Under the AWS shared responsibility model, what are the customer's responsibilities? (Select TWO) | Under the AWS shared responsibility model, AWS are responsible for security “of” the cloud and customers are responsible for security “in” the cloud. Securing data in transit and ensuring the integrity of data are customer responsibilities. Customers are always responsible for managing data including encryption. |
Which of the following is a principle of good AWS Cloud architecture design? | As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components.
This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components. |
A company stores copies of backups on Amazon S3 and requires rapid access but low resiliency. Which
storage class is optimized for these requirements? | S3 One Zone-IA is for data that is accessed less frequently, but requires rapid access when needed. Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ and costs 20% less than S3 Standard-IA.
S3 One Zone-IA is ideal for customers who want a lower-cost option for infrequently accessed data but do not require the availability and resilience of S3 Standard or S3 Standard-IA.
It’s a good choice for storing secondary backup copies of on-premises data or easily re-creatable data. You can also use it as cost-effective storage for data that is replicated from another AWS Region using S3 Cross-Region Replication. |
Which AWS service can be used to generate encryption keys that can be used to encrypt data? (Select TWO) | Both AWS KMS and AWS CloudHSM can be used to generate data encryption keys. You use what are called customer master keys (CMKs) to create data encryption keys. The data encryption keys can then be used to actually encrypt the data |
Which of the following are accurate descriptions of AWS IAM users and groups? (Select TWO) | IAM groups are used for organizing users and applying policies (permissions) to them. You can add users tomultiple groups. Groups cannot be nested, which means you cannot have a group as a member of anothergroup or organize groups in a hierarchy |
Which benefit of the AWS Cloud eliminates the need for users to try estimating future infrastructure usage? | Elasticity means that your infrastructure scales based on actual usage. When you have higher demand, you use more infrastructure and pay more and when you have less demand you need less infrastructure and pay less.
The benefits are you don’t need to guess about capacity and pay only for what you actually need. |
A company plans to deploy a global commercial application on Amazon EC2 instances. The deployment
solution be designed with the highest redundancy and fault tolerance. Based on this situation, how should
the EC2 instances be deployed? | For maximum redundancy and fault tolerance the application should be deployed in multiple AWS Regions and multiple Availability Zones within each of those regions. This architecture may use Elastic Load Balancers and Amazon Route 53 records to direct traffic to instances. Alternatively, it could use AWS Global Accelerator. |
Which AWS services can be used to connect the AWS Cloud and on-premises resources? (Select TWO) | An AWS Managed VPN is a virtual private network connection over the public Internet. This creates an encrypted link between the on-premises network and your AWS VPC.
Another way to achieve this outcome is to provision an AWS Direct Connection which connects on-premises networks to AWS using private network links |
Which AWS service can you use to install a third-party database? | On AWS you can either use a managed service such as Amazon RDS or install a database on Amazon EC2.
There are limits to what database engines are supported on Amazon RDS so to install a third-party database
you can use Amazon EC2 instead. You will then be responsible for managing the operating system and
database. |
Which service can you use to provision a preconfigured server with little to no AWS experience? | Amazon LightSail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites, web applications, and databases in the cloud.
LightSail provides preconfigured virtual private servers (instances) that include everything required to deploy and application or create a database.
Deploying a server on LightSail is extremely easy and does not require knowledge of how to configure VPCs, security groups, network ACLs etc. |
Which service allows you to automatically expand and shrink your application in response to demand? | Amazon EC2 Auto Scaling automatically responds to demand by adding or removing EC2 instances to ensure the right amount of compute capacity is available at any time. This can help to automatically adjust the number of instances based on the load on your application. |
What method can you use to take a backup of an Amazon EC2 instance using AWS tools? | You can take snapshots of EC2 instances which creates a point-in-time copy of the instance. Snapshots are stored on S3. If you make periodic snapshots of a volume, the snapshots are incremental, which means that only the blocks on the device that have changed after your last snapshot are saved in the new snapshot. |
When instantiating compute resources, what are two techniques for using automated, repeatable processes
that are fast and avoid human error? (Select TWO) | With infrastructure as code AWS assets are programmable, so you can apply techniques, practices, and tools from software development to make your whole infrastructure reusable, maintainable, extensible, and testable.
