AWS Practice Test
If you deploy your workloads over different Availability Zones in AWS and use Amazon RDS Multi-AZ, which of the following cloud architectural principles are followed?
Explanation:
AWS Artifact is your go—to, central resource for compliance-related information that
matters to you. It provides on-demand access to AWS’ security and compliance reports
and select online agreements. Reports available in AWS Artifact include our Service
Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and
certifications from accreditation bodies across geographies and compliance verticals that
validate the implementation and operating effectiveness of AWS security controls.
Agreements available in AWS Artifact include the Business Associate Addendum (BAA)
and the Nondisclosure Agreement (NDA).
Which AWS service should you use to centrally manage rules and billing across different accounts?
Explanation:
AWS Organizations helps you centrally govern your environment as you grow and scale
your workloads on AWS. Whether you are a growing startup or a large enterprise,
Organizations helps you to centrally manage billing; control access, compliance, and
security; and share resources across your AWS accounts.
Using AWS Organizations, you can automate account creation, create groups of accounts
to reflect your business needs, and apply policies for these groups for governance. You
can also simplify billing by setting up a single payment method for all of your AWS
accounts. Through integrations with other AWS services, you can use Organizations to
define central configurations and resource sharing across accounts in your organization.
AWS Organizations is available to all AWS customers at no additional charge.
An international bank intends to move some of its on-premises online programs to Amazon Web Services (AWS). Which of the following is a benefit of adopting Amazon Web Services (AWS) instead of virtualized data centers?
Explanation:
AWS helps customers reduce large capital investments with lower variable costs. AWS
also gives customers the opportunity to work on their own terms without long—term lock-in,
reducing the risks from unplanned capacity and demand. AWS helps finance teams
plan and forecast more effectively, while giving lT teams the capacity and resources they
need, even during peak periods.
To design a highly available architecture, choose the minimal number of Availability Zones for your Application Load Balancer.
Explanation:
A load balancer serves as the single point of contact for clients. Clients send requests to
the load balancer, and the load balancer sends them to targets, such as EC2 instances, in
two or more Availability Zones. At the very minimum, you have to select at least two
Availability Zones from your VPC. To configure your load balancer, you have to create
target groups and then register targets with your target groups. You also create listeners
to check for connection requests from clients, and listener rules to route requests from
clients to the targets in one or more target groups.
Hence, the correct answer is 2 Availability Zones.
A corporation intends to use AWS to implement a hybrid cloud architecture. Which of the following methods may they use to estimate their costs? (Choose TWO)
Explanation:
The AWS Total Cost of Ownership (T CO) Calculator allows you to estimate the cost
savings when using AWS and provide a detailed set of reports that can be used in
executive presentations. The calculators also give you the option to modify assumptions
that best meet your business needs.
To estimate a bill, use the AWS Simple Monthly Calculator. You can enter your planned
resources by service, and the Simple Monthly Calculator provides an estimated cost per
month. The AWS Simple Monthly Calculator is an easy-to-use online tool that enables you
to estimate the monthly cost of AWS services for your use case based on your expected
usage. It is continuously updated with the latest pricing for all AWS services in all Regions.
Which of the following can analyze your AWS setup and give recommendations for cost savings, improved system performance and reliability, or security gaps?
Explanation:
AWS Trusted Advisor is an online tool that provides you real-time guidance to help you
rovision your resources following AWS best practices. It inspects your AWS environment
and makes recommendations for saving money, improving system performance and
reliability, or closing security gaps.
Whether establishing new workflows, developing applications, or as part of ongoing
improvement, take advantage of the recommendations provided by Trusted Advisor on a
regular basis to help keep your solutions provisioned optimally.
Trusted Advisor includes an ever-expanding list of checks in the following five categories:
Cost Optimization - recommendations that can potentially save you money by
highlighting unused resources and opportunities to reduce your bill.
Security - identification of security settings that could make your AWS solution less
secure.
Fault Tolerance - recommendations that help increase the resiliency of your AWS solution
by highlighting redundancy shortfalls, current service limits, and over-utilized resources.
Performance - recommendations that can help to improve the speed and responsiveness
of your applications.
Service Limits - recommendations that will tell you when service usage is more than 80%
of the service limit.
Which of the following statements about the AWS Global Infrastructure components is correct?
Explanation:
AWS provides a more extensive global footprint than any other cloud provider, and it
opens up new Regions faster than other providers. To support its global footprint and
ensure customers are served across the world, AWS maintains multiple geographic
regions, including Regions in North America, South America, Europe, Asia Pacific, and the
Middle East.
