1) Alex was trying to upload a 20 GB file on S3 and it’s not working
Ans:-Alex should use Multi Part upload when file is bigger than 5GB
2) ap-northeast-1a is a…
Image
Heading
Preformatted
Availability Zone
ans:-Availability Zone
2)Availability Zones are:
Ans:-In geographically isolated data centers.
3) Which databases can be accessed by Amazon RDS?
Ans:-MySQL, MariaDB, Oracle, SQL Server, or PostgreSQL database.
4) Alex tried creating an S3 bucket named “test” but it didn’t work. This is a new AWS Account and I have no buckets at all. What is the cause?
Ans:-Since Bucket names must be globally unique and “test” is already taken by someone.
5) What are IAM components?
Ans:-Users,Roles,Policies and Groups
6) Which relational database engines does Amazon RDS support?
Ans:-Amazon RDS supports Amazon Aurora, MySQL, MariaDB, Oracle, SQL Server, and PostgreSQL database engines.
7) Are IAM Users defined on a per-region basis?
Ans:-False
8) I have added input files in bucket and then enabled versioning. The files I have already added will have which version?
Ans:-Null
9) When would I use Amazon RDS vs. Amazon EC2 Relational Database AMIs?
Ans:-Amazon RDS enables to run a fully featured relational database while offloading database administration. Using relational database AMIs on Amazon EC2 allows to manage relational database in the cloud.
10) Question:Can An IAM user belong to multiple groups?
Answer-Yes
11) As a Solution Architect what will you do for keeping secure system respective to users? Our engineers should not reinvent every time whenever new person joins?
Ans: I’ll create multiple IAM users and groups, and assign policies to groups. New users will be added to groups
12) Can An IAM user belong to multiple groups?
Ans:-Yes
13) As a Solution Architect what will you do for keeping secure system respective to users? Our engineers should not reinvent every time whenever new person joins?
Ans: I’ll create multiple IAM users and groups, and assign policies to groups. New users will be added to groups
14) Our project client wants to make sure the encryption is happening in S3, but wants to fully manage the encryption keys and never store them in AWS. What should be recommended?
Ans:-SSE-C
15) How do I create a DB instance?
Ans:-To Create a DB instance using the AWS Management Console, click “RDS,” then the Launch DB Instance button on the Instances tab.
16) Should we share our IAM credentials with colleagues if they need access to help you?
Ans- We should not share our credentials.
17) Alex is working in Cloud Company and his company wants data to be encrypted in S3, and maintain control of the rotation policy for the encryption keys. What should be recommended?
Ans:-SSW-KMS
18) Do we pay for an EC2 instance compute component?
Ans- We should pay money whenever it’s in “running” state.
19) There is a permission error exception when trying to SSH into Linux Instance ,what should be reason?
Ans: the key is missing permissions chmod 0400
20)In Release 3, Client has asked me to encrypt data but not through S3 since they don’t trust on S3. Then what should be recommended?
Ans:-Client Side Encryption
- Alex was trying to upload a 20 GB file on S3 and it’s not working
Alex should use Multi Part upload when file is bigger than 5GB
21) Suppose You got a network timeout when you tried to connect SSH for your EC2 instance. What should be reason?
Ans: Your security groups are misconfigured
22) Which encryption method requires HTTPS?
Ans:- SSE-C
23) How do I import data into an Amazon RDS DB instance?
Ans:-There are a number of simple ways to import data into Amazon RDS, such as with the mysqldump or mysqlimport utilities for MySQL; Data Pump, import/export or SQL Loader for Oracle; Import/Export wizard, full backup files
24) When a security group is created, what is the default behavior?
Ans:-Deny all traffic inbound and allow all traffic outbound
25) How will I be charged and billed for my use of Amazon RDS?
Ans:- You are billed based on:
DB instance hours – Based on the class (e.g. db.t2.micro, db.m4.large) of the DB instance consumed. Partial DB instance hours consumed are billed as full hours.
Storage (per GB per month) – Storage capacity you have provisioned to your DB instance.
I/O requests per month – Total number of storage I/O requests you have (for Amazon RDS Magnetic Storage and Amazon Aurora only)
Provisioned IOPS per month – Provisioned IOPS rate, regardless of IOPS consumed (for Amazon RDS Provisioned IOPS (SSD) Storage only)
Backup Storage – Backup storage is the storage associated with your automated database backups and any customer-initiated database snapshots.
Data transfer – Internet data transfer in and out of your DB instance.
26) What are the following references which is linked to Security groups?
Ans:-IP Address, CIDR Block, Security Group.
27) Suppose I want to provide startup instructions to EC2 instances, then which EC2 parameter should be used?
Ans:-EC2 User Data
28) How many instances can I run in Amazon EC2?
Ans:-You are limited to running On-Demand Instances per your vCPU-based On-Demand Instance limit, purchasing 20 Reserved Instances and requesting Spot Instances per your dynamic Spot limit per region.
29) In a project one team member has built and published an AMI in the ap-southeast-2 region, and his colleague in us-east-1 region is not able to see that AMI? What should be reason?
Ans: An AMI created for a region can only be seen in that region
30) What operating system environments are supported?
Ans:-Amazon EC2 currently supports a variety of operating systems including: Amazon Linux, Ubuntu, Windows Server, Red Hat Enterprise Linux, SUSE Linux Enterprise Server, Fedora, Debian, CentOS, Gentoo Linux, Oracle Linux, and FreeBSD.
31) What does Load Balancers provide?
Ans:- static DNS name that we can use in our application
ap-northeast-1a is a…
32) How can any AWS user view current On-Demand Instance limits?
Ans:-User can view current On-Demand Instance limits on the EC2 Service Limits page in the Amazon EC2 console.
33) You are running a website with a load balancer and 14 EC2 instances. Your users are complaining about the fact that your website always asks them to re-authenticate when they switch pages. You are puzzled, because it’s working just fine on your machine and in the dev environment with 2 server. What could be the reason?
Ans:- The Load Balancer does not have stickiness enabled
34) What is changing?
Ans:- Starting Jan-27 2020, Amazon Elastic Compute Cloud (EC2) will begin rolling out a change to restrict email traffic over port 25 by default to protect customers and other recipients from spam and email abuse.
35) Your application is using an Application Load Balancer. It turns out your application only sees traffic coming from private IP which are in fact your load balancer’s. What should you do to find the true IP of the clients connected to your website?
Ans:-Look into the X-Forwarded-For header in the backend
36) What are Accelerated Computing instances?
Ans:-Accelerated Computing instance family is a family of instances which use hardware accelerators, or co-processors, to perform some functions, such as floating-point number calculation and graphics processing, more efficiently than is possible in software running on CPUs.
