AWS Practice Test
If you deploy your workloads over different Availability Zones in AWS and use Amazon RDS Multi-AZ, which of the following cloud architectural principles are followed?
AWS Artifact is your go—to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports
and select online agreements. Reports available in AWS Artifact include our Service
Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and
certifications from accreditation bodies across geographies and compliance verticals that
validate the implementation and operating effectiveness of AWS security controls.
Agreements available in AWS Artifact include the Business Associate Addendum (BAA)
and the Nondisclosure Agreement (NDA).
Which AWS service should you use to centrally manage rules and billing across different accounts?
AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Whether you are a growing startup or a large enterprise, Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts.
Using AWS Organizations, you can automate account creation, create groups of accounts to reflect your business needs, and apply policies for these groups for governance. You can also simplify billing by setting up a single payment method for all of your AWS accounts. Through integrations with other AWS services, you can use Organizations to define central configurations and resource sharing across accounts in your organization. AWS Organizations is available to all AWS customers at no additional charge.
An international bank intends to move some of its on-premises online programs to Amazon Web Services (AWS). Which of the following is a benefit of adopting Amazon Web Services (AWS) instead of virtualized data centers?
AWS helps customers reduce large capital investments with lower variable costs. AWS also gives customers the opportunity to work on their own terms without long—term lock-in, reducing the risks from unplanned capacity and demand. AWS helps finance teams plan and forecast more effectively, while giving lT teams the capacity and resources they need, even during peak periods.
To design a highly available architecture, choose the minimal number of Availability Zones for your Application Load Balancer.
A load balancer serves as the single point of contact for clients. Clients send requests to the load balancer, and the load balancer sends them to targets, such as EC2 instances, in two or more Availability Zones. At the very minimum, you have to select at least two Availability Zones from your VPC. To configure your load balancer, you have to create target groups and then register targets with your target groups. You also create listeners to check for connection requests from clients, and listener rules to route requests from clients to the targets in one or more target groups.
Hence, the correct answer is 2 Availability Zones.
A corporation intends to use AWS to implement a hybrid cloud architecture. Which of the following methods may they use to estimate their costs? (Choose TWO)
The AWS Total Cost of Ownership (T CO) Calculator allows you to estimate the cost savings when using AWS and provide a detailed set of reports that can be used in executive presentations. The calculators also give you the option to modify assumptions that best meet your business needs.
To estimate a bill, use the AWS Simple Monthly Calculator. You can enter your planned resources by service, and the Simple Monthly Calculator provides an estimated cost per month. The AWS Simple Monthly Calculator is an easy-to-use online tool that enables you to estimate the monthly cost of AWS services for your use case based on your expected usage. It is continuously updated with the latest pricing for all AWS services in all Regions.
Which of the following can analyze your AWS setup and give recommendations for cost savings, improved system performance and reliability, or security gaps?
AWS Trusted Advisor is an online tool that provides you real-time guidance to help you rovision your resources following AWS best practices. It inspects your AWS environment and makes recommendations for saving money, improving system performance and reliability, or closing security gaps.
Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally.
Trusted Advisor includes an ever-expanding list of checks in the following five categories: Cost Optimization - recommendations that can potentially save you money by highlighting unused resources and opportunities to reduce your bill.
Security - identification of security settings that could make your AWS solution less secure.
Fault Tolerance - recommendations that help increase the resiliency of your AWS solution by highlighting redundancy shortfalls, current service limits, and over-utilized resources. Performance - recommendations that can help to improve the speed and responsiveness of your applications.
Service Limits - recommendations that will tell you when service usage is more than 80% of the service limit.
Which of the following statements about the AWS Global Infrastructure components is correct?
AWS provides a more extensive global footprint than any other cloud provider, and it opens up new Regions faster than other providers. To support its global footprint and ensure customers are served across the world, AWS maintains multiple geographic regions, including Regions in North America, South America, Europe, Asia Pacific, and the Middle East.
Each AWS Region provides full redundancy and connectivity to the network. Unlike other cloud providers, who define a region as a single data center, at AWS Regions consist of multiple Availability Zones, each of which is a fully isolated partition of the AWS infrastructure that consists of discrete data centers, each with redundant power, networking, and connectivity, and each housed in separate facilities.
