AWS Certified Cloud Practitioner- Q & A-Part 2

1

What are two advantages of using Cloud Computing over using traditional data centers? (Choose two)

Reserved Compute Capacity

Virtualized compute resources

Distributed infrastructure

Eliminating SPOFs.

Dedicated hosting

Distributed infrastructure

Eliminating SPOFs.


Explanation
These are things that a traditional web host cannot provide:
**High-availability (eliminating SPOFs: single points of failure): AWS makes the process of designing a highly available system simple and easy. A system is highly available when it can withstand the failure of an individual component or multiple components, such as hard disks, servers, and network links. The best way to understand and avoid the single point of failure is to begin by making a list of all major points of your architecture. You need to break the points down and understand them further. Then, review each of these points and think what would happen if any of these failed. AWS gives you the opportunity to automate recovery and reduce disruption at every layer of your architecture.
**Distributed infrastructure: The AWS Cloud spans 61 Availability Zones within 20 geographic regions around the world, with announced plans for 12 more Availability Zones and four more AWS Regions allowing you to reduce latency to users from all around the world.
**On-demand infrastructure for scaling applications or tasks: AWS allows you to provision the required resources for your application in minutes and also allows you to stop them when you don’t need them.
**Cost savings: You don’t have to run your own data center for internal or private servers, so your IT department doesn’t have to make bulk purchases of servers which may never get used, or may be inadequate. The “pay as you go” model from AWS allows you to pay only for what you use and the ability to scale down to avoid over-spending. With AWS you don’t have to pay an entire IT department to maintain that hardware — you don’t even have to pay an accountant to figure out how much hardware you can afford or how much you need to purchase.

The other options are incorrect. Both cloud computing and traditional data centers can provide virtualized compute resources, dedicated hosting and reserved compute capacity.

2)

You are working on two projects that require a completely different network configuration. Which of the following would allow you to isolate resources and network configurations for each of them?

Virtual Public Cloud

Security Groups

Edge Locations

Virtual Private Cloud

Virtual Private Cloud


Explanation
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

“Security Groups” is incorrect. Security Groups are used to control traffic.

“Edge Locations” is incorrect. Edge Locations are used by CloudFront to distribute content to end users with low latency.

“Virtual Public Cloud” is incorrect. There is nothing called Virtual Public Cloud

3

Which Cloud Computing model removes the need for your organization to manage operating systems?

MaaS

IaaS

PaaS

GaaS

PaaS


Explanation
The cloud computing models that removes the need for your organization to manage operating systems are PaaS and SaaS:
1- Platform as a Service (PaaS) removes the need for your organization to manage the underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications. This helps you be more efficient as you don’t need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application.
2- Software as a Service(SaaS) provides you with a completed product that is run and managed by the service provider. In most cases, people referring to Software as a Service are referring to end-user applications. With a SaaS offering you do not have to think about how the service is maintained or how the underlying infrastructure is managed; you only need to think about how you will use that particular piece software. A common example of a SaaS application is web-based email where you can send and receive email without having to manage feature additions to the email product or maintaining the servers and operating systems that the email program is running on.

The other options are incorrect:

IaaS is incorrect. Infrastructure as a Service (IaaS) contains the basic building blocks for cloud IT and typically provide access to networking features, computers (virtual or on dedicated hardware), and data storage space. Infrastructure as a Service provides you with the highest level of flexibility and management control over your IT resources and is most similar to existing IT resources that many IT departments and developers are familiar with today.

MaaS and GaaS don’t belong to the AWS cloud computing models.

4)

What are the security credentials that are required to access the AWS management console of an IAM user account?

MFA

Security tokens

A user name and password.

Access keys

A user name and password.


Explanation
The AWS Management console allows you to access and manage Amazon Web Services through a simple and intuitive web-based user interface. You can only access the AWS management console if you have valid user name and password.

The other options are incorrect:

“MFA” is incorrect. MFA is an additional layer of security (i.e. not required).

“Access keys” is incorrect. Access keys are long-term credentials that can be used to sign programmatic requests to AWS.

“Security tokens” is incorrect. Security tokens are temporary credentials that can also be used to interact with AWS resources programmatically.

5

Which of the following reserved instance payment options result in you paying a discounted hourly rate throughout the duration of the term? (Choose two)

Percentage Upfront option.

Partial Upfront option.

No Upfront option.

All Upfront option.

Partial Upfront option.

No Upfront option.


Explanation
You can choose between three payment options when you purchase a Standard or Convertible Reserved Instance:
1- No Upfront:
No upfront payment is required. You are billed a discounted hourly rate for every hour within the term, regardless of whether the Reserved Instance is being used. No Upfront Reserved Instances are based on a contractual obligation to pay monthly for the entire term of the reservation. A successful billing history is required before you can purchase No Upfront Reserved Instances.
2- Partial Upfront:
A portion of the cost must be paid up front and the remaining hours in the term are billed at a discounted hourly rate, regardless of whether you’re using the Reserved Instance.
3- All Upfront:
With the All Upfront option, you pay for the entire Reserved Instance term with one upfront payment. This option provides you with the largest discount compared to On-Demand instance pricing.

The other options are incorrect:

“All Upfront option” is incorrect. When choosing “All Upfront”, a full payment is made at the start of the term, with no other costs or additional hourly charges incurred for the remainder of the term, regardless of hours used.

“Percentage Upfront option” is incorrect. Percentage upfront is not an available option.

6

Which statement best describes the operational excellence pillar of the AWS Well-Architected Framework?

The ability to monitor and improve system processes and procedures

The ability of a system to recover gracefully from failure

The ability to provision resources on-demand

The ability to manage datacenter operations more efficiently

The ability to monitor and improve system processes and procedures


Explanation
The 5 Pillars of the AWS Well-Architected Framework:
1- Operational Excellence: The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.
2- Security: The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
3- Reliability: The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
4- Performance Efficiency: The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.
5- Cost Optimization: The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or sub-optimal resources.

