it can run on the AWS infrastructure. + - D. automate the infrastructure provisioning process. + +
Answer + + Correct Answer: D + + Explanation: + +
+ +10. A company requires a dedicated network connection between its on-premises servers and the AWS Cloud.
Which AWS service should be used? + - A. AWS VPN + - B. AWS Direct Connect + - C. Amazon API Gateway + - D. Amazon Connect + +
Answer + + Correct Answer: B + + Explanation: + - You can use AWS Direct Connect to establish a private virtual interface from your on-premise network directly to your Amazon VPC, providing you with a private, high bandwidth network connection between your network and your VPC. + - With multiple virtual interfaces, you can even establish private connectivity to multiple VPCs while maintaining network isolation. + + Reference: + +
+ +11. Which AWS service can be used to query stored datasets directly from Amazon S3 using standard SQL? + - A. AWS Glue + - B. AWS Data Pipeline + - C. Amazon CloudSearch + - D. Amazon Athena + +
Answer + + Correct Answer: D + + Explanation: + - Amazon Athena is defined as "an interactive query service that makes it easy to analyze data directly in Amazon Simple Storage Service (Amazon S3) using standard SQL." So, it's another SQL query engine for large data sets stored in S3. + - This is very similar to other SQL query engines, such as Apache Drill. + - But unlike Apache Drill, Athena is limited to data only from Amazon's own S3 storage service. However, Athena is able to query a variety of file formats, including, but not limited to CSV, Parquet, JSON, etc. + +
+ +12. AWS CloudFormation is designed to help the user: + - A. model and provision resources. + - B. update application code. + - C. set up data lakes. + - D. create reports for billing. + +
Answer + + Correct Answer: A + + Explanation: + - AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. + - AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. + - This gives you a single source of truth for your AWS and third party resources. + + Reference: + +
+ +13. Which of the following is an AWS database service? + - A. Amazon Redshift + - B. Amazon Elastic Block Store (Amazon EBS) + - C. Amazon S3 Glacier + - D. AWS Snowball + +
Answer + + Correct Answer: A + + Explanation: + +
+ +14. A Cloud Practitioner must determine if any security groups in an AWS account have been provisioned to allow unrestricted access for specific ports.
What is the SIMPLEST way to do this? + - A. Review the inbound rules for each security group in the Amazon EC2 management console to check for port 0.0.0.0/0. + - B. Run AWS Trusted Advisor and review the findings. + - C. Open the AWS IAM console and check the inbound rule filters for open access. + - D. In AWS Config, create a custom rule that invokes an AWS Lambda function to review rules for inbound access. + +
Answer + + Correct Answer: A + + Explanation: + +
+ +15. What are the benefits of developing and running a new application in the AWS Cloud compared to on-premises? (Choose two.) + - A. AWS automatically distributes the data globally for higher durability. + - B. AWS will take care of operating the application. + - C. AWS makes it easy to architect for high availability. + - D. AWS can easily accommodate application demand changes. + - E. AWS takes care application security patching. + +
Answer + + Correct Answer: CD + +
+ +16. A user needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances and vulnerabilities on those instances.
Which AWS service will provide this assessment report? + - A. EC2 security groups + - B. AWS Config + - C. Amazon Macie + - D. Amazon Inspector + +
Answer + + Correct Answer: D + + Explanation: + - Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. + - AmazonInspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. + - After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. + - These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API. + + Reference: + +
+ +17. How can a company isolate the costs of production and non-production workloads on AWS? + - A. Create Identity and Access Management (IAM) roles for production and non-production workloads. + - B. Use different accounts for production and non-production expenses. + - C. Use Amazon EC2 for non-production workloads and other services for production workloads. + - D. Use Amazon CloudWatch to monitor the use of services. + +
Answer + + Correct Answer: B + + Explanation: + +
+ +18. Where can users find a catalog of AWS-recognized providers of third-party security solutions? + - A. AWS Service Catalog + - B. AWS Marketplace + - C. AWS Quick Start + - D. AWS CodeDeploy + +
Answer + + Correct Answer: A + + Explanation: + - AWS Service Catalog Delivery Partners are APN Consulting Partners who help create catalogs of IT services that are approved by the customer's organization for use on AWS. + - With AWS Service Catalog, customers and partners can centrally manage commonly deployed IT services to help achieve consistent governance and meet compliance requirements while enabling users to self-provision approved services. + + Reference: + +
+ +19. A Cloud Practitioner needs to store data for 7 years to meet regulatory requirements.
Which AWS service will meet this requirement at the LOWEST cost? + - A. Amazon S3 + - B. AWS Snowball + - C. Amazon Redshift + - D. Amazon S3 Glacier + +
Answer + + Correct Answer: D + + Explanation: + - S3 Glacier Deep Archive is Amazon S3's lowest-cost storage class and supports long-term retention and digital preservation for data that may be accessed once or twice in a year. + - It is designed for customers --particularly those in highly-regulated industries, such as the Financial Services, Healthcare, and Public Sectors -- that retain data sets for 7-10 years or longer to meet regulatory compliance requirements. + - S3 Glacier Deep Archive can also be used for backup and disaster recovery use cases, and is a cost-effective and easy-to-manage alternative to magnetic tape systems, whether they are on-premises libraries or off-premises services. + + Reference: + +
+ +20. What are the immediate benefits of using the AWS Cloud? (Choose two.) + - A. Increased IT staff. + - B. Capital expenses are replaced with variable expenses. + - C. User control of infrastructure. + - D. Increased agility. + - E. AWS holds responsibility for security in the cloud. + +
Answer + + Correct Answer: CD + +
+ +21. Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS? + - A. Amazon GuardDuty + - B. Amazon Macie + - C. Amazon Inspector + - D. AWS Shield + +
Answer + + Correct Answer: B + + Explanation: + - Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. + - Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property. + - It provides you with dashboards and alerts that give visibility into how this data is being accessed or moved. + + Reference: + +
+ +22. What is the purpose of AWS Storage Gateway? + - A. It ensures on-premises data storage is 99.999999999% durable. + - B. It transports petabytes of data to and from AWS. + - C. It connects to multiple Amazon EC2 instances. + - D. It connects on-premises data storage to the AWS Cloud. + +
Answer + + Correct Answer: D + + Explanation: + - Moving data to the cloud is not quite as simple as flipping a switch. + - For companies that have managed their own data centers or server rooms for decades, there are a few steps to consider --and it's not always wise to pull the plug on an internal infrastructure quite so quickly. + - If a startup uses on-premise business servers and then experiences unexpected growth, abandoning those servers doesn't make sense (even if the long-term plan is to do exactly that). + - AWS Storage Gateway is a way to bridge this gap for companies of any size. + - It's a hybrid storage option that connects on-premise storage including age-old tape backup systems to the cloud in a way that also provides one console to access all storage configurations. + + Reference: + +
+ +23. What should users do if they want to install an application in geographically isolated locations? + - A. Install the application using multiple internet gateways. + - B. Deploy the application to an Amazon VPC. + - C. Deploy the application to multiple AWS Regions. + - D. Configure the application using multiple NAT gateways. + +
Answer + + Correct Answer: C + + Explanation: + +
+ +24. A system in the AWS Cloud is designed to withstand the failure of one or more components.
What is this an example of? + - A. Elasticity + - B. High Availability + - C. Scalability + - D. Agility + +
Answer + + Correct Answer: B + + Explanation: + +
+ +25. A Cloud Practitioner needs a consistent and dedicated connection between AWS resources and an on-premises system.
Which AWS service can fulfill this requirement? + - A. AWS Direct Connect + - B. AWS VPN + - C. Amazon Connect + - D. AWS Data Pipeline + +
Answer + + Correct Answer: A + + Explanation: + - You can use AWS Direct Connect to establish a private virtual interface from your on-premise network directly to your Amazon VPC, providing you with a private, high bandwidth network connection between your network and your VPC. + - With multiple virtual interfaces, you can even establish private connectivity to multiple VPCs while maintaining network isolation. + + Reference: + +
+ +26. Within the AWS shared responsibility model, who is responsible for security and compliance? + - A. The customer is responsible. + - B. AWS is responsible. + - C. AWS and the customer share responsibility. + - D. AWS shares responsibility with the relevant governing body. + +
Answer + + Correct Answer: C + + Explanation: + - Security and Compliance is a shared responsibility between AWS and the customer. + - This shared model can help relieve the customer's operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. + + Reference: + +
+ +27. To use the AWS CLI, users are required to generate: + - A. a password policy. + - B. an access/secret key. + - C. a managed policy. + - D. an API key. + +
Answer + + Correct Answer: C + +
+ +28. Which AWS service is used to provide encryption for Amazon EBS? + - A. AWS Certificate Manager + - B. AWS Systems Manager + - C. AWS KMS + - D. AWS Config + +
Answer + + Correct Answer: C + + Explanation: + +
+ +29. How does AWS charge for AWS Lambda usage once the free tier has been exceeded? (Choose two.) + - A. By the time it takes for the Lambda function to execute. + - B. By the number of versions of a specific Lambda function. + - C. By the number of requests made for a given Lambda function. + - D. By the programming language that is used for the Lambda function. + - E. By the total number of Lambda functions in an AWS account. + +
Answer + + Correct Answer: CE + + Explanation: + +
+ +30. Which of the following describes the relationships among AWS Regions, Availability Zones, and edge locations? (Choose two.) + - A. There are more AWS Regions than Availability Zones. + - B. There are more edge locations than AWS Regions. + - C. An edge location is an Availability Zone. + - D. There are more AWS Regions than edge locations. + - E. There are more Availability Zones than AWS Regions. + +
Answer + + Correct Answer: BE + +
+ +31. What does AWS Shield Standard provide? + - A. WAF rules + - B. DDoS protection + - C. Identity and Access Management (IAM) permissions and access to resources + - D. Data encryption + +
Answer + + Correct Answer: B + + Explanation: + - AWS Shield Standard provides protection for all AWS customers from common, most frequently occurring network and transport layer DDoS attacks that target your web site or application at no additional charge. + + Reference: + +
+ +32. A company wants to build its new application workloads in the AWS Cloud instead of using on-premises resources.
What expense can be reduced using the AWS Cloud? + - A. The cost of writing custom-built Java or Node .js code + - B. Penetration testing for security + - C. hardware required to support new applications + - D. Writing specific test cases for third-party applications. + +
Answer + + Correct Answer: C + + Explanation: + +
+ +33. What does AWS Marketplace allow users to do? (Choose two.) + - A. Sell unused Amazon EC2 Spot Instances. + - B. Sell solutions to other AWS users. + - C. Buy third-party software that runs on AWS. + - D. Purchase AWS security and compliance documents. + - E. Order AWS Snowball. + +
Answer + + Correct Answer: BC + + Explanation: + +
+ +34. What does it mean if a user deploys a hybrid cloud architecture on AWS? + - A. All resources run using on-premises infrastructure. + - B. Some resources run on-premises and some run in a colocation center. + - C. All resources run in the AWS Cloud. + - D. Some resources run on-premises and some run in the AWS Cloud. + +
Answer + + Correct Answer: D + + Explanation: + +
+ +35. Which AWS service allows users to identify the changes made to a resource over time? + - A. Amazon Inspector + - B. AWS Config + - C. AWS Service Catalog + - D. AWS IAM + +
Answer + + Correct Answer: B + + Explanation: + +
+ +36. How can a company reduce its Total Cost of Ownership (TCO) using AWS? + - A. By minimizing large capital expenditures + - B. By having no responsibility for third-party license costs + - C. By having no operational expenditures + - D. By having AWS manage applications + +
Answer + + Correct Answer: A + + Explanation: + - AWS helps you reduce Total Cost of Ownership (TCO) by reducing the need to invest in large capital expenditures and providing a pay-as-you-go model that empowers you to invest in the capacity you need and use it only when the business requires it. + + Reference: + +
+ +37. Which activity is a customer responsibility in the AWS Cloud according to the AWS shared responsibility model? + - A. Ensuring network connectivity from AWS to the internet + - B. Patching and fixing flaws within the AWS Cloud infrastructure + - C. Ensuring the physical security of cloud data centers + - D. Ensuring Amazon EBS volumes are backed up + +
Answer + + Correct Answer: D + + Explanation: + +
+ +38. What are the advantages of the AWS Cloud? (Choose two.) + - A. Fixed rate monthly cost + - B. No need to guess capacity requirements + - C. Increased speed to market + - D. Increased upfront capital expenditure + - E. Physical access to cloud data centers + +
Answer + + Correct Answer: BC + + Explanation: + +
+ +39. When comparing the total cost of ownership (TCO) of an on-premises infrastructure to a cloud architecture, what costs should be considered? (Choose two.) + - A. The credit card processing fees for application transactions in the cloud. + - B. The cost of purchasing and installing server hardware in the on-premises data. + - C. The cost of administering the infrastructure, including operating system and software installations, patches, backups, and recovering from failures. + - D. The costs of third-party penetration testing. + - E. The advertising costs associated with an ongoing enterprise-wide campaign. + +
Answer + + Correct Answer: BC + + Explanation: + +
+ +40. Which AWS feature allows a company to take advantage of usage tiers for services across multiple member accounts? + - A. Service control policies (SCPs) + - B. Consolidated billing + - C. All Upfront Reserved Instances + - D. AWS Cost Explorer + +
Answer + + Correct Answer: B + + Explanation: + +
+ +41. What is one of the customer's responsibilities according to the AWS shared responsibility model? + - A. Virtualization infrastructure + - B. Network infrastructure + - C. Application security + - D. Physical security of hardware + +
Answer + + Correct Answer: C + + Explanation: + +
+ +42. What helps a company provide a lower latency experience to its users globally? + - A. Using an AWS Region that is central to all users + - B. Using a second Availability Zone in the AWS Region that is using used + - C. Enabling caching in the AWS Region that is being used + - D. Using edge locations to put content closer to all users + +
Answer + + Correct Answer: A + + Explanation: + +
+ +43. How can the AWS Cloud increase user workforce productivity after migration from an on-premises data center? + - A. Users do not have to wait for infrastructure provisioning. + - B. The AWS Cloud infrastructure is much faster than an on-premises data center infrastructure. + - C. AWS takes over application configuration management on behalf of users. + - D. Users do not need to address security and compliance issues. + +
Answer + + Correct Answer: A + + Explanation: + +
+ +44. Which AWS service provides a quick and automated way to create and manage AWS accounts? + - A. AWS QuickSight + - B. Amazon Lightsail + - C. AWS Organizations + - D. Amazon Connect + +
Answer + + Correct Answer: C + + Explanation: + +
+ +45. Which Amazon RDS feature can be used to achieve high availability? + - A. Multiple Availability Zones + - B. Amazon Reserved Instances + - C. Provisioned IOPS storage + - D. Enhanced monitoring + +
Answer + + Correct Answer: A + + Explanation: + - Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. + - Amazon RDS uses several different technologies to provide failover support. + - Multi-AZ deployments for Oracle, PostgreSQL, MySQL, and MariaDB DB instances use Amazon's failover technology. + - SQL Server DB instances use SQL Server Database Mirroring (DBM). + + Reference: + +
+ +46. Where should users report that AWS resources are being used for malicious purposes? + - A. AWS Abuse team + - B. AWS Shield + - C. AWS Support + - D. AWS Developer Forums + +
Answer + + Correct Answer: A + + Explanation: + +
+ +47. Which AWS service needs to be enabled to track all user account changes within the AWS Management Console? + - A. AWS CloudTrail + - B. Amazon Simple Notification Service (Amazon SNS) + - C. VPC Flow Logs + - D. AWS CloudHSM + +
Answer + + Correct Answer: A + + Explanation: + - AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. + - With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. + - CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. + - This event history simplifies security analysis, resource change tracking, and troubleshooting. + - In addition, you can use CloudTrail to detect unusual activity in your AWS accounts. + - These capabilities help simplify operational analysis and troubleshooting. + + Reference: + +
+ +48. What is an AWS Cloud design best practice? + - A. Tight coupling of components + - B. Single point of failure + - C. High availability + - D. Overprovisioning of resources + +
Answer + + Correct Answer: A + + Explanation: + +
+ +49. Why is AWS more economical than traditional data centers for applications with varying compute workloads? + - A. Amazon Elastic Compute Cloud (Amazon EC2) costs are billed on a monthly basis. + - B. Customers retain full administrative access to their Amazon EC2 instances. + - C. Amazon EC2 instances can be launched on-demand when needed. + - D. Customers can permanently run enough instances to handle peak workloads. + +
Answer + + Correct Answer: C + + Explanation: + - The ability to launch instances on-demand when needed allows customers launch and terminate instances in response to a varying workload. + - This is a more economical practice than purchasing enough on-premises servers to handle the peak load. + +
+ +50. Which AWS service would simplify migration of a database to AWS? + - A. AWS Storage Gateway + - B. AWS Database Migration Service (AWS DMS) + - C. Amazon Elastic Compute Cloud (Amazon EC2) + - D. Amazon AppStream 2.0 + +
Answer + + Correct Answer: B + + Explanation: + +
+ +Please feel free to comment below if any information is inaccurate or if any answers need correction. + +[ Exam List](../practice-exam/exams.md) diff --git a/practice-exam/practice-exam-19.md b/practice-exam/practice-exam-19.md new file mode 100644 index 0000000..8e98925 --- /dev/null +++ b/practice-exam/practice-exam-19.md @@ -0,0 +1,757 @@ +# Practice Exam 19 + +Click on the **Answer** button for the correct answer and its explanation. + +If this practice exam has been helpful to you please share it with others and react to this below. + +--- + +1. Which AWS offering enables customers to find, buy, and immediately start using software solutions in their AWS environment? + - A. AWS Config + - B. AWS OpsWorks + - C. AWS SDK + - D. AWS Marketplace + +
Answer + + Correct Answer: D + + Explanation: + +
+ +2. Which AWS networking service enables a company to create a virtual network within AWS? + - A. AWS Config + - B. Amazon Route 53 + - C. AWS Direct Connect + - D. Amazon Virtual Private Cloud (Amazon VPC. + +
Answer + + Correct Answer: D + + Explanation: + +
+ +3. Which of the following is AWS's responsibility under the AWS shared responsibility model? + - A. Configuring third-party applications + - B. Maintaining physical hardware + - C. Securing application access and data + - D. Managing custom Amazon Machine Images (AMIs) + +
Answer + + Correct Answer: B + + Explanation: + +
+ +4. Which component of AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery? + - A. AWS Regions + - B. AWS edge locations + - C. AWS Availability Zones + - D. Amazon Virtual Private Cloud (Amazon VPC. + +
Answer + + Correct Answer: B + + Explanation: + +
+ +5. How would a system administrator add an additional layer of login security to a user's AWS Management Console? + - A. Use AWS Cloud Directory + - B. Audit AWS Identity and Access Management (IAM) roles + - C. Enable Multi-Factor Authentication + - D. Enable AWS CloudTrail + +
Answer + + Correct Answer: C + + Explanation: + +
+ +6. Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated? + - A. Amazon CloudWatch + - B. AWS CloudTrail + - C. AWS X-Ray + - D. AWS Identity and Access Management (AWS IAM) + +
Answer + + Correct Answer: B + + Explanation: + +
+ +7. Which service would you use to send alerts based on Amazon CloudWatch alarms? + - A. Amazon Simple Notification Service (Amazon SNS) + - B. AWS CloudTrail + - C. AWS Trusted Advisor + - D. Amazon Route 53 + +
Answer + + Correct Answer: A + + Explanation: + +
+ +8. Where can a customer find information about prohibited actions on AWS infrastructure? + - A. AWS Trusted Advisor + - B. AWS Identity and Access Management (IAM) + - C. AWS Billing Console + - D. AWS Acceptable Use Policy + +
Answer + + Correct Answer: D + + Explanation: + +
+ +9. Which of the following is an example of how moving to the AWS Cloud reduces upfront cost? + - A. By replacing large variable costs with lower capital investments + - B. By replacing large capital investments with lower variable costs + - C. By allowing the provisioning of compute and storage at a fixed level to meet peak demand + - D. By replacing the repeated scaling of virtual servers with a simpler fixed-scale model + +
Answer + + Correct Answer: B + + Explanation: + - AWS does not require minimum spend commitments or long-term contracts. + - You replace large upfront expenses with low variable payments that only apply to what you use. + - With AWS you are not bound to multi-year agreements or complicated licensing models. + + Reference: + +
+ +10. When designing a typical three-tier web application, which AWS services and/or features improve availability and reduce the impact failures? (Choose two.) + - A. AWS Auto Scaling for Amazon EC2 instances + - B. Amazon VPC subnet ACLs to check the health of a service + - C. Distributed resources across multiple Availability Zones + - D. AWS Server Migration Service (AWS SMS) to move Amazon EC2 instances into a different Region + - E. Distributed resources across multiple AWS points of presence + +
Answer + + Correct Answer: AC + + Explanation: + +
+ +11. Which cloud design principle aligns with AWS Cloud best practices? + - A. Create fixed dependencies among application components + - B. Aggregate services on a single instance + - C. Deploy applications in a single Availability Zone + - D. Distribute the compute load across multiple resources + +
Answer + + Correct Answer: D + + Explanation: + - Use load balancing for offloading encryption termination (TLS) to improve performance and to manage and route traffic effectively. + - Distribute traffic across multiple resources or services to allow your workload to take advantage of the elasticity that AWS provides. + + Reference: + +
+ +12. Which of the following are recommended practices for managing IAM users? (Choose two.) + - A. Require IAM users to change their passwords after a specified period of time + - B. Prevent IAM users from reusing previous passwords + - C. Recommend that the same password be used on AWS and other sites + - D. Require IAM users to store their passwords in raw text + - E. Disable multi-factor authentication (MFA) for IAM users + +
Answer + + Correct Answer: AB + + Explanation: + +
+ +13. A company is migrating from on-premises data centers to the AWS Cloud and is looking for hands-on help with the project.
How can the company get this support? (Choose two.) + - A. Ask for a quote from the AWS Marketplace team to perform a migration into the company's AWS account. + - B. Contact AWS Support and open a case for assistance + - C. Use AWS Professional Services to provide guidance and to set up an AWS Landing Zone in the company's AWS account + - D. Select a partner from the AWS Partner Network (APN) to assist with the migration + - E. Use Amazon Connect to create a new request for proposal (RFP) for expert assistance in migrating to the AWS Cloud. + +
Answer + + Correct Answer: BC + + Explanation: + +
+ +14. How does the AWS Enterprise Support Concierge team help users? + - A. Supporting application development + - B. Providing architecture guidance + - C. Answering billing and account inquires + - D. Answering questions regarding technical support cases + +
Answer + + Correct Answer: C + + Explanation: + +
+ +15. An application designed to span multiple Availability Zones is described as: + - A. being highly available + - B. having global reach + - C. using an economy of scale + - D. having elasticity + +
Answer + + Correct Answer: A + +
+ +16. A new service using AWS must be highly available. Yet, due to regulatory requirements, all of its Amazon EC2 instances must be located in a single geographic area.
According to best practices, to meet these requirements, the EC2 instances must be placed in at least two: + - A. AWS Regions + - B. Availability Zones + - C. subnets + - D. placement groups + +
Answer + + Correct Answer: B + + Explanation: + + +
+ +17. Which AWS tool is used to compare the cost of running an application on-premises to running the application in the AWS Cloud? + - A. AWS Trusted Advisor + - B. AWS Simple Monthly Calculator + - C. AWS Total Cost of Ownership (TCO) Calculator + - D. Cost Explorer + +
Answer + + Correct Answer: C + + Explanation: + +
+ +18. A company has multiple AWS accounts within AWS Organizations and wants to apply the Amazon EC2 Reserved Instances benefit to a single account only.
Which action should be taken? + - A. Purchase the Reserved Instances from master payer account and turn off Reserved Instance sharing. + - B. Enable billing alerts in the AWS Billing and Cost Management console. + - C. Purchase the Reserved Instances in individual linked accounts and turn off Reserved Instance sharing from the payer level. + - D. Enable Reserved Instance sharing in the AWS Billing and Cost Management console. + +
Answer + + Correct Answer: A + + Explanation: + +
+ +19. Which situation should be reported to the AWS Abuse team? + - A. In Availability Zone has a service disruption + - B. An intrusion attempt is made from an AWS IP address + - C. A user has trouble accessing an Amazon S3 bucket from an AWS IP address + - D. A user needs to change payment methods due to a compromise + +
Answer + + Correct Answer: B + + Explanation: + +
+ +20. A company is planning to launch an ecommerce site in a single AWS Region to a worldwide user base.
Which AWS services will allow the company to reach users and provide low latency and high transfer speeds? (Choose two.) + - A. Application Load Balancer + - B. AWS Global Accelerator + - C. AWS Direct Connect + - D. Amazon CloudFront + - E. AWS Lambda + +
Answer + + Correct Answer: AD + + Explanation: + +
+ +21. Which AWS service or resource is serverless? + - A. AWS Lambda + - B. Amazon EC2 instances + - C. Amazon Lightsail + - D. Amazon ElastiCache + +
Answer + + Correct Answer: A + + Explanation: + +
+ +22. Which of the following are components of Amazon VPC? (Choose two.) + - A. Objects + - B. Subnets + - C. Buckets + - D. Internet gateways + - E. Access key + +
Answer + + Correct Answer: BD + + Explanation: + +
+ +23. AWS Budgets can be used to: + - A. prevent a given user from creating a resource + - B. send an alert when the utilization of Reserved Instances drops below a certain percentage + - C. set resource limits in AWS accounts to prevent overspending + - D. split an AWS bill across multiple forms of payment + +
Answer + + Correct Answer: C + + Explanation: + +
+ +24. Which of the following will enhance the security of access to the AWS Management Console? (Choose two.) + - A. AWS Secrets Manager + - B. AWS Certificate Manager + - C. AWS Multi-Factor Authentication (AWS MFA) + - D. Security groups + - E. Password policies + +
Answer + + Correct Answer: CE + + Explanation: + +
+ +25. The AWS Trusted Advisor checks include recommendations regarding which of the following? (Choose two.) + - A. Information on Amazon S3 bucket permissions + - B. AWS service outages + - C. Multi-factor authentication enabled on the AWS account root user + - D. Available software patches + - E. Number of users in the account + +
Answer + + Correct Answer: AC + + Explanation: + +
+ +26. Which functions can users perform using AWS KMS? + - A. Create and manage AWS access keys for the AWS account root user + - B. Create and manage AWS access keys for an AWS account IAM user + - C. Create and manage keys for encryption and decryption of data + - D. Create and manage keys for multi-factor authentication + +
Answer + + Correct Answer: C + + Explanation: + +
+ +27. How does AWS Trusted Advisor provide guidance to users of the AWS Cloud? (Choose two.) + - A. It identifies software vulnerabilities in applications running on AWS + - B. It provides a list of cost optimization recommendations based on current AWS usage + - C. It detects potential security vulnerabilities caused by permissions settings on account resources + - D. It automatically corrects potential security issues caused by permissions settings on account resources + - E. It provides proactive alerting whenever an Amazon EC2 instance has been compromised + +
Answer + + Correct Answer: BE + +
+ +28. Which of the following are advantages of the AWS Cloud? (Choose two.) + - A. AWS manages the maintenance of the cloud infrastructure + - B. AWS manages the security of applications built on AWS + - C. AWS manages capacity planning for physical servers + - D. AWS manages the development of applications on AWS + - E. AWS manages cost planning for virtual servers + +
Answer + + Correct Answer: AC + + Explanation: + +
+ +29. A user deploys an Amazon RDS DB instance in multiple Availability Zones.
This strategy involves which pillar of the AWS Well-Architected Framework? + - A. Performance efficiency + - B. Reliability + - C. Cost optimization + - D. Security + +
Answer + + Correct Answer: A + + Explanation: + + +
+ +30. Which AWS services provide a user with connectivity between the AWS Cloud and on-premises resources? (Choose two.) + - A. AWS VPN + - B. Amazon Connect + - C. Amazon Cognito + - D. AWS Direct Connect + - E. AWS Managed Services + +
Answer + + Correct Answer: AD + + Explanation: + - + - + +
+ +31. Which AWS service is used to pay AWS bills, and monitor usage and budget costs? + - A. AWS Billing and Cost Management + - B. Consolidated billing + - C. Amazon CloudWatch + - D. Amazon QuickSight + +
Answer + + Correct Answer: A + + Explanation: + +
+ +32. Which element of the AWS global infrastructure consists of one or more discrete data centers, each with redundant power, networking, and connectivity, which are housed in separate facilities? + - A. AWS Regions + - B. Availability Zones + - C. Edge locations + - D. Amazon CloudFront + +
Answer + + Correct Answer: B + + Explanation: + + +
+ +33. Which Amazon VPC feature enables users to capture information about the IP traffic that reaches Amazon EC2 instances? + - A. Security groups + - B. Elastic network interfaces + - C. Network ACLs + - D. VPC Flow Logs + +
Answer + + Correct Answer: D + + Explanation: + - VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. + - Flow log data can be published to Amazon CloudWatch Logs or Amazon S3. After you've created a flow log, you can retrieve and view its data in the chosen destination. + + Reference: + +
+ +34. Which AWS service can be used to automatically scale an application up and down without making capacity planning decisions? + - A. Amazon AutoScaling + - B. Amazon Redshift + - C. AWS CloudTrail + - D. AWS Lambda + +
Answer + + Correct Answer: A + + Explanation: + +
+ +35. AWS Enterprise Support users have access to which service or feature that is not available to users with other AWS Support plans? + - A. AWS Trusted Advisor + - B. AWS Support case + - C. Concierge team + - D. Amazon Connect + +
Answer + + Correct Answer: C + + Explanation: + +
+ +36. A company wants to migrate a MySQL database to AWS but does not have the budget for Database Administrators to handle routine tasks including provisioning, patching, and performing backups.
Which AWS service will support this use case? + - A. Amazon RDS + - B. Amazon DynamoDB + - C. Amazon DocumentDB + - D. Amazon ElastiCache + +
Answer + + Correct Answer: A + + Explanation: + - Amazon RDS makes it easy to set up, operate, and scale a relational database in the cloud. + - It provides cost-efficient and resizable capacity while automating time-consuming administration tasks, such as hardware provisioning, database setup, patching, and backups. + - It frees you to focus on your applications, so you can give them the fast performance, high availability, security, and compatibility that they need. + + Reference: + +
+ +37. A company wants to expand from one AWS Region into a second AWS Region.
What does the company need to do to start supporting the new Region? + - A. Contact an AWS Account Manager to sign a new contract + - B. Move an Availability Zone to the new Region + - C. Begin deploying resources in the second Region + - D. Download the AWS Management Console for the new Region + +
Answer + + Correct Answer: D + + Explanation: + + +
+ +38. A user must meet compliance and software licensing requirements that state a workload must be hosted on a physical server.
Which Amazon EC2 instance pricing option will meet these requirements? + - A. Dedicated Hosts + - B. Dedicated Instances + - C. Spot Instances + - D. Reserved Instances + +
Answer + + Correct Answer: A + + Explanation: + +
+ +39. Which AWS service will provide a way to generate encryption keys that can be used to encrypt data? (Choose two.) + - A. Amazon Macie + - B. AWS Certificate Manager + - C. AWS Key Management Service (AWS KMS) + - D. AWS Secrets Manager + - E. AWS CloudHSM + +
Answer + + Correct Answer: CE + + Explanation: + - + - + +
+ +40. A company is planning to migrate from on-premises to the AWS Cloud.
Which AWS tool or service provides detailed reports on estimated cost savings after migration? + - A. AWS Total Cost of Ownership (TCO) Calculator + - B. Cost Explorer + - C. AWS Budgets + - D. AWS Migration Hub + +
Answer + + Correct Answer: A + + Explanation: + (26) + +
+ +41. What can assist in evaluating an application for migration to the cloud? (Choose two.) + - A. AWS Trusted Advisor + - B. AWS Professional Services + - C. AWS Systems Manager + - D. AWS Partner Network (APN) + - E. AWS Secrets Manager + +
Answer + + Correct Answer: AD + +
+ +42. Which AWS service helps users meet contractual and regulatory compliance requirements for data security by using dedicated hardware appliances within the AWS Cloud? + - A. AWS Secrets Manager + - B. AWS CloudHSM + - C. AWS Key Management Service (AWS KMS) + - D. AWS Directory Service + +
Answer + + Correct Answer: B + + Explanation: + - The AWS CloudHSM service helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud. + - AWS and AWS Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS platform, but for some applications and data subject to contractual or regulatory mandates for managing cryptographic keys, additional protection may be necessary. + - CloudHSM complements existing data protection solutions and allows you to protect your encryption keys within HSMs that are designed and validated to government standards for secure key management. + - CloudHSM allows you to securely generate, store, and manage cryptographic keys used for data encryption in a way that keys are accessible only by you. + + Reference: + +
+ +43. Under the AWS shared responsibility model, the customer manages which of the following? (Choose two.) + - A. Decommissioning of physical storage devices + - B. Security group and ACL configuration + - C. Patch management of an Amazon RDS instance operating system + - D. Controlling physical access to data centers + - E. Patch management of an Amazon EC2 instance operating system + +
Answer + + Correct Answer: BE + + Explanation: + +
+ +44. Which AWS service is suitable for an event-driven workload? + - A. Amazon EC2 + - B. AWS Elastic Beanstalk + - C. AWS Lambda + - D. Amazon Lumberyard + +
Answer + + Correct Answer: B + + Explanation: + - An easy-to-use service for deploying and scaling web applications and web services developed in a number of programming languages. + - You can configure event notifications for your Elastic Beanstalk environment so that notable events can be automatically published to an SNS topic, then pushed to topic subscribers. + - As an example, you may use this event-driven architecture to coordinate your continuous integration pipeline (such as Jenkins CI). + - That way, whenever an environment is created, Elastic Beanstalk publishes this event to an SNS topic, which triggers a subscribing Lambda function, which then kicks off a CI job against your newly created Elastic Beanstalk environment. + + Reference: + +
+ +45. What is a value proposition of the AWS Cloud? + - A. AWS is responsible for security in the AWS Cloud + - B. No long-term contract is required + - C. Provision new servers in days + - D. AWS manages user applications in the AWS Cloud + +
Answer + + Correct Answer: B + + Explanation: + +
+ +46. What is a characteristic of Amazon S3 cross-region replication? + - A. Both source and destination S3 buckets must have versioning disabled + - B. The source and destination S3 buckets cannot be in different AWS Regions + - C. S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts + - D. The source S3 bucket owner must have the source and destination AWS Regions disabled for their account + +
Answer + + Correct Answer: C + + Explanation: + +
+ +47. What is a user responsible for when running an application in the AWS Cloud? - A. Managing physical hardware + - B. Updating the underlying hypervisor + - C. Providing a list of users approved for data center access + - D. Managing application software updates + +
Answer + + Correct Answer: D + + Explanation: + +
+ +48. A company that does business online needs to quickly deliver new functionality in an iterative manner, minimizing the time to market.
Which AWS Cloud feature can provide this? + - A. Elasticity + - B. High availability + - C. Agility + - D. Reliability + +
Answer + + Correct Answer: C + + Explanation: + +
+ +49. Which features or services can be used to monitor costs and expenses for an AWS account? (Choose two.) + - A. AWS Cost and Usage report + - B. AWS product pages + - C. AWS Simple Monthly Calculator + - D. Billing alerts and Amazon CloudWatch alarms + - E. AWS Price List API + +
Answer + + Correct Answer: AD + + Explanation: + +
+ +50. Amazon Route 53 enables users to: + - A. encrypt data in transit + - B. register DNS domain names + - C. generate and manage SSL certificates + - D. establish a dedicated network connection to AWS + +
Answer + + Correct Answer: B + + Explanation: + +
+ +Please feel free to comment below if any information is inaccurate or if any answers need correction. + +[ Exam List](../practice-exam/exams.md) diff --git a/practice-exam/practice-exam-2.md b/practice-exam/practice-exam-2.md index c9299cf..0cc9699 100644 --- a/practice-exam/practice-exam-2.md +++ b/practice-exam/practice-exam-2.md @@ -6,847 +6,516 @@ If this practice exam has been helpful to you please share it with others and re --- -1. Which storage service can be used as a low-cost option for hosting static websites? - - A. Amazon Glacier - - B. Amazon DynamoDB - - C. Amazon Elastic File System (Amazon EFS) - - D. Amazon Simple Storage Service (Amazon S3) - -
Answer - - Correct Answer: D - - Explanation: +1. A global company with a large number of AWS accounts is seeking a way in which they can centrally manage billing and security policies across all accounts. Which AWS Service will assist them in meeting these goals? + - A. AWS Organizations. + - B. AWS Trusted Advisor. + - C. IAM User Groups. + - D. AWS Config. +
Answer + Correct answer: A
-2. Which Amazon EC2 instance pricing model can provide discounts of up to 90%? - - A. Reserved Instances - - B. On-Demand - - C. Dedicated Hosts - - D. Spot Instances - -
Answer - - Correct Answer: D - - Explanation: +2. Which service provides object-level storage in AWS? + - A. Amazon EBS. + - B. Amazon Instance Store. + - C. Amazon EFS. + - D. Amazon S3. +
Answer + Correct answer: D
-3. What is the AWS customer responsible for according to the AWS shared responsibility model? - - A. Physical access controls - - B. Data encryption - - C. Secure disposal of storage devices - - D. Environmental risk management - -
Answer - - Correct Answer: B +3. A company is concerned that they are spending money on underutilized compute resources in AWS. Which AWS feature will help ensure that their applications are automatically adding/removing EC2 compute capacity to closely match the required demand? + - A. AWS Elastic Load Balancer. + - B. AWS Budgets. + - C. AWS Auto Scaling. + - D. AWS Cost Explorer. +
Answer + Correct answer: C
-4. Which of the following AWS Cloud services can be used to run a customer-managed relational database? - - A. Amazon EC2 - - B. Amazon Route 53 - - C. Amazon ElastiCache - - D. Amazon DynamoDB - -
Answer - - Correct Answer: A +4. Which S3 storage class is best for data with unpredictable access patterns? + - A. Amazon S3 Intelligent-Tiering. + - B. Amazon S3 Glacier Flexible Retrieval. + - C. Amazon S3 Standard. + - D. Amazon S3 Standard-Infrequent Access. +
Answer + Correct answer: A
-5. A company is looking for a scalable data warehouse solution.
Which of the following AWS solutions would meet the company's needs? - - A. Amazon Simple Storage Service (Amazon S3) - - B. Amazon DynamoDB - - C. Amazon Kinesis - - D. Amazon Redshift - -
Answer - - Correct Answer: D - - Explanation: +5. What is the AWS database service that allows you to upload data structured in key-value format? + - A. Amazon DynamoDB. + - B. Amazon Aurora. + - C. Amazon Redshift. + - D. Amazon RDS. +
Answer + Correct answer: A
-6. Which statement best describes Elastic Load Balancing? - - A. It translates a domain name into an IP address using DNS. - - B. It distributes incoming application traffic across one or more Amazon EC2 instances. - - C. It collects metrics on connected Amazon EC2 instances. - - D. It automatically adjusts the number of Amazon EC2 instances to support incoming traffic. - -
Answer - - Correct Answer: B - - Explanation: +6. Which of the following is NOT correct regarding Amazon EC2 On-demand instances? + - A. You have to pay a start-up fee when launching a new instance for the first time. + - B. The on-demand instances follow the AWS pay-as-you-go pricing model. + - C. With on-demand instances, no longer-term commitments or upfront payments are needed. + - D. When using on-demand Linux instances, you are charged per second based on an hourly rate. +
Answer + Correct answer: A
-7. Which of the following are valid ways for a customer to interact with AWS services? (Select TWO.) - - A. Command line interface - - B. On-premises - - C. Software Development Kits - - D. Software-as-a-service - - E. Hybrid - -
Answer - - Correct Answer: AC +7. A company has moved to AWS recently. Which of the following AWS Services will help ensure that they have the proper security settings? (Choose TWO) + - A. AWS Trusted Advisor. + - B. Amazon Inspector. + - C. Amazon SNS. + - D. Amazon CloudWatch. + - E. Concierge Support Team. +
Answer + Correct answer: A, B
-8. The AWS Cloud's multiple Regions are an example of: - - A. agility. - - B. global infrastructure. - - C. elasticity. - - D. pay-as-you-go pricing. - -
Answer - - Correct Answer: B +8. What is the AWS feature that provides an additional level of security above the default authentication mechanism of usernames and passwords? + - A. Encrypted keys. + - B. Email verification. + - C. AWS KMS. + - D. AWS MFA. +
Answer + Correct answer: D
-9. Which of the following AWS services can be used to serve large amounts of online video content with the lowest possible latency? (Select TWO.) - - A. AWS Storage Gateway - - B. Amazon S3 - - C. Amazon Elastic File System (EFS) - - D. Amazon Glacier - - E. Amazon CloudFront - -
Answer - - Correct Answer: BE - - Explanation: - - - - +9. A company is introducing a new product to their customers, and is expecting a surge in traffic to their web application. As part of their Enterprise Support plan, which of the following provides the company with architectural and scaling guidance? + - A. AWS Knowledge Center. + - B. AWS Health Dashboard. + - C. Infrastructure Event Management. + - D. AWS Support Concierge Service. +
Answer + Correct answer: C
-10. Web servers running on Amazon EC2 access a legacy application running in a corporate data center.