An Availability Zone gives customers the ability to operate production applications and databases that are more highly available, fault-tolerant, and scalable than would be possible from a single data center. All AZs are interconnected with high-bandwidth, low- latency networking, over fully redundant, dedicated metro fiber providing high-throughput, low-latency networking between A23. The network performance is sufficient to accomplish synchronous replication between AZs.
Which service should you choose if you need to establish a custom self-hosted database that needs to be shut down every night to save money?
Amazon EBS provides durable, block-level storage volumes that you can attach to a running instance. You can use Amazon EBS as a primary storage device for data that requires frequent and granular updates. For example, Amazon EBS is the recommended storage option when you run a database on an instance.
An EBS volume behaves like a raw, unformatted, external block device that you can attach to a single instance. The volume persists independently from the running life of an instance. After an EBS volume is attached to an instance, you can use it like any other physical hard drive. As illustrated in the figure, multiple volumes can be attached to an instance. You can also detach an EBS volume from one instance and attach it to another instance. You can dynamically change the configuration of a volume attached to an instance. EBS volumes can also be created as encrypted volumes using the Amazon EBS encryption feature.
Which of the following companies offers a set of services to assist you in achieving specified business results linked to enterprise cloud adoption through paid engagements in a variety of specialty practice areas?
AWS Professional Services shares a collection of offerings to help you achieve specific outcomes related to enterprise cloud adoption. Each offering delivers a set of activities, best practices, and documentation reflecting our experience supporting hundreds of customers in theirjourney to the AWS Cloud. AWS Professional Services’ offerings use a unique methodology based on Amazon's internal best practices to help you complete projects faster and more reliably while accounting for evolving expectations and dynamic team structures along the way.
AWS Professional Services created the AWS Cloud Adoption Framework (AWS CAF) to help organizations design and travel an accelerated path to successful cloud adoption. The guidance and best practices provided by the framework help you build a comprehensive approach to cloud computing across your organization, and throughout your IT lifecycle. Using the AWS CAF helps you realize measurable business benefits from cloud adoption faster and with less risk.
You need to host a new Microsoft SQL Server database for a current project. Should you use two AWS services to achieve this requirement?
Amazon Web Services offers you the flexibility to run Microsoft SQL Server for as much or as little time as you need and select from a number of versions and editions. SQL Server on Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Block Store (Amazon EBS) gives you complete control over every setting, just like when it's installed on-premises. Amazon Relational Database Service (Amazon RDS) is a fully managed service that takes care of all the maintenance, backups, and patching for you.
Which of the following Amazon EC2 instance purchasing choices allows you to leverage your existing server-bound software licenses to help you meet compliance requirements and save money?
An Amazon E02 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses. Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses, including Microsoft Windows Server, Microsoft SQL Server, SUSE Linux Enterprise Server, Red Hat Enterprise Linux, or other software licenses that are bound to VMs, sockets, or physical cores, subject to your license terms.
You can use Dedicated Hosts and Dedicated instances to launch Amazon EC2 instances on physical servers that are dedicated to your use. An important difference between a Dedicated Host and a Dedicated instance is that a Dedicated Host gives you additional visibility and control over how instances are placed on a physical server, and you can consistently deploy your instances to the same physical server over time. As a result, Dedicated Hosts enable you to use your existing server-bound software licenses and address corporate compliance and regulatory requirements.
The following table highlights the key similarities and differences in the features available to you when using Dedicated Hosts and Dedicated Instances:
You have the option to launch instances onto a specific Dedicated Host, or you can let Amazon E02 place the instances automatically. Controlling instance placement allows you to deploy applications to address licensing, corporate compliance, and regulatory requirements.
Select any options that you want to utilize to strengthen the security of your IAM users.
You can improve the security of your Identity and Access Management (IAM) users by applying the following IAM best practices:
Rotate credentials regularly: Change your own passwords and access keys regularly, and make sure that all IAM users in your account do as well. That way, if a password or access key is compromised without your knowledge, you limit how long the credentials can be used to access your resources. You can apply a password policy to your account to require all your IAM users to rotate their passwords. You can also choose how often they must do so.