Additional information:
Creating a software system is a lot like constructing a building. If the foundation is not solid, structural problems can undermine the integrity and function of the building. When architecting technology solutions on Amazon Web Services (AWS), if you neglect the five pillars of operational excellence, security, reliability, performance efficiency, and cost optimization, it can become challenging to build a system that delivers on your expectations and requirements. Incorporating these pillars into your architecture helps produce stable and efficient systems. This allows you to focus on the other aspects of design, such as functional requirements. The AWS Well-Architected Framework helps cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications.

The other options are incorrect:

“The ability of a system to recover gracefully from failure” is incorrect. This statement is much more related to the Reliability pillar.

“The ability to provision resources on-demand” is incorrect. This statement is much more related to the Performance Efficiency pillar.

“The ability to manage datacenter operations more efficiently” is incorrect. Managing datacenter operations is not related to any pillar. It is something that AWS is responsible for NOT the customer.

7

Which of the following aspects of security are managed by AWS? (Choose two)

Hardware patching

Access permissions

Encryption of EBS volumes

VPC security

Securing global physical infrastructure

Hardware patching, Securing global physical infrastructure


Explanation
AWS is continuously innovating the design and systems of its data centers to protect them from man-made and natural risks. For example, at the first layer of security, AWS provides a number of security features depending on the location, such as security guards, fencing, security feeds, intrusion detection technology, and other security measures.
According to the Shared Responsibility model, Patching of the underlying hardware is the AWS’ responsibility. AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.

The other options are incorrect:

“VPC security” is incorrect. The configuration and security of the VPC are customer’s responsibilities.

“Encryption of EBS volumes” is incorrect. The customer is responsible for encrypting their data on EBS either on the client side or in the server side.

“Access permissions” is incorrect. The customer is responsible for managing the IAM permissions.

Additional information:
IAM permissions let the customer specify access to AWS resources. Permissions are granted to IAM entities (users, groups, and roles) and by default these entities start with no permissions. In other words, IAM entities can do nothing in AWS until you grant them your desired permissions. To give entities permissions, you can attach a policy that specifies the type of access, the actions that can be performed, and the resources on which the actions can be performed. In addition, you can specify any conditions that must be set for access to be allowed or denied.

8

What is the AWS feature that takes advantage of Amazon CloudFront’s globally distributed edge locations to transfer files to S3 with higher upload speeds?

Snowball Transfer Acceleration

SnowMobile transfer Accelerator

AWS WAF

S3 Transfer Acceleration

S3 Transfer Acceleration


Explanation
Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

The other options are incorrect:

“Snowball Transfer Acceleration” is incorrect. Snowball is a petabyte-scale data transport solution that uses devices designed to be secure to transfer large amounts of data into and out of the AWS Cloud.

“AWS WAF” correct. AWS WAF refers to the AWS Web Application Firewall service.

“SnowMobile transfer Accelerator” is incorrect. AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS.

9

AWS has created a huge number of Edge Locations as part of its global infrastructure. Which of the following is NOT a benefit of using an edge location?

Edge locations are used by CloudFront to improve your end users’ experience when uploading files

Edge locations are used by CloudFront to distribute content to global users with low latency

Edge locations are used by CloudFront to distribute traffic across multiple instances to reduce latency

Edge locations are used by CloudFront to cache the most recent responses

Edge locations are used by CloudFront to distribute traffic across multiple instances to reduce latency


Explanation
The AWS Edge locations are not used to distribute traffic. It is used in conjunction with the Cloudfront service to cache common responses and deliver content to end users with low latency. The AWS service that is used to distribute load is the ELB service.

10

Which of the following enables you to monitor and collect log files from your Amazon EC2 instances?

AWS Storage Gateway

CloudWatch Logs

Amazon Inspector

CloudTrail

CloudWatch Logs


Explanation
You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources. CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service. You can then easily view them, search them for specific error codes or patterns, filter them based on specific fields, or archive them securely for future analysis.

The other options are incorrect:

CloudTrail is incorrect. CloudTrail is used to log, continuously monitor user activity and API usage.

Amazon Inspector is incorrect. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

AWS Storage Gateway is incorrect. AWS Storage Gateway is a hybrid cloud storage service.

11)

Which of the following procedures may reduce your Amazon S3 costs?

Move all the data stored in S3 standard to EBS.

Pick the right Availability Zone for your S3 bucket.

Use the Import/Export feature to move old files automatically to Amazon Glacier.

Use the right combination of storage classes based on the different use cases.

Use the right combination of storage classes based on the different use cases.


Explanation
Amazon S3 offers a range of storage classes designed for different use cases. These include S3 Standard for general-purpose storage of frequently accessed data; S3 Intelligent-Tiering for data with unknown or changing access patterns; S3 Standard-Infrequent Access (S3 Standard-IA) and S3 One Zone-Infrequent Access (S3 One Zone-IA) for long-lived, but less frequently accessed data; and Amazon S3 Glacier (S3 Glacier) and Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive) for long-term archive and digital preservation.

The other options are incorrect:

“Move all the data stored in S3 standard to EBS” is incorrect. EBS is a block level storage service that has its own use cases.

“Pick the right Availability Zone for your S3 bucket” is incorrect. You don’t have the option to store objects on a specific AZ. On the other hand you can choose the AWS region where you want your buckets to be.

“Use the Import/Export feature to move old files automatically to Amazon Glacier” is incorrect. In order to reduce your Amazon S3 costs you should create a lifecycle policy to automatically move old (or less accessed) files to cheaper S3 storage tiers or to automatically delete them after an expiration date.

12

There is a need to automate the creation of sandbox accounts for developers and granting entities in those accounts access only to the necessary AWS services. Which of the following services would help?

AWS WAF

AWS Organizations

AWS Trusted Advisor

Amazon Config

AWS Organizations


Explanation
You can use the AWS Organizations APIs to automate the creation and management of new AWS accounts. The Organizations APIs enable you to create new accounts programmatically, and to add the new accounts to a group. The policies attached to the group are automatically applied to the new accounts. For example, you can automate the creation of sandbox accounts for developers and grant entities in those accounts access only to the necessary AWS services.

The other options are incorrect:

“AWS Trusted Advisor” is incorrect. AWS Trusted Advisor gives you proactive recommendations to optimize your AWS environment for cost, performance, security, fault tolerance and service limits.