What term would describe this model? - - A. Cloud-native - - B. Partner network - - C. Hybrid architecture - - D. Infrastructure as a service - -
Answer - - Correct Answer: C - - Explanation: +10. You work as an on-premises MySQL DBA. The work of database configuration, backups, patching, and DR can be time-consuming and repetitive. Your company has decided to migrate to the AWS Cloud. Which of the following can help save time on database maintenance so you can focus on data architecture and performance? + - A. Amazon RDS. + - B. Amazon Redshift. + - C. Amazon DynamoDB. + - D. Amazon CloudWatch. +
Answer + Correct answer: A
-11. What is the benefit of using AWS managed services, such as Amazon ElastiCache and Amazon Relational Database Service (Amazon RDS)? - - A. They require the customer to monitor and replace failing instances. - - B. They have better performance than customer-managed services. - - C. They simplify patching and updating underlying OSs. - - D. They do not require the customer to optimize instance type or size selections. - -
Answer - - Correct Answer: D - - Explanation: - - - - Amazon RDS provides a selection of instance types optimized to fit different relational database use cases. - - Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your database. - - Each instance type includes several instance sizes, allowing you to scale your database to the requirements of your target workload. +11. Which of the below is a best-practice when designing solutions on AWS? + - A. Invest heavily in architecting your environment, as it is not easy to change your design later. + - B. Use AWS reservations to reduce costs when testing your production environment. + - C. Automate wherever possible to make architectural (© ) experimentation easier. + - D. Provision a large compute capacity to handle any spikes in load +
Answer + Correct answer: C
-12. Which service provides a virtually unlimited amount of online highly durable object storage? - - A. Amazon Redshift - - B. Amazon Elastic File System (Amazon EFS) - - C. Amazon Elastic Container Service (Amazon ECS) - - D. Amazon S3 - -
Answer - - Correct Answer: D - - Explanation: +12. According to the AWS Acceptable Use Policy, which of the following statements is true regarding penetration testing of EC2 instances? + - A. Penetration testing is not allowed in AWS. + - B. Penetration testing is performed automatically by AWS to determine vulnerabilities in your AWS infrastructure. + - C. Penetration testing can be performed by the customer on their own instances without prior authorization from AWS. + - D. The AWS customers are only allowed to perform penetration testing on services managed by AWS. +
Answer + Correct answer: C
-13. Which of the following Identity and Access Management (IAM) entities is associated with an access key ID and secret access key when using AWS Command Line Interface (AWS CLI)? - - A. IAM group - - B. IAM user - - C. IAM role - - D. IAM policy - -
Answer - - Correct Answer: B - - Explanation: - - Access keys are long-term credentials for an IAM user or the AWS account root user. - - You can use access keys to sign programmatic requests to the AWS CLI or API (directly or using the AWS SDK). - - For more information, see Signing AWS API Requests in the Amazon Web Services General Reference. +13. Which service is used to ensure that messages between software components are not lost if one or more components fail? + - A. Amazon SQS. + - B. Amazon SES. + - C. AWS Direct Connect. + - D. Amazon Connect. +
Answer + Correct answer: A
-14. Which of the following security-related services does AWS offer? (Select TWO.) - - A. Multi-factor authentication physical tokens - - B. AWS Trusted Advisor security checks - - C. Data encryption - - D. Automated penetration testing - - E. Amazon S3 copyrighted content detection - -
Answer - - Correct Answer: BC - - Explanation: - - Penetration testing is not correct, because it can be done by customers on their own resources. +14. The principle “design for failure and nothing will fail” is very important when designing your AWS Cloud architecture. Which of the following would help adhere to this principle? (Choose TWO) + - A. Multi-factor authentication. + - B. Availability Zones. + - C. Elastic Load Balancing. + - D. Penetration testing. + - E. Vertical Scaling. +
Answer + Correct answer: B, C
-15. Which AWS managed service is used to host databases? - - A. AWS Batch - - B. AWS Artifact - - C. AWS Data Pipeline - - D. Amazon RDS - -
Answer - - Correct Answer: D - - Explanation: - - Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. - - It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. - - It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. - - Reference: +15. What is the AWS service that provides a virtual network dedicated to your AWS account? + - A. AWS VPN. + - B. AWS Subnets. + - C. AWS Dedicated Hosts. + - D. Amazon VPC. +
Answer + Correct answer: D
-16. Which AWS service provides a simple and scalable shared file storage solution for use with Linux-based AWS and on-premises servers? - - A. Amazon S3 - - B. Amazon Glacier - - C. Amazon EBS - - D. Amazon EFS - -
Answer - - Correct Answer: D - - Explanation: - - Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. - - It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. - - Amazon EFS is designed to provide the throughput, IOPS, and low latency needed for Linux workloads. - - Throughput and IOPS scale as a file system grows and can burst to higher throughput levels for short periods of time to support the unpredictable performance needs of file workloads. - - For the most demanding workloads, Amazon EFS can support performance over 10 GB/sec and up to 500,000 IOPS. +16. According to the AWS Shared responsibility model, which of the following are the responsibility of the customer? (Choose TWO) + - A. Managing environmental events of AWS data centers. + - B. Protecting the confidentiality of data in transit in Amazon S3. + - C. Controlling physical access to AWS Regions. + - D. Ensuring that the underlying EC2 host is configured properly. + - E. Patching applications installed on Amazon EC2. +
Answer + Correct answer: B, E
-17. When architecting cloud applications, which of the following are a key design principle? - - A. Use the largest instance possible - - B. Provision capacity for peak load - - C. Use the Scrum development process - - D. Implement elasticity - -
Answer - - Correct Answer: D - - Explanation: - - "Provisioning for peaks" is a characteristic of a traditional computing environment, per the AWS Best Practices: "you provision capacity based on an estimate of a theoretical maximum peak." - - +17. Which of the following AWS services can be used as a compute resource? (Choose TWO) + - A. Amazon VPC. + - B. Amazon CloudWatch. + - C. Amazon S3. + - D. Amazon EC2. + - E. AWS Lambda. +
Answer + Correct answer: D, E
-18. Which AWS service should be used for long-term, low-cost storage of data backups? - - A. Amazon RDS - - B. Amazon Glacier - - C. AWS Snowball - - D. AWS EBS - -
Answer - - Correct Answer: B - - Explanation: - - Amazon S3 Glacier is a secure, durable, and low-cost storage class of S3 for data archiving and long-term backup. Customers can store large or small amounts of data for as little as $0.004 per gigabyte per month. - - The S3 Glacier storage class is ideal for archives where data is regularly retrieved and some of the data may be needed in minutes. - - Amazon RDS is a relational database service that hosts databases. It helps you create and manage databases. - - Amazon Snowball is a petabyte-scale data transfer service that provides cost efficient data transfer to AWS from tamper proof physical devices. Similarly, Elastic block storage offers persistent block storage volumes for EC2 instances. - - Reference: +18. Your company is designing a new application that will store and retrieve photos and videos. Which of the following services should you recommend as the underlying storage mechanism? + - A. Amazon EBS. + - B. Amazon SQS. + - C. Amazon S3. + - D. Amazon Instance store. +
Answer + Correct answer: C
-19. Which task is AWS responsible for in the shared responsibility model for security and compliance? - - A. Granting access to individuals and services - - B. Encrypting data in transit - - C. Updating Amazon EC2 host firmware - - D. Updating operating systems - -
Answer - - Correct Answer: B - - Explanation: - - AWS Compliance enables customers to establish and operate in an AWS security control environment The shared responsibility model is part of AWS Compliance - - The Security of the cloud is managed by Amazon AWS provider - - The Security in the cloud is responsibility of the customer - - The customer is responsible for their information and data, their secure transmission, integrity, and encryption Also, the customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2 - - AWS customers retain control and ownership of their data - - The AWS network provides significant protection against traditional network security issues and the customer can implement further protection - - Reference: +19. Which of the following is equivalent to a user name and password and is used to authenticate your programmatic access to AWS services and APIs? + - A. Instance Password. + - B. Key pairs. + - C. Access Keys. + - D. MFA. +
Answer + Correct answer: C
-20. Where should a company go to search software listings from independent software vendors to find, test, buy and deploy software that runs on AWS? - - A. AWS Marketplace - - B. Amazon Lumberyard - - C. AWS Artifact - - D. Amazon CloudSearch - -
Answer - - Correct Answer: A - - Explanation: - - AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS. - - Reference: +20. What does Amazon ElastiCache provide? + - A. In-memory caching for read-heavy applications. + - B. An Ehcache compatible in-memory data store. + - C. An online software store that allows Customers to launch pre-configured software with just few clicks. + - D. A domain name system in the cloud. +
Answer + Correct answer: A
-21. Which of the following is a benefit of using the AWS Cloud? - - A. Permissive security removes the administrative burden. - - B. Ability to focus on revenue-generating activities. - - C. Control over cloud network hardware. - - D. Choice of specific cloud hardware vendors. - -
Answer - - Correct Answer: B - - Explanation: - - Developer and IT staff productivity accounted for nearly 30% of overall financial benefits. - - The remaining benefits were driven by the flexibility and agility of Amazon cloud infrastructure services, which make it easier to trial new business models, support revenue-generating applications, and provide more reliable services to end users. - - Reference: +21. What is the AWS service that enables you to manage all of your AWS accounts from a single master account? + - A. AWS WAF. + - B. AWS Trusted Advisor. + - C. AWS Organizations. + - D. Amazon Config. +
Answer + Correct answer: C
-22. When performing a cost analysis that supports physical isolation of a customer workload, which compute hosting model should be accounted for in the Total Cost of Ownership (TCO)? - - A. Dedicated Hosts - - B. Reserved Instances - - C. On-Demand Instances - - D. No Upfront Reserved Instances - -
Answer - - Correct Answer: A - - Explanation: - - Use Dedicated Hosts to launch Amazon EC2 instances on physical servers that are dedicated for your use. - - Dedicated Hosts give you additional visibility and control over how instances are placed on a physical server, and you can reliably use the same physical server over time. - - As a result, Dedicated Hosts enable you to use your existing server-bound software licenses like Windows Server and address corporate compliance and regulatory requirements. +22. Which of the following EC2 instance purchasing options supports the Bring Your Own License (BYOL) model for almost every BYOL scenario? + - A. Dedicated Instances. + - B. Dedicated Hosts. + - C. On-demand Instances. + - D. Reserved Instances. +
Answer + Correct answer: B
-23. Which AWS service provides the ability to manage infrastructure as code? - - A. AWS CodePipeline - - B. AWS CodeDeploy - - C. AWS Direct Connect - - D. AWS CloudFormation - -
Answer - - Correct Answer: D - - Explanation: - - AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. - - CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. - - This file serves as the single source of truth for your cloud environment. - - Reference: +23. Which of the following is one of the benefits of moving infrastructure from an on-premises data center to AWS? + - A. Free support for all enterprise customers. + - B. Automatic data protection. + - C. Reduced Capital Expenditure (CapEx). + - D. AWS holds responsibility for managing customer applications. +
Answer + Correct answer: C
-24. If a customer needs to audit the change management of AWS resources, which of the following AWS services should the customer use? - - A. AWS Config - - B. AWS Trusted Advisor - - C. Amazon CloudWatch - - D. Amazon Inspector - -
Answer - - Correct Answer: A - - Explanation: - - AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. - - Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. - - With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. - - This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. - - Reference: +24. Which of the following are important design principles you should adopt when designing systems on AWS? (Choose TWO) + - A. Always use Global Services in your architecture rather than Regional Services. + - B. Always choose to pay as you go. + - C. Treat servers as fixed resources. + - D. Automate wherever possible. + - E. Remove single points of failure. +
Answer + Correct answer: D, E
-25. What is Amazon CloudWatch? - - A. A code repository with customizable build and team commit features. - - B. A metrics repository with customizable notification thresholds and channels. - - C. A security configuration repository with threat analytics. - - D. A rule repository of a web application firewall with automated vulnerability prevention features. - -
Answer - - Correct Answer: B - - Explanation: - - Amazon CloudWatch is basically a metrics repository. - - An AWS service -- such as Amazon EC2 -- puts metrics into the repository, and you retrieve statistics based on those metrics. - - If you put your own custom metrics into the repository, you can retrieve statistics on these metrics as well. - - Reference: cloudwatch_architecture.html +25. Which AWS Service can be used to establish a dedicated, private network connection between AWS and your datacenter? + - A. AWS Direct Connect. + - B. Amazon CloudFront. + - C. AWS Snowball. + - D. Amazon Route 53. +
Answer + Correct answer: A
-26. Which service allows a company with multiple AWS accounts to combine its usage to obtain volume discounts? - - A. AWS Server Migration Service - - B. AWS Organizations - - C. AWS Budgets - - D. AWS Trusted Advisor - -
Answer - - Correct Answer: B - - Explanation: - - use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. - - Every organization in AWS Organizations has a master account that pays the charges of all the member accounts. - - Consolidated billing has the following benefits: - - One bill You get one bill for multiple accounts. - - Easy tracking You can track the charges across multiple accounts and download the combined cost and usage data. - - Combined usage You can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with individual standalone accounts. For more information, see Volume Discounts. - - No extra fee Consolidated billing is offered at no additional cost. +26. You are working on two projects that require completely different network configurations. Which AWS service or feature will allow you to isolate resources and network configurations? + - A. Internet gateways. + - B. Virtual Private Cloud. + - C. Security Groups. + - D. Amazon CloudFront. +
Answer + Correct answer: B
-27. Which of the following services could be used to deploy an application to servers running on-premises? (Select TWO.) - - A. AWS Elastic Beanstalk - - B. AWS OpsWorks - - C. AWS CodeDeploy - - D. AWS Batch - - E. AWS X-Ray - -
Answer - - Correct Answer: BC - - Explanation: - - - - +27. Which of the following services can help protect your web applications from SQL injection and other vulnerabilities in your application code? + - A. Amazon Cognito. + - B. AWS IAM. + - C. Amazon Aurora. + - D. AWS WAF. +
Answer + Correct answer: D
-28. Which Amazon EC2 pricing model adjusts based on supply and demand of EC2 instances? - - A. On-Demand Instances - - B. Reserved Instances - - C. Spot Instances - - D. Convertible Reserved Instances - -
Answer - - Correct Answer: C - - Explanation: - - In the new model, the Spot prices are more predictable, updated less frequently, and are determined by supply and demand for Amazon EC2 spare capacity, not bid prices. - - Reference: +28. An organization needs to analyze and process a large number of data sets. Which AWS service should they use? + - A. Amazon EMR. + - B. Amazon MQ. + - C. Amazon SNS. + - D. Amazon SQS. +
Answer + Correct answer: A
-29. Which design principles for cloud architecture are recommended when re-architecting a large monolithic application? (Select TWO.) - - A. Use manual monitoring. - - B. Use fixed servers. - - C. Implement loose coupling. - - D. Rely on individual components. - - E. Design for scalability. - -
Answer - - Correct Answer: CE +29. Based on the AWS Shared Responsibility Model, which of the following are the sole responsibility of AWS? (Choose TWO) + - A. Monitoring network performance. + - B. Installing software on EC2 instances. + - C. Creating hypervisors. + - D. Configuring Access Control Lists (ACLs). + - E. Hardware maintenance. +
Answer + Correct answer: C, E
-30. Which is the MINIMUM AWS Support plan that allows for one-hour target response time for support cases? - - A. Enterprise - - B. Business - - C. Developer - - D. Basic - -
Answer - - Correct Answer: B - - Explanation: +30. What is the AWS service that provides you the highest level of control over the underlying virtual infrastructure? + - A. Amazon Redshift. + - B. Amazon DynamoDB. + - C. Amazon EC2. + - D. Amazon RDS. +
Answer + Correct answer: C
-31. Where can AWS compliance and certification reports be downloaded? - - A. AWS Artifact - - B. AWS Concierge - - C. AWS Certificate Manager - - D. AWS Trusted Advisor - -
Answer - - Correct Answer: A - - Explanation: - - WS Artifact is your go-to, central resource for compliance-related information that matters to you. - - It provides on-demand access to AWS's security and compliance reports and select online agreements. - - The AWS SOC 2 report is particularly helpful for completing questionnaires because it provides a comprehensive description of the implementation and operating effectiveness of AWS security controls. - - Another useful document is the Executive Briefing within the AWS FedRAMP Partner Package. - - Reference: +31. What are the default security credentials that are required to access the AWS management console for an IAM user account? + - A. MFA. + - B. Security tokens. + - C. A user name and password. + - D. Access keys. +
Answer + Correct answer: C
-32. Which AWS service provides a customized view of the health of specific AWS services that power a customer's workloads running on AWS? - - A. AWS Service Health Dashboard - - B. AWS X-Ray - - C. AWS Personal Health Dashboard - - D. Amazon CloudWatch - -
Answer - - Correct Answer: C +32. In your on-premises environment, you can create as many virtual servers as you need from a single template. What can you use to perform the same in AWS? + - A. IAM. + - B. An internet gateway. + - C. EBS Snapshot. + - D. AMI. +
Answer + Correct answer: D
-33. Which of the following is an advantage of consolidated billing on AWS? - - A. Volume pricing qualification - - B. Shared access permissions - - C. Multiple bills per account - - D. Eliminates the need for tagging - -
Answer - - Correct Answer: A - - Explanation: - - If you have multiple standalone accounts, your charges might decrease if you add the accounts to an organization. - - AWS combines usage from all accounts in the organization to qualify you for volume pricing discounts. - - Reference: +33. What are two advantages of using Cloud Computing over using traditional data centers? (Choose TWO) + - A. Reserved Compute capacity. + - B. Eliminating Single Points of Failure (SPOFs). + - C. Distributed infrastructure. + - D. Virtualized compute resources. + - E. Dedicated hosting. +
Answer + Correct answer: B, C
-34. Which of the following steps should be taken by a customer when conducting penetration testing on AWS? - - A. Conduct penetration testing using Amazon Inspector, and then notify AWS support. - - B. Request and wait for approval from the customer's internal security team, and then conduct testing. - - C. Notify AWS support, and then conduct testing immediately. - - D. Request and wait for approval from AWS support, and then conduct testing. - -
Answer - - Correct Answer: B - - Explanation: - - AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services. - - Reference: +34. Which of the following aspects of security are managed by AWS? (Choose TWO) + - A. Encryption of EBS volumes. + - B. VPC security. + - C. Access permissions. + - D. Hardware patching. + - E. Securing global physical infrastructure. +
Answer + Correct answer: D, E
-35. Which of the following AWS features enables a user to launch a pre-configured Amazon Elastic Compute Cloud (Amazon EC2) instance? - - A. Amazon Elastic Block Store (Amazon EBS) - - B. Amazon Machine Image - - C. Amazon EC2 Systems Manager - - D. Amazon AppStream 2.0 - -
Answer - - Correct Answer: B - - Explanation: - - To use Amazon EC2, you simply: - - Select a pre-configured, templated Amazon Machine Image (AMI) to get up and running immediately. Or create an AMI containing your applications, libraries, data, and associated configuration settings. - - Configure security and network access on your Amazon EC2 instance. - - Choose which instance type(s) you want, then start, terminate, and monitor as many instances of your AMI as needed, using the web service APIs or the variety of management tools provided. - - Determine whether you want to run in multiple locations, utilize static IP endpoints, or attach persistent block storage to your instances. - - Pay only for the resources that you actually consume, like instance-hours or data transfer. - - Reference: +35. Which statement best describes the operational excellence pillar of the AWS Well-Architected Framework? + - A. The ability of a system to recover gracefully from failure. + - B. The efficient use of computing resources to meet requirements. + - C. The ability to monitor systems and improve supporting processes and procedures. + - D. The ability to manage datacenter operations more efficiently. +
Answer + Correct answer: C
-36. How would an AWS customer easily apply common access controls to a large set of users? - - A. Apply an IAM policy to an IAM group. - - B. Apply an IAM policy to an IAM role. - - C. Apply the same IAM policy to all IAM users with access to the same workload. - - D. Apply an IAM policy to an Amazon Cognito user pool. - -
Answer - - Correct Answer: A - - Explanation: - - Instead of defining permissions for individual IAM users, it's usually more convenient to create groups that relate to job functions (administrators, developers, accounting, etc.). - - Next, define the relevant permissions for each group. Finally, assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group. - - That way, you can make changes for everyone in a group in just one place. As people move around in your company, you can - simply change what IAM group their IAM user belongs to. - - Reference: +36. AWS has created a large number of Edge Locations as part of its Global Infrastructure. Which of the following is NOT a benefit of using Edge Locations? + - A. Edge locations are used by CloudFront to cache the most recent responses. + - B. Edge locations are used by CloudFront to improve your end users’ experience when uploading files. + - C. Edge locations are used by CloudFront to distribute traffic across multiple instances to reduce latency. + - D. Edge locations are used by CloudFront to distribute content to global users with low latency. +
Answer + Correct answer: C
-37. Which AWS Cost Management tool allows you to view the most granular data about your AWS bill? - - A. AWS Cost Explorer - - B. AWS Budgets - - C. AWS Cost and Usage report - - D. AWS Billing dashboard - -
Answer - - Correct Answer: C - - Explanation: - - The Cost & Usage Report is your one-stop-shop for accessing the most granular data about your AWS costs and usage. - - You can also load your cost and usage information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice. - - Reference: +37. What are the change management tools that helps AWS customers audit and monitor all resource changes in their AWS environment? (Choose TWO) + - A. AWS CloudTrail. + - B. Amazon Comprehend. + - C. AWS Transit Gateway. + - D. AWS X-Ray. + - E. AWS Config. +
Answer + Correct answer: A, E
-38. Which of the following can an AWS customer use to launch a new Amazon Relational Database Service (Amazon RDS) cluster? (Select TWO.) - - A. AWS Concierge - - B. AWS CloudFormation - - C. Amazon Simple Storage Service (Amazon S3) - - D. Amazon EC2 Auto Scaling - - E. AWS Management Console - -
Answer - - Correct Answer: BE +38. Which of the following services allows you to run containerized applications on a cluster of EC2 instances? + - A. Amazon ECS. + - B. AWS Data Pipeline. + - C. AWS Cloud9. + - D. AWS Personal Health Dashboard. +
Answer + Correct answer: A
-39. Which of the following is an AWS Cloud architecture design principle? - - A. Implement single points of failure. - - B. Implement loose coupling. - - C. Implement monolithic design. - - D. Implement vertical scaling. - -
Answer - - Correct Answer: B - - Explanation: - - Loose coupling between services can also be done through asynchronous integration. It involves one component that generates events and another that consumes them. - - The two components do not integrate through direct point-to-point interaction, but usually through an intermediate durable storage layer. - - This approach decouples the two components and introduces additional resiliency. - - So, for example, if a process that is reading messages from the queue fails, messages can still be added to the queue to be processed when the system recovers. - - Reference: +39. Which of the following services will help businesses ensure compliance in AWS? + - A. CloudFront. + - B. CloudEndure Migration. + - C. CloudWatch. + - D. CloudTrail. +
Answer + Correct answer: D
-40. Which of the following security measures protect access to an AWS account? (Select TWO.) - - A. Enable AWS CloudTrail. - - B. Grant least privilege access to IAM users. - - C. Create one IAM user and share with many developers and users. - - D. Enable Amazon CloudFront. - - E. Activate multi-factor authentication (MFA) for privileged users. - -
Answer - - Correct Answer: BE - - Explanation: - - If you decided to create service accounts (that is, accounts used for programmatic access by applications running outside of the AWS environment) and generate access keys for them, you should create a dedicated service account for each use case. - - This will allow you to restrict the associated policy to only the permissions needed for the particular use case, limiting the blast radius if the credentials are compromised. - - For example, if a monitoring tool and a release management tool both require access to your AWS environment, create two separate service accounts with two separate policies that define the minimum set of permissions for each tool. - - Reference: +40. Which of the following procedures will help reduce your Amazon S3 costs? + - A. Use the Import/Export feature to move old files automatically to Amazon Glacier. + - B. Use the right combination of storage classes based on different use cases. + - C. Pick the right Availability Zone for your S3 bucket. + - D. Move all the data stored in S3 standard to EBS. +
Answer + Correct answer: B
-41. Which service provides a hybrid storage service that enables on-premises applications to seamlessly use cloud storage? - - A. Amazon Glacier - - B. AWS Snowball - - C. AWS Storage Gateway - - D. Amazon Elastic Block Storage (Amazon EBS) - -
Answer - - Correct Answer: C - - Explanation: - - AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. - - These include moving tape backups to the cloud, reducing on-premises storage with cloud-backed file shares, providing low latency access to data in AWS for on- premises applications, as well as various migration, archiving, - processing, and disaster recovery use cases. - - Reference: +41. What are the AWS services/features that can help you maintain a highly available and fault-tolerant architecture in AWS? (Choose TWO) + - A. AWS Direct Connect. + - B. Amazon EC2 Auto Scaling. + - C. Elastic Load Balancer. + - D. CloudFormation. + - E. Network ACLs. +
Answer + Correct answer: B, C
-42. Which of the following services falls under the responsibility of the customer to maintain operating system configuration, security patching, and networking? - - A. Amazon RDS - - B. Amazon EC2 - - C. Amazon ElastiCache - - D. AWS Fargate - -
Answer - - Correct Answer: B - - Explanation: - - The customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2. - - Reference: +42. Which of the following activities may help reduce your AWS monthly costs? + - A. Enabling Amazon EC2 Auto Scaling for all of your workloads. + - B. Using the AWS Network Load Balancer (NLB) to load balance the incoming HTTP requests. + - C. Removing all of your Cost Allocation Tags. + - D. Deploying your AWS resources across multiple Availability Zones. +
Answer + Correct answer: A
-43. Which of the following is an important architectural design principle when designing cloud applications? - - A. Use multiple Availability Zones. - - B. Use tightly coupled components. - - C. Use open source software. - - D. Provision extra capacity. - -
Answer - - Correct Answer: A - - Explanation: - - Data Center resilience is practiced through Availability Zones across data centers that reduce the impact of failures. - - Fault isolation improvement can be made to traditional horizontal scaling by sharding (a method of grouping instances into groups called shards, instead of sending the traffic from all users to every node like in the traditional IT structure.) - - Reference: +43. What is the AWS service/feature that takes advantage of Amazon CloudFront’s globally distributed edge locations to transfer files to S3 with higher upload speeds? + - A. S3 Transfer Acceleration. + - B. AWS WAF. + - C. AWS Snowmobile. + - D. AWS Snowball. +
Answer + Correct answer: A
-44. Which AWS support plan includes a dedicated Technical Account Manager? - - A. Developer - - B. Enterprise - - C. Business - - D. Basic - -
Answer - - Correct Answer: B - - Explanation: - - The enterprise support plans supports technical account manager. Developer and business support plans are devoid of this facility. - - Reference: +44. Which of the following AWS security features is associated with an EC2 instance and functions to filter incoming traffic requests? + - A. AWS X-Ray. + - B. Network ACL. + - C. Security Groups. + - D. VPC Flow logs. +
Answer + Correct answer: C
-45. Amazon Relational Database Service (Amazon RDS) offers which of the following benefits over traditional database management? - - A. AWS manages the data stored in Amazon RDS tables. - - B. AWS manages the maintenance of the operating system. - - C. AWS automatically scales up instance types on demand. - - D. AWS manages the database type. -
Answer - - Correct Answer: B +45. Which AWS services can be used to improve the performance of a global application and reduce latency for its users? (Choose TWO) + - A. AWS KMS. + - B. AWS Global accelerator. + - C. AWS Direct Connect. + - D. AWS Glue. + - E. Amazon CloudFront. +
Answer + Correct answer: B, E
-46. Which service is best for storing common database query results, which helps to alleviate database access load? - - A. Amazon Machine Learning - - B. Amazon SQS - - C. Amazon ElastiCache - - D. Amazon EC2 Instance Store - -
Answer - - Correct Answer: C - - Explanation: - - Amazon ElastiCache for Redis is a great choice for implementing a highly available, distributed, and secure in-memory cache to decrease access latency, increase throughput, and ease the load off your relational or NoSQL databases and applications. - - ElastiCache can serve frequently requested items at sub- millisecond response times, and enables you to easily scale for higher loads without growing the costlier backend databases. - - Database query results caching, persistent session caching, and full-page caching are all popular examples of caching with ElastiCache for Redis. - - Reference: +46. Using Amazon RDS falls under the shared responsibility model. Which of the following are customer responsibilities? (Choose TWO) + - A. Building the relational database schema. + - B. Performing backups. + - C. Managing the database settings. + - D. Patching the database software. + - E. Installing the database software. +
Answer + Correct answer: A, C
-47. Which of the following is a component of the shared responsibility model managed entirely by AWS? - - A. Patching operating system software - - B. Encrypting data - - C. Enforcing multi-factor authentication - - D. Auditing physical data center assets - -
Answer - - Correct Answer: D - - Explanation: - - Of course, Amazon is responsible for auditing physical data center assets and resources since it is the property of Amazon Inc. Customers have no access to physical sites, hence they are not responsible for maintaining physical data center assets. +47. A company has a large amount of structured data stored in their on-premises data center. They are planning to migrate all the data to AWS, what is the most appropriate AWS database option? + - A. Amazon DynamoDB. + - B. Amazon SNS. + - C. Amazon RDS. + - D. Amazon ElastiCache. +
Answer + Correct answer: C
-48. Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Select TWO.) - - A. AWS Trusted Advisor - - B. AWS Online Tech Talks - - C. AWS Blog - - D. AWS Forums - - E. AWS Classroom Training - -
Answer - - Correct Answer: CE - - Explanation: - - AWS Training and Certification builds your competence, confidence, and credibility through practical cloud skills that help you innovate and build your future. - - Our content is built by experts at AWS and updated regularly so you're always learning the latest and keeping your cloud skills fresh. - - Amazon offer both digital and classroom training including private on-site training. You can choose to learn online at your own pace or learn from an accredited AWS instructor. - - Whether you're just starting out, building on existing IT skills, or sharpening your cloud knowledge, AWS Training and Certification can help you be more effective and do more in the cloud. - - Reference: +48. A company has created a solution that helps AWS customers improve their architectures on AWS. Which AWS program may support this company? + - A. APN Consulting Partners. + - B. AWS TAM. + - C. APN Technology Partners. + - D. AWS Professional Services. +
Answer + Correct answer: A
-49. Which of the following features can be configured through the Amazon Virtual Private Cloud (Amazon VPC) Dashboard? (Select TWO.) - - A. Amazon CloudFront distributions - - B. Amazon Route 53 - - C. Security Groups - - D. Subnets - - E. Elastic Load Balancing - -
Answer - - Correct Answer: CD - - Explanation: - - Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. - - You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. - - You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications. - - You can easily customize the network configuration for your Amazon VPC. - - For example, you can create a public-facing subnet for your web servers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. - - You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet. - - Reference: +49. What is the AWS serverless service that allows you to run your applications without any administrative burden? + - A. Amazon LightSail. + - B. AWS Lambda. + - C. Amazon RDS instances. + - D. Amazon EC2 instances. +
Answer + Correct answer: B
-50. If each department within a company has its own AWS account, what is one way to enable consolidated billing? - - A. Use AWS Budgets on each account to pay only to budget. - - B. Contact AWS Support for a monthly bill. - - C. Create an AWS Organization from the payer account and invite the other accounts to join. - - D. Put all invoices into one Amazon Simple Storage Service (Amazon S3) bucket, load data into Amazon Redshift, and then run a billing report. - -
Answer - - Correct Answer: C - - Explanation: +50. Jessica is managing an e-commerce web application in AWS. The application is hosted on six EC2 instances. One day, three of the instances crashed; but none of her customers were affected. What has Jessica done correctly in this scenario? + - A. She has properly built an elastic system. + - B. She has properly built a fault tolerant system. + - C. She has properly built an encrypted system. + - D. She has properly built a scalable system. +
Answer + Correct answer: B
Please feel free to comment below if any information is inaccurate or if any answers need correction. diff --git a/practice-exam/practice-exam-20.md b/practice-exam/practice-exam-20.md new file mode 100644 index 0000000..d3072e9 --- /dev/null +++ b/practice-exam/practice-exam-20.md @@ -0,0 +1,733 @@ +# Practice Exam 20 + +Click on the **Answer** button for the correct answer and its explanation. + +If this practice exam has been helpful to you please share it with others and react to this below. + +--- + +1. Which AWS service helps identify malicious or unauthorized activities in AWS accounts and workloads? + - A. Amazon Rekognition + - B. AWS Trusted Advisor + - C. Amazon GuardDuty + - D. Amazon CloudWatch + +
Answer + + Correct Answer: C + + Explanation: + +
+ +2. A company wants to try a third-party ecommerce solution before deciding to use it long term.
Which AWS service or tool will support this effort? + - A. AWS Marketplace + - B. AWS Partner Network (APN) + - C. AWS Managed Services + - D. AWS Service Catalog + +
Answer + + Correct Answer: A + + Explanation: + +
+ +3. Which AWS service is a managed NoSQL database? + - A. Amazon Redshift + - B. Amazon DynamoDB + - C. Amazon Aurora + - D. Amazon RDS for MariaDB + +
Answer + + Correct Answer: B + + Explanation: + +
+ +4. Which AWS service should be used to create a billing alarm? + - A. AWS Trusted Advisor + - B. AWS CloudTrail + - C. Amazon CloudWatch + - D. Amazon QuickSight + +
Answer + + Correct Answer: C + + Explanation: + +
+ +5. A company is hosting a web application in a Docker container on Amazon EC2.
AWS is responsible for which of the following tasks? + - A. Scaling the web application and services developed with Docker + - B. Provisioning or scheduling containers to run on clusters and maintain their availability + - C. Performing hardware maintenance in the AWS facilities that run the AWS Cloud + - D. Managing the guest operating system, including updates and security patches + +
Answer + + Correct Answer: C + + Explanation: + +
+ +6. Users are reporting latency when connecting to a website with a global customer base.
Which AWS service will improve the customer experience by reducing latency? + - A. Amazon CloudFront + - B. AWS Direct Connect + - C. Amazon EC2 Auto Scaling + - D. AWS Transit Gateway + +
Answer + + Correct Answer: A + + Explanation: + +
+ +7. Which actions represent best practices for using AWS IAM? (Choose two.) + - A. Configure a strong password policy + - B. Share the security credentials among users of AWS accounts who are in the same Region + - C. Use access keys to log in to the AWS Management Console + - D. Rotate access keys on a regular basis + - E. Avoid using IAM roles to delegate permissions + +
Answer + + Correct Answer: AD + + Explanation: + +
+ +8. Which AWS feature or service can be used to capture information about incoming and outgoing traffic in an AWS VPC infrastructure? + - A. AWS Config + - B. VPC Flow Logs + - C. AWS Trusted Advisor + - D. AWS CloudTrail + +
Answer + + Correct Answer: B + + Explanation: + + +
+ +9. A company wants to use an AWS service to monitor the health of application endpoints, with the ability to route traffic to healthy regional endpoints to improve application availability.
Which service will support these requirements? + - A. Amazon Inspector + - B. Amazon CloudWatch + - C. AWS Global Accelerator + - D. Amazon CloudFront + +
Answer + + Correct Answer: C + + Explanation: + - AWS Global Accelerator uses the AWS global network to optimize the path from your users to your applications, improving the performance of your traffic by as much as 60%. + - AWS Global Accelerator continually monitors the health of your application endpoints and redirects traffic to healthy endpoints in less than 30 seconds. + + Reference: + +
+ +10. According to the AWS Well-Architected Framework, what change management steps should be taken to achieve reliability in the AWS Cloud? (Choose two.) + - A. Use AWS Config to generate an inventory of AWS resources + - B. Use service limits to prevent users from creating or making changes to AWS resources + - C. Use AWS CloudTrail to record AWS API calls into an auditable log file + - D. Use AWS Certificate Manager to whitelist approved AWS resources and services + - E. Use Amazon GuardDuty to validate configuration changes made to AWS resources + +
Answer + + Correct Answer: DE + +
+ +11. Which service can be used to monitor and receive alerts for AWS account root user AWS Management Console sign-in events? + - A. Amazon CloudWatch + - B. AWS Config + - C. AWS Trusted Advisor + - D. AWS IAM + +
Answer + + Correct Answer: A + + Explanation: + +
+ +12. Which design principle should be considered when architecting in the AWS Cloud? + - A. Think of servers as non-disposable resources + - B. Use synchronous integration of services + - C. Design loosely coupled components + - D. Implement the least permissive rules for security groups + +
Answer + + Correct Answer: C + + Explanation: + +
+ +13. Which AWS services can be used to move data from on-premises data centers to AWS? (Choose two.) + - A. AWS Snowball + - B. AWS Lambda + - C. AWS ElastiCache + - D. AWS Database Migration Service (AWS DMS) + - E. Amazon API Gateway + +
Answer + + Correct Answer: AD + + Explanation: + +
+ +14. A batch workload takes 5 hours to finish on an Amazon EC2 instance. The amount of data to be processed doubles monthly and the processing time is proportional.
What is the best cloud architecture to address this consistently growing demand? + - A. Run the application on a bigger EC2 instance size. + - B. Switch to an EC2 instance family that better matches batch requirements. + - C. Distribute the application across multiple EC2 instances and run the workload in parallel. + - D. Run the application on a bare metal EC2 instance. + +
Answer + + Correct Answer: C + +
+ +15. Each department within a company has its own independent AWS account and its own payment method. New company leadership wants to centralize departmental governance and consolidate payments.
How can this be achieved using AWS services or features? + - A. Forward monthly invoices for each account. Then create IAM roles to allow cross-account access. + - B. Create a new AWS account. Then configure AWS Organizations and invite all existing accounts to join. + - C. Configure AWS Organizations in each of the existing accounts. Then link all accounts together. + - D. Use Cost Explorer to combine costs from all accounts. Then replicate IAM policies across accounts. + +
Answer + + Correct Answer: C + + Explanation: + +
+ +16. The ability to horizontally scale Amazon EC2 instances based on demand is an example of which concept in the AWS Cloud value proposition? + - A. Economy of scale + - B. Elasticity + - C. High availability + - D. Agility + +
Answer + + Correct Answer: B + +
+ +17. An ecommerce company anticipates a huge increase in web traffic for two very popular upcoming shopping holidays.
Which AWS service or feature can be configured to dynamically adjust resources to meet this change in demand? + - A. AWS CloudTrail + - B. Amazon EC2 Auto Scaling + - C. Amazon Forecast + - D. AWS Config + +
Answer + + Correct Answer: B + + Explanation: + +
+ +18. Which AWS service enables users to securely connect to AWS resources over the public internet? + - A. Amazon VPC peering + - B. AWS Direct Connect + - C. AWS VPN + - D. Amazon Pinpoint + +
Answer + + Correct Answer: C + + Explanation: + +
+ +19. Which tool is used to forecast AWS spending? + - A. AWS Trusted Advisor + - B. AWS Organizations + - C. Cost Explorer + - D. Amazon Inspector + +
Answer + + Correct Answer: C + + Explanation: + +
+ +20. A company is running an ecommerce application hosted in Europe. To decrease latency for users who access the website from other parts of the world, the company would like to cache frequently accessed static content closer to the users.
Which AWS service will support these requirements? + - A. Amazon ElastiCache + - B. Amazon CloudFront + - C. Amazon Elastic File System (Amazon EFS) + - D. Amazon Elastic Block Store (Amazon EBS) + +
Answer + + Correct Answer: B + + Explanation: + - Amazon CloudFront employs a global network of edge locations and regional edge caches that cache copies of your content close to your viewers. + - Amazon CloudFront ensures that end-user requests are served by the closest edge location. + - As a result, viewer requests travel a short distance, improving performance for your viewers. + - For files not cached at the edge locations and the regional edge caches, Amazon CloudFront keeps persistent connections with your origin servers so that those files can be fetched from the origin servers as quickly as possible. + + Reference: + +
+ +21. Which of the following is a component of the AWS Global Infrastructure? + - A. Amazon Alexa + - B. AWS Regions + - C. Amazon Lightsail + - D. AWS Organizations + +
Answer + + Correct Answer: B + + Explanation: + +
+ +22. Which AWS service will help users determine if an application running on an Amazon EC2 instance has sufficient CPU capacity? + - A. Amazon CloudWatch + - B. AWS Config + - C. AWS CloudTrail + - D. Amazon Inspector + +
Answer + + Correct Answer: A + + Explanation: + +
+ +23. Why is it beneficial to use Elastic Load Balancers with applications? + - A. They allow for the conversion from Application Load Balancers to Classic Load Balancers. + - B. They are capable of handling constant changes in network traffic patterns. + - C. They automatically adjust capacity. + - D. They are provided at no charge to users. + +
Answer + + Correct Answer: B + + Explanation: + +
+ +24. Which tasks are the customer's responsibility in the AWS shared responsibility model? (Choose two.) + - A. Infrastructure facilities access management + - B. Cloud infrastructure hardware lifecycle management + - C. Configuration management of user's applications + - D. Networking infrastructure protection + - E. Security groups configuration + +
Answer + + Correct Answer: CE + + Explanation: + +
+ +25. IT systems should be designed to reduce interdependencies, so that a change or failure in one component does not cascade to other components.
This is an example of which principle of cloud architecture design? + - A. Scalability + - B. Loose coupling + - C. Automation + - D. Automatic scaling + +
Answer + + Correct Answer: B + + Explanation: + +
+ +26. Which AWS service or feature can enhance network security by blocking requests from a particular network for a web application on AWS? (Choose two.) + - A. AWS WAF + - B. AWS Trusted Advisor + - C. AWS Direct Connect + - D. AWS Organizations + - E. Network ACLs + +
Answer + + Correct Answer: AE + + Explanation: + - + - + +
+ +27. An application runs on multiple Amazon EC2 instances that access a shared file system simultaneously.
Which AWS storage service should be used? + - A. Amazon EBS + - B. Amazon EFS + - C. Amazon S3 + - D. AWS Artifact + +
Answer + + Correct Answer: B + + Explanation: + +
+ +28. A web application is hosted on AWS using an Elastic Load Balancer, multiple Amazon EC2 instances, and Amazon RDS.
Which security measures fall under the responsibility of AWS? (Choose two.) + - A. Running a virus scan on EC2 instances + - B. Protecting against IP spoofing and packet sniffing + - C. Installing the latest security patches on the RDS instance + - D. Encrypting communication between the EC2 instances and the Elastic Load Balancer + - E. Configuring a security group and a network access control list (NACL) for EC2 + +
Answer + + Correct Answer: CD + +
+ +29. What is the benefit of elasticity in the AWS Cloud? + - A. Ensure web traffic is automatically spread across multiple AWS Regions. + - B. Minimize storage costs by automatically archiving log data. + - C. Enable AWS to automatically select the most cost-effective services. + - D. Automatically adjust the required compute capacity to maintain consistent performance. + +
Answer + + Correct Answer: D + + Explanation: + +
+ +30. The continual reduction of AWS Cloud pricing is due to: + - A. pay-as-you go pricing + - B. the AWS global infrastructure + - C. economies of scale + - D. reserved storage pricing + +
Answer + + Correct Answer: C + +
+ +31. A company needs an Amazon S3 bucket that cannot have any public objects due to compliance requirements.
How can this be accomplished? + - A. Enable S3 Block Public Access from the AWS Management Console. + - B. Hold a team meeting to discuss the importance if only uploading private S3 objects. + - C. Require all S3 objects to be manually approved before uploading. + - D. Create a service to monitor all S3 uploads and remove any public uploads. + +
Answer + + Correct Answer: A + + Explanation: + +
+ +32. A Cloud Practitioner identifies a billing issue after examining the AWS Cost and Usage report in the AWS Management Console.
Which action can be taken to resolve this? + - A. Open a detailed case related to billing and submit it to AWS Support for help. + - B. Upload data describing the issue to a new object in a private Amazon S3 bucket. + - C. Create a pricing application and deploy it to a right-sized Amazon EC2 instance for more information. + - D. Proceed with creating a new dashboard in Amazon QuickSight. + +
Answer + + Correct Answer: A + + Explanation: < https://docs.aws.amazon.com/awssupport/latest/user/case-management.html> + +
+ +33. What does the AWS Simple Monthly Calculator do? + - A. Compares on-premises costs to colocation environments + - B. Estimates monthly billing based on projected usage + - C. Estimates power consumption at existing data centers + - D. Estimates CPU utilization + +
Answer + + Correct Answer: B + + Explanation: + +
+ +34. Who is responsible for patching the guest operating system for Amazon RDS? + - A. The AWS Product team + - B. The customer Database Administrator + - C. Managed partners + - D. AWS Support + +
Answer + + Correct Answer: B + + Explanation: + +
+ +35. Which AWS services may be scaled using AWS Auto Scaling? (Choose two.) + - A. Amazon EC2 + - B. Amazon DynamoDB + - C. Amazon S3 + - D. Amazon Route 53 + - E. Amazon Redshift + +
Answer + + Correct Answer: AB + + Explanation: + +
+ +36. Which of the following are benefits of AWS Global Accelerator? (Choose two.) + - A. Reduced cost to run services on AWS + - B. Improved availability of applications deployed on AWS + - C. Higher durability of data stored on AWS + - D. Decreased latency to reach applications deployed on AWS + - E. Higher security of data stored on AWS + +
Answer + + Correct Answer: BD + + Explanation: + +
+ +37. A user who wants to get help with billing and reactivate a suspended account should submit an account and billing request to: + - A. the AWS Support forum + - B. AWS Abuse + - C. an AWS Solutions Architect + - D. AWS Support + +
Answer + + Correct Answer: D + + Explanation: + +
+ +38. Which AWS Cloud best practice uses the elasticity and agility of cloud computing? + - A. Provision capacity based on past usage and theoretical peaks + - B. Dynamically and predictively scale to meet usage demands + - C. Build the application and infrastructure in a data center that grants physical access + - D. Break apart the application into loosely coupled components + +
Answer + + Correct Answer: B + + Explanation: + - In a traditional computing environment, you provision capacity based on an estimate of a theoretical maximum peak. + - This can result in periods where expensive resources are sitting idle or occasions of insufficient capacity. + - With cloud computing, you can access as much or as little capacity as you need and dynamically scale to meet actual demand, while only paying for what you use. + +
+ +39. Which method helps to optimize costs of users moving to the AWS Cloud? + - A. Paying only for what is used + - B. Purchasing hardware before it is needed + - C. Manually provisioning cloud resources + - D. Purchasing for the maximum possible load + +
Answer + + Correct Answer: A + + Explanation: + +
+ +40. Under the AWS shared responsibility model, which of the following is a customer responsibility? + - A. Installing security patches for the Xen and KVM hypervisors + - B. Installing operating system patches for Amazon DynamoDB + - C. Installing operating system security patches for Amazon EC2 database instances + - D. Installing operating system security patches for Amazon RDS database instances + +
Answer + + Correct Answer: C + + Explanation: + +
+ +41. The AWS Cost Management tools give users the ability to do which of the following? (Choose two.) + - A. Terminate all AWS resources automatically if budget thresholds are exceeded. + - B. Break down AWS costs by day, service, and linked AWS account. + - C. Create budgets and receive notifications if current of forecasted usage exceeds the budgets. + - D. Switch automatically to Reserved Instances or Spot Instances, whichever is most cost-effective. + - E. Move data stored in Amazon S3 to a more cost-effective storage class. + +
Answer + + Correct Answer: CD + +
+ +42. Under the AWS shared responsibility model, the security and patching of the guest operating system is the responsibility of: + - A. AWS Support + - B. the customer + - C. AWS Systems Manager + - D. AWS Config + +
Answer + + Correct Answer: B + + Explanation: + +
+ +43. Which AWS service makes it easy to create and manage AWS users and groups, and provide them with secure access to AWS resources at no charge? + - A. AWS Direct Connect + - B. Amazon Connect + - C. AWS Identity and Access Management (IAM) + - D. AWS Firewall Manager + +
Answer + + Correct Answer: C + + Explanation: + - + - + +
+ +44. Which AWS service provides on-demand of AWS security and compliance documentation? + - A. AWS Directory Service + - B. AWS Artifact + - C. AWS Trusted Advisor + - D. Amazon Inspector + +
Answer + + Correct Answer: B + + Explanation: . + +
+ +45. Which AWS service can be used to turn text into life-like speech? + - A. Amazon Polly + - B. Amazon Transcribe + - C. Amazon Rekognition + - D. Amazon Lex + +
Answer + + Correct Answer: A + + Explanation: . + +
+ +46. What is one of the core principles to follow when designing a highly available application in the AWS Cloud? + - A. Design using a serverless architecture + - B. Assume that all components within an application can fail + - C. Design AWS Auto Scaling into every application + - D. Design all components using open-source code + +
Answer + + Correct Answer: B + +
+ +47. A user needs to generate a report that outlines the status of key security checks in an AWS account. The report must include: +
(The status of Amazon S3 bucket permissions, Whether multi-factor authentication is enabled for the AWS account root user, If any security groups are configured to allow unrestricted access.)
Where can all this information be found in one location? + - A. Amazon QuickSight dashboard + - B. AWS CloudTrail trails + - C. AWS Trusted Advisor report + - D. IAM credential report + +
Answer + + Correct Answer: C + + Explanation: + #Security + +
+ +48. Which Amazon EC2 pricing model should be used to comply with per-core software license requirements? + - A. Dedicated Hosts + - B. On-Demand Instances + - C. Spot Instances + - D. Reserved Instances + +
Answer + + Correct Answer: A + + Explanation: + +
+ +49. Which of the AWS global infrastructure is used to cache copies of content for faster delivery to users across the globe? + - A. AWS Regions + - B. Availability Zones + - C. Edge locations + - D. Data centers + +
Answer + + Correct Answer: C + + Explanation: + - When your web traffic is geo-dispersed, it's not always feasible and certainly not cost effective to replicate your entire infrastructure across the globe. + - A CDN provides you the ability to utilize its global network of edge locations to deliver a cached copy of web content such as videos, webpages, images and so on to your customers. + - To reduce response time, the CDN utilizes the nearest edge location to the customer or originating request location in order to reduce the response time. + - Throughput is dramatically increased given that the web assets are delivered from cache. + - For dynamic data, many CDNs can be configured to retrieve data from the origin servers. + + Reference: + +
+ +50. Using AWS Config to record, audit, and evaluate changes to AWS resources to enable traceability is an example of which AWS Well-Architected Framework pillar? + - A. Security + - B. Operational excellence + - C. Performance efficiency + - D. Cost optimization + +
Answer + + Correct Answer: A + + Explanation: + +
+ +Please feel free to comment below if any information is inaccurate or if any answers need correction. + +[ Exam List](../practice-exam/exams.md) diff --git a/practice-exam/practice-exam-21.md b/practice-exam/practice-exam-21.md new file mode 100644 index 0000000..66cf519 --- /dev/null +++ b/practice-exam/practice-exam-21.md @@ -0,0 +1,699 @@ +# Practice Exam 21 + +Click on the **Answer** button for the correct answer and its explanation. + +If this practice exam has been helpful to you please share it with others and react to this below. + +--- + +1. A user needs to quickly deploy a non-relational database on AWS. The user does not want to manage the underlying hardware or the database software.
Which AWS service can be used to accomplish this? + - A. Amazon RDS + - B. Amazon DynamoDB + - C. Amazon Aurora + - D. Amazon Redshift + +
Answer + + Correct Answer: B + + Explanation: + +
+ +2. A Cloud Practitioner is developing a disaster recovery plan and intends to replicate data between multiple geographic areas.
Which of the following meets these requirements? + - A. AWS Accounts + - B. AWS Regions + - C. Availability Zones + - D. Edge locations + +
Answer + + Correct Answer: B + + Explanation: + +
+ +3. Which features and benefits does the AWS Organizations service provide? (Choose two.) + - A. Establishing real-time communications between members of an internal team + - B. Facilitating the use of NoSQL databases + - C. Providing automated security checks + - D. Implementing consolidated billing + - E. Enforcing the governance of AWS accounts + +
Answer + + Correct Answer: DE + + Explanation: + +
+ +4. Which AWS service is used to automate configuration management using Chef and Puppet? + - A. AWS Config + - B. AWS OpsWorks + - C. AWS CloudFormation + - D. AWS Systems Manager + +
Answer + + Correct Answer: B + + Explanation: + +
+ +5. Which tool is best suited for combining the billing of AWS accounts that were previously independent from one another? + - A. Detailed billing report + - B. Consolidated billing + - C. AWS Cost and Usage report + - D. Cost allocation report + +
Answer + + Correct Answer: B + + Explanation: + +
+ +6. The AWS Total Cost of Ownership (TCO) Calculator is used to: + - A. receive reports that break down AWS Cloud compute costs by duration, resource, or tags + - B. estimate savings when comparing the AWS Cloud to an on-premises environment + - C. estimate a monthly bill for the AWS Cloud resources that will be used + - D. enable billing alerts to monitor actual AWS costs compared to estimated costs + +
Answer + + Correct Answer: B + + Explanation: + +
+ +7. Which AWS services can be used to provide network connectivity between an on-premises network and a VPC? (Choose two.) + - A. Amazon Route 53 + - B. AWS Direct Connect + - C. AWS Data Pipeline + - D. AWS VPN + - E. Amazon Connect + +
Answer + + Correct Answer: BD + + Explanation: + +
+ +8. Under the AWS shared responsibility model, which of the following are customer responsibilities? (Choose two.) - A. Setting up server-side encryption on an Amazon S3 bucket + - B. Amazon RDS instance patching + - C. Network and firewall configurations + - D. Physical security of data center facilities + - E. Compute capacity availability + +
Answer + + Correct Answer: AC + + Explanation: + +
+ +9. What is the MINIMUM AWS Support plan level that will provide users with access to the AWS Support API? + - A. Developer + - B. Enterprise + - C. Business + - D. Basic + +
Answer + + Correct Answer: C + + Explanation: + +
+ +10. A company has deployed several relational databases on Amazon EC2 instances. Every month, the database software vendor releases new security patches that need to be applied to the databases.
What is the MOST efficient way to apply the security patches? + - A. Connect to each database instance on a monthly basis, and download and apply the necessary security patches from the vendor. + - B. Enable automatic patching for the instances using the Amazon RDS console. + - C. In AWS Config, configure a rule for the instances and the required patch level. + - D. Use AWS Systems Manager to automate database patching according to a schedule. + +
Answer + + Correct Answer: B + + Explanation: + +
+ +11. A company wants to use Amazon Elastic Compute Cloud (Amazon EC2) to deploy a global commercial application. The deployment solution should be built with the highest redundancy and fault tolerance.
Based on this situation, the Amazon EC2 instances should be deployed: + - A. in a single Availability Zone in one AWS Region + - B. with multiple Elastic Network Interfaces belonging to different subnets + - C. across multiple Availability Zones in one AWS Region + - D. across multiple Availability Zones in two AWS Regions + +
Answer + + Correct Answer: C + + Explanation: + +
+ +12. A company has an application with users in both Australia and Brazil. All the company infrastructure is currently provisioned in the Asia Pacific (Sydney) Region in Australia, and Brazilian users are experiencing high latency.
What should the company do to reduce latency? + - A. Implement AWS Direct Connect for users in Brazil + - B. Provision resources in the South America (São Paulo) Region in Brazil. + - C. Use AWS Transit Gateway to quickly route users from Brazil to the application + - D. Launch additional Amazon EC2 instances in Sydney to handle the demand + +
Answer + + Correct Answer: B + + Explanation: + +
+ +13. An Amazon EC2 instance runs only when needed yet must remain active for the duration of the process.
