floCloud Computing Basic

Attemp 1
1. ____________ is a self-service model for accessing, monitoring, and managing remote
datacenter infrastructures.
Answer:​ Infrastructure as a Service (IaaS)
2. The three main types of cloud computing are (select all that apply):
Answer: Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
3. Cloud computing is the on-demand delivery of compute power, database storage,
applications, and other IT resources.
Answer:​ True
4. Cloud computing is the on-demand delivery of compute power, database storage,
applications, and other IT resources.
Answer:​ True
5. ____________ consist of one or more Availability Zones, are geographically dispersed,
and will be in separate geographic areas or countries.
Answer:​ Regions
Attemp 2
1. One of the key benefits of cloud computing is ____
Answer​: the opportunity to replace upfront captial expenses with variable costs that
scale.
2. An on-premise deployment model is a way to connect infrastructure and applications
between cloud-based resources and existing resources that are not located in the cloud.’
Answer​: False, yang bener Hybrid
3. Cloud computing is the on-demand delivery of compute power, database storage,
applications, and other IT resources.
Answer​: True
4. _________ remove the need for organizations to manage the underlying infrastructure
(usually hardware and operating systems) and allow you to focus on the deployment and
management of your applications.
Answer​: Platform as a service (PaaS)
5. Availability Zones consist of one or more discrete data centers, each with redundant
power, networking, and connectivity, housed in separate facilities.
Answer​: True
Attemp 3
1. Infrastructure as a Service (IaaS) is defined as:
Answer​: the basic building blocks for cloud IT providing access to networking features,
computers, and data storage space.
2. Which of the following is NOT an AWS Cloud Platform Service?
Answer:​ Networking
3. Select the benefits of cloud computing (select all that apply):
Answer​:
 ● Benefit from massive economies of scale
● Increase speed and agility
● Trade capital expense for variable expense
● Stop guessing about capacity
4. One of the key benefits of cloud computing is ____
Answer​: the opportunity to replace upfront captial expenses with variable costs that
scale.
5. The AWS cloud infrastructure is built around regions and ___.
Answer​: availability zones
Attemp 4
1. One of the key benefits of cloud computing is ____
Answer​: the opportunity to replace upfront captial expenses with variable costs that
scale.
2. _________ remove the need for organizations to manage the underlying infrastructure
(usually hardware and operating systems) and allow you to focus on the deployment and
management of your applications.
Answer​: Platform as a service (PaaS)
3. Select the benefits of cloud computing (select all that apply):
Answer​:
○ Benefit from massive economies of scale
○ Increase speed and agility
○ Trade capital expense for variable expense
○ Stop guessing about capacity
4. Infrastructure as a Service (IaaS) is defined as:
Answer​: the basic building blocks for cloud IT providing access to networking features,
computers, and data storage space.
5. Each region is designed to be completely isolated from the other regions; this achieves
the greatest possible ____ and ____. (select two best options)
Answer​: fault tolerance & stability
Attemp 5
1. Software as a Service (SaaS) is defined as:
Answer​: a completed product that is run and managed by the service provider, and is
often referred to as end-user applications.
2. The primary deployment models are (select all that apply):
Answer​: hybrid, on-premise, cloud
3. An on-premise deployment model is a way to connect infrastructure and applications
between cloud-based resources and existing resources that are not located in the cloud.
Answer​: false
4. Availability Zones consist of one or more discrete data centers, each with redundant
power, networking, and connectivity, housed in separate facilities.
Answer​: True
5. Cloud computing provides a simple way to access servers, storage, databases and a
broad set of application services over the Internet.
 Answer​: True

AWS Certified Cloud Practitioner Exam

1. You are an AWS Enterprise customer with questions about billing and you overall AWS
account? Which of the following AWS support personnel should you contact?
AWS Concierge. For AWS Enterprise customers, the AWS Concierge is a resource
dedicated to answering billing and account questions.