37) Your users are complaining about the fact that sometimes, the servers just don’t work. You realise that indeed, your servers do crash from time to time. How to protect your users from seeing these crashes?
Ans:- Enable Health Checks
38) What is Amazon Machine Images (AMIs)?
Ans:-The Amazon Machine Image (AMI) defines the initial software that will be on an instance when it is launched. An AMI defines every aspect of the software state at instance launch,including:
39) John is designing a high performance application that will require millions of connections to be handled, as well as low latency. The best Load Balancer for this is
Ans:- Network Load Balancer
40) Which are the protocols are handled by Application Load Balancers?
Ans:-HTTP;HTTPS;WEBSOCKET.
41) What are the different types of AMIs?
Ans:-There are four sources of AMIs:
Published by AWS
The AWS Marketplace
Generated from Existing Instances
Uploaded Virtual Servers
42) The application load balancer can redirect to different target groups based on certain parameters? What are those parameters?
Ans:- HOSTNAME;REQUEST PATH
43) What is security groups?
Ans:-AWS allows you to control traffic in and out of your instances through virtual firewalls called security groups. Security groups allow you to control traffic based on port, protocol, and source/destination.
44) John as solution architect is running instance at desired capacity of 3 and the maximum capacity of 3. You have alarms set at 60% CPU to scale out your application. Your application is now running at 80% capacity. What will happen?
Ans: Nothing will happen.
45) My Team Lead has an ASG and an ALB, and he setup ASG to get health status of instances. One instance has just been reported unhealthy. What will happen?
Ans:- The ASG will terminate the EC2 Instance
46) What are different types of Security Groups?
Ans:- EC2-Classic Security Groups Control outgoing instance traffic
VPC Security Groups Control outgoing and incoming instance traffic
47) Your team lead wants to scale your ASG based on the number of requests per minute your application makes to your database. What should you do?
Ans:-You create a Cloud Watch custom metric and build an alarm on this to scale your ASG
48) Your instance in us-east-1b just got terminated, and the attached EBS volume is now available. Your colleague tells you he can’t seem to attach it to your instance in us-east-1a.
Ans:-EBS volumes are AZ locked
49) How can we take snapshots?
Ans:-You can take snapshots in many ways:
Through the AWS Management Console
Through the CLI
Through the API
By setting up a schedule of regular snapshots
50) Your company cloudvikas wants the most secure setup for your EBS volumes with minimal effort. What should be solution in your knowledge?
Ans:- EBS volumes support in flight SSL encryption and do support encryption at rest using KMS
51) Suppose there is a website which loads files from another S3 bucket. When i try the URL of the files directly in Chrome browser it works, but when the website I am visiting and tries to load these files it doesn’t. What should be the problem?
Ans:- CORS is wrong
52) Your Team lead is looking to automatically trigger a code analysis at each commit in CodeCommit to ensure developers haven’t committed secret credentials. How can you achieve this?
Setup AWS SNS / Lambda integration in CodeCommit
53) Can I access the metrics data for a terminated Amazon EC2 instance or a deleted Elastic Load Balancer?
Yes. Amazon CloudWatch stores metrics for terminated Amazon EC2 instances or deleted Elastic Load Balancers for 2 weeks.
54) In project , Two employees are working on same IAM. When i run the application on machine, it’s working fine, whereas my teammate get API authorisation exceptions. What should I do?
Ans:-Compare his IAM policy and my IAM policy in the policy simulator to understand the differences
55) When I run the CLI on my EC2 Instances, the CLI uses the _ service to get credentials thanks to the IAM Role that’s attached.
Ans- Meta data | temporary
56) To improve project process,Your client wants to send email alerts anytime pull requests are open or comments are added to commits in CodeCommit. What should I use?
Ans- AWS CloudWatch Events
57) Which of the following is mandatory for a CloudFormation template?
Parameters
Resources
Mappings
Ans :-Resources
58) Consider you have created Load Balancer with CloudFormation.Now you would like to retrieve the DNS name. Which function should you use to retrieve the DNS name of a Load Balancer created with CloudFormation?
Ans:-Fn::GetAtt
59) My Team member John is trying to delete a stack but it seems he can’t because other stacks reference its exported outputs. What should he do?
Ans:-Delete the other stacks referencing the exported outputs first
60) Which authentication is not supported CodeCommit ?
Ans:- HTTP public access
61) You want to give a colleague that has an IAM User in another AWS Account access to your CodeCommit repository. How should you achieve that?
Ans:-Setup an IAM Role in your account and tell him to use STS cross-account access to assume that role
62) What is the minimum time interval granularity for the data that Amazon CloudWatch receives and aggregates?
Ans:- Metrics are received and aggregated at 1 minute intervals.
63) Alex has setup one ecommerce site where he has observed high traffic during festival time. He is preparing for the biggest day of sale of the year, where traffic will increase by 200x. He has already setup SQS standard queue. What should he do?
Ans:-Do nothing, SQS scales automatically
64) John would like messages to be processed by SQS consumers only after 5 minutes. What should he do?
Ans:-Increase the DelaySeconds parameters
Ans:-Increase the DelaySeconds parameters
65) Suppose you are working in big data project where data processing used to happen on daily basis.You got one problem where Your consumers poll 10 messages at a time and finish processing them in 1 minute. You notice that your messages are processed twice, as other consumers also receive the messages. What should you do?
Ans:-Increase the VisibilityTimeout
66) Consider Alex has to upload a file to S3. Its size is 1 GB. which type of upload will give the best throughput performance and resilience?
Ans:-Do a multi-part upload
67) If you want to use CloudFormation, then first your templates must be uploaded into which service?
Directly in CloudFormation
In AWS S3
In AWS CodeCommit
Ans:-In AWS S3
68) Do we have to specify the order in which CloudFormation template should create resources?
True/False
Ans- False
69) In Spark streaming project , you will get data each time. If its format does not match predefined format then it creates problem.Alex has found similar issue in his project:one message keeps on being processed and makes his consumers crash one by one. That message has a bad format and he had like to get rid of it automatically if that happens. How can he implement this?
Ans:-Implement a DLQ with a redrive policy
70) John has noticed that his SQS costs are extremely high. Upon closer look, he noticed that his consumers are polling SQS too often and getting empty data as a result. What should he do?
Ans:-Enable Long Polling
71) You’d like your messages to be processed exactly once and in order. Which do you need?
Ans:-SQS FIFO Queue
72) I would like to retrieve a subset of dataset stored in S3 with the CSV format. I would like to retrieve a month of data and only 3 columns out of the 10. What should i use?
Ans:- S3 select
73) Which operating systems does Amazon CloudWatch support?
Ans:-Amazon CloudWatch receives and provides metrics for all Amazon EC2 instances and should work with any operating system currently supported by the Amazon EC2 service.
74) Your project manager wants to receive emails when your CodePipeline fails in order to take action. How do you do it?