What is the most appropriate purchasing option? + - A. Dedicated Instances + - B. Spot Instances + - C. On-Demand Instances + - D. Reserved Instances + +
Answer + + Correct Answer: C + +
+ +14. Which AWS dashboard displays relevant and timely information to help users manage events in progress, and provides proactive notifications to help plan for scheduled activities? + - A. AWS Service Health Dashboard + - B. AWS Personal Health Dashboard + - C. AWS Trusted Advisor dashboard + - D. Amazon CloudWatch dashboard + +
Answer + + Correct Answer: B + + Explanation: + +
+ +15. Which AWS hybrid storage service enables a user's on-premises applications to seamlessly use AWS Cloud storage? + - A. AWS Backup + - B. Amazon Connect + - C. AWS Direct Connect + - D. AWS Storage Gateway + +
Answer + + Correct Answer: D + + Explanation: + +
+ +16. Which of the following acts as a virtual firewall at the Amazon EC2 instance level to control traffic for one or more instances? + - A. Access keys + - B. Virtual private gateways + - C. Security groups + - D. Access Control Lists (ACL) + +
Answer + + Correct Answer: C + + Explanation: + +
+ +17. What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions? + - A. Use AWS Direct Connect + - B. Use AWS VPN + - C. Use AWS Client VPN + - D. Use an AWS Transit Gateway + +
Answer + + Correct Answer: D + + Explanation: + +
+ +18. Which AWS Support plan provides access to architectural and operational reviews, as well as 24/7 access to Senior Cloud Support Engineers through email, online chat, and phone? + - A. Basic + - B. Business + - C. Developer + - D. Enterprise + +
Answer + + Correct Answer: D + + Explanation: + +
+ +19. Which AWS service or feature helps restrict the AWS services, resources, and individual API actions the users and roles in each member account can access? + - A. Amazon Cognito + - B. AWS Organizations + - C. AWS Shield + - D. AWS Firewall Manager + +
Answer + + Correct Answer: B + + Explanation: + +
+ +20. What is the best resource for a user to find compliance-related information and reports about AWS? + - A. AWS Artifact + - B. AWS Marketplace + - C. Amazon Inspector + - D. AWS Support + +
Answer + + Correct Answer: A + + Explanation: + +
+ +21. Which Amazon S3 storage class is optimized to provide access to data with lower resiliency requirements, but rapid access when needed such as duplicate backups? + - A. Amazon S3 Standard + - B. Amazon S3 Glacier Deep Archive + - C. Amazon S3 One Zone-Infrequent Access + - D. Amazon S3 Glacier + +
Answer + + Correct Answer: C + + Explanation: + +
+ +22. What is an Availability Zone in AWS? + - A. One or more physical data centers + - B. A completely isolated geographic location + - C. One or more edge locations based around the world + - D. A data center location with a single source of power and networking + +
Answer + + Correct Answer: A + + Explanation: + +
+ +23. Which AWS services can be used as infrastructure automation tools? (Choose two.) + - A. AWS CloudFormation + - B. Amazon CloudFront + - C. AWS Batch + - D. AWS OpsWorks + - E. Amazon QuickSight + +
Answer + + Correct Answer: AD + + Explanation: + +
+ +24. Which AWS service enables users to create copies of resources across AWS Regions? + - A. Amazon ElastiCache + - B. AWS CloudFormation + - C. AWS CloudTrail + - D. AWS Systems Manager + +
Answer + + Correct Answer: B + + Explanation: + +
+ +25. A user would like to encrypt data that is received, stored, and managed by AWS CloudTrail.
Which AWS service will provide this capability? + - A. AWS Secrets Manager + - B. AWS Systems Manager + - C. AWS Key Management Service (AWS KMS) + - D. AWS Certificate Manager + +
Answer + + Correct Answer: C + + Explanation: + +
+ +26. Which AWS Cloud benefit eliminates the need for users to try estimating future infrastructure usage? + - A. Easy and fast deployment of applications in multiple Regions around the world + - B. Security of the AWS Cloud + - C. Elasticity of the AWS Cloud + - D. Lower variable costs due to massive economies of scale + +
Answer + + Correct Answer: C + +
+ +27. What credential components are required to gain programmatic access to an AWS account? (Choose two.) + - A. An access key ID + - B. A primary key + - C. A secret access key + - D. A user ID + - E. A secondary key + +
Answer + + Correct Answer: AC + + Explanation: + +
+ +28. Which of the following are AWS compute services? (Select two.) + - A. Amazon Lightsail + - B. AWS Systems Manager + - C. AWS CloudFormation + - D. AWS Batch + - E. Amazon Inspector + +
Answer + + Correct Answer: AD + + Explanation: + +
+ +29. How can a company separate costs for network traffic, Amazon EC2, Amazon S3, and other AWS services by department? + - A. Add department-specific tags to each resource + - B. Create a separate VPC for each department + - C. Create a separate AWS account for each department + - D. Use AWS Organizations + +
Answer + + Correct Answer: A + + Explanation: + +
+ +30. What is a benefit of consolidated billing for AWS accounts? + - A. Access to AWS Personal Health Dashboard + - B. Combined usage volume discounts + - C. Improved account security + - D. Centralized AWS IAM + +
Answer + + Correct Answer: B + + Explanation: + +
+ +31. Which AWS service will allow a user to set custom cost and usage limits, and will alert when the thresholds are exceeded? + - A. AWS Organizations + - B. AWS Budgets + - C. Cost Explorer + - D. AWS Trusted Advisor + +
Answer + + Correct Answer: B + + Explanation: + +
+ +32. Which AWS service provides the ability to detect inadvertent data leaks of personally identifiable information (PII) and user credential data? + - A. Amazon GuardDuty + - B. Amazon Inspector + - C. Amazon Macie + - D. AWS Shield + +
Answer + + Correct Answer: C + + Explanation: + +
+ +33. Which tool can be used to monitor AWS service limits? + - A. AWS Total Cost of Ownership (TCO) Calculator + - B. AWS Trusted Advisor + - C. AWS Personal Health Dashboard + - D. AWS Cost and Usage report + +
Answer + + Correct Answer: B + + Explanation: + +
+ +34. A company has distributed its workload on both the AWS Cloud and some on-premises servers.
What type of architecture is this? + - A. Virtual private network + - B. Virtual private cloud + - C. Hybrid cloud + - D. Private cloud + +
Answer + + Correct Answer: C + + Explanation: + +
+ +35. Which of the following describes a security best practice that can be implemented using AWS IAM? + - A. Disable AWS Management Console access for all users + - B. Generate secret keys for every IAM user + - C. Grant permissions to users who are required to perform a given task only + - D. Store AWS credentials within Amazon EC2 instances + +
Answer + + Correct Answer: C + + Explanation: + +
+ +36. What can be used to automate and manage secure, well-architected, multi-account AWS environments? + - A. AWS shared responsibility model + - B. AWS Control Tower + - C. AWS Security Hub + - D. AWS Well-Architected Tool + +
Answer + + Correct Answer: B + + Explanation: + - Control Tower automates the process of setting up a new baseline multi-account AWS environment that is secure, well-architected, and ready to use. + - Control Tower incorporates the knowledge that AWS Professional Service has gained over the course of thousands of successful customer engagements. + + Reference: + +
+ +37. Which AWS service or feature allows a user to easily scale connectivity among thousands of VPCs? + - A. VPC peering + - B. AWS Transit Gateway + - C. AWS Direct Connect + - D. AWS Global Accelerator + +
Answer + + Correct Answer: B + + Explanation: + +
+ +38. A company needs protection from expanded distributed denial of service (DDoS) attacks on its website and assistance from AWS experts during such events.
Which AWS managed service will meet these requirements? + - A. AWS Shield Advanced + - B. AWS Firewall Manager + - C. AWS WAF + - D. Amazon GuardDuty + +
Answer + + Correct Answer: A + + Explanation: + +
+ +39. A company's application has flexible start and end times.
Which Amazon EC2 pricing model will be the MOST cost-effective? + - A. On-Demand Instances + - B. Spot Instances + - C. Reserved Instances + - D. Dedicated Hosts + +
Answer + + Correct Answer: B + + Explanation: + +
+ +40. Under the AWS shared responsibility model, what are the customer's responsibilities? (Choose two.) + - A. Physical and environmental security + - B. Physical network devices including firewalls + - C. Storage device decommissioning + - D. Security of data in transit + - E. Data integrity authentication + +
Answer + + Correct Answer: DE + +
+ +41. A cloud practitioner has a data analysis workload that is infrequently executed and can be interrupted without harm. To optimize for cost, which Amazon EC2 purchasing option should be used? + - A. On-Demand Instances + - B. Reserved Instances + - C. Spot Instances + - D. Dedicated Hosts + +
Answer + + Correct Answer: C + + Explanation: + +
+ +42. Which AWS container service will help a user install, operate, and scale the cluster management infrastructure? + - A. Amazon Elastic Container Registry (Amazon ECR) + - B. AWS Elastic Beanstalk + - C. Amazon Elastic Container Service (Amazon ECS) + - D. Amazon Elastic Block Store (Amazon EBS) + +
Answer + + Correct Answer: C + +
+ +43. Which of the following allows an application running on an Amazon EC2 instance to securely write data to an Amazon S3 bucket without using long term credentials? + - A. Amazon Cognito + - B. AWS Shield + - C. AWS IAM role + - D. AWS IAM user access key + +
Answer + + Correct Answer: C + +
+ +44. A company with a Developer-level AWS Support plan provisioned an Amazon RDS database and cannot connect to it.
Who should the developer contact for this level of support? + - A. AWS Support using a support case + - B. AWS Professional Services + - C. AWS technical account manager + - D. AWS consulting partners + +
Answer + + Correct Answer: A + +
+ +45. What is the purpose of having an internet gateway within a VPC? + - A. To create a VPN connection to the VPC + - B. To allow communication between the VPC and the Internet + - C. To impose bandwidth constraints on internet traffic + - D. To load balance traffic from the Internet across Amazon EC2 instances + +
Answer + + Correct Answer: B + +
+ +46. A company must ensure that its endpoint for a database instance remains the same after a single Availability Zone service interruption. The application needs to resume database operations without the need for manual administrative intervention.
How can these requirements be met? + - A. Use multiple Amazon Route 53 routes to the standby database instance endpoint hosted on AWS Storage Gateway. + - B. Configure Amazon RDS Multi-Availability Zone deployments with automatic failover to the standby. + - C. Add multiple Application Load Balancers and deploy the database instance with AWS Elastic Beanstalk. + - D. Deploy a single Network Load Balancer to distribute incoming traffic across multiple Amazon CloudFront origins. + +
Answer + + Correct Answer: B + +
+ +47. Which AWS managed service can be used to distribute traffic between one or more Amazon EC2 instances? + - A. NAT gateway + - B. Elastic Load Balancing + - C. Amazon Athena + - D. AWS PrivateLink + +
Answer + + Correct Answer: B + +
+ +48. AWS Trusted Advisor provides recommendations on which of the following? (Choose two.) + - A. Cost optimization + - B. Auditing + - C. Serverless architecture + - D. Performance + - E. Scalability + +
Answer + + Correct Answer: AD + +
+ +49. Which of the following tasks can only be performed after signing in with AWS account root user credentials? (Choose two.) + - A. Closing an AWS account + - B. Creating a new IAM policy + - C. Changing AWS Support plans + - D. Attaching a role to an Amazon EC2 instance + - E. Generating access keys for IAM users + +
Answer + + Correct Answer: AC + +
+ +50. Fault tolerance refers to: + - A. the ability of an application to accommodate growth without changing design + - B. how well and how quickly an application's environment can have lost data restored + - C. how secure your application is + - D. the built-in redundancy of an application's components + +
Answer + + Correct Answer: B + +
+ +Please feel free to comment below if any information is inaccurate or if any answers need correction. + +[ Exam List](../practice-exam/exams.md) diff --git a/practice-exam/practice-exam-22.md b/practice-exam/practice-exam-22.md new file mode 100644 index 0000000..fa43a70 --- /dev/null +++ b/practice-exam/practice-exam-22.md @@ -0,0 +1,661 @@ +# Practice Exam 22 + +Click on the **Answer** button for the correct answer and its explanation. + +If this practice exam has been helpful to you please share it with others and react to this below. + +--- + +1. A company operating in the AWS Cloud requires separate invoices for specific environments, such as development, testing, and production.
How can this be achieved? + - A. Use multiple AWS accounts + - B. Use resource tagging + - C. Use multiple VPCs + - D. Use Cost Explorer + +
Answer + + Correct Answer: B + +
+ +2. Which AWS service can be used in the application deployment process? + - A. AWS AppSync + - B. AWS Batch + - C. AWS CodePipeline + - D. AWS DataSync + +
Answer + + Correct Answer: C + +
+ +3. What can be used to reduce the cost of running Amazon EC2 instances? (Choose two.) + - A. Spot Instances for stateless and flexible workloads + - B. Memory optimized instances for high-compute workloads + - C. On-Demand Instances for high-cost and sustained workloads + - D. Reserved Instances for sustained workloads + - E. Spend limits set using AWS Budgets + +
Answer + + Correct Answer: AD + +
+ +4. A company is launching an e-commerce site that will store and process credit card data. The company requires information about AWS compliance reports and AWS agreements.
Which AWS service provides on-demand access to these items? + - A. AWS Certificate Manager + - B. AWS Config + - C. AWS Artifact + - D. AWS CloudTrail + +
Answer + + Correct Answer: C + +
+ +5. Which AWS service or feature allows the user to manager cross-region application traffic? + - A. Amazon AppStream 2.0 + - B. Amazon VPC + - C. Elastic Load Balancer + - D. Amazon Route 53 + +
Answer + + Correct Answer: A + +
+ +6. Which AWS service can be used to track unauthorized API calls? + - A. AWS Config + - B. AWS CloudTrail + - C. AWS Trusted Advisor + - D. Amazon Inspector + +
Answer + + Correct Answer: B + +
+ +7. A user needs to regularly audit and evaluate the setup of all AWS resources, identify non-compliant accounts, and be notified when a resource changes.
Which AWS service can be used to meet these requirements? + - A. AWS Trusted Advisor + - B. AWS Config + - C. AWS Resource Access Manager + - D. AWS Systems Manager + +
Answer + + Correct Answer: B + +
+ +8. A user is planning to launch two additional Amazon EC2 instances to increase availability.
Which action should the user take? + - A. Launch the instances across multiple Availability Zones in a single AWS Region. + - B. Launch the instances as EC2 Reserved Instances in the same AWS Region and the same Availability Zone. + - C. Launch the instances in multiple AWS Regions, but in the same Availability Zone. + - D. Launch the instances as EC2 Spot Instances in the same AWS Region, but in different Availability Zones. + +
Answer + + Correct Answer: A + +
+ +9. A company must store critical business data in Amazon S3 with a backup to another AWS Region.
How can this be achieved? + - A. Use an Amazon CloudFront Content Delivery Network (CDN) to cache data globally + - B. Set up Amazon S3 cross-region replication to another AWS Region + - C. Configure the AWS Backup service to back up to the data to another AWS Region + - D. Take Amazon S3 bucket snapshots and copy that data to another AWS Region + +
Answer + + Correct Answer: B + +
+ +10. Which AWS Cloud service can send alerts to customers if custom spending thresholds are exceeded? + - A. AWS Budgets + - B. AWS Cost Explorer + - C. AWS Cost Allocation Tags + - D. AWS Organizations + +
Answer + + Correct Answer: A + +
+ +11. What is the recommended method to request penetration testing on AWS resources? + - A. Open a support case + - B. Fill out the Penetration Testing Request Form + - C. Request a penetration test from your technical account manager + - D. Contact your AWS sales representative + +
Answer + + Correct Answer: B + +
+ +12. A user needs to automatically discover, classify, and protect sensitive data stored in Amazon S3.
Which AWS service can meet these requirements? + - A. Amazon Inspector + - B. Amazon Macie + - C. Amazon GuardDuty + - D. AWS Secrets Manager + +
Answer + + Correct Answer: B + +
+ +13. Which components are required to build a successful site-to-site VPN connection on AWS? (Choose two.) + - A. Internet gateway + - B. NAT gateway + - C. Customer gateway + - D. Transit gateway + - E. Virtual private gateway + +
Answer + + Correct Answer: CD + +
+ +14. Which Amazon EC2 pricing option is best suited for applications with short-term, spiky, or unpredictable workloads that cannot be interrupted? + - A. Spot Instances + - B. Dedicated Hosts + - C. On-Demand Instances + - D. Reserved Instances + +
Answer + + Correct Answer: C + +
+ +15. Which AWS cloud architecture principle states that systems should reduce interdependencies? + - A. Scalability + - B. Services, not servers + - C. Removing single points of failure + - D. Loose coupling + +
Answer + + Correct Answer: D + +
+ +16. What is the MOST effective resource for staying up to date on AWS security announcements? + - A. AWS Personal Health Dashboard + - B. AWS Secrets Manager + - C. AWS Security Bulletins + - D. Amazon Inspector + +
Answer + + Correct Answer: C + +
+ +17. Which AWS service offers persistent storage for a file system? + - A. Amazon S3 + - B. Amazon EC2 instance store + - C. Amazon Elastic Block Store (Amazon EBS) + - D. Amazon ElastiCache + +
Answer + + Correct Answer: C + +
+ +18. Which of the following allows AWS users to manage cost allocations for billing? + - A. Tagging resources + - B. Limiting who can create resources + - C. Adding a secondary payment method + - D. Running all operations on a single AWS account + +
Answer + + Correct Answer: A + +
+ +19. Which AWS service allows users to download security and compliance reports about the AWS infrastructure on demand? + - A. Amazon GuardDuty + - B. AWS Security Hub + - C. AWS Artifact + - D. AWS Shield + +
Answer + + Correct Answer: C + +
+ +20. Which of the following AWS services are serverless? (Choose two.) + - A. AWS Lambda + - B. Amazon Elasticsearch Service + - C. AWS Elastic Beanstalk + - D. Amazon DynamoDB + - E. Amazon Redshift + +
Answer + + Correct Answer: AD + +
+ +21. Which AWS managed services can be used to extend an on-premises data center to the AWS network? (Choose two.) + - A. AWS VPN + - B. NAT gateway + - C. AWS Direct Connect + - D. Amazon Connect + - E. Amazon Route 53 + +
Answer + + Correct Answer: AC + +
+ +22. Which requirement must be met for a member account to be unlinked from an AWS Organizations account? + - A. The linked account must be actively compliant with AWS System and Organization Controls (SOC). + - B. The payer and the linked account must both create AWS Support cases to request that the member account be unlinked from the organization. + - C. The member account must meet the requirements of a standalone account. + - D. The payer account must be used to remove the linked account from the organization. + +
Answer + + Correct Answer: C + +
+ +23. What AWS benefit refers to a customer's ability to deploy applications that scale up and down the meet variable demand? + - A. Elasticity + - B. Agility + - C. Security + - D. Scalability + +
Answer + + Correct Answer: D + +
+ +24. During a compliance review, one of the auditors requires a copy of the AWS SOC 2 report.
Which service should be used to submit this request? + - A. AWS Personal Health Dashboard + - B. AWS Trusted Advisor + - C. AWS Artifact + - D. Amazon S3 + +
Answer + + Correct Answer: C + +
+ +25. A company wants to set up a highly available workload in AWS with a disaster recovery plan that will allow the company to recover in case of a regional service interruption.
Which configuration will meet these requirements? + - A. Run on two Availability Zones in one AWS Region, using the additional Availability Zones in the AWS Region for the disaster recovery site. + - B. Run on two Availability Zones in one AWS Region, using another AWS Region for the disaster recovery site. + - C. Run on two Availability Zones in one AWS Region, using a local AWS Region for the disaster recovery site. + - D. Run across two AWS Regions, using a third AWS Region for the disaster recovery site. + +
Answer + + Correct Answer: D + + Explanation: + +
+ +26. A company has a 500 TB image repository that needs to be transported to AWS for processing.
Which AWS service can import this data MOST cost-effectively? + - A. AWS Snowball + - B. AWS Direct Connect + - C. AWS VPN + - D. Amazon S3 + +
Answer + + Correct Answer: A + + Explanation: + +
+ +27. Which AWS service can run a managed PostgreSQL database that provides online transaction processing (OLTP)? + - A. Amazon DynamoDB + - B. Amazon Athena + - C. Amazon RDS + - D. Amazon EMR + +
Answer + + Correct Answer: C + + Explanation: + +
+ +28. Which of the following assist in identifying costs by department? (Choose two.) + - A. Using tags on resources + - B. Using multiple AWS accounts + - C. Using an account manager + - D. Using AWS Trusted Advisor + - E. Using Consolidated Billing + +
Answer + + Correct Answer: AB + +
+ +29. A company wants to allow full access to an Amazon S3 bucket for a particular user.
Which element in the S3 bucket policy holds the user details that describe who needs access to the S3 bucket? + - A. Principal + - B. Action + - C. Resource + - D. Statement + +
Answer + + Correct Answer: A + + Explanation: + +
+ +30. Which AWS service allows for effective cost management of multiple AWS accounts? + - A. AWS Organizations + - B. AWS Trusted Advisor + - C. AWS Direct Connect + - D. Amazon Connect + +
Answer + + Correct Answer: A + + Explanation: + +
+ +31. A company is piloting a new customer-facing application on Amazon Elastic Compute Cloud (Amazon EC2) for one month.
What pricing model is appropriate? + - A. Reserved Instances + - B. Spot Instances + - C. On-Demand Instances + - D. Dedicated Hosts + +
Answer + + Correct Answer: C + + Explanation: + +
+ +32. Which AWS tools automatically forecast future AWS costs? + - A. AWS Support Center + - B. AWS Total Cost of Ownership (TCO) Calculator + - C. AWS Simple Monthly Calculator + - D. Cost Explorer + +
Answer + + Correct Answer: D + + Explanation: + +
+ +33. Under the AWS shared responsibility model, which of the following is a responsibility of AWS? + - A. Enabling server-side encryption for objects stored in S3 + - B. Applying AWS IAM security policies + - C. Patching the operating system on an Amazon EC2 instance + - D. Applying updates to the hypervisor + +
Answer + + Correct Answer: D + + Explanation: + +
+ +34. A user is able to set up a master payer account to view consolidated billing reports through: + - A. AWS Budgets. + - B. Amazon Macie. + - C. Amazon QuickSight. + - D. AWS Organizations. + +
Answer + + Correct Answer: D + + Explanation: + +
+ +35. Performing operations as code is a design principle that supports which pillar of the AWS Well-Architected Framework? + - A. Performance efficiency + - B. Operational excellence + - C. Reliability + - D. Security + +
Answer + + Correct Answer: B + + Explanation: + +
+ +36. Which design principle is achieved by following the reliability pillar of the AWS Well-Architected Framework? + - A. Vertical scaling + - B. Manual failure recovery + - C. Testing recovery procedures + - D. Changing infrastructure manually + +
Answer + + Correct Answer: C + + Explanation: + +
+ +37. What is a characteristic of Convertible Reserved Instances (RIs)? + - A. Users can exchange Convertible RIs for other Convertible RIs from a different instance family. + - B. Users can exchange Convertible RIs for other Convertible RIs in different AWS Regions. + - C. Users can sell and buy Convertible RIs on the AWS Marketplace. + - D. Users can shorten the term of their Convertible RIs by merging them with other Convertible RIs. + +
Answer + + Correct Answer: A + + Explanation: + +
+ +38. The user is fully responsible for which action when running workloads on AWS? + - A. Patching the infrastructure components + - B. Implementing controls to route application traffic + - C. Maintaining physical and environmental controls + - D. Maintaining the underlying infrastructure components + +
Answer + + Correct Answer: B + +
+ +39. An architecture design includes Amazon EC2, an Elastic Load Balancer, and Amazon RDS.
What is the BEST way to get a monthly cost estimation for this architecture? + - A. Open an AWS Support case, provide the architecture proposal, and ask for a monthly cost estimation. + - B. Collect the published prices of the AWS services and calculate the monthly estimate. + - C. Use the AWS Simple Monthly Calculator to estimate the monthly cost. + - D. Use the AWS Total Cost of Ownership (TCO) Calculator to estimate the monthly cost. + +
Answer + + Correct Answer: C + + Explanation: + +
+ +40. Which are benefits of using Amazon RDS over Amazon EC2 when running relational databases on AWS? (Choose two.) + - A. Automated backups + - B. Schema management + - C. Indexing of tables + - D. Software patching + - E. Extract, transform, and load (ETL) management + +
Answer + + Correct Answer: AD + + Explanation: + +
+ +41. What does the Amazon S3 Intelligent-Tiering storage class offer? + - A. Payment flexibility by reserving storage capacity + - B. Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store (Amazon EBS) volume + - C. Automatic cost savings by moving objects between tiers based on access pattern changes + - D. Secure, durable, and lowest cost storage for data archival + +
Answer + + Correct Answer: C + + Explanation: + +
+ +42. A company has multiple data sources across the organization and wants to consolidate data into one data warehouse.
Which AWS service can be used to meet this requirement? + - A. Amazon DynamoDB + - B. Amazon Redshift + - C. Amazon Athena + - D. Amazon QuickSight + +
Answer + + Correct Answer: B + + Explanation: + +
+ +43. Which AWS service can be used to track resource changes and establish compliance? + - A. Amazon CloudWatch + - B. AWS Config + - C. AWS CloudTrail + - D. AWS Trusted Advisor + +
Answer + + Correct Answer: B + + Explanation: + +
+ +44. A user has underutilized on-premises resources.
Which AWS Cloud concept can BEST address this issue? + - A. High availability + - B. Elasticity + - C. Security + - D. Loose coupling + +
Answer + + Correct Answer: B + + Explanation: + +
+ +45. A user has a stateful workload that will run on Amazon EC2 for the next 3 years.
What is the MOST cost-effective pricing model for this workload? + - A. On-Demand Instances + - B. Reserved Instances + - C. Dedicated Instances + - D. Spot Instances + +
Answer + + Correct Answer: B + +
+ +46. A cloud practitioner needs an Amazon EC2 instance to launch and run for 7 hours without interruptions.
What is the most suitable and cost-effective option for this task? + - A. On-Demand Instance + - B. Reserved Instance + - C. Dedicated Host + - D. Spot Instance + +
Answer + + Correct Answer: A + +
+ +47. Which of the following are benefits of using AWS Trusted Advisor? (Choose two.) + - A. Providing high-performance container orchestration + - B. Creating and rotating encryption keys + - C. Detecting underutilized resources to save costs + - D. Improving security by proactively monitoring the AWS environment + - E. Implementing enforced tagging across AWS resources + +
Answer + + Correct Answer: CD + + Explanation: + +
+ +48. A developer has been hired by a large company and needs AWS credentials.
Which are security best practices that should be followed? (Choose two.) + - A. Grant the developer access to only the AWS resources needed to perform the job. + - B. Share the AWS account root user credentials with the developer. + - C. Add the developer to the administrator's group in AWS IAM. + - D. Configure a password policy that ensures the developer's password cannot be changed. + - E. Ensure the account password policy requires a minimum length. + +
Answer + + Correct Answer: AE + +
+ +49. Which AWS storage service is designed to transfer petabytes of data in and out of the cloud? + - A. AWS Storage Gateway + - B. Amazon S3 Glacier Deep Archive + - C. Amazon Lightsail + - D. AWS Snowball + +
Answer + + Correct Answer: D + + Explanation: + +
+ +50. Which service provides a user the ability to warehouse data in the AWS Cloud? + - A. Amazon EFS + - B. Amazon Redshift + - C. Amazon RDS + - D. Amazon VPC + +
Answer + + Correct Answer: B + + Explanation: + +
+ +Please feel free to comment below if any information is inaccurate or if any answers need correction. + +[ Exam List](../practice-exam/exams.md) diff --git a/practice-exam/practice-exam-23.md b/practice-exam/practice-exam-23.md new file mode 100644 index 0000000..5b70a10 --- /dev/null +++ b/practice-exam/practice-exam-23.md @@ -0,0 +1,712 @@ +# Practice Exam 23 + +Click on the **Answer** button for the correct answer and its explanation. + +If this practice exam has been helpful to you please share it with others and react to this below. + +--- + +1. A user is planning to migrate an application workload to the AWS Cloud.
Which control becomes the responsibility of AWS once the migration is complete? + - A. Patching the guest operating system + - B. Maintaining physical and environmental controls + - C. Protecting communications and maintaining zone security + - D. Patching specific applications + +
Answer + + Correct Answer: B + +
+ +2. Which services can be used to deploy applications on AWS? (Choose two.) + - A. AWS Elastic Beanstalk + - B. AWS Config + - C. AWS OpsWorks + - D. AWS Application Discovery Service + - E. Amazon Kinesis + +
Answer + + Correct Answer: AC + + Explanation: + +
+ +3. Which AWS service can be used to provide an on-demand, cloud-based contact center? + - A. AWS Direct Connect + - B. Amazon Connect + - C. AWS Support Center + - D. AWS Managed Services + +
Answer + + Correct Answer: B + + Explanation: + +
+ +4. What tool enables customers without an AWS account to estimate costs for almost all AWS services? + - A. Cost Explorer + - B. TCO Calculator + - C. AWS Budgets + - D. Simple Monthly Calculator + +
Answer + + Correct Answer: A + + Explanation: + +
+ +5. Which component must be attached to a VPC to enable inbound Internet access? + - A. NAT gateway + - B. VPC endpoint + - C. VPN connection + - D. Internet gateway + +
Answer + + Correct Answer: D + + Explanation: + +
+ +6. Which pricing model would result in maximum Amazon Elastic Compute Cloud (Amazon EC2) savings for a database server that must be online for one year? + - A. Spot Instance + - B. On-Demand Instance + - C. Partial Upfront Reserved Instance + - D. No Upfront Reserved Instance + +
Answer + + Correct Answer: C + + Explanation: + +
+ +7. A company has a MySQL database running on a single Amazon EC2 instance. The company now requires higher availability in the event of an outage.
Which set of tasks would meet this requirement? + - A. Add an Application Load Balancer in front of the EC2 instance + - B. Configure EC2 Auto Recovery to move the instance to another Availability Zone + - C. Migrate to Amazon RDS and enable Multi-AZ + - D. Enable termination protection for the EC2 instance to avoid outages + +
Answer + + Correct Answer: C + + Explanation: + +
+ +8. A company wants to ensure that AWS Management Console users are meeting password complexity requirements.
How can the company configure password complexity? + - A. Using an AWS IAM user policy + - B. Using an AWS Organizations service control policy (SCP) + - C. Using an AWS IAM account password policy + - D. Using an AWS Security Hub managed insight + +
Answer + + Correct Answer: C + + Explanation: + +
+ +9. Under the AWS shared responsibility model, which of the following is the customer's responsibility? + - A. Patching guest OS and applications + - B. Patching and fixing flaws in the infrastructure + - C. Physical and environmental controls + - D. Configuration of AWS infrastructure devices + +
Answer + + Correct Answer: A + +
+ +10. Which of the following tasks is required to deploy a PCI-compliant workload on AWS? + - A. Use any AWS service and implement PCI controls at the application layer + - B. Use an AWS service that is in-scope for PCI compliance and raise an AWS support ticket to enable PCI compliance at the application layer + - C. Use any AWS service and raise an AWS support ticket to enable PCI compliance on that service + - D. Use an AWS service that is in scope for PCI compliance and apply PCI controls at the application layer + +
Answer + + Correct Answer: D + + Explanation: + +
+ +11. A company is building an application that requires the ability to send, store, and receive messages between application components. The company has another requirement to process messages in first-in, first-out (FIFO) order.
Which AWS service should the company use? + - A. AWS Step Functions + - B. Amazon Simple Notification Service (Amazon SNS) + - C. Amazon Kinesis Data Streams + - D. Amazon Simple Queue Service (Amazon SQS) + +
Answer + + Correct Answer: D + + Explanation: + +
+ +12. AnyCompany recently purchased Example Corp. Both companies use AWS resources, and AnyCompany wants a single aggregated bill.
Which option allows AnyCompany to receive a single bill? + - A. Example Corp. must submit a request to its AWS solutions architect or AWS technical account manager to link the accounts and consolidate billing. + - B. AnyCompany must create a new support case in the AWS Support Center requesting that both bills be combined. + - C. Send an invitation to join the organization from AnyCompany's AWS Organizations master account to Example Corp. + - D. Migrate the Example Corp. VPCs, Amazon EC2 instances, and other resources into the AnyCompany AWS account. + +
Answer + + Correct Answer: A + + Explanation: + +
+ +13. Which tool can be used to create alerts when the actual or forecasted cost of AWS services exceeds a certain threshold? + - A. Cost Explorer + - B. AWS Budgets + - C. AWS Cost and Usage Report + - D. AWS CloudTrail + +
Answer + + Correct Answer: B + + Explanation: + +
+ +14. A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in the AWS Cloud.
Which service should be used to deploy the application? + - A. AWS CloudFormation + - B. AWS Elastic Beanstalk + - C. Amazon EC2 + - D. AWS OpsWorks + +
Answer + + Correct Answer: B + + Explanation: + +
+ +15. Which AWS Trusted Advisor check is available to all AWS users? + - A. Core checks + - B. All checks + - C. Cost optimization checks + - D. Fault tolerance checks + +
Answer + + Correct Answer: A + + Explanation: + +
+ +16. A web developer is concerned that a DDoS attack could target an application.
Which AWS services or features can help protect against such an attack? (Choose two.) + - A. AWS Shield + - B. AWS CloudTrail + - C. Amazon CloudFront + - D. AWS Support Center + - E. AWS Service Health Dashboard + +
Answer + + Correct Answer: AC + + Explanation: + +
+ +17. Which AWS service gives users on-demand, self-service access to AWS compliance control reports? + - A. AWS Config + - B. Amazon GuardDuty + - C. AWS Trusted Advisor + - D. AWS Artifact + +
Answer + + Correct Answer: D + + Explanation: + +
+ +18. A company wants to provide one of its employees with access to Amazon RDS. The company also wants to limit the interaction to only the AWS CLI and AWS software development kits (SDKs).
Which combination of actions should the company take to meet these requirements while following the principles of least privilege? (Choose two.) + - A. Create an IAM user and provide AWS Management Console access only. + - B. Create an IAM user and provide programmatic access only. + - C. Create an IAM role and provide AWS Management Console access only. + - D. Create an IAM policy with administrator access and attach it to the IAM user. + - E. Create an IAM policy with Amazon RDS access and attach it to the IAM user. + +
Answer + + Correct Answer: BE + +
+ +19. A company has a compliance requirement to record and evaluate configuration changes, as well as perform remediation actions on AWS resources.
Which AWS service should the company use? + - A. AWS Config + - B. AWS Secrets Manager + - C. AWS CloudTrail + - D. AWS Trusted Advisor + +
Answer + + Correct Answer: A + + Explanation: + +
+ +20. What are the advantages of deploying an application with Amazon EC2 instances in multiple Availability Zones? (Choose two.) + - A. Preventing a single point of failure + - B. Reducing the operational costs of the application + - C. Allowing the application to serve cross-region users with low latency + - D. Increasing the availability of the application + - E. Increasing the load of the application + +
Answer + + Correct Answer: AD + + Explanation: + +
+ +21. A workload on AWS will run for the foreseeable future by using a consistent number of Amazon EC2 instances.
What pricing model will minimize cost while ensuring that compute resources remain available? + - A. Dedicated Hosts + - B. On-Demand Instances + - C. Spot Instances + - D. Reserved Instances + +
Answer + + Correct Answer: D + + Explanation: + +
+ +22. Which tool can be used to identify scheduled changes to the AWS infrastructure? + - A. AWS Personal Health Dashboard + - B. AWS Trusted Advisor + - C. Billing Dashboard + - D. AWS Config + +
Answer + + Correct Answer: A + + Explanation: + +
+ +23. Which of the following is the customer's responsibility when using Amazon RDS? + - A. Patching the operating system of underlying hardware + - B. Controlling traffic to and from the database through security groups + - C. Running backups that enable point-in-time recovery of a DB instance + - D. Replacing failed DB instances + +
Answer + + Correct Answer: B + + Explanation: + +
+ +24. What is the customer's responsibility when using AWS Lambda? + - A. Operating system configuration + - B. Application management + - C. Platform management + - D. Code encryption + +
Answer + + Correct Answer: D + + Explanation: + +
+ +25. A company wants to be notified when its AWS Cloud costs or usage exceed defined thresholds.
Which AWS service will support these requirements? + - A. AWS Budgets + - B. Cost Explorer + - C. AWS CloudTrail + - D. Amazon Macie + +
Answer + + Correct Answer: A + + Explanation: + +
+ +26. Which AWS service provides the ability to host a NoSQL database in the AWS Cloud? + - A. Amazon Aurora + - B. Amazon DynamoDB + - C. Amazon RDS + - D. Amazon Redshift + +
Answer + + Correct Answer: B + + Explanation: + +
+ +27. Which AWS service allows customers to purchase unused Amazon EC2 capacity at an often discounted rate? + - A. Reserved Instances + - B. On-Demand Instances + - C. Dedicated Instances + - D. Spot Instances + +
Answer + + Correct Answer: D + + Explanation: + +
+ +28. Which AWS service or feature requires an internet service provider (ISP) and a colocation facility to be implemented? + - A. AWS VPN + - B. Amazon Connect + - C. AWS Direct Connect + - D. Internet gateway + +
Answer + + Correct Answer: C + + Explanation: + +
+ +29. Which AWS services offer compute capabilities? (Choose two.) + - A. Amazon EC2 + - B. Amazon S3 + - C. Amazon Elastic Block Store (Amazon EBS) + - D. Amazon Cognito + - E. AWS Lambda + +
Answer + + Correct Answer: AE + + Explanation: + +
+ +30. Which AWS service can be used to privately store and manage versions of source code? + - A. AWS CodeBuild + - B. AWS CodeCommit + - C. AWS CodePipeline + - D. AWS CodeStar + +
Answer + + Correct Answer: B + + Explanation: + +
+ +31. Which AWS service should a cloud practitioner use to identify security vulnerabilities of an AWS account? + - A. AWS Secrets Manager + - B. Amazon Cognito + - C. Amazon Macie + - D. AWS Trusted Advisor + +
Answer + + Correct Answer: D + + Explanation: + +
+ +32. A company wants to ensure its infrastructure is designed for fault tolerance and business continuity in the event of an environmental disruption.
Which AWS infrastructure component should the company replicate across? + - A. Edge locations + - B. Availability Zones + - C. Regions + - D. Amazon Route 53 + +
Answer + + Correct Answer: B + + Explanation: + +
+ +33. Which AWS service or feature is used to send both text and email messages from distributed applications? + - A. Amazon Simple Notification Service (Amazon SNS) + - B. Amazon Simple Email Service (Amazon SES) + - C. Amazon CloudWatch alerts + - D. Amazon Simple Queue Service (Amazon SQS) + +
Answer + + Correct Answer: A + + Explanation: + +
+ +34. Which AWS Cloud design principles can help increase reliability? (Choose two.) + - A. Using monolithic architecture + - B. Measuring overall efficiency + - C. Testing recovery procedures + - D. Adopting a consumption model + - E. Automatically recovering from failure + +
Answer + + Correct Answer: CE + + Explanation: + +
+ +35. A company is planning to launch an ecommerce site in a single AWS Region to a worldwide user base.
Which AWS services will allow the company to reach users and provide low latency and high transfer speeds? (Choose two.) + - A. Application Load Balancer + - B. AWS Global Accelerator + - C. AWS Direct Connect + - D. Amazon CloudFront + - E. AWS Lambda + +
Answer + + Correct Answer: AD + + Explanation: + +
+ +36. A company wants to connect to AWS over a private, low-latency connection from its remote office.
What is the recommended method to meet these requirements? + - A. Create a VPN tunnel + - B. Connect across the public internet + - C. Use VPC peering to create a connection. + - D. Use AWS Direct Connect. + +
Answer + + Correct Answer: D + + Explanation: + +
+ +37. Which AWS service can be used to retrieve compliance reports on demand? + - A. AWS Secrets Manager + - B. AWS Artifact + - C. AWS Security Hub + - D. AWS Certificate Manager + +
Answer + + Correct Answer: B + + Explanation: + +
+ +38. A company has an AWS-hosted website located behind an Application Load Balancer. The company wants to safeguard the website from SQL injection or cross-site scripting.
Which AWS service should the company use? + - A. Amazon GuardDuty + - B. AWS WAF + - C. AWS Trusted Advisor + - D. Amazon Inspector + +
Answer + + Correct Answer: B + + Explanation: + +
+ +39. How should a web application be deployed to ensure high availability in the AWS Cloud? + - A. Deploy multiple instances of the application in multiple Availability Zones. + - B. Deploy multiple instances of the application in a single Availability Zone. + - C. Deploy the application to a compute-optimized Amazon EC2 instance in a single Availability Zone. + - D. Deploy the application in one Amazon EC2 instance in an Auto Scaling group. + +
Answer + + Correct Answer: A + + Explanation: + +
+ +40. A company is running a self-managed Oracle database directly on Amazon EC2 for its steady-state database. The company wants to reduce compute costs.
Which option should the company use to maximize savings over a 3-year term? + - A. EC2 Dedicated Instances + - B. EC2 Spot Instances + - C. EC2 Reserved Instances + - D. EC2 On-Demand Instances + +
Answer + + Correct Answer: C + + Explanation: + +
+ +41. An external auditor has requested that a company provide a list of all its IAM users, including the status of users' credentials and access keys.
What it the SIMPLEST way to provide this information? + - A. Create an IAM user account for the auditor, granting the auditor administrator permissions. + - B. Take a screenshot of each user's page in the AWS Management Console, then provide the screenshots to the auditor. + - C. Download the IAM credential report, then provide the report to the auditor. + - D. Download the AWS Trusted Advisor report, then provide the report to the auditor. + +
Answer + + Correct Answer: C + + Explanation: + +
+ +42. What are the benefits of consolidated billing for AWS Cloud services? (Choose two.) + - A. Volume discounts + - B. A minimal additional fee for use + - C. One bill for multiple accounts + - D. Installment payment options + - E. Custom cost and usage budget creation + +
Answer + + Correct Answer: AC + + Explanation: + +
+ +43. A company is expecting a short-term spike in internet traffic for its application. During the traffic increase, the application cannot be interrupted. The company also needs to minimize cost and maximize flexibility.
Which Amazon EC2 instance type should the company use to meet these requirements? + - A. On-Demand Instances + - B. Spot Instances + - C. Reserved Instances + - D. Dedicated Hosts + +
Answer + + Correct Answer: B + + Explanation: + +
+ +44. A company wants to track AWS resource configuration changes for compliance reasons.
Which AWS feature can be used to meet this requirement? + - A. AWS Cost and Usage Report + - B. AWS Organizations service control policies (SCPs) + - C. AWS Config rules + - D. VPC Flow Logs + +
Answer + + Correct Answer: C + + Explanation: + +
+ +45. A company is building an application that needs to deliver images and videos globally with minimal latency.
Which approach can the company use to accomplish this in a cost effective manner? + - A. Deliver the content through Amazon CloudFront. + - B. Store the content on Amazon S3 and enable S3 cross-region replication. + - C. Implement a VPN across multiple AWS Regions. + - D. Deliver the content through AWS PrivateLink. + +
Answer + + Correct Answer: A + + Explanation: + +
+ +46. The AWS IAM best practice for granting least privilege is to: + - A. apply an IAM policy to an IAM group and limit the size of the group. + - B. require multi-factor authentication (MFA) for all IAM users. + - C. require each IAM user who has different permissions to have multiple passwords. + - D. apply an IAM policy only to IAM users who require it. + +
Answer + + Correct Answer: D + + Explanation: + +
+ +47. Which cloud computing benefit does AWS demonstrate with its ability to offer lower variable costs as a result of high purchase volumes? + - A. Pay-as-you-go pricing + - B. High availability + - C. Global reach + - D. Economies of scale + +
Answer + + Correct Answer: D + + Explanation: + +
+ +48. A pharmaceutical company operates its infrastructure in a single AWS Region. The company has thousands of VPCs in a various AWS accounts that it wants to interconnect.
Which AWS service or feature should the company use to help simplify management and reduce operational costs? + - A. VPC endpoint + - B. AWS Direct Connect + - C. AWS Transit Gateway + - D. VPC peering + +
Answer + + Correct Answer: C + + Explanation: + +
+ +49. How can AWS enable a company to control expenses as an application's usage changes unpredictably? + - A. AWS will refund the cost difference if a customer moves to larger servers. + - B. The application can be built to scale up or down automatically as resources are needed + - C. Spot instances will automatically be used if the price is lower than on-demand instances. + - D. Amazon CloudWatch will automatically predict what resources are needed. + +
Answer + + Correct Answer: B + +
+ +50. Which AWS service or feature can be used to prevent SQL injection attacks? + - A. Security groups + - B. Network ACLs + - C. AWS WAF + - D. IAM policy + +
Answer + + Correct Answer: C + + Explanation: + + +
+ +Please feel free to comment below if any information is inaccurate or if any answers need correction. + +[ Exam List](../practice-exam/exams.md) diff --git a/practice-exam/practice-exam-3.md b/practice-exam/practice-exam-3.md index 3fcf377..78a5080 100644 --- a/practice-exam/practice-exam-3.md +++ b/practice-exam/practice-exam-3.md @@ -6,884 +6,518 @@ If this practice exam has been helpful to you please share it with others and re --- -1. How do customers benefit from Amazon's massive economies of scale? - - A. Periodic price reductions as the result of Amazon's operational efficiencies - - B. New Amazon EC2 instance types providing the latest hardware - - C. The ability to scale up and down when needed - - D. Increased reliability in the underlying hardware of Amazon EC2 instances - -
Answer - - Correct Answer: A +1. Where can you store files in AWS? (Choose TWO) + - A. Amazon EFS. + - B. Amazon SNS. + - C. Amazon EBS. + - D. Amazon ECS. + - E. Amazon EMR. +
Answer + Correct answer: A, C
-2. Which AWS services can be used to gather information about AWS account activity? (Select TWO.) - - A. Amazon CloudFront - - B. AWS Cloud9 - - C. AWS CloudTrail - - D. AWS CloudHSM - - E. Amazon CloudWatch - -
Answer - - Correct Answer: CE - - Explanation: - - AWS offers a solution that uses AWS CloudTrail to log account activity, Amazon Kinesis to compute and stream metrics in real-time, and Amazon DynamoDB to durably store the computed data. - - Metrics are calculated for create, modify, and delete API calls for more than 60 supported AWS services. - - The solution also features a dashboard that visualizes your account activity in real-time. - - Reference: +2. Which AWS service can be used to store and reliably deliver messages across distributed systems? + - A. Amazon Simple Queue Service. + - B. AWS Storage Gateway. + - C. Amazon Simple Email Service. + - D. Amazon Simple Storage Service. +
Answer + Correct answer: A
-3. Which of the following common IT tasks can AWS cover to free up company IT resources? (Select TWO.) - - A. Patching databases software - - B. Testing application releases - - C. Backing up databases - - D. Creating database schema - - E. Running penetration tests - -
Answer - - Correct Answer: AC +3. Which of the following describes the payment model that AWS makes available for customers that can commit to using Amazon EC2 over a one or 3-year term to reduce their total computing costs? + - A. Pay less as AWS grows. + - B. Pay as you go. + - C. Pay less by using more. + - D. Save when you reserve. +
Answer + Correct answer: D
-4. In which scenario should Amazon EC2 Spot Instances be used? - - A. A company wants to move its main website to AWS from an on-premises web server. - - B. A company has a number of application services whose Service Level Agreement (SLA) requires 99.999% uptime. - - C. A company's heavily used legacy database is currently running on-premises. - - D. A company has a number of infrequent, interruptible jobs that are currently using On-Demand Instances. - -
Answer - - Correct Answer: D - - Explanation: +4. A company is migrating its on-premises database to Amazon RDS. What should the company do to ensure Amazon RDS costs are kept to a minimum? + - A. Right-size before and after migration. + - B. Use a Multi-Region Active-Passive architecture. + - C. Combine On-demand Capacity Reservations with Saving Plans. + - D. Use a Multi-Region Active-Active architecture. +
Answer + Correct answer: B
-5. Which AWS feature should a customer leverage to achieve high availability of an application? - - A. AWS Direct Connect - - B. Availability Zones - - C. Data centers - - D. Amazon Virtual Private Cloud (Amazon VPC) - -
Answer - - Correct Answer: B - - Explanation: - - This is to achieve High Availability for any web application (in this case SwiftCode) deployed in AWS. - - The following features will be present: - - High availability across multiple instances/multiple availability zones. - - Auto Scaling of instances (scale up and scale down) based on number of requests coming in - - Additional Security to the instances/database that are in production - - No impact to end users during newer version of code deployment - - No Impact during patching the instances +5. What is the primary storage service used by Amazon RDS database instances? + - A. Amazon Glacier. + - B. Amazon EBS. + - C. Amazon EFS. + - D. Amazon S3. +
Answer + Correct answer: B
-6. Which is the minimum AWS Support plan that includes Infrastructure Event Management without additional costs? - - A. Enterprise - - B. Business - - C. Developer - - D. Basic - -
Answer - - Correct Answer: B - - Explanation: +6. A company is developing a new application using a microservices framework. The new application is having performance and latency issues. Which AWS Service should be used to troubleshoot these issues? + - A. AWS CodePipeline. + - B. AWS X-Ray. + - C. Amazon Inspector. + - D. AWS CloudTrail. +
Answer + Correct answer: B
-7. Which AWS service can serve a static website? - - A. Amazon S3 - - B. Amazon Route 53 - - C. Amazon QuickSight - - D. AWS X-Ray - -
Answer - - Correct Answer: A - - Explanation: - - You can host a static website on Amazon Simple Storage Service (Amazon S3). On a static website, individual webpages include static content. - - They might also contain client-side scripts. By contrast, a dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting. - - Reference: +7. Which of the following AWS services is designed with native Multi-AZ fault tolerance in mind? (Choose TWO) + - A. Amazon Redshift. + - B. AWS Snowball. + - C. Amazon Simple Storage Service. + - D. Amazon EBS. + - E. Amazon DynamoDB. +
Answer + Correct answer: C, E
-8. How does AWS shorten the time to provision IT resources? - - A. It supplies an online IT ticketing platform for resource requests. - - B. It supports automatic code validation services. - - C. It provides the ability to programmatically provision existing resources. - - D. It automates the resource request process from a company's IT vendor list. - -
Answer - - Correct Answer: C +8. What are the Amazon RDS features that can be used to improve the availability of your database? (Choose TWO) + - A. AWS Regions. + - B. Multi-AZ Deployment. + - C. Automatic patching. + - D. Read Replicas. + - E. Edge Locations. +
Answer + Correct answer: B, D
-9. What can AWS edge locations be used for? (Select TWO.) - - A. Hosting applications - - B. Delivering content closer to users - - C. Running NoSQL database caching services - - D. Reducing traffic on the server by caching responses - - E. Sending notification messages to end users - -
Answer - - Correct Answer: BD - - Explanation: - - CloudFront delivers your content through a worldwide network of data centers called edge locations. - When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. - - Reference: +9. Sarah has deployed an application in the Northern California (us-west-1) region. After examining the application’s traffic, she notices that about 30% of the traffic is coming from Asia. What can she do to reduce latency for the users in Asia? + - A. Replicate the current resources across multiple Availability Zones within the same region. + - B. Migrate the application to a hosting provider in Asia. + - C. Recreate the website content. + - D. Create a CDN using CloudFront, so that content is cached at Edge Locations close to and in Asia. +
Answer + Correct answer: D
-10. Which of the following can limit Amazon Simple Storage Service (Amazon S3) bucket access to specific users? - - A. A public and private key-pair - - B. Amazon Inspector - - C. AWS Identity and Access Management (IAM) policies - - D. Security Groups - -
Answer - - Correct Answer: C - - Explanation: - - To allow users to perform S3 actions on the bucket from the VPC endpoints or IP addresses, you must explicitly grant those user-level permissions. - - You can grant user-level permissions on either an AWS Identity and Access Management (IAM) policy or another statement in the bucket policy. - - Reference: +10. An organization runs many systems and uses many AWS products. Which of the following services enables them to control how each developer interacts with these products? + - A. AWS Identity and Access Management. + - B. Amazon RDS. + - C. Network Access Control Lists. + - D. Amazon EMR. +
Answer + Correct answer: A
-11. A solution that is able to support growth in users, traffic, or data size with no drop in performance aligns with which cloud architecture principle? - - A. Think parallel - - B. Implement elasticity - - C. Decouple your components - - D. Design for failure - -
Answer - - Correct Answer: B - - Explanation: +11. Using Amazon EC2 falls under which of the following cloud computing models? + - A. Iaas & SaaS. + - B. IaaS. + - C. SaaS. + - D. PaaS. +
Answer + Correct answer: B
-12. Which of the following tasks is the responsibility of AWS? - - A. Encrypting client-side data - - B. Configuring AWS Identity and Access Management (IAM) roles - - C. Securing the Amazon EC2 hypervisor - - D. Setting user password policies - -
Answer - - Correct Answer: C - - Explanation: - - In EC2, the AWS IaaS offering, everything from the hypervisor layer down is AWS's responsibility. - - A customer's poorly coded applications, misconfigured operating systems, or insecure firewall settings will not affect the hypervisor, it will only affect the customer's virtual machines running on that hypervisor. - - Reference: - the-cloud/ +12. Which of the below is a best-practice when building applications on AWS? + - A. Strengthen physical security by applying the principle of least privilege. + - B. Ensure that the application runs on hardware from trusted vendors. + - C. Use IAM policies to maintain performance. + - D. Decouple the components of the application so that they run independently. +
Answer + Correct answer: D
-13. One benefit of On-Demand Amazon Elastic Compute Cloud (Amazon EC2) pricing is: - - A. the ability to bid for a lower hourly cost. - - B. paying a daily rate regardless of time used. - - C. paying only for time used. - - D. pre-paying for instances and paying a lower hourly rate. - -
Answer - - Correct Answer: C - - Explanation: - - On-Demand Capacity Reservations are priced exactly the same as their equivalent (On-Demand) instance usage. - - If a Capacity Reservation is fully utilized, you only pay for instance usage and nothing towards the Capacity Reservation - - If a Capacity Reservation is partially utilized, you pay for the instance usage and for the unused portion of the Capacity Reservation. - - Reference: +13. Your company is designing a new application that will store and retrieve photos and videos. Which of the following services should you recommend as the underlying storage mechanism? + - A. Amazon EBS. + - B. Amazon SQS. + - C. Amazon Instance store. + - D. Amazon S3. +
Answer + Correct answer: D
-14. An administrator needs to rapidly deploy a popular IT solution and start using it immediately.
