Cloud Practitioner - PRACTICE 2

Question 1

According to the shared responsibility mode, which security and compliance task is AWS responsible for?

1. Granting permissions to users and services
2. Updating Amazon EC2 host firmware
3. Encrypting data at rest
4. Updating operating systems

Answer 1

Updating Amazon EC2 host firmware

According to the AWS shared responsibility model AWS are
responsible for security “of” the cloud. This includes updating the firmware of the EC2 host servers on which instances run. All of the other answers are incorrect as they represent security “in” the cloud which is a customer responsibility.

Question 2

A company has a global user base and needs to deploy AWS services that can decrease network latency for their users. Which services may assist? (Select TWO.)

1. Amazon CloudFront
2. Amazon VPC
3. Application Auto Scaling
4. AWS Direct Connect
5. AWS Global Accelerator

Answer 2

Amazon CloudFront & AWS Global Accelerator

Amazon CloudFront is a content delivery network (CDN) that caches media assets such as files, photos, and videos in Edge locations around the world. This gets your content closer to the user base which decreases latency.

Question 3

What can be used to allow an application running on an Amazon EC2 instance to securely store data in an Amazon S3 bucket without using long-term credentials?

1. AWS Systems Manager
2. Amazon Connect
3. AWS IAM role
4. AWS IAM access key

Answer 3

AWS IAM Role

An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.

Question 4

Which AWS service does AWS Snowball Edge natively support?

1. AWS Server Migration Service (AWS SMS)
2. AWS Database Migration Service (AWS DMS)
3. AWS Trusted Advisor
4. Amazon EC2

Answer 4

Amazon EC2
You can run Amazon EC2 compute instances hosted on a Snowball Edge with the sbel, sbe-c, and sbe-g instance types. The sbe1 instance type works on devices with the Snowball Edge Storage Optimized option. The sbe-c instance type works on devices with the Snowball Edge Compute Optimized option. Both the sbe-c and sbe-g instance types work on devices with the Snowball Edge Compute Optimized with GPU option.

Question 5

AWS are able to continue to reduce their pricing due to:

1. Pay-as-you go pricing
2. The AWS global infrastructure
3. Economies of scale
4. Reserved instance pricing

Answer 5

Economies of scale

By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale, which translates into lower pay as-you-go prices.

Question 6

According to the AWS shared responsibility model, which task is the customer’s responsibility?

1. Maintaining the infrastructure needed to run Amazon DynamoDB.
2. Updating the operating system of AWS Lambda instances.
3. Maintaining Amazon API Gateway infrastructure.
4. Updating the guest operating system on Amazon EC2 instances.

Answer 6

Updating the guest operating system on Amazon EC2 instances

According to the AWS Shared Responsibility Model updating Amazon EC2 guest operating systems falls under the area of security “in” the cloud which is a customer responsibility. With EC2, AWS manage the underlying platform on which EC2 runs but you must launch and manage your operating systems.

Question 7

A Cloud Practitioner noticed that IP addresses that are owned by AWS are being used to attempt to flood ports on some of the company’s systems. To whom should the issue be reported?

1. AWS Professional Services
2. AWS Partner Network (APN)
3. AWS Trust & Safety team
4. AWS Technical Account Manager (TAM)

Answer 7

AWS Trust & Safety team

If you suspect that AWS resources are used for abusive purposes, contact the AWS Trust & Safety team using the Report Amazon AWS abuse form, or by contacting abuse@amazonaws.com. Provide all the necessary information, including logs in plaintext, email headers, and so on, when you submit your request.

Question 8

Which on-premises costs must be included in a Total Cost of Ownership (TCO) calculation when comparing against the AWS Cloud? (Select TWO.)

1. Physical compute hardware
2. Operating system administration
3. Network infrastructure in the data center
4. Project management services
5. Database schema development

Answer 8

Physical compute hardware & Network infrastructure in the data center

When performing a TCO analysis you must include all costs you are currently incurring in the on-premises environment that you will not pay for in the AWS Cloud. This should include labor costs for activities that will be reduced or eliminated. Labor costs that will continue to be incurred in the cloud need not be included.

Question 9

Which of the following can be used to identify a specific user who terminated an Amazon RDS DB instance?