Each AWS Region provides full redundancy and connectivity to the network. Unlike other
cloud providers, who define a region as a single data center, at AWS Regions consist of
multiple Availability Zones, each of which is a fully isolated partition of the AWS
infrastructure that consists of discrete data centers, each with redundant power,
networking, and connectivity, and each housed in separate facilities.
An Availability Zone gives customers the ability to operate production applications and
databases that are more highly available, fault-tolerant, and scalable than would be
possible from a single data center. All AZs are interconnected with high-bandwidth, low-
latency networking, over fully redundant, dedicated metro fiber providing high-throughput,
low-latency networking between A23. The network performance is sufficient to
accomplish synchronous replication between AZs.
Which service should you choose if you need to establish a custom self-hosted database that needs to be shut down every night to save money?
Explanation:
Amazon EBS provides durable, block-level storage volumes that you can attach to a
running instance. You can use Amazon EBS as a primary storage device for data that
requires frequent and granular updates. For example, Amazon EBS is the recommended
storage option when you run a database on an instance.
An EBS volume behaves like a raw, unformatted, external block device that you can attach
to a single instance. The volume persists independently from the running life of an
instance. After an EBS volume is attached to an instance, you can use it like any other
physical hard drive. As illustrated in the figure, multiple volumes can be attached to an
instance. You can also detach an EBS volume from one instance and attach it to another
instance. You can dynamically change the configuration of a volume attached to an
instance. EBS volumes can also be created as encrypted volumes using the Amazon EBS
encryption feature.
Which of the following companies offers a set of services to assist you in achieving specified business results linked to enterprise cloud adoption through paid engagements in a variety of specialty practice areas?
Explanation:
AWS Professional Services shares a collection of offerings to help you achieve specific
outcomes related to enterprise cloud adoption. Each offering delivers a set of activities,
best practices, and documentation reflecting our experience supporting hundreds of
customers in theirjourney to the AWS Cloud. AWS Professional Services’ offerings use a
unique methodology based on Amazon's internal best practices to help you complete
projects faster and more reliably while accounting for evolving expectations and dynamic
team structures along the way.
AWS Professional Services created the AWS Cloud Adoption Framework (AWS CAF) to
help organizations design and travel an accelerated path to successful cloud adoption.
The guidance and best practices provided by the framework help you build a
comprehensive approach to cloud computing across your organization, and throughout
your IT lifecycle. Using the AWS CAF helps you realize measurable business benefits from
cloud adoption faster and with less risk.
You need to host a new Microsoft SQL Server database for a current project. Should you use two AWS services to achieve this requirement?
Explanation:
Amazon Web Services offers you the flexibility to run Microsoft SQL Server for as much or
as little time as you need and select from a number of versions and editions. SQL Server
on Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Block Store
(Amazon EBS) gives you complete control over every setting, just like when it's installed
on-premises. Amazon Relational Database Service (Amazon RDS) is a fully managed
service that takes care of all the maintenance, backups, and patching for you.
Which of the following Amazon EC2 instance purchasing choices allows you to leverage your existing server-bound software licenses to help you meet compliance requirements and save money?
Explanation:
An Amazon E02 Dedicated Host is a physical server with EC2 instance capacity fully
dedicated to your use. Dedicated Hosts can help you address compliance requirements
and reduce costs by allowing you to use your existing server-bound software licenses.
Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software
licenses, including Microsoft Windows Server, Microsoft SQL Server, SUSE Linux
Enterprise Server, Red Hat Enterprise Linux, or other software licenses that are bound to
VMs, sockets, or physical cores, subject to your license terms.
You can use Dedicated Hosts and Dedicated instances to launch Amazon EC2 instances
on physical servers that are dedicated to your use. An important difference between a
Dedicated Host and a Dedicated instance is that a Dedicated Host gives you additional
visibility and control over how instances are placed on a physical server, and you can
consistently deploy your instances to the same physical server over time. As a result,
Dedicated Hosts enable you to use your existing server-bound software licenses and
address corporate compliance and regulatory requirements.
The following table highlights the key similarities and differences in the features available
to you when using Dedicated Hosts and Dedicated Instances:
You have the option to launch instances onto a specific Dedicated Host, or you can let
Amazon E02 place the instances automatically. Controlling instance placement allows
you to deploy applications to address licensing, corporate compliance, and regulatory
requirements.
Select any options that you want to utilize to strengthen the security of your IAM users.