Where can the administrator find assistance? - - A. AWS Well-Architected Framework documentation - - B. Amazon CloudFront - - C. AWS CodeCommit - - D. AWS Quick Start reference deployments - -
Answer - - Correct Answer: D - - Explanation: - - Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. - - These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately. - - Reference: +14. Amazon Glacier is an Amazon S3 storage class that is suitable for storing [...] & [...]. (Choose TWO) + - A. Active archives. + - B. Dynamic websites’ assets. + - C. Long-term analytic data. + - D. Active databases. + - E. Cached data. +
Answer + Correct answer: A, C
-15. Which of the following services is in the category of AWS serverless platform? - - A. Amazon EMR - - B. Elastic Load Balancing - - C. AWS Lambda - - D. AWS Mobile Hub - -
Answer - - Correct Answer: C - - Explanation: - - AWS provides a set of fully managed services that you can use to build and run serverless applications. - - Serverless applications don't require provisioning, maintaining, and administering servers for backend components such as compute, databases, storage, stream processing, message queueing, and more. - - You also no longer need to worry about ensuring application fault tolerance and availability. - - Instead, AWS handles all of these capabilities for you. Serverless platform includes: AWS lambda, Amazon S3, DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and services. - - Reference: +15. What does Amazon Elastic Beanstalk provide? + - A. A PaaS solution to automate application deployment. + - B. A compute engine for Amazon ECS. + - C. A scalable file storage solution for use with AWS and on-premises servers. + - D. A NoSQL database service. +
Answer + Correct answer: B
-16. Which services are parts of the AWS serverless platform? - - A. Amazon EC2, Amazon S3, Amazon Athena - - B. Amazon Kinesis, Amazon SQS, Amazon EMR - - C. AWS Step Functions, Amazon DynamoDB, Amazon SNS - - D. Amazon Athena, Amazon Cognito, Amazon EC2 - -
Answer - - Correct Answer: C - - Explanation: - - AWS provides a set of fully managed services that you can use to build and run serverless applications. - - Serverless applications don't require provisioning, maintaining, and administering servers for backend components such as compute, databases, storage, stream processing, message queueing, and more. You also no longer need to worry about ensuring application fault tolerance and availability. - - Instead, AWS handles all of these capabilities for you. - - Serverless platform includes: AWS lambda, Amazon S3, DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and services. - - Reference: +16. What is the AWS service that performs automated network assessments of Amazon EC2 instances to check for vulnerabilities? + - A. Amazon Kinesis. + - B. Security groups. + - C. Amazon Inspector. + - D. AWS Network Access Control Lists. +
Answer + Correct answer: C
-17. Under the shared responsibility model, which of the following is a shared control between a customer and AWS? - - A. Physical controls - - B. Patch management - - C. Zone security - - D. Data center auditing - -
Answer - - Correct Answer: B - - Explanation: - - - Shared Controls Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. - - In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. - - Examples include: - - Patch Management AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. - - Configuration Management AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. - - Awareness & Training AWS trains AWS employees, but a customer must train their own employees. - - Customer Specific Controls which are solely the responsibility of the customer based on the application they are deploying within AWS services. - - Service and Communications Protection or Zone Security which may require a customer to route or zone data within specific security environments. - - Reference: +17. Under the Shared Responsibility Model, which of the following controls do customers fully inherit from AWS? (Choose TWO) + - A. Patch management controls. + - B. Database controls. + - C. Awareness & Training. + - D. Environmental controls. + - E. Physical controls. +
Answer + Correct answer: D, E
-18. What can AWS edge locations be used for? (Select TWO.) - - A. Hosting applications - - B. Delivering content closer to users - - C. Running NoSQL database caching services - - D. Reducing traffic on the server by caching responses - - E. Sending notification messages to end users - -
Answer - - Correct Answer: BD - - Explanation: - - - CloudFront delivers your content through a worldwide network of data centers called edge locations. - - When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance. - - Reference: +18. A company needs to host a database in Amazon RDS for at least three years. Which of the following options would be the most cost-effective solution? + - A. Reserved instances - No Upfront. + - B. Reserved instances - Partial Upfront. + - C. On-Demand instances. + - D. Spot Instances. +
Answer + Correct answer: B
-19. What technology enables compute capacity to adjust as loads change? - - A. Load balancing - - B. Automatic failover - - C. Round robin - - D. Auto Scaling - -
Answer - - Correct Answer: D - - Explanation: - - AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. - - Using AWS Auto Scaling, it's easy to setup application scaling for multiple resources across multiple services in minutes. - The service provides a simple, powerful user interface that lets you build scaling plans for resources including Amazon EC2 instances and Spot Fleets, Amazon ECS tasks, Amazon DynamoDB tables and indexes, and Amazon Aurora Replicas. - - AWS Auto Scaling makes scaling simple with recommendations that allow you to optimize performance, costs, or balance - between them. - - If you're already using Amazon EC2 Auto Scaling to dynamically scale your Amazon EC2 instances, you can now combine it with AWS Auto Scaling to scale additional resources for other AWS services. - - With AWS Auto Scaling, your applications always have the right resources at the right time. - - Reference: +19. Your application has recently experienced significant global growth, and international users are complaining of high latency. What is the AWS characteristic that can help improve your international users’ experience? + - A. Elasticity. + - B. Global reach. + - C. Data durability. + - D. High availability. +
Answer + Correct answer: B
-20. Which AWS services are defined as global instead of regional? (Select TWO.) - - A. Amazon Route 53 - - B. Amazon EC2 - - C. Amazon S3 - - D. Amazon CloudFront - - E. Amazon DynamoDB - -
Answer - - Correct Answer: AD - - Explanation: +20. Savings Plans are available for which of the following AWS compute services? (Choose TWO) + - A. AWS Batch. + - B. AWS Outposts. + - C. Amazon Lightsail. + - D. Amazon EC2. + - E. AWS Lambda. +
Answer + Correct answer: D, E
-21. Which AWS service would you use to obtain compliance reports and certificates? - - A. AWS Artifact - - B. AWS Lambda - - C. Amazon Inspector - - D. AWS Certificate Manager - -
Answer - - Correct Answer: A - - Explanation: - - AWS Artifact is your go-to, central resource for compliance-related information that matters to you. - - It provides on-demand access to AWS' security and compliance reports and select online agreements. - - Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. - - Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). - - Reference: +21. A company has business critical workloads hosted on AWS and they are unwilling to accept any downtime. Which of the following is a recommended best practice to protect their workloads in the event of an unexpected natural disaster? + - A. Replicate data across multiple Edge Locations worldwide and use Amazon CloudFront to perform automatic failover in the event of an outage. + - B. Deploy AWS resources across multiple Availability Zones within the same AWS Region. + - C. Create point-in-time backups in another subnet and recover this data when a disaster occurs. + - D. Deploy AWS resources to another AWS Region and implement an Active-Active disaster recovery strategy. +
Answer + Correct answer: D
-22. Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Select TWO.) - - A. Ensuring that application data is encrypted at rest - - B. Ensuring that AWS NTP servers are set to the correct time - - C. Ensuring that users have received security training in the use of AWS services - - D. Ensuring that access to data centers is restricted - - E. Ensuring that hardware is disposed of properly - -
Answer - - Correct Answer: AC - - Explanation: +22. Which statement is correct with regards to AWS service limits? (Choose TWO) + - A. You can contact AWS support to increase the service limits. + - B. Each IAM user has the same service limit. + - C. There are no service limits on AWS. + - D. You can use the AWS Trusted Advisor to monitor your service limits. + - E. The Amazon Simple Email Service is responsible for sending email notifications when usage approaches a service limit. +
Answer + Correct answer: A, D
-23. Which AWS service can be used to manually launch instances based on resource requirements? - - A. Amazon EBS - - B. Amazon S3 - - C. Amazon EC2 - - D. Amazon ECS - -
Answer - - Correct Answer: C +23. What is the AWS tool that enables you to use scripts to manage all AWS services and resources? + - A. AWS Console. + - B. AWS Service Catalog. + - C. AWS OpsWorks. + - D. AWS CLI. +
Answer + Correct answer: D
-24. A company is migrating an application that is running non-interruptible workloads for a three-year time frame.
Which pricing construct would provide the MOST cost-effective solution? - - A. Amazon EC2 Spot Instances - - B. Amazon EC2 Dedicated Instances - - C. Amazon EC2 On-Demand Instances - - D. Amazon EC2 Reserved Instances - -
Answer - - Correct Answer: D +24. What are the connectivity options that can be used to build hybrid cloud architectures? (Choose TWO) + - A. AWS Artifact. + - B. AWS Cloud9. + - C. AWS Direct Connect. + - D. AWS CloudTrail. + - E. AWS VPN. +
Answer + Correct answer: C, E
-25. The financial benefits of using AWS are: (Select TWO.) - - A. reduced Total Cost of Ownership (TCO). - - B. increased capital expenditure (capex). - - C. reduced operational expenditure (opex). - - D. deferred payment plans for startups. - - E. business credit lines for stratups. - -
Answer - - Correct Answer: AC +25. A company has deployed a new web application on multiple Amazon EC2 instances. Which of the following should they use to ensure that the incoming HTTP traffic is distributed evenly across the instances? + - A. AWS EC2 Auto Recovery. + - B. AWS Auto Scaling. + - C. AWS Network Load Balancer. + - D. AWS Application Load Balancer. +
Answer + Correct answer: D
-26. Which of the following is entirely the responsibility of AWS, according to the AWS shared responsibility model? - - A. Patching of the guest operating system - - B. Security awareness and training - - C. Physical and environmental controls - - D. Development of an IAM password policy - -
Answer - - Correct Answer: C +26. Which of the following AWS offerings is a MySQL-compatible relational database service that can scale capacity automatically based on demand? + - A. Amazon Neptune. + - B. Amazon Aurora. + - C. Amazon RDS for SQL Server. + - D. Amazon RDS for PostgreSQL. +
Answer + Correct answer: B
-27. Which AWS service allows companies to connect an Amazon VPC to an on-premises data center? - - A. AWS VPN - - B. Amazon Redshift - - C. API Gateway - - D. Amazon Direct Connect - -
Answer - - Correct Answer: D - - Explanation: - - - AWS Direct Connect enables you to securely connect your AWS environment to your on-premises data center or office location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic connection. - - AWS Direct Connect offers dedicated high speed, low latency connection, which bypasses internet service providers in your - network path. - - An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. - - AWS Direct Connect allows you to logically partition the fiber-optic connections into multiple logical connections called Virtual Local Area Networks (VLAN). - - You can take advantage of these logical connections to improve security, differentiate traffic, and achieve compliance requirements. - - Reference: +27. Which of the following can help protect your EC2 instances from DDoS attacks? (Choose TWO) + - A. AWS CloudHSM. + - B. Security Groups. + - C. AWS Batch. + - D. AWS IAM. + - E. Network Access Control Lists (Network ACLs). +
Answer + Correct answer: B, E
-28. A company wants to reduce the physical compute footprint that developers use to run code.
Which service would meet that need by enabling serverless architectures? - - A. Amazon Elastic Compute Cloud (Amazon EC2) - - B. AWS Lambda - - C. Amazon DynamoDB - - D. AWS CodeCommit - -
Answer - - Correct Answer: B - - Explanation: - - - AWS Lambda is an integral part of coding on AWS. It reduces physical compute footprint by utilizing aws cloud services to run code. +28. What is the AWS data warehouse service that supports a high level of query performance on large amounts of datasets? + - A. Amazon Redshift. + - B. Amazon Kinesis. + - C. Amazon DynamoDB. + - D. Amazon RDS. +
Answer + Correct answer: A
-29. Which AWS service provides alerts when an AWS event may impact a company's AWS resources? - - A. AWS Personal Health Dashboard - - B. AWS Service Health Dashboard - - C. AWS Trusted Advisor - - D. AWS Infrastructure Event Management - -
Answer - - Correct Answer: A - - Explanation: - - - AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. - - While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. - - Reference: +29. Which of the following should be considered when performing a TCO analysis to compare the costs of running an application on AWS instead of on-premises? + - A. Application development. + - B. Market research. + - C. Business analysis. + - D. Physical hardware. +
Answer + Correct answer: D
-30. Which of the following are categories of AWS Trusted Advisor? (Select TWO.) - - A. Fault Tolerance - - B. Instance Usage - - C. Infrastructure - - D. Performance - - E. Storage Capacity - -
Answer - - Correct Answer: AD - - Explanation: - - - Like your customized cloud expert, AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: cost optimization, performance, security, fault tolerance and service limits. - - Reference: +30. How are AWS customers billed for Linux-based Amazon EC2 usage? + - A. EC2 instances will be billed on one second increments, with a minimum of one minute. + - B. EC2 instances will be billed on one hour increments, with a minimum of one day. + - C. EC2 instances will be billed on one minute increments, with a minimum of one hour. + - D. EC2 instances will be billed on one day increments, with a minimum of one month. +
Answer + Correct answer: A
-31. Which of the following services falls under the responsibility of the customer to maintain operating system configuration, security patching, and networking? - A. Amazon RDS - - B. Amazon EC2 - - C. Amazon ElastiCache - - D. AWS Fargate - -
Answer - - Correct Answer: B - - Explanation: - - - The customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2. - - Reference: +31. Which of the following will impact the price paid for an EC2 instance? (Choose TWO) + - A. Instance type. + - B. The Availability Zone where the instance is provisioned. + - C. Load balancing. + - D. Number of buckets. + - E. Number of private IPs. +
Answer + Correct answer: A, C
-32. A company will be moving from an on-premises data center to the AWS Cloud.
What would be one financial difference after the move? - - A. Moving from variable operational expense (opex) to upfront capital expense (capex). - - B. Moving from upfront capital expense (capex) to variable capital expense (capex). - - C. Moving from upfront capital expense (capex) to variable operational expense (opex). - - D. Elimination of upfront capital expense (capex) and elimination of variable operational expense (opex) - -
Answer - - Correct Answer: C +32. A customer spent a lot of time configuring a newly deployed Amazon EC2 instance. After the workload increases, the customer decides to provision another EC2 instance with an identical configuration. How can the customer achieve this? + - A. By creating an AWS Config template from the old instance and launching a new instance from it. + - B. By creating an EBS Snapshot of the old instance. + - C. By installing Aurora on EC2 and launching a new instance from it. + - D. By creating an AMI from the old instance and (Correct) launching a new instance from it. +
Answer + Correct answer: D
-33. How should a customer forecast the future costs for running a new web application? - - A. Amazon Aurora Backtrack - - B. Amazon CloudWatch Billing Alarms - - C. AWS Simple Monthly Calculator - - D. AWS Cost and Usage report - -
Answer - - Correct Answer: D - - Explanation: - - - You can use Cost explorer which is part of Cost and Usage report to forecast future costs of running an application. - - Reference: +33. A company uses AWS Organizations to manage all of its AWS accounts. Which of the following allows the company to restrict what services and actions are allowed in each individual account? + - A. IAM Principals. + - B. AWS Service Control Policies (SCPs). + - C. IAM policies. + - D. AWS Fargate. +
Answer + Correct answer: B
-34. Which is the MINIMUM AWS Support plan that provides technical support through phone calls? - - A. Enterprise - - B. Business - - C. Developer - - D. Basic - -
Answer - - Correct Answer: B - - Explanation: - - +34. Which of the following statements describes the AWS Cloud’s agility? + - A. AWS allows you to host your applications in multiple regions around the world. + - B. AWS provides customizable hardware at the lowest possible cost. + - C. AWS allows you to provision resources in minutes. + - D. AWS allows you to pay upfront to reduce costs. +
Answer + Correct answer: C
-35. According to the AWS shared responsibility model, what is the sole responsibility of AWS? - - A. Application security - - B. Edge location management - - C. Patch management - - D. Client-side data - -
Answer - - Correct Answer: B - - Explanation: - - - Client-side data, application security is the sole responsibility of the customer. - - Patch management is a shared responsibility. That leaves us with edge location management and since this out of the control of the customer, AWS is the one responsible for it. - - Reference: +35. What are the benefits of using the Amazon Relational Database Service? (Choose TWO) + - A. Lower administrative burden. + - B. Complete control over the underlying host. + - C. Resizable compute capacity. + - D. Scales automatically to larger or smaller instance types. + - E. Supports the document and key-value data structure. +
Answer + Correct answer: A, C
-36. Which AWS IAM feature is used to associate a set of permissions with multiple users? - - A. Multi-factor authentication - - B. Groups - - C. Password policies - - D. Access keys - -
Answer - - Correct Answer: B - - Explanation: - - - An IAM group is a collection of IAM users. You can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. - - For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. - - Reference: +36. What is the connectivity option that uses Internet Protocol Security (IPSec) to establish encrypted connectivity between an on-premises network and the AWS Cloud? + - A. Internet Gateway. + - B. AWS IQ. + - C. AWS Direct Connect. + - D. AWS Site-to-Site VPN. +
Answer + Correct answer: D
-37. Which of the following are benefits of the AWS Cloud? (Choose two.) - - A. Unlimited uptime - - B. Elasticity - - C. Agility - - D. Colocation - - E. Capital expenses - -
Answer - - Correct Answer: BC - - Explanation: - - - The most celebrated benefit of AWS cloud is elasticity since you can expand the services when you experience more traffic. - - Agile developments in AWS Cloud through strategies are day by day becoming more established within the enterprises across the world. - - With so much improvement and call for optimization in the cloud, it is necessary that these strategies get established from the ground up within the organizations. - - It is highly important as already enterprises have a lot of bequest, politics and hierarchies which act as barriers in their businesses. - - Reference: +37. What is the minimum level of AWS support that provides 24x7 access to technical support engineers via phone and chat? + - A. Enterprise Support. + - B. Developer Support. + - C. Basic Support. + - D. Business Support. +
Answer + Correct answer: D
-38. Which of the following can a customer use to enable single sign-on (SSO) to the AWS Console? - - A. Amazon Connect - - B. AWS Directory Service - - C. Amazon Pinpoint - - D. Amazon Rekognition - -
Answer - - Correct Answer: B - - Explanation: - - - Single sign-on only works when used on a computer that is joined to the AWS Directory Service directory. - - It cannot be used on computers that are not joined to the directory. - - Reference: +38. Which of the following is used to control network traffic in AWS? (Choose TWO) + - A. Network Access Control Lists (NACLs). + - B. Key Pairs. + - C. Access Keys. + - D. IAM Policies. + - E. Security Groups. +
Answer + Correct answer: A, E
-39. What are the multiple, isolated locations within an AWS Region that are connected by low-latency networks called? - - A. AWS Direct Connects - - B. Amazon VPCs - - C. Edge locations - - D. Availability Zones - -
Answer - - Correct Answer: D - - Explanation: - - - Each Region is completely independent. Each Availability Zone is isolated, but the Availability Zones in a Region are connected through low-latency links. - - A Local Zone is an AWS infrastructure deployment that places select services closer to your end users. - - A Local Zone is an extension of a Region that is in a different location from your Region. - - It provides a high-bandwidth backbone to the AWS infrastructure and is ideal for latency-sensitive applications, for example machine learning. - - Reference: +39. A company has developed a media transcoding application in AWS. The application is designed to recover quickly from hardware failures. Which one of the following types of instance would be the most cost-effective choice to use? + - A. Reserved instances. + - B. Spot Instances. + - C. On-Demand instances. + - D. Dedicated instances. +
Answer + Correct answer: B
-40. Which of the following benefits does the AWS Compliance program provide to AWS customers? (Choose two.) - - A. It verifies that hosted workloads are automatically compliant with the controls of supported compliance frameworks. - - B. AWS is responsible for the maintenance of common compliance framework documentation. - - C. It assures customers that AWS is maintaining physical security and data protection. - - D. It ensures the use of compliance frameworks that are being used by other cloud providers. - - E. It will adopt new compliance frameworks as they become relevant to customer workloads. - -
Answer - - Correct Answer: AB - - Explanation: +40. Which AWS Service provides the current status of all AWS Services in all AWS Regions? + - A. AWS Service Health Dashboard. + - B. AWS Management Console. + - C. Amazon CloudWatch. + - D. AWS Personal Health Dashboard. +
Answer + Correct answer: A
-41. Which of the following services provides on-demand access to AWS compliance reports? - - A. AWS IAM - - B. AWS Artifact - - C. Amazon GuardDuty - - D. AWS KMS - -
Answer - - Correct Answer: B - - Explanation: - - - AWS Artifact is your go-to, central resource for compliance-related information that matters to you. - - It provides on-demand access to AWS' security and compliance reports and select online agreements. - - Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. - - Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). - - Reference: +41. Which AWS service or feature can be used to call AWS Services from different programming languages? + - A. AWS Software Development Kit. + - B. AWS Command Line Interface. + - C. AWS CodeDeploy. + - D. AWS Management Console. +
Answer + Correct answer: A
-42. As part of the AWS shared responsibility model, which of the following operational controls do users fully inherit from AWS? - - A. Security management of data center - - B. Patch management - - C. Configuration management - - D. User and access management - -
Answer - - Correct Answer: D - - Explanation: +42. Which AWS Service can be used to register a new domain name? + - A. Amazon Personalize. + - B. Amazon Route 53. + - C. AWS KMS. + - D. AWS Config. +
Answer + Correct answer: B
-43. When comparing AWS Cloud with on-premises Total Cost of Ownership, which expenses must be considered? (Choose two.) - - A. Software development - - B. Project management - - C. Storage hardware - - D. Physical servers - - E. Antivirus software license - -
Answer - - Correct Answer: CD - - Explanation: +43. App development companies move their business to AWS to reduce time-to-market and improve customer satisfaction, what are the AWS automation tools that help them deploy their applications faster? (Choose TWO) + - A. AWS CloudFormation. + - B. AWS Migration Hub. + - C. AWS IAM. + - D. AWS Elastic Beanstalk. + - E. Amazon Macie. +
Answer + Correct answer: A, D
-44. Under the shared responsibility model, which of the following tasks are the responsibility of the customer? (Choose two.) - - A. Maintaining the underlying Amazon EC2 hardware. - - B. Managing the VPC network access control lists. - - C. Encrypting data in transit and at rest. - - D. Replacing failed hard disk drives. - - E. Deploying hardware in different Availability Zones. - -
Answer - - Correct Answer: BC - - Explanation: - - - The hardware related jobs is the prime responsibility of AWS. VPC network access control lists is something a customer has to do himself to secure the applications. - - Encrypting data in transit and at rest is a shared responsibility in which AWS plays a part. - - All hardware related jobs have nothing to do with the customer. - - Reference: +44. Which AWS service provides cost-optimization recommendations? + - A. AWS Trusted Advisor. + - B. AWS Pricing Calculator. + - C. Amazon QuickSight. + - D. AWS X-Ray. +
Answer + Correct answer: A
-45. Which scenarios represent the concept of elasticity on AWS? (Choose two.) - - A. Scaling the number of Amazon EC2 instances based on traffic. - - B. Resizing Amazon RDS instances as business needs change. - - C. Automatically directing traffic to less-utilized Amazon EC2 instances. - - D. Using AWS compliance documents to accelerate the compliance process. - - E. Having the ability to create and govern environments using code. - -
Answer - - Correct Answer: AB - - Explanation: +45. A company has hundreds of VPCs in multiple AWS Regions worldwide. What service does AWS offer to simplify the connection management among the VPCs? + - A. VPC Peering. + - B. AWS Transit Gateway. + - C. Amazon Connect. + - D. Security Groups. +
Answer + Correct answer: B
-46. When is it beneficial for a company to use a Spot Instance? - - A. When there is flexibility in when an application needs to run. - - B. When there are mission-critical workloads. - - C. When dedicated capacity is needed. - - D. When an instance should not be stopped. - -
Answer - - Correct Answer: A - - Explanation: - - - The key to understanding spot instances is to look at the way that cloud service providers such as Amazon Web Services (AWS) operate. - - Cloud service providers invest in hardware resources and then release those resources (often on a per-hour basis) to subscribers. - - One of the problems with this business model, however, is that at any given time, there are likely to be compute resources that are not being utilized. - - These resources represent hardware capacity that AWS has paid for but are sitting idle, and not making AWS any money at the moment. - - Rather than allowing these computing resources to go to waste, AWS offers them at a substantially discounted rate, with the understanding that if someone needs those resources for running a normal EC2 instance, that instance will take priority over spot instances that are using the hardware resources at a discounted rate. - - In fact, spot instances will be stopped if the resources are needed elsewhere. - - Reference: +46. What is one benefit and one drawback of buying a reserved EC2 instance? (Select TWO) + - A. Instances can be shut down by AWS at any time with no notification. + - B. Reserved instances require at least a one-year pricing commitment. + - C. There is no additional charge for using dedicated instances. + - D. Reserved instances provide a significant discount compared to on-demand instances. + - E.Reserved instances are best suited for periodic workloads. +
Answer + Correct answer: B, D
-47. A company is considering moving its on-premises data center to AWS. What factors should be included in doing a Total Cost of Ownership (TCO) analysis? (Choose two.) - - A. Amazon EC2 instance availability - - B. Power consumption of the data center - - C. Labor costs to replace old servers - - D. Application developer time - - E. Database engine capacity - -
Answer - - Correct Answer: BC +47. Why does every AWS Region contain multiple Availability Zones? + - A. Multiple Availability Zones allows you to build resilient and highly available architectures. + - B. Multiple Availability Zones results in lower total cost compared to deploying in a single Availability Zone. + - C. Multiple Availability Zones allows for data replication and global reach. + - D. Multiple Availability Zones within a region increases the storage capacity available in that region. +
Answer + Correct answer: A
-48. How does AWS charge for AWS Lambda? - - A. Users bid on the maximum price they are willing to pay per hour. - - B. Users choose a 1-, 3- or 5-year upfront payment term. - - C. Users pay for the required permanent storage on a file system or in a database. - - D. Users pay based on the number of requests and consumed compute resources. - -
Answer - - Correct Answer: D - - Explanation: - - - AWS Lambda is charging its users by the number of requests for their functions and by the duration, which is the time the code needs to execute. - - When code starts running in response to an event, AWS Lambda counts a request. - - It will charge the total number of requests across all of the functions used. - - Duration is calculated by the time when your code started executing until it returns or until it is terminated, rounded up near to 100ms. - - The AWS Lambda pricing depends on the amount of memory that the user used to allocate to the function. - - Reference: +48. What is the most cost-effective purchasing option for running a set of EC2 instances that must always be available for a period of two months? + - A. On-Demand Instances. + - B. Spot Instances. + - C. Reserved Instances - All Upfront. + - D. Reserved Instances - No Upfront. +
Answer + Correct answer: A
-49. What function do security groups serve related Amazon Elastic Compute Cloud (Amazon EC2) instance security? - - A. Act as a virtual firewall for the Amazon EC2 instance. - - B. Secure AWS user accounts with AWS identity and Access Management (IAM) policies. - - C. Provide DDoS protection with AWS Shield. - - D. Use Amazon CloudFront to protect the Amazon EC2 instance. - -
Answer - - Correct Answer: A - - Explanation: - - - AWS Security Groups act like a firewall for your Amazon EC2 instances controlling both inbound and outbound traffic. - - When you launch an instance on Amazon EC2, you need to assign it to a particular security group. - - After that, you can set up ports and protocols, which remain open for users and computers over the internet. - - AWS Security Groups are very flexible. You can use the default security group and still customize it according to your liking (although we don't recommend this practice because groups should be named according to their purpose.) Or you can create a security group that you want for your specific applications. - - To do this, you can write the corresponding code or use the Amazon EC2 console to make the process easier. - - Reference: +49. Which of the following is a benefit of running an application in multiple Availability Zones? + - A. Allows you to exceed AWS service limits. + - B. Reduces application response time between servers and global users. + - C. Increases available compute capacity. + - D. Increases the availability of your application. +
Answer + Correct answer: D
-50. Which disaster recovery scenario offers the lowest probability of down time? - - A. Backup and restore - - B. Pilot light - - C. Warm standby - - D. Multi-site active-active +50. Data security is one of the top priorities of AWS. How does AWS deal with old storage devices that have reached the end of their useful life? + - A. AWS sells the old devices to other hosting providers. + - B. AWS destroys the old devices in accordance with industry-standard practices. + - C. AWS sends the old devices for remanufacturing. + - D. AWS stores the old devices in a secure place. -
Answer - - Correct Answer: D - - Explanation: - - - Backup and Restore: a simple, straightforward, cost-effective method that backs up and restores data as needed. - - Keep in mind that because none of your data is on standby, this method, while cheap, can be quite time-consuming. - - Pilot Light: This method keeps critical applications and data at the ready so that it can be quickly retrieved if needed. - - Warm Standby: This method keeps a duplicate version of your business' core elements running on standby at all times, which makes for a little downtime and an almost seamless transition. - - Multi-Site Solution: Also known as a Hot Standby, this method fully replicates your company's data/ applications between two or more active locations and splits your traffic/usage between them. - - If a disaster strikes, everything is simply rerouted to the unaffected area, which means you'll suffer almost zero downtime. - - However, by running two separate environments simultaneously, you will obviously incur much higher costs. - - Reference: +
Answer + Correct answer: B
Please feel free to comment below if any information is inaccurate or if any answers need correction. diff --git a/practice-exam/practice-exam-4.md b/practice-exam/practice-exam-4.md index 1ba66a0..6d86abb 100644 --- a/practice-exam/practice-exam-4.md +++ b/practice-exam/practice-exam-4.md @@ -6,884 +6,522 @@ If this practice exam has been helpful to you please share it with others and re --- -1. What will help a company perform a cost benefit analysis of migrating to the AWS Cloud? - - A. Cost Explorer - - B. AWS Total Cost of Ownership (TCO) Calculator - - C. AWS Simple Monthly Calculator - - D. AWS Trusted Advisor - -
Answer - - Correct Answer: B - - Explanation: - - AWS TCO calculators allow you to estimate the cost savings when using AWS and provide a detailed set of reports that can be used in executive presentations. - - The calculators also give you the option to modify assumptions that best meet your business needs. - - Reference: +1. A developer needs to set up an SSL security certificate for a client's eCommerce website in order to use the HTTPS protocol. Which of the following AWS services can be used to deploy the required SSL server certificates? (Choose TWO) + - A. Amazon Route 53. + - B. AWS ACM. + - C. AWS Directory Service. + - D. AWS Identity & Access Management. + - E. AWS Data Pipeline. +
Answer + Correct answer: B, D
-2. Which of the following provides the ability to share the cost benefits of Reserved Instances across AWS accounts? - - A. AWS Cost Explorer between AWS accounts - - B. Linked accounts and consolidated billing - - C. Amazon Elastic Compute Cloud (Amazon EC2) Reserved Instance Utilization Report - - D. Amazon EC2 Instance Usage Report between AWS accounts - -
Answer - - Correct Answer: B - - Explanation: - - The way that Reserved Instance discounts apply to accounts in an organization's consolidated billing family depends on whether Reserved Instance sharing is turned on or off for the account. - - By default, Reserved Instance sharing for all accounts in an organization is turned on. - - You can change this setting by Turning Off Reserved Instance Sharing for an account. - - The capacity reservation for a Reserved Instance applies only to the account the Reserved Instance was purchased on, regardless of whether Reserved Instance sharing is turned on or off. - - Reference: +2. Which of the following AWS services scale automatically without your intervention? (Choose TWO) + - A. Amazon EC2. + - B. Amazon S3. + - C. AWS Lambda. + - D. Amazon EMR. + - E. Amazon EBS. +
Answer + Correct answer: B, C
-3. A company has multiple AWS accounts and wants to simplify and consolidate its billing process.
Which AWS service will achieve this? - - A. AWS Cost and Usage Reports - - B. AWS Organizations - - C. AWS Cost Explorer - - D. AWS Budgets - -
Answer - - Correct Answer: B - - Explanation: - - You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. - - Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) - accounts. - - Reference: +3. A company is planning to migrate an application from Amazon EC2 to AWS Lambda to use a serverless architecture. Which of the following will be the responsibility of AWS after migration? (Choose TWO) + - A. Application management. + - B. Capacity management. + - C. Access control. + - D. Operating system maintenance. + - E. Data management. +
Answer + Correct answer: B, D
-4. A company is designing an application hosted in a single AWS Region serving end-users spread across the world. The company wants to provide the end-users low latency access to the application data.
Which of the following services will help fulfill this requirement? - - A. Amazon CloudFront - - B. AWS Direct Connect - - C. Amazon Route 53 global DNS - - D. Amazon Simple Storage Service (Amazon S3) transfer acceleration - -
Answer - - Correct Answer: A - - Explanation: - - Amazon CloudFront is a content delivery network (CDN) service that distributes data from multiple locations worldwide, providing low-latency access to end-users. +4. How do ELBs improve the reliability of your application? + - A. By distributing traffic across multiple S3 buckets. + - B. By replicating data to multiple availability zones. + - C. By creating database Read Replicas. + - D. By ensuring that only healthy targets receive traffic. +
Answer + Correct answer: D
-5. Which of the following deployment models enables customers to fully trade their capital IT expenses for operational expenses? - - A. On-premises - - B. Hybrid - - C. Cloud - - D. Platform as a service - -
Answer - - Correct Answer: C - - Explanation: - - The cloud allows you to trade capital expenses (such as data centers and physical servers) for variable expenses, and only pay for IT as you consume it. - - Plus, the variable expenses are much lower than what you would pay to do it yourself because of the economies of scale. - - Reference: +5. A company needs to migrate their website from on-premises to AWS. Security is a major concern for them, so they need to host their website on hardware that is NOT shared with other AWS customers. Which of the following EC2 instance options meets this requirement? + - A. On-demand instances. + - B. Spot instances. + - C. Dedicated instances. + - D. Reserved instances. +
Answer + Correct answer: C
-6. How is asset management on AWS easier than asset management in a physical data center? - - A. AWS provides a Configuration Management Database that users can maintain. - - B. AWS performs infrastructure discovery scans on the customer's behalf. - - C. Amazon EC2 automatically generates an asset report and places it in the customer's specified Amazon S3 bucket. - - D. Users can gather asset metadata reliably with a few API calls. - -
Answer - - Correct Answer: B - - Explanation: - - AWS assets are centrally managed through an inventory management system that stores and tracks owner, location, status, maintenance, and descriptive information for AWS-owned assets. - - Following procurement, assets are scanned and tracked, and assets undergoing maintenance are checked and monitored for - ownership, status, and resolution. - - Reference: +6. A customer is planning to move billions of images and videos to be stored on Amazon S3. The customer has approximately 60 Petabytes of data to move. Which of the following AWS Services is the best choice to transfer the data to AWS? + - A. Snowball. + - B. S3 Transfer Acceleration. + - C. Snowmobile. + - D. Amazon VPC. +
Answer + Correct answer: B
-7. What feature of Amazon RDS helps to create globally redundant databases? - - A. Snapshots - - B. Automatic patching and updating - - C. Cross-Region read replicas - - D. Provisioned IOPS - -
Answer - - Correct Answer: A - - Explanation: +7. A company plans to migrate a large amount of archived data to AWS. The archived data must be maintained for a period of 5 years and must be retrievable within 5 hours of a request. What is the most cost-effective AWS storage service to use? + - A. Amazon S3 Glacier. + - B. Amazon EFS. + - C. Amazon S3 Standard. + - D. Amazon EBS. +
Answer + Correct answer: A
-8. Using AWS Identity and Access Management (IAM) to grant access only to the resources needed to perform a task is a concept known as: - - A. restricted access. - - B. as-needed access. - - C. least privilege access. - - D. token access. - -
Answer - - Correct Answer: C - - Explanation: - - When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. - - Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks. - - Reference: +8. Which AWS Service is used to manage user permissions? + - A. Security Groups. + - B. Amazon ECS. + - C. AWS IAM. + - D. AWS Support. +
Answer + Correct answer: C
-9. Which methods can be used to identify AWS costs by departments? (Choose two.) - - A. Enable multi-factor authentication for the AWS account root user. - - B. Create separate accounts for each department. - - C. Use Reserved Instances whenever possible. - - D. Use tags to associate each instance with a particular department. - - E. Pay bills using purchase orders. - -
Answer - - Correct Answer: BE - - Explanation: - - Tags are key-value pairs that allow you to organize your AWS resources into groups. You can use tags to: - - Visualize information about tagged resources in one place, in conjunction with Resource Groups. - - View billing information using Cost Explorer and the AWS Cost and Usage report. - - Send notifications about spending limits using AWS Budgets. - - Use logical groupings of your resources that make sense for your infrastructure or business. - - For example, you could organize your resources by: - - Project - - Cost center - - Development environment - - Application - - Department - - Reference: +9. Which support plan includes AWS Support Concierge Service? + - A. Premium Support. + - B. Business Support. + - C. Enterprise Support. + - D. Standard Support. +
Answer + Correct answer: C
-10. Under the AWS shared responsibility model, customer responsibilities include which one of the following? - - A. Securing the hardware, software, facilities, and networks that run all products and services. - - B. Providing certificates, reports, and other documentation directly to AWS customers under NDA. - - C. Configuring the operating system, network, and firewall. - - D. Obtaining industry certifications and independent third-party attestations. - -
Answer - - Correct Answer: C - - Explanation: +10. A company needs to track resource changes using the API call history. Which AWS service can help the company achieve this goal? + - A. AWS Config. + - B. Amazon CloudWatch. + - C. AWS CloudTrail. + - D. AWS CloudFormation. +
Answer + Correct answer: B
-11. Which managed AWS service provides real-time guidance on AWS security best practices? - - A. AWS X-Ray - - B. AWS Trusted Advisor - - C. Amazon CloudWatch - - D. AWS Systems Manager - -
Answer - - Correct Answer: B - - Explanation: - - AWS offers premium services such as AWS Trusted Advisor, which provides real-time guidance to help you reduce cost, increase performance, and improve security. - - Reference: +11. What are the benefits of using an AWS-managed service? (Choose TWO) + - A. Provides complete control over the virtual infrastructure. + - B. Allows customers to deliver new solutions faster. + - C. Lowers operational complexity. + - D. Eliminates the need to encrypt data. + - E. Allows developers to control all patching related activities. +
Answer + Correct answer: B, C
-12. Which feature adds elasticity to Amazon EC2 instances to handle the changing demand for workloads? - - A. Resource groups - - B. Lifecycle policies - - C. Application Load Balancer - - D. Amazon EC2 Auto Scaling - -
Answer - - Correct Answer: D - - Explanation: - - Support for monitoring the health of each service independently, as health checks are defined at the target group level and many CloudWatch metrics are reported at the target group level. - - Attaching a target group to an Auto Scaling group enables you to scale each service dynamically based on demand. - - Reference: +12. Which of the following are use cases for Amazon S3? (Choose TWO) + - A. Hosting static websites. + - B. Hosting websites that require sustained high CPU utilization. + - C. Cost-effective database and log storage. + - D. A media store for the CloudFront service. + - E. Processing data streams at any scale. +
Answer + Correct answer: A, D
-13. Under the AWS shared responsibility model, customers are responsible for which aspects of security in the cloud? (Choose two.) - - A. Visualization management - - B. Hardware management - - C. Encryption management - - D. Facilities management - - E. Firewall management - -
Answer - - Correct Answer: CE - - Explanation: - - With the basic Cloud infrastructure secured and maintained by AWS, the responsibility for what goes into the cloud falls on you. This covers both client and server side encryption and network traffic protection, security of the operating system, network, and firewall configuration, followed by application security and identity and access management. - - Firewall configuration remains the responsibility of the end user, which integrates at the platform and application management level. For example, RDS utilizes security groups, which you would be responsible for configuring and implementing. - - Reference: +13. What is the AWS’ recommendation regarding access keys? + - A. Delete all access keys and use passwords instead. + - B. Only share them with trusted people. + - C. Rotate them regularly. + - D. Save them within your application code. +
Answer + Correct answer: C
-14. Which AWS hybrid storage service enables on-premises applications to seamlessly use AWS Cloud storage through standard file-storage protocols? - - A. AWS Direct Connect - - B. AWS Snowball - - C. AWS Storage Gateway - - D. AWS Snowball Edge - -
Answer - - Correct Answer: C - - Explanation: - - The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS Cloud. - - It seamlessly integrates on-premises enterprise applications and workflows with Amazon's block and object cloud storage services through industry standard storage protocols. - - It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. - - It provides an optimized data transfer mechanism and bandwidth management, which tolerates unreliable networks and minimizes the amount of data being transferred. - - It brings the security, manageability, durability, and scalability of AWS to existing enterprise environments through native integration with AWS encryption, identity management, monitoring, and storage services. Typical use cases include backup and archiving, disaster recovery, moving data to S3 for in-cloud workloads, and tiered storage. - - Reference: +14. What is the AWS IAM feature that provides an additional layer of security on top of user-name and password authentication? + - A. Key Pair. + - B. Access Keys. + - C. SDK. + - D. MFA. +
Answer + Correct answer: D
-15. What is a responsibility of AWS in the shared responsibility model? - - A. Updating the network ACLs to block traffic to vulnerable ports. - - B. Patching operating systems running on Amazon EC2 instances. - - C. Updating the firmware on the underlying EC2 hosts. - - D. Updating the security group rules to block traffic to the vulnerable ports. - -
Answer - - Correct Answer: C - - Explanation: +15. What is the benefit of using an API to access AWS Services? + - A. It improves the performance of AWS resources. + - B. It reduces the time needed to provision AWS resources. + - C. It reduces the number of developers necessary. + - D. It allows for programmatic management of AWS resources. +
Answer + Correct answer: D
-16. Which architectural principle is used when deploying an Amazon Relational Database Service (Amazon RDS) instance in Multiple Availability Zone mode? - - A. Implement loose coupling. - - B. Design for failure. - - C. Automate everything that can be automated. - - D. Use services, not servers. - -
Answer - - Correct Answer: B - - Explanation: - - Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. - - When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). - - Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. - - In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. - - Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention. - - Reference: +16. A company is planning to migrate a database with high read/write activity to AWS. What is the best storage option to use? + - A. AWS Storage Gateway. + - B. Amazon S3. + - C. Amazon EBS. + - D. Amazon Glacier. +
Answer + Correct answer: C
-17. What does it mean to grant least privilege to AWS IAM users? - - A. It is granting permissions to a single user only. - - B. It is granting permissions using AWS IAM policies only. - - C. It is granting AdministratorAccess policy permissions to trustworthy users. - - D. It is granting only the permissions required to perform a given task. - -
Answer - - Correct Answer: D - - Explanation: - - When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. - - Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks. - - Reference: +17. How can AWS customers track and avoid over-spending on underutilized reserved instances? + - A. Customers can add all AWS accounts to an AWS Organization, enable Consolidated Billing, and turn off Reserved Instance sharing. + - B. Customers can use Amazon Neptune to track and analyze their usage patterns, detect underutilized reserved instances, and then sell them on the Amazon EC2 Reserved Instance Marketplace. + - C. Customers can use the AWS Budgets service to track the reserved instances usage and set up alert notifications when their utilization drops below the threshold that they define. + - D. Customers can use Amazon CloudTrail to automatically check for unused reservations and get recommendations to reduce their bill. +
Answer + Correct answer: C
-18. What is a benefit of loose coupling as a principle of cloud architecture design? - - A. It facilitates low-latency request handling. - - B. It allows applications to have dependent workflows. - - C. It prevents cascading failures between different components. - - D. It allows companies to focus on their physical data center operations. - -
Answer - - Correct Answer: C - - Explanation: - - IT systems should ideally be designed in a way that reduces inter-dependencies. - - Your components need to be loosely coupled to avoid changes or failure in one of the components from affecting others. - - Your infrastructure also needs to have well defined interfaces that allow the various components to interact with each other only through specific, technology-agnostic interfaces. - - Modifying any underlying operations without affecting other components should be made possible. - - Reference: +18. What is the AWS service that provides five times the performance of a standard MySQL database? + - A. Amazon Aurora. + - B. Amazon Redshift. + - C. Amazon DynamoDB. + - D. Amazon Neptune. +
Answer + Correct answer: A
-19. A director has been tasked with investigating hybrid cloud architecture. The company currently accesses AWS over the public internet.