1. AWS CloudTrail
2. Amazon Inspector
3. Amazon CloudWatch
4. AWS Trusted Advisor

Answer 9

AWS CloudTrail

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.

Question 10

Which AWS service can be used to perform data extract, transform, and load (ETL) operations so you can prepare data for analytics?

1. Amazon QuickSight
2. AWS Glue
3. Amazon Athena
4. Amazon S3 Select

Answer 10

AWS GLUE

AWS Glue is a serverless data integration service that makes it easy to discover, prepare, and combine data for analytics, machine learning, and application development. AWS Glue provides all of the capabilities needed for data integration so that you can start analyzing your data and putting it to use in minutes instead of months.

Question 11

Which of the following tasks can a user perform to optimize Amazon EC2 costs? (Select TWO.)

1. Implement Auto Scaling groups to add and remove instances based on demand.
2. Create a policy to restrict IAM users from accessing the Amazon EC2 console.
3. Set a budget to limit spending on Amazon EC2 instances using AWS Budgets.
4. Purchase Amazon EC2 Reserved Instances.
5. Create users in a single Region to reduce the spread of EC2 instances globally.

Answer 11

Implement Auto Scaling groups to add and remove instances based on demand & Purchase Amazon EC2 Reserved Instances

Cost optimization can include using Auto Scaling groups to scale the number of EC2 instances according to actual demand. Also, using Amazon EC2 reserved instances for suitable workloads is a good way of optimizing costs over the longer term.

Question 12

According to the shared responsibility model, which security related task is the responsibility of the customer?

1. Maintaining server-side encryption.
2. Securing servers and racks at AWS data centers.
3. Maintaining firewall configurations at hardware level.
4. Maintaining physical networking configuration.

Answer 12

Maintaining server-side encryption

All client-side and server-side encryption is a responsibility of the customer using the AWS Cloud.

Question 13

A company plan to move the application development to AWS. Which benefits can they achieve when developing and running applications in the AWS Cloud compared to on premises? (Select TWO.)

1. AWS automatically replicates all data globally.
2. AWS will fully manage the entire application.
3. AWS makes it easy to implement high availability.
4. AWS can accommodate large changes in application demand.
5. AWS takes care of application security patching.

Answer 13

AWS makes it easy to implement high availability & AWS can accommodate large changes in application demand

AWS provides many options for high availability including multiple availability zones within Regions and multiple Regions around the world. There are also many options to leverage durable data storage, message buses, databases. AWS have a huge global infrastructure with massive amounts of capacity. It is therefore very easy to accommodate large changes in application demand and this can often be seamless to your application.

Question 14

Which AWS services offer compute capabilities? (Select TWO.)

1. Amazon DynamoDB
2. Amazon ECS
3. Amazon EFS
4. Amazon CloudHSM
5. AWS Lambda

Answer 14

Amazon ECS & AWS Lambda

The Amazon Elastic Container Service (ECS) is a compute service that allows you to run Docker containers as tasks on AWS. AWS Lambda is a function as a service offering that provides the ability to run compute functions in response to triggers.

Question 15

A cloud practitioner needs to migrate a 70 TB of data from an on-premises data center into the AWS Cloud. The company has a slow and unreliable internet connection. Which AWS service can the cloud practitioner leverage to transfer the data?

1. Amazon S3 Glacier
2. AWS Snowball
3. AWS Storage Gateway
4. AWS DataSync

Answer 15

AWS Snowball

AWS Snowball is a method of transferring the data using a physical device. A Snowball Edge device can hold up to 80 TB so a single device can be used. This transfer method completely avoids the slow and unreliable internet connection.

Question 16

Which AWS service is a fully-managed source control service that hosts secure Git-based repositories?

1. AWS CodeBuild
2. AWS CodeDeploy
3. AWS CodeCommit
4. AWS CodePipeline

Answer 16

AWS CodeCommit

AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories. It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem.

Question 17

A Cloud Practitioner is re-architecting a monolithic application. Which design principles for cloud architecture do AWS recommend? (Select TWO.)

1. Implement manual scalability.
2. Implement loose coupling.
3. Use self-managed servers.
4. Rely on individual components.
5. Design for scalability.