Explanation:
You can improve the security of your Identity and Access Management (IAM) users by
applying the following IAM best practices:
Rotate credentials regularly: Change your own passwords and access keys regularly, and
make sure that all IAM users in your account do as well. That way, if a password or access
key is compromised without your knowledge, you limit how long the credentials can be
used to access your resources. You can apply a password policy to your account to
require all your IAM users to rotate their passwords. You can also choose how often they
must do so.
Configure a strong password policy for your users: If you allow users to change their own
passwords, require that they create strong passwords and that they rotate their
passwords periodically. On the Account Settings page of the IAM console, you can create
a password policy for your account. You can use the password policy to define password
requirements, such as minimum length, whether it requires non-alphabetic characters,
how frequently it must be rotated, and so on.
Enable MFA: For extra security, we recommend that you require multi—factor authentication
(MFA) for all users in your account. With MFA, users have a device that generates a
response to an authentication challenge. Both the user's credentials and the device-
generated response are required to complete the sign-in process. If a user's password or
access keys are compromised, your account resources are still secure because of the
additional authentication requirement.
Which service keeps track of all actions made through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services?
Explanation: >br>
AWS CloudTrail is a service that enables governance, compliance, operational auditing,
and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor,
and retain account activity related to actions across your AWS infrastructure. CloudTrail
provides event history of your AWS account activity, including actions taken through the
AWS Management Console, AWS SDKs, command-line tools, and other AWS services. This
event history simplifies security analysis, resource change tracking, and troubleshooting.
With AWS CloudTrail, you can simplify your compliance audits by automatically recording
and storing event logs for actions made within your AWS account. Integration with
Amazon CloudWatch Logs provides a convenient way to search through log data, identify
out-of—compliance events, accelerate incident investigations, and expedite responses to
auditor requests.
It also increases visibility into your user and resource activity by recording AWS
Management Console actions and API calls. You can identify which users and accounts
called AWS, the source IP address from which the calls were made, and when the calls
occurred.
You're creating a new cloud architecture in AWS for a mission-critical application that requires high availability. Which of the following patterns should be used to fulfill this requirement?
Explanation:
At AWS, Availability Zones are the core of their infrastructure architecture and they form
the foundation of AWS's and customers’ reliability and operations. Availability Zones are
designed for physical redundancy and provide resilience, enabling uninterrupted
performance, even in the event of power outages, Internet downtime, floods, and other
natural disasters.
Amazon E02 is hosted in multiple locations worldwide. These locations are composed of
Regions and Availability Zones. Each Region is a separate geographic area. Each Region
has multiple, isolated locations known as Availability Zones. Amazon EC2 provides you
the ability to place resources, such as instances, and data in multiple locations. Resources
aren't replicated across AWS Regions unless you do so specifically.
Amazon operates state-of-the-art, highly-available data centers. Although rare, failures can
occur that affect the availability of instances that are in the same location. If you host all
your instances in a single location that is affected by such a failure, none of your
instances would be available
For their application, a FANG company is currently using an On-Demand E02 instance, which they aim to convert to a Reserved E02 instance to save money. If the application being hosted will be used for more than three years, which of the following is the most cost-effective option?
Explanation:
All Upfront option: You pay for the entire Reserved Instance term with one upfront
payment. This option provides you with the largest discount compared to On-Demand
instance pricing.
Partial Upfront option: You make a low upfront payment and are then charged a
discounted hourly rate for the instance for the duration of the Reserved Instance term.
No Upfront option: Does not require any upfront payment and provides a discounted
hourly rate for the duration of the term.
Which of the following options below is solely the responsibility of the client under the AWS shared responsibility model?
Correct Answer Zone Security
A company wants to launch a new system on AWS, but they don't have anyone on staff with AWS experience. Which of the following can assist the business in designing, architecting, building, migrating, and managing workloads and applications on AWS?
Explanation:
The AWS Partner Network (APN) is focused on helping partners build successful AWS-
based businesses to drive superb customer experiences. This is accomplished by
developing a global ecosystem of Partners with specialties unique to each customer’s
needs.
There are two types of APN Partners:
1. APN Consulting Partners
2. APN Technology Partners
APN Consulting Partners are professional services firms that help customers of all sizes
design, architect, migrate, or build new applications on AWS. Consulting Partners include
System Integrators (Sls), Strategic Consultancies, Resellers, Digital Agencies, Managed
Service Providers (MSPs), and Value-Added Resellers (VARs).
APN Technology Partners provide software solutions that are either hosted on, or
integrated with, the AWS platform. Technology Partners include Independent Software
Vendors (ISVs), SaaS, PaaS, developer tools, management and security vendors.
