AWS Cloud Practitioner Exam Preparation-1
1.
Which AWS service or feature can be used
to restrict the individual API actions that users and roles in each member
account can access?
a.
Amazon Macie
b.
AWS organizations
c.
AWS shield
d.
AWS IAM
Correct answer
AWS Organizations
Explanatin:
AWS Organizations offers Service control policies
(SCPs) which are a type of organization policy that you can use to manage
permissions in your organization. SCPs offer central control over the maximum
available permissions (API actions) for all accounts in your organization. SCPs
help you to ensure your accounts stay within your organization’s access control
guidelines. SCPs are available only in an organization that has all
features enabled.
CORRECT: "AWS
Organizations" is the correct answer.
INCORRECT: "Amazon
Macie" is incorrect. Amazon Macie is a fully managed data security and
data privacy service that uses machine learning and pattern matching to
discover and protect your sensitive data in AWS
INCORRECT: "AWS
Shield" is incorrect. AWS Shield a service that protects workloads against
distributed denial of service (DDoS) attacks.
INCORRECT: "AWS IAM"
is incorrect. AWS IAM is used for assigning permissions but SCPs in AWS
Organizations are used to control which API actions are allowed in an account.
You need to be granted permission in IAM and have the API allowed to be able to
use the API successfully.
2.
A user has an AWS account with a
Business-level AWS Support plan and needs assistance with handling a production
service disruption.
Which action should the user take?
·
Contact the dedicated Technical Account Manager
·
Contact the dedicated AWS Concierge Support team
·
Open a business-critical system down support
case
·
Open a production system down support case
Correct answer
Open a production system down support case
Explanation:
The Business support plan provides a service level
agreement (SLA) of < 1 hour for production system down support cases.
CORRECT: "Open a
production system down support case" is the correct answer.
INCORRECT: "Contact the
dedicated Technical Account Manager" is incorrect. The dedicated TAM only
comes with the Enterprise support plan.
INCORRECT: "Contact the
dedicated AWS Concierge Support team" is incorrect. The concierge support
team only comes with the Enterprise support plan.
INCORRECT: "Open a
business-critical system down support case" is incorrect. The
business-critical system down support only comes with the Enterprise support
plan.
References:
https://aws.amazon.com/premiumsupport/plans/
Save time with our AWS cheat sheets:
https://digitalcloud.training/aws-billing-and-pricing/
3.
A manager is planning to migrate
applications to the AWS Cloud and needs to obtain AWS compliance reports.
How can these reports be generated?
·
Download the reports from AWS Secrets Manager.
·
Contact the AWS Compliance team.
·
Create a support ticket with AWS Support.
·
Download the reports from AWS Artifact.
Correct answer
Download the reports from AWS Artifact.
Feedback
Explanation:
AWS Artifact is your go-to, central resource for
compliance-related information that matters to you. It provides on-demand
access to AWS’ security and compliance reports and select online agreements.
Reports available in AWS Artifact include Service
Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and
certifications from accreditation bodies across geographies and compliance
verticals that validate the implementation and operating effectiveness of AWS
security controls.
Agreements available in AWS Artifact include the
Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).
CORRECT: "Download the
reports from AWS Artifact" is the correct answer.
INCORRECT: "Contact the
AWS Compliance team" is incorrect. You do not need to contact anyone at
AWS, you can simply download this information.
INCORRECT: "Download the
reports from AWS Secrets Manager" is incorrect. AWS Secrets Manager is
used for storing secrets such as database authentication credentials or license
codes. It is not used for storing compliance reports.
INCORRECT: "Create a
support ticket with AWS Support" is incorrect. You do not need to contact
anyone at AWS, you can simply download this information.
References:
https://aws.amazon.com/artifact/
Save time with our AWS cheat sheets:
https://digitalcloud.training/aws-security-services/
4.
Which task can a user complete using the
AWS Cost Management tools?
·
Delete all of your AWS resources with a single
click.
·
Create budgets and receive notifications if
current or forecasted usage exceeds the budgets.
·
Launch either EC2 Spot instances or On-Demand
instances based on the current pricing.
·
Move data stored in Amazon S3 Standard to an
archiving storage class to reduce cost.