2. What is an AWS region?

A region is a geographical area divided into Availability Zones. Each region contains at
least two Availability Zones.
3. Which of the following AWS services should you use if you'd like to be notified when you
have crossed a billing threshold?
Cloudwatch
4. True or False: It's safer to use Access Keys than it is to use IAM roles.
False
5. Which of the following are advantages of cloud computing? (Choose 4)
○ Elasticity - you need not worry about capacity.Selected
○ The ability to 'go global' in minutesSelected
○ Increased speed and agility
○ Variable expenseSelected
6. Which of the following AWS Support levels offers 24x7 support via phone or chat?
business
7. True or False: Users are responsible for the security of the cloud.
8. You use containers to host your microservices, and you need to route traffic to those
applications using a single load balancer. Which of the following services should you use
to accomplish this?
Application Load Balancer. This routing can be done only with an Application Load
Balancer.
9. Which of the following are geographic areas that host two or more Availability Zones?
Regions
10. True or False: Access Control Lists are used to make entire buckets (like one hosting an
S3 website) public.
False
11. You have a project that will require 90 hours of computing time. There is no deadline,
and the work can be stopped and restarted without adverse effect. Which of the
following computing options offers the most cost-effective solution?
Spot Instaces
12. Which of the following are characteristics of cloud computing? (Choose 3)
○ Pay-as-you-go pricingSelected
○ On-demand deliverySelected
 ○ Services are delivered via the InternetSelected

13. You need to host a file in a location that's publicly accessible from anywhere in the
world. Which AWS service would best meet that need?
Ans : s3
14. Which of the following support plans feature access to AWS support via email only
during business hours ?
Developer
15. In which order is a user granted access to AWS services?
The user is Authenticated, then Authorized to use AWS services.
16. Which of the following are principles of sound design when it comes to performance
efficiency? (Choose 3)
Ans:
https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/
○ Democratize advanced technologies.
○ Deploy into multiple Regions to go global in minutes.
○ Use Serverless architectures.
17. Which of the following is not part of the AWS Global infrastructure?
18. Common use cases for Amazon S3 include ________. (Choose 2)
Storing application assets
Static web hosting
19. Which of the following EC2 instance types will realize a savings over time in exchange
for a contracted term-of-service?
○ Reserved instances
20. Which of the following best describes a system that will remain operational even in the
event of a component failure?
Fault-tolerant

21. True or False: AWS is responsible for the security of managed Foundation Services,
such as Amazon RDS.
22. Which of the following are valid access types for an IAM user? (Choose 3)
○ Programmatic access via the command line
○ AWS Management Console access
○ Using the AWS Software Developers Kit
- The two types of access are AWS Management Console access and
Programmatic Access via the AWS API, the CLI, and the SDKs.
23. True or False: AWS is responsible for security in the cloud.
False
24. True or False: Customer responsibility for the security of services in the cloud vary by
service.
25. True or False: With Consolidated Billing, the Paying Account can make changes to any
of the resources owned by a Linked Account.
 False. False. The Paying Account cannot make changes to any of the resources owned
by a Linked Account.
26. IAM policies are written using ________.
JSON
27. True or False: Using IAM Groups is the recommended way to manage IAM users’
permissions by job function.

28. Which of the following AWS services are free to use? (Choose 5)
VPC, AUTO SCALLING, IAM,. CLOUDFORMATION, ELASTIC BEANSTALK
29. True or False: It’s best practice not to use IAM Roles for applications that run on EC2
instances.
30. Which of the following best describes a Resource Group?
A resource group is a collection of resources that share one or more tags (or portions of
tags.)

31. True or False: AWS is responsible for security of the cloud.

True
32. Which of the following AWS services is a fast, fully managed data warehouse that makes
it simple and cost-effective to analyze all your data using standard SQL and your existing
Business Intelligence tools.
Ans: redshift
33. Which of the following best describes Availability Zones?
Ans: Distinct locations from within an AWS region that are engineered to be isolated
from failures.
34. You need to re-create an EBS volume that you have used previously. How might you go
about doing that?
Re-create the volume from a snapshot.
35. True or False: With DynamoDB, you can specify the amount of throughput you need for
read and write operations.
Ans: true
36. You need a “virtual hard disk” for your EC2 instance. Which of the following should you
choose?
Ans: EBS
37. You need to allow resources in a private subnet to access the internet. Which of the
following must be present to enable this access?
NAT Gateway

38. Which of the following are types of cloud computing deployments? (Choose 3)
Ans: private public hybrid
39. True or False: S3 Transfer Acceleration uses AWS' network of Availability Zones to more
quickly get your data into AWS.
False
40. Which of the following best describes a system that is always available — without the
need for human intervention?
41. IAM Policy documents are written in which of the following formats? json
42. Which of the following are key components of Amazon Glacier? (Choose 3)
Archive, access policy, vault
43. Which of the following are principles of sound design when it comes to reliability?
(Choose 2)
Scale horizontally. Stop guessing about your capacity requirements.
44. Your application needs fully-managed storage for objects. Which of the following options
should you choose?
S3
45. Which of the following acts like built-in firewalls for your virtual servers?
Security Groups 

