What does Amazon ElastiCache provide?

A. A service by this name doesn't exist. Perhaps you mean Amazon CloudCache.
B. A virtual server with a huge amount of memory.
C. A managed In-memory cache service. check_circle
D. An Amazon EC2 instance with the Memcached software already pre-installed.

Answer Description
Explanation

ElastiCache is a web service that makes it easy to set up, manage, and scale a
distributed in-memory data store or cache environment in the cloud. It provides a
high-performance, scalable, and cost-effective caching solution, while removing the
complexity associated with deploying and managing a distributed cache
environment.
https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/WhatIs.html

You decided to pay a low upfront fee and get a significantly discounted hourly
rate. What is the payment model you are going to use?
A. Pay as you go
B. Pay less when you reserve.check_circle
C. Pay even less as AWS grows
D. Custom pricing

Answer Description
Explanation

Pay less when you reserve. For certain products, you can invest in reserved capacity.
In that case, you pay a low upfront fee and get a significantly discounted hourly rate,
which results in overall savings between 42% and71%(depending on the type of
instance you reserve) over equivalent on-demand capacity.
https://media.amazonwebservices.com/AWS_TCO_Web_Applications.pdf

What makes Cloud computing better than traditional datacenters?

A. Eliminating SPOFs.
B. Distributed infrastructure.
C. On-demand infrastructure for scaling applications or tasks.
D. Cost savings.
E. All of the above check_circle
Answer Description
Explanation

These are things that a traditional web host cannot provide. *High-availability
(eliminating SPOFs: single points of failure) *Distributed infrastructure, reducing
latency to all regions of the world *Cost savings (scaling down hardware to avoid
over-spending) *On-demand infrastructure for scaling applications or tasks (adding
servers or "horizontally scaling" to massively increase the hardware power available
to your application) *Resource planning convenience and cost savings. You don't
have to run your own data center for internal or private servers, so your IT
department doesn't have to make bulk purchases of servers which may never get
used, or may be inadequate, and you don't have to pay an entire IT department to
maintain that hardware -- you don't even have to pay an accountant to figure out
how much hardware you can afford or how much you need to purchase. Reference:
https://aws.amazon.com/what-is-cloud-computing/
There is a need to automate the creation of sandbox accounts for developers
and grant entities in those accounts access only to the necessary AWS services.
Which of the following would help?
A. AWS organizations check_circle
B. Amazon Dev Pay
C. AWS Trusted Advisor
D. AWS Cost Explorer

Answer Description
Explanation

You can use the AWS Organizations APIs to automate the creation and management
of new AWS accounts. The Organizations APIs enable you to create new accounts
programmatically, and to add the new accounts to a group. The policies attached to
the group are automatically applied to the new account. For example, you can
automate the creation of sandbox accounts for developers and grant entities in those
accounts access only to the necessary AWS services.
https://aws.amazon.com/organizations/
What is the feature provided by AWS that enable fast, easy, and secure
transfers of files over long distances between your client and your Amazon S3
bucket?
A. File Transfer
B. HTTP Transfer
C. S3 Transfer Acceleration check_circle
D. File transfer Accelerator
Answer Description
Explanation

Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over
long distances between your client and an S3 bucket. Transfer Acceleration takes
advantage of Amazon CloudFront’s globally distributed edge locations. As the
data arrives at an edge location, data is routed to Amazon S3 over an optimized
network path. https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-
acceleration.html
A company currently uses VM Templates to spin up virtual machines on their
on-premise infrastructure. Which of the following can be used in a similar way
to spin up EC2 instances on the AWS Cloud?
A. EBS Volumes
B. Amazon Machines Images check_circle
C. EBS Snapshots
D. Amazon VMware

Answer Description
Explanation

An Amazon Machine Image (AMI) provides the information required to launch an

instance, which is a virtual server in the cloud. You specify an AMI when you launch
an instance, and you can launch as many instances from the AMI as you need. You
can also launch instances from as many different AMIs as you need.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
Which of the following security features is associated with a Subnet in a VPC to
protect against Incoming traffic requests?
A. AWS Inspector
B. Subnet Groups
C. NACL check_circle
D. Security Groups

Answer Description
Explanation

A network access control list (ACL) is an optional layer of security for your VPC that
acts as a firewall for controlling traffic in and out of one or more subnets. You might
set up network ACLs with rules similar to your security groups in order to add an
additional layer of security to your VPC.
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html
Which of the following AWS Cloud services are designed according to the
Multi-AZ principle? (Choose 2 answers)
Amazon DynamoDBcheck_circle
Amazon ElastiCache
Elastic Load Balancing
Amazon Virtual Private Cloud (Amazon VPC)
Amazon Simple Storage Service (Amazon S3)check_circle

Answer Description
Explanation

** Amazon DynamoDB runs across AWS proven, high-availability data centers. The
service replicates data across three facilities in an AWS region to provide fault
tolerance in the event of a server failure or Availability Zone outage. ** Amazon S3
provides durable infrastructure to store important data and is designed for durability
of 99.999999999% of objects. Your data is redundantly stored across multiple
facilities and multiple devices in each facility. While Elastic Load Balancing and
Amazon ElastiCache can be deployed across multiple Availability Zones, you must
explicitly take such steps when creating them.
Using Amazon RDS is under the shared responsibility model, Which of the
following would be the customer responsibilities? (select all that apply)
A. Managing the database settings. check_circle
B. Installing the database software.
C. Building the relational schema. check_circle
D. Performing backups.

