Cloud Practitioner - PRACTICE 4

Question 1

Which AWS service should be used to create a billing alarm?

1. AWS Trusted Advisor
2. AWS CloudTrail
3. Amazon CloudWatch
4. Amazon QuickSight

Answer 1

Amazon CloudWatch

You can monitor your estimated AWS charges by using Amazon CloudWatch. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data.

Question 2

How can consolidated billing within AWS Organizations help lower overall monthly expenses?

1. By providing a consolidated view of monthly billing across multiple accounts
2. By pooling usage across multiple accounts to achieve a pricing tier discount
3. By automating the creation of new accounts through Als
4. By leveraging service control policies (SCP) for centralized service management

Answer 2

By pooling usage across multiple accounts to achieve a pricing tier discount

You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) accounts.

Question 3

Which Amazon EC2 pricing model should be used to comply with per-core software license requirements?

1. Dedicated Hosts
2. On-Demand Instances
3. Spot Instances
4. Reserved Instances

Answer 3

Dedicated Hosts

Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2, so that you get the flexibility and cost-effectiveness of using your own licenses, but with the resiliency, simplicity and elasticity of AWS.

Question 4

Which of the following are advantages of the AWS Cloud? (Select TWO.)

1. AWS manages the maintenance of the cloud infrastructure
2. AWS manages the security of applications built on AWS
3. AWS manages capacity planning for physical servers
4. AWS manages the development of applications on AWS
5. AWS manages cost planning for virtual servers

Answer 4

AWS manages the maintenance of the cloud infrastructure & AWS manages capacity planning for physical servers

AWS is responsible for security of the AWS Cloud as well as capacity planning and maintenance of the AWS infrastructure. This includes physical infrastructure such as data centers, servers, storage systems, and networking equipment.

Question 5

The ability to horizontally scale Amazon EC2 instances based on demand is an example of which concept?

1. Economy of scale
2. Elasticity
3. High availability
4. Agility

Answer 5

Elasticity

Elasticity is the ability to dynamically adjust the capacity of a service or resource based on demand. Scaling can be vertical (e.g. increase instance size) or horizontal (e.g. add more EC2 instances).

Question 6

Which AWS service provides a quick and automated way to create and manage AWS accounts?

1. AWS QuickSight
2. Amazon LightSail
3. AWS Organizations
4. Amazon Connect

Answer 6

AWS Organizations

AWS Organizations is a web service that enables you to consolidate your multiple AWS accounts into an organization and centrally manage your accounts and their resources. The AWS Organizations API can be used to create AWS accounts and this can be automated through code.

Question 7

Which tool can be used to create alerts when the actual or forecasted cost of AWS services exceed a certain threshold?

1. AWS Cost Explorer
2. AWS Budgets
3. AWS Cost and Usage report
4. AWS CloudTrail

Answer 7

AWS Budgets

AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.

Question 8

A user has an AWS account with a Business-level AWS Support plan and needs assistance with handling a production service disruption. Which action should the user take?

1. Contact the dedicated Technical Account Manager
2. Contact the dedicated AWS Concierge Support team
3. Open a business-critical system down support case
4. Open a production system down support case

Answer 8

Open a production system down support case

The Business support plan provides a service level agreement (SLA) of <1 hour for production system down support cases.

Question 9

Which type of AWS Storage Gateway can be used to backup data with popular backup software?

1. File Gateway
2. Volume Gateway
3. Gateway Virtual Tape Library
4. Backup Gateway

Answer 9

The Gateway Virtual Tape Library

The Gateway Virtual Tape Library can be used with popular backup software such as NetBackup, Backup Exec and Veeam. Uses a virtual media changer and tape drives.

Question 10

You would like to collect custom metrics from a production application every 1 minute. What type of monitoring should you use?

1. CloudWatch with detailed monitoring
2. CloudTrail with basic monitoring
3. CloudWatch with basic monitoring
4. CloudTrail with detailed monitoring

Answer 10

CloudWatch with detailed monitoring

Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring (CloudTrail is for auditing).

Question 11

What billing timeframes are available for Amazon EC2 on-demand instances? (Select TWO.)

1. Per week
2. Per day
3. Per hour
4. Per minute
5. Per second

Answer 11

Per second & Per hour

With EC2 you are billed either by the second, for some Linux instances, or by the hour for all other instance types.