Answer 17

Implement loose coupling & Design for scalability

Dependencies such as queuing systems, streaming systems, workflows, and load balancers are loosely coupled. Loose coupling helps isolate behavior of a component from other components that depend on it, increasing resiliency and agility AWS recommend that you architect applications that scale horizontally to increase aggregate workload availability. This scaling should be automatic where possible.

Question 18

Which of the following a valid best practices for using the AWS Identity and Access Management (IAM) service? (Select TWO.)

1. Embed access keys in application code.
2. Create individual IAM users.
3. Use inline policies instead of customer managed policies.
4. Use groups to assign permissions to IAM users.
5. Grant maximum privileges to IAM users.

Answer 18

Create individual IAM users & Use groups to assign permissions to lAM users

Question 19

Which benefit of AWS enables companies to replace upfront fixed expenses with variable expenses when using on-demand technology services?

1. Pay-as-you-go pricing
2. Economies of scale
3. Global reach
4. High availability

Answer 19

Pay-as-you-go pricing

Pay-as-you-go-pricing is an example of the AWS advantage “Trade capital expense for variable expense”. This is documented in the Six Advantages of Cloud Computing. Instead of having to invest heavily in data centers and servers before you know how you’re going to use them, you can pay only when you consume computing resources, and pay only for how much vou consume.

Question 20

A Service Control Policy (SCP) is used to manage the maximum available permissions and is associated with which of the following?

1. AWS Global Infrastructure
2. AWS Regions
3. AWS Organizations
4. Availability Zones

Answer 20

AWS Organizations

Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization. SCs are associated with AWS Organizations and help you to ensure your accounts stay within your organization’s access control guidelines. SCs are available only in an organization that has all features enabled.

Question 21

What should a Cloud Practitioner ensure when designing a highly available architecture on AWS?

1. Servers have low-latency and high throughput network connectivity.
2. The failure of a single component should not affect the application.
3. There are enough servers to run at peak load available at all times.
4. A single monolithic application component handles all operations.

Answer 21

The failure of a single component should not affect the application

In a highly available system the failure of a single component should not affect the application. This means that if a single component such as an application server fails, there should be other applications servers available that can seamlessly take over operations and ensure the application continues to operate.

Question 22

Which technology can automatically adjust compute capacity as demand for an application increases or decreases?

1. Load balancing
2. Auto Scaling
3. Fault tolerance
4. High availability

Answer 22

Auto Scaling

Amazon EC2 Auto Scaling helps you maintain application availability and allows you to automatically add or remove EC2 instances according to conditions you define. You can use the fleet management features of EC2 Auto Scaling to maintain the health and availability of your fleet.

Question 23

Which of the following is an advantage for a company running workloads in the AWS Cloud vs on-premises? (Select TWO.)

1. Less staff time is required to launch new workloads.
2. Increased time to market for new application features.
3. Higher acquisition costs to support elastic workloads.
4. Lower overall utilization of server and storage systems.
5. Increased productivity for application development teams.

Answer 23

Less staff time is required to launch new workloads & Increased productivity for application development
teams

Using AWS cloud services can help development teams to be more productive as they spend less time working on the infrastructure layer as it is provided for them. This additionally means launching new workloads requires less time as you can automate the implementation of the application and there is no underlying hardware layer to configure.

Question 24

Which cloud architecture design principle is supported by deploying workloads across multiple Availability Zones?

1. Automate infrastructure.
2. Design for agility.
3. Enable elasticity.
4. Design for failure.

Answer 24

Design for failure

Amazon EC2 instances can be deploved in an Amazon VPC across multiple Availability Zones. You would then typically use an Elastic Load Balancer (ELB) to distribute load between the available instances. This architecture enables high availability as if a single instance fails or if something fails that causes an outage in an entire Availability Zone, the application still has available instances to continue to service demand.