Answer Description
Explanation

Amazon RDS manages the work involved in setting up a relational database: from
provisioning the infrastructure capacity you request to installing the database
software. Once your database is up and running, Amazon RDS automates common
administrative tasks such as performing backups and patching the software that
powers your database. With optional Multi-AZ deployments, Amazon RDS also
manages synchronous data replication across Availability Zones with automatic
failover. Since Amazon RDS provides native database access, you interact with the
relational database software as you normally would. This means you're still
responsible for managing the database settings that are specific to your application.
You'll need to build the relational schema that best fits your use case and are
responsible for any performance tuning to optimize your database for your
application’s workflow. Reference: https://aws.amazon.com/rds/faqs/
Which of the following is a Cloud Computing Model that removes the need for your
organization to manage the underlying infrastructure (usually hardware and operating
systems) and allows you to focus on the deployment and management of your
applications?
A. IaaS
B. PaaS check_circle
C. SaaS
D. None of the above

Answer Description
Explanation

Platform as a Service (PaaS) removes the need for your organization to manage the
underlying infrastructure (usually hardware and operating systems) and allows you to focus
on the deployment and management of your applications. This helps you be more efficient as
you don’t need to worry about resource procurement, capacity planning, software
maintenance, patching, or any of the other undifferentiated heavy lifting involved in running
your application. Reference: https://docs.aws.amazon.com/aws-technical-content/latest/aws-
overview/aws-overview.pdf
A company has launched an educational application that intended for global
usage. What service can help provide low latency access with best possible
performance globally?
A. AWS Route 53
B. AWS CloudFront check_circle
C. AWS CloudWatch
D. AWS Elastic Load Balancer

Answer Description
Explanation

Amazon CloudFront is a global content delivery network (CDN) service that

accelerates delivery of your websites, APIs, video content, or other web assets. It
integrates with other AWS products to give developers and businesses an easy way
to accelerate content to end users with no minimum usage commitments. Amazon
CloudFront can be used to deliver your entire website, including dynamic, static,
streaming, and interactive content using a global network of edge locations.
Requests for your content are automatically routed to the nearest edge location, so
content is delivered with the best possible performance. Reference:
https://d1.awsstatic.com/whitepapers/aws-overview.pdf
What does S3 stand for?
A. Simple Storage Service check_circle
B. Simplified Storage Service
 C. Simple Store Service
D. Service for Simple Storage

Answer Description
Explanation

Companies today need the ability to simply and securely collect, store, and analyze
their data at a massive scale. Amazon S3 is object storage built to store and retrieve
any amount of data from anywhere ' web sites and mobile apps, corporate
applications, and data from IoT sensors or devices. It is designed to deliver
99.999999999% durability, and stores data for millions of applications used by
market leaders in every industry. S3 provides comprehensive security and compliance
capabilities that meet even the most stringent regulatory requirements. It gives
customers flexibility in the way they manage data for cost optimization, access
control, and compliance. S3 provides query-in-place functionality, allowing you to
run powerful analytics directly on your data at rest in S3. And Amazon S3 is the most
supported cloud storage service available, with integration from the largest
community of third-party solutions, systems integrator partners, and other AWS
services. https://aws.amazon.com/s3/
Which of the following services can help protect your web applications from
SQL injection and other vulnerabilities in your application code?(Choose two)
A. AWS WAF check_circle
B. IAM
C. Web application firewall check_circle
D. Amazon Cognito

Answer Description
Explanation

Services like AWS WAF, a web application firewall, can help protect your web
applications from SQL injection and other vulnerabilities in your application code. For
access control, you can use IAM to define a granular set of policies and assign them
to users, groups, and AWS resources. Amazon Cognito lets you add user sign-up,
sign-in, and access control to your web and mobile apps quickly and easily. Amazon
Cognito scales to millions of users and supports sign-in with social identity providers,
such as Facebook, Google, and Amazon, and enterprise identity providers via SAML
2.0. Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf
Which of the following is your responsibility when dealing with the PCI DSS?
A. You are responsible for designing, building, and maintaining a compliant
environment in AWS. check_circle
 B. You are responsible for validating compliance annually and document the
results in an AOC document.
C. You are responsible for the network and firewall configuration. check_circle
D. You are responsible for the identity and access management. check_circle
E. You are responsible for Protecting Stored Cardholder Data check_circle

