AWS Certified Cloud Practitioner

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Lina
L
Lina
Community Contributor
Quizzes Created: 1 | Total Attempts: 429
Questions: 255 | Attempts: 429

SettingsSettingsSettings
AWS Certified Cloud Practitioner - Quiz

Vamos por ese cartón!


Questions and Answers
  • 1. 

    AWS. A startup wants to migrate its data and applications from the on-premises data center to AWS Cloud. Which of the following options can be used by the startup to help with this migration? (Select two)

    • A.

      Raise a support ticket with AWS Support for further assistance

    • B.

      Utilize AWS Partner Network (APN) to build a custom solution for this infrastructure migration

    • C.

      Consult moderators on AWS Developer Forums

    • D.

      Use AWS Trusted Advisor to automate the infrastructure migration

    Correct Answer(s)
    B. Utilize AWS Partner Network (APN) to build a custom solution for this infrastructure migration
    D. Use AWS Trusted Advisor to automate the infrastructure migration
    Explanation
    Utilize AWS Partner Network (APN) to build a custom solution for this infrastructure migration
    The AWS Partner Network (APN) is the global partner program for technology and consulting businesses that leverage Amazon Web Services to build solutions and services for customers. The startup can work with experts from APN to build a custom solution for this infrastructure migration.
    Use AWS Trusted Advisor to automate the infrastructure migration - AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits, and performance improvement. Trusted Advisor cannot automate the infrastructure migration.

    Rate this question:

  • 2. 

    AWS. A company wants to have control over creating and using its own keys for encryption on AWS services. Which of the following can be used for this use-case?

    • A.

      Customer managed key (CMK)

    • B.

      AWS owned key

    • C.

      AWS managed key

    • D.

      AWS Secrets Manager

    Correct Answer
    A. Customer managed key (CMK)
    Explanation
    Customer managed key (CMK)
    An AWS KMS key is a logical representation of a cryptographic key. A KMS key contains metadata, such as the key ID, key spec, key usage, creation date, description, and key state. Most importantly, it contains a reference to the key material that is used when you perform cryptographic operations with the KMS key.
    The KMS keys that you create are customer managed keys. Customer managed keys are KMS keys in your AWS account that you create, own, and manage. You have full control over these KMS keys, including establishing and maintaining their key policies, IAM policies, and grants, enabling and disabling them, rotating their cryptographic material, adding tags, creating aliases that refer to the KMS keys, and scheduling the KMS keys for deletion.

    Rate this question:

  • 3. 

    AWS. A unicorn startup is building an analytics application with support for a speech-based interface. The application will accept speech-based input from users and then convey results via speech. As a Cloud Practitioner, which solution would you recommend for the given use-case?

    • A.

      Use Amazon Polly to convert speech to text for downstream analysis. Then use Amazon Transcribe to convey the text results via speech

    • B.

      Use Amazon Translate to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speechg

    • C.

      Use Amazon Polly to convert speech to text for downstream analysis. Then use Amazon Translate to convey the text results via speech

    • D.

      Use Amazon Transcribe to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speech

    Correct Answer
    D. Use Amazon Transcribe to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speech
    Explanation
    Use Amazon Transcribe to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speech
    You can use Amazon Transcribe to add speech-to-text capability to your applications. Amazon Transcribe uses a deep learning process called automatic speech recognition (ASR) to convert speech to text quickly and accurately. Amazon Transcribe can be used to transcribe customer service calls, to automate closed captioning and subtitling, and to generate metadata for media assets.

    Rate this question:

  • 4. 

    AWS. An e-commerce company has deployed an RDS database in a single Availability Zone (AZ). The engineering team wants to ensure that in case of an AZ outage, the database should continue working on the same endpoint without any manual administrative intervention. Which of the following solutions can address this use-case?

    • A.

      Configure the database in RDS read replica mode with automatic failover to the standby

    • B.

      Deploy the database via AWS Elastic Beanstalk

    • C.

      Provision the database via AWS CloudFormation

    • D.

      Configure the database in RDS Multi-AZ deployment with automatic failover to the standby

    Correct Answer
    D. Configure the database in RDS Multi-AZ deployment with automatic failover to the standby
    Explanation
    Configure the database in RDS Multi-AZ deployment with automatic failover to the standby
    When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention.

    Rate this question:

  • 5. 