46. True or False: Authentication determines which AWS services a user has access to, and
Authorization allows a user access to AWS the overall AWS environment. ​False
47. True or False: For IaaS resources, AWS is responsible for the security of everything
above the hypervisor layer.
48. Which of the following are components of the AWS Risk and Compliance Program?
(Choose 3)
Risk management, control management, information security
49. Which of the following are advantages of cloud computing? (Choose 4)
○ Increased speed and agility
○ Elasticity - you need not worry about capacity.
○ Variable expense
○ The ability to 'go global' in minutes
50. Which of the following are payment options for Reserved Instances? (Choose 3)
Puri, nuri, auri
51. Which of the following are a collection of data centers within a specific region?
ans : Availability Zones
52. Which of the following Load Balancers uses Listeners, Targets, and Target Groups?
Application load blancer
53. I can interact with Glacier using ________. (Choose 4)
○ The AWS CLI
○ The Java or .NET SDKs
○ Amazon S3 Lifecycle Policies
○ The RESTful Glacier web service

54. Which of the following is correct?

○ # of Edge Locations > # of Availability Zones > # of Regions
 55. What do Edge Locations do?
Host a Content Delivery Network called CloudFront
56. Which of the following support services do all accounts receive as standard?
Billing support
57. Which of the following are characteristics of cloud computing? (Choose 3)
58. AWS VPC is a component of which of the following overall services categories?
Networking and Content Delivery

59. The load on your application fluctuates by day of the week. Wednesdays have the most
traffic; Saturdays have the least traffic. Which AWS service allows you to ensure you
have the correct amount of compute capacity while also optimizing on a cost basis?
Auto Scaling
60. True or False: There are more Regions than there are Availability Zones.
61. Generally, there are at least _______ Availability Zones per AWS Region.
62. Regarding Amazon Glacier, what is a Vault?
A container for storing Archives
63. True or False: Both you and a friend can have an S3 bucket called 'mytestbucket'.
False. S3 bucket names are global, and must be unique.
64. Which of the following are components of Auto Scaling? (Choose 3)
○ Launch Configuration
○ Auto Scaling Policy
○ Auto Scaling Group

Unknown
1. Which of the following features of an Amazon VPC can only exist in one Availability
Zones at a time? subnet
2. Which of the following are storage services? (Choose 2)
S3, aws elastic file system
3. True or False: There is a limit to the number of objects you can put into S3.
False
4. Which of the following best describes the ability to scale computing resources up or
down easily, while only paying for the resources used?
Elasticity
5. You need to find an item in a DynamoDB table using an attribute other than the item’s
primary key. Which of the following operations should you use?
scan
6. For which of the following categories does AWS Trusted Advisor provide best practices
and/or or checks of your AWS environment? (Choose 4)
Security, cost optimization, performance, fault tolerance
7. By default, what is the maximum number of Linked Accounts per Paying Account under
Consolidated Billing? 20
8. True or False: Auto Scaling allows you to add or remove EC2 instances from your EC2
fleet based on conditions you specify
True
9. You need to ensure that you have the correct number of EC2 instances available to
handle the load for your application. Which AWS service should you use?
10. True or False: Objects stored in S3 are stored in a single, central location within AWS.
False
11. You need to re-create an EBS volume that you have used previously. How might you go
about doing that?
Re-create the volume from a snapshot.
12. You need a managed, low-cost relational database for your e-commerce store. Which of
the following should you use?
13. Which of the following support plans features a < 4-hour response time in the event of an
impaired production system? Business
14. You want to run your application on a PaaS infrastructure, and you need to be able to
select both your instance type and your database. Which of the following services should
you choose?

