AWS Certified Cloud Practitioner- Q & A-Part 3

Which type of AWS Storage Gateway can be used to backup data with popular backup software?
•
Backup Gateway
•
Volume Gateway
•
File Gateway
•
Gateway Virtual Tape Library

Gateway Virtual Tape Library

Explanation
• The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud. The Gateway Virtual Tape Library can be used with popular backup software such as NetBackup, Backup Exec and Veeam. Uses a virtual media changer and tape drives
• There is no such thing as a Backup Gateway in the AWS products
• File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3
• The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes

What does an organization need to do in Amazon IAM to enable user access to services being launched in new region?
•
Create new user accounts in the new region
•
Nothing, IAM is global
•
Enable global mode in IAM to provision the required access
•
Update the user accounts to allow access from another region

Nothing, IAM is global

Explanation
• IAM is used to securely control individual and group access to AWS resources. IAM is universal (global) and does not apply to regions

Which of the following can be assigned to an IAM user? (choose 2)
•
A key pair
•
An SSL/TLS certificate
•
A password for access to the management console
•
An access key ID and secret access key
•
A password for logging into Linux

A password for access to the management console
•
An access key ID and secret access key

Explanation
• An IAM user is an entity that represents a person or service. Users can be assigned an access key ID and secret access key for programmatic access to the AWS API, CLI, SDK, and other development tools and a password for access to the management console
• Key pairs are used with Amazon EC2 as a method of using public key encryption to securely access EC2 instances
• You cannot assign an IAM user with a password for logging into a Linux instance
• You cannot assign an SSL/TLS certificate to a user

What is the difference between an EBS volume and an Instance store?
•
Instance store volumes can be used with all EC2 instance types whereas EBS cannot
•
EBS volumes are object storage devices whereas Instance store volume are block based
•
Instance store volumes are ephemeral whereas EBS volumes are persistent storage
•
EBS volumes are file-level storage devices whereas Instance store volumes are object-based

Instance store volumes are ephemeral whereas EBS volumes are persistent storage

Explanation
• EBS-backed means the root volume is an EBS volume and storage is persistent. Instance store-backed means the root volume is an instance store volume and storage is not persistent
• Both EBS and Instance store volumes are block-based storage devices
• EBS volumes can be used with all EC2 instance types whereas Instance store volumes are more limited in compatibility

How are AWS Lambda functions triggered?
•
Metrics
•
Schedules
•
Events
•
Counters

Events

Explanation
• AWS Lambda lets you run code as functions without provisioning or managing server. Lambda-based applications (also referred to as serverless applications) are composed of functions triggered by events

Your organization is looking to expand into the cloud for their web presence and development and test environments. Production systems will remain on-premises. What cloud computing deployment model will best suit the organization?
•
Private
•
PaaS
•
Hybrid
•
Public

Hybrid

Explanation
A hybrid cloud computing model includes services deployed in private clouds and public clouds. This model suits the businesses requirements
Platform as a Service (PaaS) is a type of service offering rather than a cloud computing deployment model

The AWS acceptable use policy for penetration testing allows?
•
Customers to carry out security assessments or penetration tests against their AWS infrastructure after obtaining authorization from AWS
•
AWS to perform penetration testing against customer resources without notification
•
Customers to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for selected services
•
Authorized security assessors to perform penetration tests against any AWS customer without authorization

Customers to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for selected services

Explanation
AWS updated their policy and now allow AWS customers carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services.