“Amazon Config” is incorrect. Amazon Config is used to record and evaluate configurations of your AWS resources.

“AWS WAF” is incorrect. AWS WAF is a AWS web application firewall that helps protect your web applications.

13

How much data can you store in S3?

You can store up to 1 PetaByte of data.

Storage capacity is virtually unlimited.

You can store up to 1 PetaByte of data, then you are required to pay an additional fee.

There is a soft limit of 100 TB for each AWS account.

Storage capacity is virtually unlimited.


Explanation
As an S3 user, there is virtually no limit on the amount of data you can store in S3.

14

Which of the following is one of the benefits of AWS security?

Scales quickly

Starts automatically once you upload your data

Free for AWS premium members

Reduces Capital expenditure (CapEx)

Scales quickly


Explanation
Security scales with your AWS Cloud usage. No matter the size of your business, the AWS infrastructure is designed to keep your data safe.

The other options are incorrect:

“Free for AWS premium members” is incorrect. Not all security features are free. For example security groups are free for all customers however Amazon Inspector is not free.

“Starts automatically once you upload your data” is incorrect. AWS Security doesn’t start automatically, you have to go on and set up how your data will be accessed and decide whether this data will be encrypted or not and so on.

“Reduces Capital expenditure (CapEx)” is incorrect. A capital expenditure ( CapEx) is an amount spent to acquire or significantly improve the capacity or capabilities of a long-term physical asset such as equipment or buildings. AWS enables businesses to leverage high-end technologies and infrastructure needs with ZERO CapEx. AWS offers IT infrastructure services to businesses as web services—now commonly known as cloud computing. One of the key benefits of cloud computing is the opportunity to replace upfront capital infrastructure expenses with low variable costs that scale with your business. With the cloud, businesses no longer need to plan for and procure servers and other IT infrastructure weeks or months in advance. Instead, they can instantly spin up hundreds or thousands of servers in minutes and deliver results faster.

15

Which of the following services can help protect your web applications from SQL injection and other vulnerabilities in your application code?

Amazon Aurora

IAM

Amazon Cognito

AWS WAF

AWS WAF


Explanation
AWS WAF (Web Application Firewall) helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application.

The other options are incorrect:

Amazon Aurora is incorrect. Amazon Aurora is a database service.

IAM is incorrect. IAM refers to the Identity and Access Management.

Amazon Cognito is incorrect. Amazon Cognito provides simple and Secure User Sign-Up, Sign-In, and Access Control.

16

There are performance issues with your under-development application, being built using microservices architecture. Which of the following AWS services would help you analyze these issues?

AWS Inspector

AWS CodePipeline

AWS CloudTrail

X-Ray

X-Ray


Explanation
AWS X-Ray helps developers analyze and debug distributed applications in production or under development, such as those built using microservice architecture. With X-Ray, you can understand how your application and its underlying services are performing so you can identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application’s underlying components. You can use X-Ray to analyze both applications in development and in production, from simple three-tier applications to complex microservices applications consisting of thousands of services.

The other options are incorrect:

“AWS CodePipeline” is incorrect. AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.

“AWS Inspector” is incorrect. Amazon Inspector helps you to identify security vulnerabilities as well as deviations from security best practices in applications NOT for analyzing performance issues.

“AWS CloudTrail” is incorrect. CloudTrail is a service that allows you to track all users’ actions that are taken in your AWS account.

17

Which of the following runs your application only when needed, without having to provision servers all the time?

AWS RDS instances

AWS LightSail

AWS EC2 instances

AWS Lambda

AWS Lambda


Explanation
AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time you consume – there is no charge when your code is not running.

The other options are incorrect:

“AWS EC2 instances” is incorrect. After provisioning an EC2 instance, it continues to run all the time until being stopped or terminated. But with Lambda, the application code will run only when triggered.

“AWS LightSail” is incorrect. Amazon Lightsail is a new offering from AWS to create a VPS (Virtual Private Server) on the cloud.

“AWS RDS instances” is incorrect. AWS RDS instances are the instances that run the RDS relational databases.

18

Ensuring compliance is a key priority for most businesses. Which of the following AWS services will help them achieve this?

CloudEndure

CloudFront

CloudWatch

CloudTrail

CloudTrail


Explanation
AWS CloudTrail is designed to log all actions taken in your AWS account. This provides a great resource for governance, compliance, and risk auditing.

The other options are incorrect:

CloudFront is incorrect. Amazon CloudFront is a content delivery network (CDN) service.

CloudEndure is incorrect. CloudEndure Migration simplifies the process of migrating applications from physical, virtual, and cloud-based infrastructure, ensuring that they are fully operational in any AWS Region without compatibility issues.

CloudWatch is incorrect. Amazon CloudWatch is used to monitor the utilization of AWS resources such as CPU and RAM of EC2. CloudWatch provides you with data and actionable insights to monitor your applications, understand and respond to system-wide performance changes, and get a unified view of operational health.

19)

Where can you store files in AWS? (Choose two)

Amazon EFS

Amazon SNS

Amazon EMR

Amazon EBS

Amazon ECS

Amazon EFS, Amazon EBS


Explanation
** Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. It is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily. Amazon EFS is built to elastically scale on demand without disrupting applications, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. It is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS that scale as a file system grows, with consistent low latencies. As a regional service, Amazon EFS is designed for high availability and durability storing data redundantly across multiple Availability Zones.
** Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability.

The other options are incorrect:

Amazon SNS is incorrect. Amazon Simple Notification Service (SNS) is a pub/sub messaging service.

Amazon ECS is incorrect. Amazon Elastic Container Service (ECS) is a compute service that is used to run containerized applications on AWS.

Amazon EMR is incorrect. Amazon Elastic MapReduce (EMR) is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data across dynamically scalable Amazon EC2 instances.

20

Sarah has deployed her web application in the N. California (US-West-1) region. Later on, she notices that much of her website’s traffic is coming from China. What can she do to reduce latency for her users in China?