Which service will facilitate private hybrid connectivity? - - A. Amazon Virtual Private Cloud (Amazon VPC) NAT Gateway - - B. AWS Direct Connect - - C. Amazon Simple Storage Service (Amazon S3) Transfer Acceleration - - D. AWS Web Application Firewall (AWS WAF) - -
Answer - - Correct Answer: B - - Explanation: - - Amazon VPC provides multiple network connectivity options for you to leverage depending on your current network designs and requirements. - - These connectivity options include leveraging either the internet or an AWS Direct Connect connection as the network backbone and terminating the connection into either AWS or user-managed network endpoints. - - Additionally, with AWS, you can choose how network routing is delivered between Amazon VPC and your networks, leveraging either AWS or user-managed network equipment and routes. - - Reference: introduction.html +19. What does AWS Service Catalog provide? + - A. It enables customers to quickly find descriptions and use cases for AWS services. + - B. It enables customers to explore the different catalogs of AWS services. + - C. It simplifies organizing and governing commonly deployed IT services. + - D. It allows developers to deploy infrastructure on AWS using familiar programming languages. +
Answer + Correct answer: C
-20. A company's web application currently has tight dependencies on underlying components, so when one component fails the entire web application fails.
Applying which AWS Cloud design principle will address the current design issue? - - A. Implementing elasticity, enabling the application to scale up or scale down as demand changes. - - B. Enabling several EC2 instances to run in parallel to achieve better performance. - - C. Focusing on decoupling components by isolating them and ensuring individual components can function when other components fail. - - D. Doubling EC2 computing resources to increase system fault tolerance. - -
Answer - - Correct Answer: C +20. For managed services like Amazon DynamoDB, which of the below is AWS responsible for? (Choose TWO) + - A. Protecting credentials. + - B. Logging access activity. + - C. Patching the database software. + - D. Operating system maintenance. + - E. Creating access policies. +
Answer + Correct answer: C, D
-21. How can a customer increase security to AWS account logons? (Choose two.) - - A. Configure AWS Certificate Manager - - B. Enable Multi-Factor Authentication (MFA) - - C. Use Amazon Cognito to manage access - - D. Configure a strong password policy - - E. Enable AWS Organizations - -
Answer - - Correct Answer: BC - - Explanation: - - Your root account should always be protected by Multi-Factor Authentication (MFA). - - This additional layer of security helps protect against unauthorized logins to your account by requiring two factors: something you know (a password) and something you have (for example, an MFA device). - - AWS supports virtual and hardware MFA devices and U2F security keys. - - Cognito can be used as an Identity Provider (IdP), where it stores and maintains users and credentials securely for your applications, or it can be integrated with OpenID Connect, SAML, and other popular web identity providers like Amazon.com. - - Using Amazon Cognito, you can generate temporary access credentials for your clients to access AWS services, eliminating the need to store long-term credentials in client applications. - - Reference: +21. Which of the following AWS Services helps with planning application migration to the AWS Cloud? + - A. AWS Snowball Migration Service. + - B. AWS Application Discovery Service. + - C. AWS DMS. + - D. AWS Migration Hub. +
Answer + Correct answer: B
-22. What AWS service would be used to centrally manage AWS access across multiple accounts? - - A. AWS Service Catalog - - B. AWS Config - - C. AWS Trusted Advisor - - D. AWS Organizations - -
Answer - - Correct Answer: D - - Explanation: - - To improve control over your AWS environment, you can use AWS Organizations to create groups of accounts, and then attach policies to a group to ensure the correct policies are applied across the accounts without requiring custom scripts and manual processes. - - Reference: +22. A company is trying to analyze the costs applied to their AWS account recently. Which of the following provides them the most granular data about their AWS costs and usage? + - A. Amazon Machine Image. + - B. AWS Cost Explorer. + - C. AWS Cost & Usage Report. + - D. Amazon CloudWatch. +
Answer + Correct answer: B
-23. Which AWS service can a customer use to set up an alert notification when the account is approaching a particular dollar amount? - - A. AWS Cost and Usage reports - - B. AWS Budgets - - C. AWS Cost Explorer - - D. AWS Trusted Advisor - -
Answer - - Correct Answer: B - - Explanation: +23. Which statement best describes the concept of an AWS region? + - A. An AWS Region is a geographical location with a collection of Edge locations. + - B. An AWS Region is a virtual network dedicated only to a single AWS customer. + - C. An AWS Region is a geographical location with a collection of Availability Zones. + - D. An AWS Region represents the country where the AWS infrastructure exist. +
Answer + Correct answer: C
-24. What can users access from AWS Artifact? - - A. AWS security and compliance documents - - B. A download of configuration management details for all AWS resources - - C. Training materials for AWS services - - D. A security assessment of the applications deployed in the AWS Cloud - -
Answer - - Correct Answer: A - - Explanation: - - You can use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports. - - Reference: +24. A company has discovered that multiple S3 buckets were deleted, but it is unclear who deleted the buckets. Which of the following can the company use to determine the identity that deleted the buckets? + - A. SNS logs. + - B. SQS logs. + - C. CloudWatch Logs. + - D. CloudTrail logs. +
Answer + Correct answer: D
-25. Which is the MINIMUM AWS Support plan that provides designated Technical Account Managers? - - A. Enterprise - - B. Business - - C. Developer - - D. Basic - -
Answer - - Correct Answer: A - - Explanation: +25. Which of the following are factors in determining the appropriate database technology to use for a specific workload? (Choose TWO) + - A. Availability Zones. + - B. Data sovereignty. + - C. The number of reads and writes per second. + - D. The nature of the queries. + - E. Software bugs. +
Answer + Correct answer: C, D
-26. Which of the following is an AWS Well-Architected Framework design principle related to reliability? - - A. Deployment to a single Availability Zone - - B. Ability to recover from failure - - C. Design for cost optimization - - D. Perform operations as code - -
Answer - - Correct Answer: B - - Explanation: +26. What are the benefits of implementing a tagging strategy for AWS resources? (Choose TWO) + - A. Quickly identify resources that belong to a specific project. + - B. Quickly identify software solutions on AWS. + - C. Track API calls in your AWS account. + - D. Quickly identify deleted resources and their metadata. + - E. Track AWS spending across multiple resources. +
Answer + Correct answer: A, E
-27. Which type of AWS storage is ephemeral and is deleted when an instance is stopped or terminated? - - A. Amazon EBS - - B. Amazon EC2 instance store - - C. Amazon EFS - - D. Amazon S3 - -
Answer - - Correct Answer: B - - Explanation: - - When you stop or terminate an instance, every block of storage in the instance store is reset. - - Therefore, your data cannot be accessed through the instance store of another instance. - - Reference: +27. What are AWS shared controls? + - A. Controls that are solely the responsibility of the customer based on the application they are deploying within AWS services. + - B. Controls that a customer inherits from AWS. + - C. Controls that apply to both the infrastructure layer and customer layers. + - D. Controls that the customer and AWS collaborate together upon to secure the infrastructure. +
Answer + Correct answer: C
-28. What is an advantage of using the AWS Cloud over a traditional on-premises solution? - - A. Users do not have to guess about future capacity needs. - - B. Users can utilize existing hardware contracts for purchases. - - C. Users can fix costs no matter what their traffic is. - - D. Users can avoid audits by using reports from AWS. - -
Answer - - Correct Answer: AC - - Explanation: +28. Which design principles relate to performance efficiency in AWS? (Choose TWO) + - A. Build multi-region architectures to better serve global customers. + - B. Apply security at all layers. + - C. Implement strong Identity and Access controls. + - D. Use serverless architectures. + - E. Enable audit logging. +
Answer + Correct answer: A, D
-29. Which of the following is an AWS-managed compute service? - - A. Amazon SWF - - B. Amazon EC2 - - C. AWS Lambda - - D. Amazon Aurora - -
Answer - - Correct Answer: C - - Explanation: +29. Which of the below are responsibilities of the customer when using Amazon EC2? (Choose TWO) + - A. Protecting sensitive data. + - B. Patching of the underlying infrastructure. + - C. Setup and operation of managed databases. + - D. Maintaining consistent hardware components. + - E. Installing and configuring third-party software. +
Answer + Correct answer: A, E
-30. Which of the following is an important architectural principle when designing cloud applications? - - A. Store data and backups in the same region. - - B. Design tightly coupled system components. - - C. Avoid multi-threading. - - D. Design for failure - -
Answer - - Correct Answer: D - - Explanation: - - There are six design principles for operational excellence in the cloud: - - Perform operations as code - - Annotate documentation - - Make frequent, small, reversible changes - - Refine operations procedures frequently - - Anticipate failure - - Learn from all operational failures - - Reference: +30. Why would an organization decide to use AWS over an on-premises data center? (Choose TWO) + - A. Free commercial software licenses. + - B. Free technical support. + - C. Elastic resources. + - D. On-site visits for auditing. + - E. Cost Savings. +
Answer + Correct answer: C, E
-31. Which mechanism allows developers to access AWS services from application code? - - A. AWS Software Development Kit - - B. AWS Management Console - - C. AWS CodePipeline - - D. AWS Config - -
Answer - - Correct Answer: A - - Explanation: +31. Which of the following AWS services can help you perform security analysis and regulatory compliance auditing? (Choose TWO) + - A. Amazon Inspector. + - B. AWS Virtual Private Gateway. + - C. AWS Batch. + - D. Amazon ECS. + - E. AWS Config. +
Answer + Correct answer: A, E
-32. Which Amazon EC2 pricing model is the MOST cost efficient for an uninterruptible workload that runs once a year for 24 hours? - - A. On-Demand Instances - - B. Reserved Instances - - C. Spot Instances - - D. Dedicated Instances - -
Answer - - Correct Answer: A - - Explanation: - - With On-Demand instances, you pay for compute capacity by the hour or the second depending on which instances you run. - - No longer-term commitments or upfront payments are needed. - - You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified per hourly rates for the instance you use. - - Reference: +32. Which of the following is NOT a characteristic of Amazon Elastic Compute Cloud (Amazon EC2)? + - A. Amazon EC2 is considered a Serverless Web Service. + - B. Amazon EC2 eliminates the need to invest in hardware upfront. + - C. Amazon EC2 can launch as many or as few virtual servers as needed. + - D. Amazon EC2 offers scalable computing. +
Answer + Correct answer: B
-33. Which of the following services is a MySQL-compatible database that automatically grows storage as needed? - - A. Amazon Elastic Compute Cloud (Amazon EC2) - - B. Amazon Relational Database Service (Amazon RDS) for MySQL - - C. Amazon Lightsail - - D. Amazon Aurora - -
Answer - - Correct Answer: D - - Explanation: - - Amazon Aurora is a relational database service that combines the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. - - The MySQL- compatible edition of Aurora delivers up to 5X the throughput of standard MySQL running on the same hardware, and enables existing MySQL applications and tools to run without requiring modification. - - Amazon Aurora will automatically grow the size of your database volume as your database storage needs grow. - - Your volume will grow in increments of 10 GB up to a maximum of 64 TB. You don't need to provision excess storage for your database to handle future growth. - - Reference: +33. What is the AWS Compute service that executes code only when triggered by events? + - A. AWS Lambda. + - B. Amazon CloudWatch. + - C. AWS Transit Gateway. + - D. Amazon EC2. +
Answer + Correct answer: A
-34. Which Amazon Virtual Private Cloud (Amazon VPC) feature enables users to connect two VPCs together? - - A. Amazon VPC endpoints - - B. Amazon Elastic Compute Cloud (Amazon EC2) ClassicLink - - C. Amazon VPC peering - - D. AWS Direct Connect - -
Answer - - Correct Answer: C - - Explanation: - - A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. - - Instances in either VPC can communicate with each other as if they are within the same network. - - You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. - - The VPCs can be in different regions (also known as an inter-region VPC peering connection). - - Reference: +34. Both AWS and traditional IT distributors provide a wide range of virtual servers to meet their customers’ requirements. What is the name of these virtual servers in AWS? + - A. Amazon EBS Snapshots. + - B. Amazon VPC. + - C. AWS Managed Servers. + - D. Amazon EC2 Instances. +
Answer + Correct answer: B
-35. Which service's PRIMARY purpose is software version control? - - A. Amazon CodeStar - - B. AWS Command Line Interface (AWS CLI) - - C. Amazon Cognito - - D. AWS CodeCommit - -
Answer - - Correct Answer: D - - Explanation: - - AWS CodeCommit is a version control service hosted by Amazon Web Services that you can use to privately store and manage assets (such as documents, source code, and binary files) in the cloud. - - Reference: +35. What is the framework created by AWS Professional Services that helps organizations design a road map to successful cloud adoption? + - A. AWS Secrets Manager. + - B. AWS WAF. + - C. AWS CAF. + - D. Amazon EFS. +
Answer + Correct answer: C
-36. A company is considering migrating its applications to AWS. The company wants to compare the cost of running the workload on-premises to running the equivalent workload on the AWS platform.
Which tool can be used to perform this comparison? - - A. AWS Simple Monthly Calculator - - B. AWS Total Cost of Ownership (TCO) Calculator - - C. AWS Billing and Cost Management console - - D. Cost Explorer - -
Answer - - Correct Answer: B - - Explanation: - - TCO calculator compare the cost of running your applications in an on-premises or colocation environment to AWS. - - Reference: +36. TYMO Cloud Corp is looking forward to migrating their entire on-premises data center to AWS. What tool can they use to perform a cost-benefit analysis of moving to the AWS Cloud? + - A. AWS Cost Explorer. + - B. AWS TCO Calculator. + - C. AWS Budgets. + - D. AWS Pricing Calculator. +
Answer + Correct answer: B
-37. Which AWS service provides a secure, fast, and cost-effective way to migrate or transport exabyte-scale datasets into AWS? - - A. AWS Batch - - B. AWS Snowball - - C. AWS Migration Hub - - D. AWS Snowmobile - -
Answer - - Correct Answer: D - - Explanation: - - AWS Snowmobile is an exabyte-scale data transfer service that can move extremely large amounts of data to AWS in a fast, secure, and cost-effective manner. - - You can transfer up to 100PB per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. - Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration. - - All data is encrypted with 256-bit encryption and you can manage your encryption keys with AWS Key Management Service (AWS KMS). - - Snowmobile includes GPS tracking, alarm monitoring, 24/7 video surveillance and an optional escort security vehicle while in transit. - - Reference: - aws-snowmobile/ +37. Which of the following activities supports the Operational Excellence pillar of the AWS Well-Architected Framework? + - A. Using AWS Trusted Advisor to find underutilized resources. + - B. Using AWS CloudTrail to record user activities. + - C. Using AWS CloudFormation to manage infrastructure as code. + - D. Deploying an application in multiple Availability Zones. +
Answer + Correct answer: C
-38. Which of the following BEST describe the AWS pricing model? (Choose two.) - - A. Fixed-term - - B. Pay-as-you-go - - C. Colocation - - D. Planned - - E. Variable cost - -
Answer - - Correct Answer: BE - - Explanation: +38. Why do many startup companies prefer AWS over traditional on-premises solutions? (Choose TWO) + - A. AWS allows them to pay later when their business succeed. + - B. AWS can build complete data centers faster than any other Cloud provider. + - C. Using AWS, they can reduce time-to-market by focusing on business activities rather than on building and managing data centers. + - D. AWS removes the need to invest in operational expenditure. + - E. Using AWS allows companies to replace large capital expenditure with low variable costs. +
Answer + Correct answer: B
-39. Which load balancer types are available with Elastic Load Balancing (ELB)? (Choose two.) - - A. Public load balancers with AWS Application Auto Scaling capabilities - - B. F5 Big-IP and Citrix NetScaler load balancers - - C. Classic Load Balancers - - D. Cross-zone load balancers with public and private IPs - - E. Application Load Balancers - -
Answer - - Correct Answer: CE - - Explanation: - - Elastic Load Balancing supports the following types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers. - - Amazon ECS services can use either type of load balancer. - - Application Load Balancers are used to route HTTP/HTTPS (or Layer 7) traffic. - - Network Load Balancers and Classic Load Balancers are used to route TCP (or Layer 4) traffic. - - Reference: +39. What are the benefits of using DynamoDB? (Choose TWO) + - A. Automatically scales to meet required throughput capacity. + - B. Provides resizable instances to match the current demand. + - C. Supports both relational and non-relational data models. + - D. Offers extremely low (single-digit millisecond) latency. + - E. Supports the most popular NoSQL database engines such as CouchDB and MongoDB. +
Answer + Correct answer: A, D
-40. Why should a company choose AWS instead of a traditional data center? - - A. AWS provides users with full control over the underlying resources. - - B. AWS does not require long-term contracts and provides a pay-as-you-go model. - - C. AWS offers edge locations in every country, supporting global reach. - - D. AWS has no limits on the number of resources that can be created. - -
Answer - - Correct Answer: B - - Explanation: - - AWS offers you a pay-as-you-go approach for pricing for over 160 cloud services. - - With AWS you pay only for the individual services you need, for as long as you use them, and without requiring long-term contracts or complex licensing. - - AWS pricing is similar to how you pay for utilities like water and electricity. - - You only pay for the services you consume, and once you stop using them, there are no additional costs or termination fees. - - Reference: +40. Which of the following can be used to protect data at rest on Amazon S3? (Choose TWO) + - A. Versioning. + - B. Deduplication. + - C. Permissions. + - D. Decryption. + - E. Conversion. +
Answer + Correct answer: A, C
-41. Which solution provides the FASTEST application response times to frequently accessed data to users in multiple AWS Regions? - - A. AWS CloudTrail across multiple Availability Zones - - B. Amazon CloudFront to edge locations - - C. AWS CloudFormation in multiple regions - - D. A virtual private gateway over AWS Direct Connect - -
Answer - - Correct Answer: B - - Explanation: - - You can deliver content and decrease end-user latency of your web application using Amazon CloudFront. - - CloudFront speeds up content delivery by leveraging its global network of data centers, known as edge locations, to reduce delivery time by caching your content close to your end users. - - CloudFront fetches your content from an origin, such as an Amazon S3 bucket, an Amazon EC2 instance, an Amazon Elastic Load - Balancing load balancer or your own web server, when it's not already in an edge location. - - CloudFront can be used to deliver your entire website or application, including dynamic, static, streaming, and interactive content. - - Reference: +41. As part of the AWS Migration Acceleration Program (MAP), what does AWS provide to accelerate Enterprise adoption of AWS? (Choose TWO) + - A. AWS Partners. + - B. AWS Artifact. + - C. AWS Professional Services. + - D. Amazon Athena. + - E. Amazon PinPoint. +
Answer + Correct answer: A, C
-42. Which AWS service provides a self-service portal for on-demand access to AWS compliance reports? - - A. AWS Config - - B. AWS Certificate Manager - - C. Amazon Inspector - - D. AWS Artifact - -
Answer - - Correct Answer: D - - Explanation: - - AWS Artifact is your go-to, central resource for compliance-related information that matters to you. - - It provides on-demand access to AWS' security and compliance reports and select online agreements. - - Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. - - Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). - - Reference: +42. AWS recommends some practices to help organizations avoid unexpected charges on their bill. Which of the following is NOT one of these practices? + - A. Deleting unused EBS volumes after terminating an EC2instance. + - B. Deleting unused AutoScaling launch (Correct) configuration. + - C. Deleting unused Elastic Load Balancers. + - D. Releasing unused Elastic IPs after terminating an EC2instance. +
Answer + Correct answer: B
-43. Which of the following AWS services can be used to run a self-managed database? - - A. Amazon Route 53 - - B. AWS X-Ray - - C. AWS Snowmobile - - D. Amazon Elastic Compute Cloud (Amazon EC2) - -
Answer - - Correct Answer: D - - Explanation: +43. What is the AWS tool that can help a company visualize their AWS spending in the last few months? + - A. AWS Cost Explorer. + - B. AWS Pricing Calculator. + - C. AWS Budgets. + - D. AWS Consolidated Billing. +
Answer + Correct answer: B
-44. What exclusive benefit is provided to users with Enterprise Support? - - A. Access to a Technical Project Manager - - B. Access to a Technical Account Manager - - C. Access to a Cloud Support Engineer - - D. Access to a Solutions Architect - -
Answer - - Correct Answer: B - - Explanation: +44. When running a workload in AWS, the customer is NOT responsible for: (Select TWO) + - A. Running penetration tests. + - B. Reserving capacity. + - C. Data center operations. + - D. Auditing and regulatory compliance. + - E. Infrastructure security. +
Answer + Correct answer: C, E
-45. How can a user protect against AWS service disruptions if a natural disaster affects an entire geographic area? - - A. Deploy applications across multiple Availability Zones within an AWS Region. - - B. Use a hybrid cloud computing deployment model within the geographic area. - - C. Deploy applications across multiple AWS Regions. - - D. Store application artifacts using AWS Artifact and replicate them across multiple AWS Regions. - -
Answer - - Correct Answer: C - - Explanation: - - An AWS Region is a geographic location where AWS provides multiple, physically separated and isolated Availability Zones which are connected with low latency, high throughput, and highly redundant networking. - - Reference: +45. Which AWS service can be used to send promotional text messages (SMS) to more than 200 countries worldwide? + - A. Amazon Simple Email Service (Amazon SES). + - B. Amazon Simple Storage Service (Amazon S3). + - C. Amazon Simple Notification Service (Amazon SNS). + - D. Amazon Simple Queue Service (Amazon SQS). +
Answer + Correct answer: C
-46. How does AWS MOST effectively reduce computing costs for a growing start-up company? - - A. It provides on-demand resources for peak usage. - - B. It automates the provisioning of individual developer environments. - - C. It automates customer relationship management. - - D. It implements a fixed monthly computing budget. - -
Answer - - Correct Answer: A - - Explanation: - - You can continue to optimize your spend and keep your development costs low by making sure you revisit your architecture often, to adjust to your startup growth. - - Manage your cost further by leveraging different options such as S3 CloudFront for caching & offloading to reduce cost of EC2 computing, as well as Elastic Load Balancing which prepares you for massive scale, high reliability and uninterrupted growth. - - Another way to keep costs down is to use AWS Identity and Access Management solutions (IAM) to manage governance of your cost drivers effectively and by the right teams. - - Reference: +46. Which of the following allows you to create new RDS instances? (Choose TWO) + - A. AWS CodeDeploy. + - B. AWS Quick Starts. + - C. AWS CloudFormation. + - D. AWS DMS. + - E. AWS Management Console. +
Answer + Correct answer: C, E
-47. A startup is working on a new application that needs to go to market quickly. The application requirements may need to be adjusted in the near future.
Which of the following is a characteristic of the AWS Cloud that would meet this specific need? - - A. Elasticity - - B. Reliability - - C. Performance - - D. Agility - -
Answer - - Correct Answer: D - - Explanation: - - Agile is a time boxed, iterative approach to software delivery that builds software incrementally from the start of the project, instead of trying to deliver it all at once near the end. - - Reference: +47. One of the major advantages of using AWS is cost savings. What does AWS provide to reduce the cost of running Amazon EC2 instances? + - A. Low monthly instance maintenance costs. + - B. Low-cost instance tagging. + - C. Per-second instance billing. + - D. Low instance start-up fees. +
Answer + Correct answer: C
-48. Which AWS Support plan provides a full set of AWS Trusted Advisor checks? - - A. Business and Developer Support - - B. Business and Basic Support - - C. Enterprise and Developer Support - - D. Enterprise and Business Support - -
Answer - - Correct Answer: D - - Explanation: +48. Which AWS Group assists customers in achieving their desired business outcomes? + - A. AWS Security Team. + - B. AWS Professional Services. + - C. AWS Trusted Advisor. + - D. AWS Concierge Support Team. +
Answer + Correct answer: B
-49. Which of the following services have Distributed Denial of Service (DDoS) mitigation features? (Choose two.) - - A. AWS WAF - - B. Amazon DynamoDB - - C. Amazon EC2 - - D. Amazon CloudFront - - E. Amazon Inspector - -
Answer - - Correct Answer: AD - - Explanation: +49. Which AWS service or feature is used to manage the keys used to encrypt customer data? + - A. AWS KMS. + - B. AWS Service Control Policies (SCPs). + - C. Multi-Factor Authentication (MFA). + - D. Amazon Macie. +
Answer + Correct answer: A
-50. When building a cloud Total Cost of Ownership (TCO) model, which cost elements should be considered for workloads running on AWS? (Choose three.) - - A. Compute costs - - B. Facilities costs - - C. Storage costs - - D. Data transfer costs - - E. Network infrastructure costs - - F. Hardware lifecycle costs - -
Answer - - Correct Answer: ACE - - Explanation: - +50. Which AWS Service allows customers to download AWS SOC & PCI reports? + - A. AWS Well-Architected Tool. + - B. AWS Artifact. + - C. AWS Glue. + - D. Amazon Chime. +
Answer + Correct answer: B
Please feel free to comment below if any information is inaccurate or if any answers need correction. diff --git a/practice-exam/practice-exam-5.md b/practice-exam/practice-exam-5.md index 604b632..c6dafa6 100644 --- a/practice-exam/practice-exam-5.md +++ b/practice-exam/practice-exam-5.md @@ -6,822 +6,516 @@ If this practice exam has been helpful to you please share it with others and re --- -1. What time-savings advantage is offered with the use of Amazon Rekognition? - - A. Amazon Rekognition provides automatic watermarking of images. - - B. Amazon Rekognition provides automatic detection of objects appearing in pictures. - - C. Amazon Rekognition provides the ability to resize millions of images automatically. - - D. Amazon Rekognition uses Amazon Mechanical Turk to allow humans to bid on object detection jobs. - -
Answer - - Correct Answer: B - - Explanation: - - Rekognition Image is an image recognition service that detects objects, scenes, and faces; extracts text; recognizes celebrities; and identifies inappropriate content in images. - - It also allows you to search and compare faces. - - Rekognition Image is based on the same proven, highly scalable, deep learning technology developed by Amazon's computer vision scientists to analyze billions of images daily for Prime Photos. - - Reference: +1. A company is using EC2 Instances to run their e-commerce site on the AWS platform. If the site becomes unavailable, the company will lose a significant amount of money for each minute the site is unavailable. Which design principle should the company use to minimize the risk of an outage? + - A. Least Privilege. + - B. Pilot Light. + - C. Fault Tolerance. + - D. Multi-threading. +
Answer + Correct answer: C
-2. When comparing AWS with on-premises Total Cost of Ownership (TCO), what costs are included? - - A. Data center security - - B. Business analysis - - C. Project management - - D. Operating system administration - -
Answer - - Correct Answer: A - - Explanation: +2. You decide to buy a reserved instance for a term of one year. Which option provides the largest total discount? + - A. All up-front reservation. + - B. All reserved instance payment options provide the same discount level. + - C. Partial up-front reservation. + - D. No up-front reservation. +
Answer + Correct answer: A
-3. According to the AWS shared responsibility model, what is AWS responsible for? - - A. Configuring Amazon VPC - - B. Managing application code - - C. Maintaining application traffic - - D. Managing the network infrastructure - -
Answer - - Correct Answer: D - - Explanation: +3. What features does AWS offer to help protect your data in the Cloud? (Choose TWO) + - A. Access control. + - B. Physical MFA devices. + - C. Data encryption. + - D. Unlimited storage. + - E. Load balancing. +
Answer + Correct answer: A, C
-4. Which service should be used to estimate the costs of running a new project on AWS? - - A. AWS TCO Calculator - - B. AWS Simple Monthly Calculator - - C. AWS Cost Explorer API - - D. AWS Budgets - -
Answer - - Correct Answer: C - - Explanation: - - To forecast your costs, use the AWS Cost Explorer. - - Use cost allocation tags to divide your resources into groups, and then estimate the costs for each group. - - Reference: +4. An AWS customer has used one Amazon Linux instance for 2 hours, 5 minutes and 9 seconds, and one CentOS instance for 4 hours, 23 minutes and 7 seconds. How much time will the customer be billed for? + - A. 3 hours for the Linux instance and 5 hours for the CentOS instance. + - B. 2 hours, 5 minutes and 9 seconds for the Linux instance and 4 hours, 23 minutes and 7 seconds for the CentOS instance. + - C. 2 hours, 5 minutes and 9 seconds for the Linux instance and 5 hours for the CentOS instance. + - D. 3 hours for the Linux instance and 4 hours, 23 minutes and 7 seconds for the CentOS instance. +
Answer + Correct answer: C
-5. Which AWS tool will identify security groups that grant unrestricted Internet access to a limited list of ports? - - A. AWS Organizations - - B. AWS Trusted Advisor - - C. AWS Usage Report - - D. Amazon EC2 dashboard - -
Answer - - Correct Answer: D - - Explanation: +5. What is the AWS Support feature that allows customers to manage support cases programmatically? + - A. AWS Trusted Advisor. + - B. AWS Operations Support. + - C. AWS Support API. + - D. AWS Personal Health Dashboard. +
Answer + Correct answer: C
-6. Which AWS service can be used to generate alerts based on an estimated monthly bill? - - A. AWS Config - - B. Amazon CloudWatch - - C. AWS X-Ray - - D. AWS CloudTrail - -
Answer - - Correct Answer: B - - Explanation: - - You can monitor your estimated AWS charges by using Amazon CloudWatch. - - When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data. - - Billing metric data is stored in the US East (N. Virginia) Region and represents worldwide charges. - - This data includes the estimated charges for every service in AWS that you use, in addition to the estimated overall total of your AWS charges. - - Reference: +6. Which methods can be used by customers to interact with AWS Identity and Access Management (IAM)? (Choose TWO) + - A. AWS CLI. + - B. AWS Security Groups. + - C. AWS SDKs. + - D. AWS Network Access Control Lists. + - E. AWS CodeCommit. +
Answer + Correct answer: A, C
-7. Which Amazon EC2 pricing model offers the MOST significant discount when compared to On-Demand Instances? - - A. Partial Upfront Reserved Instances for a 1-year term - - B. All Upfront Reserved Instances for a 1-year term - - C. All Upfront Reserved Instances for a 3-year term - - D. No Upfront Reserved Instances for a 3-year term - -
Answer - - Correct Answer: C - - Explanation: +7. Which of the following are types of AWS Identity and Access Management (IAM) identities? (Choose TWO) + - A. AWS Resource Groups. + - B. IAM Policies. + - C. IAM Roles. + - D. IAM Users. + - E. AWS Organizations. +
Answer + Correct answer: C, D
-8. Which of the following is the responsibility of AWS? - - A. Setting up AWS Identity and Access Management (IAM) users and groups - - B. Physically destroying storage media at end of life - - C. Patching guest operating systems - - D. Configuring security settings on Amazon EC2 instances - -
Answer - - Correct Answer: B - - Explanation: - - Media storage devices used to store customer data are classified by AWS as Critical and treated accordingly, as high impact, throughout their life-cycles. - - AWS has exacting standards on how to install, service, and eventually destroy the devices when they are no longer useful. - When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. - - Media that stored customer data is not removed from AWS control until it has been securely decommissioned. - - Reference: +8. Which of the following Amazon RDS features facilitates offloading of database read activity? + - A. Database Snapshots. + - B. Multi-AZ Deployments. + - C. Automated Backups. + - D. Read Replicas. +
Answer + Correct answer: D
-9. Which of the following is an advantage of using AWS? - - A. AWS audits user data. - - B. Data is automatically secure. - - C. There is no guessing on capacity needs. - - D. AWS manages compliance needs. - -
Answer - - Correct Answer: D - - Explanation: - - AWS manages dozens of compliance programs in its infrastructure. - - This means that segments of your compliance have already been completed. - - Reference: +9. How does AWS notify customers about security and privacy events pertaining to AWS services? + - A. Using the AWS ACM service. + - B. Using Security Bulletins. + - C. Using the AWS Management Console. + - D. Using Compliance Resources. +
Answer + Correct answer: B
-10. Which AWS service would a customer use with a static website to achieve lower latency and high transfer speeds? - - A. AWS Lambda - - B. Amazon DynamoDB Accelerator - - C. Amazon Route 53 - - D. Amazon CloudFront - -
Answer - - Correct Answer: D - - Explanation: - - Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer- friendly environment. - - CloudFront is integrated with AWS both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. - - Reference: +10. Which IAM entity can best be used to grant temporary access to your AWS resources? + - A. IAM Users. + - B. Key Pair. + - C. IAM Roles. + - D. IAM Groups. +
Answer + Correct answer: C
-11. Which services manage and automate application deployments on AWS? (Choose two.) - - A. AWS Elastic Beanstalk - - B. AWS CodeCommit - - C. AWS Data Pipeline - - D. AWS CloudFormation - - E. AWS Config - -
Answer - - Correct Answer: BC - - Explanation: +11. A company has a web application that is hosted on a single EC2 instance and is approaching 100 percent CPU Utilization during peak loads. Rather than scaling the server vertically, the company has decided to deploy three Amazon EC2 instances in parallel and to distribute traffic across the three servers. What AWS Service should the company use to distribute the traffic evenly? + - A. AWS Global Accelerator. + - B. AWS Application Load Balancer (ALB). + - C. Amazon CloudFront. + - D. Transit VPC. +
Answer + Correct answer: B
-12. A user wants guidance on possible savings when migrating from on-premises to AWS.
Which tool is suitable for this scenario? - - A. AWS Budgets - - B. Cost Explorer - - C. AWS Total Cost of Ownership (TCO) Calculator - - D. AWS Well-Architected Tool - -
Answer - - Correct Answer: C - - Explanation: - - The TCO Calculator provides directional guidance on possible realized savings when deploying AWS. - - This tool is built on an underlying calculation model, that generates a fair assessment of value that a customer may achieve given the data provided by the user. - - Reference: +12. Which of the following approaches will help you eliminate human error and automate the process of creating and updating your AWS environment? + - A. Use Software test automation tools. + - B. Use AWS CodeDeploy to build and automate your AWS environment. + - C. Use code to provision and operate your AWS infrastructure. + - D. Migrate all of your applications to a dedicated host. +
Answer + Correct answer: C
-13. Which principles are used to architect applications for reliability on the AWS Cloud? (Choose two.) - - A. Design for automated failure recovery - - B. Use multiple Availability Zones - - C. Manage changes via documented processes - - D. Test for moderate demand to ensure reliability - - E. Backup recovery to an on-premises environment - -
Answer - - Correct Answer: AC - - Explanation: +13. A company is seeking to better secure its AWS account from unauthorized access. Which of the below options can the customer use to achieve this goal? + - A. Restrict any API call made through SDKs or CLI. + - B. Create one IAM account for each department in the company (Development, QA, Production), and share it across all staff in that department. + - C. Require Multi-Factor Authentication (MFA) (Correct) for all IAM User access. + - D. Set up two login passwords. +
Answer + Correct answer: C
-14. What tasks should a customer perform when that customer suspects an AWS account has been compromised? (Choose two.) - - A. Rotate passwords and access keys. - - B. Remove MFA tokens. - - C. Move resources to a different AWS Region. - - D. Delete AWS CloudTrail Resources. - - E. Contact AWS Support. - -
Answer - - Correct Answer: AE - - Explanation: +14. Which AWS Service offers volume discounts based on usage? + - A. Amazon VPC. + - B. Amazon S3. + - C. Amazon Lightsail. + - D. AWS Cost Explorer. +
Answer + Correct answer: B
-15. What is an example of high availability in the AWS Cloud? - - A. Consulting AWS technical support at any time day or night - - B. Ensuring an application remains accessible, even if a resource fails - - C. Making any AWS service available for use by paying on demand - - D. Deploying in any part of the world using AWS Regions - -
Answer - - Correct Answer: B - - Explanation: +15. Which of the following factors should be considered when determining the region in which AWS Resources will be deployed? (Choose TWO) + - A. The AWS Region’s security level. + - B. Data sovereignty. + - C. Cost. + - D. The planned number of VPCs. + - E. Geographic proximity to the company's location. +
Answer + Correct answer: B, C
-16. Which AWS security service protects applications from distributed denial of service attacks with always-on detection and automatic inline mitigations? - - A. Amazon Inspector - - B. AWS Web Application Firewall (AWS WAF) - - C. Elastic Load Balancing (ELB) - - D. AWS Shield - -
Answer - - Correct Answer: D - - Explanation: - - AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. - - AWS Shield provides always-on detection and automatic inline mitigation's that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. - - There are two tiers of AWS Shield - Standard and Advanced. - - Reference: +16. You are running a financial services web application on AWS. The application uses a MySQL database to store the data. Which of the following AWS services would improve the performance of your application by allowing you to retrieve information from fast in-memory caches? + - A. Amazon EFS. + - B. Amazon Neptune. + - C. Amazon ElastiCache. + - D. DAX. +
Answer + Correct answer: C
-17. A company wants to monitor the CPU usage of its Amazon EC2 resources.
Which AWS service should the company use? - - A. AWS CloudTrail - - B. Amazon CloudWatch - - C. AWS Cost and Usage report - - D. Amazon Simple Notification Service (Amazon SNS) - -
Answer - - Correct Answer: B - - Explanation: - - With Basic monitoring you get data on your cloudwatch metrics every 5 minutes. - - Enabling detailed monitoring, you will get the data every one minute. - - To check if detailed monitoring is enabled, on your EC2 Console, Select the instance, on the lower plane, Select Monitoring. - - Reference: +17. What are the advantages of using Auto Scaling Groups for EC2 instances? + - A. Auto Scaling Groups caches the most recent responses at global edge locations to reduce latency and improve performance. + - B. Auto Scaling Groups scales EC2 instances in multiple Availability Zones to increase application availability and fault tolerance. + - C. Auto Scaling Groups scales EC2 instances across multiple regions to reduce latency for global users. + - D. Auto Scaling Groups distributes application traffic across multiple Availability Zones to enhance performance. +
Answer + Correct answer: B
-18. What is an AWS Identity and Access Management (IAM) role? - - A. A user associated with an AWS resource - - B. A group associated with an AWS resource - - C. An entity that defines a set of permissions for use with an AWS resource - - D. An authentication credential associated with a multi-factor authentication (MFA) token - -
Answer - - Correct Answer: C - - Explanation: - - AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. - - Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. - - Reference: +18. The TCO gap between AWS infrastructure and traditional infrastructure has widened over the recent years. Which of the following could be the reason for that? + - A. AWS helps customers invest more in capital expenditures. + - B. AWS automates all infrastructure operations, so customers save more on human resources costs. + - C. AWS continues to lower the cost of cloud computing for its customers. + - D. AWS secures AWS resources at no additional charge. +
Answer + Correct answer: C
-19. What are the advantages of Reserved Instances? (Choose two.) - - A. They provide a discount over on-demand pricing. - - B. They provide access to additional instance types. - - C. They provide additional networking capability. - - D. Customers can upgrade instances as new types become available. - - E. Customers can reserve capacity in an Availability Zone. - -
Answer - - Correct Answer: AE - - Explanation: +19. Which of the following are examples of the customer’s responsibility to implement “security IN the cloud”? (Choose TWO) + - A. Building a schema for an application. + - B. Replacing physical hardware. + - C. Creating a new hypervisor. + - D. Patch management of the underlying infrastructure. + - E. File system encryption. +
Answer + Correct answer: A, E
-20. How do Amazon EC2 Auto Scaling groups help achieve high availability for a web application? - - A. They automatically add more instances across multiple AWS Regions based on global demand of the application. - - B. They automatically add or replace instances across multiple Availability Zones when the application needs it. - - C. They enable the application's static content to reside closer to end users. - - D. They are able to distribute incoming requests across a tier of web server instances. - -
Answer - - Correct Answer: B - - Explanation: - - When the unhealthy Availability Zone returns to a healthy state, Auto Scaling automatically redistributes the application instances evenly across all of the designated Availability Zones. - - Reference: +20. Which of the following is a type of MFA device that customers can use to protect their AWS resources? + - A. AWS CloudHSM. + - B. U2F Security Key. + - C. AWS Access Keys. + - D. AWS Key Pair. +
Answer + Correct answer: B
-21. How can one AWS account use Reserved Instances from another AWS account? - - A. By using Amazon EC2 Dedicated Instances - - B. By using AWS Organizations consolidated billing - - C. By using the AWS Cost Explorer tool - - D. By using AWS Budgets - -
Answer - - Correct Answer: B - - Explanation: - - The account that originally purchased the Reserved Instance receives the discount first. - - If the purchasing account doesn't have any instances that match the terms of the Reserved Instance, the discount for the Reserved Instance is assigned to any matching usage on another account in the organization. - - Reference: +21. A company is seeking to deploy an existing .NET application onto AWS as quickly as possible. Which AWS Service should the customer use to achieve this goal? + - A. Amazon SNS. + - B. AWS Elastic Beanstalk. + - C. AWS Systems Manager. + - D. AWS Trusted Advisor. +
Answer + Correct answer: B
-22. A customer runs an On-Demand Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6 seconds.
For how much time will the customer be billed? - - A. 3 hours, 5 minutes - - B. 3 hours, 5 minutes, and 6 seconds - - C. 3 hours, 6 minutes - - D. 4 hours - -
Answer - - Correct Answer: D - - Explanation: +22. Which of the following is NOT a factor when estimating the costs of Amazon EC2? (Choose TWO) + - A. The amount of time the instances will be running. + - B. Number of security groups. + - C. Allocated Elastic IP Addresses. + - D. Number of Hosted Zones. + - E. Number of instances. +
Answer + Correct answer: B, D
-23. Which of the following AWS services provide compute resources? (Choose two.) - - A. AWS Lambda - - B. Amazon Elastic Container Service (Amazon ECS) - - C. AWS CodeDeploy - - D. Amazon Glacier - - E. AWS Organizations - -
Answer - - Correct Answer: AB - - Explanation: +23. Which AWS Service helps enterprises extend their on-premises storage to AWS in a cost-effective manner? + - A. AWS Data Pipeline. + - B. AWS Storage Gateway. + - C. Amazon Aurora. + - D. Amazon EFS. +
Answer + Correct answer: B
-24. Which AWS service enables users to deploy infrastructure as code by automating the process of provisioning resources? - - A. Amazon GameLift - - B. AWS CloudFormation - - C. AWS Data Pipeline - - D. AWS Glue - -
Answer - - Correct Answer: B - - Explanation: - - AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. - - AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. - - This gives you a single source of truth for your AWS and third party resources. - - Reference: +24. A company is building an online cloud storage platform. They need a storage service that can scale capacity automatically, while minimizing cost. Which AWS storage service should the company use to meet these requirements? + - A. Amazon Simple Storage Service. + - B. Amazon Elastic Block Store. + - C. Amazon Elastic Container Service. + - D. AWS Storage Gateway. +
Answer + Correct answer: A
-25. Which AWS services provide a way to extend an on-premises architecture to the AWS Cloud? (Choose two.) - - A. Amazon EBS - - B. AWS Direct Connect - - C. Amazon CloudFront - - D. AWS Storage Gateway - - E. Amazon Connect - -
Answer - - Correct Answer: BD - - Explanation: +25. You have just hired a skilled sys-admin to join your team. As usual, you have created a new IAM user for him to interact with AWS services. On his first day, you ask him to create snapshots of all existing Amazon EBS volumes and save them in a new Amazon S3 bucket. However, the new member reports back that he is unable to create neither EBS snapshots nor S3 buckets. What might prevent him from doing this simple task? + - A. EBS and S3 are accessible only to the root account owner. + - B. The systems administrator must contact AWS Support first to activate his new IAM account. + - C. There is not enough space in S3 to store the snapshots. + - D. There is a non-explicit deny to all new users. +
Answer + Correct answer: D
-26. Which of the following allows users to provision a dedicated network connection from their internal network to AWS? - - A. AWS CloudHSM - - B. AWS Direct Connect - - C. AWS VPN - - D. Amazon Connect - -
Answer - - Correct Answer: B - - Explanation: - - AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. - - Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple virtual interfaces. - - This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. - - Virtual interfaces can be reconfigured at any time to meet your changing needs. - - Reference: +26. An external auditor is requesting a log of all accesses to the AWS resources in the company’s account. Which of the following services will provide the auditor with the requested information? + - A. AWS CloudTrail. + - B. Amazon CloudFront. + - C. AWS CloudFormation. + - D. Amazon CloudWatch. +
Answer + Correct answer: A
-27. Which services use AWS edge locations? (Choose two.) - - A. Amazon CloudFront - - B. AWS Shield - - C. Amazon EC2 - - D. Amazon RDS - - E. Amazon ElastiCache - -
Answer - - Correct Answer: AC - - Explanation: +27. Which of the below options is true of Amazon Cloud Directory? + - A. Amazon Cloud Directory allows the organization of hierarchies of data across multiple dimensions. + - B. Amazon Cloud Directory enables the analysis of video and data streams in real time. + - C. Amazon Cloud Directory allows users to access AWS with their existing Active Directory credentials. + - D. Amazon Cloud Directory allows for registration and management of domain names. +
Answer + Correct answer: A
-28. Which service would provide network connectivity in a hybrid architecture that includes the AWS Cloud? - - A. Amazon VPC - - B. AWS Direct Connect - - C. AWS Directory Service - - D. Amazon API Gateway - -
Answer - - Correct Answer: A - - Explanation: - - Amazon Virtual Private Cloud (Amazon VPC) is a logically isolated, private section of the AWS Cloud to launch resources in a virtual data center in the cloud. - - Amazon VPC allows you to leverage multiple Availability Zones (AZ) within a region so that you can build greater fault tolerance within your workloads. - - You have complete control. - - Reference: +28. A user has opened a "Production System Down" support case to get help from AWS Support after a production system disruption. What is the expected response time for this type of support case? + - A. 12 hours. + - B. 15 minutes. + - C. 24 hours. + - D. One hour. +
Answer + Correct answer: D
-29. Which tool can be used to compare the costs of running a web application in a traditional hosting environment to running it on AWS? - - A. AWS Cost Explorer - - B. AWS Budgets - - C. AWS Cost and Usage report - - D. AWS Total Cost of Ownership (TCO) Calculator - -
Answer - - Correct Answer: D - - Explanation: +29. Which of the below options is a best practice for making your application on AWS highly available? + - A. Deploy the application to at least two Availability Zones. + - B. Use Elastic Load Balancing (ELB) across multiple AWS Regions. + - C. Deploy the application code on at least two servers in the same Availability Zone. + - D. Rewrite the application code to handle all incoming requests. +
Answer + Correct answer: A
-30. What is the value of using third-party software from AWS Marketplace instead of installing third-party software on Amazon EC2? (Choose two.) - - A. Users pay for software by the hour or month depending on licensing. - - B. AWS Marketplace enables the user to launch applications with 1-Click. - - C. AWS Marketplace data encryption is managed by a third-party vendor. - - D. AWS Marketplace eliminates the need to upgrade to newer software versions. - - E. Users can deploy third-party software without testing. - -
Answer - - Correct Answer: AB - - Explanation: +30. Which of the following should be taken into account when performing a TCO analysis regarding the costs of running an application on AWS VS on-premises? (Choose TWO) + - A. Labor and IT costs. + - B. Cooling and power consumption. + - C. Amazon EBS computing power. + - D. Software architecture. + - E. Software compatibility. +
Answer + Correct answer: A, B
-31. Which of the following is a cloud architectural design principle? - - A. Scale up, not out. - - B. Loosely couple components. - - C. Build monolithic systems. - - D. Use commercial database software. - -
Answer - - Correct Answer: B - - Explanation: - - Loosely coupled architectures reduce interdependencies, so that a change or failure in a component does not cascade to other components. +31. Your company requires a response time of less than 15 minutes from support interactions about their business-critical systems that are hosted on AWS if those systems go down. Which AWS Support Plan should this company use? + - A. AWS Basic Support. + - B. AWS Developer Support. + - C. AWS Business Support. + - D. AWS Enterprise Support. +
Answer + Correct answer: D
-32. Under the shared responsibility model; which of the following areas are the customer's responsibility? (Choose two.) - - A. Firmware upgrades of network infrastructure - - B. Patching of operating systems - - C. Patching of the underlying hypervisor - - D. Physical security of data centers - - E. Configuration of the security group - -
Answer - - Correct Answer: BE - - Explanation: +32. Which of the following AWS offerings are serverless services? (Choose TWO) + - A. Amazon EC2. + - B. AWS Lambda. + - C. Amazon DynamoDB. + - D. Amazon EMR. + - E. Amazon RDS. +
Answer + Correct answer: B, C
-33. Which service enables customers to audit and monitor changes in AWS resources? - - A. AWS Trusted Advisor - - B. Amazon GuardDuty - - C. Amazon Inspector - - D. AWS Config - -
Answer - - Correct Answer: D - - Explanation: - - AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. - - Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. - - With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. - - This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. - - Reference: +33. Which AWS service enables you to quickly purchase and deploy SSL/TLS certificates? + - A. Amazon GuardDuty. + - B. AWS ACM. + - C. Amazon Detective. + - D. AWS WAF. +
Answer + Correct answer: B
-34. Which AWS service identifies security groups that allow unrestricted access to a user's AWS resources? - - A. AWS CloudTrail - - B. AWS Trusted Advisor - - C. Amazon CloudWatch - - D. Amazon Inspector - -
Answer - - Correct Answer: B +34. Which AWS Service provides integration with Chef to automate the configuration of EC2 instances? + - A. AWS Config. + - B. AWS OpsWorks. + - C. AutoScaling. + - D. AWS CloudFormation. +
Answer + Correct answer: B
-35. According to the AWS shared responsibility model, who is responsible for configuration management? - - A. It is solely the responsibility of the customer. - - B. It is solely the responsibility of AWS. - - C. It is shared between AWS and the customer. - - D. It is not part of the AWS shared responsibility model. - -
Answer - - Correct Answer: C - - Explanation: - - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. - - Reference: +35. A customer is seeking to store objects in their AWS environment and to make those objects downloadable over the internet. Which AWS Service can be used to accomplish this? + - A. Amazon EBS. + - B. Amazon EFS. + - C. Amazon S3. + - D. Amazon Instance Store. +
Answer + Correct answer: C
-36. Which AWS service is a content delivery network that securely delivers data, video, and applications to users globally with low latency and high speeds? - - A. AWS CloudFormation - - B. AWS Direct Connect - - C. Amazon CloudFront - - D. Amazon Pinpoint - -
Answer - - Correct Answer: C - - Explanation: - - Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer- friendly environment. - - CloudFront is integrated with AWS both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. - - Reference: +36. Which of the following services can be used to monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront? + - A. AWS WAF. + - B. Amazon CloudWatch. + - C. AWS Cloud9. + - D. AWS CloudTrail. +
Answer + Correct answer: A
-37. Which benefit of the AWS Cloud supports matching the supply of resources with changing workload demands? - - A. Security - - B. Reliability - - C. Elasticity - - D. High availability - -
Answer - - Correct Answer: C - - Explanation: +37. A company is migrating a web application to AWS. The application’s compute capacity is continually utilized throughout the year. Which of the below options offers the company the most cost-effective solution? + - A. On-demand Instances. + - B. Dedicated Hosts. + - C. Spot Instances. + - D. Reserved Instances. +
Answer + Correct answer: D
-38. A user is running an application on AWS and notices that one or more AWS-owned IP addresses is involved in a distributed denial-of-service (DDoS) attack.