Configure a strong password policy for your users: If you allow users to change their own passwords, require that they create strong passwords and that they rotate their passwords periodically. On the Account Settings page of the IAM console, you can create a password policy for your account. You can use the password policy to define password requirements, such as minimum length, whether it requires non-alphabetic characters, how frequently it must be rotated, and so on.
Enable MFA: For extra security, we recommend that you require multi—factor authentication (MFA) for all users in your account. With MFA, users have a device that generates a response to an authentication challenge. Both the user's credentials and the device- generated response are required to complete the sign-in process. If a user's password or access keys are compromised, your account resources are still secure because of the additional authentication requirement.
Which service keeps track of all actions made through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services?
AWS CloudTrail is a service that enables governance, compliance, operational auditing,
and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor,
and retain account activity related to actions across your AWS infrastructure. CloudTrail
provides event history of your AWS account activity, including actions taken through the
AWS Management Console, AWS SDKs, command-line tools, and other AWS services. This
event history simplifies security analysis, resource change tracking, and troubleshooting.
With AWS CloudTrail, you can simplify your compliance audits by automatically recording and storing event logs for actions made within your AWS account. Integration with Amazon CloudWatch Logs provides a convenient way to search through log data, identify out-of—compliance events, accelerate incident investigations, and expedite responses to auditor requests.
It also increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.
You're creating a new cloud architecture in AWS for a mission-critical application that requires high availability. Which of the following patterns should be used to fulfill this requirement?
At AWS, Availability Zones are the core of their infrastructure architecture and they form the foundation of AWS's and customers’ reliability and operations. Availability Zones are designed for physical redundancy and provide resilience, enabling uninterrupted performance, even in the event of power outages, Internet downtime, floods, and other natural disasters.
Amazon E02 is hosted in multiple locations worldwide. These locations are composed of Regions and Availability Zones. Each Region is a separate geographic area. Each Region has multiple, isolated locations known as Availability Zones. Amazon EC2 provides you the ability to place resources, such as instances, and data in multiple locations. Resources aren't replicated across AWS Regions unless you do so specifically.
Amazon operates state-of-the-art, highly-available data centers. Although rare, failures can occur that affect the availability of instances that are in the same location. If you host all your instances in a single location that is affected by such a failure, none of your instances would be available
For their application, a FANG company is currently using an On-Demand E02 instance, which they aim to convert to a Reserved E02 instance to save money. If the application being hosted will be used for more than three years, which of the following is the most cost-effective option?
All Upfront option: You pay for the entire Reserved Instance term with one upfront payment. This option provides you with the largest discount compared to On-Demand instance pricing.
Partial Upfront option: You make a low upfront payment and are then charged a discounted hourly rate for the instance for the duration of the Reserved Instance term. No Upfront option: Does not require any upfront payment and provides a discounted hourly rate for the duration of the term.
Which of the following options below is solely the responsibility of the client under the AWS shared responsibility model?
Correct Answer Zone Security
A company wants to launch a new system on AWS, but they don't have anyone on staff with AWS experience. Which of the following can assist the business in designing, architecting, building, migrating, and managing workloads and applications on AWS?
The AWS Partner Network (APN) is focused on helping partners build successful AWS- based businesses to drive superb customer experiences. This is accomplished by developing a global ecosystem of Partners with specialties unique to each customer’s needs.
There are two types of APN Partners:
1. APN Consulting Partners
2. APN Technology Partners
APN Consulting Partners are professional services firms that help customers of all sizes design, architect, migrate, or build new applications on AWS. Consulting Partners include System Integrators (Sls), Strategic Consultancies, Resellers, Digital Agencies, Managed Service Providers (MSPs), and Value-Added Resellers (VARs).
APN Technology Partners provide software solutions that are either hosted on, or integrated with, the AWS platform. Technology Partners include Independent Software Vendors (ISVs), SaaS, PaaS, developer tools, management and security vendors.
Which Amazon Web Services (AWS) services can be used to host virtual servers?
Amazon Elastic Compute Cloud forms a central part of Amazons cloud-computing platform, Amazon Web Services, by allowing users to rent virtual computers on which to run their own computer applications.