Which AWS service lets you add user sign up, sign-in and access control to web and mobile apps?
•
AWS Cognito
•
AWS CloudHSM
•
AWS Artifact
•
AWS Directory Service

AWS Cognito

Explanation
• Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0
• AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud
• AWS Artifact is your go-to, central resource for compliance-related information that matters to you
• AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud

Which tool can be used to provide real time guidance on provisioning resources following AWS best practices?
•
AWS Inspector
•
AWS Trusted Advisor
•
AWS Simple Monthly Calculator
•
AWS Personal Health Dashboard

AWS Trusted Advisor

Explanation
• Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment. Trusted Advisor provides real time guidance to help you provision your resources following best practices
• Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS
• AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you
• The AWS Simple Monthly Calculator helps you to estimate the cost of using AWS services

Which AWS service provides a single location to track the progress of application migrations across multiple AWS and partner solutions?
•
AWS Database Migration Service
•
AWS Server Migration Service
•
AWS Batch
•
AWS Migration Hub

AWS Migration Hub

Explanation
• AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions. Using Migration Hub allows you to choose the AWS and partner migration tools that best fit your needs, while providing visibility into the status of migrations across your portfolio of applications. This includes AWS Database Migration Service, AWS Server Migration Service, and partner migration tools
• AWS Database Migration Service helps you migrate databases to AWS quickly and securely
• AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS
• With AWS Batch, you simply package the code for your batch jobs, specify their dependencies, and submit your batch job using the AWS Management Console, CLIs, or SDK

Which Amazon EC2 pricing option provides significant discounts for fixed term contracts?
•
Dedicated Instances
•
Reserved Instances
•
Spot Instances
•
Dedicated Hosts

Reserved Instances

Explanation
• Reserved instances provide significant discounts, up to 75% compared to On-Demand pricing, by paying for capacity ahead of time
• Spot Instances allow you to purchase spare computing capacity with no upfront commitment at discounted hourly rates
• Dedicated hosts are EC2 servers dedicated to a single customer
• Dedicated Instances are Amazon EC2 instances that run in a VPC on hardware that’s dedicated to a single customer

Which service can be used to assign a policy to a group?
•
Amazon Cognito
•
AWS IAM
•
Amazon STS
•
AWS Shield

AWS IAM

Explanation
• IAM is used to securely control individual and group access to AWS resources. Groups are collections of users and have policies attached to them. You can use IAM to attach a policy to a group
• Amazon Cognito is used for authentication using mobile apps
• The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users)
• AWS Shieldis a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS

Which AWS service allows you to automate the evaluation of recorded configurations against desired configuration?
•
AWS Service Catalog
•
AWS OpsWorks
•
AWS Config
•
AWS CloudFormation

AWS Config

Explanation
• AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations
• AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet
• AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS
• AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment

How does “elasticity” benefit an application design?
•
By reducing interdependencies between application components
•
By automatically scaling resources based on demand
•
By reserving capacity to reduce cost
•
By selecting the correct storage tier for your workload

By automatically scaling resources based on demand

Explanation
Elasticity refers to the automatic scaling of resources based on demand. The benefit is that you provision only the necessary resources at a given time (optimizing cost) and don’t have to worry about absorbing spikes in demand.
Elasticity does not reduce interdependencies between systems – this is known as loose coupling.
Reserving capacity to reduce cost refers to using reservations such as EC2 Reserved Instances.
Selecting the correct storage tier would be an example of right-sizing not elasticity.

Which service can be used to manage configuration versions?
•
AWS Service Catalog
•
AWS Artifact
•
AWS Config
•
Amazon Inspector

AWS Config

Explanation
AWS Config is a fully-managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and regulatory compliance.
AWS Service Catalog is used to create and manage catalogs of IT services that you have approved for use on AWS, including virtual machine images, servers, software, and databases to complete multi-tier application architectures.
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. This service can be used to get compliance information related to AWS’ certifications/attestations.
Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

What billing timeframes are available for Amazon EC2 on-demand instances? (choose 2)
•
Per day
•
Per second
•
Per week
•
Per hour
•
Per minute

Per second , Per hour

Explanation
• With EC2 you are billed either by the second, for some Linux instances, or by the hour for all other instance types

Which team is available to support AWS customers on an Enterprise support plan with account issues?
•
AWS Technical Support
•
AWS Technical Account Manager
•
AWS Concierge
•
AWS Billing and Accounts