With bootstrapping you can execute automated actions to modify default configurations. This includes scripts that install software or copy data to bring that resource to a particular state. |
Which feature of AWS allows you to deploy a new application for which the requirements may change over
time? | Elasticity allows you to deploy your application without worrying about whether it will need more or less resources in the future. With elasticity, the infrastructure can scale on-demand and you only pay for what you use |
Which feature of Amazon Rekognition can assist with saving time? | Amazon Rekognition makes it easy to add image and video analysis to your applications. You just provide an image or video to the Rekognition API, and the service can identify the objects, people, text, scenes, and activities, as well as detect any inappropriate content. |
Which AWS service can be used to process a large amount of data using the Hadoop framework? | Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances. |
A company would like to maximize their potential volume and Reserved Instance discounts across multiple
accounts and also apply service control policies on member accounts. Which service or tool can they use to
gain these benefits? | AWS Organizations enables you to create groups of AWS accounts and then centrally manage policies across those accounts.
AWS Organizations provides consolidated billing in both feature sets, which allows you set up a single payment method in the organization’s master account and still receive an invoice for individual activity in each member account.
Volume pricing discounts can be applied to resources. |
What are two ways that moving to an AWS cloud can benefit an organization? (Select TWO) | Increase speed and agility:
In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower
Stop guessing about capacity:
Eliminate guessing on your infrastructure capacity needs. When you make a capacity decision prior to
deploying an application, you often end up either sitting on expensive idle resources or dealing with limited capacity. With cloud computing, these problems go away. You can access as much or as little capacity as you need, and scale up and down as required with only a few minutes’ notice |
Which AWS service can an organization use to automate operational tasks on EC2 instances using existing
Chef cookbooks? | AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet.
With Chef, you use code templates, or cookbooks, to describe the desired configuration of instances or on-premises server. |
Which of the following statements is correct in relation to consolidated billing? (Select TWO) | AWS organizations allow you to consolidate multiple AWS accounts into an organization that you create and centrally manage.
Each paying account is an independent entity and is not able to access resources of other
accounts in the Organization.
The billing is performed centrally on the root account in the AWS Organization. |
Which pricing model should you use for EC2 instances that will be used in a lab environment for several
hours on a weekend and must run uninterrupted? | On-Demand is the best choice for this situation as it is the most economical option that will ensure no
interruptions. Use on-demand for ad-hoc use cases where you need to run an instance for a short period of time. |
Which AWS service can be used to convert video and audio files from their source format into versions that
will playback on devices like smartphones, tablets and PC? | Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or “transcode”) video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs. |
Which service can be used to help you to migrate databases to AWS quickly and securely? | AWS Database Migration Service is used to migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate data to and from most widely used commercial and open-source databases. |
Which AWS service is used to enable multi-factor authentication? | The identity and access management service (IAM) is used to securely control individual and group access to AWS resources. IAM can also be used to manage multi-factor authentication (MFA). With MFA you add an additional factor of authentication such Google Authenticator device. This is “something you have” and is used with your password “something you know”. |
What benefits are provided by Amazon CloudFront? (Select TWO) | CloudFront is a content delivery network (CDN) that allows you to store (cache) your content at “edge locations” located around the world. This allows customers to access content more quickly and provides security against DDoS attacks. CloudFront can be used for data, videos, applications, and APIs.
Benefits include:
– Cache content at Edge Location for fast distribution to customers.
– Built-in Distributed Denial of Service (DDoS) attack protection.
– Integrates with many AWS services (S3, EC2, ELB, Route 53, Lambda) |
Which AWS support plan should you use if you need a response time of < 15 minutes for a business-critical
system failure? | Only the Enterprise plan provides a response time of < 15 minutes for the failure of a business-critical system.
Both Business and Enterprise offer < 1 hour response time for the failure of a production system. |
Which feature can you use to grant read/write access to an Amazon S3 bucket? | Identity and access management (IAM) Policies are documents that define permissions and can be applied to users, groups and roles. IAM policies can be written to grant access to Amazon S3 buckets. |
How can an organization compare the cost of running applications in an on-premise or colocation
environment against the AWS cloud? | The TCO calculator is a free tool provided by AWS that allows you to estimate the cost savings of using the AWS Cloud vs. using an on-premised data center.The TCO calculator can compare the cost of your applications in an on-premises or traditional hosting environment to AWS. You describe your on-premises or hosting environment configuration to produce a detailed cost comparison with AWS. |
Which statement below is incorrect in relation to Network ACLs? | A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall form controlling traffic in and out of one or more subnets. Network ACLs operate at the subnet level not at the availability zone level. |
Which statement below is incorrect in relation to Security Groups? | A security group acts as a virtual firewall for your instance to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance Security groups are stateful meaning that if traffic is allowed in one direction, the return traffic is automatically allowed regardless of whether there is a matching rule for the traffic. |
Which of the following are features of Amazon CloudWatch? (Select TWO) | Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring whereas CloudTrail is for auditing.