15. For a fixed monthly rate, you can choose detailed, once-a-minute monitoring of your EC2
instances.
True
16. Which of the following are programmatic access types enabling users to interact with
AWS services? (Choose 3)
API, CLI, SDK
17. Your Development team uses four on-demand EC2 instances and your QA team has 5
reserved instances, only three of which are being used. Assuming all AWS accounts are
under a single AWS Organization, how will the Development team's instances be billed?
The Dev team will be billed for two instances at on-demand prices and two instances at
the reserved instance price.
Assuming all instances are in the same AWS Organization, the reserved instance pricing
for the unused QA instances will be applied to two of the four Dev instances.
18. Which of the below can be specified as an origin when creating a CloudFront
distribution? (Choose 3)
S3 bucket, elb, domain name
19. True or False: AWS is responsible for the security of Edge Locations.
True
20. Which of the following are principles of sound design when it comes to security?
(Choose 3)
Implement the Principle of Least Privilege, Apply security at all layers, Enable
traceability.
21. Which of the following is the document used to grant permissions to users, groups, and
roles?
22. True or False: Data stored in Glacier is encrypted by default.
 True
23. Which of the following are AWS compute services? (Choose 2) lambda. ec2
24. You need to use an AWS service to assess the security and compliance of your EC2
instances. Which of the following services should you use?
AWS Inspector
25. Which of the following are Migration services? (Choose 2)
a. AWS Application Discovery ServiceSelected
b. AWS SnowballSelected
26. Amazon Lightsail is an example of which of the following?
Platform as a Service

27. Which of the following is not a fundamental AWS charge?

Data in
28. You need to implement an automated service that will scan your AWS environment with
the goal of both improving security and reducing costs. Which service should you use?
Trusted Advisor
29. True or False: By default, all data stored in S3 is viewable by the public.
False. By default, all data stored in S3 is NOT viewable by the public. If you want a
bucket or object to be accessible by the public, you must explicitly make it so.
30. Which of the following are criteria affecting your billing for RDS? (Choose 3)
a. Additional storageSelected
b. Clock hours of server time
c. Number of requestsSelected

31. Which of the following are components of the AWS Assurance Program? (Choose 2)
Compliance with Laws and Regulation, Certifications/Attestations
32. True or False: It is best practice to store your Access Key and Secret Access Key in the
.aws file in your application.
False
33. Which of the following Compliance certifications attests to the security of the AWS
platform regarding credit card transactions?
PCI DSS Level 1
 
34. Which of the following AWS services allows you to run complex analytic queries against
petabytes of structured data, using sophisticated query optimization, columnar storage
on high-performance local disks, and massively parallel query execution.
Redshift
35. Which of the following AWS services should you use to migrate an existing database to
AWS? AWS DMS. The AWS Database Migrations Service is the best choice.

36. True or False: To restrict access to an entire bucket, you use bucket control lists; and to
restrict access to an individual object, you use object policies.
 False
37. An EC2 instance in your VPC needs which of the following for the Internet Gateway to
route its traffic to the Internet? Public IP address
38. The AWS Web Application Firewall can go down to which of the following OSI layers?
7
39. Which of the following are components of IAM? (Choose 4)
40. You have a variable and intermittent workload, so you want to use a compute service
that allows you to pay only for the compute resources you use, without paying for
compute time when your code isn’t running. Which of the following services should you
use?
Lambda
41. Which AWS service allows you to run code without having to worry about provisioning
any underlying resources (such as virtual machines, databases etc.)
42. What happens when an RDS Master database in a Multi-AZ deployment goes down?
RDS automatically fails over to the standby, which is promoted to Master
43. Which of the following are components of IAM? GroupsSelected
● UsersSelected
● Permissions
● Roles

Which of the following is AWS' managed database service that is up to 5X faster than a
traditional MySQL database.

aurora

True or False: A Distribution is what we call a series of Edge Locations that make up
CDN.

TrueSelected

Which AWS Load Balancer types uses a Round-Robin load distribution strategy?
(Choose

In order to comply with regulatory mandates, some of your data needs to be retained in
perpetuity. Which of the following AWS storage services offers low-cost, long-term data
archival? Glacier

True or False: Private subnets have direct, private access to the Internet

False.

The Solutions Architect leading your project tells you the application your team is
working on requires a managed NoSQL database. Which of the following AWS services
best fits that description?
DynamoDB 

True or False: For IaaS resources, AWS is responsible for the security of everything
above the hypervisor layer.

For a subnet to be public and send non-local traffic to the Internet, we must update the
Route Table of the public subnet and attach which of the following to the VPC that
contains the subnet?

True or False: Data stored in Glacier is encrypted by default. ​True

True or False: AWS is responsible for the security of managed Foundation Services,
such as Amazon RDS. True

Which of the following is AWS’ event-driven, serverless compute service? Lambda

True or False: Identity Access Management (IAM) is a Regional service. False

Which of the following compute services is ideal if you need to run a simple website or a
simple e-commerce application? Lightsail is ideal for simple websites or a simple
e-commerce applications.