Question 25

A company requires a dashboard for reporting when using a business intelligence solution. Which AWS service can a Cloud Practitioner use? 1. Amazon Redshift 2. Amazon Kinesis 3. Amazon Athena 4. Amazon QuickSight

Answer 25

**Amazon QuickSight** Amazon QuickSight is a scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloud.

Question 26

A Cloud Practitioner wants to configure the AWS CLI for programmatic access to AWS services. Which credential components are required? (Select TWO.) 1. An access key ID 2. Apublic key 3. A secret access key 4. An IAM Role 5. A private key

Answer 26

**An access key ID & A secret access key** Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).

Question 27

Which service can a Cloud Practitioner use to configure custom cost and usage limits and enable alerts for when defined thresholds are exceeded? 1. Consolidated billing 2. AWS Trusted Advisor 3. Cost Explorer 4. AWS Budgets

Answer 27

**AWS Budgets** AWS Budgets allows you to set custom budgets to track your cost and usage. With AWS Budgets, you can choose to be alerted by email or SNS notification when actual or forecasted cost and usage exceed your budget threshold, or when your actual RI and Savings Plans' utilization or coverage drops below your desired threshold.

Question 28

What is the function of Amazon EC2 Auto Scaling? 1. Scales the size of EC2 instances up or down automatically, based on demand. 2. Automatically updates the EC2 pricing model, based on demand. 3. Scales the number of EC2 instances in or out automatically, based on demand. 4. Automatically modifies the network throughput of EC2 instances, based on demand.

Answer 28

**Scales the number of EC2 instances in or out automatically, based on demand.** Amazon EC2 Auto Scaling helps you maintain application availability and allows you to automatically add or remove EC2 instances according to conditions you define. You can use the fleet management features of EC2 Auto Scaling to maintain the health and availability of your fleet. You can also use the dynamic and predictive scaling features of EC2 Auto Scaling to add or remove EC2 instances.

Question 29

Which AWS service should a Cloud Practitioner use to establish a secure network connection between an on-premises network and AWS? 1. AWS Mobile Hub 2. AWS Web Application Firewall (WAF) 3. Amazon Virtual Private Cloud (VPC) 4. Virtual Private Network

Answer 29

**Virtual Private Network** AWS Virtual Private Network solutions establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network.

Question 30

Which AWS-managed service can be used to process vast amounts of data using a hosted Hadoop framework? 1. Amazon DynamoDB 2. Amazon Athena 3. Amazon EMR 4. Amazon Redshift

Answer 30

**Amazon EMR** Amazon Elastic Map Reduce (EMR) is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. EMR utilizes a hosted Hadoop framework running on Amazon EC2 and Amazon S3.

Question 31

Which Amazon EC2 pricing model should be avoided if a workload cannot accept interruption if capacity becomes temporarily unavailable? 1. Spot Instances 2. On-Demand Instances 3. Standard Reserved Instances 4. Convertible Reserved Instances

Answer 31

**Spot Instances** Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. The downside is that if capacity becomes temporarily unavailable, your instances may be terminated.

Question 32

A Cloud Practitioner requires a simple method to identify if unrestricted access to resources has been allowed by security groups. Which service can the Cloud Practitioner use? 1. AWS Trusted Advisor 2. Amazon CloudWatch 3. VPC Flow Logs 5. AWS CloudTrail

Answer 32

**AWS Trusted Advisor** AWS Trusted Advisor checks security groups for rules that allow unrestricted access (0.0.0.0/0) to specific ports. Unrestricted access increases opportunities for malicious activity (hacking, denial-of- service attacks, loss of data).

Question 33

An eCommerce company plans to use the AWS Cloud to quickly deliver new functionality in an iterative manner, minimizing the time to market. Which feature of the AWS Cloud provides this functionality? 1. Elasticity 2. Agility 3. Fault tolerance 4. Cost effectiveness

Answer 33

**Agility** In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.

Question 34

What can a Cloud Practitioner do with the AWS Cost Management tools? (Select TWO.) 1. Visualize AWS costs by day, service, and linked AWS account. 2. Terminate EC2 instances automatically if budget thresholds are exceeded. 3. Automatically modify EC2 instances to use Spot pricing to reduce costs. 4. Create budgets and receive notifications if current or forecasted usage exceeds the budgets. 5. Archive data to Amazon Glacier if it is not accessed for a configured period of time.

Answer 34

**Visualize AWS costs by day, service, and linked AWS account & Create budgets and receive notifications if current or forecasted usage exceeds the budgets** AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. It can be used to visualize AWS costs by day, service, and linked AWS account. AWS Budgets can be used to receive notifications if current or forecasted usage exceeds the budgets.