Correct answer
Create budgets and receive notifications if current or
forecasted usage exceeds the budgets.
Explanation:
The AWS Cost Management tools includes services, tools,
and resources to organize and track cost and usage data, enhance control
through consolidated billing and access permissions, enable better planning
through budgeting and forecasts, and further lower costs with resources and
pricing optimizations.
CORRECT: "Create budgets
and receive notifications if current or forecasted usage exceeds the
budgets" is also a correct answer.
INCORRECT: "Delete all of
your AWS resources with a single click” is incorrect. This can be done using
third party tools, but not natively through the console.
INCORRECT: "Launch either
EC2 Spot instances or On-Demand instances based on the current pricing" is
incorrect. The cost management tools do not integrate with the tools used to
launch EC2 instances and cannot choose the best pricing plan.
INCORRECT: "Move data
stored in Amazon S3 Standard to an archiving storage class to reduce cost"
is incorrect. This is performed using lifecycle management in Amazon S3, it is
not a task performed by cost management tools.
References:
https://aws.amazon.com/aws-cost-management/
Save time with our exam-specific cheat
sheets:
5.
AWS are able to continue to reduce their
pricing due to:
·
Pay-as-you go pricing
·
The AWS global infrastructure
·
Economies of scale
·
Reserved instance pricing
Correct answer
Economies of scale
Feedback
Explanation:
By using cloud computing, you can achieve a lower
variable cost than you can get on your own. Because usage from hundreds of
thousands of customers is aggregated in the cloud, providers such as AWS can
achieve higher economies of scale, which translates into lower pay as-you-go
prices.
CORRECT: "Economies of
scale" is the correct answer.
INCORRECT: "The AWS
global infrastructure" is incorrect. The global infrastructure is the
basis of the AWS platform but it is not the reason prices continue to reduce.
INCORRECT: "Pay-as-you go
pricing" is incorrect. This pricing model is a benefit but not the reason
unit prices are reducing.
INCORRECT: "Reserved
instance pricing" is incorrect. This pricing model results in savings for
customers in specific areas but not the reason for the overall reduction in
prices.
References:
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html
Save time with our AWS cheat sheets:
https://digitalcloud.training/aws-cloud-computing-concepts/
6.
According to the shared responsibility
model, which security-related task is the responsibility of the customer?
·
Maintaining server-side encryption.
·
Securing servers and racks at AWS data centers.
·
Maintaining firewall configurations at a
hardware level.
·
Maintaining physical networking configuration.
Correct answer
Maintaining server-side
encryption.
Explanation:
All client-side and server-side
encryption is a responsibility of the customer using the AWS Cloud. This can be
clearly seen in the shared responsibility model infographic below:
CORRECT: "Maintaining
server-side encryption" is the correct answer.
INCORRECT: "Securing servers
and racks at AWS data centers" is incorrect. This is an AWS
responsibility.
INCORRECT: "Maintaining
firewall configurations at a hardware level" is incorrect. This is an AWS
responsibility.
INCORRECT: "Maintaining
physical networking configuration" is incorrect. This is an AWS
responsibility.
References:
https://aws.amazon.com/compliance/shared-responsibility-model/
Save time with our AWS cheat
sheets:
https://digitalcloud.training/aws-shared-responsibility-model/
7.
Under the AWS shared responsibility
model, which of the following is an example of security in the AWS Cloud?
·
Managing edge locations
·
Physical security
·
Firewall configuration
·
Global infrastructure
Correct answer
Firewall configuration
Explanation:
Firewall configuration is an
example of “security in the cloud”. This is the customer’s responsibility, not
an AWS responsibility.
CORRECT: "Firewall
configuration" is the correct answer.
INCORRECT: "Managing edge
locations" is incorrect. This is an example of “security of the cloud” and
is an AWS responsibility.
INCORRECT: "Physical
security" is incorrect. This is an example of “security of the cloud” and
is an AWS responsibility.
INCORRECT: "Global
infrastructure" is incorrect. This is an example of “security of the
cloud” and is an AWS responsibility.
8.
Which of the following statements is
correct about Amazon S3 cross-region replication?