Which AWS service is specifically designed to assist you in processing large data sets?
Amazon EMR is a web service that makes it easy to process large amounts of data
efficiently.

You have a variable and intermittent workload, so you want to use a compute service
that allows you to pay only for the compute resources you use, without paying for
compute time when your code isn’t running. Which of the following services should you
use? Lambda allows you to run a variable and intermittent workload without paying for
compute time when your code isn’t running.

Which AWS service allows you to run code without having to worry about provisioning
any underlying resources (such as virtual machines, databases etc.) Lambda is the AWS
Function-as-a-Service (FaaS) offering that lets you run code without provisioning or
managing servers.
Evia
1. The AWS cloud infrastructure is built around regions and ___. 
​ vailability zone 
Answer a
2. Each region is designed to be completely isolated from the other 
regions; this achieves the greatest possible ____ and ____. (select two 
best options) 
Answer  
3. An on-premise deployment model is a way to connect infrastructure 
and applications between cloud-based resources and existing 
resources that are not located in the cloud. 
​ alse 
Answer : F
4. Which of the following is NOT an AWS Cloud Platform Service? 
5. One of the key benefits of cloud computing is ____ 
Answer :​ the opportunity to replace upfront captial expenses with variable costs 
that scale.  
1. AWS was started in 2009. 
Answer :​ False 
2. A hybrid deployment uses virtualization and resource management 
tools, and is sometimes called the “private cloud.” 
Answer :​ False 
3. The AWS cloud infrastructure is built around regions and ___. 
Answer :​  
4. Cloud computing is the on-demand delivery of compute power, 
database storage, applications, and other IT resources. 
Answer :​ True 

5. The three main types of cloud computing are (select all that apply): 

Answer ​ Software as a Service (SaaS) Infrastructure as a Service (IaaS) 

Platform as a Service (PaaS)  

6. AWS helps reduce total cost of ownership (TCO) by reducing the need 
to invest in large captial expenditures. 
Answer ​True 
7. A cloud deployment model is fully deployed in the cloud and all parts of 
the application run in the cloud. 
​ rue 
Answer T
8. Cloud computing provides a simple way to access servers, storage, 
databases and a broad set of application services over the Internet. 
Answer T
​ rue 
_________ remove the need for organizations to manage the underlying 
infrastructure (usually hardware and operating systems) and allow you to 
focus on the deployment and management of your applications. 
​Answer P
​ latform as a service (PaaS)  
______________ model allows administrators to provide software applications 
as a service to the end users. It refers to a software that is deployed on a 
hosted service and is accessible via internet. 
Answer S​ oftware as a Service (SaaS) Model  
 
____________ consist of one or more Availability Zones, are geographically 
dispersed, and will be in separate geographic areas or countries. 
Answer R ​ egions 

A cloud Guru 
1. You are an AWS Enterprise customer with questions about billing and 
you overall AWS account? Which of the following AWS support 
personnel should you contact? 
2. What is an AWS region? 
3. With RDS, read-replicas are available for which of the following? 
(Choose 5) 
Read-replicas are available for MySQL, Aurora, MariaDB, 
PostgreSQL and Oracle. MS SQL offers similar functionality but 
not in the form of RDS read replicas. 
4. True or False: It's safer to use Access Keys than it is to use IAM roles. 
5. True or False: There is a limit to the number of objects you can put into 
S3. 
6. Which of the following AWS Support levels offers 24x7 support via 
phone or chat? 
7. Which of the following best describes the ability to scale computing 
resources up or down easily, while only paying for the resources used? 
Elasticity 
8. True or False: Users are responsible for the security of the cloud 
9. You use containers to host your microservices, and you need to route 
traffic to those applications using a single load balancer. Which of the 
following services should you use to accomplish this? 
10. Which of the following are geographic areas that host two or more 
Availability Zones? 
Regions 
11. Which of the following are components of the Security Pillar of the 
AWS Well-Architected Framework? (Choose 3) 
12. Which of the following are best practices when it comes to securing 
your Root AWS account? (Choose 5 
a. Apply an IAM password policy.Selected 
b. Use groups to assign permissions.Selected 
c. Create individual IAM users.Selected 
d. Delete your Root access keys.Selected 
e. Activate MFA on the Root Account.Selected 
13. rue or False: S3 can be used to host a dynamic website, like one that 
runs on a LAMP stack.) 
14. You are using your corporate directory to grant your users access to 
AWS services. What is this called?  
Federated Access 
15. Which AWS Load Balancer types uses a Round-Robin load distribution 
strategy? (Choose 2) 
- The Classic uses a Round-Robin strategy for TCP listeners only. 
- The ALB 1st selects a target based on the routing rule, then uses a 
Round-Robin strategy to select a node. 
16. Which of the following EC2 options is best for long-term workloads 
with predictable usage patterns? 
Reserved instances are the most economical option for long-term 
workloads with predictable usage patterns. 
17. Which of the following are principles of sound cloud design? (Choose 4) 
Disposable resources​SELECTED​, Infrastructure as code , 
Scalability, Assume *everything* will fail. 
 