Create a CDN using CloudFront, so that content is cached at Edge Locations close to and in China
(Correct)

Migrate the application to a Chinese hosting service

Replicate the current resources across multiple Availability Zones within the same region

Recreate the website content
Explanation
CloudFront is AWS’s content delivery network (CDN) service. Amazon CloudFront employs a global network of edge locations and regional edge caches that cache copies of your content close to your end-users. Amazon CloudFront ensures that end-user requests are served by the closest edge location. As a result, end-user requests travel a short distance, reducing latency and improving the overall performance.

The other options are incorrect:

“Migrate the application to a Chinese hosting service” is incorrect. Cloud Computing now can deal with most of the customers’ requirements. Whatever your problem is you can find a solution.

“Recreate the website content” is incorrect. There is no relation between the website content and the traffic that comes to the web application.

“Replicate the current resources across multiple Availability Zones within the same region” is incorrect. This will only help if the replication is done in a region close to or in China.

20

Sarah has deployed her web application in the N. California (US-West-1) region. Later on, she notices that much of her website’s traffic is coming from China. What can she do to reduce latency for her users in China?

Create a CDN using CloudFront, so that content is cached at Edge Locations close to and in China

Migrate the application to a Chinese hosting service

Replicate the current resources across multiple Availability Zones within the same region

Recreate the website content

Create a CDN using CloudFront, so that content is cached at Edge Locations close to and in China


Explanation
CloudFront is AWS’s content delivery network (CDN) service. Amazon CloudFront employs a global network of edge locations and regional edge caches that cache copies of your content close to your end-users. Amazon CloudFront ensures that end-user requests are served by the closest edge location. As a result, end-user requests travel a short distance, reducing latency and improving the overall performance.

The other options are incorrect:

“Migrate the application to a Chinese hosting service” is incorrect. Cloud Computing now can deal with most of the customers’ requirements. Whatever your problem is you can find a solution.

“Recreate the website content” is incorrect. There is no relation between the website content and the traffic that comes to the web application.

“Replicate the current resources across multiple Availability Zones within the same region” is incorrect. This will only help if the replication is done in a region close to or in China.

21

Amazon Glacier is an Amazon S3 storage class that is suitable for storing _ & ___. (Choose two)

Active archives

Dynamic websites’ assets

Cached data

Active databases

Long-term analytics

Active archives, Long-term analytics


Explanation
Amazon S3 Glacier provides three retrieval options to fit your use case. Expedited retrievals typically return data in 1-5 minutes, and are great for Active Archive use cases. Standard retrievals typically complete between 3-5 hours work, and work well for less time-sensitive needs like backup data, media editing, or long-term analytics. Bulk retrievals are the lowest-cost retrieval option, returning large amounts of data within 5-12 hours.

The other options are incorrect:

“Active databases” is incorrect. Active databases require consistent and low-latency storage performance. For example DB instances for Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server use Amazon Elastic Block Store (Amazon EBS) volumes for database and log storage.

“Cached data” is incorrect. In computing, a cache is a high-speed data storage layer which stores a subset of data, typically transient in nature, so that future requests for that data are served up faster than is possible by accessing the data’s primary storage location. Caching allows you to efficiently reuse previously retrieved or computed data. The data in a cache is generally stored in fast access hardware such as RAM (Random-access memory) and may also be used in correlation with a software component. A cache’s primary purpose is to increase data retrieval performance by reducing the need to access the underlying slower storage layer.

“Dynamic websites’ assets” is incorrect. Dynamic websites usually requires immediate retrieval, which is not available in Glacier.

22

Which statement is correct with regards to service limits? (Choose two)

There are no service limits on AWS.

Each IAM user has the same service limits.

You can use the AWS Trusted Advisor to monitor your service limits.

You can contact support to increase the service limits.

The AWS Simple Email Service is responsible for sending email notifications when usage approaches a service limit.

You can use the AWS Trusted Advisor to monitor your service limits.

You can contact support to increase the service limits.


Explanation
Understanding your service limits (and how close you are to them) is an important part of managing your AWS deployments – continuous monitoring allows you to request limit increases or shut down resources before the limit is reached. One of the easiest ways to do this is via AWS Trusted Advisor’s Service Limit Dashboard, which currently covers 39 limits across 10 services.

              AWS maintains service limits for each account to help guarantee the availability of AWS resources, as well as to minimize billing risks for new customers. Some service limits are raised automatically over time as you use AWS, though most AWS services require that you request limit increases manually. Most service limit increases can be requested through the AWS Support Center by choosing Create Case and then choosing Service Limit Increase.

23

An entertainment company performs image and video processing jobs from time to time. If time is flexible for these jobs to complete, which instance type would be the most cost-effective to use?

Reserved – No Upfront

On-Demand

Reserved – All Upfront

Spot

Spot


Explanation
Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks.

The other options are incorrect:

On-Demand is incorrect. The Spot option provides discounts up to 90% off compared to the On-Demand price.

“Reserved – All Upfront” and “Reserved – No Upfront”are incorrect. Time is flexible, therefore these jobs can be interrupted and resumed at any time. In this case, you should use Spot instances as it provides the largest discount compared to any other payment option.

24

What are the services/features that can help you maintain a highly available and fault-tolerant architecture in AWS? (Choose two)

AWS Direct Connect

CloudFormation

Elastic Load Balancer

AWS NACL

Amazon EC2 Auto Scaling

Elastic Load Balancer, Amazon EC2 Auto Scaling


Explanation
** Amazon EC2 Auto Scaling continually monitors the utilization of the instances underlying your application to make sure that your application always has the right amount of compute. In other words Amazon EC2 Auto Scaling automatically scales the instances up during demand spikes (to increase the availability of the application) or scales them down when demand lulls (to minimize costs). In addition to that, Amazon EC2 Auto Scaling can detect when an instance is unhealthy, terminate it, and replace it with a new one which increases the “Fault Tolerance” of your application.

** Elastic Load Balancing provides an effective way to increase the availability and fault tolerance of a system. First ELB tries to discover the availability of your EC2 instances, it periodically sends pings, attempts connections, or sends requests to test the EC2 instances. These tests are called health checks. The status of the instances that are healthy at the time of the health check is InService. The status of any instances that are unhealthy at the time of the health check is OutOfService. The load balancer routes user requests only to the healthy instances. When the load balancer determines that an instance is unhealthy, it stops routing requests to that instance. The load balancer resumes routing requests to the instance when it has been restored to a healthy state.