Ans:- Setup an AWS CloudWatch Event Rule
75) Which AWS Services allow you to track and audit API calls made to and from CodePipeline?
Ans:- AWS CloudTrail
76) Where should the buildspec.yml file be placed in code for CodeBuild to work correctly?
Ans:-at the root of your code
77) I have created one EC2 Instance and it does not have the permissions to perform an API call PutObject on S3. What should I do?
Ans:- I should ask an admin to attach a Policy to the IAM Role on my EC2 Instance that authorises it to do the API call
78) Which step should be used in appspec.yml file to ensure the application is properly running?
Ans:- ValidateService
79) You would like to have a one-stop dashboard for all the CICD needs of one of your projects. You don’t need heavy control of the individual configuration of each components in your CICD, but need to be able to get a holistic view of your projects. Which service do you recommend?
Ans:- CodeStar
80) Once I was working on CloudFormation and got one requirement from client.as per requirement what should I do if your infrastructure created with CloudFormation evolve over time?
Ans:- Change the resources manually in the AWS Console and your CloudFormation template will get automatically updated.Upload a new version of a CloudFormation template with the modified code and apply it in the CloudFormation Console.
81) Will I lose the metrics data if I disable monitoring for an Amazon EC2 instance?
You can retrieve metrics data for any Amazon EC2 instance up to 2 weeks from the time you started to monitor it. After 2 weeks, metrics data for an Amazon EC2 instance will not be available if monitoring was disabled for that Amazon EC2 instance.
82) The AWS CLI depends on which language?
Ans:- Python
83) You would like to improve the performance of your CodeBuild build. You realize that 15 minutes at each build is spent on pulling dependencies from remote repositories and that takes a while. What should you do to drastically speed up the build time?
Ans:- Change buildspec.yml to enable dependencies caching in Amazon S3
84) You would like to deploy static web files to Amazon S3 automatically. Which services should you use for this?
Ans:- CodePipeline + CodeBuild
85) Why should I hibernate an instance?
Ans:- You can hibernate an instance to get your instance and applications up and running quickly, if they take long time to bootstrap
86) Can EC2 Instances retrieve the IAM Role policy JSON document that’s attached to them using the CLI without any role attached?
Ans:- No
87) What happens when I hibernate my instance?
Ans:- When you hibernate an instance, data from your EBS root volume and any attached EBS data volumes is persisted.
88) What’s the proper order of events in CodeDeploy?
Ans:- I have an on-premise personal server that I’d like to use to perform AWS API calls
89) What do you mean by CICD?
Ans:- Continuous Integration and Continuous Delivery
90) Suppose you have to create infrastructure .To make your infrastructure created with CloudFormation evolve over time, you should do below task?
Ans:- Upload a new version of a CloudFormation template with the modified code and apply it in the CloudFormation Console
91) Which AWS Service helps you to run automated test in your CICD?
Ans:- CodeBuild
92) Running an application on an auto scaling group that scales the number of instances in and out is called
ANS: Horizontal Scalability
93) My KMS API call just failed against AWS. It’s seems I’ve reached the rate limit of the KMS API. I should retry
Using an exponential backoff strategy
94) Scaling an instance from an r4.large to an r4.4xlarge is called
ANS: Vertical Scalability
95) What is the state of an instance when it is hibernating?
Ans:- Hibernated instances are in ‘Stopped’ state.
96) Does the Amazon CloudWatch monitoring charge change depending on which type of Amazon EC2 instance I monitor?
Ans:- No
97) How will I get the instance id of my EC2 machine from the EC2 machine?
Ans:- Query the meta data at
98) Can I automatically scale Amazon EC2 Auto Scaling Groups?
Yes.
99) I want to test whether my EC2 machine is able to perform the termination of EC2 instances. There is an IAM role attached to my EC2 Instance. I should
ans:- Use the IAM Policy Simulator OR the dry run CLI option
100) Alex is running a web application and he is seeing very changing traffic workloads. Few hours a day traffic is very high however for rest of the day traffic is less. In order to handle high traffic, Alex is running big servers however they remain under utilized most of the day and it is increasing the cost as well. Which AWS feature can john utilize to add and remove server capacity based on traffic workload ?
a) Write script to check workload and launch EC2 instance dynamically.
b) Auto-Scaling
c) Switch to Lambda, it handles load automatically.
Ans:-Auto-Scaling
101) What is the lowest-cost, durable storage option for retaining database backups for immediate retrieval?
Amazon S3
Amazon Glacier
Amazon EBS
Ans:-Amazon S3
102) Which AWS IAM feature allows developers to access AWS services through the AWS CLI?
API keys
Access keys
User names/Passwords
Ans:-Access keys
103) What is not a feature of RDS (excluding Aurora)?
manual backups
automated scaling
automated software updates
Ans:-automated scaling
104) Which of the following is a fast and reliable NoSQL database service?
Amazon Redshift
Amazon DynamoDB
Ans:-Amazon DynamoDB
105) Which among the below endpoints are supported by SNS?
FTP
S3
SMS
Ans:-SMS
106) How can we ensure SQS messages are delivered in order or not?
add them to the queue in order
use a FIFO queue
check the message wait time
Ans – use a FIFO queue
107) Manager of your organization wants to see what exactly each user is doing in AWS account. What is the service that you can use to achieve this scenerio ?
CloudWatch
CloudTrail
SNS
VPC
Ans:-CloudTrail
108) What is Amazon DynamoDB?
SQL Database
NoSQL database
Graph database
Ans:-NoSQL database
109) What is the availability and durability of S3 Standard Storage Class?
99.999999999% Durability and 99.99% Availability
99.999999999% Availability and 99.99% Durability
99.999999999% Availability and 99.90% Durability
99.999999999% Durability and 99.00% Availability
Ans:-99.999999999% Durability and 99.99% Availability
110) What is a CloudFormation stack?
Ans:-a collection of AWS resources that you can manage as a single unit
110) If you want in-depth details on how to create and configure CloudTrail, in what AWS resource should you look?
AWS Forums
AWS Whitepapers
AWS Documentations
Ans:-AWS Documentations
111) What are the main cost components of AWS TCO Analysis?
server, storage, data, network, IT Labour
server, storage, network, IT Labour,
server, storage, data, network, IT Labour, utilities
Ans : server, storage, network, IT Labour,
112) What is AWS’s serverless compute service?
EC2
Lambda
S3
Ans:-Lambda
113) What is a CloudFormation stack?
Ans:-a collection of AWS resources that you can manage as a single unit
114) In Project, You are lead and have responsibility of auditing as well. You notice that six of your 12 S3 buckets are no longer available in your account, and you assume that they have been deleted. You are unsure who may have deleted them, and no one is taking responsibility. Which AWS service will help you investigate ?