18. Which of the following is not part of the AWS Global infrastructure? 
19. Which of the following EC2 instance types will realize a savings over 
time in exchange for a contracted term-of-service? 
20.Which of the following EC2 instance types will realize a savings over 
time in exchange for a contracted term-of-service? 
21. Which of the following best describes a system that will remain 
operational even in the event of a component failure? 
22. Which of the following is AWS' Data Warehousing service? 
redshift 
23. True or False: Users are responsible for security in the cloud. 
True 
24.Under the Shared Responsibility model, for which of the following does 
AWS not assume responsibility? 
25. rue or False: With Consolidated Billing, the Paying Account can make 
changes to any of the resources owned by a Linked Account. 
26. Which of the following is not database service? Amazon EBS → storage 
27. True or False: It’s best practice not to use IAM Roles for applications that 
run on EC2 instances. 
28.Which of the following best describes a Resource Group? 
29. Which of the following best describes Availability Zones? 
30.Which of the following Compliance guarantees attests to the fact that 
the AWS Platform has met the standard required for the secure storage 
of medical records in the US? 
31. For a fixed monthly rate, you can choose detailed, once-a-minute 
monitoring of your EC2 instances. 
32. Which of the following AWS Support levels offers the assistance of a 
Technical Account Manager? 
Enterprise 
33. When running a relational database on either your hardware or on an 
EC2 instance, you are responsible for which of the following? 
34. Which of the following are programmatic access types enabling users 
to interact with AWS services? (Choose 3) 
35. True or False: With DynamoDB, you can specify the amount of 
throughput you need for read and write operations. ​True 
36. True or False: S3 is object storage suitable for the storage of 'flat' files 
like Word documents, photos, etc.​ True 
37. Which of the following best describes a system that is always available 
— without the need for human intervention? Highly AvailableT 
38. rue or False: With AWS Organizations, you can use either just the 
Consolidated Billing feature, or all the offered features. True 
39. You have a mission-critical application which must be globally 
available at all times. Which deployment strategy should you follow? 
Multi-Region 
40. Which of the following are advantages of cloud computing? Increased 
speed and agility, Elasticity - you need not worry about capacity., The 
ability to 'go global' in minutes, Variable expense 
41. Which of the following are a collection of data centers within a specific 
region? Availability Zones 
42. Which of the following is correct? # of Edge Locations > # of 
Availability Zones > # of Regions 
43. What do Edge Locations do? Host a Content Delivery Network called 
CloudFront 
44. Generally, there are at least _______ Availability Zones per AWS Region 
-2
​  
45. Which of the following support plans features unlimited 
(customer-side) contacts and unlimited support cases? Business , 
Enterprise 
46. True or False: It's safer to use Access Keys than it is to use IAM roles. 
False 
47. Which of the following are best practices when it comes to securing 
your Root AWS account?  
Delete your Root access keys. 

Use groups to assign permissions.SELECTED 

Create individual IAM users.SELECTED 

Activate MFA on the Root Account. 