The other options are incorrect:

CloudFormation is incorrect. CloudFormation provides an organized method to deploy all of your AWS resources.

AWS NACL is incorrect. AWS NACL is used to control traffic at the subnet level.

AWS Direct Connect is incorrect. AWS Direct Connect allows you to establish a dedicated network connection from your on-premises to AWS.

25

Jessica is managing an e-commerce web application in AWS. The application is hosted on six EBS-backed EC2 instances. One day, three of those instances crashed; however, none of her customers were affected. What has Jessica done correctly in this scenario?

She has properly built a scalable system.

She has properly built an elastic system.

She has properly built a durable system.

She has properly built a fault tolerant system.

She has properly built a fault tolerant system.


Explanation
Fault tolerance is the property that enables a system to continue operating properly in the event of the failure of some (one or more faults within) of its components. For example, when someone want to visit Jessica’s website to purchase a product. Whether it is at 9:00am on a Monday morning or 3:00am on a holiday, he expects that the site will be available and ready to accept his purchase. The cost of not meeting these expectations can be crippling to many businesses. This is just one example of why businesses and organizations strive to develop software systems that can survive faults.

The other options are incorrect:

“She has properly built an elastic system” is incorrect. Elasticity is the ability of a system to scale the resources needed to cope with load dynamically. So that when the load increases you scale by adding more resources and when demand wanes you shrink back and remove unneeded resources.

“She has properly built a scalable system” is incorrect. Scalability is the ability of a system to accommodate larger loads just by adding resources either making hardware stronger (scale up) or adding additional nodes (scale out).

“She has properly built a durable system” is incorrect. Durability refers to the ability of a system to assure data is stored and data remains consistent in the system as long as it is not changed by legitimate access. This means that data should not become corrupted or disappear due to a system malfunction. Durability is used to measure the likelihood of data loss. For example, assume you have confidential data stored in your Laptop. If you make a copy of it and store it in a secure place, you have just improved the durability of that data. It is much less likely that all copies will be simultaneously destroyed. AWS measures durability as a percentage. For example, the S3 Standard Tier is designed for 99.999999999% durability. This means that if you store 100 billion objects in S3, you will lose one object at most. Also, Amazon EBS volume data is replicated across multiple servers in an Availability Zone to prevent the loss of data from the failure of any single component. The replication of data makes EBS volumes 20 times more durable than typical commodity disk drives, which fail with an AFR (annual failure rate) of around 4%. For example, if you have 1,000 EBS volumes running for 1 year, you should expect 1 to 2 will have a failure. The problem in the scenario is not with how durable the data is, but with how the system is built to handle failures in one or more of its components. In our case, an “EBS-backed” instance is an EC2 instance that uses an EBS volume as it’s root device. Amazon EBS volumes are off-instance storage that persists independently from the life of an instance. So, even if the six EC2 instances crashed, data will still persist in the EBS volumes (i.e. remains durable).

26)

Which of the following AWS services can be used as a compute resource? (Choose two)

Amazon EC2

AWS Lambda

Amazon S3

Amazon VPC

Amazon EC2

AWS Lambda


Explanation
** Although there are no servers to manage in AWS Lambda, this does not mean that there are no servers or compute resources doing the work. Every application needs compute capacity to run. With Lambda, AWS handles this compute capacity and manages it for you. In brief, AWS Lambda provides serverless computing in the AWS Cloud.
** Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud.

The other options are incorrect:

Amazon S3 is incorrect. Amazon S3 is storage service.

Amazon VPC is incorrect. Amazon VPC is a networking service.

27

A company needs to host a database in Amazon RDS for at least twelve months. Which of the following options would be the most cost-effective solution?

Reserved instances – No Upfront

On-Demand instances

Reserved instances – Partial Upfront

Spot Instances

Reserved instances – Partial Upfront


Explanation
Since the database server will be hosted for a period of at least one year then it is better to use the RDS Reserved Instances as it provides you with a significant discount compared to the On-Demand Instance pricing for the DB instance.
With the Partial Upfront option, you make a low upfront payment and are then charged a discounted hourly rate for the instance for the duration of the Reserved Instance term. The Partial Upfront option is more cost effective than the No upfront option (The more you spend upfront the more you save).

The other options are incorrect:

“Spot Instances” is incorrect. Spot is an option for paying for EC2 not RDS.

“Reserved instances – No Upfront” is incorrect. The No Upfront option does not require any upfront payment and provides a discounted hourly rate for the duration of the term. The Partial Upfront option provides more discounts than the No Upfront option because you spend more upfront.

“On-Demand instances” is incorrect. On-Demand is not a cost effective solution.

28

What is the primary storage service used by Amazon RDS DB instances?

Amazon S3

Amazon Glacier

Amazon EFS

Amazon EBS

Amazon EBS


Explanation
DB instances for Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server use Amazon Elastic Block Store (Amazon EBS) volumes for database and log storage.

The other options are incorrect:

Amazon S3 is incorrect. Amazon S3 refers to the simple storage service. Amazon S3 is an object level storage that cannot be used to store running operating systems.

Amazon EFS is incorrect. Amazon EFS refers to the Amazon Elastic File System. Amazon EFS is a file level storage that provides a scalable, elastic file system for Linux-based workloads for use with AWS Cloud services and on-premises resources. Amazon EFS cannot be used to store Amazon RDS DB instances.

Amazon Glacier is incorrect. Amazon Glacier is used for storing backups and long-term data.

29

What is the AWS data warehouse service that supports a very high level of query performance on large amounts of datasets?

Amazon DynamoDB

Amazon Redshift

Amazon Kinesis

Amazon RDS

Amazon Redshift


Explanation
Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. It allows you to run complex analytic queries against petabytes of structured data. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers.

The other options are incorrect:

Amazon Kinesis is incorrect. Amazon Kinesis is used to collect, process, and analyze video and data streams in real time.

Amazon RDS is incorrect. Amazon Relational Database Service (Amazon RDS) is used to set up and operate a relational database in the cloud.

Amazon DynamoDB is incorrect. Amazon DynamoDB is a NoSQL database.