·
Both source and destination S3 buckets must have
versioning disabled
·
The source and destination S3 buckets cannot be
in different AWS Regions
·
S3 buckets configured for cross-region
replication can be owned by a single AWS account or by different accounts
·
The source S3 bucket owner must have the source
and destination AWS Regions disabled for their account
Correct answer
S3 buckets configured
for cross-region replication can be owned by a single AWS account or by
different accounts
Explanation:
Replication enables automatic, asynchronous copying of objects across
Amazon S3 buckets. Buckets that are configured for object replication can be
owned by the same AWS account or by different accounts. You can copy objects
between different AWS Regions or within the same Region.
Both source and destination buckets must have versioning enabled. The
source bucket owner must have the source and destination AWS Regions enabled
for their account. The destination bucket owner must have the destination
Region-enabled for their account.
CORRECT: "S3 buckets configured for cross-region replication can be owned by a
single AWS account or by different accounts" is the correct answer.
INCORRECT: "Both source and destination S3 buckets must have versioning
disabled" is incorrect as explained above.
INCORRECT: "The source and destination S3 buckets cannot be in different AWS
Regions" is incorrect as explained above.
INCORRECT: "The source S3 bucket owner must have the source and destination
AWS Regions disabled for their account" is incorrect as explained above.
References:
https://docs.aws.amazon.com/AmazonS3/latest/dev/replication.html
Save time with our
AWS cheat sheets:
https://digitalcloud.training/aws-storage-services/
9.
A Cloud Practitioner is re-architecting a
monolithic application. Which design principles for cloud architecture do AWS
recommend? (Select TWO.)
·
Implement manual scalability.
·
Implement loose coupling.
·
Use self-managed servers.
·
Rely on individual components.
·
Design for scalability.
Correct answers
- Implement loose coupling.
- Design for scalability.
Explanation:
Dependencies such as queuing
systems, streaming systems, workflows, and load balancers are loosely coupled.
Loose coupling helps isolate behavior of a component from other components that
depend on it, increasing resiliency and agility
AWS recommend that you architect
applications that scale horizontally to increase aggregate workload
availability. This scaling should be automatic where possible.
CORRECT: "Implement
loose coupling" is a correct answer.
CORRECT: "Design for
scalability" is also a correct answer.
INCORRECT: "Implement
manual scalability" is incorrect. AWS do not recommend manual processes.
Everything should be automated as much as possible.
INCORRECT: "Use
self-managed servers" is incorrect. AWS do not recommend using
self-managed servers. They do recommend using serverless services if you can.
INCORRECT: "Rely on
individual components" is incorrect. This is not a best practice; you
should never rely on individual components. It is better to build redundancy
into the system so the failure of an individual component does not affect the
functioning of the application.
References:
https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/
Save time with our AWS cheat
sheets:
https://digitalcloud.training/architecting-for-the-cloud/
10.
A company needs protection from
distributed denial of service (DDoS) attacks on its website and assistance from
AWS experts during such events.
Which AWS managed service will meet these requirements?
·
AWS Shield Advanced
·
AWS Firewall Manager
·
AWS Web Application Firewall
·
Amazon GuardDuty
Correct answer
AWS Shield Advanced
Explanation:
·
AWS Shield Advanced provides enhanced detection and includes a
specialized support team for customers on Enterprise or Business support plans.
The AWS DDoS Response Team (DRT) are available 24/7 and can be engaged before,
during, or after a DDoS attack.
·
CORRECT: "AWS Shield Advanced" is the
correct answer.
·
INCORRECT: "AWS Firewall Manager" is
incorrect. This service is used to simplify management of AWS WAF, AWS Shield
Advanced, and Amazon VPC security groups.
·
INCORRECT: "AWS Web Application
Firewall" is incorrect. AWS WAF is used for protecting web applications
and APIs against malicious attacks. This is not a DDoS prevention service.
·
INCORRECT: "Amazon GuardDuty" is
incorrect. This service is used for continuously monitoring AWS resources for
threats. It is not a DDoS prevention service, it uses machine learning and
anomaly detection to identify security vulnerabilities in resources.
References:
https://aws.amazon.com/shield/getting-started/
Save time with our AWS cheat sheets:
https://digitalcloud.training/aws-security-services/
11.