Apply an IAM password policy.SELECTED 

48. True or False: Users are responsible for security in the cloud. ​True 
49. Which of the following Compliance guarantees attests to the fact that 
the AWS Platform has met the standard required for the secure 
storage of medical records in the US? HIPAA 
50. Which of the following are programmatic access types enabling users 
to interact with AWS services?   
API 
CLI​SELECTED 

SDK 

51. When considering the security of and AWS EC2 instance, which of the 
below are Users responsible for? ​Patching and maintenance of OS & 
Applications, Security Configuration 
52. IAM Policy documents are written in which of the following formats? 
JSON 
53. True or False: It’s best practice not to use IAM Roles for applications 
that run on EC2 instances. 
54. Which of the following are components of the AWS Risk and 
Compliance Program? 
Control Environment 

Risk Management 

Information Security 

55. True or False: Security in the cloud is the responsibility of AWS. ​False 
56. Which of the following is AWS' managed DDoS protection service? 
AWS Shield 
57. True or False: You use your Access Key and Secret Access Key to log 
into the AWS Management Console. False 
58. True or False: Users are responsible for the security of the cloud. False 
59. Which of the following are components of the Security Pillar of the 
AWS Well-Architected Framework?  
Infrastructure protectionSELECTED 
Detective ControlsSELECTED 

IAMSELECTED 

60. You are using your corporate directory to grant your users access to 
AWS services. What is this called? Federated Access​SELECTED 
61. True or False: It’s best practice not to use IAM Roles for applications 
that run on EC2 instances FalseSELECTED 
62. Which of the following are advantages of cloud computing? 
Increased speed and agilitySELECTED 
Elasticity - you need not worry about capacity.SELECTED 
The ability to 'go global' in minutesSELECTED 
Variable expenseSELECTED 
 63. Which of the following is not part of the AWS Global infrastructure? 
Security Groups 
64. Which of the following best describes a system that will remain 
operational even in the event of a component failure? Fault-tolerant 
65. Under the Shared Responsibility model, for which of the following does 
AWS not assume responsibility? Customer data 
66. Which of the following best describes Availability Zones? Distinct 
locations from within an AWS region that are engineered to be 
isolated from failures. 