30)

Which of the following AWS security features is associated with an EC2 instance and functions to filter incoming traffic requests?

Security Groups

NACL

AWS X-Ray

AWS WAF

Security Groups


Explanation
Security Groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level.

The other options are incorrect:

NACL is incorrect. A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.
Note: ACLs act at the subnet level, but security groups act at the instance level.

AWS X-Ray is incorrect. AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.

AWS WAF is incorrect. AWS WAF refers to the Web Application Firewall.

31

You are currently working on an application that uses Lambda as its compute resource. You need a storage resource to store and retrieve photos and videos. Which of the following services can best be used as the underlying storage mechanism?

Amazon EBS

Amazon SQS

AWS Instance store

Amazon S3

Amazon S3


Explanation
Amazon S3 is object storage built to store and retrieve any amount of data from anywhere on the Internet. It’s a simple storage service that offers an extremely durable, highly available, and infinitely scalable data storage infrastructure at very low costs.

The other options are incorrect:

Amazon SQS is incorrect. Amazon SQS is not a storage service. It is a messaging queuing service that can be used to send messages between application components. SQS enables you to decouple and scale microservices, distributed systems, and serverless applications.

AWS Instance store is incorrect. Amazon EC2 Instance Store provides temporary block-level storage for your instance. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.

Amazon EBS is incorrect. Amazon EBS is a block level storage that can only be used as a drive for Amazon EC2 or Amazon RDS. Amazon EBS is not for storing images or videos. Amazon EBS is designed for application workloads that benefit from fine tuning for performance and capacity. Typical use cases include Big Data analytics engines (like the Hadoop/HDFS ecosystem and Amazon EMR clusters), relational and NoSQL databases (like Microsoft SQL Server and MySQL or Cassandra and MongoDB), stream and log processing applications (like Kafka and Splunk), and data warehousing applications (like Vertica and Teradata).

32

There is a need to analyze and process a large number of data sets. Which service can help in this regard?

Amazon SQS

Amazon SNS

Amazon MQ

Amazon EMR

Amazon EMR


Explanation
Amazon EMR helps you analyze and process vast amounts of data by distributing the computational work across a cluster of virtual servers running in the AWS Cloud. The cluster is managed using an open-source framework called Hadoop. Amazon EMR lets you focus on crunching or analyzing your data without having to worry about time-consuming setup, management, and tuning of Hadoop clusters or the compute capacity they rely on.

All other options are messaging services.

33

There is a need to import a large amount of structured data into a database service. What is the AWS database service that best achieves this?

RDS

ElastiCache

Neptune

DynamoDB

RDS


Explanation
Since the data is structured, then it is best to use a relational database service such as Amazon RDS.

The other options are incorrect:

ElastiCache is incorrect. ElastiCache is an in-memory data store and cache service.

DynamoDB is incorrect. DynamoDB is a NoSQL database service.

Neptune is incorrect. Neptune is a graph database service.

34

Which of the following can be used to automate the management of multiple AWS services through scripts?

AWS OpsWorks

AWS Console

AWS Service Catalog

AWS CLI

AWS CLI


Explanation
The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

The other options are incorrect:

“AWS Service Catalog” is incorrect. AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS.

“AWS OpsWorks” is incorrect. AWS OpsWorks can be used to automate one service which is EC2. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.

“AWS Console” is incorrect. AWS Console lets you access and manage Amazon Web Services through a web-based user interface.

35

Your company is planning to host its applications in the AWS Cloud. Which of the following services can be used to help decouple distributed software systems and components? (Choose two)

AWS EBS

AWS SQS

AWS SES

Amazon Athena

AWS SNS

AWS SQS, AWS SNS


Explanation
Amazon Simple Queue Service (SQS) and Amazon SNS are both messaging services within AWS, which provide different benefits for developers.
Amazon SNS allows applications to send time-critical messages to multiple subscribers through a “push” mechanism, eliminating the need to periodically check or “poll” for updates.
Amazon SQS is a message queue service used by distributed applications to exchange messages through a polling model. Amazon SQS provides flexibility for distributed components of applications to send and receive messages without requiring each component to be concurrently available.
Using SNS, you can publish messages to Amazon SQS queues to reliably send messages to one or many system components asynchronously.

In brief, SQS and SNS can be integrated together to decouple application components so that they run (or fail ) independently, increasing the overall fault tolerance of the system.

The other options are incorrect:

AWS EBS is incorrect. AWS EBS is a storage service for use with EC2 instances.

Amazon Athena is incorrect. Amazon Athena is a serverless analytics service. It is used to analyze data in Amazon S3 using standard SQL.

AWS SES is incorrect. AWS SES is a cloud-based email delivery service.

36)

You have decided to pay a low upfront fee in order to get a significantly discounted hourly rate. What payment model are you planning to use?

Pay as you go

Pay less by using more

Pay less as AWS grows

Save when you reserve

Save when you reserve


Explanation
For certain products, like Amazon EC2 and Amazon RDS, you can invest in reserved capacity. In that case, you pay a low upfront fee and get a significantly discounted hourly rate, which results in overall savings up to 75%(depending on the type of instance you reserve) over equivalent on-demand capacity.

The other options are incorrect:

“Pay as you go” is incorrect. On-demand is the option that represents the “Pay as you go” payment model.

“Pay less as AWS grows” is incorrect. Pay less as AWS grows refers to the discounts that you get over time as AWS grows. This sometimes called “AWS Economies of Scale”. For example, AWS has reduced the per GB storage price of S3 by 80% since the service was first introduced in 2006.

“Pay less by using more” is incorrect. “Pay less by using more” means that you get volume based discounts and as your usage increases. For services such as S3, pricing is tiered, meaning the more you use, the less you pay per GB.

37)

In your on-premises environment, you can create as many virtual servers as you need from a single template. What can you use to perform the same in AWS?

AWS AMI

AWS IAM

AWS Snapshot

An internet gateway

AWS AMI


Explanation
An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). This template save time and avoid errors when configuring settings to create new instances. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.

The other options are incorrect:

AWS IAM is incorrect. AWS IAM refers to the AWS Identity and Access Management.