Question 12

Which Amazon EC2 pricing option provides significant discounts for fixed term contracts?

1. Reserved Instances
2. Spot Instances
3. Dedicated Instances
4. Dedicated Hosts

Answer 12

Reserved instances

Reserved instances provide significant discounts, up to 75% compared to On-Demand pricing, by paying for capacity ahead of time.

Question 13

When using Amazon RDS databases, which items are you charged for? (Select TWO.)

1. Inbound data transfer
2. Multi AZ
3. Single AZ
4. Backup up to the DB size
5. Outbound data transfer

Answer 13

Multi AZ & Outbound data transfer

With Amazon RDS you are charged for the type and size of database, the uptime, any additional storage of backup (above the DB size), requests, deployment type (e.g. you pay for multi AZ), and data transfer outbound.

Question 14

How are AWS Lambda functions triggered?

1. Events
2. Schedules
3. Metrics
4. Counters

Answer 14

Events

AWS Lambda lets you run code as functions without provisioning or managing server. Lambda-based applications (also referred to as serverless applications) are composed of functions triggered by events.

Question 15

Which tool can be used to provide real time guidance on provisioning resources following AWS best practices?

1. AWS Trusted Advisor
2. AWS Simple Monthly Calculator
3. AWS Inspector
4. AWS Personal Health Dashboard

Answer 15

Trusted Advisor

Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment. Trusted Advisor provides real time guidance to help you provision your resources following best practices.

Question 16

When performing a total cost of ownership (CO) analysis between on-premises and the AWS Cloud, which factors are only relevant to on-premises deployments? (Select TWO.)

1. Hardware procurement teams
2. Operating system licensing
3. Facility operations costs
4. Database administration
5. Application licensing

Answer 16

Hardware procurement teams & Facility operations costs

Facility operations and hardware procurement costs are something you no longer need to pay for in the AWS Cloud. These factors therefore must be included as an on-premise cost so you can understand the cost of staying in your own data centers. Database administration, operating system licensing and application licensing will still be required in the AWS Cloud.

Question 17

How does “elasticity” benefit an application design?

1. By reducing interdependencies between application components
2. By automatically scaling resources based on demand
3. By selecting the correct storage tier for your workload
4. By reserving capacity to reduce cost

Answer 17

By automatically scaling resources based on demand

Elasticity refers to the automatic scaling of resources based on demand.

Question 18

What is the benefit of using fully managed services compared to deploying 3rd party software on EC2?

1. You don’t need to back-up your data
2. Improved security
3. Reduced operational overhead
4. You have greater control and flexibility

Answer 18

Reduced operational overhead

Fully managed services reduce your operational overhead as AWS manage not just the infrastructure layer but the service layers above it. Examples are Amazon Aurora and Amazon ElastiCache where the database is managed for you.

Question 19

What are the fundamental charges for an Amazon EC2 instance? (Select TWO.)

1. Basic monitoring
2. Data storage
3. Server uptime
4. AMI
5. Private IP address

Answer 19

Data storage & Server uptime

When using EC2 instances you are charged for the compute uptime of the instance based on the family and type you chose. You are also charged for the amount of data provisioned.

Question 20

Which AWS service uses a highly secure hardware storage device to store encryption keys?

1. AWS CloudHSM
2. AWSIAM
3. Amazon Cloud Directory
4. AWS WAF

Answer 20

AWS CloudHSM

AWS CloudHSM is a cloud-based hardware security module (HSM) that allows you to easily add secure key storage and high-performance crypto operations to your AWS applications

Question 21

Which type of security control can be used to deny network access from a specific IP address?

1. AWS Shield
2. AWS WAF
3. Network ACL
4. Security Group

Answer 21

Network ACL

A Network ACL supports allow and deny rules. You can create a deny rule specifying a specific IP address that you would like to block.

Question 22

Which service can be used to manage configuration versions?

1. AWS Service Catalog
2. AWS Artifact
3. Amazon Inspector
4. AWS Config

Answer 22

AWS Config

AWS Config is a fully-managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and regulatory compliance.

Question 23

Which aspects of security on AWS are customer responsibilities? (Select TWO.)