AWS Concierge

Explanation
Included as part of the Enterprise Support plan, the Support Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts
The Technical Account Manager provides expert monitor and and optimized your environment and coordinate access to other programs and experts

What is the main benefit of the principle of “loose coupling”?
•
Reduce interdependencies so a failure in one component does not cascade to other components
•
Reduce operational complexity
•
Automate the deployment of infrastructure using code
•
Enables applications to scale automatically based on current demand

Reduce interdependencies so a failure in one component does not cascade to other components

Explanation
As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components.
Enabling an application to scale automatically based on current demand is an examples of Elasticity.
Automating the deployment of infrastructure using code is an example of “Infrastructure as code” – services such as CloudFormation provide this functionality.
Loose coupling does not reduce operational complexity. In fact, it may increase complexity as you have more services running and more interactions.

What types of monitoring can Amazon CloudWatch be used for? (choose 2)
•
Operational health
•
Application performance
•
API access
•
Infrastructure
•
Data center

Operational health
•
Application performance

Explanation
• Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch performs performance monitoring and can monitor custom metrics generated by applications and the operational health of your AWS resources
• Amazon CloudTrail monitors API access
• Infrastructure and data center monitoring is not accessible to AWS customers

Which feature of AWS IAM enables you to identify unnecessary permissions that have been assigned to users?
•
Access Advisor
•
Role Advisor
•
Permissions Advisor
•
Group Advisor

Access Advisor

Explanation
• The IAM console provides information about when IAM users and roles last attempted to access AWS services. This information is calledservice last accessed data. This data can help you identify unnecessary permissions so that you can refine your IAM policies to better adhere to the principle of “least privilege.” That means granting the minimum permissions required to perform a specific task. You can find the data on the Access Advisor tab in the IAM console by examining the detail view for any IAM user, group, role, or managed policy

Which of the following security related activities are AWS customers responsible for? (choose 2)
•
Installing patches on network devices
•
Implementing IAM password policies
•
Implementing data center access controls
•
Secure disposal of faulty disk drives
•
Installing patches on Windows operating systems

Implementing IAM password policies , Installing patches on Windows operating systems

Explanation
• Customers are responsible for configuring their own IAM password policies and installing operating system patches on Amazon EC2 instances
• AWS are responsible for installing patches on physical hardware devices, data center access controls and secure disposal of disk drives

What is the benefit of using fully managed services compared to deploying 3rd party software on EC2?
•
You have greater control and flexibility
•
You don’t need to back-up your data
•
Improved security
•
Reduced operational overhead

Reduced operational overhead

Explanation
Fully managed services reduce your operational overhead as AWS manage not just the infrastructure layer but the service layers above it. Examples are Amazon Aurora and Amazon ElastiCache where the database is managed for you.
You do not have greater control and flexibility with fully managed services. AWS take more responsibility for providing the service and you therefore have fewer options. For example you may not be able to configure the performance parameters of a database as you’d like to or use your own backup or operational software.
Security is not necessarily improved by managing your own software stack. AWS are extremely good at securing their services and there is arguably less chance that they will expose vulnerabilities than a customer who deploys their own applications.
You do still need to backup your data. For instance, with Amazon ElastiCache it’s up to you to configure backups to S3.

Which of the following is a benefit of moving to the AWS Cloud?
•
Long term commitments
•
Capital purchases
•
Outsource all IT operations
•
Pay for what you use

Pay for what you use

Explanation
With the AWS cloud you pay for what you use. This is a significant advantage compared to on-premises infrastructure where you need to purchase more equipment than you need to allow for peak capacity. You also need to pay for that equipment upfont.
You do not outsource all IT operations when moving to the AWS Cloud. AWS provide some higher-level managed services which reduces your operations effort but does not eliminate it.
Capital purchases are not a benefit of moving to the cloud. The AWS Cloud is mostly an operational expenditure which is favoured by many CFOs.
You do not need to enter into long term commitments with the AWS Cloud. There are options for 1 or 3 year commitments to lower prices with some services but this is not an advantage of the cloud.