Answer Description
Explanation

Option A,C,D,E are the correct answers as stated in the PCI DSS white paper here:
https://d1.awsstatic.com/whitepapers/compliance/AWS_Anitian_Workbook_PCI_Clou
d_Compliance.pdf // However option B is not correct because you are not
responsible for creating such documents.
What are the pillars of the AWS Well-Architected Framework? (select all that
apply)
A. Reliability check_circle
B. Validity
C. Agility
D. Performance Efficiency check_circle

Answer Description
Explanation

Creating a software system is a lot like constructing a building. If the foundation is

not solid, structural problems can undermine the integrity and function of the
building. When architecting technology solutions on Amazon Web Services (AWS), if
you neglect the five pillars of operational excellence, security, reliability, performance
efficiency, and cost optimization, it can become challenging to build a system that
delivers on your expectations and requirements. Incorporating these pillars into your
architecture helps produce stable and efficient systems. This allows you to focus on
the other aspects of design, such as functional requirements. The AWS Well-
Architected Framework helps cloud architects build the most secure, high-
performing, resilient, and efficient infrastructure possible for their applications. This
framework provides a consistent approach for customers and AWS Partner Network
(APN) Partners to evaluate architectures, and provides guidance to implement
designs that scale with your application needs over time.
https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-
framework/
Which of the following security requirements are managed by AWS? Select 3
answers.
A. Hardware patching check_circle
 B. User permissions
C. Physical security check_circle
D. Disk disposal check_circle
E. Password Policies

Answer Description
Explanation

As per the Shared Responsibility model , the Patching of the underlying hardware
and physical security of AWS resources is the responsibility of AWS. Disk disposal:
Storage Device Decommissioning When a storage device has reached the end of its
useful life, AWS procedures include a decommissioning process that is designed to
prevent customer data from being exposed to unauthorized individuals. AWS uses
the techniques detailed in DoD 5220.22-M (“National Industrial Security Program
Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”)
to destroy data as part of the decommissioning process. All decommissioned
magnetic storage devices are degaussed and physically destroyed in accordance with
industry-standard practices. https://d0.awsstatic.com/whitepapers/aws-security-
whitepaper.pdf
Miller is working with a large data set, and he needs to import it into a
relational database service. What AWS service will meet his needs?
A. RDS check_circle
B. dynamodb
C. ElastiCache
D. Neptune

Answer Description
Explanation

RDS is AWS's relational database service.

Which of the following is NOT a feature of an edge location?
A. Distribute content to users
B. Cache common responses
C. Distribute load across multiple resources check_circle
D. Used in conjunction with the Cloudfront service

Answer Description
Explanation
The Edge location does not do the job of distributing load. It is used in conjunction
with the Cloudfront service to cache the objects and deliver content.
The ________ service is targeted at organizations with multiple users or systems
that use AWS products such as Amazon EC2, Amazon SimpleDB, and the AWS
Management Console.
A. Amazon RDS
B. AWS Integrity Management
C. AWS Identity and Access Management check_circle
D. Amazon EMR

Answer Description
Explanation

https://aws.amazon.com/documentation/iam/?nc1=h_ls
Which of the following examples supports the cloud design principle
“design for failure and nothing will fail''?
A. Use as many services as possible
B. Creating and deploying the most cost-effective solution
C. Deploying an application in multiple Availability Zones check_circle
D. Using Amazon CloudWatch alerts to monitor performance

Answer Description
Explanation

By deploying your AWS resources to multiple Availability zones , you are designing
with failure with mind. So if one AZ were to go down , the other AZ’s would still
be up and running and hence your application would be more fault tolerant.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndA
vailabilityZones.html
Which services allow the customer to retain full administrative privileges of the
underlying virtual infrastructure?
A. Amazon DynamoDB
B. Amazon S3
C. Amazon Lambda
D. Amazon EC2 check_circle

Answer Description
Explanation
All of the other services are all managed by AWS as serverless components. Only you
have complete control over the EC2 service. https://aws.amazon.com/ec2/faqs/
Which of the following features of RDS allows for data redundancy across
regions and improves Disaster Recovery?
A. Multi-region replication
B. Multi-AZ
C. Using snapshots
D. Creating Read Replicascheck_circle

Answer Description
Explanation

You can use Cross-Region Read Replicas to implement a cross-region disaster

recovery model, scale out globally, or migrate an existing database to a new region.
https://aws.amazon.com/blogs/aws/cross-region-read-replicas-for-amazon-rds-for-
mysql/
Which of the following is one of the benefits of AWS Security?
A. Free for Aws premium members.
B. Starts automatically once you upload your data.
C. Scale Quickly check_circle
D. None of the above

Answer Description
Explanation

Security scales with your AWS Cloud usage. No matter the size of your business, the
AWS infrastructure is designed to keep your data safe. Ref: Overview of Amazon Web
Services Page:7 https://docs.aws.amazon.com/aws-technical-content/latest/aws-
overview/aws-overview.pdf
A company is planning to distribute contents to users across the globe. Which
of the following components of the Cloudfront service would they use?
A. Amazon VPC
B. Amazon Edge locations check_circle
C. Amazon Availability Zones
D. Amazon Regions

Answer Description
Explanation
Amazon CloudFront is a web service that speeds up distribution of your static and
dynamic web content, such as .html, .css, .js, and image files, to your users.
CloudFront delivers your content through a worldwide network of data centers called
edge locations.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/
Introduction.html
When you create an S3 bucket, what rules must be followed regarding the
bucket name? (Select all that apply)
A. Bucket names must be between 3-63 characters in length. check_circle
B. Bucket names must contain uppercase letters.
C. Bucket names must be unique across all of AWS. check_circle
D. Bucket name can be formatted as an IP address.