Who should the user contact FIRST about this situation? - - A. AWS Premium Support - - B. AWS Technical Account Manager - - C. AWS Solutions Architect - - D. AWS Abuse team - -
Answer - - Correct Answer: D - - Explanation: +38. A company wants to grant a new employee long-term access to manage Amazon DynamoDB databases. Which of the following is a recommended best-practice when granting these permissions? + - A. Create an IAM role and attach a policy with Amazon DynamoDB access permissions. + - B. Create an IAM role and attach a policy with Administrator access permissions. + - C. Create an IAM user and attach a policy with Amazon DynamoDB access permissions. + - D. Create an IAM user and attach a policy with Administrator access permissions. +
Answer + Correct answer: C
-39. Which of the following are benefits of hosting infrastructure in the AWS Cloud? (Choose two.) - - A. There are no upfront commitments. - - B. AWS manages all security in the cloud. - - C. Users have the ability to provision resources on demand. - - D. Users have access to free and unlimited storage. - - E. Users have control over the physical infrastructure. - -
Answer - - Correct Answer: BC +39. When granting permissions to applications running on Amazon EC2 instances, which of the following is considered best practice? + - A. Generate new IAM access keys every time you delegate permissions. + - B. Store the required AWS credentials directly within the application code. + - C. Use temporary security credentials (IAM roles) instead of long-term access keys. + - D. Do nothing; Applications that run on Amazon EC2 instances do not need permission to interact with other AWS services or resources. +
Answer + Correct answer: C
-40. What AWS service would be used to centrally manage AWS access policies across multiple accounts? - - A. AWS Service Catalog - - B. AWS Config - - C. AWS Trusted Advisor - - D. AWS Organizations - -
Answer - - Correct Answer: D - - Explanation: - - AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. - - Whether you are a growing startup or a large enterprise, Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts. - - Reference: +40. Which of the following will help AWS customers save on costs when migrating their workloads to AWS? + - A. Use servers instead of managed services. + - B. Use existing third-party software licenses on AWS. + - C. Migrate production workloads to AWS edge locations instead of AWS Regions. + - D. Use AWS Outposts to run all workloads in a cost-optimized environment. +
Answer + Correct answer: B
-41. What is AWS Trusted Advisor? - - A. It is an AWS staff member who provides recommendations and best practices on how to use AWS. - - B. It is a network of AWS partners who provide recommendations and best practices on how to use AWS. - - C. It is an online tool with a set of automated checks that provides recommendations on cost optimization, performance, and security. - - D. It is another name for AWS Technical Account Managers who provide recommendations on cost optimization, performance, and security. - -
Answer - - Correct Answer: C - - Explanation: - - AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. - - Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally. - - Reference: +41. An organization has a legacy application designed using monolithic-based architecture. Which AWS Service can be used to decouple the components of the application? + - A. Amazon SQS. + - B. Virtual Private Gateway. + - C. AWS Artifact. + - D. Amazon CloudFront. +
Answer + Correct answer: A
-42. Which AWS service or feature allows a company to visualize, understand, and manage AWS costs and usage over time? - - A. AWS Budgets - - B. AWS Cost Explorer - - C. AWS Organizations - - D. Consolidated billing - -
Answer - - Correct Answer: B - - Explanation: - - AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. - - Reference: +42. Which of the following can be used to enable the Virtual Multi-Factor Authentication? (Choose TWO) + - A. Amazon Connect. + - B. AWS CLI. + - C. AWS Identity and Access Management (IAM). + - D. Amazon SNS. + - E. Amazon Virtual Private Cloud. +
Answer + Correct answer: B, C
-43. Which AWS service offers on-demand access to AWS security and compliance reports? - - A. AWS CloudTrail - - B. AWS Artifact - - C. AWS Health - - D. Amazon CloudWatch - -
Answer - - Correct Answer: B - - Explanation: - - AWS Artifact is your go-to, central resource for compliance-related information that matters to you. - - It provides on-demand access to AWS' security and compliance reports and select online agreements. - - Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. - - Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). - - Reference: +43. According to best practices, which of the below options is best suited for processing a large number of binary files? + - A. Vertically scaling EC2 instances. + - B. Running RDS instances in parallel. + - C. Vertically scaling RDS instances. + - D. Running EC2 instances in parallel. +
Answer + Correct answer: B
-44. What are the benefits of using the AWS Cloud for companies with customers in many countries around the world? (Choose two.) - - A. Companies can deploy applications in multiple AWS Regions to reduce latency. - - B. Amazon Translate automatically translates third-party website interfaces into multiple languages. - - C. Amazon CloudFront has multiple edge locations around the world to reduce latency. - - D. Amazon Comprehend allows users to build applications that can respond to user requests in many languages. - - E. Elastic Load Balancing can distribute application web traffic to multiple AWS Regions around the world, which reduces latency. - -
Answer - - Correct Answer: CD - - Explanation: - - - - +44. A company is planning to use Amazon S3 and Amazon CloudFront to distribute its video courses globally. What tool can the company use to estimate the costs of these services? + - A. AWS Cost Explorer. + - B. AWS Pricing Calculator. + - C. AWS Budgets. + - D. AWS Cost & Usage Report. +
Answer + Correct answer: B
-45. Which AWS service handles the deployment details of capacity provisioning, load balancing, Auto Scaling, and application health monitoring? - - A. AWS Config - - B. AWS Elastic Beanstalk - - C. Amazon Route 53 - - D. Amazon CloudFront - -
Answer - - Correct Answer: B - - Explanation: - - Upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. - - At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time. - - Reference: +45. What should you do if you see resources, which you don’t remember creating, in the AWS Management Console? (Choose TWO) + - A. Stop all running services and open an investigation. + - B. Give your root account password to AWS Support so that they can assistin troubleshooting and securing the account. + - C. Check the AWS CloudTrail logs and delete all IAM users that have access to your resources. + - D. Open an investigation and delete any potentially compromised IAM users. + - E. Change your AWS root account password and the passwords of any IAM users. +
Answer + Correct answer: D, E
-46. Which AWS service provides inbound and outbound network ACLs to harden external connectivity to Amazon EC2? - - A. AWS IAM - - B. Amazon Connect - - C. Amazon VPC - - D. Amazon API Gateway - -
Answer - - Correct Answer: C - - Explanation: +46. A key practice when designing solutions on AWS is to minimize dependencies between components so that the failure of a single component does not impact other components. What is this practice called? + - A. Elastic coupling. + - B. Loosely coupling. + - C. Scalable coupling. + - D. Tightly coupling. +
Answer + Correct answer: B
-47. When a company provisions web servers in multiple AWS Regions, what is being increased? - - A. Coupling - - B. Availability - - C. Security - - D. Durability - -
Answer - - Correct Answer: B - - Explanation: +47. Which AWS Service offers an NFS file system that can be mounted concurrently from multiple EC2 instances? + - A. Amazon Elastic File System. + - B. Amazon Simple Storage Service. + - C. Amazon Elastic Block Store. + - D. AWS Storage Gateway. +
Answer + Correct answer: A
-48. The pay-as-you-go pricing model for AWS services: - - A. reduces capital expenditures. - - B. requires payment up front for AWS services. - - C. is relevant only for Amazon EC2, Amazon S3, and Amazon RDS. - - D. reduces operational expenditures. - -
Answer - - Correct Answer: A - - Explanation: +48. Availability Zones within a Region are connected over low-latency links. Which of the following is a benefit of these links? + - A. Create private connection to your data center. + - B. Achieve global high availability. + - C. Automate the process of provisioning new compute resources. + - D. Make synchronous replication of your data possible. +
Answer + Correct answer: D
-49. Under the AWS shared responsibility model, AWS is responsible for which security-related task? - - A. Lifecycle management of IAM credentials - - B. Physical security of global infrastructure - - C. Encryption of Amazon EBS volumes - - D. Firewall configuration - -
Answer - - Correct Answer: B - - Explanation: +49. Which of the following are true regarding the languages that are supported on AWS Lambda? (Choose TWO) + - A. Lambda only supports Python and Node.js, but third party plugins are available to convert code in other languages to these formats. + - B. Lambda natively supports a number of programming languages such as Node.js, Python, and Java. + - C. Lambda is AWS’ proprietary programming language for microservices. + - D. Lambda doesn’t support programming languages; it is a serverless compute service. + - E. Lambda can support any programming language using an API. +
Answer + Correct answer: B, E
-50. Which AWS service enables users to consolidate billing across multiple accounts? - - A. Amazon QuickSight - - B. AWS Organizations - - C. AWS Budgets - - D. Amazon Forecast - -
Answer - - Correct Answer: B - - Explanation: - - You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. - - Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) - accounts. - - Reference: +50. What are the capabilities of AWS X-Ray? (Choose TWO) + - A. Automatically decouples application components. + - B. Facilitates tracking of user requests to identify application issues. + - C. Helps improve application performance. + - D. Deploys applications to Amazon EC2 instances. + - E. Deploys applications to on-premises servers. +
Answer + Correct answer: B, C
Please feel free to comment below if any information is inaccurate or if any answers need correction. diff --git a/practice-exam/practice-exam-6.md b/practice-exam/practice-exam-6.md index c22c038..66140eb 100644 --- a/practice-exam/practice-exam-6.md +++ b/practice-exam/practice-exam-6.md @@ -6,779 +6,516 @@ If this practice exam has been helpful to you please share it with others and re --- -1. Under the AWS shared responsibility model, which of the following is an example of security in the AWS Cloud? - - A. Managing edge locations - - B. Physical security - - C. Firewall configuration - - D. Global infrastructure - -
Answer - - Correct Answer: B - - Explanation: +1. Which of the following is true regarding the AWS availability zones and edge locations? + - A. Edge locations are located in separate Availability Zones worldwide to serve global customers. + - B. An availability zone exists within an edge location to distribute content globally with low latency. + - C. An Availability Zone is a geographic location where AWS provides multiple, physically separated and isolated edge locations. + - D. An AWS Availability Zone is an isolated location within an AWS Region, however edge locations are located in multiple cities worldwide. +
Answer + Correct answer: D
-2. How can an AWS user with an AWS Basic Support plan obtain technical assistance from AWS? - - A. AWS Senior Support Engineers - - B. AWS Technical Account Managers - - C. AWS Trusted Advisor - - D. AWS Discussion Forums - -
Answer - - Correct Answer: C - - Explanation: +2. Which features are included in the AWS Business Support Plan? (Choose TWO) + - A. 24x7 access to customer service. + - B. Access to Cloud Support Engineers via email only during business hours. + - C. Access to the Infrastructure Event Management (IEM) feature for additional fee. + - D. 24x7 access to the TAM feature. + - E. Partial access to the core Trusted Advisor checks. +
Answer + Correct answer: A, C
-3. Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.) - - A. Multiple Availability Zones - - B. Performance efficiency - - C. Security - - D. Encryption usage - - E. High availability - -
Answer - - Correct Answer: BC - - Explanation: +3. A company is developing a mobile application and wants to allow users to use their Amazon, Apple, Facebook, or Google identities to authenticate to the application. Which AWS Service should the company use for this purpose? + - A. Amazon GuardDuty. + - B. Amazon Personalize. + - C. Amazon Cognito. + - D. AWS IAM. +
Answer + Correct answer: C
-4. After selecting an Amazon EC2 Dedicated Host reservation, which pricing option would provide the largest discount? - - A. No upfront payment - - B. Hourly on-demand payment - - C. Partial upfront payment - - D. All upfront payment - -
Answer - - Correct Answer: D - - Explanation: +4. Which AWS Service allows customers to create a template that programmatically defines policies and configurations of all AWS resources as code and so that the same template can be reused among multiple projects? + - A. AWS CloudFormation. + - B. AWS Config. + - C. AWS CloudTrail. + - D. AWS Auto Scaling. +
Answer + Correct answer: A
-5. What is an advantage of deploying an application across multiple Availability Zones? - - A. There is a lower risk of service failure if a natural disaster causes a service disruption in a given AWS Region. - - B. The application will have higher availability because it can withstand a service disruption in one Availability Zone. - - C. There will be better coverage as Availability Zones are geographically distant and can serve a wider area. - - D. There will be decreased application latency that will improve the user experience. - -
Answer - - Correct Answer: B - - Explanation: +5. Which of the following are advantages of using AWS as a cloud computing provider? (Choose TWO) + - A. Eliminates the need to monitor servers and applications. + - B. Manages all the compliance and auditing tasks. + - C. Provides custom hardware to meet any specification. + - D. Eliminates the need to guess on infrastructure capacity needs. + - E. Enables customers to trade their capital expenses for operational expenses. +
Answer + Correct answer: D, E
-6. A Cloud Practitioner is asked how to estimate the cost of using a new application on AWS.
What is the MOST appropriate response? - - A. Inform the user that AWS pricing allows for on-demand pricing. - - B. Direct the user to the AWS Simple Monthly Calculator for an estimate. - - C. Use Amazon QuickSight to analyze current spending on-premises. - - D. Use Amazon AppStream 2.0 for real-time pricing analytics. - -
Answer - - Correct Answer: B - - Explanation: +6. A customer is planning to migrate their Microsoft SQL Server databases to AWS. Which AWS Services can the customer use to run their Microsoft SQL Server database on AWS? (Choose TWO) + - A. AWS Fargate. + - B. Amazon Elastic Compute Cloud. + - C. Amazon RDS. + - D. AWS Database Migration service (DMS). + - E. AWS Lambda. +
Answer + Correct answer: B, C
-7. A company wants to migrate its applications to a VPC on AWS. These applications will need to access on-premises resources.
What combination of actions will enable the company to accomplish this goal? (Choose two.) - - A. Use the AWS Service Catalog to identify a list of on-premises resources that can be migrated. - - B. Build a VPN connection between an on-premises device and a virtual private gateway in the new VPC. - - C. Use Amazon Athena to query data from the on-premises database servers. - - D. Connect the company's on-premises data center to AWS using AWS Direct Connect. - - E. Leverage Amazon CloudFront to restrict access to static web content provided through the company's on-premises web servers. - -
Answer - - Correct Answer: BD - - Explanation: +7. Which AWS Service can perform health checks on Amazon EC2 instances? + - A. AWS CloudFormation. + - B. Amazon Route 53. + - C. Amazon Chime. + - D. Amazon Aurora. +
Answer + Correct answer: B
-8. A web application running on AWS has been spammed with malicious requests from a recurring set of IP addresses.
Which AWS service can help secure the application and block the malicious traffic? - - A. AWS IAM - - B. Amazon GuardDuty - - C. Amazon Simple Notification Service (Amazon SNS) - - D. AWS WAF - -
Answer - - Correct Answer: D - - Explanation: - - AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. - - You can use AWS WAF to define customizable web security rules that control which traffic accesses your web applications. - - If you use AWS Shield Advanced, you can use AWS WAF at no extra cost for those protected resources and can engage the DRT to create WAF rules. - - Reference: +8. A company is developing an application that will leverage facial recognition to automate photo tagging. Which AWS Service should the company use for facial recognition? + - A. Amazon Comprehend. + - B. AWS IAM. + - C. Amazon Polly. + - D. Amazon Rekognition. +
Answer + Correct answer: D
-9. Treating infrastructure as code in the AWS Cloud allows users to: - - A. automate migration of on-premises hardware to AWS data centers. - - B. let a third party automate an audit of the AWS infrastructure. - - C. turn over application code to AWS so it can run on the AWS infrastructure. - - D. automate the infrastructure provisioning process. - -
Answer - - Correct Answer: D - - Explanation: +9. Which of the following are examples of AWS-managed databases? (Choose TWO) + - A. Amazon Neptune. + - B. Amazon CloudSearch. + - C. Microsoft SQL Server on Amazon EC2. + - D. MySQL on Amazon EC2. + - E. Amazon RDS for MySQL. +
Answer + Correct answer: A, E
-10. A company requires a dedicated network connection between its on-premises servers and the AWS Cloud.
Which AWS service should be used? - - A. AWS VPN - - B. AWS Direct Connect - - C. Amazon API Gateway - - D. Amazon Connect - -
Answer - - Correct Answer: B - - Explanation: - - You can use AWS Direct Connect to establish a private virtual interface from your on-premise network directly to your Amazon VPC, providing you with a private, high bandwidth network connection between your network and your VPC. - - With multiple virtual interfaces, you can even establish private connectivity to multiple VPCs while maintaining network isolation. - - Reference: +10. A company’s AWS workflow requires that it periodically perform large-scale image and video processing jobs. The customer is seeking to minimize cost and has stated that the amount of time it takes to process these jobs is not critical, but that cost minimization is the most important factor in designing the solution. Which EC2 instance class is best suited for this processing? + - A. EC2 On-Demand Instances. + - B. EC2 Reserved Instances - No Upfront. + - C. EC2 Spot Instances. + - D. EC2 Reserved Instances - All Upfront. +
Answer + Correct answer: C
-11. Which AWS service can be used to query stored datasets directly from Amazon S3 using standard SQL? - - A. AWS Glue - - B. AWS Data Pipeline - - C. Amazon CloudSearch - - D. Amazon Athena - -
Answer - - Correct Answer: D - - Explanation: - - Amazon Athena is defined as "an interactive query service that makes it easy to analyze data directly in Amazon Simple Storage Service (Amazon S3) using standard SQL." So, it's another SQL query engine for large data sets stored in S3. - - This is very similar to other SQL query engines, such as Apache Drill. - - But unlike Apache Drill, Athena is limited to data only from Amazon's own S3 storage service. However, Athena is able to query a variety of file formats, including, but not limited to CSV, Parquet, JSON, etc. +11. There is a requirement to grant a DevOps team full administrative access to all resources in an AWS account. Who can grant them these permissions? + - A. AWS account owner. + - B. AWS technical account manager. + - C. AWS security team. + - D. AWS cloud support engineers. +
Answer + Correct answer: A
-12. AWS CloudFormation is designed to help the user: - - A. model and provision resources. - - B. update application code. - - C. set up data lakes. - - D. create reports for billing. - -
Answer - - Correct Answer: A - - Explanation: - - AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment. - - AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. - - This gives you a single source of truth for your AWS and third party resources. - - Reference: +12. You need to migrate a large number of on-premises workloads to AWS. Which AWS service is the most appropriate? + - A. AWS File Transfer Acceleration. + - B. AWS Server Migration Service. + - C. AWS Database Migration Service. + - D. AWS Application Discovery Service. +
Answer + Correct answer: B
-13. Which of the following is an AWS database service? - - A. Amazon Redshift - - B. Amazon Elastic Block Store (Amazon EBS) - - C. Amazon S3 Glacier - - D. AWS Snowball - -
Answer - - Correct Answer: A - - Explanation: +13. What are some key benefits of using AWS CloudFormation? (Choose TWO) + - A. It helps AWS customers deploy their applications without worrying about the underlying infrastructure. + - B. It applies advanced IAM security features automatically. + - C. It automates the provisioning and updating of your infrastructure in a safe and controlled manner. + - D. It allows you to model your entire infrastructure in just a text file. + - E. It compiles and builds application code in a timely manner. +
Answer + Correct answer: C, D
-14. A Cloud Practitioner must determine if any security groups in an AWS account have been provisioned to allow unrestricted access for specific ports.
What is the SIMPLEST way to do this? - - A. Review the inbound rules for each security group in the Amazon EC2 management console to check for port 0.0.0.0/0. - - B. Run AWS Trusted Advisor and review the findings. - - C. Open the AWS IAM console and check the inbound rule filters for open access. - - D. In AWS Config, create a custom rule that invokes an AWS Lambda function to review rules for inbound access. - -
Answer - - Correct Answer: A - - Explanation: +14. Which of the following is a cloud computing deployment model that connects infrastructure and applications between cloud-based resources and existing resources not located in the cloud? + - A. On-premises. + - B. Mixed. + - C. Hybrid. + - D. Cloud. +
Answer + Correct answer: C
-15. What are the benefits of developing and running a new application in the AWS Cloud compared to on-premises? (Choose two.) - - A. AWS automatically distributes the data globally for higher durability. - - B. AWS will take care of operating the application. - - C. AWS makes it easy to architect for high availability. - - D. AWS can easily accommodate application demand changes. - - E. AWS takes care application security patching. - -
Answer - - Correct Answer: CD +15. A company is hosting business critical workloads in an AWS Region. To protect against data loss and ensure business continuity, a mirror image of the current AWS environment should be created in another AWS Region. Company policy requires that the standby environment must be available in minutes in case of an outage in the primary AWS Region. Which AWS service can be used to meet these requirements? + - A. CloudEndure Disaster Recovery. + - B. CloudEndure Migration. + - C. AWS Backup. + - D. AWS Glue. +
Answer + Correct answer: A
-16. A user needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances and vulnerabilities on those instances.
Which AWS service will provide this assessment report? - - A. EC2 security groups - - B. AWS Config - - C. Amazon Macie - - D. Amazon Inspector - -
Answer - - Correct Answer: D - - Explanation: - - Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. - - AmazonInspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. - - After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. - - These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API. - - Reference: +16. Which of the following S3 storage classes is most appropriate to host static assets for a popular e-commerce website with stable access patterns? + - A. S3 Standard-IA. + - B. S3 Intelligent-Tiering. + - C. S3 Glacier Deep Archive. + - D. S3 Standard. +
Answer + Correct answer: D
-17. How can a company isolate the costs of production and non-production workloads on AWS? - - A. Create Identity and Access Management (IAM) roles for production and non-production workloads. - - B. Use different accounts for production and non-production expenses. - - C. Use Amazon EC2 for non-production workloads and other services for production workloads. - - D. Use Amazon CloudWatch to monitor the use of services. - -
Answer - - Correct Answer: B - - Explanation: +17. You want to create a backup of your data in another geographical location. Where should you create this backup? + - A. In another Edge location. + - B. In another Region. + - C. In another VPC. + - D. In another Availability Zone. +
Answer + Correct answer: B
-18. Where can users find a catalog of AWS-recognized providers of third-party security solutions? - - A. AWS Service Catalog - - B. AWS Marketplace - - C. AWS Quick Start - - D. AWS CodeDeploy - -
Answer - - Correct Answer: A - - Explanation: - - AWS Service Catalog Delivery Partners are APN Consulting Partners who help create catalogs of IT services that are approved by the customer's organization for use on AWS. - - With AWS Service Catalog, customers and partners can centrally manage commonly deployed IT services to help achieve consistent governance and meet compliance requirements while enabling users to self-provision approved services. - - Reference: +18. Which statement is true in relation to the security of Amazon EC2? + - A. You should use instance store volumes to store login data. + - B. You should regularly patch the operating system and applications on your EC2 instances. + - C. You should deploy critical components of your application in the Availability Zone that you trust. + - D. You can track all API calls using Amazon Athena. +
Answer + Correct answer: B
-19. A Cloud Practitioner needs to store data for 7 years to meet regulatory requirements.
Which AWS service will meet this requirement at the LOWEST cost? - - A. Amazon S3 - - B. AWS Snowball - - C. Amazon Redshift - - D. Amazon S3 Glacier - -
Answer - - Correct Answer: D - - Explanation: - - S3 Glacier Deep Archive is Amazon S3's lowest-cost storage class and supports long-term retention and digital preservation for data that may be accessed once or twice in a year. - - It is designed for customers --particularly those in highly-regulated industries, such as the Financial Services, Healthcare, and Public Sectors -- that retain data sets for 7-10 years or longer to meet regulatory compliance requirements. - - S3 Glacier Deep Archive can also be used for backup and disaster recovery use cases, and is a cost-effective and easy-to-manage alternative to magnetic tape systems, whether they are on-premises libraries or off-premises services. - - Reference: +19. What does AWS Cost Explorer provide to help manage your AWS spend? + - A. Cost comparisons between AWS Cloud environments and on-premises environments. + - B. Accurate estimates of AWS service costs based on your expected usage. + - C. Consolidated billing. + - D. Highly accurate cost forecasts for up to 12 months ahead. +
Answer + Correct answer: D
-20. What are the immediate benefits of using the AWS Cloud? (Choose two.) - - A. Increased IT staff. - - B. Capital expenses are replaced with variable expenses. - - C. User control of infrastructure. - - D. Increased agility. - - E. AWS holds responsibility for security in the cloud. - -
Answer - - Correct Answer: CD +20. Which of the following is a feature of Amazon RDS that performs automatic failover when the primary database fails to respond? + - A. RDS Single-AZ. + - B. RDS Write Replica. + - C. RDS Snapshots. + - D. RDS Multi-AZ. +
Answer + Correct answer: B
-21. Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS? - - A. Amazon GuardDuty - - B. Amazon Macie - - C. Amazon Inspector - - D. AWS Shield - -
Answer - - Correct Answer: B - - Explanation: - - Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. - - Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property. - - It provides you with dashboards and alerts that give visibility into how this data is being accessed or moved. - - Reference: +21. You are using several on-demand EC2 Instances to run your development environment. What is the best way to reduce your charges when these instances are not in use? + - A. Deleting all EBS volumes attached to the instances. + - B. You cannot minimize charges for on-demand instances. + - C. Terminating the instances. + - D. Stopping the instances. +
Answer + Correct answer: D
-22. What is the purpose of AWS Storage Gateway? - - A. It ensures on-premises data storage is 99.999999999% durable. - - B. It transports petabytes of data to and from AWS. - - C. It connects to multiple Amazon EC2 instances. - - D. It connects on-premises data storage to the AWS Cloud. - -
Answer - - Correct Answer: D - - Explanation: - - Moving data to the cloud is not quite as simple as flipping a switch. - - For companies that have managed their own data centers or server rooms for decades, there are a few steps to consider --and it's not always wise to pull the plug on an internal infrastructure quite so quickly. - - If a startup uses on-premise business servers and then experiences unexpected growth, abandoning those servers doesn't make sense (even if the long-term plan is to do exactly that). - - AWS Storage Gateway is a way to bridge this gap for companies of any size. - - It's a hybrid storage option that connects on-premise storage including age-old tape backup systems to the cloud in a way that also provides one console to access all storage configurations. - - Reference: +22. Which of the following strategies helps protect your AWS root account? + - A. Delete root user access keys if you do not need them. + - B. Apply MFA for the root account and use it for all of your work. + - C. Access the root account only from your personal Mobile Phone. + - D. Only share your AWS account password or access keys with trusted persons. +
Answer + Correct answer: A
-23. What should users do if they want to install an application in geographically isolated locations? - - A. Install the application using multiple internet gateways. - - B. Deploy the application to an Amazon VPC. - - C. Deploy the application to multiple AWS Regions. - - D. Configure the application using multiple NAT gateways. - -
Answer - - Correct Answer: C - - Explanation: +23. Which of the following are factors should be considered for Amazon EBS pricing? (Choose TWO) + - A. The size of volumes provisioned per month. + - B. The compute capacity you consume. + - C. The amount of data you have stored in snapshots. + - D. The compute time you consume. + - E. The number of Snowball storage devices you request. +
Answer + Correct answer: A, C
-24. A system in the AWS Cloud is designed to withstand the failure of one or more components.
What is this an example of? - - A. Elasticity - - B. High Availability - - C. Scalability - - D. Agility - -
Answer - - Correct Answer: B - - Explanation: +24. You have just set up your AWS environment and have created six IAM user accounts for the DevOps team. What is the AWS recommendation when granting permissions to these IAM accounts? + - A. Attach a separate IAM policy for each individual account. + - B. Apply the Principle of Least Privilege. + - C. For security purposes, you should not grant any permission to the DevOps team. + - D. Create six different IAM passwords. +
Answer + Correct answer: B
-25. A Cloud Practitioner needs a consistent and dedicated connection between AWS resources and an on-premises system.
Which AWS service can fulfill this requirement? - - A. AWS Direct Connect - - B. AWS VPN - - C. Amazon Connect - - D. AWS Data Pipeline - -
Answer - - Correct Answer: A - - Explanation: - - You can use AWS Direct Connect to establish a private virtual interface from your on-premise network directly to your Amazon VPC, providing you with a private, high bandwidth network connection between your network and your VPC. - - With multiple virtual interfaces, you can even establish private connectivity to multiple VPCs while maintaining network isolation. - - Reference: +25. Which of the following has the greatest impact on cost? (Choose TWO) + - A. Compute charges. + - B. The number of services used. + - C. Data Transfer In charges. + - D. Data Transfer Out charges. + - E. The number of IAM roles provisioned. +
Answer + Correct answer: A, D
-26. Within the AWS shared responsibility model, who is responsible for security and compliance? - - A. The customer is responsible. - - B. AWS is responsible. - - C. AWS and the customer share responsibility. - - D. AWS shares responsibility with the relevant governing body. - -
Answer - - Correct Answer: C - - Explanation: - - Security and Compliance is a shared responsibility between AWS and the customer. - - This shared model can help relieve the customer's operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. - - Reference: +26. Who from the following will get the largest discount? + - A. A user who chooses to buy On-demand, Convertible, Partial upfront instances. + - B. A user who chooses to buy Reserved, Convertible, All upfront instances. + - C. A user who chooses to buy Reserved, Standard, No upfront instances. + - D. A user who chooses to buy Reserved, Standard, All upfront instances. +
Answer + Correct answer: D
-27. To use the AWS CLI, users are required to generate: - - A. a password policy. - - B. an access/secret key. - - C. a managed policy. - - D. an API key. - -
Answer - - Correct Answer: C +27. Which of the following is an available option when purchasing Amazon EC2 instances? + - A. The ability to bid to get the lowest possible prices. + - B. The ability to register EC2 instances to get volume discounts on every hour the instances are running. + - C. The ability to buy Dedicated Instances for up to 90% discount. + - D. The ability to pay upfront to get lower hourly costs. +
Answer + Correct answer: D
-28. Which AWS service is used to provide encryption for Amazon EBS? - - A. AWS Certificate Manager - - B. AWS Systems Manager - - C. AWS KMS - - D. AWS Config - -
Answer - - Correct Answer: C - - Explanation: +28. What does the term “Economies of scale” mean? + - A. It means that you save more when you consume more. + - B. It means as more time passes using AWS, you pay more for its services. + - C. It means that AWS will continuously lower costs as it grows. + - D. It means that you have the ability to pay as you go. +
Answer + Correct answer: C
-29. How does AWS charge for AWS Lambda usage once the free tier has been exceeded? (Choose two.) - - A. By the time it takes for the Lambda function to execute. - - B. By the number of versions of a specific Lambda function. - - C. By the number of requests made for a given Lambda function. - - D. By the programming language that is used for the Lambda function. - - E. By the total number of Lambda functions in an AWS account. - -
Answer - - Correct Answer: CE - - Explanation: +29. A company experiences fluctuations in traffic patterns to their e-commerce website when running flash sales. What service can help the company dynamically match the required compute capacity to handle spikes in traffic during flash sales? + - A. AWS Auto Scaling. + - B. Amazon Elastic Compute Cloud. + - C. Amazon Elastic File System. + - D. Amazon ElastiCache. +
Answer + Correct answer: A
-30. Which of the following describes the relationships among AWS Regions, Availability Zones, and edge locations? (Choose two.) - - A. There are more AWS Regions than Availability Zones. - - B. There are more edge locations than AWS Regions. - - C. An edge location is an Availability Zone. - - D. There are more AWS Regions than edge locations. - - E. There are more Availability Zones than AWS Regions. - -
Answer - - Correct Answer: BE +30. Which of the below options is true of Amazon VPC? + - A. Amazon VPC allows customers to control user interactions with all other AWS resources. + - B. AWS Customers have complete control over their Amazon VPC virtual networking environment. + - C. AWS is responsible for all the management and configuration details of Amazon VPC. + - D. Amazon VPC helps customers to review their AWS architecture and adopt best practices. +
Answer + Correct answer: B
-31. What does AWS Shield Standard provide? - - A. WAF rules - - B. DDoS protection - - C. Identity and Access Management (IAM) permissions and access to resources - - D. Data encryption - -
Answer - - Correct Answer: B - - Explanation: - - AWS Shield Standard provides protection for all AWS customers from common, most frequently occurring network and transport layer DDoS attacks that target your web site or application at no additional charge. - - Reference: +31. Which tool can a non-AWS customer use to compare the cost of on-premises environment resources to AWS? + - A. AWS Cost Explorer. + - B. AWS Pricing Calculator. + - C. AWS Budgets. + - D. AWS TCO Calculator. +
Answer + Correct answer: D
-32. A company wants to build its new application workloads in the AWS Cloud instead of using on-premises resources.
What expense can be reduced using the AWS Cloud? - - A. The cost of writing custom-built Java or Node .js code - - B. Penetration testing for security - - C. hardware required to support new applications - - D. Writing specific test cases for third-party applications. - -
Answer - - Correct Answer: C - - Explanation: +32. Which of the following services provide real-time auditing for compliance and vulnerabilities? (Choose TWO) + - A. AWS Config. + - B. Amazon Redshift. + - C. Amazon MQ. + - D. AWS Trusted Advisor. + - E. Amazon Cognito. +
Answer + Correct answer: A, D
-33. What does AWS Marketplace allow users to do? (Choose two.) - - A. Sell unused Amazon EC2 Spot Instances. - - B. Sell solutions to other AWS users. - - C. Buy third-party software that runs on AWS. - - D. Purchase AWS security and compliance documents. - - E. Order AWS Snowball. - -
Answer - - Correct Answer: BC - - Explanation: +33. Which of the following AWS services uses Puppet to automate how EC2 instances are configured? + - A. AWS OpsWorks. + - B. AWS CloudFormation. + - C. AWS Quick Starts. + - D. AWS CloudTrail. +
Answer + Correct answer: A
-34. What does it mean if a user deploys a hybrid cloud architecture on AWS? - - A. All resources run using on-premises infrastructure. - - B. Some resources run on-premises and some run in a colocation center. - - C. All resources run in the AWS Cloud. - - D. Some resources run on-premises and some run in the AWS Cloud. - -
Answer - - Correct Answer: D - - Explanation: +34. An organization uses a hybrid cloud architecture to run their business. Which AWS service enables them to deploy their applications to any AWS or on-premises server? + - A. Amazon Kinesis. + - B. Amazon QuickSight. + - C. AWS CodeDeploy. + - D. Amazon Athena. +
Answer + Correct answer: C
-35. Which AWS service allows users to identify the changes made to a resource over time? - - A. Amazon Inspector - - B. AWS Config - - C. AWS Service Catalog - - D. AWS IAM - -
Answer - - Correct Answer: B - - Explanation: +35. Select the services that are server-based: (Choose TWO) + - A. Amazon RDS. + - B. Amazon DynamoDB. + - C. AWS Lambda. + - D. AWS Fargate. + - E. Amazon EMR. +
Answer + Correct answer: A, E
-36. How can a company reduce its Total Cost of Ownership (TCO) using AWS? - - A. By minimizing large capital expenditures - - B. By having no responsibility for third-party license costs - - C. By having no operational expenditures - - D. By having AWS manage applications - -
Answer - - Correct Answer: A - - Explanation: - - AWS helps you reduce Total Cost of Ownership (TCO) by reducing the need to invest in large capital expenditures and providing a pay-as-you-go model that empowers you to invest in the capacity you need and use it only when the business requires it. - - Reference: +36. What best describes penetration testing? + - A. Testing your application’s response time from different locations. + - B. Testing your network to find security vulnerabilities that an attacker could exploit. + - C. Testing your instances to check for the unhealthy ones. + - D. Testing your software for bugs and errors. +
Answer + Correct answer: B
-37. Which activity is a customer responsibility in the AWS Cloud according to the AWS shared responsibility model? - - A. Ensuring network connectivity from AWS to the internet - - B. Patching and fixing flaws within the AWS Cloud infrastructure - - C. Ensuring the physical security of cloud data centers - - D. Ensuring Amazon EBS volumes are backed up - -
Answer - - Correct Answer: D - - Explanation: +37. Which of the following are use cases for Amazon EMR? (Choose TWO) + - A. Enables you to backup extremely large amounts of data at very low costs. + - B. Enables you to move Exabyte-scale data from on-premises datacenters into AWS. + - C. Enables you to analyze and process extremely large amounts of data in a timely manner. + - D. Enables you to easily run and scale Apache Spark, Hadoop,and other Big Data frameworks. + - E. Enables you to easily run and manage Docker containers. +
Answer + Correct answer: C, D
-38. What are the advantages of the AWS Cloud? (Choose two.) - - A. Fixed rate monthly cost - - B. No need to guess capacity requirements - - C. Increased speed to market - - D. Increased upfront capital expenditure - - E. Physical access to cloud data centers - -
Answer - - Correct Answer: BC - - Explanation: +38. Your CTO has asked you to contact AWS support using the chat feature to ask for guidance related to EBS. However, when you open the AWS support center you can't see a way to contact support via Chat. What should you do? + - A. There is no chat feature in AWS support. + - B. The chat feature is available for all plans for an additional fee, but you have to request it first. + - C. At a minimum, upgrade to Business support plan. + - D. Upgrade from the Basic Support plan to Developer Support. +
Answer + Correct answer: C
-39. When comparing the total cost of ownership (TCO) of an on-premises infrastructure to a cloud architecture, what costs should be considered? (Choose two.) - - A. The credit card processing fees for application transactions in the cloud. - - B. The cost of purchasing and installing server hardware in the on-premises data. - - C. The cost of administering the infrastructure, including operating system and software installations, patches, backups, and recovering from failures. - - D. The costs of third-party penetration testing. - - E. The advertising costs associated with an ongoing enterprise-wide campaign. - -
Answer - - Correct Answer: BC - - Explanation: +39. A developer wants to quickly deploy and manage his application in the AWS Cloud, but he doesn’t have any experience with cloud computing. Which of the following AWS services would help the developer achieve his goal? + - A. AWS Fargate. + - B. AWS Batch. + - C. Amazon Personalize. + - D. AWS Elastic Beanstalk. +
Answer + Correct answer: D
-40. Which AWS feature allows a company to take advantage of usage tiers for services across multiple member accounts? - - A. Service control policies (SCPs) - - B. Consolidated billing - - C. All Upfront Reserved Instances - - D. AWS Cost Explorer - -
Answer - - Correct Answer: B - - Explanation: +40. Which statement best describes the AWS Pay-As-You-Go pricing model? + - A. With AWS, you replace low upfront expenses with large variable payments. + - B. With AWS, you replace low upfront expenses with large fixed payments. + - C. With AWS, you replace large upfront expenses with low fixed payments. + - D. With AWS, you replace large capital expenses with low variable payments. +
Answer + Correct answer: D
-41. What is one of the customer's responsibilities according to the AWS shared responsibility model? - - A. Virtualization infrastructure - - B. Network infrastructure - - C. Application security - - D. Physical security of hardware - -
Answer - - Correct Answer: C - - Explanation: +41. For Amazon RDS databases, what does AWS perform on your behalf? (Choose TWO) + - A. Database setup. + - B. Network traffic protection. + - C. Management of the operating system. + - D. Access management. + - E. Management of firewall rules. +
Answer + Correct answer: A, C
-42. What helps a company provide a lower latency experience to its users globally? - - A. Using an AWS Region that is central to all users - - B. Using a second Availability Zone in the AWS Region that is using used - - C. Enabling caching in the AWS Region that is being used - - D. Using edge locations to put content closer to all users - -
Answer - - Correct Answer: A - - Explanation: +42. Which of the following strategies help analyze costs in AWS? + - A. Using tags to group resources. + - B. Using AWS CloudFormation to automate the deployment of resources. + - C. Deploying resources of the same type in different regions. + - D. Configuring Amazon Inspector to automatically analyze costs and email reports. +
Answer + Correct answer: A
-43. How can the AWS Cloud increase user workforce productivity after migration from an on-premises data center? - - A. Users do not have to wait for infrastructure provisioning. - - B. The AWS Cloud infrastructure is much faster than an on-premises data center infrastructure. - - C. AWS takes over application configuration management on behalf of users. - - D. Users do not need to address security and compliance issues. - -
Answer - - Correct Answer: A - - Explanation: +43. A media company has an application that requires the transfer of large data sets to and from AWS every day. This data is business critical and should be transferred over a consistent connection. Which AWS service should the company use? + - A. AWS Direct Connect. + - B. Amazon Comprehend. + - C. AWS Snowmobile. + - D. AWS VPN. +
Answer + Correct answer: A
-44. Which AWS service provides a quick and automated way to create and manage AWS accounts? - - A. AWS QuickSight - - B. Amazon Lightsail - - C. AWS Organizations - - D. Amazon Connect - -
Answer - - Correct Answer: C - - Explanation: +44. What is the main benefit of the AWS Storage Gateway service? + - A. It automates the process of building, maintaining, and running ETL jobs. + - B. It provides physical devices to migrate data from on premises to AWS. + - C. It allows integration of on-premises IT environments with Cloud Storage. + - D. It provides hardware-based key storage for regulatory compliance. +
Answer + Correct answer: C
-45. Which Amazon RDS feature can be used to achieve high availability? - - A. Multiple Availability Zones - - B. Amazon Reserved Instances - - C. Provisioned IOPS storage - - D. Enhanced monitoring - -
Answer - - Correct Answer: A - - Explanation: - - Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. - - Amazon RDS uses several different technologies to provide failover support. - - Multi-AZ deployments for Oracle, PostgreSQL, MySQL, and MariaDB DB instances use Amazon's failover technology. - - SQL Server DB instances use SQL Server Database Mirroring (DBM). - - Reference: +45. To protect against data loss, you need to backup your database regularly. What is the most cost-effective storage option that provides immediate retrieval of your backups? + - A. Amazon S3 Glacier Deep Archive. + - B. Amazon S3 Standard-Infrequent Access. + - C. Amazon S3 Glacier. + - D. Instance Store. +
Answer + Correct answer: B
-46. Where should users report that AWS resources are being used for malicious purposes? - - A. AWS Abuse team - - B. AWS Shield - - C. AWS Support - - D. AWS Developer Forums - -
Answer - - Correct Answer: A - - Explanation: +46. Which service can you use to route traffic to the endpoint that provides the best application performance for your users worldwide? + - A. AWS Global Accelerator. + - B. AWS Data Pipeline. + - C. AWS DAX Accelerator. + - D. AWS Transfer Acceleration. +
Answer + Correct answer: A
-47. Which AWS service needs to be enabled to track all user account changes within the AWS Management Console? - - A. AWS CloudTrail - - B. Amazon Simple Notification Service (Amazon SNS) - - C. VPC Flow Logs - - D. AWS CloudHSM - -
Answer - - Correct Answer: A - - Explanation: - - AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. - - With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. - - CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. - - This event history simplifies security analysis, resource change tracking, and troubleshooting. - - In addition, you can use CloudTrail to detect unusual activity in your AWS accounts. - - These capabilities help simplify operational analysis and troubleshooting. - - Reference: +47. Why are Serverless Architectures more economical than Server-based Architectures? + - A. Serverless Architectures use new powerful computing devices. + - B. With the Server-based Architectures, compute resources continue to run all the time but with serverless architecture, compute resources are only used when code is being executed. + - C. When you reserve serverless capacity, you will get large discounts compared to server reservation. + - D. With Serverless Architectures you have the ability to scale automatically up or down as demand changes. +
Answer + Correct answer: B
-48. What is an AWS Cloud design best practice? - - A. Tight coupling of components - - B. Single point of failure - - C. High availability - - D. Overprovisioning of resources - -
Answer - - Correct Answer: A - - Explanation: +48. Which of the below options are use cases of the Amazon Route 53 service? (Choose TWO) + - A. Point-to-point connectivity between an on-premises data center and AWS. + - B. Detects configuration changes in the AWS environment. + - C. DNS configuration and management. + - D. Manages global application traffic through a variety of routing types. + - E. Provides infrastructure security optimization recommendations. +
Answer + Correct answer: C, D
-49. Why is AWS more economical than traditional data centers for applications with varying compute workloads? - - A. Amazon Elastic Compute Cloud (Amazon EC2) costs are billed on a monthly basis. - - B. Customers retain full administrative access to their Amazon EC2 instances. - - C. Amazon EC2 instances can be launched on-demand when needed. - - D. Customers can permanently run enough instances to handle peak workloads. - -
Answer - - Correct Answer: C - - Explanation: - - The ability to launch instances on-demand when needed allows customers launch and terminate instances in response to a varying workload. - - This is a more economical practice than purchasing enough on-premises servers to handle the peak load. +49. You want to transfer 200 Terabytes of data from on-premises locations to the AWS Cloud, which of the following can do the job in a cost-effective way? + - A. AWS Snowmobile. + - B. AWS Import/Export. + - C. AWS DMS. + - D. AWS Snowball. +
Answer + Correct answer: D
-50. Which AWS service would simplify migration of a database to AWS? - - A. AWS Storage Gateway - - B. AWS Database Migration Service (AWS DMS) - - C. Amazon Elastic Compute Cloud (Amazon EC2) - - D. Amazon AppStream 2.0 - -
Answer - - Correct Answer: B - - Explanation: +50. You have a real-time IoT application that requires sub-millisecond latency. Which of the following services should you use? + - A. Amazon Redshift. + - B. Amazon Athena. + - C. AWS Cloud9. + - D. Amazon ElastiCache for Redis. +
Answer + Correct answer: D
Please feel free to comment below if any information is inaccurate or if any answers need correction. diff --git a/practice-exam/practice-exam-7.md b/practice-exam/practice-exam-7.md index d5e5453..213d59f 100644 --- a/practice-exam/practice-exam-7.md +++ b/practice-exam/practice-exam-7.md @@ -6,750 +6,518 @@ If this practice exam has been helpful to you please share it with others and re --- -1. Which AWS offering enables customers to find, buy, and immediately start using software solutions in their AWS environment? - - A. AWS Config - - B. AWS OpsWorks - - C. AWS SDK - - D. AWS Marketplace - -
Answer - - Correct Answer: D - - Explanation: +1. Which of the following can help secure your sensitive data in Amazon S3? (Choose TWO) + - A. Delete the encryption keys once your data is encrypted. + - B. With AWS you do not need to worry about encryption. + - C. Enable S3 Encryption. + - D. Encrypt the data prior to uploading it. + - E. Delete all IAM users that have access to S3. +
Answer + Correct answer: C, D
-2. Which AWS networking service enables a company to create a virtual network within AWS? - - A. AWS Config - - B. Amazon Route 53 - - C. AWS Direct Connect - - D. Amazon Virtual Private Cloud (Amazon VPC. - -
Answer - - Correct Answer: D - - Explanation: +2. Which AWS service helps developers compile and test their code? + - A. AWS CodeDeploy. + - B. AWS CodeCommit. + - C. CloudEndure. + - D. AWS CodeBuild. +
Answer + Correct answer: D
-3. Which of the following is AWS's responsibility under the AWS shared responsibility model? - - A. Configuring third-party applications - - B. Maintaining physical hardware - - C. Securing application access and data - - D. Managing custom Amazon Machine Images (AMIs) - -
Answer - - Correct Answer: B - - Explanation: +3. Which of the following will affect how much you are charged for storing objects in S3? (Choose TWO) + - A. Using default encryption for any number of S3 buckets. + - B. The number of EBS volumes attached to your instances. + - C. The storage class used for the objects stored. + - D. Creating and deleting S3 buckets. + - E. The total size in gigabytes of all objects stored. +
Answer + Correct answer: C, E
-4. Which component of AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery? - - A. AWS Regions - - B. AWS edge locations - - C. AWS Availability Zones - - D. Amazon Virtual Private Cloud (Amazon VPC. - -
Answer - - Correct Answer: B - - Explanation: +4. What does the Amazon CloudFront service provide? (Choose TWO) + - A. Tracks user activity and APl usage. + - B. Increases application availability by caching at the edge. + - C. Enables faster disaster recovery. + - D. Stores archived data at very low costs. + - E. Delivers content to end users with low latency. +
Answer + Correct answer: B, E
-5. How would a system administrator add an additional layer of login security to a user's AWS Management Console? - - A. Use AWS Cloud Directory - - B. Audit AWS Identity and Access Management (IAM) roles - - C. Enable Multi-Factor Authentication - - D. Enable AWS CloudTrail - -
Answer - - Correct Answer: C - - Explanation: +5. You are facing a lot of problems with your current contact center. Which service provides a cloud-based contact center that can deliver a better service for your customers? + - A. Amazon Lightsail. + - B. Amazon Connect. + - C. AWS Direct Connect. + - D. AWS Elastic Beanstalk. +
Answer + Correct answer: B
-6. Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated? - - A. Amazon CloudWatch - - B. AWS CloudTrail - - C. AWS X-Ray - - D. AWS Identity and Access Management (AWS IAM) - -
Answer - - Correct Answer: B - - Explanation: +6. You have migrated your application to AWS recently. How can you view the AWS costs applied to your account? + - A. Using the AWS Cost & Usage Report. + - B. Using the AWS Total Cost of Ownership (TCO) dashboard. + - C. Using the AWS CloudWatch logs dashboard. + - D. Using the Amazon VPC dashboard. +
Answer + Correct answer: A
-7. Which service would you use to send alerts based on Amazon CloudWatch alarms? - - A. Amazon Simple Notification Service (Amazon SNS) - - B. AWS CloudTrail - - C. AWS Trusted Advisor - - D. Amazon Route 53 - -
Answer - - Correct Answer: A - - Explanation: +7. Which of the following are valid Amazon EC2 Reserved Instance types? (Choose TWO) + - A. Convertible. + - B. Expedited. + - C. Bulk. + - D. Spot. + - E. Standard. +
Answer + Correct answer: A, E
-8. Where can a customer find information about prohibited actions on AWS infrastructure? - - A. AWS Trusted Advisor - - B. AWS Identity and Access Management (IAM) - - C. AWS Billing Console - - D. AWS Acceptable Use Policy - -
Answer - - Correct Answer: D - - Explanation: +8. Which of the following services gives you access to all AWS auditor-issued reports and certifications? + - A. AWS Artifact. + - B. AWS Config. + - C. Amazon CloudWatch. + - D. AWS CloudTrail. +
Answer + Correct answer: A
-9. Which of the following is an example of how moving to the AWS Cloud reduces upfront cost? - - A. By replacing large variable costs with lower capital investments - - B. By replacing large capital investments with lower variable costs - - C. By allowing the provisioning of compute and storage at a fixed level to meet peak demand - - D. By replacing the repeated scaling of virtual servers with a simpler fixed-scale model - -
Answer - - Correct Answer: B - - Explanation: - - AWS does not require minimum spend commitments or long-term contracts. - - You replace large upfront expenses with low variable payments that only apply to what you use. - - With AWS you are not bound to multi-year agreements or complicated licensing models. - - Reference: +9. You manage a blog on AWS that has different environments: development, testing, and production. What can you use to create a custom console for each environment to view and manage your resources easily? + - A. AWS Resource Groups. + - B. AWS Placement Groups. + - C. AWS Management Console. + - D. AWS Tag Editor. +
Answer + Correct answer: A
-10. When designing a typical three-tier web application, which AWS services and/or features improve availability and reduce the impact failures? (Choose two.) - - A. AWS Auto Scaling for Amazon EC2 instances - - B. Amazon VPC subnet ACLs to check the health of a service - - C. Distributed resources across multiple Availability Zones - - D. AWS Server Migration Service (AWS SMS) to move Amazon EC2 instances into a different Region - - E. Distributed resources across multiple AWS points of presence - -
Answer - - Correct Answer: AC - - Explanation: +10. Which AWS service collects metrics from running EC2 instances? + - A. Amazon Inspector. + - B. Amazon CloudWatch. + - C. AWS CloudFormation. + - D. AWS CloudTrail. +
Answer + Correct answer: B
-11. Which cloud design principle aligns with AWS Cloud best practices? - - A. Create fixed dependencies among application components - - B. Aggregate services on a single instance - - C. Deploy applications in a single Availability Zone - - D. Distribute the compute load across multiple resources - -
Answer - - Correct Answer: D - - Explanation: - - Use load balancing for offloading encryption termination (TLS) to improve performance and to manage and route traffic effectively. - - Distribute traffic across multiple resources or services to allow your workload to take advantage of the elasticity that AWS provides. - - Reference: +11. Your web application currently faces performance issues and suffers from long load times. Which of the following AWS services could help fix these issues and improve performance? + - A. Amazon Detective. + - B. AWS X-Ray. + - C. AWS Security Hub. + - D. AWS Shield. +
Answer + Correct answer: B
-12. Which of the following are recommended practices for managing IAM users? (Choose two.) - - A. Require IAM users to change their passwords after a specified period of time - - B. Prevent IAM users from reusing previous passwords - - C. Recommend that the same password be used on AWS and other sites - - D. Require IAM users to store their passwords in raw text - - E. Disable multi-factor authentication (MFA) for IAM users - -
Answer - - Correct Answer: AB - - Explanation: +12. Which of the following compute resources are serverless? (Choose TWO) + - A. Amazon EC2. + - B. AWS Fargate. + - C. AWS Lambda. + - D. Amazon ECS. + - E. Amazon EMR. +
Answer + Correct answer: B, C
-13. A company is migrating from on-premises data centers to the AWS Cloud and is looking for hands-on help with the project.