Which Amazon EC2 billing option gives you low cost, maximum flexibility, no upfront costs or commitment, and you only pay for what you use?
•
Reserved Instances
•
Dedicated Host
•
Spot Instances
•
On-Demand Instances

On-Demand Instances

Explanation
• With On-Demand instances you pay for hours used with no commitment. There are no upfront costs so you have maximum flexibility
• Spot instances are used for getting a very low price which you bid on. You lose some flexibility as you are constrained by market prices and your workloads can be terminated if the market price exceeds your bid price
• Reserved instances are based on a commitment to 1 or 3 years in exchange for a large discount
• Dedicated hosts use physically dedicated EC2 servers to isolate your workloads and are expensive

You would like to collect custom metrics from a production application every 1 minute. What type of monitoring should you use?
•
CloudWatch with detailed monitoring
•
CloudTrail with basic monitoring
•
CloudWatch with basic monitoring
•
CloudTrail with detailed monitoring

CloudWatch with detailed monitoring

Explanation
• Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring (CloudTrail is for auditing). Used to collect and track metrics, collect and monitor log files, and set alarms. Basic monitoring collects metrics every 5 minutes whereas detailed monitoring collects metrics every 1 minute
• AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is for auditing (CloudWatch is for performance monitoring). CloudTrail is about logging and saves a history of API calls for your AWS account

What is the most cost-effective Amazon S3 storage tier for data that is not often accessed but requires high availability?
•
Amazon Glacier
•
Amazon S3 One Zone-IA
•
Amazon S3 Standard
•
Amazon S3 Standard-IA

Amazon S3 Standard-IA

Explanation
S3 Standard-IA is for data that is accessed less frequently, but requires rapid access when needed. S3 Standard-IA offers the high durability, high throughput, and low latency of S3 Standard with 99.9% availability
S3 One Zone-IA is for data that is accessed less frequently, but requires rapid access when needed. Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ and offers lower availability
Glacier is a data archiving solution so not suitable for a storage tier that requires infrequent access

When performing a total cost of ownership (TCO) analysis between on-premises and the AWS Cloud, which factors are only relevant to on-premises deployments? (choose 2)
•
Facility operations costs
•
Operating system licensing
•
Database administration
•
Hardware procurement teams
•
Application licensing

Facility operations costs , Hardware procurement teams

Explanation
Facility operations and hardware procurement costs are something you no longer need to pay for in the AWS Cloud. These factors therefore must be included as an on-premise cost so you can understand the cost of staying in your own data centres.
Database administration, operating system licensing and application licensing will still be required in the AWS Cloud.

In addition to DNS services, what other services does Amazon Route 53 provide? (choose 2)
•
Traffic flow
•
IP Routing
•
Domain registration
•
DHCP
•
Caching

Traffic flow , Domain registration

Explanation
Route 53 features include domain registration, DNS, traffic flow, health checking, and failover.
Route 53 does not support DHCP, IP routing or caching.
The DNS features of Route 53 are called “routing policies”, however this is not traditional IP routing which is performed by routers. It is intelligent DNS that responds with different results based on certain factors such as latency, weight, or failover configuration.

Which statement is correct in relation to the AWS Shared Responsibility Model?
•
Customers are responsible for security of the cloud
•
Customers are responsible for patching storage systems
•
AWS are responsible for encrypting customer data
•
AWS are responsible for the security of regions and availability zones

AWS are responsible for the security of regions and availability zones

Explanation
• AWS are responsible for “Security of the Cloud”. AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services, and this includes regions, availability zones and edge locations
• Customers are responsible for “Security in the Cloud”. This includes encrypting customer data, patching operating systems but not patching or maintaining the underlying infrastructure

Which security service only requires a rule to be created in one direction as it automatically allows return traffic?
•
Network ACL
•
AWS Shield
•
Security Group
•
VPC Router

Security Group

Explanation
• Security groups are stateful so if you allow traffic to pass through, the return traffic is automatically allowed even if no rule matches the traffic
• Network ACLs are stateless so you must create rules in both directions to allow traffic through
• A VPC router is not a security service
• AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS

Which Compute service should be used for running a Linux operating system upon which you will install custom software?
•
Amazon ECS
•
AWS Lambda
•
Amazon EKS
•
Amazon EC2

Amazon EC2

Explanation
• Amazon EC2 should be used when you need access to a full operating system instance
• Amazon Elastic Container Service (ECS) and Amazon Elastic Container Service for Kubernetes (EKS) are used for running software containers, not full operating system instances
• AWS Lambda runs code as functions in response to events

Which of the following need to be included in a total cost of ownership (TCO) analysis? (choose 2)
•
Facility equipment installation
•

Application development
•
Data center security costs
•
IT Manager salary
•
Company wide marketing

Facility equipment installation , Data center security costs

Explanation
To perform a TCO you need to document all of the costs you’re incurring today to run your IT operations. That includes facilities equipment installation and data center security costs. That way you get to compare the full cost of running your IT on-premises today, to running it in the cloud.
Company wide marketing campaigns are unaffected by moving to the cloud
Application development still needs to continue as you will still have applications running in the cloud.
The IT manager’s salary should not be included, as it will still need to be paid when the organization moves to the cloud.

Which statement is true in relation to data stored within an AWS Region?
•
Data is always replicated to another region
•
Data is not replicated outside of a region unless you configure it
•
Data is always automatically replicated to at least one other availability zone
•
Data is automatically archived after 90 days

Data is not replicated outside of a region unless you configure it

Explanation
Data stored within an AWS region is not replicated outside of that region automatically. It is up to customers of AWS to determine whether they want to replicate their data to other regions. You must always consider compliance and network latency when making this decision.
Data is not automatically replicated to at least one availability zone – this is specific to each service and you must check how your data is stored and whether the availability and durability is acceptable.
Data is never automatically archived. You must configure data to be archived.

When using Amazon RDS databases, which items are you charged for? (choose 2)
•
Multi AZ
•
Inbound data transfer
•
Outbound data transfer
•
Backup up to the DB size
•
Single AZ

Multi AZ , Outbound data transfer

Explanation
• With Amazon RDS you are charged for the type and size of database, the uptime, any additional storage of backup (above the DB size), requests, deployment type (e.g. you pay for multi AZ), and data transfer outbound

Which types of root storage devices are available for Amazon EC2 instances? (choose 2)
•
RAM
•
EBS volume
•
S3 Bucket
•
Instance Store
•
EFS file system

EBS volume , Instance Store

Explanation
• The only storage options for a root volume that can be booted from are EBS volumes and Instance Stores

Which read/write capacity modes are available for DynamoDB? (choose 2)
•
Provisioned capacity mode
•
On-demand capacity mode
•
Spot capacity mode
•
Dedicated capacity mode
•
Reserved capacity mode

Provisioned capacity mode
•
On-demand capacity mode

Explanation
On-demand capacity mode: DynamoDB charges you for the data reads and writes your application performs on your tables. You do not need to specify how much read and write throughput you expect your application to perform because DynamoDB instantly accommodates your workloads as they ramp up or down.
Provisioned capacity mode: you specify the number of reads and writes per second that you expect your application to require. You can use auto scaling to automatically adjust your table’s capacity based on the specified utilization rate to ensure application performance while reducing cost.
Reserved pricing is available for provisioned mode but is not actually a “read/write mode”. There is no Spot pricing option for DynamoDB.