Answer Description
Explanation

Although certain regions do allow for uppercase letters in the bucket name,
uppercase letters are NOT required. Also, a bucket name cannot be formatted as an
IP address. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-
s3-bucket-naming-requirements.html
Big Cloud Jumbo Corp is beginning to explore migrating their entire on-
premises data center to AWS. They are very concerned about how much it will
cost once their entire I.T. infrastructure is running on AWS. What tool can you
recommend so they can do a cost benefit analysis of moving to the AWS Cloud?
A. AWS TCO calculator check_circle
B. AWS Estimate Calculator
C. AWS Cost Explorer
D. AWS Migration Cost Calculator

Answer Description
Explanation

The AWS TCO (Total Cost of Ownership) Calculator is a free tool provided by AWS. It
allows you to compare your current on-premises cost vs. estimated AWS cost.
Victoria has created a web application, placing it's underlining infrastructure in
the N. Virginia (US-East-1) region. After several months, Tracy notices that
much of the traffic coming to her website is coming from Japan. What can
Tracy do to (best) help reduce latency for her users in Japan?
A. Change to a Japanese hosting service.
B. Create a CDN using CloudFront, making sure the proper content is cached at
Edge Locations closest to Japan. check_circle
 C. Recreate the website content.
D. None of the above

Answer Description
Explanation

CloudFront is AWS's content delivery network (CDN) service. You can use it to cache
web content at edge locations what are closest to your customers. This will decrease
latency for the customer and improve overall performance.
Which of the following allows you to use a drag-and-drop interface to edit
cloudFormation templates?
A. CloudFormation visualizer
B. CloudFormation Designer check_circle
C. CloudFormationEditor
D. CloudFormationMaker

Answer Description
Explanation

AWS CloudFormation Designer is a visual tool that provides a drag-and-drop

interface for adding resources to templates. CloudFormation Designer allows you to
spend more time designing your AWS infrastructure and less time manually coding
your templates. For example, when you add or remove resources, CloudFormation
Designer automatically modifies the underlying JSON for you. You can also use the
integrated text editor to specify template details, such as resource property values
and input parameters. Reference:
https://aws.amazon.com/cloudformation/details/#designer
Which of the following terms relates to “Creating systems that scale to the
required capacity based on changes on demand”?
A. Disaster Recovery
B. Aggregation
C. Decoupling
D. Elasticity check_circle

Answer Description
Explanation

The concept of Elasticity is the means of an application having the ability to scale up
and scale down based on demand. An example of such a service is the Autoscaling
service
Which of the following are important principles when designing cloud based
systems? Choose 2 answers
A. Build Tightly-coupled components
B. Use as many services as possible
C. Assume everything will fail check_circle
D. Build loosely-coupled components check_circle

Answer Description
Explanation

Always build components which are loosely coupled. This is so that even if one
component does fail, the entire system does not fail. Also if you build with the
assumption that everything will fail, then you will ensure that the right measures are
taken to build a highly available and fault tolerant system.
Which of the following could you use beside DynamoDB lets you focus on
building great applications for your customers without worrying about
performance at scale?
A. DynamoDB DAX check_circle
B. DynamoDB API
C. DynamoDB SLA
D. None of the above

Answer Description
Explanation

Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-

memory cache for DynamoDB that delivers up to a 10x performance improvement '
from milliseconds to microseconds ' even at millions of requests per second. DAX
does all the heavy lifting required to add in-memory acceleration to your DynamoDB
tables, without requiring developers to manage cache invalidation, data population,
or cluster management. Now you can focus on building great applications for your
customers without worrying about performance at scale. You do not need to modify
application logic, since DAX is compatible with existing DynamoDB API calls. You can
enable DAX with just a few clicks in the AWS Management Console or using the AWS
SDK. Just as with DynamoDB, you only pay for the capacity you provision. Reference:
https://aws.amazon.com/dynamodb/dax/
An organization wants to move to Cloud. They are looking for a secure
encrypted database storage option. Which of the below mentioned AWS
functionalities helps them to achieve this?
A. AWS MFA with EBS
B. AWS EBS encryption check_circle
 C. Multi-tier encryption with VPC
D. AWS S3 server side storage

Answer Description
Explanation

AWS EBS supports encryption of the volume while creating new volumes. It also
supports creating volumes from existing snapshots provided the snapshots are
created from encrypted volumes. The data at rest, the I/O as well as all the snapshots
of EBS will be encrypted. The encryption occurs on the servers that host the EC2
instances, providing encryption of data as it moves between the EC2 instances and
EBS storage. EBS encryption is based on the AES-256 cryptographic algorithm, which
is the industry standard
Which of the following is a compatible PostgreSQL database which also has the
ability to grow in storage size on its own?
A. DynamoDB
B. Aurora check_circle
C. RDS Microsoft SQL Server
D. RDS PostgreSQL