CloudWatch
CloudTrail
S3 Logs
Ans:-CloudTrail
115) What is not a security best practice?
Ans:-difficult root access password
116) What is the main benefit on why some one might choose an on-Demand EC2 instance?
They require 1-2 days for setup and configuration.
You can create, start, stop, and terminate them at any time.
Ans:-You can create, start, stop, and terminate them at any time.
117) We would like to decouple your application components from demand. What service would be used?
Ans:-SQS
118) If you are using an on-demand EC2 instance, how are you being charged for it?
You must commit to a one or three year term and pay upfront.
You are charged per second, based on an hourly rate, and there are no termination fees.
You are charged per second, based on an hourly rate, and there is a termination fee.
Ans:-You are charged per second, based on an hourly rate, and there are no termination fees.
119) S3 _ storage class is optimized for long-lived and less frequently accessed data, for example backups and older data where frequency of access has diminished.
Ans:-STANDARD_IA
120) John is a AWS solutions architect at Medium corp and one person has recently joined his team. He needs to gives access to the new joinee so that he can manage the AWS infrastructure along with John. How will john give him access ?
Share the ROOT account credentials.
Create a new IAM user for the new joinee and share the IAM user’s credentials.
Share the access & secret keys.
Ans:-Create a new IAM user for the new joinee and share the IAM user’s credentials.
121)Your items are 6KB in size and you want to have 100 strongly consistent reads per second. How many DynamoDB read capacity units do you need to provision?
Ans:-200
122) Medium Corp is beginning to explore migrating their entire on-premises data center to AWS. They are very concerned about how much it will cost once their entire I.T. infrastructure is running on AWS. What tool will you recommend so that they can estimate what the cost of using AWS may be?
AWS Cost Explorer
AWS TCO Calculator
AWS Estimate Calculator
Ans:-AWS TCO Calculator
123) You can run your RDS instance in several Availability Zones, an option called a Multi-AZ deployment. When you select this option, Amazon automatically provisions and maintains a synchronous standby replica of your DB instance in a different Availability Zone.
Ans:-True
124) You would like to use Amazon API gateway to interface with an existing SOAP/XML backend. API Gateway will receive requests and forward them to the SOAP backend. How can you achieve this?
Ans:-Use API Gateway mapping templates to transform the data for the SOAP backend
125) During Election season, Election department came with requirement. As per requirement, You have an application that requires collecting data from a voting system and creating real-time metrics and reporting of that data. What is best suited for this application?
Ans:-Kinesis
126) You have created a lambda function that is failing when deployed due to the size of the deployment package zip file. What can you do?
Ans:-Create multiple Lambda functions and coordinate using AWS Step Functions
127) You would like to deploy an AWS lambda function using the AWS CLI. Before deploying what needs to be done?
Ans:-Package the local artefacts to S3 using cloudformation package CLI command
128) You’re creating an application that runs on an AWS EC2 instance and that makes requests to AWS. You need to create an IAM _.
Ans:-Role
129) You have developed a HTML5 website with a custom domain name on S3. You have a public software library on another S3 bucket but your browser prevents it from loading. What do you need to do?
Ans:-enable CORS on the website bucket
130) If you have multiple Read Replicas for a master DB Instance and you promote one of them, the remaining Read Replicas will still replicate from the older master DB Instance.
Ans:-True
131) IAM Groups let you specify permissions for a collection of users, which can make it easier to manage the permissions for those users.
Ans:-True
132) An IAM group is a collection of IAM users. Groups let you specify permissions for single user, which can make it easier to manage the permissions for that user?
Ans:-False.
133) An IAM group is a collection of IAM users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users.IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your users.
Ans:- True
134) You have developed an application and it is getting overloaded because of heavy workload. You would like to increase the capacity of an rds application for read heavy workloads. How would you do this?
Ans:-Add read replicas with multiple connection strings and use Route 53 Multivalue Answer Routing.
135) You have an EBS volume which also the root device attached to a running EC2 instance. What do you need to do to enable you to detach it?
Ans:-Stop the instance then detach.
136) Your company ABC has a backup policy that requires data to be accessible within seconds for the first 6 months and archived with up to a day to access after 6 months. What is the best solution?
Ans:- Use standard S3 for the first six months and then archive to Glacier after 6 months using a lifecycle policy.
137) You have developed an application that requires coordination between serverless and server based distributed applications. You would like to implement this as a state machine. What AWS service would you use?
Ans:-AWS Step Functions
138) You have created one S3 bucket. You have enabled server side encryption on an S3 bucket. How do you decrypt objects?
Ans:-S3 automatically decrypts objects when you download them.
139) What AWS service can you use to log API calls to SQS?
Ans:-CloudTrail
140) AWS CloudTrail is an AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs. Is it true or false?
True
141) Your users keep forgetting the account ID for logging in to the console. How can you help them?
Ans:-create account alias
142) In software field , every technology will have some tool to manage billing. Same way What is the AWS service will you use if you want to get alert when you cross a certain bill threshold ?
Trusted Advisor
CloudWatch
AWS Organizations
AWS Budget
Ans:-CloudWatch
143) Consider we have an application in project which sends push messages to mobile devices. Which service should we use?
Ans:-AWS SNS
144) CloudWatch free monitoring for EC2 is at __ intervals.
Ans:- 5 minute
145) You can use Amazon __ to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances
Ans:-CloudWatch Logs
146) Which service used to retrieve the associated log data
CloudTrail Logs
147) Can we connect to EC2 Windows instance using SSH?
Ans:-False
148) Spot Instances run until either you terminate them or the Spot Price increases above your bid price.
Ans:-True
149) An EC2 security group acts as a firewall that controls the traffic allowed to reach one or more instances.
Ans:-True
150) You have an application that requires ad-hoc data mining and analytics of manufacturing data. What is best suited for this application?
Ans:-AWS EMR
151) AWS _ is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you.
Ans:-Lambda
152) When Multi-AZ is enabled on RDS, the standby replica instance will be located in a different region.
Ans:-False
153) Amazon S3 bucket names are globally unique, regardless of the AWS region in which you create the bucket.
Ans:-True
154) Security groups in a VPC specify which traffic is allowed to or from an Amazon EC2 instance.
Ans:-True
155) Which of the following are benefits of AWS’s Relational Database Service (RDS)?
RDS is more cost effective.
Automated patches and backups
AWS manages your database for you.
Ans:- Automated patches and backups
156) What AWS storage class should be used for long-term, archival storage?
S3 Infrequent Access
S3 Standard
Glacier
S3 RRS
Ans:-Glacier
157) You have a very critical application which your organization simply can’t afford to have it down. What is the architecture strategy you would use to prepare to be used for the application ?