1. Setting up account password policies
2. Physical access controls
3. Server-side encryption
4. Patching of storage systems
5. Availability of AWS regions

Answer 23

Setting up account password policies & Server-side encryption

AWS are responsible for the “security of the cloud”. This includes protecting the infrastructure that runs all of the services offered in the AWS Cloud. The customer is responsible for “security in the cloud”.

Question 24

Which of the following are architectural best practices for the AWS Cloud? (Select TWO.)

1. Deploy into multiple Availability Zones
2. Deploy into a single availability zone
3. Close coupling
4. Design for fault tolerance
5. Create monolithic architectures

Answer 24

Deploy into multiple Availability Zones & Design for fault tolerance

It is an architectural best practice to deploy your resources into multiple availability zones and design for fault tolerance. These both ensure that
if resources or infrastructure fails, your application continues to run.

Question 25

To reduce the price of your Amazon EC2 instances, which term lengths are available for reserved instances? (Select TWO.) 1. 4 years 2. 1 year 3. 5 years 4. 2 years 5. 3 years

Answer 25

**1 year & 3 year** Reserved instances provide significant discounts, up to 75% compared to On-Demand pricing, by paying for capacity ahead of time. They are good for applications that have predictable usage, that need reserved capacity, and for customers who can commit to a 1 or 3-year term.

Question 26

What are the fundamental charges for Elastic Block Store (EBS) volumes? (Select TWO.) 1. The amount of data storage provisioned 2. The amount of data storage consumed 3. Number of snapshots 4. Provisioned IOPS 5. Inbound data transfer

Answer 26

**The amount of data storage provisioned & Provisioned IOPS** With EBS volumes you are charged for the amount of data provisioned (not consumed) per month. This means you can have empty space within a volume and you still pay for it. With provisioned IOPS volumes you are also charged for the amount you provision in IOPS

Question 27

What is the most cost-effective Amazon S3 storage tier for data that is not often accessed but requires high availability? 1. Amazon S3 Standard-IA 2. Amazon S3 Standard 3. Amazon S3 One Zone-IA 4. Amazon Glacier

Answer 27

**S3 Standard-IA** S3 Standard-IA is for data that is accessed less frequently, but requires rapid access when needed. S3 Standard-IA offers the high durability, high throughput, and low latency of S3 Standard with 99.9% availability

Question 28

What is the main benefit of the principle of "loose coupling"? 1. Reduce operational complexity 2. Reduce interdependencies so a failure in one component does not cascade to other components 3. Automate the deployment of infrastructure using code 4. Enables applications to scale automatically based on current demand

Answer 28

**Reduce interdependencies so a failure in one component does not cascade to other components** As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces interdependencies a change or a failure in one component should not cascade to other components.

Question 29

Which Amazon EC2 billing option gives you low cost, maximum flexibility, no upfront costs or commitment, and you only pay for what you use? 1. Dedicated Host 2. Spot Instances 3. Reserved Instances 4. On-Demand Instances

Answer 29

**On-Demand instances** With On-Demand instances you pay for hours used with no commitment. There are no upfront costs so you have maximum flexibility.

Question 30

Where can resources be launched when configuring Amazon EC2 Auto Scaling? 1. A single subnet 2. Multiple AZs within a region 3. Multiple AZs and multiple regions 4. Multiple VPCs

Answer 30

**Multiple AZs within a region** Amazon EC2 Auto Scaling is configured within the EC2 console and can launch instances within a VPC across multiple AZs. It cannot launch resources into another AWS Region.

Question 31

Which service can be used to improve performance for users around the world? 1. AWS LightSail 2. Amazon CloudFront 3. Amazon Connect 4. Amazon ElastiCache

Answer 31

**Amazon CloudFront** Amazon CloudFront is a content delivery network (CDN) that caches content at Edge Locations around the world. This gets the content closer to users which improves performance.

Question 32

Which of the below are components that can be configured in the VPC section of the AWS management console? (Select TWO.) 1. EBS volumes 2. Subnet 3. Endpoints 4. DNS records 5. Elastic Load Balancer

Answer 32

**Subnet & Endpoints** You can configure subnets and endpoints within the VPC section of AWS management console. EBS volumes and ELB must be configured in the EC2 section of the AWS management console and DNS records must be configured in Amazon Route 53.