Answer Description
Explanation

Amazon Aurora is a MySQL and PostgreSQL compatible relational database built for
the cloud, that combines the performance and availability of high-end commercial
databases with the simplicity and cost-effectiveness of open source databases.
Aurora is up to five times faster than standard MySQL databases and three times
faster than standard PostgreSQL databases. It provides the security, availability, and
reliability of commercial-grade databases at 1/10th the cost. Aurora is fully managed
by Amazon Relational Database Service (RDS), which automates time-consuming
administration tasks like hardware provisioning, database setup, patching, and
backups. https://aws.amazon.com/rds/aurora/
Which of the following S3 storage class would be ideal for storing thumbnails,
transcoded media, or other processed data that can be easily reproduced?
A. S3 Fast Access class
B. S3 Standard Storage class
C. S3 Infrequent Access Storage class
D. S3 Reduced Redundancy Storage check_circle

Answer Description
Explanation

Reduced Redundancy Storage (RRS) is an Amazon S3 storage option that enables

customers to store noncritical, reproducible data at lower levels of redundancy than
Amazon S3’s standard storage. It provides a highly available solution for
distributing or sharing content that is durably stored elsewhere, or for storing
thumbnails, transcoded media, or other processed data that can be easily
reproduced. The RRS option stores objects on multiple devices across multiple
facilities, providing 400 times the durability of a typical disk drive, but does not
replicate objects as many times as standard Amazon S3 storage. Reference:
https://aws.amazon.com/s3/reduced-redundancy/
You have the following options of protecting data in transit in Amazon S3:
(choose two)
A. Use Server-Side Encryption
B. Use Client-Side Encryption check_circle
C. Use SSL check_circle
D. RDS Encryption

Answer Description
Explanation

Data protection refers to protecting data while in-transit (as it travels to and from
Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You
can protect data in transit by using SSL or by using client-side encryption. Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html
Which of the following features of Amazon RDS allows for better availability
for databases? Choose 2 answers
A. Multi-AZ check_circle
B. VPC Peering
C. Read Replica’s check_circle
D. Multi-Region

Answer Description
Explanation

If you are looking to use replication to increase database availability while protecting
your latest database updates against unplanned outages, consider running your DB
instance as a Multi-AZ deployment. You can use Multi-AZ deployments and Read
Replicas in conjunction to enjoy the complementary benefits of each. You can simply
specify that a given Multi-AZ deployment is the source DB instance for your Read
Replica(s). That way you gain both the data durability and availability benefits of
Multi-AZ deployments and the read scaling benefits of Read Replicas.
https://aws.amazon.com/rds/details/multi-az/
https://aws.amazon.com/rds/details/read-replicas/
How much data can you store in S3?
A. Storage capacity is virtually unlimited. check_circle
B. You can store up to 1 petabyte of data.
C. Each account is given 50 gigabytes of storage capacity and no more can be used.
D. You can store up to 1 petabyte of data, then you are required to pay an additional fee.

Answer Description
Explanation

Although there is theoretically a capacity limit, as an S3 user, there is no limited on the

amount of data you can store in S3.
You can monitor the accepted and rejected IP traffic going to and from your
VPC instances by creating:
A. Access Log
B. Monitor Log
C. Security Log
D. Flow Log check_circle

Answer Description
Explanation

You can monitor the accepted and rejected IP traffic going to and from your
instances by creating a flow log for a VPC, subnet, or individual network interface.
Flow log data is published to CloudWatch Logs, and can help you diagnose overly
restrictive or overly permissive security group and network ACL rules. Explanation:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html
Which of the following needs a user name and password to access AWS resources?
A. AWS Management Console check_circle
B. AWS Application Programming Interface (API)
C. AWS Software Development Kit (SDK)
D. AWS CLI

Answer Description
Explanation

The AWS Management console allows you to access and manage Amazon Web Services
through a simple and intuitive web-based user interface. You can also use the AWS Console
mobile app to quickly view resources on the go. https://aws.amazon.com/console/
What AWS service uses Edge Locations for content caching?
A. AWS Glacier
B. AWS S3 Reduced Redundancy Storage
C. AWS CloudFront check_circle
D. AWS Inspector

Answer Description
Explanation

CloudFront is a content caching service provided by AWS that utilizes "Edge Locations,"
which are AWS data centers located all around the world.

For compute resources, you pay on________ , However for data storage and transfer,
you pay on __________ .
A. a per second basis, a per gigabyte basis.
B. a per second basis, a per second basis.
C. an hourly basis, a per gigabyte basis.check_circle
D. an hourly basis, an hourly basis.