Use Multi-AZ based architecture
Use Multi-Region based architectures
Use Hybrid Cloud Architecture
Ans:-Use Multi-Region based architectures
158) In an AWS Shared Responsibility model, which of the following is not the responsibility of AWS ?
Network Adapter of the servers
Data of the customer
Hypervisor
Ans:-Data of the customer
159) Which AWS services should be used for read/write of constantly changing data?
Amazon Glacier
Amazon RDS
AWS Snowball
Ans:-Amazon RDS
160) A customer needs to run a MySQL database that easily scales.Which AWS service should they use?
Amazon Aurora
Amazon Redshift
Amazon DynamoDB
Ans:-Amazon Aurora
161) Which of the following components of the AWS Global Infrastructure consists of one or more discrete data centers interconnected through low latency links?
Availability Zone
Edge location
Region
Ans:-Availability Zone
162) Which of the following is a shared control between the customer and AWS?
Providing a key for Amazon S3 client-side encryption
Configuration of an Amazon EC2 instance
Environmental controls of physical AWS data centers
Awareness and training
Ans:-Awareness and training
163) How many Availability Zones should compute resources be provisioned across to achieve high availability?
A minimum of one
A minimum of two
A minimum of three
Ans:-A minimum of two
164) One of the advantages to moving infrastructure from an on-premises data center to the AWS Cloud is:
it allows the business to focus on business activities.
it allows the business to put a server in each customer’s data center.
Ans:-it allows the business to focus on business activities.
165) Alex is running a web application and he is seeing very changing traffic workloads. Few hours a day traffic is very high however for rest of the day traffic is less. In order to handle high traffic, Alex is running big servers however they remain under utilized most of the day and it is increasing the cost as well. Which AWS feature can john utilize to add and remove server capacity based on traffic workload ?
Write script to check workload and launch EC2 instance dynamically.
Elastic Load Balancing
Auto-Scaling
Switch to Lambda, it handles load automatically.
Ans:-Auto-Scaling
166) What is the lowest-cost, durable storage option for retaining database backups for immediate retrieval?
Amazon S3
Amazon Glacier
Amazon EBS
Ans:-Amazon S3
167) Which AWS IAM feature allows developers to access AWS services through the AWS CLI?
API keys
Access keys
User names/Passwords
Ans:-Access keys
168) What is not a feature of RDS (excluding Aurora)?
manual backups
automated scaling
automated software updates
Ans:-automated scaling
167) Which of the following is a fast and reliable NoSQL database service?
Amazon Redshift
Amazon DynamoDB
Ans:-Amazon DynamoDB
168) Which among the below endpoints are supported by SNS?
FTP
S3
SMS
Ans:-SMS
169) How can we ensure SQS messages are delivered in order or not?
add them to the queue in order
use a FIFO queue
check the message wait time
Ans – use a FIFO queue
170) Manager of your organization wants to see what exactly each user is doing in AWS account. What is the service that you can use to achieve this scenerio ?
CloudWatch
CloudTrail
SNS
VPC
Ans:-CloudTrail
171) What is Amazon DynamoDB?
SQL Database
NoSQL database
Graph database
Ans:-NoSQL database
172) What is the availability and durability of S3 Standard Storage Class?
99.999999999% Durability and 99.99% Availability
99.999999999% Availability and 99.99% Durability
99.999999999% Availability and 99.90% Durability
99.999999999% Durability and 99.00% Availability
Ans:-99.999999999% Durability and 99.99% Availability
173) What is a CloudFormation stack?
Ans:-a collection of AWS resources that you can manage as a single unit
174) If you want in-depth details on how to create and configure CloudTrail, in what AWS resource should you look?
AWS Forums
AWS Whitepapers
AWS Documentations
Ans:-AWS Documentations
175) What are the main cost components of AWS TCO Analysis?
server, storage, data, network, IT Labour
server, storage, network, IT Labour,
server, storage, data, network, IT Labour, utilities
Ans : server, storage, network, IT Labour,
176) What is AWS’s serverless compute service?
EC2
Lambda
S3
Ans:-Lambda
177) What is a CloudFormation stack?
Ans:-a collection of AWS resources that you can manage as a single unit
178) In Project, You are lead and have responsibility of auditing as well. You notice that six of your 12 S3 buckets are no longer available in your account, and you assume that they have been deleted. You are unsure who may have deleted them, and no one is taking responsibility. Which AWS service will help you investigate ?
CloudWatch
CloudTrail
S3 Logs
Ans:-CloudTrail
179) What is not a security best practice?
Ans:-difficult root access password
180) What is the main benefit on why some one might choose an on-Demand EC2 instance?
They require 1-2 days for setup and configuration.
You can create, start, stop, and terminate them at any time.
Ans:-You can create, start, stop, and terminate them at any time.
181) We would like to decouple your application components from demand. What service would be used?
Ans:-SQS
182) If you are using an on-demand EC2 instance, how are you being charged for it?
You must commit to a one or three year term and pay upfront.
You are charged per second, based on an hourly rate, and there are no termination fees.
You are charged per second, based on an hourly rate, and there is a termination fee.
Ans:-You are charged per second, based on an hourly rate, and there are no termination fees.
183) What does Amazon CloudFront use to distribute content to global users with low latency?
AWS Regions
AWS Edge Locations
Correct Answer: AWS Edge Locations
184) Consider you are working in an Cloud based organization that has decided to reserve EC2 compute capacity for four years to get more discounts. Their application workloads are likely to change during this time period. What is the EC2 Reserved Instance (RI) type that allows them to change the attributes of the RI whenever they need?
Convertible RIs
Standard RIs
Scheduled RIs
Correct Answer: Convertible RIs
185) With Amazon EC2, you don’t have to pay any start-up or termination fees.
Is it True or False?
True
False
Correct Answer: True
186) The S3 Intelligent-Tiering storage class is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. Is it true or false?
True
false
Correct Answer: True
187) John is working in cloudvikas company. In his company, one team is developing a critical web application in AWS and the security of the application is one of the top priorities. Which of the following AWS services will provide infrastructure security optimization recommendations?
AWS Trusted Advisor
AWS Management Console
Correct Answer: AWS Trusted Advisor
188) Which of the following is correct regarding Amazon EC2 On-demand instances?
With On-Demand instances, you pay for compute capacity by the hour with no long-term commitments.
You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified hourly rate for the instances you use.
The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs.
Dedicated instances can not be used if you require your instance be physically isolated at the host hardware level from instances that belong to other AWS accounts.
Correct Answer: With On-Demand instances, you pay for compute capacity by the hour with no long-term commitments..You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified hourly rate for the instances you use..The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs..
189) Which of the following AWS term is used for physically distinct groups of data centers? Select the best response.