    AWS. A company uses reserved EC2 instances across multiple units with each unit having its own AWS account. However, some of the units under-utilize their reserved instances while other units need more reserved instances. As a Cloud Practitioner, which of the following would you recommend as the most cost-optimal solution?

    • A.

      Use AWS Systems Manager to manage AWS accounts of all units and then share the reserved EC2 instances amongst all units

    • B.

      Use AWS Organizations to manage AWS accounts of all units and then share the reserved EC2 instances amongst all units

    • C.

      Use AWS Trusted Advisor to manage AWS accounts of all units and then share the reserved EC2 instances amongst all units

    • D.

      Use AWS Cost Explorer to manage AWS accounts of all units and then share the reserved EC2 instances amongst all units

    Correct Answer
    B. Use AWS Organizations to manage AWS accounts of all units and then share the reserved EC2 instances amongst all units
    Explanation
    Use AWS Organizations to manage AWS accounts of all units and then share the reserved EC2 instances amongst all units
    AWS Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts. Using AWS Organizations, you can automate account creation, create groups of accounts to reflect your business needs, and apply policies for these groups for governance. You can also simplify billing by setting up a single payment method for all of your AWS accounts. AWS Organizations is available to all AWS customers at no additional charge.

    Rate this question:

  • 6. 

    AWS. Which of the following AWS services support VPC Endpoint Gateway for a private connection from a VPC? (Select two)

    • A.

      Amazon Simple Notification Service (SNS)

    • B.

      Amazon DynamoDB

    • C.

      Amazon Simple Queue Service (SQS)

    • D.

      Amazon Simple Storage Service (Amazon S3)

    • E.

      Amazon Elastic Compute Cloud (Amazon EC2)

    Correct Answer(s)
    B. Amazon DynamoDB
    D. Amazon Simple Storage Service (Amazon S3)
    Explanation
    Amazon Simple Storage Service (Amazon S3)
    Amazon DynamoDB
    A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
    There are two types of VPC endpoints: interface endpoints and gateway endpoints.
    An interface endpoint is an elastic network interface with a private IP address from the IP address range of your subnet that serves as an entry point for traffic destined to a supported service. Interface endpoints are powered by AWS PrivateLink, a technology that enables you to privately access services by using private IP addresses.
    A gateway endpoint is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service. The following AWS services are supported:
    Amazon Simple Storage Service (Amazon S3)
    Amazon DynamoDB
    Exam Alert:
    You may see a question around this concept in the exam. Just remember that only Amazon S3 and Amazon DynamoDB support VPC gateway endpoint. All other services that support VPC Endpoints use a VPC interface endpoint (note that Amazon S3 supports the VPC interface endpoint as well).

    Rate this question:

  • 7. 

    AWS. An intern at an IT company provisioned a Linux based On-demand EC2 instance with per-second billing but terminated it within 30 seconds as he wanted to provision another instance type. What is the duration for which the instance would be charged?

    • A.

      600 seconds

    • B.

      30 seconds

    • C.

      300 seconds

    • D.

      60 seconds

    Correct Answer
    D. 60 seconds
    Explanation
    60 seconds
    There is a one-minute minimum charge for Linux based EC2 instances, so this is the correct option.

    Rate this question:

  • 8. 

    AWS. Which of the following Amazon S3 storage classes takes the most time to retrieve data (also known as first byte latency)?

    • A.

      Amazon S3 Standard

    • B.

      Amazon S3 Glacier Flexible Retrieval

    • C.

      Amazon S3 Glacier Deep Archive

    • D.

      Amazon S3 Intelligent-Tiering

    Correct Answer
    C. Amazon S3 Glacier Deep Archive
    Explanation
    The given answer lists the states in the task lifecycle. The task starts in the "Ready" state, indicating that it is ready to be executed. Then, it moves to the "Reserved" state when it is assigned to a worker or resource. Next, it progresses to the "In progress" state when the task is being actively worked on. Finally, it reaches the "Complete" state when the task is finished and all required actions have been completed.

    Rate this question:

  • 9. 

    AWS. A multi-national corporation wants to get expert professional advice on migrating to AWS and managing their applications on AWS Cloud. Which of the following entities would you recommend for this engagement?

    • A.

      AWS Trusted Advisor

    • B.

      APN Consulting Partner

    • C.