How can the company get this support? (Choose two.) - - A. Ask for a quote from the AWS Marketplace team to perform a migration into the company's AWS account. - - B. Contact AWS Support and open a case for assistance - - C. Use AWS Professional Services to provide guidance and to set up an AWS Landing Zone in the company's AWS account - - D. Select a partner from the AWS Partner Network (APN) to assist with the migration - - E. Use Amazon Connect to create a new request for proposal (RFP) for expert assistance in migrating to the AWS Cloud. - -
Answer - - Correct Answer: BC - - Explanation: +13. For compliance and regulatory purposes, a government agency requires that their applications must run on hardware that is dedicated to them only. How can you meet this requirement? + - A. Use EC2 Dedicated Hosts. + - B. Use EC2 Reserved Instances. + - C. Use EC2 Spot Instances. + - D. Use EC2 On-demand Instances. +
Answer + Correct answer: A
-14. How does the AWS Enterprise Support Concierge team help users? - - A. Supporting application development - - B. Providing architecture guidance - - C. Answering billing and account inquires - - D. Answering questions regarding technical support cases - -
Answer - - Correct Answer: C - - Explanation: +14. Which AWS Cost Governance best practice recommends refining workloads regularly to make the most of existing AWS resources and reduce costs? + - A. Tagging Enforcement. + - B. Architecture Optimization. + - C. Budgeting Processes. + - D. Resource Controls. +
Answer + Correct answer: B
-15. An application designed to span multiple Availability Zones is described as: - - A. being highly available - - B. having global reach - - C. using an economy of scale - - D. having elasticity - -
Answer - - Correct Answer: A +15. An organization needs to build a financial application that requires support for ACID transactions. Which AWS database service is most appropriate in this case? + - A. RedShift. + - B. RDS. + - C. CloudHSM. + - D. DMS. +
Answer + Correct answer: B
-16. A new service using AWS must be highly available. Yet, due to regulatory requirements, all of its Amazon EC2 instances must be located in a single geographic area.
According to best practices, to meet these requirements, the EC2 instances must be placed in at least two: - - A. AWS Regions - - B. Availability Zones - - C. subnets - - D. placement groups - -
Answer - - Correct Answer: B - - Explanation: - +16. What can you use to assign permissions directly to an IAM user? + - A. IAM Identity. + - B. IAM Group. + - C. IAM Role. + - D. IAM Policy. +
Answer + Correct answer: D
-17. Which AWS tool is used to compare the cost of running an application on-premises to running the application in the AWS Cloud? - - A. AWS Trusted Advisor - - B. AWS Simple Monthly Calculator - - C. AWS Total Cost of Ownership (TCO) Calculator - - D. Cost Explorer - -
Answer - - Correct Answer: C - - Explanation: +17. The owner of an E-Commerce application notices that the compute capacity requirements vary heavily from time to time. What makes AWS more economical than traditional data centers for this type of application? + - A. AWS allows customers to launch powerful EC2 instances to handle spikes in load. + - B. AWS allows customers to pay upfront to get bigger discounts. + - C. AWS allows customers to launch and terminate EC2 instances based on demand. + - D. AWS allows customers to choose cheaper types of EC2 instances that best fit their needs. +
Answer + Correct answer: C
-18. A company has multiple AWS accounts within AWS Organizations and wants to apply the Amazon EC2 Reserved Instances benefit to a single account only.
Which action should be taken? - - A. Purchase the Reserved Instances from master payer account and turn off Reserved Instance sharing. - - B. Enable billing alerts in the AWS Billing and Cost Management console. - - C. Purchase the Reserved Instances in individual linked accounts and turn off Reserved Instance sharing from the payer level. - - D. Enable Reserved Instance sharing in the AWS Billing and Cost Management console. - -
Answer - - Correct Answer: A - - Explanation: +18. Amazon RDS supports multiple database engines to choose from. Which of the following is not one of them? + - A. PostgreSQL. + - B. Oracle. + - C. Microsoft SQL Server. + - D. Teradata. +
Answer + Correct answer: D
-19. Which situation should be reported to the AWS Abuse team? - - A. In Availability Zone has a service disruption - - B. An intrusion attempt is made from an AWS IP address - - C. A user has trouble accessing an Amazon S3 bucket from an AWS IP address - - D. A user needs to change payment methods due to a compromise - -
Answer - - Correct Answer: B - - Explanation: +19. Which of the following AWS services would help you migrate on-premise databases to AWS? + - A. AWS DMS. + - B. Amazon S3 Transfer Acceleration. + - C. AWS Directory Service. + - D. AWS Transit Gateway. +
Answer + Correct answer: A
-20. A company is planning to launch an ecommerce site in a single AWS Region to a worldwide user base.
Which AWS services will allow the company to reach users and provide low latency and high transfer speeds? (Choose two.) - - A. Application Load Balancer - - B. AWS Global Accelerator - - C. AWS Direct Connect - - D. Amazon CloudFront - - E. AWS Lambda - -
Answer - - Correct Answer: AD - - Explanation: +20. For new AWS customers, what is the EASIEST way to launch a simple WordPress website on AWS? + - A. Run WordPress on an Amazon Lightsail instance. + - B. Install WordPress on an Amazon EC2 instance. + - C. Use the Amazon S3 Web hosting feature. + - D. Host the website directly on AWS Cloud Development Kit (AWS CDK). +
Answer + Correct answer: A
-21. Which AWS service or resource is serverless? - - A. AWS Lambda - - B. Amazon EC2 instances - - C. Amazon Lightsail - - D. Amazon ElastiCache - -
Answer - - Correct Answer: A - - Explanation: +21. Which of the following would you use to manage your encryption keys in the AWS Cloud? (Choose TWO) + - A. AWS KMS. + - B. AWS Certificate Manager. + - C. AWS CodeDeploy. + - D. AWS CodeCommit. + - E. CloudHSM. +
Answer + Correct answer: A, E
-22. Which of the following are components of Amazon VPC? (Choose two.) - - A. Objects - - B. Subnets - - C. Buckets - - D. Internet gateways - - E. Access key - -
Answer - - Correct Answer: BD - - Explanation: +22. Which of the following services allows you to install and run custom relational database software? + - A. Amazon EC2. + - B. Amazon Cognito. + - C. Amazon RDS. + - D. Amazon Inspector. +
Answer + Correct answer: A
-23. AWS Budgets can be used to: - - A. prevent a given user from creating a resource - - B. send an alert when the utilization of Reserved Instances drops below a certain percentage - - C. set resource limits in AWS accounts to prevent overspending - - D. split an AWS bill across multiple forms of payment - -
Answer - - Correct Answer: C - - Explanation: +23. Your application requirements for CPU and RAM are changing in an unpredictable way. Which service can be used to dynamically adjust these resources based on load? + - A. Auto Scaling. + - B. ELB. + - C. Amazon Route53. + - D. Amazon Elastic Container Service. +
Answer + Correct answer: A
-24. Which of the following will enhance the security of access to the AWS Management Console? (Choose two.) - - A. AWS Secrets Manager - - B. AWS Certificate Manager - - C. AWS Multi-Factor Authentication (AWS MFA) - - D. Security groups - - E. Password policies - -
Answer - - Correct Answer: CE - - Explanation: +24. A company has infrastructure hosted in an on-premises data center. They currently have an operations team that takes care of identity management. If they decide to migrate to the AWS cloud, which of the following services would help them perform the same role in AWS? + - A. AWS IAM. + - B. AWS Outposts. + - C. AWS Federation. + - D. Amazon Redshift. +
Answer + Correct answer: A
-25. The AWS Trusted Advisor checks include recommendations regarding which of the following? (Choose two.) - - A. Information on Amazon S3 bucket permissions - - B. AWS service outages - - C. Multi-factor authentication enabled on the AWS account root user - - D. Available software patches - - E. Number of users in the account - -
Answer - - Correct Answer: AC - - Explanation: +25. What are some key design principles for designing public cloud systems? (Choose TWO) + - A. Reserved capacity instead of on demand. + - B. Loose coupling over tight coupling. + - C. Servers instead of managed services. + - D. Disposable resources instead of fixed servers. + - E. Multi-AZ deployments instead of multi-region deployments. +
Answer + Correct answer: B, D
-26. Which functions can users perform using AWS KMS? - - A. Create and manage AWS access keys for the AWS account root user - - B. Create and manage AWS access keys for an AWS account IAM user - - C. Create and manage keys for encryption and decryption of data - - D. Create and manage keys for multi-factor authentication - -
Answer - - Correct Answer: C - - Explanation: +26. Where can AWS account owners get a list of all users in their account, including the status of their AWS credentials? + - A. AWS CloudTrail Trails. + - B. IAM Credential Report. + - C. AWS Artifact reports. + - D. AWS Cost and Usage Report. +
Answer + Correct answer: B
-27. How does AWS Trusted Advisor provide guidance to users of the AWS Cloud? (Choose two.) - - A. It identifies software vulnerabilities in applications running on AWS - - B. It provides a list of cost optimization recommendations based on current AWS usage - - C. It detects potential security vulnerabilities caused by permissions settings on account resources - - D. It automatically corrects potential security issues caused by permissions settings on account resources - - E. It provides proactive alerting whenever an Amazon EC2 instance has been compromised - -
Answer - - Correct Answer: BE +27. Which of the following services enables you to easily generate and use your own encryption keys in the AWS Cloud? + - A. AWS Shield. + - B. AWS Certificate Manager. + - C. AWS CloudHSM. + - D. AWS WAF. +
Answer + Correct answer: C
-28. Which of the following are advantages of the AWS Cloud? (Choose two.) - - A. AWS manages the maintenance of the cloud infrastructure - - B. AWS manages the security of applications built on AWS - - C. AWS manages capacity planning for physical servers - - D. AWS manages the development of applications on AWS - - E. AWS manages cost planning for virtual servers - -
Answer - - Correct Answer: AC - - Explanation: +28. You have developed a web application targeting a global audience. Which of the following will help you achieve the highest redundancy and fault tolerance from an infrastructure perspective? + - A. There is no need to architect for these capabilities in AWS, as AWS is redundant by default. + - B. Deploy the application in a single Availability Zone. + - C. Deploy the application in multiple Availability Zones in a single AWS region. + - D. Deploy the application in muitiple Availability Zones in multiple AWS regions. +
Answer + Correct answer: D
-29. A user deploys an Amazon RDS DB instance in multiple Availability Zones.
This strategy involves which pillar of the AWS Well-Architected Framework? - - A. Performance efficiency - - B. Reliability - - C. Cost optimization - - D. Security - -
Answer - - Correct Answer: A - - Explanation: - +29. For some services, AWS automatically replicates data across multiple Availability Zones to provide fault tolerance in the event of a server failure or Availability Zone outage. Select TWO services that automatically replicate data across Availability Zones. + - A. Instance Store. + - B. S3. + - C. DynamoDB. + - D. Amazon Route 53. + - E. AWS VPN. +
Answer + Correct answer: B, C
-30. Which AWS services provide a user with connectivity between the AWS Cloud and on-premises resources? (Choose two.) - - A. AWS VPN - - B. Amazon Connect - - C. Amazon Cognito - - D. AWS Direct Connect - - E. AWS Managed Services - -
Answer - - Correct Answer: AD - - Explanation: - - - - +30. Which of the following factors affect Amazon CloudFront cost? (Choose TWO) + - A. Number of Requests. + - B. Traffic Distribution. + - C. Number of Volumes. + - D. Instance type. + - E. Storage Class. +
Answer + Correct answer: A, B
-31. Which AWS service is used to pay AWS bills, and monitor usage and budget costs? - - A. AWS Billing and Cost Management - - B. Consolidated billing - - C. Amazon CloudWatch - - D. Amazon QuickSight - -
Answer - - Correct Answer: A - - Explanation: +31. Which of the following resources can an AWS customer use to learn more about prohibited uses of the services offered by AWS? + - A. AWS Service Control Policies (SCPs). + - B. AWS Artifact. + - C. AWS Budgets. + - D. AWS Acceptable Use Policy. +
Answer + Correct answer: D
-32. Which element of the AWS global infrastructure consists of one or more discrete data centers, each with redundant power, networking, and connectivity, which are housed in separate facilities? - - A. AWS Regions - - B. Availability Zones - - C. Edge locations - - D. Amazon CloudFront - -
Answer - - Correct Answer: B - - Explanation: - +32. Which of the following security resources are available to any user for free? (Choose TWO) + - A. AWS Bulletins. + - B. AWS TAM. + - C. AWS Support APl. + - D. AWS Security Blog. + - E. AWS Classroom Training. +
Answer + Correct answer: A, D
-33. Which Amazon VPC feature enables users to capture information about the IP traffic that reaches Amazon EC2 instances? - - A. Security groups - - B. Elastic network interfaces - - C. Network ACLs - - D. VPC Flow Logs - -
Answer - - Correct Answer: D - - Explanation: - - VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. - - Flow log data can be published to Amazon CloudWatch Logs or Amazon S3. After you've created a flow log, you can retrieve and view its data in the chosen destination. - - Reference: +33. How can you protect data stored on Amazon S3 from accidental deletion? + - A. By enabling S3 Versioning. + - B. By configuring S3 Bucket Policies. + - C. By configuring S3 Lifecycle Policies. + - D. By disabling S3 Cross-Region Replication (CRR). +
Answer + Correct answer: A
-34. Which AWS service can be used to automatically scale an application up and down without making capacity planning decisions? - - A. Amazon AutoScaling - - B. Amazon Redshift - - C. AWS CloudTrail - - D. AWS Lambda - -
Answer - - Correct Answer: A - - Explanation: +34. Which of the following is the responsibility of AWS according to the AWS Shared Responsibility Model? + - A. Securing regions and edge locations. + - B. Performing auditing tasks. + - C. Monitoring AWS resources usage. + - D. Securing access to AWS resources. +
Answer + Correct answer: A
-35. AWS Enterprise Support users have access to which service or feature that is not available to users with other AWS Support plans? - - A. AWS Trusted Advisor - - B. AWS Support case - - C. Concierge team - - D. Amazon Connect - -
Answer - - Correct Answer: C - - Explanation: +35. Which of the following AWS support plans provides access to only the seven core AWS Trusted Advisor checks? + - A. Business & Enterprise Support. + - B. Basic & Developer Support. + - C. Developer & Enterprise Support. + - D. Developer & Business Support. +
Answer + Correct answer: B
-36. A company wants to migrate a MySQL database to AWS but does not have the budget for Database Administrators to handle routine tasks including provisioning, patching, and performing backups.
Which AWS service will support this use case? - - A. Amazon RDS - - B. Amazon DynamoDB - - C. Amazon DocumentDB - - D. Amazon ElastiCache - -
Answer - - Correct Answer: A - - Explanation: - - Amazon RDS makes it easy to set up, operate, and scale a relational database in the cloud. - - It provides cost-efficient and resizable capacity while automating time-consuming administration tasks, such as hardware provisioning, database setup, patching, and backups. - - It frees you to focus on your applications, so you can give them the fast performance, high availability, security, and compatibility that they need. - - Reference: +36. Which of the following is NOT a benefit of using AWS Lambda? + - A. AWS Lambda runs code without provisioning or managing servers. + - B. AWS Lambda provides resizable compute capacity in the cloud. + - C. There is no charge when your AWS Lambda code is not running. + - D. AWS Lambda can be called directly from any mobile app. +
Answer + Correct answer: B
-37. A company wants to expand from one AWS Region into a second AWS Region.
What does the company need to do to start supporting the new Region? - - A. Contact an AWS Account Manager to sign a new contract - - B. Move an Availability Zone to the new Region - - C. Begin deploying resources in the second Region - - D. Download the AWS Management Console for the new Region - -
Answer - - Correct Answer: D - - Explanation: - +37. How does AWS help customers achieve compliance in the cloud? + - A. It's not possible to meet regulatory compliance requirements in the Cloud. + - B. AWS applies the most common Cloud security standards, and is responsible for complying with customers’ applicable laws and regulations. + - C. AWS has many common assurance certifications such as ISO 9001 and HIPAA. + - D. Many AWS services are assessed regularly to comply with local laws and regulations. +
Answer + Correct answer: C
-38. A user must meet compliance and software licensing requirements that state a workload must be hosted on a physical server.
Which Amazon EC2 instance pricing option will meet these requirements? - - A. Dedicated Hosts - - B. Dedicated Instances - - C. Spot Instances - - D. Reserved Instances - -
Answer - - Correct Answer: A - - Explanation: +38. Who is responsible for scaling a DynamoDB database in the AWS Shared Responsibility Model? + - A. Your security team. + - B. Your development team. + - C. AWS. + - D. Your internal DevOps team. +
Answer + Correct answer: C
-39. Which AWS service will provide a way to generate encryption keys that can be used to encrypt data? (Choose two.) - - A. Amazon Macie - - B. AWS Certificate Manager - - C. AWS Key Management Service (AWS KMS) - - D. AWS Secrets Manager - - E. AWS CloudHSM - -
Answer - - Correct Answer: CE - - Explanation: - - - - +39. You are working as a web app developer. You are currently facing issues in media playback for mobile devices because your media format is not supported. Which of the following AWS services can help you convert your media into another format? + - A. Amazon Elastic Transcoder. + - B. Amazon Pinpoint. + - C. AmazonS3. + - D. Amazon Rekognition. +
Answer + Correct answer: A
-40. A company is planning to migrate from on-premises to the AWS Cloud.
Which AWS tool or service provides detailed reports on estimated cost savings after migration? - - A. AWS Total Cost of Ownership (TCO) Calculator - - B. Cost Explorer - - C. AWS Budgets - - D. AWS Migration Hub - -
Answer - - Correct Answer: A - - Explanation: - (26) +40. What are the benefits of the AWS Organizations service? (Choose TWO) + - A. Control access to AWS services. + - B. Help organizations design and maintain an accelerated path to successful cloud adoption. + - C. Manage your organization’s payment methods. + - D. Help organization achieve their desired business outcomes with AWS. + - E. Consolidate billing across multiple AWS accounts. +
Answer + Correct answer: A, E
-41. What can assist in evaluating an application for migration to the cloud? (Choose two.) - - A. AWS Trusted Advisor - - B. AWS Professional Services - - C. AWS Systems Manager - - D. AWS Partner Network (APN) - - E. AWS Secrets Manager - -
Answer - - Correct Answer: AD +41. Which AWS service allows you to build a data warehouse in the cloud? + - A. AWS Shield. + - B. Amazon Redshift. + - C. Amazon RDS. + - D. Amazon Comprehend. +
Answer + Correct answer: B
-42. Which AWS service helps users meet contractual and regulatory compliance requirements for data security by using dedicated hardware appliances within the AWS Cloud? - - A. AWS Secrets Manager - - B. AWS CloudHSM - - C. AWS Key Management Service (AWS KMS) - - D. AWS Directory Service - -
Answer - - Correct Answer: B - - Explanation: - - The AWS CloudHSM service helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud. - - AWS and AWS Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS platform, but for some applications and data subject to contractual or regulatory mandates for managing cryptographic keys, additional protection may be necessary. - - CloudHSM complements existing data protection solutions and allows you to protect your encryption keys within HSMs that are designed and validated to government standards for secure key management. - - CloudHSM allows you to securely generate, store, and manage cryptographic keys used for data encryption in a way that keys are accessible only by you. - - Reference: +42. What AWS service allows you to buy third-party software solutions and services that run on AWS resources? + - A. AWS Application Discovery service. + - B. Amazon DevPay. + - C. AWS Marketplace. + - D. Resource Groups. +
Answer + Correct answer: C
-43. Under the AWS shared responsibility model, the customer manages which of the following? (Choose two.) - - A. Decommissioning of physical storage devices - - B. Security group and ACL configuration - - C. Patch management of an Amazon RDS instance operating system - - D. Controlling physical access to data centers - - E. Patch management of an Amazon EC2 instance operating system - -
Answer - - Correct Answer: BE - - Explanation: +43. Which of the following services is an AWS repository management system that allows for storing, versioning, and managing your application code? + - A. AWS CodePipeline. + - B. AWS CodeCommit. + - C. AWS X-Ray. + - D. Amazon Inspector. +
Answer + Correct answer: B
-44. Which AWS service is suitable for an event-driven workload? - - A. Amazon EC2 - - B. AWS Elastic Beanstalk - - C. AWS Lambda - - D. Amazon Lumberyard - -
Answer - - Correct Answer: B - - Explanation: - - An easy-to-use service for deploying and scaling web applications and web services developed in a number of programming languages. - - You can configure event notifications for your Elastic Beanstalk environment so that notable events can be automatically published to an SNS topic, then pushed to topic subscribers. - - As an example, you may use this event-driven architecture to coordinate your continuous integration pipeline (such as Jenkins CI). - - That way, whenever an environment is created, Elastic Beanstalk publishes this event to an SNS topic, which triggers a subscribing Lambda function, which then kicks off a CI job against your newly created Elastic Beanstalk environment. - - Reference: +44. Which AWS service can be used to route end users to the nearest AWS Region to reduce latency? + - A. Amazon Cognito. + - B. AWS Systems Manager. + - C. AWS Cloud9. + - D. Amazon Route 53. +
Answer + Correct answer: D
-45. What is a value proposition of the AWS Cloud? - - A. AWS is responsible for security in the AWS Cloud - - B. No long-term contract is required - - C. Provision new servers in days - - D. AWS manages user applications in the AWS Cloud - -
Answer - - Correct Answer: B - - Explanation: +45. Which feature enables users to sign into their AWS accounts with their existing corporate credentials? + - A. Federation. + - B. Access keys. + - C. IAM Permissions. + - D. WAF rules. +
Answer + Correct answer: A
-46. What is a characteristic of Amazon S3 cross-region replication? - - A. Both source and destination S3 buckets must have versioning disabled - - B. The source and destination S3 buckets cannot be in different AWS Regions - - C. S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts - - D. The source S3 bucket owner must have the source and destination AWS Regions disabled for their account - -
Answer - - Correct Answer: C - - Explanation: +46. According to the AWS shared responsibility model, what are the controls that customers fully inherit from AWS? (Choose TWO) + - A. Awareness and Training. + - B. Communications controls. + - C. Data center security controls. + - D. Environmental controls. + - E. Resource Configuration Management. +
Answer + Correct answer: C, D
-47. What is a user responsible for when running an application in the AWS Cloud? - A. Managing physical hardware - - B. Updating the underlying hypervisor - - C. Providing a list of users approved for data center access - - D. Managing application software updates - -
Answer - - Correct Answer: D - - Explanation: +47. What can you access by visiting the URL: ? + - A. AWS Billing Dashboard. + - B. AWS Cost Dashboard. + - C. AWS Service Health Dashboard. + - D. AWS Security Dashboard. +
Answer + Correct answer: C
-48. A company that does business online needs to quickly deliver new functionality in an iterative manner, minimizing the time to market.
Which AWS Cloud feature can provide this? - - A. Elasticity - - B. High availability - - C. Agility - - D. Reliability - -
Answer - - Correct Answer: C - - Explanation: +48. Which of the following procedures can reduce latency when your end users are retrieving data? (Choose TWO) + - A. Store media assets in the region closest to your end users. + - B. Store media assets on an additional EBS volume and increase the capacity of your server. + - C. Replicate media assets to at least two availability zones. + - D. Reduce the size of media assets using the Amazon Elastic Transcoder. + - E. Store media assets in $3 and use CloudFront to distribute these assets. +
Answer + Correct answer: A, E
-49. Which features or services can be used to monitor costs and expenses for an AWS account? (Choose two.) - - A. AWS Cost and Usage report - - B. AWS product pages - - C. AWS Simple Monthly Calculator - - D. Billing alerts and Amazon CloudWatch alarms - - E. AWS Price List API - -
Answer - - Correct Answer: AD - - Explanation: +49. Which of the following are part of the seven design principles for security in the cloud? (Choose TWO) + - A. Use manual monitoring techniques to protect your AWS resources. + - B. Use IAM roles to grant temporary access instead of long-term credentials. + - C. Scale horizontally to protect from failures. + - D. Enable real-time traceability. + - E. Never store sensitive data in the cloud. +
Answer + Correct answer: B, D
-50. Amazon Route 53 enables users to: - - A. encrypt data in transit - - B. register DNS domain names - - C. generate and manage SSL certificates - - D. establish a dedicated network connection to AWS - -
Answer - - Correct Answer: B - - Explanation: +50. A company is migrating production workloads to AWS, and they are concerned about cost management across different departments. Which option should the company implement to categorize and track AWS spending? + - A. Use the AWS Pricing Calculator service to monitor the costs incurred by each department. + - B. Use Amazon Aurora to forecast AWS spending based on usage. + - C. Apply cost allocation tags to segment AWS costs by different e projects and departments. + - D. Configure AWS Price List API to receive billing updates for each department automatically. +
Answer + Correct answer: C
Please feel free to comment below if any information is inaccurate or if any answers need correction. diff --git a/practice-exam/practice-exam-8.md b/practice-exam/practice-exam-8.md index ddf6e94..b250f51 100644 --- a/practice-exam/practice-exam-8.md +++ b/practice-exam/practice-exam-8.md @@ -6,726 +6,519 @@ If this practice exam has been helpful to you please share it with others and re --- -1. Which AWS service helps identify malicious or unauthorized activities in AWS accounts and workloads? - - A. Amazon Rekognition - - B. AWS Trusted Advisor - - C. Amazon GuardDuty - - D. Amazon CloudWatch - -
Answer - - Correct Answer: C - - Explanation: +1. What is the main benefit of attaching security groups to an Amazon RDS instance? + - A. Manages user access and encryption keys. + - B. Controls what IP address ranges can connect to your database instance. + - C. Deploys SSL/TLS certificates for use with your database instance. + - D. Distributes incoming traffic across multiple targets. +
Answer + Correct answer: B
-2. A company wants to try a third-party ecommerce solution before deciding to use it long term.
Which AWS service or tool will support this effort? - - A. AWS Marketplace - - B. AWS Partner Network (APN) - - C. AWS Managed Services - - D. AWS Service Catalog - -
Answer - - Correct Answer: A - - Explanation: +2. A company wants to use Amazon Elastic Container Service (Amazon ECS) to run its containerized applications. For compliance reasons, the company wants to retain complete visibility and control over the underlying server cluster. Which Amazon ECS launch type will satisfy these requirements? + - A. EC2 launch type. + - B. Fargate launch type. + - C. Lightsail launch type. + - D. Lambda launch type. +
Answer + Correct answer: A
-3. Which AWS service is a managed NoSQL database? - - A. Amazon Redshift - - B. Amazon DynamoDB - - C. Amazon Aurora - - D. Amazon RDS for MariaDB - -
Answer - - Correct Answer: B - - Explanation: +3. You have multiple standalone AWS accounts and you want to decrease your AWS monthly charges. What should you do? + - A. Try to remove unnecessary AWS accounts. + - B. Add the accounts to an AWS Organization and use Consolidated Billing. + - C. Track the AWS charges that are incurred by the member accounts. + - D. Enable AWS tiered-pricing before provisioning resources. +
Answer + Correct answer: B
-4. Which AWS service should be used to create a billing alarm? - - A. AWS Trusted Advisor - - B. AWS CloudTrail - - C. Amazon CloudWatch - - D. Amazon QuickSight - -
Answer - - Correct Answer: C - - Explanation: +4. You have been tasked with auditing the security of your VPC. As part of this process, you need to start by analyzing what inbound and outbound traffic is allowed on your EC2 instances. What two parts of the VPC do you need to check to accomplish this task? + - A. Network ACLs and Traffic Manager. + - B. Network ACLs and Subnets. + - C. Security Groups and Internet Gateways. + - D. Security Groups and Network ACLs. +
Answer + Correct answer: D
-5. A company is hosting a web application in a Docker container on Amazon EC2.
AWS is responsible for which of the following tasks? - - A. Scaling the web application and services developed with Docker - - B. Provisioning or scheduling containers to run on clusters and maintain their availability - - C. Performing hardware maintenance in the AWS facilities that run the AWS Cloud - - D. Managing the guest operating system, including updates and security patches - -
Answer - - Correct Answer: C - - Explanation: +5. What does the AWS "Business" support plan provide? (Choose TWO) + - A. Access to the full set of Trusted Advisor checks. + - B. Support Concierge Service. + - C. Less than 15 minutes response-time support if your business critical system goes down. + - D. AWS Support API. + - E. Proactive Technical Account Management. +
Answer + Correct answer: A, D
-6. Users are reporting latency when connecting to a website with a global customer base.
Which AWS service will improve the customer experience by reducing latency? - - A. Amazon CloudFront - - B. AWS Direct Connect - - C. Amazon EC2 Auto Scaling - - D. AWS Transit Gateway - -
Answer - - Correct Answer: A - - Explanation: +6. You have just finished writing your application code. Which service can be used to automate the deployment and scaling of your application? + - A. Amazon Simple Storage Service. + - B. AWS Elastic Beanstalk. + - C. AWS CodeCommit. + - D. Amazon Elastic File System. +
Answer + Correct answer: B
-7. Which actions represent best practices for using AWS IAM? (Choose two.) - - A. Configure a strong password policy - - B. Share the security credentials among users of AWS accounts who are in the same Region - - C. Use access keys to log in to the AWS Management Console - - D. Rotate access keys on a regular basis - - E. Avoid using IAM roles to delegate permissions - -
Answer - - Correct Answer: AD - - Explanation: +7. Which statement is true in relation to security in AWS? + - A. AWS manages everything related to EC2 operating systems. + - B. AWS customers are responsible for patching any database software running on Amazon EC2. + - C. Server side encryption is the responsibility of AWS. + - D. AWS is responsible for the security of your application. +
Answer + Correct answer: B
-8. Which AWS feature or service can be used to capture information about incoming and outgoing traffic in an AWS VPC infrastructure? - - A. AWS Config - - B. VPC Flow Logs - - C. AWS Trusted Advisor - - D. AWS CloudTrail - -
Answer - - Correct Answer: B - - Explanation: - +8. Amazon EC2 instances are conceptually very similar to traditional servers. However, using Amazon EC2 server instances in the same manner as traditional hardware server instances is only a starting point. What are the main benefits of using the AWS EC2 instances instead of traditional servers? (Choose TWO) + - A. Improves Fault-Tolerance. + - B. Provides your business with a seamless remote accessibility. + - C. Prevents unauthorized users from getting into your network. + - D. Provides automatic data backups. + - E. Can be scaled manually in a shorter period of time. +
Answer + Correct answer: A, E
-9. A company wants to use an AWS service to monitor the health of application endpoints, with the ability to route traffic to healthy regional endpoints to improve application availability.
Which service will support these requirements? - - A. Amazon Inspector - - B. Amazon CloudWatch - - C. AWS Global Accelerator - - D. Amazon CloudFront - -
Answer - - Correct Answer: C - - Explanation: - - AWS Global Accelerator uses the AWS global network to optimize the path from your users to your applications, improving the performance of your traffic by as much as 60%. - - AWS Global Accelerator continually monitors the health of your application endpoints and redirects traffic to healthy endpoints in less than 30 seconds. - - Reference: +9. Which statement is true regarding AWS pricing? (Choose TWO) + - A. With the AWS pay-as-you-go pricing model, you don't have to pay any upfront fee. + - B. You have no responsibility for third-party software license costs. + - C. You only pay for the individual services that you need with no long-term contracts. + - D. For some services, you have to pay a startup fee in order to get the service running. + - E. There are no reservations on AWS, you only pay for what you use. +
Answer + Correct answer: A, C
-10. According to the AWS Well-Architected Framework, what change management steps should be taken to achieve reliability in the AWS Cloud? (Choose two.) - - A. Use AWS Config to generate an inventory of AWS resources - - B. Use service limits to prevent users from creating or making changes to AWS resources - - C. Use AWS CloudTrail to record AWS API calls into an auditable log file - - D. Use AWS Certificate Manager to whitelist approved AWS resources and services - - E. Use Amazon GuardDuty to validate configuration changes made to AWS resources - -
Answer - - Correct Answer: DE +10. Which AWS service provides the EASIEST way to set up and manage a secure, well-architected, multi-account AWS environment? + - A. AWS Control Tower. + - B. Amazon Macie. + - C. AWS Systems Manager Patch Manager. + - D. AWS Systems Manager Patch Manager AWS Security Hub. +
Answer + Correct answer: A
-11. Which service can be used to monitor and receive alerts for AWS account root user AWS Management Console sign-in events? - - A. Amazon CloudWatch - - B. AWS Config - - C. AWS Trusted Advisor - - D. AWS IAM - -
Answer - - Correct Answer: A - - Explanation: +11. A company is running a large web application that needs to always be available. The application tends to slow down when CPU usage is greater than 60%. How can they track when CPU usage goes above 60% for any of the EC2 Instances in their account? + - A. Use CloudFront to monitor the CPU usage. + - B. Set the AWS Config CPU threshold to 60% to receive a notification when EC2 usage exceeds that value. + - C. Use CloudWatch Alarms to monitor the CPUand alert when the CPU usage is >= 60%. + - D. Use SNS to menitor the utilization of the server. +
Answer + Correct answer: C
-12. Which design principle should be considered when architecting in the AWS Cloud? - - A. Think of servers as non-disposable resources - - B. Use synchronous integration of services - - C. Design loosely coupled components - - D. Implement the least permissive rules for security groups - -
Answer - - Correct Answer: C - - Explanation: +12. What is the recommended storage option when hosting an often-changing database on an Amazon EC2 instance? + - A. Amazon EBS. + - B. Amazon RDS. + - C. You can't run a database inside an Amazon EC2 instance. + - D. Amazon DynamoDB. +
Answer + Correct answer: A
-13. Which AWS services can be used to move data from on-premises data centers to AWS? (Choose two.) - - A. AWS Snowball - - B. AWS Lambda - - C. AWS ElastiCache - - D. AWS Database Migration Service (AWS DMS) - - E. Amazon API Gateway - -
Answer - - Correct Answer: AD - - Explanation: +13. You are working as a site reliability engineer (SRE) in an AWS environment, which of the following services helps monitor your applications? + - A. Amazon CloudWatch. + - B. Amazon CloudSearch. + - C. Amazon Elastic MapReduce. + - D. Amazon CloudHSM. +
Answer + Correct answer: A
-14. A batch workload takes 5 hours to finish on an Amazon EC2 instance. The amount of data to be processed doubles monthly and the processing time is proportional.
What is the best cloud architecture to address this consistently growing demand? - - A. Run the application on a bigger EC2 instance size. - - B. Switch to an EC2 instance family that better matches batch requirements. - - C. Distribute the application across multiple EC2 instances and run the workload in parallel. - - D. Run the application on a bare metal EC2 instance. - -
Answer - - Correct Answer: C +14. What factors determine how you are charged when using AWS Lambda? (Choose TWO) + - A. Storage consumed. + - B. Number of requests to your functions. + - C. Number of volumes. + - D. Placement groups. + - E. Compute time consumed. +
Answer + Correct answer: B, E
-15. Each department within a company has its own independent AWS account and its own payment method. New company leadership wants to centralize departmental governance and consolidate payments.
How can this be achieved using AWS services or features? - - A. Forward monthly invoices for each account. Then create IAM roles to allow cross-account access. - - B. Create a new AWS account. Then configure AWS Organizations and invite all existing accounts to join. - - C. Configure AWS Organizations in each of the existing accounts. Then link all accounts together. - - D. Use Cost Explorer to combine costs from all accounts. Then replicate IAM policies across accounts. - -
Answer - - Correct Answer: C - - Explanation: +15. What are the main differences between an IAM user and an IAM role in AWS? (Choose TWO) + - A. An IAM user is uniquely associated with only one person, however a role is intended to be assumable by anyone who needs it. + - B. An IAM user has permanent credentials associated with it, however a role has temporary credentials associated with it. + - C. IAM users are more cost effective than IAM roles. + - D. Arole is uniquely associated with only one person, however an IAM user is intended to be assumable by anyone who needs it. + - E. An IAM user has temporary credentials associated withit, however a role has permanent credentials associated with it. +
Answer + Correct answer: A, B
-16. The ability to horizontally scale Amazon EC2 instances based on demand is an example of which concept in the AWS Cloud value proposition? - - A. Economy of scale - - B. Elasticity - - C. High availability - - D. Agility - -
Answer - - Correct Answer: B +16. Which of the following actions may reduce Amazon EBS costs? (Choose TWO) + - A. Deleting unused buckets. + - B. Using reservations. + - C. Deleting unnecessary snapshots. + - D. Changing the type of the volume. + - E. Distributing requests to multiple volumes. +
Answer + Correct answer: C, D
-17. An ecommerce company anticipates a huge increase in web traffic for two very popular upcoming shopping holidays.
Which AWS service or feature can be configured to dynamically adjust resources to meet this change in demand? - - A. AWS CloudTrail - - B. Amazon EC2 Auto Scaling - - C. Amazon Forecast - - D. AWS Config - -
Answer - - Correct Answer: B - - Explanation: +17. What does Amazon GuardDuty do to protect AWS accounts and workloads? + - A. Notifies AWS customers about abuse events once they are reported. + - B. Continuously monitors AWS infrastructure and helps detect threats such as attacker reconnaissance or account compromise. + - C. Helps AWS customers identify the root cause of potential security issues. + - D. Checks security groups for rules that allow unrestricted access to AWS. resources. +
Answer + Correct answer: B
-18. Which AWS service enables users to securely connect to AWS resources over the public internet? - - A. Amazon VPC peering - - B. AWS Direct Connect - - C. AWS VPN - - D. Amazon Pinpoint - -
Answer - - Correct Answer: C - - Explanation: +18. Which database service should you use if your application and data schema require "joins" or complex transactions? + - A. Amazon RDS. + - B. AWS Outposts. + - C. Amazon DocumentDB. + - D. Amazon DynameDB. +
Answer + Correct answer: A
-19. Which tool is used to forecast AWS spending? - - A. AWS Trusted Advisor - - B. AWS Organizations - - C. Cost Explorer - - D. Amazon Inspector - -
Answer - - Correct Answer: C - - Explanation: +19. Which of the following makes it easier for you to categorize, manage and filter your resources? + - A. Amazon CloudWatch. + - B. AWS Service Catalog. + - C. AWS Directory Service. + - D. AWS Tagging. +
Answer + Correct answer: D
-20. A company is running an ecommerce application hosted in Europe. To decrease latency for users who access the website from other parts of the world, the company would like to cache frequently accessed static content closer to the users.
Which AWS service will support these requirements? - - A. Amazon ElastiCache - - B. Amazon CloudFront - - C. Amazon Elastic File System (Amazon EFS) - - D. Amazon Elastic Block Store (Amazon EBS) - -
Answer - - Correct Answer: B - - Explanation: - - Amazon CloudFront employs a global network of edge locations and regional edge caches that cache copies of your content close to your viewers. - - Amazon CloudFront ensures that end-user requests are served by the closest edge location. - - As a result, viewer requests travel a short distance, improving performance for your viewers. - - For files not cached at the edge locations and the regional edge caches, Amazon CloudFront keeps persistent connections with your origin servers so that those files can be fetched from the origin servers as quickly as possible. - - Reference: +20. What should you consider when storing data in Amazon Glacier? + - A. Amazon Glacier only accepts data in a compressed format. + - B. Glacier can only be used to store frequently accessed data and data archives. + - C. Amazon Glacier does not provide immediate retrieval of data. + - D. Attach Glacier to an EC2 Instance to be able to store data. +
Answer + Correct answer: C
-21. Which of the following is a component of the AWS Global Infrastructure? - - A. Amazon Alexa - - B. AWS Regions - - C. Amazon Lightsail - - D. AWS Organizations - -
Answer - - Correct Answer: B - - Explanation: +21. Engineers are wasting a lot of time and effort managing batch computing software in traditional data centers. Which of the following AWS services allows them to easily run thousands of batch computing jobs? + - A. Amazon EC2. + - B. AWS Batch. + - C. Lambda@Edge. + - D. AWS Fargate. +
Answer + Correct answer: B
-22. Which AWS service will help users determine if an application running on an Amazon EC2 instance has sufficient CPU capacity? - - A. Amazon CloudWatch - - B. AWS Config - - C. AWS CloudTrail - - D. Amazon Inspector - -
Answer - - Correct Answer: A - - Explanation: +22. How can you increase your application’s fault-tolerance while it is being hosted in AWS? + - A. Deploy your application across multiple EC2 instances. + - B. Deploy your application across multiple Availability Zones. + - C. Host your application on one powerful EC2 instance type instead of multiple smaller instances. + - D. Deploy the underlying application resources across multiple subnets. +
Answer + Correct answer: B
-23. Why is it beneficial to use Elastic Load Balancers with applications? - - A. They allow for the conversion from Application Load Balancers to Classic Load Balancers. - - B. They are capable of handling constant changes in network traffic patterns. - - C. They automatically adjust capacity. - - D. They are provided at no charge to users. - -
Answer - - Correct Answer: B - - Explanation: +23. Which of the following AWS Support Plans gives you 24/7 access to Cloud Support Engineers via email & phone? (Choose TWO) + - A. Developer. + - B. Premium. + - C. Enterprise. + - D. Standard. + - E. Business. +
Answer + Correct answer: C, E
-24. Which tasks are the customer's responsibility in the AWS shared responsibility model? (Choose two.) - - A. Infrastructure facilities access management - - B. Cloud infrastructure hardware lifecycle management - - C. Configuration management of user's applications - - D. Networking infrastructure protection - - E. Security groups configuration - -
Answer - - Correct Answer: CE - - Explanation: +24. Which of the following requires an access key ID and a secret access key to get long-lived programmatic access to AWS resources? (Choose TWO) + - A. IAM group. + - B. IAM user. + - C. IAM role. + - D. AWS account root user. + - E. TAM. +
Answer + Correct answer: B, D
-25. IT systems should be designed to reduce interdependencies, so that a change or failure in one component does not cascade to other components.
This is an example of which principle of cloud architecture design? - - A. Scalability - - B. Loose coupling - - C. Automation - - D. Automatic scaling - -
Answer - - Correct Answer: B - - Explanation: +25. Which of the following is a benefit of the "Loose Coupling" architecture principle? + - A. It eliminates the need for change management. + - B. It allows for Cross-Region Replication. + - C. It helps AWS customers reduce Privileged Access to AWS resources. + - D. It allows individual application compenents or services to be modified without affecting other components. +
Answer + Correct answer: D
-26. Which AWS service or feature can enhance network security by blocking requests from a particular network for a web application on AWS? (Choose two.) - - A. AWS WAF - - B. AWS Trusted Advisor - - C. AWS Direct Connect - - D. AWS Organizations - - E. Network ACLs - -
Answer - - Correct Answer: AE - - Explanation: - - - - +26. A company needs to host a big data application on AWS using EC2 instances. Which of the following AWS Storage services would they choose to automatically get high throughput to multiple compute nodes? + - A. Amazon Elastic Block Store. + - B. AWS Storage Gateway. + - C. Amazon Elastic File System. + - D. S3. +
Answer + Correct answer: C
-27. An application runs on multiple Amazon EC2 instances that access a shared file system simultaneously.
Which AWS storage service should be used? - - A. Amazon EBS - - B. Amazon EFS - - C. Amazon S3 - - D. AWS Artifact - -
Answer - - Correct Answer: B - - Explanation: +27. Which of the following Cloud Computing deployment models eliminates the need to run and maintain physical data centers? + - A. On-premises. + - B. IaaS. + - C. PaaS. + - D. Cloud. +
Answer + Correct answer: D
-28. A web application is hosted on AWS using an Elastic Load Balancer, multiple Amazon EC2 instances, and Amazon RDS.