Availability Zone
Edge Location
Region
Correct Answer: Availability Zone
190) Consider a cloud based company is currently using the Enterprise Support plan. They want quick and efficient guidance with their billing and account inquiries. Which of the following included services could assist them?
AWS Support Concierge
AWS Support API
AWS Advisor
Correct Answer: AWS Support Concierge
191) John is working on a web application that needs to read/write an Amazon DynamoDB table and an Amazon S3 bucket. This operation requires AWS credentials and authorization to use AWS services. Which service would John use? Choose the best response.
SSL Endpoints
AWS Multi-Tier Security Groups
AWS IAM Role
Correct Answer: AWS IAM Role
192) Which service would help to support your web application to offload serving static assets and store user uploaded images and video off-instance? Select the best response.
Amazon EBS
Amazon S3
Amazon EC2
Correct Answer: Amazon S3
193) Which of the following is correct ?
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.
AWS CloudFormation is a service that does not give developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion.
Correct Answer: Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.
194) There are more Regions than Edge Locations. Select the best response.
True
False
Correct Answer: False
195) IAM user is an important service in AWS.
Which of the following should an IAM user provide to interact with AWS services using the AWS CLI?
Secret token
Access keys
Correct Answer: Access keys
196) What does the “Principle of Least Privilege” refer to?
All IAM users should have at least the necessary permissions to access the core AWS services.
You should grant your users only the permissions they need when they need them and nothing more.
Correct Answer: You should grant your users only the permissions they need when they need them and nothing more.
197) Which are the following options are correct about Reserved Instances?
Elastic RI is not a valid RI type.
Scheduled RIs are available to launch within the time windows you reserve. This option allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month.
Standard RIs provide the most significant discount (up to 75% off On-Demand) and are best suited for steady-state usage.
Convertible RIs provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value.
Correct Answer: Scheduled RIs are available to launch within the time windows you reserve. This option allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month..Standard RIs provide the most significant discount (up to 75% off On-Demand) and are best suited for steady-state usage..Convertible RIs provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. .
198) Which of the following is incorrect regarding Amazon EC2 On-demand instances?
When using on-demand instances, you are charged per second based on an hourly rate
You have to pay a start-up fee when launching a new instance for the first time
With on-demand instances, no longer-term commitments or upfront payments are needed
Correct Answer: You have to pay a start-up fee when launching a new instance for the first time
199) Which among the following AWS service is used to ensure that messages between software components are not lost if one or more components fail?
Amazon SQS
Amazon Connect
Correct Answer: Amazon SQS
200) Which of the following S3 storage classes is ideal for data with unpredictable access patterns?
Amazon S3 Intelligent-Tiering.
Amazon S3 Standard-Infrequent Access.
Correct Answer: Amazon S3 Intelligent-Tiering.
201) Can we use an AMI to launch an instance, which is the copy of the AMI running as a virtual server on a host computer in Amazon’s data center?
Yes
No
Correct Answer: Yes
202) What acts as an additional layer of security at the subnet level in a VPC? Select the best response.
Network Access Control Lists
Route Tables
Security Groups
Correct Answer: Network Access Control Lists
203) An AMI is template that contains a software configuration such as an operating system, application server, and applications. Choose the best response.
True
False
Correct Answer: True
204) Amazon S3 is an object-level storage service.
True
False
Correct Answer: True
205) The principle “design for failure and nothing will fail” is very important when designing your AWS Cloud architecture. Which of the following would help adhere to this principle? (Choose two)
Elastic Load Balancer
Elastic MapReduce
Availability Zones
Correct Answer: Availability Zones
206) What is the AWS database service that allows you to upload data structured in key-value format?
DynamoDB
Amazon Redshift
Correct Answer: DynamoDB
207) Which of the following options are correct about S3?
1) For a small monthly monitoring and automation fee per object, Amazon S3 monitors access patterns of the objects in S3 Intelligent-Tiering, and moves the ones that have not been accessed for 30 consecutive days to the infrequent access tier.
2)If an object in the infrequent access tier is accessed, it is automatically moved back to the frequent access tier. There are no retrieval fees when using the S3 Intelligent-Tiering storage class, and no additional tiering fees when objects are moved between access tiers.
3)S3 Standard does not offer high durability, availability, and performance object storage for frequently accessed data.
4)S3 Glacier is a high cost storage class for data archiving.
1
1 and 2
2
1 and 3
Correct Answer: 1 and 2
208) John wants to run a questionnaire application for only one day (without interruption), which AWS EC2 purchase option would you choose?
On-demand instances
Spot instances
Dedicated instances
Correct Answer: On-demand instances
209) What are the benefits of having infrastructure hosted in the AWS Cloud? (Choose two)
Competitive upfront costs
Increase speed and agility
All of the physical security and most of the data/network security are taken care of for you
There is no need to worry about security
Correct Answer: Increase speed and agility.All of the physical security and most of the data/network security are taken care of for you.
210) Consider you have created Amazon EC2 instance.To find out the private and public IP addresses for an Amazon EC2 instance,you retrieve the instance metadata. it true or false?
True
False
Correct Answer: True
210) Which parameter act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level.
Network ACLs
EC2
S3
Correct Answer: Network ACLs
211) Which of the following is correct?
# of Availability Zones > # of Edge Locations > # of Regions
# of Edge Locations > # of Availability Zones > # of Regions
# of Availability Zones > # of Regions > # of Edge Locations
Correct Answer: # of Edge Locations > # of Availability Zones > # of Regions
212) True or False: A Distribution is what we call a series of Edge Locations that make up CDN.
False
True
Correct Answer: True
213) Which of the following are types of cloud computing deployments? (Choose 3)
Mixed cloud
Hybrid cloud
Public cloud
Private cloud
Correct Answer: Hybrid cloud
.Public cloud.
Private cloud.
214) True or False: There are more Regions than there are Availability Zones.
True
False
Correct Answer: False
215) What is the AWS service that provides a virtual network dedicated to your AWS account?
AWS Subnets
AWS VPC
Correct Answer: AWS VPC
216) Which of the following services may not be required when building auto-scalable architecture in AWS?
S3
EC2
Correct Answer: S3
217) True or False: S3 is object storage suitable for the storage of ‘flat’ files like Word documents, photos, etc.
False
True
Correct Answer: True
218) IAM policies are written using __.
SGML
SAML
JSON
Correct Answer: JSON
219) Which of the following are valid access types for an IAM user? (Choose 3)
Security Group access via the AWS command line
Using the AWS Software Developers Kit
Emergency access via Identity Access Management (IAM)
AWS Management Console access
Programmatic access via the command line
Your Answer : Using the AWS Software Developers Kit.
Emergency access via Identity Access Management (IAM).
AWS Management Console access.
220) Which of the following is the document used to grant permissions to users, groups, and roles?