A company has a website that delivers
static content from an Amazon S3 bucket to users from around the world. Which
AWS service will deliver the content with low latency?
·
AWS Lambda
·
Amazon CloudFront
·
AWS Elastic Beanstalk
·
AWS Global Accelerator
Correct answer
Amazon CloudFront
Explanation:
·
Amazon CloudFront is a content delivery network (CDN) and can use an
Amazon S3 bucket configured as a static website as an origin for the content is
caches globally. CloudFront reduces latency for global users by serving the
requested content from a local cache.
·
CORRECT: "Amazon CloudFront" is the
correct answer.
·
INCORRECT: "AWS Lambda" is incorrect.
Lambda is a serverless compute service that runs code in response to triggers.
·
INCORRECT: "AWS Elastic Beanstalk" is
incorrect. Elastic Beanstalk is a platform as a service offering that is used
to run applications on a managed platform.
·
INCORRECT: "AWS Global Accelerator" is
incorrect. Global Accelerator is used to direct traffic to application
endpoints in different Regions using the AWS global network. It does not cache
content and would not be used in front of an S3 bucket.
·
References:
https://aws.amazon.com/cloudfront/
Save time with our AWS cheat
sheets:
https://digitalcloud.training/aws-content-delivery-and-dns-services/
12.
A cloud practitioner needs to migrate a
70 TB of data from an on-premises data center into the AWS Cloud. The company
has a slow and unreliable internet connection.
Which AWS service can the cloud practitioner leverage to
transfer the data?
Amazon S3 Glacier
AWS Snowball
AWS Storage Gateway
AWS DataSync
Correct answer
AWS Snowball
Explanation:
AWS Snowball is a method of
transferring the data using a physical device. A Snowball Edge device can hold
up to 80 TB so a single device can be used. This transfer method completely
avoids the slow and unreliable internet connection.
CORRECT: "AWS
Snowball" is the correct answer.
INCORRECT: "Amazon S3
Glacier" is incorrect. Glacier is used for archiving data in the cloud.
INCORRECT: "AWS
Storage Gateway" is incorrect. Storage Gateway is a service that offers
options for connecting on-premises storage to the cloud.
INCORRECT: "AWS
DataSync" is incorrect. DataSync uses the internet to transfer data You
can utilize Snowcone but that only holds up to 8 TB per device.
References:
https://docs.aws.amazon.com/snowball/latest/developer-guide/specifications.html#specs-v3s-optimized
Save time with our AWS cheat
sheets:
https://digitalcloud.training/aws-storage-services/
13.
A company needs to publish messages to a
thousands of subscribers simultaneously using a push mechanism.
Which AWS service should the company use?
·
AWS Step Functions
·
Amazon Simple Workflow Service (SWF)
·
Amazon Simple Notification Service (Amazon SNS)
·
Amazon Simple Queue Service (Amazon SQS)
Correct answer
Amazon Simple Notification Service
(Amazon SNS)
Explanation:
·
Amazon SNS is a publisher/subscriber notification service that uses a
push mechanism to publish messages to multiple subscribers. Amazon SNS enables
you to send messages or notifications directly to users with SMS text messages
to over 200 countries, mobile push on Apple, Android, and other platforms or
email (SMTP).
·
CORRECT: "Amazon Simple Notification
Service (Amazon SNS)" is the correct answer.
·
INCORRECT: "Amazon Simple Queue Service
(Amazon SQS)" is incorrect. SQS is a message queue service used for
decoupling applications.
·
INCORRECT: "Amazon Simple Workflow Service
(SWF)" is incorrect. SWF is a workflow orchestration service, not a
messaging service.
·
INCORRECT: "AWS Step Functions" is
incorrect. AWS Step Functions is a serverless workflow orchestration service
for modern applications.
·
References:
Save time with our AWS cheat
sheets:
https://digitalcloud.training/aws-application-integration/
14.
The ability to horizontally scale Amazon
EC2 instances based on demand is an example of which concept?
·
Economy of scale
·
Elasticity
·
High availability
·
Agility
Correct answer
Elasticity
Explanation:
·
Elasticity is the ability to dynamically adjust the capacity of a service
or resource based on demand. Scaling can be vertical (e.g. increase instance
size) or horizontal (e.g. add more EC2 instances).