Question 33

Which of the following is a benefit of moving to the AWS Cloud? 1. Outsource all IT operations 2. Pay for what you use 3. Capital purchases 4. Long term commitments

Answer 33

**Pay for what you use** With the AWS cloud you pay for what you use. This is a significant advantage compared to on-premises infrastructure where you need to purchase more equipment than you need to allow for peak capacity. You also need to pay for that equipment upfront.

Question 34

In addition to DNS services, what other services does Amazon Route 53 provide? (Select TWO.) 1. DHCP 2. Caching 3. Domain registration 4. IP Routing

Answer 34

**Domain Registration & Traffic Flow** Amazon Route 53 features include domain registration, DNS, traffic flow, health checking, and failover. Route 53 does not support DHCP, IP routing or caching.

Question 35

What can be assigned to an IAM user? (Select TWO.) 1. An access key ID and secret access key 2. An SSL/TLS certificate 3. Akey pair 4. A password for logging into Linux 5. A password for access to the management console

Answer 35

**An access key ID and secret access key & A password for access to the management console** An IAM user is an entity that represents a person or service. Users can beassigned an access key ID and secret access key for programmatic access to the AWS API, CLI, SDK, and other development tools and a password for access to the management console.

Question 36

The AWS acceptable use policy for penetration testing allows? 1. Customers to carry out security assessments or penetration tests against their AWS infastructure without prior approval for selected services 2. Customers to carry out security assessments or penetration tests against their AWS infrastructure after obtaining authorization from AWS 3. AWS to perform penetration testing against customer resources without notification 4. Authorized security assessors to perform penetration tests against any AWS customer without authorization

Answer 36

**Customers to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for selected services**

Question 37

Which type of connection should be used to connect an on-premises data center with the AWS cloud that is high speed, low latency and does not use the Internet? 1. AWS Direct Connect 2. VPC Endpoints 3. AWS Managed VPN 4. Client VPN

Answer 37

**AWS Direct Connect** AWS Direct Connect is a network service that provides an alternative to using the Internet to connect a customer's on premise sites to AWS. Data is transmitted through a private network connection between AWS and a customer's datacenter or corporate network. Direct Connect is high bandwidth, and low latency.

Question 38

Which of the advantages of cloud listed below is most closely addressed by the capabilities of AWS Auto Scaling? 1. Benefit from massive economies of scale 2. Stop guessing about capacity 3. Stop spending money running and maintaining data centers 4. Go global in minutes

Answer 38

**Stop guessing about capacity** AWS Auto Scaling helps you to adapt to the demand for you application and scale up and down as needed. This means you don't have to guess capacity upfront as you can provision what you need and allows Auto Scaling to manage the scaling.

Question 39

Which statement is correct in relation to the AWS Shared Responsibility Model? 1. AWS are responsible for the security of regions and availability zones 2. Customers are responsible for patching storage systems 3. AWS are responsible for encrypting customer data 4. Customers are responsible for security of the cloud

Answer 39

**AWS are responsible for the security of regions and availability zones**

Question 40

Which of the following is an advantage of cloud computing compared to deploying your own infrastructure on-premise? 1. Flexibility to choose your own hardware 2. Spend using a CAPEX model 3. Paying only for what you use 4. Ability to choose bespoke infrastructure configurations

Answer 40

**Paying for only what you use** With AWS you only pay for what you use. However, you cannot choose your own hardware/infrastructure and the payment model is operational (OPEX) not capital (CAPEX).

Question 41

Which service can be added to a database to provide improved performance for some requests? 1. Amazon RedShift 2. Amazon EFS 3. Amazon ElastiCache 4. Amazon RDS

Answer 41

**Amazon ElastiCache** Amazon ElastiCache provides in-memory caching which improves performance for read requests when the data is cached in ElastiCache. ElastiCache can be placed in front of your database.