CloudWatch is used to collect and track metrics, collect and monitor log files, and set alarms |
What architectural best practice aims to reduce the interdependencies between services? | As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components.
This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components
The concept of loose coupling includes “well defined interfaces” which reduce interdependencies in a system by enabling interaction only through specific, technology-agnostic interfaces (e.g. RESTful APIs). |
Which service allows you to run code as functions without needing to provision or manage servers? | AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you.
Lambda runs your code on high-availability compute infrastructure and performs all the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code and security patch deployment, and code monitoring and logging. All you need to do is supply the code. |
What benefits does Amazon EC2 provide over using non-cloud servers? (Select TWO) | Elastic Web-Scale computing– you can increase or decrease capacity within minutes not hours and commission one to thousands of instances simultaneously.
Inexpensive – Amazon passes on the financial benefits of scale by charging very low rates and on a capacity consumed basis. |
What is the most cost-effective EC2 pricing option to use for a non-critical overnight workload? | Spot instances are good for short term requirements as they can be very economical. However, sometimes AWS may terminate your instance when the they need the capacity back. This is a good option for non-critical workloads that can be terminated without loss of data. |
What is the most cost-effective support plan that should be selected to provide at least a 1-hour response
time for a production system failure? | The Business support plan provides < 1 hour response times for a production system failure. |
Under the shared responsibility model, what are examples of shared controls? (Select TWO) | Shared Controls– Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives
Patch Management– AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications
Configuration Management– AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. |
For which services does Amazon not charge customers? (Select TWO) | Amazon VPC and CloudFormation are free of charge, however in the case of CloudFormation you pay for the resources it creates.
All other answers are chargeable services. |
Which service can be used for building and integrating loosely-coupled, distributed applications? | Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud. Amazon SNS is used for building and integrating loosely-coupled, distributed applications.
NOTE: Sometimes AWS will expand abbreviations in answers and other times, like with this question, you just get the abbreviation. Therefore, there’s no workaround, you have to know your abbreviations! |
What can you use to quickly connect your office securely to your Amazon VPC? | An AWS managed VPN can be used to quickly connect from an office to an Amazon VPC. An Amazon VPC provides the option of creating an IPsec VPN connection between remote customer networks and their Amazon VPC over the internet, as shown in the following figure. Consider taking this approach when you want to take advantage of an AWS managed VPN endpoint that includes automated multi–data center redundancy and failover built into the AWS side of the VPN connection |
Which storage service allows you to connect multiple EC2 instances concurrently using file-level protocols? | Amazon Elastic File System allows you to connect hundreds or thousands of EC2 instances concurrently and is accessed using the file-level NFS protocol. |
Which service records API activity on your account and delivers log files to an Amazon S3 bucket? | AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is for auditing whereas CloudWatch is for performance monitoring. |
Which AWS storage technology can be considered a “virtual hard disk in the cloud”? | An EBS volume is a block storage device that is most similar to a virtual hard disk in the cloud as when attached to an instance it appears as a local disk that can have an operating system installed on or be formatted and used for any other local storage purpose. |
A company plans to create a hybrid cloud architecture. What technology will allow them to create a hybrid
cloud? | AWS Direct Connect provides a low-latency, high bandwidth connection to connect customer on-premise environments with the AWS cloud which allows them to create a “hybrid” cloud architecture. |
What is the scope of a VPC within a region? | An Amazon Virtual Private Cloud (VPC) spans all availability zones within a region. |
What advantages do you get from using the AWS cloud? (Select TWO) | The 6 advantages of cloud are:
1) Trade capital expense for variable expense
2) Benefit from massive economies of scale
3) Stop guessing about capacity
4) Increase speed and agility
5) Stop spending money running and maintaining data centers
6) Go global in minutes
You do not gain greater control of the infrastructure layer as AWS largely control this, and though AWS is compliant with lots of security compliance programs, not all programs in all local countries will be included |
Which tool enables you to visualize your usage patterns over time and to identify your underlying cost
drivers? | The AWS Cost Explorer is a free tool that allows you to view charts of your costs.
You can view cost data for the past 13 months and forecast how much you are likely to spend over the next three months.