A) is wrong because EBS (Elastic Block Storage) is used for block storage. N.b. EBS is often used to host a virtual server.
B) is wrong because AWS CloudWatch is used for monitoring and managing virtual servers.
C) is correct because EC2 (Elastic Cloud Compute) is used to run virtual machines.
D) is wrong because S3 (Simple Storage Service) is used to store files.
Your boss has given you the task of building a system that is made up of several interconnected microservices. Which AWS product do you think you'd utilize to encourage loose coupling between them?
Amazon Simple Que Service is one the oldest services provided by AWS. It is a fully managed message queuing service that can be used to decouple services.
A) is correct because S3 (Simple Queue Service) is used to send messages between discrete components.
B) is wrong because AWS IAM is used for user management and role access.
C) is wrong because Bean Stalk is used for developers to host programs with minimal setup.
D) is wrong because CloudTrail is used for auditing, compliance and governance of your AWS count.
What service would you recommend if I wanted to run a relational database on Amazon Web Services while leaving the operating system to Amazon?
Amazon RDS (Relational Database Service) is a service Amazon provides to host and manage relational databases. They support many of the popular database choices including Oracle, MySQL, MSSQL and Aurora. This service manages the underlying hardware and the operating systems for the DBs.
A) is wrong because EC2 (Elastic Cloud Compute) is used to run virtual machines.
B) is correct because AWS RDS is an Amazon hosted database provider.
C) is wrong because DynamoDB is a NoSQL database solution.
D) is wrong because RedShift is used as a data warehouse for analytics.
Which instance type would be the best fit for your company's needs to host certain servers for a four-month period?
There are different plans available when using Elastic Cloud Compute. Depending on how often and how frequent you require your hosts compute resource to be you can choose an appropriate plan.
On Demand instance in this case is the most appropriate.
A) is wrong because spot instances are not suitable because they are not continual
B) is wrong again because it’s for plans between 1 – 3 years.
C) is correct because of the short amount of time the instance is required for.
D) is wrong because this applies to plans apply for between 1 – 3 years
In terms of AWS and its users, what is the shared responsibility modal?
The shared responsibility model states that the stack ownership is split between AWS and their customers. While AWS is responsible for the global infrastructure, compute, storage and networking. The customers are responsible for data protection, encryption, platforms and identity access.
A) is wrong because AWS is responsible for this
B) is the correct surmised definition of the shared responsibility model.
C) is wrong because the customer is expected to maintain this.
D) is wrong this is the responsibility of the customer
What service would you recommend if I wanted to host a relational database on AWS while keeping as much control as possible over the database's hosting?
Amazon RDS (Relational Database Service) is a service Amazon provides to host and manage relational databases. They support many of the popular database choices including Oracle, MySQL, MSSQL and Aurora. This service manages the underlying hardware and the operating systems for the dBs’
A) is correct because EC2 (Elastic Cloud Compute) can host a Virtual Machine which the client can install a database server on.
B) is wrong because AWS RDS is an Amazon hosted database provider.
C) is wrong because DynamoDB is a NoSQL database solution.
D) is wrong because RedShift is used as a data warehouse for analytics.
Which service is best for Java,.Net, Docker, Python, and Node.js developers who want to quickly deploy their code to the cloud?
AWS Elastic Bean Stalk lets developers quickly deploy their code to the cloud with minimal fuss. This solution is designed to scale as demand grows. A) is wrong because DynamoDB is a NoSQL database solution.
B) is wrong because AWS RDS is an Amazon hosted database provider.
C) is wrong because EC2 (Elastic Cloud Compute) can host a Virtual Machine which the client can install a database server on.
D) is correct Bean Stalk takes out much of the configuration required to deploy an application.
What AWS service could you utilize to help protect your production system from DoS attacks?
AWS Shield is a service specifically designed to protect against denial of service attacks DOS. It is used in collaboration with Route53 and CloudFront to mitigate DOS attacks.
A) is wrong because IAM is user management
B) is correct, see the answer paragraph above
C) is wrong because cloud trail tracks API usage.
D) is wrong multi factor authentication is related to IAM