·
CORRECT: "Elasticity" is the correct
answer.
·
INCORRECT: "Economy of scale" is
incorrect. This refers to pricing benefits based on AWS purchasing large
amounts of resources.
·
INCORRECT: "High availability" is
incorrect. This is an example of resilience.
·
INCORRECT: "Agility" is incorrect.
This is an example of flexibility and speed of implementation.
References:
https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf
Save time with our AWS cheat
sheets:
https://digitalcloud.training/architecting-for-the-cloud/
15.
Which AWS Support plan provides access to
architectural and operational reviews, as well as 24/7 access to Cloud Support
Engineers through email, online chat, and phone?
·
Basic
·
Business
·
Developer
·
Enterprise
Explanation:
Only
the enterprise plan provides Well-Architected Reviews and Operational Reviews.
24/7 access to Cloud Support Engineers through email, online chat, and phone is
offered on the business and enterprise plans.
16.
How can a company separate costs for
storage, Amazon EC2, Amazon S3, and other AWS services by department?
·
Add department-specific tags to each resource
·
Create a separate VPC for each department
·
Create a separate AWS account for each
department
·
Use AWS Organizations
Correct answer
Add department-specific tags to each resource
Explanation:
·
A tag is a label that you or AWS assigns to an AWS resource. Each tag
consists of a key and a value. For each resource,
each tag key must be unique, and each tag key can have only one value.
·
You can use tags to organize your resources, and cost allocation tags to
track your AWS costs on a detailed level. After you activate cost allocation
tags, AWS uses the cost allocation tags to organize your resource costs on your
cost allocation report, to make it easier for you to categorize and track your
AWS costs.
·
·
AWS provides two types of cost allocation tags, an AWS generated
tags and user-defined tags. AWS defines, creates, and
applies the AWS generated tags for you, and you define, create, and apply
user-defined tags. You must activate both types of tags separately before they
can appear in Cost Explorer or on a cost allocation report.
·
CORRECT: "Add department-specific tags to
each resource" is the correct answer.
·
INCORRECT: "Create a separate VPC for each
department" is incorrect. This is unnecessary and would not help with
separating costs.
·
INCORRECT: "Create a separate AWS account
for each department" is incorrect. This is overly complex and unnecessary.
·
INCORRECT: "Use AWS Organizations" is
incorrect. Consolidated billing can separate bills by account but for
department based cost separation cost allocation tags should be used.
References:
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html
Save time with our AWS cheat sheets:
https://digitalcloud.training/aws-billing-and-pricing/
17.
Which of the following is an advantage
for a company running workloads in the AWS Cloud vs on-premises? (Select TWO.)
·
Less staff time is required to launch new
workloads.
·
Increased time to market for new application
features.
·
Higher acquisition costs to support elastic
workloads.
·
Lower overall utilization of server and storage
systems.
·
Increased productivity for application
development teams.
Correct answers
- Less staff time is required to launch new workloads.
- Increased productivity for application development
teams.
Explanation:
Using AWS cloud services can help
development teams to be more productive as they spend less time working on the
infrastructure layer as it is provided for them. This additionally means
launching new workloads requires less time as you can automate the implementation
of the application and there is no underlying hardware layer to configure.
CORRECT: "Less staff
time is required to launch new workloads" is a correct answer.
CORRECT: "Increased
productivity for application development teams" is also a correct answer.
INCORRECT: "Increased
time to market for new application features" is incorrect. AWS services
should decrease time to market, not increase time.
INCORRECT: "Higher
acquisition costs to support elastic workloads" is incorrect. The
acquisition costs should be lower, not higher.
INCORRECT: "Lower
overall utilization of server and storage systems" is incorrect. This is
not a benefit of moving to the cloud.
References:
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html
Save time with our AWS cheat
sheets:
https://digitalcloud.training/aws-cloud-computing-concepts/
18.
A Cloud Practitioner requires
point-in-time recovery (PITR) for an Amazon DynamoDB table. Who is responsible
for configuring and performing backups?
·
AWS is responsible for both tasks.
·
The customer is responsible for configuring and
AWS is responsible for performing backups.