Which of the below are good use cases for a specific Amazon EC2 pricing model? (choose 2)
•
Reserved instances for applications with flexible start and end times
•
On-demand for ad-hoc requirements that cannot be interrupted
•
Spot for consistent load over a long term
•
On-demand for regulatory requirements that do not allow multi-tenant virtualization
•
Reserved instances for steady state predictable usage

On-demand for ad-hoc requirements that cannot be interrupted•
Reserved instances for steady state predictable usage

Explanation
• Typical use cases for the pricing models listed are:
• On-demand: Good for users that want the low cost and flexibility of EC2 without any up-front payment or long-term commitment. Applications with short term, spiky, or unpredictable workloads that cannot be interrupted
• Reserved: Applications with steady state or predictable usage or that require reserved capacity
• Spot: Applications that have flexible start and end times and that are only feasible at very low compute prices. May be terminated
• Dedicated hosts: Useful for regulatory requirements that may not support multi-tenant virtualization. Great for licensing which does not support multi-tenancy or cloud deployments

Which type of connection should be used to connect an on-premises data center with the AWS cloud that is high speed, low latency and does not use the Internet?
•
IPSec VPN
•
AWS Managed VPN
•
VPC Endpoints
•
Direct Connect

Direct Connect

Explanation
• AWS Direct Connect is a network service that provides an alternative to using the Internet to connect a customer’s on premise sites to AWS. Data is transmitted through a private network connection between AWS and a customer’s datacenter or corporate network. Direct Connect is high bandwidth, and low latency
• The AWS Managed VPN (which is a type of IPSec VPN) is fast to setup but uses the public Internet and therefore latency is not as good and is unpredictable
• VPC endpoint enable private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies

Which of the following is an advantage of cloud computing compared to deploying your own infrastructure on-premise?
•
Ability to choose bespoke infrastructure configurations
•
Flexibility to choose your own hardware
•
Spend using a CAPEX model
•
Paying only for what you use

Paying only for what you use

Explanation
• With AWS you only pay for what you use. However, you cannot choose your own hardware/infrastructure and the payment model is operational (OPEX) not capital (CAPEX)

Which of the below are components that can be configured in the VPC section of the AWS management console? (choose 2)
•
EBS volumes
•
DNS records
•
Endpoints
•
Subnet
•
Elastic Load Balancer

Endpoints
•
Subnet

Explanation
• You can have configured subnets and endpoints within the VPC section of AWS management console
• EBS volumes and ELB must be configured in the EC2 section of the AWS management console
• DNS records must be configured in Amazon Route 53

Which of the advantages of cloud listed below is most closely addressed by the capabilities of AWS Auto Scaling?
•
Stop guessing about capacity
•
Go global in minutes
•
Stop spending money running and maintaining data centers
•
Benefit from massive economies of scale

Stop guessing about capacity

Explanation
• AWS Auto Scaling helps you to adapt to the demand for you application and scale up and down as needed. This means you don’t have to guess capacity upfront as you can provision what you need and allows Auto Scaling to manage the scaling

Which of the options below are recommendations in the reliability pillar of the well-architected framework? (choose 2)
•
Manually recover from failure
•
Scale vertically using big systems
•
Stop guessing about capacity
•
Test recovery procedures
•
Manage change in manual processes

Stop guessing about capacity
•
Test recovery procedures

Explanation
• The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues
• There are five design principles for reliability in the cloud:
• – Test recovery procedures
• – Automatically recover from failure
• – Scale horizontally to increase aggregate system availability
• – Stop guessing capacity
• – Manage change in automation

Where can resources be launched when configuring AWS Auto Scaling?
•
A single subnet
•
Multiple VPCs
•
Multiple AZs within a region
•
Multiple AZs and multiple regions

Multiple AZs within a region

Explanation
• AWS Auto Scaling is configured within the EC2 console and can launch instances within a VPC across multiple AZs. It cannot launch resources into another region

Which Amazon EC2 feature provides a static IPv4 public IP address that does not change when the instance is rebooted?
•
Elastic Network
•
Static IP
•
Dynamic IP
•
Elastic IP

Elastic IP

Explanation
• An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. Elastic IP addresses do not change when the instance is rebooted and can be moved between instances as required
• All other answers are bogus

Which services can be used for asynchronous integration between application components? (choose 2)
•
Amazon SQS
•
AWS CloudFormation
•
AWS Route 53
•
Amazon EC2 Auto Scaling
•
Amazon Step Functions