Answer Description
Explanation

** For compute resources, you pay on an hourly basis from the time you launch a resource
until the time you terminate it.** For data storage and transfer, you pay on a per gigabyte
basis. We charge based on the underlying infrastructure and services that you consume. You
can turn off your cloud resources and stop paying for them when you don’t need them.
https://media.amazonwebservices.com/AWS_TCO_Web_Applications.pdf
Which of the following AWS services can be used to store files? Choose 2
answers
A. Amazon CloudFormation
B. Amazon Athena
C. Amazon Elastic Block Store (Amazon EBS) check_circle
D. AWS Config
E. Amazon Simple Storage Service (Amazon S3) check_circle

Answer Description
Explanation

**C. Amazon Elastic Block Store (Amazon EBS) provides persistent block storage
volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS
volume is automatically replicated within its Availability Zone to protect you from
component failure, offering high availability and durability.**E. Amazon S3 is object
storage built to store and retrieve any amount of data from anywhere ' web sites and
mobile apps, corporate applications, and data from IoT sensors or devices. It is
designed to deliver 99.999999999% durability, and stores data for millions of
applications used by market leaders in every industry. https://aws.amazon.com/s3/
A user has created a VPC with public and private subnets using the VPC wizard.
Which of the below mentioned statements is true in this scenario?
A. The AWS VPC will automatically create a NAT instance with the micro size
B. VPC bounds the main route table with a private subnet and a custom route
table with a public subnet check_circle
C. The user has to manually create a NAT instance
D. VPC bounds the main route table with a public subnet and a custom route
table with a private subnet

Answer Description
Explanation

A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS
account. A user can create a subnet with VPC and launch instances inside that
subnet. If the user has created a public private subnet, the instances in the public
subnet can receive inbound traffic directly from the internet, whereas the instances in
the private subnet cannot. If these subnets are created with Wizard, AWS will create a
NAT instance of a smaller or higher size, respectively. The VPC has an implied router
and the VPC wizard updates the main route table used with the private subnet,
creates a custom route table and associates it with the public subnet.
What service helps you to aggregate logs from your EC2 instance?
A. SQS
B. S3
C. Cloudtrail
D. Cloudwatch Logs check_circle

Answer Description
Explanation

You can use Amazon CloudWatch Logs to monitor, store, and access your log files
from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, and
other sources. You can then retrieve the associated log data from CloudWatch Log.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLo
gs.html
Which of the following services relates the concept of “Scaling up resources
based on demand”?
A. AutoScaling check_circle
B. Elastic Load Balancer
C. VPC
D. Subnet

Answer Description
Explanation

AWS Auto Scaling monitors your applications and automatically adjusts capacity to
maintain steady, predictable performance at the lowest possible cost. Using AWS
Auto Scaling, it’s easy to setup application scaling for multiple resources across
multiple services in minutes. https://aws.amazon.com/autoscaling/
A company needs to host a database for at least 2 years. Which of the following
would be the most cost effective?
A. Spot Instances
B. Partial Upfront costs Reserved check_circle
C. No Upfront costs Reserved
D. On-Demand

Answer Description
Explanation

since the database server will be hosted for a minimum period of one year then it is
better to use Reserved Instances as it provides you with a significant discount (up to
75%) compared to On-Demand instance pricing. With the Partial Upfront option, you
make a low upfront payment and are then charged a discounted hourly rate for the
instance for the duration of the Reserved Instance term.
https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/
Your company is planning to host resources in the AWS Cloud. Which of the
following services can be used to decouple distributed software systems and
components?
A. AWS EBS Volumes
B. AWS EBS Snapshots
C. AWS Glacier
D. AWS SQS check_circle

Answer Description
Explanation
Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly-scalable hosted
queue for storing messages as they travel between applications or micro services. It
moves data between distributed application components and helps you decouple
these components.
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/
welcome.html
Which of the following will affect price you pay for an EC2 instance? (Select all
that apply)
A. Amazon Machine Image (AMI). check_circle
B. Instance Type. check_circle
C. How long you use the instance for. check_circle
D. Storage capacity check_circle

Answer Description
Explanation

EC2 instance pricing various depending on many variables. 1) The type of buying
option 2) Selected Ami 3) Selected instance type 4) Region 5) Data in/out 6) Storage
capacity
Which of the following services is a fully managed, petabyte-scale data
warehouse service in the AWS cloud?
A. Amazon DynamoDB
B. Amazon Redshift check_circle
C. Amazon ElastiCache
D. Amazon Aurora

Answer Description
Explanation

Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the

cloud. You can start with just a few hundred gigabytes of data and scale to a
petabyte or more. This enables you to use your data to acquire new insights for your
business and customers.
https://docs.aws.amazon.com/redshift/latest/mgmt/welcome.html
You are trying to calculate the Total Cost of Ownership (TCO) for the AWS
Cloud. which of the following should you provide?
A. The number of servers migrated to AWS check_circle
B. The number of users migrated to AWS
C. The number of passwords migrated to AWS
D. The number of keys migrated to AWS
Answer Description
Explanation