Which Amazon Web Services (AWS) services can be used to host virtual servers?
Explanation:
Amazon Elastic Compute Cloud forms a central part of Amazons cloud-computing platform, Amazon Web Services,
by allowing users to rent virtual computers on which to run their own computer applications.
A) is wrong because EBS (Elastic Block Storage) is used for block storage. N.b. EBS is often used to host a virtual server.
B) is wrong because AWS CloudWatch is used for monitoring and managing virtual servers.
C) is correct because EC2 (Elastic Cloud Compute) is used to run virtual machines.
D) is wrong because S3 (Simple Storage Service) is used to store files.
Your boss has given you the task of building a system that is made up of several interconnected microservices. Which AWS product do you think you'd utilize to encourage loose coupling between them?
Explanation:
Amazon Simple Que Service is one the oldest services provided by AWS. It is a fully managed message queuing service
that can be used to decouple services.
A) is correct because S3 (Simple Queue Service) is used to send messages between discrete components.
B) is wrong because AWS IAM is used for user management and role access.
C) is wrong because Bean Stalk is used for developers to host programs with minimal setup.
D) is wrong because CloudTrail is used for auditing, compliance and governance of your AWS count.
What service would you recommend if I wanted to run a relational database on Amazon Web Services while leaving the operating system to Amazon?
Explanation:
Amazon RDS (Relational Database Service) is a service Amazon provides to host and manage relational databases.
They support many of the popular database choices including Oracle, MySQL, MSSQL and Aurora. This service
manages the underlying hardware and the operating systems for the DBs.
A) is wrong because EC2 (Elastic Cloud Compute) is used to run virtual machines.
B) is correct because AWS RDS is an Amazon hosted database provider.
C) is wrong because DynamoDB is a NoSQL database solution.
D) is wrong because RedShift is used as a data warehouse for analytics.
Which instance type would be the best fit for your company's needs to host certain servers for a four-month period?
Explanation:
There are different plans available when using Elastic Cloud Compute. Depending on how often and how frequent
you require your hosts compute resource to be you can choose an appropriate plan.
On Demand instance in this case is the most appropriate.
A) is wrong because spot instances are not suitable because they are not continual
B) is wrong again because it’s for plans between 1 – 3 years.
C) is correct because of the short amount of time the instance is required for.
D) is wrong because this applies to plans apply for between 1 – 3 years
In terms of AWS and its users, what is the shared responsibility modal?
Explanation:
The shared responsibility model states that the stack ownership is split between AWS and their customers. While AWS
is responsible for the global infrastructure, compute, storage and networking. The customers are responsible for data
protection, encryption, platforms and identity access.
A) is wrong because AWS is responsible for this
B) is the correct surmised definition of the shared responsibility model.
C) is wrong because the customer is expected to maintain this.
D) is wrong this is the responsibility of the customer
What service would you recommend if I wanted to host a relational database on AWS while keeping as much control as possible over the database's hosting?
Explanation:
Amazon RDS (Relational Database Service) is a service Amazon provides to host and manage relational databases.
They support many of the popular database choices including Oracle, MySQL, MSSQL and Aurora. This service
manages the underlying hardware and the operating systems for the dBs’
A) is correct because EC2 (Elastic Cloud Compute) can host a Virtual Machine which the client can install a database server on.
B) is wrong because AWS RDS is an Amazon hosted database provider.
C) is wrong because DynamoDB is a NoSQL database solution.
D) is wrong because RedShift is used as a data warehouse for analytics.
Which service is best for Java,.Net, Docker, Python, and Node.js developers who want to quickly deploy their code to the cloud?
Explanation:
AWS Elastic Bean Stalk lets developers quickly deploy their code to the cloud with minimal fuss. This solution is
designed to scale as demand grows.
A) is wrong because DynamoDB is a NoSQL database solution.
B) is wrong because AWS RDS is an Amazon hosted database provider.
C) is wrong because EC2 (Elastic Cloud Compute) can host a Virtual Machine which the client can install a database server on.
D) is correct Bean Stalk takes out much of the configuration required to deploy an application.
What AWS service could you utilize to help protect your production system from DoS attacks?
Explanation:
AWS Shield is a service specifically designed to protect against denial of service attacks DOS. It is used in collaboration
with Route53 and CloudFront to mitigate DOS attacks.
A) is wrong because IAM is user management
B) is correct, see the answer paragraph above
C) is wrong because cloud trail tracks API usage.
D) is wrong multi factor authentication is related to IAM