Question 42

Which service can be used to assign a policy to a group? 1. AWS IAM 2. Amazon Cognito 3. Amazon STS 4. AWS Shield

Answer 42

**AWS IAM** IAM is used to securely control individual and group access to AWS resources. Groups are collections of users and have policies attached to them. You can use IAM to attach a policy to a group

Question 43

Which AWS service lets you add user sign up, sign-in and access control to web and mobile apps? 1. AWS Artifact 2. Amazon Cognito 3. AWS CloudHSM 4. AWS Directory Service

Answer 43

**Amazon Cognito** Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.

Question 44

What is the difference between an EBS volume and an Instance store? 1. EBS volumes are object storage devices whereas Instance store volume are block based 2. Instance store volumes are ephemeral whereas EBS volumes are persistent storage 3. Instance store volumes can be used with all EC2 instance types whereas EBS cannot 4. EBS volumes are file-level storage devices whereas Instance store volumes are object- based

Answer 44

**Instance store volumes are ephemeral whereas EBS volumes are persistent storage**

Question 45

What are two components of Amazon S3? (Select TWO.) 1. Buckets 2. Directories 3. Objects 4. Block devices 5. File systems

Answer 45

**Buckets & Objects** Amazon S3 is an object-based storage system that is accessed using a RESTful API over HTTP(S). It consists of buckets, which are root level folders, and objects, which are the files, images etc. that you upload The terms directory, file system and block device do not apply to Amazon S3.

Question 46

Which of the below are good use cases for a specific Amazon EC2 pricing model? (Select TWO.) 1. Reserved instances for steady state predictable usage 2. On-demand for regulatory requirements that do not allow multi-tenant virtualization 3. On-demand for ad-hoc requirements that cannot be interrupted 4. Spot for consistent load over a long term 5. Reserved instances for applications with flexible start and end times

Answer 46

**Reserved instances for steady state predictable usage & On-demand for ad-hoc requirements that cannot be interrupted**

Question 47

Which of the following security related activities are AWS customers responsible for? (Select TWO.) 1. Secure disposal of faulty disk drives 2. Implementing data center access controls 3. Installing patches on network devices 4. Installing patches on Windows operating systems 5. Implementing IAM password policies

Answer 47

**Installing patches on Windows operating systems & Implementing IAM password policies** Customers are responsible for configuring their own IAM password policies and installing operating system patches on Amazon EC2 instances

Question 48

An organization has an on-premises cloud and accesses their AWS Cloud over the Internet. How can they create a private hybrid cloud connection that avoids the internet? 1. AWS Direct Connect 2. AWS Managed VPN 3. AWS VPN CloudHub 4. AWS VPC Endpoint

Answer 48

**AWS Direct Connect** AWS Direct Connect is a low-latency, high-bandwidth, private connection to AWS. This can be used to create a private hybrid cloud connection between on-premises and the AWS Cloud.

Question 49

Which team is available to support AWS customers on an Enterprise support plan with account issues? 1. AWS Technical Support 2. AWS Billing and Accounts 3. AWS Concierge 4. AWS Technical Account Manager

Answer 49

**AWS Concierge** Included as part of the Enterprise Support plan, the Support Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts.

Question 50

What are two examples of the advantages of cloud computing? (Select TWO.) 1. Increase speed and agility 2. Trade operating costs for capital costs 3. Secure data centers 4. Benefit from massive economies of scale 5. Trade variable expense for capital expense

Answer 50

**Increase speed and agility & Benefit from massive economies of scale**

Question 51

Which of the following is an architectural best practice recommended by AWS? 1. Design for success 2. Design for failure 3. Think servers, not services 4. Use manual operational processes

Answer 51

**Design for failure** It is recommended that you design for failure. This means always considering what would happen if a component of an application fails and ensuring there is resilience in the architecture.

Question 52

What is the scope of an Amazon Virtual Private Cloud (VPC)? 1. It spans a single CIDR block 2. It spans all Availability Zones within a region 3. It spans multiple subnets 4. It spans all Availability Zones in all regions

Answer 52

**It spans all Availability Zones within a region** A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. A VPC spans all the Availability Zones in the region.