35. You need a “virtual hard disk” for your EC2 instance. Which of the following should
you choose?

- A purchasing department staff member is setup as an AWS user in the company’s

procurement AWS account. At each month-end, the staff member needs access to an
application running on EC2 in the company’s accounts payable AWS account to reconcile
reports. Which of the following provides the most secure and operationally efficient way to
give the staff member access to the accounts payable application?
- Have the user request temporary security credentials for the application by assuming
a role
- True or False: Users are responsible for the security of the cloud.
- False
 - Users are responsible for security in the could, not of the cloud.
- True or False: The Standard version of AWS Shield offers automated application (layer 7)
traffic monitoring.
- False
- Only AWS Shield Advanced offers automated application layer monitoring.
- A consulting firm is conducting a Sarbanes-Oxley compliance audit of your IT operations.
The auditor requests visibility to logs of event history across your AWS-based employee
expense system infrastructure. Which AWS service will record and provide give you the
information you need?
- AWS CloudTrail
- AWS CloudTrail provides visibility to API call activity for AWS infrastructure and other
services. AWS Cloudwatch Logs might be part of a centralized logging solution, but
all API event information will come from CloudTrail. AWS Systems Manager can
process EC2 logs only, and AWS Compliance Manager is not a service offered by
AWS.
- True or False: AWS is responsible for security of the cloud
- True
- Which of the following Compliance certifications attests to the security of the AWS platform
regarding credit card transactions?
- PCI DSS Level 1
- IAM Policy documents are written in which of the following formats?
- JSON
- Which of the following AWS services controls Authentication and Authorization within an
AWS account?
- IAM. IAM controls Authentication and Authorization within an AWS account.
- Which of the following services will help you optimize your entire AWS environment in real
time following AWS best practices?
- AWS Trusted Advisor
- Trusted Advisor helps you optimize your entire AWS environment in real time
following AWS best practices. It helps you optimize cost, fault-tolerance, and more.
- Which of the following AWS services can help you assess the fault-tolerance of your AWS
environment?
- AWS Trusted Advisor
- A software development team needs to create numerous testing environments each day
based on multiple concurrent project activities. Provisioning of these environments needs to
happen within minutes to ensure that project deadlines are met. The number of
environments needed daily varies depending shifting priorities in business requirements.
How can the team best achieve the agility they need for creating the testing environments?
- Have AWS CloudFormation provision the stacks and resources needed for the
testing environments
- AWS CloudFormation provides templates to specify all the AWS resources needed
by the testing environments. These templates can be instantiated as stacks to
provision consistent environments every time one is needed. AWS Auto Scaling will
only handle the EC2 instances, and expands and contracts instances based on
 policies. AWS Systems Manager is useful for system administration tasks, and AWS
Lambda has run-time limitations.
- Which of the following best describes EBS?
- A virtual hard-disk in the cloud
- You need to automate EC2 resource provisioning to meet demand. Which AWS service can
help you accomplish this?
- Auto Scaling is automated resource provisioning.
- Amazon VPC…
- Amazon VPC allows you to build a private, virtual network in the AWS cloud, affords
you complete control of network configuration, and offers several layers of security
controls.
- Which of the following Load Balancers uses Listeners, Targets, and Target Groups?
- Application Load Blancer
- True or False: By default, all subnets within a VPC can communicate with each other.
- By default, all subnets within a VPC can communicate with each other. True.
- You’ve been tasked with assessing your AWS infrastructure in terms of cost optimization.
Which of the following AWS services would help with this task?
- Trusted Advisor
- A telecommunications company has his hired you as a consultant to develop a business
case for moving its IT applications and infrastructure to AWS. The company’s leadership
understands the agility value of the cloud, but the finance group is not interested in shifting
capital expense to operating expense due to the company’s tax structure. What will you
include in the business case to attempt to satisfy everyone at the company?
- Suggest that the company make reserved instance purchases and capitalize them
- Many companies capitalize reserved instance purchases, especially those with
3-year terms. Waiting for current infrastructure to fully depreciate will cause the
company to miss the other cloud benefits that are available. Moving the company to
an operating expense model will prove too large a task, and will most likely result in a
rejected business case. Elastic infrastructure is definitely a benefit, but doesn't
address the capitalization issue.
- The Chief Marketing Officer of the hotel chain you work for would like to implement voice
recognition capabilities in rooms so customers can request services without picking up the
phone. Competitors have already begun rolling out these technologies in an attempt to
improve their customers’ experience. Which benefit of the AWS cloud would you most
emphasize to the CMO in your business case for creating an AWS-based solution?
- Agility
- The AWS cloud provides instant access to new technologies. Companies can move
with agility to satisfy new business requirements and meet competitive demands.
There is a very low barrier of entry for innovation. If a solution is not meeting
expectations, services can be instantly de-provisioned. The other three options will
also prove to be benefits of deploying in the AWS cloud, but the use case
emphasizes the need to move quickly against competitive threats.
- Which of the following is a Shared Control of the AWS Shared Responsibility Model?
- Awareness & Training
- Patch Management
 - Shared Controls are elements of the Shared Responsibility Model where both AWS
and the customer have shared responsibilities within their own contexts. Awareness
& Training is a Shared Control, since AWS trains AWS employees, but a customer
must train their own employees. Datacentre Security is solely the responsibility of
AWS. Configuration of an Application within an EC2 instance, and Identity and
Access Management remain the responsibility of the customer
- Which of the following are principles of sound design when it comes to reliability?
- Stop guessing about your capacity requirements.
- Scale horizontally.
- What do Edge Locations do?
- Host a Content Delivery Network called CloudFront
- True or False: With AWS Organizations, you can use either just the Consolidated Billing
feature, or all the offered features.
- True
- With AWS Organizations, you can use either just the Consolidated Billing feature, or
all the offered features.
- You have a mission-critical application which must be globally available at all times. Which
deployment strategy should you follow?
- A Multi-Region deployment will best ensure global availability.
- In which of the following is CloudFront content cached?
- Edge Location
- True or False: Private subnets have direct, private access to the Internet.
- False
- You need to execute code in response to a specific change to your S3 bucket. Which of the
following compute services should you choose to execute your code?
- Lambda
- Which of the following services helps you to faster deliver your content to your customers?
- Amazon CloudFront is a content delivery network that speeds the delivery of content
to your users.
- Regarding Amazon Glacier, what is a Vault?
- A container for storing Archives
- An online education company has customers on four continents. They need to run software
functions to customize offerings for students in various locations around the globe based on
parameters that each student enters. Which AWS service will provide this capability with the
highest performance efficiency?
- Lambda@Edge
- Lambda@Edge provides the capability to run Lambda functions at Edge Locations
based on events generated by the CloudFront content delivery network, allowing
customers to extend their web applications globally. Amazon Elastic Container
Service and Amazon API Gateway would require implementations in each desired
region.
- Where would you find the AWS Attestation of Compliance Documentation for PCI DSS?
- AWS Artifact
- Which of the following is not a compute service?
- Elastic Block Store
- True or False: Identity Access Management (IAM) is a Regional service.
- False
- Identity Access Management (IAM) is a Global service.