Which security measures fall under the responsibility of AWS? (Choose two.) - - A. Running a virus scan on EC2 instances - - B. Protecting against IP spoofing and packet sniffing - - C. Installing the latest security patches on the RDS instance - - D. Encrypting communication between the EC2 instances and the Elastic Load Balancer - - E. Configuring a security group and a network access control list (NACL) for EC2 - -
Answer - - Correct Answer: CD +28. What are the benefits of the AWS Marketplace service? (Choose TWO) + - A. Protects customers by performing periodic security checks on listed products. + - B. Per-second billing. + - C. Provides cheaper options for purchasing Amazon EC2 on-demand instances. + - D. Provides flexible pricing options that suit most customer needs. + - E. Provides software solutions that run on AWS or any other Cloud vendor. +
Answer + Correct answer: A, D
-29. What is the benefit of elasticity in the AWS Cloud? - - A. Ensure web traffic is automatically spread across multiple AWS Regions. - - B. Minimize storage costs by automatically archiving log data. - - C. Enable AWS to automatically select the most cost-effective services. - - D. Automatically adjust the required compute capacity to maintain consistent performance. - -
Answer - - Correct Answer: D - - Explanation: +29. What is the benefit of Amazon EBS volumes being automatically replicated within the same availability zone? + - A. Elasticity. + - B. Durability. + - C. Traceability. + - D. Accessibility. +
Answer + Correct answer: B
-30. The continual reduction of AWS Cloud pricing is due to: - - A. pay-as-you go pricing - - B. the AWS global infrastructure - - C. economies of scale - - D. reserved storage pricing - -
Answer - - Correct Answer: C +30. You are planning to launch an advertising campaign over the coming weekend to promote a new digital product. It is expected that there will be heavy spikes in load during the campaign period, and you can’t afford any downtime. You need additional compute resources to handle the additional load. What is the most cost-effective EC2 instance purchasing option for this job? + - A. Savings Plans. + - B. Spot Instances. + - C. Reserved Instances. + - D. On-Demand Instances. +
Answer + Correct answer: D
-31. A company needs an Amazon S3 bucket that cannot have any public objects due to compliance requirements.
How can this be accomplished? - - A. Enable S3 Block Public Access from the AWS Management Console. - - B. Hold a team meeting to discuss the importance if only uploading private S3 objects. - - C. Require all S3 objects to be manually approved before uploading. - - D. Create a service to monitor all S3 uploads and remove any public uploads. - -
Answer - - Correct Answer: A - - Explanation: +31. Which of the following AWS services integrates with AWS Shield and AWS Web Application Firewall (AWS WAF) to protect against network and application layer DDoS attacks? + - A. Amazon EFS. + - B. AWS Secrets Manager. + - C. AWS Systems Manager. + - D. Amazon CloudFront. +
Answer + Correct answer: D
-32. A Cloud Practitioner identifies a billing issue after examining the AWS Cost and Usage report in the AWS Management Console.
Which action can be taken to resolve this? - - A. Open a detailed case related to billing and submit it to AWS Support for help. - - B. Upload data describing the issue to a new object in a private Amazon S3 bucket. - - C. Create a pricing application and deploy it to a right-sized Amazon EC2 instance for more information. - - D. Proceed with creating a new dashboard in Amazon QuickSight. - -
Answer - - Correct Answer: A - - Explanation: < https://docs.aws.amazon.com/awssupport/latest/user/case-management.html> +32. Which of the following services is used when encrypting EBS volumes? + - A. AWS WAF. + - B. AWS KMS. + - C. Amazon Macie. + - D. Amazon GuardDuty. +
Answer + Correct answer: B
-33. What does the AWS Simple Monthly Calculator do? - - A. Compares on-premises costs to colocation environments - - B. Estimates monthly billing based on projected usage - - C. Estimates power consumption at existing data centers - - D. Estimates CPU utilization - -
Answer - - Correct Answer: B - - Explanation: +33. The AWS account administrator of your company has been fired. With the permissions granted to him as an administrator, he was able to create multiple IAM user accounts and access keys. Additionally, you are not sure whether he has access to the AWS root account or not. What should you do immediately to protect your AWS infrastructure? (Choose TWO) + - A. Download all the attached policies in a safe place. + - B. Delete all IAM accounts and recreate them. + - C. Use the CloudWatch service to check all API calls that have been made in your account since the administrator was fired. + - D. Rotate all access keys. + - E. Change the email address and password of the root user account and enable MFA. +
Answer + Correct answer: D, E
-34. Who is responsible for patching the guest operating system for Amazon RDS? - - A. The AWS Product team - - B. The customer Database Administrator - - C. Managed partners - - D. AWS Support - -
Answer - - Correct Answer: B - - Explanation: +34. What is the Amazon ElastiCache service used for? (Choose TWO) + - A. Provide an in-memory data storage service. + - B. Reduce delivery costs using Edge Locations. + - C. Improve web application performance. + - D. Provide a Chef-compatible cache to speed up application response. + - E. Distribute requests to multiple instances. +
Answer + Correct answer: A, C
-35. Which AWS services may be scaled using AWS Auto Scaling? (Choose two.) - - A. Amazon EC2 - - B. Amazon DynamoDB - - C. Amazon S3 - - D. Amazon Route 53 - - E. Amazon Redshift - -
Answer - - Correct Answer: AB - - Explanation: +35. The elasticity of the AWS Cloud enables customers to save costs when compared to traditional hosting providers. What can AWS customers do to benefit from the elasticity of the AWS Cloud? (Choose TWO) + - A. Deploy your resources across multiple Availability Zones. + - B. Use Amazon EC2 Auto Scaling. + - C. Deploy your resources in another region. + - D. Use Elastic Load Balancing. + - E. Use Serverless Computing whenever possible. +
Answer + Correct answer: B, E
-36. Which of the following are benefits of AWS Global Accelerator? (Choose two.) - - A. Reduced cost to run services on AWS - - B. Improved availability of applications deployed on AWS - - C. Higher durability of data stored on AWS - - D. Decreased latency to reach applications deployed on AWS - - E. Higher security of data stored on AWS - -
Answer - - Correct Answer: BD - - Explanation: +36. What are some of the benefits of using On-Demand EC2 instances? (Choose TWO) + - A. They provide free capacity when testing your new applications. + - B. They are cheaper than all other EC2 options. + - C. They remove the need to buy “safety net” capacity to handle periodic traffic spikes. + - D. They only require 1-2 days for setup and configuration. + - E. You can increase or decrease your compute capacity depending on the demands of your application. +
Answer + Correct answer: C, E
-37. A user who wants to get help with billing and reactivate a suspended account should submit an account and billing request to: - - A. the AWS Support forum - - B. AWS Abuse - - C. an AWS Solutions Architect - - D. AWS Support - -
Answer - - Correct Answer: D - - Explanation: +37. Each AWS Region is composed of multiple Availability Zones. Which of the following best describes what an Availability Zone is? + - A. It is a data center designed to be completely isolated from other data centers in the same region. + - B. It is a collection of data centers distributed in multiple countries. + - C. It is a logically isolated network of the AWS Cloud. + - D. It is a distinct location within a region that is insulated from « failures in other Availability Zones. +
Answer + Correct answer: D
-38. Which AWS Cloud best practice uses the elasticity and agility of cloud computing? - - A. Provision capacity based on past usage and theoretical peaks - - B. Dynamically and predictively scale to meet usage demands - - C. Build the application and infrastructure in a data center that grants physical access - - D. Break apart the application into loosely coupled components - -
Answer - - Correct Answer: B - - Explanation: - - In a traditional computing environment, you provision capacity based on an estimate of a theoretical maximum peak. - - This can result in periods where expensive resources are sitting idle or occasions of insufficient capacity. - - With cloud computing, you can access as much or as little capacity as you need and dynamically scale to meet actual demand, while only paying for what you use. +38. AWS provides disaster recovery capability by allowing customers to deploy infrastructure into multiple [...]. + - A. Regions. + - B. Transportation devices. + - C. Support plans. + - D. Edge locations. +
Answer + Correct answer: A
-39. Which method helps to optimize costs of users moving to the AWS Cloud? - - A. Paying only for what is used - - B. Purchasing hardware before it is needed - - C. Manually provisioning cloud resources - - D. Purchasing for the maximum possible load - -
Answer - - Correct Answer: A - - Explanation: +39. A financial services company decides to migrate one of its applications to AWS. The application deals with sensitive data, such as credit card information, and must run on a PCI-compliant environment. Which of the following is the company’s responsibility when building a PCI-compliant environment in AWS? (Choose TWO) + - A. Start the migration process immediately as all AWS services are PCI compliant. + - B. Ensure that AWS services are configured properly to meetall PCI DSS standards. + - C. Restrict any access to cardholder data and create a policy that addresses information security for all personnel. + - D. Configure the underlying infrastructure of AWS services to meet all PCI DSS requirements. + - E. Ensure that all PCI DSS physical security requirements are met. +
Answer + Correct answer: B, C
-40. Under the AWS shared responsibility model, which of the following is a customer responsibility? - - A. Installing security patches for the Xen and KVM hypervisors - - B. Installing operating system patches for Amazon DynamoDB - - C. Installing operating system security patches for Amazon EC2 database instances - - D. Installing operating system security patches for Amazon RDS database instances - -
Answer - - Correct Answer: C - - Explanation: +40. What is the maximum amount of data that can be stored in S3 in a single AWS account? + - A. 100 PetaBytes. + - B. Virtually unlimited storage. + - C. 5TeraBytes. + - D. 10 Exabytes. +
Answer + Correct answer: B
-41. The AWS Cost Management tools give users the ability to do which of the following? (Choose two.) - - A. Terminate all AWS resources automatically if budget thresholds are exceeded. - - B. Break down AWS costs by day, service, and linked AWS account. - - C. Create budgets and receive notifications if current of forecasted usage exceeds the budgets. - - D. Switch automatically to Reserved Instances or Spot Instances, whichever is most cost-effective. - - E. Move data stored in Amazon S3 to a more cost-effective storage class. - -
Answer - - Correct Answer: CD +41. Which pillar of the AWS Well-Architected Framework provides recommendations to help customers select the right compute resources based on workload requirements? + - A. Operational Excellence. + - B. Security. + - C. Performance Efficiency. + - D. Reliability. +
Answer + Correct answer: C
-42. Under the AWS shared responsibility model, the security and patching of the guest operating system is the responsibility of: - - A. AWS Support - - B. the customer - - C. AWS Systems Manager - - D. AWS Config - -
Answer - - Correct Answer: B - - Explanation: +42. Which AWS service delivers data, videos, applications, and APIs to users globally with low latency and high transfer speeds? + - A. Amazon Route 53. + - B. Amazon Connect. + - C. Amazon CloudFront. + - D. Amazon EC2. +
Answer + Correct answer: B
-43. Which AWS service makes it easy to create and manage AWS users and groups, and provide them with secure access to AWS resources at no charge? - - A. AWS Direct Connect - - B. Amazon Connect - - C. AWS Identity and Access Management (IAM) - - D. AWS Firewall Manager - -
Answer - - Correct Answer: C - - Explanation: - - - - +43. Which of the following steps should be taken by a customer when conducting penetration testing on AWS? + - A. Conduct penetration testing using Amazon Inspector, and then notify AWS support. + - B. Request and wait for approval from the customer’s internal security team, and then conduct testing. + - C. Notify AWS support, and then conduct testing immediately. + - D. Request and wait for approval from AWS support, and then conduct testing. +
Answer + Correct answer: B
-44. Which AWS service provides on-demand of AWS security and compliance documentation? - - A. AWS Directory Service - - B. AWS Artifact - - C. AWS Trusted Advisor - - D. Amazon Inspector - -
Answer - - Correct Answer: B - - Explanation: . +44. Which AWS Cost Management tool allows you to view the most granular data about your AWS bill? + - A. AWS Cost Explorer. + - B. AWS Budgets. + - C. AWS Cost and Usage report. + - D. AWS Billing dashboard. +
Answer + Correct answer: C
-45. Which AWS service can be used to turn text into life-like speech? - - A. Amazon Polly - - B. Amazon Transcribe - - C. Amazon Rekognition - - D. Amazon Lex - -
Answer - - Correct Answer: A - - Explanation: . +45. Which element of the AWS global infrastructure consists of one or more discrete data centers each with redundant power networking and connectivity which are housed in separate facilities? + - A. AWS Regions. + - B. Availability Zones. + - C. Edge locations. + - D. Amazon CloudFront. +
Answer + Correct answer: B
-46. What is one of the core principles to follow when designing a highly available application in the AWS Cloud? - - A. Design using a serverless architecture - - B. Assume that all components within an application can fail - - C. Design AWS Auto Scaling into every application - - D. Design all components using open-source code - -
Answer - - Correct Answer: B +46. How many Availability Zones should compute resources be provisioned across to achieve high availability? + - A. A minimum of one. + - B. A minimum of two. + - C. A minimum of three. + - D. A minimum of four or more. +
Answer + Correct answer: B
-47. A user needs to generate a report that outlines the status of key security checks in an AWS account. The report must include: -
(The status of Amazon S3 bucket permissions, Whether multi-factor authentication is enabled for the AWS account root user, If any security groups are configured to allow unrestricted access.)
Where can all this information be found in one location? - - A. Amazon QuickSight dashboard - - B. AWS CloudTrail trails - - C. AWS Trusted Advisor report - - D. IAM credential report - -
Answer - - Correct Answer: C - - Explanation: - #Security +47. The AWS Cloud’s multiple Regions are an example of: + - A. Agility. + - B. Global infrastructure. + - C. Elasticity. + - D. Pay-as-you-go pricing. +
Answer + Correct answer: B
-48. Which Amazon EC2 pricing model should be used to comply with per-core software license requirements? - - A. Dedicated Hosts - - B. On-Demand Instances - - C. Spot Instances - - D. Reserved Instances - -
Answer - - Correct Answer: A - - Explanation: +48. Which AWS service can be used to manually launch instances based on resource requirements? + - A. Amazon EBS. + - B. Amazon S3. + - C. Amazon EC2. + - D. Amazon ECS. +
Answer + Correct answer: C
-49. Which of the AWS global infrastructure is used to cache copies of content for faster delivery to users across the globe? - - A. AWS Regions - - B. Availability Zones - - C. Edge locations - - D. Data centers - -
Answer - - Correct Answer: C - - Explanation: - - When your web traffic is geo-dispersed, it's not always feasible and certainly not cost effective to replicate your entire infrastructure across the globe. - - A CDN provides you the ability to utilize its global network of edge locations to deliver a cached copy of web content such as videos, webpages, images and so on to your customers. - - To reduce response time, the CDN utilizes the nearest edge location to the customer or originating request location in order to reduce the response time. - - Throughput is dramatically increased given that the web assets are delivered from cache. - - For dynamic data, many CDNs can be configured to retrieve data from the origin servers. - - Reference: +49. Which is a recommended pattern for designing a highly available architecture on AWS? + - A. Ensure that components have low-latency network connectivity. + - B. Run enough Amazon EC2 instances to operate at peak load. + - C. Ensure that the application is designed to accommodate failure of any single component. + - D. Use a monolithic application that handles all operations. +
Answer + Correct answer: C
-50. Using AWS Config to record, audit, and evaluate changes to AWS resources to enable traceability is an example of which AWS Well-Architected Framework pillar? - - A. Security - - B. Operational excellence - - C. Performance efficiency - - D. Cost optimization - -
Answer - - Correct Answer: A - - Explanation: +50. Which AWS characteristics make AWS cost effective for a workload with dynamic user demand? (Select TWO) + - A. High availability. + - B. Shared security model. + - C. Elasticity. + - D. Pay-as-you-go pricing. + - E. Reliability. +
Answer + Correct answer: C, D
Please feel free to comment below if any information is inaccurate or if any answers need correction. diff --git a/practice-exam/practice-exam-9.md b/practice-exam/practice-exam-9.md index 96ace5e..a2ea1ab 100644 --- a/practice-exam/practice-exam-9.md +++ b/practice-exam/practice-exam-9.md @@ -6,692 +6,515 @@ If this practice exam has been helpful to you please share it with others and re --- -1. A user needs to quickly deploy a non-relational database on AWS. The user does not want to manage the underlying hardware or the database software.
Which AWS service can be used to accomplish this? - - A. Amazon RDS - - B. Amazon DynamoDB - - C. Amazon Aurora - - D. Amazon Redshift - -
Answer - - Correct Answer: B - - Explanation: +1. An administrator needs to rapidly deploy a popular IT solution and start using it immediately. Where can the administrator find assistance? + - A. AWS Well-Architected Framework documentation. + - B. Amazon CloudFront. + - C. AWS CodeCommit. + - D. AWS Quick Start reference deployments. +
Answer + Correct answer: D
-2. A Cloud Practitioner is developing a disaster recovery plan and intends to replicate data between multiple geographic areas.
Which of the following meets these requirements? - - A. AWS Accounts - - B. AWS Regions - - C. Availability Zones - - D. Edge locations - -
Answer - - Correct Answer: B - - Explanation: +2. What is one of the advantages of the Amazon Relational Database Service (Amazon RDS)? + - A. It simplifies relational database administration tasks. + - B. It provides 99.99999999999% reliability and durability. + - C. It automatically scales databases for loads. + - D. It enabled users to dynamically adjust CPU and RAM resources. +
Answer + Correct answer: A
-3. Which features and benefits does the AWS Organizations service provide? (Choose two.) - - A. Establishing real-time communications between members of an internal team - - B. Facilitating the use of NoSQL databases - - C. Providing automated security checks - - D. Implementing consolidated billing - - E. Enforcing the governance of AWS accounts - -
Answer - - Correct Answer: DE - - Explanation: +3. Which of the following AWS Cloud services can be used to run a customer-managed relational database? + - A. Amazon EC2. + - B. Amazon Route 53. + - C. Amazon ElastiCache. + - D. Amazon DynamoDB. +
Answer + Correct answer: A
-4. Which AWS service is used to automate configuration management using Chef and Puppet? - - A. AWS Config - - B. AWS OpsWorks - - C. AWS CloudFormation - - D. AWS Systems Manager - -
Answer - - Correct Answer: B - - Explanation: +4. A user is planning to launch two additional Amazon EC2 instances to increase availability. Which action should the user take? + - A. Launch the instances across multiple Availability Zones in a single AWS Region. + - B. Launch the instances as EC2 Reserved Instances in the same AWS Region and the same Availability Zone. + - C. Launch the instances in multiple AWS Regions but in the same Availability Zone. + - D. Launch the instances as EC2 Spot Instances in the same AWS Region but in different Availability Zones. +
Answer + Correct answer: A
-5. Which tool is best suited for combining the billing of AWS accounts that were previously independent from one another? - - A. Detailed billing report - - B. Consolidated billing - - C. AWS Cost and Usage report - - D. Cost allocation report - -
Answer - - Correct Answer: B - - Explanation: +5. Which of the following can limit Amazon Storage Service (Amazon S3) bucket access to specific users? + - A. A public and private key-pair. + - B. Amazon Inspector. + - C. AWS Identity and Access Management (IAM) policies. + - D. Security Groups. +
Answer + Correct answer: C
-6. The AWS Total Cost of Ownership (TCO) Calculator is used to: - - A. receive reports that break down AWS Cloud compute costs by duration, resource, or tags - - B. estimate savings when comparing the AWS Cloud to an on-premises environment - - C. estimate a monthly bill for the AWS Cloud resources that will be used - - D. enable billing alerts to monitor actual AWS costs compared to estimated costs - -
Answer - - Correct Answer: B - - Explanation: +6. Which AWS service allows companies to connect an Amazon VPC to an on-premises data center? + - A. AWS VPN. + - B. Amazon Redshift. + - C. API Gateway. + - D. Amazon Direct Connect. +
Answer + Correct answer: A
-7. Which AWS services can be used to provide network connectivity between an on-premises network and a VPC? (Choose two.) - - A. Amazon Route 53 - - B. AWS Direct Connect - - C. AWS Data Pipeline - - D. AWS VPN - - E. Amazon Connect - -
Answer - - Correct Answer: BD - - Explanation: +7. Which AWS service of feature can be used to monitor CPU usage? + - A. AWS CloudTrail. + - B. VPC Flow Logs. + - C. Amazon CloudWatch. + - D. AWSConfig. +
Answer + Correct answer: C
-8. Under the AWS shared responsibility model, which of the following are customer responsibilities? (Choose two.) - A. Setting up server-side encryption on an Amazon S3 bucket - - B. Amazon RDS instance patching - - C. Network and firewall configurations - - D. Physical security of data center facilities - - E. Compute capacity availability - -
Answer - - Correct Answer: AC - - Explanation: +8. Which task is AWS responsible for in the shared responsibility model for security and compliance? + - A. Granting access to individuals and services. + - B. Encrypting data in transit. + - C. Updating Amazon EC2 host firmware. + - D. Updating operating systems. +
Answer + Correct answer: C
-9. What is the MINIMUM AWS Support plan level that will provide users with access to the AWS Support API? - - A. Developer - - B. Enterprise - - C. Business - - D. Basic - -
Answer - - Correct Answer: C - - Explanation: +9. Which of the following security-related actions are available at no cost? + - A. Calling AWS Support. + - B. Contacting AWS Professional Services to request a workshop. + - C. Accessing forums, blogs, and whitepapers. + - D. Attending AWS classes at a local university. +
Answer + Correct answer: C
-10. A company has deployed several relational databases on Amazon EC2 instances. Every month, the database software vendor releases new security patches that need to be applied to the databases.
What is the MOST efficient way to apply the security patches? - - A. Connect to each database instance on a monthly basis, and download and apply the necessary security patches from the vendor. - - B. Enable automatic patching for the instances using the Amazon RDS console. - - C. In AWS Config, configure a rule for the instances and the required patch level. +10. Which storage service can be used as a low-cost option for hosting static websites? + - A. Amazon Glacier. + - B. Amazon DynamoDB. + - C. Amazon Elastic File System (Amazon EFS). + - D. Amazon Simple Storage Service (Amazon S3). + +
Answer + Correct answer: D +
+ +11. According to the AWS shared responsibility model what is the sole responsibility of AWS? + - A. Application security. + - B. Edge location management. + - C. Patch management. + - D. Client-side data. + +
Answer + Correct answer: B +
+ +12. Which of the following are pillars of the AWS Well-Architected Framework? (Select TWO) + - A. Multiple Availability Zones. + - B. Performance efficiency. + - C. Security. + - D. Encryption usage. + - E. High availability. + +
Answer + Correct answer: C, D +
+ +13. Which AWS service identifies security groups that allow unrestricted access to a user’s AWS resources? + - A. AWS Trusted Advisor. + - B. Amazon Inspector. + - C. Amazon CloudWatch. + - D. AWS CloudTrail. + +
Answer + Correct answer: A +
+ +14. Which design principles for cloud architecture are recommended when re-architecting a large monolithic application? (Select TWO) + - A. Use manual monitoring. + - B. Use fixed servers. + - C. Implement loose coupling. + - D. Rely on individual components. + - E. Design for scalability. + +
Answer + Correct answer: C, E +
+ +15. When architecting cloud applications, which of the following are a key design principle? + - A. Use the largest instance possible. + - B. Provision capacity for peak load. + - C. Use the Scrum development process. + - D. Implement elasticity. + +
Answer + Correct answer: D +
+ +16. A company has deployed several relational databases on Amazon EC2 instances Every month the database software vendor releases new security patches that need to be applied to the databases. What is the MOST efficient way to apply the security patches? + - A. Connect to each database instance on a monthly basis and download and apply the necessary security patches from the vendor. + - B. Enable automate patching for the instances using the Amazon RDS console. + - C. In AWS Config. configure a rule for the instances and the required patch level. - D. Use AWS Systems Manager to automate database patching according to a schedule. -
Answer - - Correct Answer: B - - Explanation: - +
Answer + Correct answer: D
-11. A company wants to use Amazon Elastic Compute Cloud (Amazon EC2) to deploy a global commercial application. The deployment solution should be built with the highest redundancy and fault tolerance.
Based on this situation, the Amazon EC2 instances should be deployed: - - A. in a single Availability Zone in one AWS Region - - B. with multiple Elastic Network Interfaces belonging to different subnets - - C. across multiple Availability Zones in one AWS Region - - D. across multiple Availability Zones in two AWS Regions - -
Answer - - Correct Answer: C - - Explanation: +17. Which mechanism allows developers lo access AWS sendees from application code? + - A. AWS Software Development Kit. + - B. AWS Management Console. + - C. AWS CodePipeline. + - D. AWS Config. +
Answer + Correct answer: A
-12. A company has an application with users in both Australia and Brazil. All the company infrastructure is currently provisioned in the Asia Pacific (Sydney) Region in Australia, and Brazilian users are experiencing high latency.
What should the company do to reduce latency? - - A. Implement AWS Direct Connect for users in Brazil - - B. Provision resources in the South America (São Paulo) Region in Brazil. - - C. Use AWS Transit Gateway to quickly route users from Brazil to the application - - D. Launch additional Amazon EC2 instances in Sydney to handle the demand - -
Answer - - Correct Answer: B - - Explanation: +18. Which AWS feature will reduce the customer’s total cost of ownership (TCO)? + - A. Shared responsibility security model. + - B. Single tenancy. + - C. Elastic computing. + - D. Encryption. +
Answer + Correct answer: A
-13. An Amazon EC2 instance runs only when needed yet must remain active for the duration of the process.
What is the most appropriate purchasing option? - - A. Dedicated Instances - - B. Spot Instances - - C. On-Demand Instances - - D. Reserved Instances - -
Answer - - Correct Answer: C +19. Which of the following is a benefit of using the AWS Cloud? + - A. Permissive security removes the administrative burden. + - B. Ability to focus on revenue-generating activities. + - C. Control over cloud network hardware. + - D. Choice of specific cloud hardware vendors. +
Answer + Correct answer: B
-14. Which AWS dashboard displays relevant and timely information to help users manage events in progress, and provides proactive notifications to help plan for scheduled activities? - - A. AWS Service Health Dashboard - - B. AWS Personal Health Dashboard - - C. AWS Trusted Advisor dashboard - - D. Amazon CloudWatch dashboard - -
Answer - - Correct Answer: B - - Explanation: +20. Which of the following are categories of AWS Trusted Advisor? (Select TWO) + - A. Fault Tolerance. + - B. Instance Usage. + - C. Infrastructure. + - D. Performance. + - E. Storage Capacity. +
Answer + Correct answer: A, D
-15. Which AWS hybrid storage service enables a user's on-premises applications to seamlessly use AWS Cloud storage? - - A. AWS Backup - - B. Amazon Connect - - C. AWS Direct Connect - - D. AWS Storage Gateway - -
Answer - - Correct Answer: D - - Explanation: +21. What is Amazon CloudWatch? + - A. A code repository with customizable build and team commit features. + - B. A metrics repository with customizable notification thresholds and channels. + - C. A security configuration repository with threat analytics. + - D. A rule repository of a web application firewall with automated vulnerability prevention features. +
Answer + Correct answer: B
-16. Which of the following acts as a virtual firewall at the Amazon EC2 instance level to control traffic for one or more instances? - - A. Access keys - - B. Virtual private gateways - - C. Security groups - - D. Access Control Lists (ACL) - -
Answer - - Correct Answer: C - - Explanation: +22. Under the AWS shared responsibility model, which of the following activities are the customer’s responsibility? (Select TWO) + - A. Patching operating system components for Amazon Relational Database Server (Amazon RDS). + - B. Encrypting data on the client-side. + - C. Training the data center staff. + - D. Configuring Network Access Control Lists (ACL). + - E. Maintaining environmental controls within a data center. +
Answer + Correct answer: B, D
-17. What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions? - - A. Use AWS Direct Connect - - B. Use AWS VPN - - C. Use AWS Client VPN - - D. Use an AWS Transit Gateway - -
Answer - - Correct Answer: D - - Explanation: +23. Under the shared responsibility model, which of the following is a shared control between a customer and AWS? + - A. Physical controls. + - B. Patch management. + - C. Zone security. + - D. Data center auditing. +
Answer + Correct answer: B
-18. Which AWS Support plan provides access to architectural and operational reviews, as well as 24/7 access to Senior Cloud Support Engineers through email, online chat, and phone? - - A. Basic - - B. Business - - C. Developer - - D. Enterprise - -
Answer - - Correct Answer: D - - Explanation: +24. Which AWS service is used to pay AWS bills, and monitor usage and budget costs? + - A. AWS Billing and Cost Management. + - B. Consolidated billing. + - C. Amazon CloudWatch. + - D. Amazon GuickStght. +
Answer + Correct answer: B
-19. Which AWS service or feature helps restrict the AWS services, resources, and individual API actions the users and roles in each member account can access? - - A. Amazon Cognito - - B. AWS Organizations - - C. AWS Shield - - D. AWS Firewall Manager - -
Answer - - Correct Answer: B - - Explanation: +25. How do customers benefit from Amazon’s massive economies of scale? + - A. Periodic price reductions as the result of Amazon’s operational efficiencies. + - B. New Amazon EC2 instance types providing the latest hardware. + - C. The ability to scale up and down when needed. + - D. Increased reliability in the underlying hardware of Amazon EC2 instances. +
Answer + Correct answer: C
-20. What is the best resource for a user to find compliance-related information and reports about AWS? - - A. AWS Artifact - - B. AWS Marketplace - - C. Amazon Inspector - - D. AWS Support - -
Answer - - Correct Answer: A - - Explanation: +26. Which AWS feature allows a company to take advantage of usage tiers for services across multiple member accounts? + - A. Service control policies (SCPs). + - B. Consolidated billing. + - C. All Upfront Reserved Instances. + - D. AWS Cost Explorer. +
Answer + Correct answer: B
-21. Which Amazon S3 storage class is optimized to provide access to data with lower resiliency requirements, but rapid access when needed such as duplicate backups? - - A. Amazon S3 Standard - - B. Amazon S3 Glacier Deep Archive - - C. Amazon S3 One Zone-Infrequent Access - - D. Amazon S3 Glacier - -
Answer - - Correct Answer: C - - Explanation: +27. Which AWS services provide a way to extend an on-premises architecture to the aws cloud? (Select TWO) + - A. Amazon EBS. + - B. Amazon Connect. + - C. AWS Storage Gateway AWS CLOUD PRACTITIONER DUMPS. + - D. Amazon CloudFront. + - E. AWS Direct Connect. +
Answer + Correct answer: B, D
-22. What is an Availability Zone in AWS? - - A. One or more physical data centers - - B. A completely isolated geographic location - - C. One or more edge locations based around the world - - D. A data center location with a single source of power and networking - -
Answer - - Correct Answer: A - - Explanation: +28. Which of the following services will automatically scale with an expected increase in web traffic? + - A. AWS CodePipeline. + - B. Elastic Load Balancing. + - C. Amazon EBS. + - D. AWS Direct Connect. +
Answer + Correct answer: B
-23. Which AWS services can be used as infrastructure automation tools? (Choose two.) - - A. AWS CloudFormation - - B. Amazon CloudFront - - C. AWS Batch - - D. AWS OpsWorks - - E. Amazon QuickSight - -
Answer - - Correct Answer: AD - - Explanation: +29. Which service provides a virtually unlimited amount of online highly durable object storage? + - A. Amazon Redshift. + - B. Amazon Elastic File System (Amazon EFS). + - C. Amazon Elastic Container Service (Amazon ECS). + - D. Amazon S3. +
Answer + Correct answer: D
-24. Which AWS service enables users to create copies of resources across AWS Regions? - - A. Amazon ElastiCache - - B. AWS CloudFormation - - C. AWS CloudTrail - - D. AWS Systems Manager - -
Answer - - Correct Answer: B - - Explanation: +30. Which AWS feature should a customer leverage to achieve high availability of an application? + - A. AWS Direct Connect. + - B. Availability Zones. + - C. Data centers. + - D. Amazon Virtual Private Cloud (Amazon VPC). +
Answer + Correct answer: B
-25. A user would like to encrypt data that is received, stored, and managed by AWS CloudTrail.
Which AWS service will provide this capability? - - A. AWS Secrets Manager - - B. AWS Systems Manager - - C. AWS Key Management Service (AWS KMS) - - D. AWS Certificate Manager - -
Answer - - Correct Answer: C - - Explanation: +31. Which AWS service or feature can enhance network security by blocking requests from a particular network for a web application on AWS? (Select TWO) + - A. AWS WAF. + - B. AWS Trusted Advisor. + - C. AWS Direct Connect. + - D. AWS Organizations. + - E. Network ACLs. +
Answer + Correct answer: A, C
-26. Which AWS Cloud benefit eliminates the need for users to try estimating future infrastructure usage? - - A. Easy and fast deployment of applications in multiple Regions around the world - - B. Security of the AWS Cloud - - C. Elasticity of the AWS Cloud - - D. Lower variable costs due to massive economies of scale - -
Answer - - Correct Answer: C +32. Which of the following is a cloud architectural design principle? + - A. Scale up not out. + - B. Loosely couple components. + - C. Build monolithic systems. + - D. Use commercial database software. +
Answer + Correct answer: B
-27. What credential components are required to gain programmatic access to an AWS account? (Choose two.) - - A. An access key ID - - B. A primary key - - C. A secret access key - - D. A user ID - - E. A secondary key - -
Answer - - Correct Answer: AC - - Explanation: +33. Which service enables risk auditing by continuously monitoring and logging account activity, including user actions in the AWS Management Console and AWS SDKs? + - A. Amazon CloudWatch. + - B. AWS CloudTrail. + - C. AWS Config. + - D. AWS Health. +
Answer + Correct answer: B
-28. Which of the following are AWS compute services? (Select two.) - - A. Amazon Lightsail - - B. AWS Systems Manager - - C. AWS CloudFormation - - D. AWS Batch - - E. Amazon Inspector - -
Answer - - Correct Answer: AD - - Explanation: +34. Where can AWS compliance and certification reports be downloaded? + - A. AWS Artifact. + - B. AWS Concierge. + - C. AWS Certificate Manager. + - D. AWS Trusted Advisor. +
Answer + Correct answer: A
-29. How can a company separate costs for network traffic, Amazon EC2, Amazon S3, and other AWS services by department? - - A. Add department-specific tags to each resource - - B. Create a separate VPC for each department - - C. Create a separate AWS account for each department - - D. Use AWS Organizations - -
Answer - - Correct Answer: A - - Explanation: +35. The financial benefits of using AWS are: (Select TWO) + - A. Reduced Total Cost of Ownership (TCO). + - B. Increased capital expenditure (capex). + - C. Reduced operational expenditure ( opex ). + - D. Deferred payment plans for startups. + - E. Business credit lines for stratups. +
Answer + Correct answer: A, D
-30. What is a benefit of consolidated billing for AWS accounts? - - A. Access to AWS Personal Health Dashboard - - B. Combined usage volume discounts - - C. Improved account security - - D. Centralized AWS IAM - -
Answer - - Correct Answer: B - - Explanation: +36. Which AWS service can serve a static website? + - A. Amazon S3. + - B. Amazon Route 53. + - C. Amazon QuickSight. + - D. AWS X-Ray. +
Answer + Correct answer: A
-31. Which AWS service will allow a user to set custom cost and usage limits, and will alert when the thresholds are exceeded? - - A. AWS Organizations - - B. AWS Budgets - - C. Cost Explorer - - D. AWS Trusted Advisor - -
Answer - - Correct Answer: B - - Explanation: +37. What are the benefits of using the AWS Cloud for companies with customers in many countries around the world (Select TWO) + - A. Companies can deploy applications in multiple AWS Regions to reduce latency. + - B. Amazon Translate automatically translates third-party website interfaces into multiple languages. + - C. Amazon CloudFront has multiple edge locations around the world to reduce latency. + - D. Amazon Comprehend allows users to build applications that can respond to user requests in many languages. + - E. Elastic Load Balancing can distribute application web traffic to multiple AWS Regions around the world which reduces latency. +
Answer + Correct answer: A, C
-32. Which AWS service provides the ability to detect inadvertent data leaks of personally identifiable information (PII) and user credential data? - - A. Amazon GuardDuty - - B. Amazon Inspector - - C. Amazon Macie - - D. AWS Shield - -
Answer - - Correct Answer: C - - Explanation: +38. Which of the following are main components of the AWS global infrastructure? (Select TWO) + - A. Resource groups. + - B. Availability Zones. + - C. Security groups. + - D. Regions. + - E. Amazon Machine Images (AMIS). +
Answer + Correct answer: B, E
-33. Which tool can be used to monitor AWS service limits? - - A. AWS Total Cost of Ownership (TCO) Calculator - - B. AWS Trusted Advisor - - C. AWS Personal Health Dashboard - - D. AWS Cost and Usage report - -
Answer - - Correct Answer: B - - Explanation: +39. What is the AWS customer responsible for according to the AWS shared responsibility model? + - A. Physical access controls. + - B. Data encryption. + - C. Secure disposal of storage devices. + - D. Environmental risk management. +
Answer + Correct answer: B
-34. A company has distributed its workload on both the AWS Cloud and some on-premises servers.
What type of architecture is this? - - A. Virtual private network - - B. Virtual private cloud - - C. Hybrid cloud - - D. Private cloud - -
Answer - - Correct Answer: C - - Explanation: +40. If each department within a company has its own AWS account, what is one way to enable consolidated billing? + - A. Use AWS Budgets on each account to pay only to budget. + - B. Contact AWS Support for a monthly bill. + - C. Create an AWS Organization from the payer account and invite the other accounts to join. + - D. Put all invoices into one Amazon Simple Storage Service (Amazon S3) bucket, load data into Amazon Redshift, and then run a billing report. +
Answer + Correct answer: C
-35. Which of the following describes a security best practice that can be implemented using AWS IAM? - - A. Disable AWS Management Console access for all users - - B. Generate secret keys for every IAM user - - C. Grant permissions to users who are required to perform a given task only - - D. Store AWS credentials within Amazon EC2 instances - -
Answer - - Correct Answer: C - - Explanation: +41. What costs are included when comparing AWS Total Cost of Ownership (TCO) with on-premises TCO? + - A. Project management. + - B. Antivirus software licensing. + - C. Data center security. + - D. Software development. +
Answer + Correct answer: A
-36. What can be used to automate and manage secure, well-architected, multi-account AWS environments? - - A. AWS shared responsibility model - - B. AWS Control Tower - - C. AWS Security Hub - - D. AWS Well-Architected Tool - -
Answer - - Correct Answer: B - - Explanation: - - Control Tower automates the process of setting up a new baseline multi-account AWS environment that is secure, well-architected, and ready to use. - - Control Tower incorporates the knowledge that AWS Professional Service has gained over the course of thousands of successful customer engagements. - - Reference: +42. What is the benefit of using AWS managed services, such as Amazon ElastiCache and Amazon Relational Database Service (Amazon RDS)? + - A. They require the customer to monitor and replace failing instances. + - B. They have better performance than customer-managed services. + - C. They simplify patching and updating underlying OSs. + - D. They do not require the customer to optimize instance type or size selections. +
Answer + Correct answer: C
-37. Which AWS service or feature allows a user to easily scale connectivity among thousands of VPCs? - - A. VPC peering - - B. AWS Transit Gateway - - C. AWS Direct Connect - - D. AWS Global Accelerator - -
Answer - - Correct Answer: B - - Explanation: +43. Which services can be used across hybrid AWS Cloud architectures? (Select TWO) + - A. Amazon Route 53. + - B. Virtual Private Gateway. + - C. Classic Load Balancer. + - D. Auto Scaling. + - E. Amazon CloudWatch default metrics. +
Answer + Correct answer: A, B
-38. A company needs protection from expanded distributed denial of service (DDoS) attacks on its website and assistance from AWS experts during such events.
Which AWS managed service will meet these requirements? - - A. AWS Shield Advanced - - B. AWS Firewall Manager - - C. AWS WAF - - D. Amazon GuardDuty - -
Answer - - Correct Answer: A - - Explanation: +44. Which statement best describes Elastic Load Balancing? + - A. It translates a domain name into an IP address using DNC. + - B. It distributes incoming application traffic across one or more Amazon EC2 instances. + - C. It collects metrics on connected Amazon EC2 instances. + - D. It automatically adjusts the number of Amazon EC2 instances to support incoming traffic. +
Answer + Correct answer: B
-39. A company's application has flexible start and end times.
Which Amazon EC2 pricing model will be the MOST cost-effective? - - A. On-Demand Instances - - B. Spot Instances - - C. Reserved Instances - - D. Dedicated Hosts - -
Answer - - Correct Answer: B - - Explanation: +45. Which of the following is a fast and reliable NoSQL database service? + - A. Amazon Redshift. + - B. Amazon RDS. + - C. Amazon DynamoDB. + - D. Amazon S3. +
Answer + Correct answer: C
-40. Under the AWS shared responsibility model, what are the customer's responsibilities? (Choose two.) - - A. Physical and environmental security - - B. Physical network devices including firewalls - - C. Storage device decommissioning - - D. Security of data in transit - - E. Data integrity authentication - -
Answer - - Correct Answer: DE +46. Which AWS service would you use to obtain compliance reports and certificates? + - A. AWS Artifact. + - B. AWS Lambda. + - C. Amazon Inspector. + - D. AWS Certificate Manager. +
Answer + Correct answer: A
-41. A cloud practitioner has a data analysis workload that is infrequently executed and can be interrupted without harm. To optimize for cost, which Amazon EC2 purchasing option should be used? - - A. On-Demand Instances - - B. Reserved Instances - - C. Spot Instances - - D. Dedicated Hosts - -
Answer - - Correct Answer: C - - Explanation: +47. Which AWS services are defined as global instead of regional? (Select TWO) + - A. Amazon Route 53. + - B. Amazon EC2. + - C. Amazon S3. + - D. Amazon CloudFront. + - E. Amazon DynamoDB. +
Answer + Correct answer: A, D
-42. Which AWS container service will help a user install, operate, and scale the cluster management infrastructure? - - A. Amazon Elastic Container Registry (Amazon ECR) - - B. AWS Elastic Beanstalk - - C. Amazon Elastic Container Service (Amazon ECS) - - D. Amazon Elastic Block Store (Amazon EBS) - -
Answer - - Correct Answer: C +48. How would an AWS customer easily apply common access controls to a large set of users? + - A. Apply an IAM policy to an IAM group. + - B. Apply an IAM policy to an IAM role. + - C. Apply the same IAM policy to all IAM users with access to the same workload. + - D. Apply an IAM policy to an Amazon Cognito user pool. +
Answer + Correct answer: A
-43. Which of the following allows an application running on an Amazon EC2 instance to securely write data to an Amazon S3 bucket without using long term credentials? - - A. Amazon Cognito - - B. AWS Shield - - C. AWS IAM role - - D. AWS IAM user access key - -
Answer - - Correct Answer: C +49. Which of the following is an important architectural design principle when designing cloud applications? + - A. Use multiple Availability Zones. + - B. Use tightly coupled components. + - C. Use open source software. + - D. Provision extra capacity. +
Answer + Correct answer: A
-44. A company with a Developer-level AWS Support plan provisioned an Amazon RDS database and cannot connect to it.
Who should the developer contact for this level of support? - - A. AWS Support using a support case - - B. AWS Professional Services - - C. AWS technical account manager - - D. AWS consulting partners - -
Answer - - Correct Answer: A - -
- -45. What is the purpose of having an internet gateway within a VPC? - - A. To create a VPN connection to the VPC - - B. To allow communication between the VPC and the Internet - - C. To impose bandwidth constraints on internet traffic - - D. To load balance traffic from the Internet across Amazon EC2 instances - -
Answer - - Correct Answer: B - -
- -46. A company must ensure that its endpoint for a database instance remains the same after a single Availability Zone service interruption. The application needs to resume database operations without the need for manual administrative intervention.
How can these requirements be met? - - A. Use multiple Amazon Route 53 routes to the standby database instance endpoint hosted on AWS Storage Gateway. - - B. Configure Amazon RDS Multi-Availability Zone deployments with automatic failover to the standby. - - C. Add multiple Application Load Balancers and deploy the database instance with AWS Elastic Beanstalk. - - D. Deploy a single Network Load Balancer to distribute incoming traffic across multiple Amazon CloudFront origins. - -
Answer - - Correct Answer: B - -
- -47. Which AWS managed service can be used to distribute traffic between one or more Amazon EC2 instances? - - A. NAT gateway - - B. Elastic Load Balancing - - C. Amazon Athena - - D. AWS PrivateLink - -
Answer - - Correct Answer: B - -
- -48. AWS Trusted Advisor provides recommendations on which of the following? (Choose two.) - - A. Cost optimization - - B. Auditing - - C. Serverless architecture - - D. Performance - - E. Scalability - -
Answer - - Correct Answer: AD - -
- -49. Which of the following tasks can only be performed after signing in with AWS account root user credentials? (Choose two.) - - A. Closing an AWS account - - B. Creating a new IAM policy - - C. Changing AWS Support plans - - D. Attaching a role to an Amazon EC2 instance - - E. Generating access keys for IAM users - -
Answer - - Correct Answer: AC - -
- -50. Fault tolerance refers to: - - A. the ability of an application to accommodate growth without changing design - - B. how well and how quickly an application's environment can have lost data restored - - C. how secure your application is - - D. the built-in redundancy of an application's components - -
Answer - - Correct Answer: B +50. Which service allows a company with multiple AWS accounts to combine its usage to obtain volume discounts? + - A. AWS Server Migration Service. + - B. AWS Organizations. + - C. AWS Budgets. + - D. AWS Trusted Advisor. +
Answer + Correct answer: B
Please feel free to comment below if any information is inaccurate or if any answers need correction. diff --git a/sitemap.xml b/sitemap.xml index b9ed838..c71e52a 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -104,69 +104,129 @@ 2023-01-09T10:38:55+00:00 0.80 - - https://kananinirav.com/practice-exam/exams.html - 2023-01-09T10:38:55+00:00 - 1.00 - - - https://kananinirav.com/practice-exam/practice-exam-1.html - 2023-01-09T10:38:55+00:00 - 0.80 - - - https://kananinirav.com/practice-exam/practice-exam-2.html - 2023-01-09T10:38:55+00:00 - 0.80 - - - https://kananinirav.com/practice-exam/practice-exam-3.html - 2023-01-09T10:38:55+00:00 - 0.80 - - - https://kananinirav.com/practice-exam/practice-exam-4.html - 2023-01-09T10:38:55+00:00 - 0.80 - https://kananinirav.com/study-guide.html 2023-01-09T10:38:55+00:00 0.80 + + https://kananinirav.com/practice-exam/exams.html + 2023-05-26T10:38:55+00:00 + 1.00 + + + https://kananinirav.com/practice-exam/practice-exam-1.html + 2023-05-26T10:38:55+00:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-2.html + 2023-05-26T10:38:55+00:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-3.html + 2023-05-26T10:38:55+00:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-4.html + 2023-05-26T10:38:55+00:00 + 0.80 + https://kananinirav.com/practice-exam/practice-exam-5.html - 2023-01-09T10:38:55+00:00 + 2023-05-26T10:38:55+00:00 0.80 https://kananinirav.com/practice-exam/practice-exam-6.html - 2023-01-09T10:38:55+00:00 + 2023-05-26T10:38:55+00:00 0.80 https://kananinirav.com/practice-exam/practice-exam-7.html - 2023-03-07T09:19:40+09:00 + 2023-05-26T09:19:40+09:00 0.80 https://kananinirav.com/practice-exam/practice-exam-8.html - 2023-03-07T09:19:40+09:00 + 2023-05-26T09:19:40+09:00 0.80 https://kananinirav.com/practice-exam/practice-exam-9.html - 2023-03-07T09:19:40+09:00 + 2023-05-26T09:19:40+09:00 0.80 https://kananinirav.com/practice-exam/practice-exam-10.html - 2023-03-08T09:48:44+09:00 + 2023-05-26T09:48:44+09:00 0.80 https://kananinirav.com/practice-exam/practice-exam-11.html - 2023-03-08T09:48:44+09:00 + 2023-05-26T09:48:44+09:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-12.html + 2023-05-26T10:38:55+00:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-13.html + 2023-05-26T10:38:55+00:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-14.html + 2023-05-26T10:38:55+00:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-15.html + 2023-05-26T10:38:55+00:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-16.html + 2023-05-26T10:38:55+00:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-17.html + 2023-05-26T10:38:55+00:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-18.html + 2023-05-26T09:19:40+09:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-19.html + 2023-05-26T09:19:40+09:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-20.html + 2023-05-26T09:19:40+09:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-21.html + 2023-05-26T09:48:44+09:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-22.html + 2023-05-26T09:48:44+09:00 + 0.80 + + + https://kananinirav.com/practice-exam/practice-exam-23.html + 2023-05-26T09:48:44+09:00 0.80 \ No newline at end of file