Amazon SQS ,Amazon Step Functions

Explanation
Asynchronous integration is a form of loose coupling between services. This model is suitable for any interaction that does not need an immediate response and where an acknowledgement that a request has been registered will suffice.
Amazon Simple Queue Service (SQS) and Amazon Step Functions both provide asynchronous integration. SQS provides a durable message bus and Step Functions is an orchestrated workflow service.
Amazon EC2 Auto Scaling helps with horizontal scaling of your EC2 instances. This is not an example of asynchronous integration.
AWS CloudFormation automates the deployment of infrastructure based on templates.
AWS Route 53 is a DNS service that resolves domain names to IP addresses.

Which AWS service uses a highly secure hardware storage device to store encryption keys?
•
Amazon Cloud Directory
•
AWS WAF
•
AWS CloudHSM
•
AWS IAM

AWS CloudHSM

Explanation
• AWS CloudHSM is a cloud-based hardware security module (HSM) that allows you to easily add secure key storage and high-performance crypto operations to your AWS applications
• Amazon Cloud Directory enables you to build flexible cloud-native directories for organizing hierarchies of data along multiple dimensions
• AWS WAF is a web application firewall that helps protect your web applications from common web exploits
• AWS Identity and Access Management (IAM) is used for managing users, groups, and roles in AWS

What are the fundamental charges for an Amazon EC2 instance? (choose 2)
•
Private IP address
•
Basic monitoring
•
Your own AMIs
•
Data storage
•
Server uptime

Data storage
•
Server uptime

Explanation
When using EC2 instances you are charged for the server uptime of the instance based on the family and type you chose. You are also charged for the amount of data provisioned.
Basic monitoring is free for EC2, detailed monitoring is charged.
Amazon Machine Images (AMIs) are not chargeable. You can purchase chargeable AMIs via the marketplace but you are not charged for any you create.
You do not pay for private IP addresses.

What are two components of Amazon S3? (choose 2)
•
Objects
•
Buckets
•
Block devices
•
File systems
•
Directories

Objects
•
Buckets

Explanation
• Amazon S3 is an object-based storage system that is accessed using a RESTful API over HTTP(S). It consists of buckets, which are root level folders, and objects, which are the files, images etc. that you upload
• The terms directory, file system and block device do not apply to S3

An organization has multiple AWS accounts and uses a mixture of on-demand and reserved instances. One account has a considerable amount of unused reserved instances. How can the organization reduce their costs? (choose 2)
•
Switch to using placement groups
•
Redeem their reserved instances
•
Setup consolidated billing between the accounts
•
Use Spot instances instead
•
Create an AWS Organization configuration linking the accounts

Setup consolidated billing between the accounts , Create an AWS Organization configuration linking the accounts

Explanation
• AWS organizations allow you to consolidate multiple AWS accounts into an organization that you create and centrally manage. Unused reserved instances (RIs) for EC2 are applied across the group so the organization can utilize their unused reserved instance instead of consuming on-demand instances which will lower their costs
• You cannot redeem your reserved instances. You can sell them on the AWS marketplace however
• Using placement groups will not lower their costs
• Spot instance pricing is variable so it is not guaranteed to lower the cost and it is not suitable for workloads that cannot be unexpectedly terminated by AWS

What are the fundamental charges for Elastic Block Store (EBS) volumes? (choose 2)
•
The amount of data storage provisioned
•
The amount of data storage consumed
•
Inbound data transfer
•
Provisioned IOPS
•
Number of snapshots

The amount of data storage provisioned , Provisioned IOPS

Explanation
• With EBS volumes you are charged for the amount of data provisioned (not consumed) per month. This means you can have empty space within a volume and you still pay for it
• With provisioned IOPS volumes you are also charged for the amount you provision in IOPS
• You pay for the storage consumed by snapshots, not by the number of snapshots

Pages: 1 2 3

Cloud Education Courses

AWS Certified Cloud Practitioner- Q & A-Part 3

Tutorial Contents