Question 53

Which AWS service allows you to automate the evaluation of recorded configurations against desired configuration? 1. AWS Ops Works 2. AWS Service Catalog 3. AWS CloudFormation 4. AWS Config

Answer 53

**AWS Config** AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

Question 54

Which of the options below are recommendations in the reliability pillar of the well-architected framework? (Select TWO.) 1. Test recovery procedures 2. Manually recover from failure 3. Manage change in manual processes 4. Stop guessing about capacity 5. Scale vertically using big systems

Answer 54

**Test recovery procedures & Stop guessing about capacity** The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues

Question 55

Which storage type can be mounted using the NFS protocol to many EC2 instances simultaneously? 1. Amazon Instance Store 2. Amazon EBS 3. Amazon S3 4. Amazon EFS

Answer 55

**Amazon EFS** EFS is a fully-managed service that makes it easy to set up and scale file storage in the Amazon Cloud. EFS uses the NFSv4.1 protocol. Can concurrently connect 1 to 1000s of EC2 instances, from multiple AZs.

Question 56

Which Amazon RDS deployment type is best used to enable fault tolerance in the event of the failure of an availability zone? 1. Multiple Regions 2. Read Replicas 3. Write Replicas 4. Multiple Availability Zones

Answer 56

**Multiple Availability Zones** Multi AZ provides a mechanism to failover the RDS database to another synchronously replicated copy in the event of the failure of an AZ.

Question 57

Which feature of AWS IAM enables you to identify unnecessary permissions that have been assigned to users? 1. Role Advisor 2. Access Advisor 3. Permissions Advisor 4. Group Advisor

Answer 57

**Access Advisor**

Question 58

What types of monitoring can Amazon CloudWatch be used for? (Select TWO.) 1. Infrastructure 2. Data center 3. Operational health 4. API access 5. Application performance

Answer 58

**Operational Health & Application Performance** Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch performs performance monitoring and can monitor custom metrics generated by applications and the operational health of your AWS resources

Question 59

Which AWS service enables hybrid cloud storage between on-premises and the AWS Cloud? 1. Amazon S3 Cross Region Replication (CRR) 2. AWS Storage Gateway 3. Amazon Elastic File System (EFS) 4. Amazon CloudFront

Answer 59

**AWS Storage Gateway** The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS Cloud. It seamlessly integrates on-premises enterprise applications and workflows with Amazon's block and object cloud storage services through industry standard storage protocols.

Question 60

What does an organization need to do to move to another AWS region? 1. Just start deploying resources in the additional region 2. Create a separate IAM account for that region 3. Apply for another AWS account in that region 4. Submit an application to extend their account to the additional region

Answer 60

**Just start deploying resources in the additional region** You don't need to do anything except start deploying resources in the new region. With the AWS cloud you can use any region around the world at any time. There is no need for a separate account, and IAM is a global service.

Question 61

Which Compute service should be used for running a Linux operating system upon which you will install custom software? 1. Amazon EC2 2. Amazon ECS 3. Amazon EKS 4. AWS Lambda

Answer 61

**Amazon EC2** Amazon EC2 should be used when you need access to a full operating system instance that you can manage. Amazon Elastic Container Service (ECS) and Amazon Elastic Container Service for Kubernetes (EKS) are used for running software containers, not full operating system instances.

Question 62

Which of the following need to be included in a total cost of ownership (TCO) analysis? (Select TWO.) 1. IT Manager salary 2. Facility equipment installation 3. Application development 4. Company-wide marketing 5. Data center security costs

Answer 62

**Facility equipment installation & Data center security costs** To perform a TCO you need to document all of the costs you're incurring today to run your IT operations. That includes facilities equipment installation and data center security costs. That way you get to compare the full cost of running your IT on-premises today, to running it in the cloud.

Question 63

What does an organization need to do in Amazon IAM to enable user access to services being launched in new region? 1. Nothing, IAM is global 2. Enable global mode in IAM to provision the required access 3. Update the user accounts to allow access from another region 4. Create new user accounts in the new region

Answer 63

**Nothing, IAM is global** IAM is used to securely control individual and group access to AWS resources. IAM is universal (global) and does not apply to regions.

Question 64

Which statement is true in relation to data stored within an AWS Region? 1. Data is not replicated outside of a region unless you configure it 2. Data is always replicated to another region 3. Data is automatically archived after 90 days 4. Data is always automatically replicated to at least one other availability zone

Answer 64

**Data is not replicated outside of a region unless you configure it** Data stored within an AWS region is not replicated outside of that region automatically. It is up to customers of AWS to determine whether they want to replicate their data to other regions. You must always consider compliance and network latency when making this decision.