AWS Snapshot is incorrect. An EBS snapshot is a point-in-time copy of your Amazon EBS volume.

An internet gateway is incorrect. An internet gateway is a VPC component that allows communication between instances in your VPC and the internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic.

38

Which AWS service uses Edge Locations to cache content?

AWS KMS

AWS Direct Connect

AWS CloudFront

AWS Glacier

AWS CloudFront


Explanation
CloudFront is a content caching service provided by AWS that uses Edge Locations (which are AWS data centers located all around the world) to reduce network latency when delivering content to end users.

The other options are incorrect:

AWS Glacier is incorrect. AWS Glacier is an Amazon S3 storage class.

AWS KMS is incorrect. AWS KMS is a key management service.

AWS Direct Connect is incorrect. AWS Direct Connect is a cloud service solution that is used to establish a dedicated network connection from your premises to AWS.

39

Which of the following is required to connect to Amazon EC2 instances?

MFA

Instance Password

Key pairs

Route Tables

Key pairs


Explanation
During the creation process of the Amazon EC2 instances you can create and download your key pair. This key pair is required when you want to connect to your Amazon EC2 instances.
Note:
You can’t connect to your EC2 instance unless you attach a security group that allows SSH access from your IP.

The other options are incorrect:

“MFA” is incorrect. MFA is an additional security layer that can be used to secure your AWS console. MFA can also be used to control access to AWS service APIs.

“Instance Password” is incorrect. There are no passwords related to the EC2 instances.

“Route Tables” is incorrect. A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.

40

Which service can be used to store and reliably deliver messages across distributed systems?

Amazon Simple Email Service

AWS Storage Gateway

Amazon Simple Storage Service

Amazon Simple Queue Service

Amazon Simple Queue Service


Explanation
Amazon SQS is a highly reliable, scalable message queuing service that enables asynchronous message-based communication between distributed components of an application. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

The other options are incorrect:

“Amazon Simple Storage Service” is incorrect. Amazon Simple Storage Service (Amazon S3) is an object storage service.

“Amazon Simple Email Service” is incorrect. Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails.

“AWS Storage Gateway” is incorrect. AWS Storage Gateway is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. The gateway connects to AWS storage services – such as Amazon S3 and Amazon EBS – and provides storage for files, volumes, snapshots, and virtual tapes in AWS.

41)

What does Amazon ElastiCache provide?

In-memory caching for read-heavy applications.

A domain name system in the cloud.

A database instance with elastic cache memory.

An Ehcache compatible in-memory data store.

In-memory caching for read-heavy applications.


Explanation
ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in-memory data store or cache environment in the cloud. It provides a high-performance, scalable, and cost-effective caching solution, while removing the complexity associated with deploying and managing a distributed cache environment. The in-memory caching provided by Amazon ElastiCache can be used to significantly improve latency and throughput for many read-heavy application workloads (such as social networking, gaming, media sharing and Q&A portals) or compute-intensive workloads (such as a recommendation engine). In-memory caching improves application performance by storing critical pieces of data in memory for low-latency access. Cached information may include the results of I/O-intensive database queries or the results of computationally-intensive calculations.

The other options are incorrect:

“A database instance with elastic cache memory” is incorrect. ElastiCache is an in-memory data store and cache NOT a database server.

“A domain name system in the cloud” is incorrect. Route53 is the service that provides DNS in the cloud.

“An Ehcache compatible in-memory data store” is incorrect. ElastiCache supports only two cache engines: Redis and Memcached.

42

What is the AWS service that provides five times the performance of a standard MySQL database?
• Error! Not a valid embedded object.
Aurora
• Error! Not a valid embedded object.
Amazon Redshift
• Error! Not a valid embedded object.
DynamoDB
• Error! Not a valid embedded object.
Amazon SimpleDB

• Error! Not a valid embedded object.
Aurora


Explanation
Amazon Aurora is a fully-managed, MySQL and PostgreSQL-compatible relational database engine. It combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. It delivers up to five times the throughput of MySQL and up to three times the throughput of PostgreSQL without requiring changes to most of your existing applications.

The other options are incorrect:

Amazon Redshift is incorrect. Amazon Redshift provides a scalable data warehouse in the cloud.

Amazon SimpleDB is incorrect. Amazon SimpleDB is a NoSQL data store.

DynamoDB is incorrect. DynamoDB is a NoSQL database engine.

43)

Which of the following support plans include the AWS Support Concierge Service?
• Error! Not a valid embedded object.
Standard
• Error! Not a valid embedded object.
Business
• Error! Not a valid embedded object.
Premium
• Error! Not a valid embedded object.
Enterprise

• Error! Not a valid embedded object.
Enterprise


Explanation
The AWS Support Concierge Service is available only for the Enterprise plan subscribers.

44

Which of the following is a benefit of running an application in multiple Availability Zones?
• Error! Not a valid embedded object.
Increases the available compute capacity
• Error! Not a valid embedded object.
Enables you to go beyond service limits
• Error! Not a valid embedded object.
Reduces application response time between servers and global users
• Error! Not a valid embedded object.
Increases the availability of your application

• Error! Not a valid embedded object.
Increases the availability of your application


Explanation
Placing instances that run your application in multiple Availability Zones improves the fault tolerance of your application. If one Availability Zone experiences an outage, traffic is routed to another Availability Zone, and this will increase the availability of your application.

The other options are incorrect:

“Increases the available compute capacity” is incorrect. You can provision virtually unlimited compute capacity regardless of the number of Availability Zones.

“Reduces application response time between servers and global users” is incorrect. The question didn’t mention whether these Availability Zones exists within a single region or multiple regions. Application response time for global users can only be improved if you deploy to multiple regions around the world.

“Enables you to go beyond service limits” is incorrect. AWS service limits are region-specific NOT AZ-specific.

45

Doodle, Inc. has a web application that ultimately stores billions of images and videos. All told, there is almost an exabyte of data stored in Doodle’s system. Which of the following AWS services can best transfer the data to AWS?
• Error! Not a valid embedded object.
Amazon VPC
• Error! Not a valid embedded object.
Snowball
• Error! Not a valid embedded object.
S3 Transfer Acceleration
• Error! Not a valid embedded object.
Snowmobile

• Error! Not a valid embedded object.
Snowmobile


Explanation
AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can transfer up to 100PB per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration. At exabyte scale, transferring data with Snowmobile is more secure, fast and cost effective.