The TCO Calculator provides directional guidance on possible realized savings when
deploying AWS. This tool is built on an underlying calculation model, that generates
a fair assessment of value that a customer may achieve given the data provided by
the user which includes the number of servers migrated to AWS, the server type, the
number of Processors and so on. https://aws.amazon.com/tco-calculator/
https://awstcocalculator.com/
What TWO services/features are required to have highly available and fault
tolerant architecture in AWS?
A. Elastic Load Balancer check_circle
B. CloudFront
C. ElastiCache
D. Auto Scaling check_circle

Answer Description
Explanation

Amazon Web Services provides services and infrastructure to build reliable, fault-
tolerant, and highly available systems in the cloud. These qualities have been
designed into our services both by handling such aspects without any special action
by you and by providing features that must be used explicitly and correctly. Elastic
Load Balancer, Auto Scaling are required to have highly available and fault tolerant
architecture in AWS.
A company is hosting a web application in the AWS cloud using a set of of EC2
Instances. Which of the following can help protecting them from DDos attacks?
(Select all that apply)
A. Using Security Groups check_circle
B. Using AWS Config
C. Using Network Access Control Lists check_circle
D. Using the Internet gateway

Answer Description
Explanation

** A security group acts as a virtual firewall for your instance to control inbound and
outbound traffic. ** A network access control list (ACL) is an optional layer of security
for your VPC that acts as a firewall for controlling traffic in and out of one or more
subnets. Therefore they can reduce the overall threat to your EC2 Instances.
There is a need to analyze and process a large number of data sets. Which of
the following services can help fulfill this requirement?
A. S3
B. EMR check_circle
C. Glacier
D. Storage gateway

Answer Description
Explanation

Amazon EMR helps you analyze and process vast amounts of data by distributing the
computational work across a cluster of virtual servers running in the AWS Cloud. The
cluster is managed using an open-source framework called Hadoop. Amazon EMR
lets you focus on crunching or analyzing your data without having to worry about
time-consuming setup, management, and tuning of Hadoop clusters or the compute
capacity they rely on.
Kim is managing a web application running on the AWS cloud. The application
is currently utilizing eight EC2 servers for its compute platform. Earlier today,
two of those web servers have been crashed; however, none of her customers
were affected. What has Kim done correctly in this scenario?
A. Properly built an elastic system.
B. Properly built a scalable system
C. Properly build a fault tolerant system. check_circle
D. None of the above.

Answer Description
Explanation

A fault tolerant system is one that can sustain a certain amount of failure while still
remaining operational.
Your company requires that all the data on your EBS-backed EC2 volumes be
encrypted. How would you go about doing this?
A. You cannot enable EBS encryption on a specific volume
B. AWS allows you to encrypt the file system on an EBS volume on EBS volume
setup check_circle
C. Encryption can be done on the OS layer of the EBS volume
D. None of the above

Answer Description
Explanation

Amazon EBS encryption offers a simple encryption solution for your EBS volumes
without the need to build, maintain, and secure your own key management
infrastructure. When you create an encrypted EBS volume and attach it to a
supported instance type, the following types of data are encrypted: >> Data at rest
inside the volume.>> All data moving between the volume and the instance.>> All
snapshots created from the volume. >>All volumes created from those snapshots.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
AWS provides a storage option known as Amazon Glacier which designed
for____________ & ______________Please specify 2 correct options.
A. Cached session data
B. Infrequently accessed data check_circle
C. Data archives check_circle
D. Active database storage

Answer Description
Explanation

Amazon Glacier is an extremely low-cost storage service that provides secure, durable, and
flexible storage for data backup and archival. So Amazon glacier is used for Infrequently
accessed data and Data archives.
Which of the following can be used to automate multiple AWS services through
scripts?
A. AWS Powershell
B. AWS Bash
C. AWS CLI check_circle
D. AWS Console

Answer Description
Explanation

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS
services. With just one tool to download and configure, you can control multiple
AWS services from the command line and automate them through scripts.
https://aws.amazon.com/cli/
You have developed a microservices application, Which of the following should
you use to make sure that each EC2 instance in a system get the same amount
of traffic?
A. Availability Zone
B. Auto Scaling
C. Classic Load Balancer
 D. Application Load Balancer check_circle

Answer Description
Explanation

Elastic Load Balancing (ELB)automatically distributes incoming application traffic

across multiple EC2 instances. It enables you to achieve greater levels of fault
tolerance in your applications, seamlessly providing the required amount of load
balancing capacity needed to distribute application traffic. Elastic Load Balancing
offers two types of load balancers that both feature high availability, automatic
scaling, and robust security. These include the Classic Load Balancer that routes
traffic based on either application or network level information, and the Application
Load Balancer that routes traffic based on advanced application-level information
that includes the content of the request. The Classic Load Balancer is ideal for simple
load balancing of traffic across multiple EC2 instances, while the Application Load
Balancer is ideal for applications needing advanced routing capabilities,
microservices, and container-based architectures. Application Load Balancer offers
the ability to route traffic to multiple services or load balance across multiple ports
on the same EC2 instance. Reference: https://d1.awsstatic.com/whitepapers/aws-
overview.pdf
Which AWS network feature can help you make private connectivity between
AWS and your data center?
A. AWS Service Catalog
B. Amazon CloudFront
C. AWS Route 53
D. AWS Direct Connect check_circle