Question 35

Which AWS dashboard displays relevant and timely information to help users manage events in progress, and provides proactive notifications to help plan for scheduled activities? 1. AWS Service Health Dashboard 2. AWS Personal Health Dashboard 3. AWS Trusted Advisor dashboard 4. Amazon Cloud Watch dashboard

Answer 35

**AWS Personal Health Dashboard** AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you.

Question 36

Which AWS service should a Cloud Practitioner use to automate configuration management using Puppet? 1. AWS Config 2. AWS OpsWorks 3. AWS CloudFormation 4. AWS Systems Manager

Answer 36

**AWS OpsWorks** AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.

Question 37

Which AWS service is used to send both text and email messages from distributed applications? 1. Amazon Simple Notification Service (Amazon SNS) 2. Amazon Simple Email Service (Amazon SES) 3. Amazon Simple Workflow Service (Amazon SWF) 4. Amazon Simple Queue Service (Amazon SQS)

Answer 37

**Amazon Simple Notification Service (SNS)** Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications.

Question 38

Which AWS service or feature allows a company to receive a single monthly AWS bill when using multiple AWS accounts? 1. Consolidated billing 2. Amazon Cloud Directory 3. AWS Cost Explorer 4. AWS Cost and Usage report

Answer 38

**Consolidated Billing** You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) accounts.

Question 39

A user needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances and vulnerabilities on those instances. Which AWS service will provide this assessment report? 1. EC2 security groups 2. AWS Config 3. Amazon Macie 4. Amazon Inspector

Answer 39

**Amazon Inspector** Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.

Question 40

Which of the following best describes an Availability Zone in the AWS Cloud? 1. One or more physical data centers 2. A completely isolated geographic location 3. One or more edge locations based around the world 4. A subnet for deploying resources into

Answer 40

**One or more physical data centers** An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. AZ's give customers the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center.

Question 41

A company needs a consistent and dedicated connection between AWS resources and an on-premise system. Which AWS service can fulfil this requirement? 1. AWS Direct Connect 2. AWS Managed VPN 3. Amazon Connect 4. AWS DataSync

Answer 41

**AWS Direct Connect** An AWS Direct Connect connection is a private, dedicated link to AWS. As it does not use the internet, performance is consistent.

Question 42

Which AWS service helps customers meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated hardware appliances within the AWS Cloud? 1. AWS Secrets Manager 2. AWS CloudHSM 3. AWS Key Management Service (AWS KMS) 4. AWS Directory Service

Answer 42

**The AWS CloudHSM** The AWS CloudHSM service helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud. AWS CloudHSM enables you to easily generate and use your own encryption keys on the AWS Cloud.

Question 43

What can a Cloud Practitioner use the AWS Total Cost of Ownership (TCO) Calculator for? 1. Generate reports that break down AWS Cloud compute costs by duration, resource, or tags 2. Estimate savings when comparing the AWS Cloud to an on-premises environment 3. Estimate a monthly bill for the AWS Cloud resources that will be used 4. Enable billing alerts to monitor actual AWS costs compared to estimated costs

Answer 43

**Estimate savings when comparing the AWS Cloud to an on-premises environment** The TCO calculators allow you to estimate the cost savings when using AWS, compared to on-premises, and provide a detailed set of reports that can be used in executive presentations. The calculators also give you the option to modify assumptions that best meet your business needs.

Question 44

Which of the following should be used to improve the security of access to the AWS Management Console? (Select TWO.) 1. AWS Secrets Manager 2. AWS Certificate Manager 3. AWS Multi-Factor Authentication (AWS MFA) 4. Security group rules 5. Strong password policies

Answer 44

**AWS Multi-Factor Authentication (AWS MA) & Strong password policies** For extra security, AWS recommends that you require multi-factor authentication (MFA) for all users in your account. With MA, users have a device that generates a response to an authentication challenge.

Question 45

An application has highly dynamic usage patterns. Which characteristics of the AWS Cloud make it cost-effective for this type of workload? (Select TWO.) 1. High availability 2. Strict security 3. Elasticity 4. Pay-as-you-go pricing 5. Reliability

Answer 45

**Elasticity & Pay-as-you-go pricing** AWS is a cost-effective for dynamic workloads because it is elastic, meaning your workload can scale based on demand. And because you only pay for what you use (pay-as-you-go pricing).