Paradigm
Protocol
Policy
Correct Answer: Policy
221) Which of the following data archival services is extremely inexpensive, but has a several hour data-retrieval window?
S3
S3-IA
Glacier
Correct Answer: Glacier
222) Which service provides DNS in the AWS cloud?
Amazon CloudFront
Route 53
AWS Config
Correct Answer: Route 53
223) Which of the following are characteristics of cloud computing? (Choose 3)
Cloud charges are capital expenditures.
Services are delivered via the Internet.
Pay-as-you-go pricing
On-demand delivery
Correct Answer: Services are delivered via the Internet.
.Pay-as-you-go pricing.
On-demand delivery.
224) According to the AWS Acceptable Use Policy, which of the following statements is true regarding penetration testing of EC2 instances?
Penetration testing is not allowed in AWS.
Can be performed by the customer on their own instances without prior authorization from AWS.
Correct Answer: Can be performed by the customer on their own instances without prior authorization from AWS.
225) The identification process of an online financial services company requires that new users must complete an online interview with their security team. Once the users’ identities are verified, the recorded interviews may not be required in the future unless there are compliance issues. What is the most cost-effective service to store the recorded videos?
AWS Glacier
AWS EBS
Correct Answer: AWS Glacier
226) True or False: Objects stored in S3 are stored in a single, central location within AWS.
False
True
Correct Answer: True
227) Which of the following is incorrect regarding CloudWatch ?
Amazon CloudWatch is a service that monitors AWS cloud resources and the applications you run on AWS.
You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.
Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate.
AWS CloudWatch is a serverless compute service.
Correct Answer: AWS CloudWatch is a serverless compute service.
228) Which of the following is incorrect regarding CloudWatch ?
Amazon CloudWatch is a service that monitors AWS cloud resources and the applications you run on AWS.
You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.
Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate.
AWS CloudWatch is a serverless compute service.
Correct Answer: AWS CloudWatch is a serverless compute service.
229) Which of the following EC2 options is best for long-term workloads with predictable usage patterns?
On-Demand instances
Reserved instances
Dedicated Host
Correct Answer: Reserved instances
230) A company has decided to migrate to AWS. What design principles should they consider to facilitate good design in the cloud?
Spend more time and effort when architecting your environment, it is not easy to change your decisions later.
Automate to make architectural experimentation easier.
Use AWS reservations to reduce costs when testing your production environment.
Correct Answer: Automate to make architectural experimentation easier.
231) Which service provides object-level storage in AWS?
Amazon EBS
AWS Instance Store
Amazon S3
Correct Answer: Amazon S3
232) Upgrading a server with a larger hard drive is an example of _ , while adding more hard drives to a storage array is an example of _ .
Horizontal Scaling, Vertical Scaling.
Vertical Scaling, Horizontal Scaling.
Correct Answer: Vertical Scaling, Horizontal Scaling.
233) Which of the following best describes an AWS Region?
A collection of data centers that is spread evenly around a specific continent.
A console that gives you a quick, global picture of your cloud computing environment.
A distinct location within a geographic area designed to provide high availability to a specific geography.
Correct Answer: A distinct location within a geographic area designed to provide high availability to a specific geography.
234) Which of the following are Support Levels offered by AWS? (Choose 3)
Developer
Start-up
Individual
Business
Basic
Correct Answer: Developer.
Business.
Basic.
235) Choose the features of Consolidated Billing. (Choose 3)
A single bill is issued containing the charges for all AWS Accounts
Multiple standalone accounts are combined and may reduce your overall bill
Charging is based per VPC
Account charges can be tracked individually
Correct Answer: A single bill is issued containing the charges for all AWS Accounts.
Multiple standalone accounts are combined and may reduce your overall bill.
Account charges can be tracked individually.
236) Your logs show that one or more AWS-owned IP addresses are sending packets to multiple ports on your server, and you believe this is an attempt to discover unsecured ports. What should you do?
Contact the AWS Abuse team.
Contact the AWS Concierge team.
Correct Answer: Contact the AWS Abuse team.
237) A company has decided to migrate to the AWS Cloud. AWS offers a wide range of services and instance types. They want to reduce costs as much as possible. Which of the following is the main factor to consider when choosing the instance type of services like Amazon RDS and Amazon Redshift?
Workload utilization of CPU & RAM.
The type of your current on-premise database.
Sources of traffic.
Correct Answer: Workload utilization of CPU & RAM.
238) Which of the following are not valid CloudFormation template sections?
Outputs
Options
Parameters
Correct Answer: Options
239) You are going to create a backup of your databases in another geographical location. Where would you create this backup?
In another Region
In another VPC
In another Edge location
Correct Answer: In another Region
240) Which of the following doesn’t belong to the AWS Cloud Computing models?
Networking as a Service (NaaS)
Platform as a Service (PaaS)
Correct Answer: Networking as a Service (NaaS)
241) What can you use to control access to your Amazon EC2 instances?
Security groups
AWS Certificate Manager
IAM policies
Correct Answer: Security groups
242) One of the benefits of the AWS Cloud is that there are many services available to use of which you don’t need to manage their underlying infrastructure. Which of the following are examples of these services? (Choose TWO)
Amazon DynamoDB
Amazon Elastic MapReduce
Amazon VPC
Correct Answer: Amazon DynamoDB.
Amazon Elastic MapReduce.
243) Which of the following is incorrect regarding IAM?
An IAM group is a collection of IAM users that are managed as a unit. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users.
An IAM role is very similar to a user, in that it is an identity with permission policies that determine what the identity can and cannot do in AWS.
An IAM user is an entity that you create in AWS to represent the person or application that uses it to interact with AWS.
An IAM group helps you to centrally manage billing; control access, compliance, and security; and share resources across multiple AWS accounts.
Correct Answer: An IAM group helps you to centrally manage billing; control access, compliance, and security; and share resources across multiple AWS accounts.
244) True or False: Access Control Lists are used to make entire buckets (like one hosting an S3 website) public.
False
True
Correct Answer: False
245) Which of the following AWS Support levels offers 24×7 support via phone or chat?
Developer
Individual
Business
Correct Answer: Business
246) Which of the following Route 53 policies allow you to a) route data to a second resource if the first is unhealthy, and b) route data to resources that have better performance?
Geolocation Routing and Latency-based Routing
Geoproximity Routing and Geolocation Routing
Failover Routing and Latency-based Routing
Correct Answer: Failover Routing and Latency-based Routing
247) As part of the Enterprise support plan, who is the primary point of contact for ongoing support needs?
EFS
TAM
IEM
IAM
Correct Answer: TAM
248) Which of the following can be described as a global content delivery network (CDN) service?
AWS Regions
AWS VPN
Amazon CloudFront
Correct Answer: Amazon CloudFront
249) AWS allows users to manage their resources using a web based user interface. What is the name of this interface?