The other options are incorrect:

Amazon VPC is incorrect. Amazon VPC is used to create virtual networks in the cloud.

Snowball is incorrect. Snowball is a petabyte-scale data transport solution that is NOT practical to use at exabyte scale.

S3 Transfer Acceleration is incorrect. Amazon S3 Transfer Acceleration is not a migration solution. Amazon S3 Transfer Acceleration enables fast transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

46

Which of the following services can be used to process images uploaded to S3?
• Error! Not a valid embedded object.
AWS Artifact
• Error! Not a valid embedded object.
Amazon Athena
• Error! Not a valid embedded object.
AWS Lambda
• Error! Not a valid embedded object.
Amazon PinPoint

• Error! Not a valid embedded object.
AWS Lambda


Explanation
AWS Lambda is the only service mentioned that can be used for “processing” as it is a computing service.

The other options are incorrect:

Amazon Athena is incorrect. Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL.

AWS Artifact is incorrect. AWS Artifact is a no cost, self-service portal for on-demand access to AWS’ compliance reports.

Amazon PinPoint is incorrect. Amazon PinPoint is used to engage your customers by sending them targeted and transactional email, SMS, push notifications, and voice messages.

47

Which of the following is used to control network traffic in AWS? (Choose three)
• Error! Not a valid embedded object.
Key Pairs
• Error! Not a valid embedded object.
Security Groups
• Error! Not a valid embedded object.
Route Tables
• Error! Not a valid embedded object.
Network Access Control lists.
• Error! Not a valid embedded object.
IAM Policies

• Error! Not a valid embedded object.
Security Groups

• Error! Not a valid embedded object.
Route Tables

• Error! Not a valid embedded object.
Network Access Control lists.

48

Which of the following are customer responsibilities when using EC2? (Choose two)
• Error! Not a valid embedded object.
Patch the underlying infrastructure
• Error! Not a valid embedded object.
Maintain consistent hardware components
• Error! Not a valid embedded object.
Install and configure third-party software
• Error! Not a valid embedded object.
Protect sensitive data
• Error! Not a valid embedded object.
Setup and operate managed databases

• Error! Not a valid embedded object.
Install and configure third-party software
• Error! Not a valid embedded object.
Protect sensitive data


Explanation
Amazon EC2 requires the customer to perform all of the necessary security configuration and management tasks. When customers deploy Amazon EC2 instances, they are responsible for management of custom Amazon Machine Images, management of the guest operating systems (including updates and security patches), securing application access and data, installing and configuring third-party applications or utilities, and the configuration of the AWS-provided firewall (called a security group) on each instance.

The other options are incorrect:

“Patch the underlying infrastructure” is incorrect. AWS is responsible for patching the underlying infrastructure. The customer is responsible for patching the operating system and any software or application run on EC2.

“Setup and operate managed databases” is incorrect. Managed databases such as Amazon RDS eliminate the need to setup, patch or backup databases.

“Maintain consistent hardware components” is incorrect. AWS is responsible for maintaining consistency of all hardware components.

49)

AWS recommends some practices to help an organization avoid unexpected charges on their bill. Which of the following is not one of these practices?
• Error! Not a valid embedded object.
Releasing unused Elastic IPs after terminating an EC2 instance.
• Error! Not a valid embedded object.
Deleting unused AutoScaling launch configuration.
• Error! Not a valid embedded object.
Deleting unused Elastic Load Balancers.
• Error! Not a valid embedded object.
Deleting unused EBS volumes after terminating an EC2 instance.

• Error! Not a valid embedded object.
Deleting unused AutoScaling launch configuration.


Explanation
“Deleting unused AutoScaling launch configuration” will not help, and thus is the correct choice. The AutoScaling launch configuration does not incur any charges. Thus, it will not make any difference whether it is deleted or not.
AWS will charge the user once the AWS resource is allocated (even if it is not used). Thus, it is advised that once the user’s work is completed he should:
1- Delete all Elastic Load Balancers.
2- Terminate all unused EC2 instances.
3- Delete the attached EBS volumes that you don’t need.
4- Release any unused Elastic IP.

50)

Which of the following are use cases for Amazon S3? (Choose two)
• Error! Not a valid embedded object.
Hosting static websites
• Error! Not a valid embedded object.
Hosting websites that require sustained high CPU utilization
• Error! Not a valid embedded object.
Cost-effective database and log storage
• Error! Not a valid embedded object.
Processing data streams at any scale
• Error! Not a valid embedded object.
A media store for the CloudFront service

• Error! Not a valid embedded object.
Hosting static websites

• Error! Not a valid embedded object.
A media store for the CloudFront service


Explanation
You can host a static website on Amazon Simple Storage Service (Amazon S3). On a static website, individual webpages include static content. They might also contain client-side scripts. To host a static website, you configure an Amazon S3 bucket for website hosting, allow public read access, and then upload your website content to the bucket. By contrast, a dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting. Amazon Web Services (AWS) also has resources for hosting dynamic websites such as Amazon EC2.
Amazon S3 is an excellent storage facility for your media assets. It is infinitely scalable, has built-in redundancy, and is available to you on a pay-as-you-go basis. For example, if you want to deliver or stream video files to your global users, all you need to do is to put your content in an S3 bucket and create a CloudFront distribution that points to the bucket. Your user’s video player will use CloudFront URLs to request the video file. The request will be directed to the best edge location, based on the user’s location. The Amazon Cloudfront Content Delivery Network (CDN) will serve the video from its cache, fetching it from the S3 bucket if it has not already been cached. The CDN caches content at the edge locations for consistent, low-latency, high-throughput video delivery.

The other options are incorrect:

“Cost-effective database and log storage” is incorrect. Databases and dynamic websites require block level storage (such as EBS). S3 cannot be used here as it is an object level storage.

“Hosting websites that require sustained high CPU utilization” is incorrect. S3 can only be used to host static websites.

“Processing data streams at any scale” is incorrect. S3 is not a compute service

.