Question 46

Which benefits can a company immediately realize using the AWS Cloud? (Select TWO.) 1. Variable expenses are replaced with capital expenses 2. Capital expenses are replaced with variable expenses 3. User control of physical infrastructure 4. Increased agility 5. No responsibility for security

Answer 46

**Capital expenses are replaced with variable expenses & Increased agility** A couple of the benefits that companies will realize immediately when using the AWS Cloud are increased agility and a change from capital expenditure to variable operational expenditure. Agility is enabled through the flexibility of cloud services and the ease with which applications can be deployed, scaled, and managed.

Question 47

Which AWS hybrid storage service enables a user's on-premises applications to seamlessly use AWS Cloud storage? 1. AWS Backup 2. Amazon Connect 3. AWS Direct Connect 4. AWS Storage Gateway

Answer 47

**AWS Storage Gateway** AWS Storage Gateway is a hybrid cloud storage service that gives you on- premises access to virtually unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases.

Question 48

A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in an Amazon VPC. Which service should be used to deploy the application? 1. AWS CloudFormation 2. AWS Elastic Beanstalk 3. Amazon EC2 4. Amazon LightSail

Answer 48

**AWS Elastic Beanstalk** AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.

Question 49

How can a security compliance officer retrieve AWS compliance documentation such as a SOC 2 report? 1. Using AWS Artifact 2. Using AWS Trusted Advisor 3. Using AWS Inspector 4. Using the AWS Personal Health Dashboard

Answer 49

**AWS Artifact** AWS Artifact, available in the console, is a self-service audit artifact retrieval portal that provides our customers with on-demand access to AWS' compliance documentation and AWS agreements.

Question 50

Which AWS service can be used to run Docker containers? 1. AWS Lambda 2. Amazon ECR 3. Amazon ECS 4. Amazon AMI

Answer 50

**Amazon ECS** Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances.

Question 51

What are the benefits of using the AWS Managed Services? (Select TWO.) 1. Alignment with ITIL processes 2. Managed applications so you can focus on infrastructure 3. Baseline integration with ITSM tools 4. Designed for small businesses 5. Support for all AWS services

Answer 51

**Alignment with ITIL processes & Baseline integration with ITSM tools** AWS Managed Services manages the daily operations of your AWS infrastructure in alignment with ITIL processes. AWS Managed Services provides a baseline integration with IT Service Management (ITSM) tools such as the ServiceNow platform.

Question 52

Which services are involved with security? (Select TWO.) 1. AWS CloudHSM 2. AWS DMS 3. AWS KMS 4. AWS SMS 5. Amazon ELB

Answer 52

**AWS CloudHSM & AWS KMS** Key Management Service (KMS) gives you centralized control over the encryption keys used to protect your data. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

Question 53

What are the names of two types of AWS Storage Gateway? (Select TWO.) 1. S3 Gateway 2. File Gateway 3. Block Gateway 4. Tape Gateway 5. Cached Gateway

Answer 53

**File Gateway & Tape Gateway** File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3. Tape Gateway (formerly known as Gateway Virtual Tape Library) is used for backup with popular backup software.

Question 54

An application stores images which will be retrieved infrequently, but must be available for retrieval immediately. Which is the most cost-effective storage option that meets these requirements? 1. Amazon Glacier with expedited retrievals 2. Amazon S3 Standard-Infrequent Access 3. Amazon EFS 4. Amazon S3 Standard

Answer 54

**Amazon S3 Standard-Infrequent Access** Amazon S3 Standard-Infrequent Accessis the most cost-effective choice. It provides immediate access and is suitable for this use case as it is lower cost than S3 standard. Note that you must pay a fee for retrievals which is why you would only use this tier for infrequent access use cases.

Question 55

Which AWS support plans provide support via email, chat and phone? (Select TWO.) 1. Basic 2. Developer 3. Business 4. Enterprise 5. Global

Answer 55

**Business & Enterprise** Only the business and enterprise plans provide support via email, chat and phone.

Question 56

Which AWS service can be used to host a static website? 1. Amazon S3 2. Amazon EBS 3. AWS CloudFormation 4. Amazon EFS

Answer 56

**Amazon S3** You can use Amazon S3 to host a static website. On a static website, individual webpages include static content. They might also contain client-side scripts.