·
The customer is responsible for both tasks.
·
AWS is responsible for configuring and the user
is responsible for performing backups.
Correct answer
The customer is responsible for
configuring and AWS is responsible for performing backups.
Explanation:
·
Point-in-time recovery (PITR) provides continuous backups of your
DynamoDB table data. When enabled, DynamoDB maintains incremental backups of
your table for the last 35 days until you explicitly turn it off. It is a
customer responsibility to enable PITR on and AWS is responsible for actually
performing the backups.
·
CORRECT: "The customer is responsible for
configuring and AWS is responsible for performing backups" is the correct
answer.
·
INCORRECT: "AWS is responsible for
configuring and the user is responsible for performing backups" is
incorrect. This is backwards, users are responsible for configuring and AWS is
responsible for performing backups.
·
INCORRECT: "AWS is responsible for both
tasks" is incorrect. This is not true as users must configure PITR.
·
INCORRECT: "The customer is responsible for
both tasks" is incorrect. This is not true, AWS perform the backups.
References:
Save time with our AWS cheat
sheets:
https://digitalcloud.training/aws-database-services/
19.
Which AWS services can be used as
infrastructure automation tools? (Select TWO.)
·
AWS CloudFormation
·
Amazon CloudFront
·
AWS Batch
·
AWS OpsWorks
·
Amazon QuickSight
Correct answers
- AWS CloudFormation
- AWS OpsWorks
Explanation:
AWS CloudFormation provides a
common language for you to model and provision AWS and third party application
resources in your cloud environment. AWS CloudFormation allows you to use
programming languages or a simple text file to model and provision, in an
automated and secure manner, all the resources needed for your applications
across all regions and accounts.
AWS OpsWorks is a configuration
management service that provides managed instances of Chef and Puppet. Chef and
Puppet are automation platforms that allow you to use code to automate the
configurations of your servers. OpsWorks lets you use Chef and Puppet to
automate how servers are configured, deployed, and managed across your Amazon EC2 instances
or on-premises compute environments.
CORRECT: "AWS
CloudFormation" is a correct answer.
CORRECT: "AWS
OpsWorks" is also a correct answer.
INCORRECT: "Amazon
CloudFront" is incorrect. Amazon CloudFront is a fast content delivery
network (CDN) service that securely delivers data, videos, applications, and
APIs to customers globally with low latency, high transfer speeds.
INCORRECT: "AWS
Batch" is incorrect. AWS Batch enables developers, scientists, and
engineers to easily and efficiently run hundreds of thousands of batch
computing jobs on AWS.
INCORRECT: "Amazon
QuickSight" is incorrect. Amazon QuickSight is a fast, cloud-powered
business intelligence service that makes it easy to deliver insights to
everyone in your organization.
References:
https://aws.amazon.com/cloudformation/
https://aws.amazon.com/opsworks/
Save time with our AWS cheat
sheets:
https://digitalcloud.training/additional-aws-services/
20.
A company requires a dashboard for
reporting when using a business intelligence solution. Which AWS service can a
Cloud Practitioner use?
·
Amazon Redshift
·
Amazon Kinesis
·
Amazon Athena
·
Amazon QuickSight
Correct answer
Amazon QuickSight
Explanation:
Amazon QuickSight is a scalable, serverless,
embeddable, machine learning-powered business intelligence (BI) service built
for the cloud.
QuickSight lets you easily create and publish
interactive BI dashboards that include Machine Learning-powered insights.
QuickSight dashboards can be accessed from any device,
and seamlessly embedded into your applications, portals, and websites.
·
·
CORRECT: "Amazon QuickSight" is the
correct answer.
·
INCORRECT: "Amazon Redshift" is
incorrect. RedShift is a data warehouse solution not a dashboard. You can use
QuickSight with RedShift.
·
INCORRECT: "Amazon Kinesis" is
incorrect. This is a service for collecting streaming data.
·
INCORRECT: "Amazon Athena" is
incorrect. Athena is used for running SQL queries on data in Amazon S3.
References:
https://aws.amazon.com/quicksight/
Save time with our AWS cheat
sheets:
https://quicksight.aws.amazon.com/
Comments
Post a Comment