Cost Explorer can be used to discover patterns in how much you spend on AWS resources over time and to identify cost problem area. |
Which service supports the resolution of public domain names to IP addresses or AWS resources? | Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service using hosted zones. It can also be used for domain registration, health checks, and traffic flow. |
Which types of pricing policies does AWS offer? (Select TWO) | Amazon pricing includes options for pay-as-you-go, save when you reserve and pay less by using more. |
The AWS Identity and Access Management (IAM) service can be used to manage which objects? (Select
TWO) | Access policies are objects that you attach to entities and resources to define their permissions.
Roles are created and then “assumed” by trusted entities and define a set of permissions for making AWS service requests. |
Under the AWS shared responsibility model what is the customer responsible for? (Select TWO) | AWS are responsible for “Security of the Cloud” and customers are responsible for “Security in the Cloud”.
AWS are responsible for items such as the physical security of the DC, replacement of old disk drives, and patch management of the infrastructure
Customers are responsible for items such as configuring security groups, network ACLs, patching their operating systems and encrypting their data |
Which of the statements below is accurate regarding Amazon S3 buckets? (Select TWO) | Amazon S3 uses a universal (global) namespace, which means bucket names must be unique globally.
However, you create the buckets in a region and the data never leaves that region unless explicitly configured to do so through cross-region replication (CRR). |
What considerations are there when choosing which region to use? (Select TWO) | You may choose a region to reduce latency, minimize costs, or address regulatory requirements.
Latency is the delay caused mostly by distance. This means you should choose to create your buckets in Regions that are closer (physically) to your users.
Some countries or industries have regulations that mandate data must not leave a jurisdiction or country border. In this case you simply select an AWS Region accordingly. |
Which service can be used to track the CPU usage of an EC2 instance? | Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring, whereas CloudTrail is for auditing |
Which AWS service allows you to connect to storage from on-premise servers using standard file protocols? | EFS is a fully-managed service that makes it easy to set up and scale file storage in the Amazon Cloud. EFS filesystems are mounted using the NFS protocol (which is a file-level protocol).
Access to EFS file systems from on-premises servers can be enabled via Direct Connect or AWS VPN.
You mount an EFS file system on your on-premises Linux server using the standard Linux mount command for mounting a file system via the NFSv4.1 or NFSv5 protocol. |
The AWS global infrastructure is composed of? (Select TWO) | The AWS Global infrastructure is built around Regions and Availability Zones (AZs).
A Region is a physical location in the world where AWS have multiple AZs. AZs consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities |
Which items can be configured from within the VPC management console? (Select TWO) | Subnets and Security groups can be configured from within the VPC console. |
What advantages does deploying Amazon CloudFront provide? (Select TWO) | CloudFront is a content delivery network (CDN) that allows you to store (cache) your content at “edge locations” located around the world.
This allows customers to access content more quickly and provides security against DDoS attacks.
CloudFront can be used for data, videos, applications, and APIs. |
What is an availability zone composed of? | Availability zones are composed of one or more data centers in a location.
Availability Zones are physically separate and isolated from each other. AZ’s have direct, low-latency, high throughput and redundant network connections between each other |
Which AWS service is primarily used for software version control? | AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories.
It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. |
Which services can be used for asynchronous integration between application components? (Select TWO) | Asynchronous integration is a form of loose coupling between services.
This model is suitable for any interaction that does not need an immediate response and where an acknowledgement that a request has been registered will suffice.
Amazon Simple Queue Service (SQS) and AWS Step Functions both provide asynchronous integration.
SQS provides a durable message bus and Step Functions is an orchestrated workflow service. |
How does AWS assist organizations’ with their capacity requirements? | All of these statements are true. However, the question is specifically asking how AWS can assist with capacity requirements. i.e. how does AWS enable organizations to ensure they don’t over or under-provision their
resources?
The ability to scale on demand is the key advantage that can help them here as they can deploy what they know they need today and scale it as they need to tomorrow. |
What strategy can assist with allocating metadata to AWS resources for cost tracking and visibility? | AWS allows customers to assign metadata to their AWS resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources.
AWS Cost Explorer and detailed billing reports support the ability to break down AWS costs by tag.
The other options are incorrect as they are not methods of adding metadata to an AWS resource. |
What is the term for describing the action of automatically running scripts on Amazon EC2 instances when
launched to install software? | Bootstrapping is the execution of automated actions to services such as EC2 and RDS. This is typically in the form of scripts that run when the instances are launched. |
Which of the following is a method of backup available in the AWS cloud? | Amazon Elastic Block Store (EBS) is a block-based storage system that provides a “virtual hard disk in the cloud”. You can back up your EBS volumes using snapshots which are point-in-time copies of the data. |