Question 57

Which of the following are AWS recommended best practices in relation to IAM? (Select TWO.) 1. Assign permissions to users 2. Create individual IAM users 3. Embed access keys in application code 4. Enable MFA for all users 5. Grant greatest privilege

Answer 57

**Create individual IAM users & Enable MFA for all users** AWS recommends that you create individual IAM users rather than sharing IAM user accounts. For extra security, AWS recommends that you require multi-factor authentication (MA) for all users in your account. For privileged IAM users who are allowed to access sensitive resources or API operations, AWS recommend using U2F or hardware MFA devices.

Question 58

Which of the following security operations tasks must be performed by AWS customers? (Select TWO.) 1. Collecting syslog messages from physical firewalls 2. Issuing data center access keycards 3. Installing security updates on EC2 instances 4. Enabling multi-factor authentication (MA) for privileged users 5. Installing security updates for server firmware

Answer 58

**Installing security updates on EC2 instances & Enabling multi-factor authentication (MFA) for privileged users** The customer is responsible for installing security updates on EC2 instances and enabling MFA. AWS is responsible for security of the physical data center and the infrastructure upon which customer services run.

Question 59

How can an organization assess applications for vulnerabilities and deviations from best practice? 1. Use AWS Artifact 2. Use AWS Inspector 3. Use AWS Shield 4. Use AWS WAF

Answer 59

**AWS Inspector** Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Inspector automatically assesses applications for vulnerabilities or deviations from best practices.

Question 60

Which AWS service protects against common exploits that could compromise application availability, compromise security or consume excessive resources? 1. AWS WAF 2. AWS Shield 3. Security Group 4. Network ACL

Answer 60

**AWS WAF** AWS WAF is a web application firewall that protects against common exploits that could compromise application availability, compromise security or consume excessive resources.

Question 61

A new user is unable to access any AWS services, what is the most likely explanation? 1. The user needs to login with a key pair 2. The services are currently unavailable 3. By default new users are created without access to any AWS services 4. The default limit for user logons has been reached

Answer 61

**By default new users are created with NO access to any AWS services** They can only login to the AWS console. You must apply permissions to users to allow them to access services.

Question 62

Which of the following compliance programs allows the AWS environment to process, maintain, and store protected health information? 1. ISO 27001 2. PCIDSS 3. HIPAA 4. SOC 1

Answer 62

**HIPAA** AWS enables covered entities and their business associates subiect to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure AWS environment to process, maintain, and store protected health information.

Question 63

Which AWS service can be used to load data from Amazon S3, transform it, and move it to another destination? 1. Amazon RedShift 2. Amazon EMR 3. Amazon Kinesis 4. AWS Glue

Answer 63

**AWS GLUE** AWS Glue is an Extract, Transform, and Load (ETL) service. You can use AWS Glue with data sources on Amazon S3, RedShift and other databases. With AWS Glue you transform and move the data to various destinations. It is used to prepare and load data for analytics.

Question 64

How should an organization deploy an application running on multiple EC2 instances to ensure that a power failure does not cause an application outage? 1. Launch the EC2 instances in separate regions 2. Launch the EC2 instances into different VPCs 3. Launch the EC2 instances into different Availability Zones 4. Launch the EC2 instances into Edge Locations

Answer 64

**Launch the EC2 instances into different Availability Zones** If you have multiple EC2 instances that are part of an application, you should deploy them into separate availability zones (AZs). Each AZ has redundant power and is also fed from a different grid. AZs also have low latency network links which is often advantageous for most applications.

Question 65

Which of the statements below is correct in relation to Consolidated Billing? (Select TWO.) 1. You receive one bill per AWS account 2. You receive a single bill for multiple accounts 3. You pay a fee per linked account 4. You can combine usage and share volume pricing discounts 5. You are charged a fee per user

Answer 65

**You receive a single bill for multiple accounts & You can combine usage and share volume pricing discounts** One bill - You get one bill for multiple accounts. Combined usage - You can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with individual standalone accounts.

Question 66

Amazon S3 is typically used for which of the following use cases? (Select TWO.) 1. Host a static website 2. Install an operating system 3. Media hosting 4. In-memory data cache 5. Message queue

Answer 66

**Host a static website & Media hosting** Amazon S3 is an object storage system. Typical use cases include: Backup and storage, application hosting, media hosting, software delivery and hosting a static website.