Answer Description
Explanation

AWS Direct Connect makes it easy to establish a dedicated network connection from
your premises to AWS. Using AWS Direct Connect, you can establish private
connectivity between AWS and your data center, office, or co-location environment,
which in many cases can reduce your network costs, increase bandwidth throughput,
and provide a more consistent network experience than Internet-based
connections.AWS Direct Connect lets you establish a dedicated network connection
between your network and one of the AWS Direct Connect locations. Using industry
standard 802.1Q virtual LANS (VLANs), this dedicated connection can be partitioned
into multiple virtual interfaces. This allows you to use the same connection to access
public resources, such as objects stored in Amazon S3 using public IP address space,
and private resources such as EC2 instances running within a VPC using private IP
address space, while maintaining network separation between the public and private
environments. Virtual interfaces can be reconfigured at any time to meet your
changing needs. Reference: https://d1.awsstatic.com/whitepapers/aws-overview.pdf
Which of the following services allows you to analyze EC2 Instances against
pre-defined security templates to check for vulnerabilities?
A. AWS Trusted Advisor
B. AWS Inspector check_circle
C. AWS WAF
D. AWS Shield

Answer Description
Explanation

Amazon Inspector enables you to analyze the behavior of your AWS resources and
helps you to identify potential security issues. Using Amazon Inspector, you can
define a collection of AWS resources that you want to include in an assessment
target. You can then create an assessment template and launch a security assessment
run of this target.
https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html
Your company is trying to deploy a two-tier, highly available web application to
AWS. The application needs a storage layer to store artifacts such as photos and
videos. Which of the following services can be used as the underlying storage
mechanism?
A. Amazon EBS volume
B. Amazon EC2 instance store
C. Amazon S3 check_circle
D. Amazon RDS instance

Answer Description
Explanation

You can store virtually any kind of data in any format.

https://aws.amazon.com/s3/faqs/
Which of the following storage mechanisms can be used to store messages
effectively across distributed systems?
A. Amazon Glacier
B. Amazon EBS Volumes
C. Amazon EBS Snapshots
D. Amazon SQS check_circle

Answer Description
Explanation

Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly-scalable hosted
queue for storing messages as they travel between applications or microservices. It
moves data between distributed application components and helps you decouple
these components. https://aws.amazon.com/sqs/
Which of the following services allows developers to run Infrastructure as code?
A. AWS CloudFormation check_circle
B. AWS Systems Manager
C. AWS CloudTrail
D. AWS Config

Answer Description
Explanation

AWS CloudFormation gives developers and systems administrators an easy way to

create, manage, provision, and update a collection of related AWS resources in an
orderly and predictable way. AWS CloudFormation uses templates written in JSON or
YAML format to describe the collection of AWS resources (known as a stack), their
associated dependencies, and any required runtime parameters. You can use a
template repeatedly to create identical copies of the same stack consistently across
AWS Regions. After deploying the resources, you can modify and update them in a
controlled and predictable way. In effect, you are applying version control to your
AWS infrastructure the same way you do with your application code. Reference:
https://d1.awsstatic.com/whitepapers/aws-overview.pdf
Which of the following reserved instances payment options provides a
discounted hourly rate for the instance for the duration of the Reserved
Instance term? (choose two)
A. All Upfront option.
B. Partial Upfront option. check_circle
C. Percentage Upfront option.
D. No Upfront option. check_circle

Answer Description
Explanation

You can choose between three payment options when you purchase a Standard or
Convertible Reserved Instance. With the All Upfront option, you pay for the entire
Reserved Instance term with one upfront payment. This option provides you with the
largest discount compared to On-Demand instance pricing. With the Partial Upfront
option, you make a low upfront payment and are then charged a discounted hourly
rate for the instance for the duration of the Reserved Instance term. The No Upfront
option does not require any upfront payment and provides a discounted hourly rate
for the duration of the term. https://aws.amazon.com/ec2/pricing/reserved-
instances/pricing/
You want all of your AWS resources to be available the majority of the time.
Which of the following actions should you implement?
A. Use Route 53 health checking to configure Active-Active Failover. check_circle
B. Use Route 53 health checking to configure Active-Passive Failover.
C. Use Route 53 health checking to configure Passive -Active Failover.
D. Use Route 53 health checking to configure Passive-Passive Failover.

Answer Description
Explanation

you should use Active-Active Failover failover configuration when you want all of
your resources to be available the majority of the time. When a resource becomes
unavailable, Route 53 can detect that it's unhealthy and stop including it when
responding to queries.In active-active failover, all the records that have the same
name, the same type (such as A or AAAA), and the same routing policy (such as
weighted or latency) are active unless Route 53 considers them unhealthy. Route 53
can respond to a DNS query using any healthy record.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-
types.html