AWS Management Console
AWS CLI
AWS EC2
Correct Answer: AWS Management Console
250) Which of the following best describes EBS?
A virtual hard-disk in the cloud
A managed database service
A bitcoin-mining service
Correct Answer: A virtual hard-disk in the cloud
251) True or False: S3 can be used to host a dynamic website, like one that runs on a LAMP stack.
True
False
Correct Answer: False
252) True or False: A CloudFront Origin can be an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53.
False
True
Correct Answer: True
253) Which of the following AWS Support levels offers the assistance of a Technical Account Manager?
Business
Enterprise
Developer
Correct Answer: Enterprise
254) Which of the following is incorrect ?
Amazon Virtual Private Cloud (Amazon VPC) allows you to carve out a portion of the AWS Cloud that is dedicated to your AWS account. Amazon VPC enables you to launch AWS resources into a virtual network that you’ve defined.
An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use.
AWS Subnets allows you to establish a secure and private tunnel from your network or device to the AWS global network
Correct Answer: AWS Subnets allows you to establish a secure and private tunnel from your network or device to the AWS global network
255) Which of the following best describes Availability Zones?
A Content Distribution Network used to deliver content to users.
Distinct locations from within an AWS region that are engineered to be isolated from failures.
Two zones containing compute resources that are designed to automatically maintain synchronized copies of each other’s data.
Correct Answer: Distinct locations from within an AWS region that are engineered to be isolated from failures.
256) Which statement is true regarding the AWS shared responsibility model?
Security of the IaaS services is the responsibility of AWS.
Responsibilities vary depending on the services used.
Correct Answer: Responsibilities vary depending on the services used.
257) There are at least _ Availability Zones per AWS Region.
1
4
2
Correct Answer: 2
258) True or False: Both you and a friend can have an S3 bucket called ‘mytestbucket’.
False
True
Correct Answer: False
259) Which of the following is incorrect regarding storage?
Amazon S3 is an object level storage built to store and retrieve any amount of data from anywhere – web sites and mobile apps, corporate applications, and data from IoT sensors or devices.
Amazon EFS is a file level storage technology.
Amazon EBS is a block level storage technology.
AWS EFS is a block level storage technology.
Correct Answer: AWS EFS is a block level storage technology.
260) Which of the following are advantages of cloud computing? (Choose 4)
Increased speed and agility
Variable expense
Requires large amounts of capital
Elasticity – you need not worry about capacity.
The ability to ‘go global’ in minutes
Correct Answer: The ability to ‘go global’ in minutes
261) An organization has a large number of technical employees who operate their AWS Cloud infrastructure. What does AWS provide to help organize them in teams and assign the required permissions for each team?
IAM Groups
IAM role
AWS Organization
Correct Answer: IAM Groups
262) In which of the following is CloudFront content cached?
Data Center
Edge Location
Availability Zone
Correct Answer: Edge Location
263) Which of the following is incorrect regarding Amazon Glacier?
Amazon Glacier is an extremely low-cost storage service that provides secure, durable, and flexible storage for long-term data backup and archival. With Amazon Glacier, customers can reliably store their data for as little as $0.004 per gigabyte per month.
Amazon Glacier enables customers to offload the administrative burdens of operating and scaling storage to AWS, so that they don’t have to worry about capacity planning, hardware provisioning, data replication, hardware failure detection and repair, or time-consuming hardware migrations.
AWS Glacier is a block level storage that provides storage volumes for use with Amazon EC2 and Amazon RDS.
Correct Answer: AWS Glacier is a block level storage that provides storage volumes for use with Amazon EC2 and Amazon RDS.
264) You have deployed your application on multiple EC2 instances in the AWS cloud. Your clients complain that sometimes they can’t reach your application. Which AWS service allows you to monitor the CPU utilization of your instances to get a better idea about these issues?
AWS CloudWatch
AWS Config
AWS CloudTrail
Correct Answer: AWS CloudWatch
265) Which of the following is incorrect option?
Amazon CloudFront gives businesses and web application developers an easy and cost effective way to distribute content globally with low latency and high data transfer speeds.
AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance.
EMR is used to process vast amounts of data easily and securely. Use cases include: big data,log analysis, web indexing, data transformations (ETL), machine learning, financial analysis, scientific simulation, and bioinformatics.
Amazon CloudWatch provides highly available and scalable Domain Name System (DNS) services, domain name registration.
Correct Answer: Amazon CloudWatch provides highly available and scalable Domain Name System (DNS) services, domain name registration.
266) What is the AWS feature that provides an additional level of security above your username and password when logging into the AWS Management Console?
AWS MFA
AWS KMS
Email verification
Correct Answer: AWS MFA
267) Amazon Lightsail is an example of which of the following?
Infrastructure as a Service
Platform as a Service
Functions as a Service
Correct Answer: Platform as a Service
268) What are the security aspects that the AWS customer is responsible for? (Choose two)
Controlling physical access to compute resources
Network traffic protection
Set password complexity rules
Correct Answer: Network traffic protection.
Set password complexity rules.
269) Your company has a microservices data store that requires access to a NoSQL database. Which AWS database offering would best meet this requirement?
SimpleDB
DynamoDB
Correct Answer: DynamoDB
270) True or False: To restrict access to an entire bucket, you use bucket control lists; and to restrict access to an individual object, you use object policies.
True
False
Correct Answer: False
271) You are working on a project that involves creating thumbnails of millions of images; however, consistent uptime is not really an issue, and continuous processing is not required. Which type of EC2 buying option would be the most cost-effective?
Spot instances
Reserved instances
Dedicated instances
Correct Answer: Spot instances
272) Which of the following is correct?
Security groups are used to define and control the way you want your instances to be accessed, and whether or not certain kind of communications is allowed.
AWS security groups provide security at the protocol and port access level. You can add rules to each security group that allow traffic to or from its associated instances.
IAM policies are not used to grant users permissions to perform specific actions on EC2.
AWS Certificate Manager does not enable you to easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and resources.
Correct Answer: AWS security groups provide security at the protocol and port access level. You can add rules to each security group that allow traffic to or from its associated instances.
273) In order to implement best practices when dealing with a “Single Point of Failure,” you should aim to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help? (Choose two)
ELB
Auto Scaling
Amazon EC2
S3
Correct Answer: Auto Scaling
274) Which of the following are steps one should take in securing their AWS account? (Choose 3)
Activate Multifactor Authentication (MFA) on your root account.
Use Groups to assign permissions to IAM users.
Create individual IAM users.
Create a Root IAM role.
Correct Answer: Activate Multifactor Authentication (MFA) on your root account..Use Groups to assign permissions to IAM users..Create individual IAM users..
275) True or False: Identity Access Management (IAM) is a Regional service.
True
False
Correct Answer: False