      Concierge Support Team

    • D.

      APN Technology Partner

    Correct Answer
    B. APN Consulting Partner
    Explanation
    APN Consulting Partner
    The AWS Partner Network (APN) is the global partner program for technology and consulting businesses that leverage Amazon Web Services to build solutions and services for customers.
    APN Consulting Partners are professional services firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their migration to AWS cloud.
    APN Partner Types Overview: 

    Rate this question:

  • 10. 

    AWS. A startup wants to set up its IT infrastructure on AWS Cloud. The CTO would like to get an estimate of the monthly AWS bill based on the AWS services that the startup wants to use. As a Cloud Practitioner, which AWS service would you suggest for this use-case?

    • A.

      AWS Cost Explorer

    • B.

      AWS Pricing Calculator

    • C.

      AWS Cost & Usage Report (AWS CUR)

    • D.

      AWS Budgets

    Correct Answer
    B. AWS Pricing Calculator
    Explanation
    AWS Pricing Calculator
    AWS Pricing Calculator lets you explore AWS services and create an estimate for the cost of your use cases on AWS. You can model your solutions before building them, explore the price points and calculations behind your estimate, and find the available instance types and contract terms that meet your needs. This enables you to make informed decisions about using AWS. You can plan your AWS costs and usage or price out setting up a new set of instances and services. AWS Pricing Calculator can provide the estimate of the AWS service usage based on the list of AWS services.

    Rate this question:

  • 11. 

    AWS. Under the AWS Shared Responsibility Model, which of the following is a shared responsibility of both AWS and the customer?

    • A.

      Guarantee data separation among various AWS customers

    • B.

      Configuration Management

    • C.

      Availability Zone (AZ) infrastructure maintenance

    • D.

      Infrastructure maintenance of Amazon Simple Storage Service (Amazon S3) storage servers

    Correct Answer
    B. Configuration Management
    Explanation
    Configuration Management
    Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.
    Controls that apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives are called shared controls. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Configuration Management forms a part of shared controls - AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.
    Shared Responsibility Model Overview: 

    Rate this question:

  • 12. 

    AWS. Which security service of AWS is enabled for all AWS customers, by default, at no additional cost?

    • A.

      AWS Shield Advanced

    • B.

      AWS Shield Standard

    • C.

      AWS Secrets Manager

    • D.

      AWS Web Application Firewall (AWS WAF)

    Correct Answer
    B. AWS Shield Standard
    Explanation
    AWS Shield Standard
    AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your website or applications. While AWS Shield Standard helps protect all AWS customers, you get better protection if you are using Amazon CloudFront and Amazon Route 53. All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge.

    Rate this question:

  • 13. 

    AWS. Which of the following AWS services can be used to connect a company's on-premises environment to a VPC without using the public internet?

    • A.

      AWS Direct Connect

    • B.

      Internet Gateway

    • C.

      AWS Site-to-Site VPN

    • D.

      VPC Endpoint

    Correct Answer
    A. AWS Direct Connect
    Explanation
    AWS Direct Connect
    AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. You can use AWS Direct Connect to establish a private virtual interface from your on-premise network directly to your Amazon VPC, providing you with a private, high bandwidth network connection between your network and your VPC. This connection is private and does not go over the public internet. It takes at least a month to establish this physical connection.

    Rate this question:

  • 14. 

    AWS. According to the AWS Cloud Adoption Framework (AWS CAF), what are two tasks that a company should perform when planning to migrate to the AWS Cloud and aiming to become more responsive to customer inquiries and feedback as part of their organizational transformation? (Select two)

    • A.

      Organize your teams around bureaucratic design principles

    • B.

      Organize your teams around products and value streams

    • C.

      Leverage agile methods to rapidly iterate and evolve

    • D.

      Leverage legacy infrastructure for cost efficiencies

    Correct Answer(s)
    B. Organize your teams around products and value streams
    C. Leverage agile methods to rapidly iterate and evolve
    Explanation
    The AWS Cloud Adoption Framework (AWS CAF) leverages AWS experience and best practices to help you digitally transform and accelerate your business outcomes through innovative use of AWS. AWS CAF identifies specific organizational capabilities that underpin successful cloud transformations. These capabilities provide best practice guidance that helps you improve your cloud readiness. AWS CAF groups its capabilities in six perspectives: Business, People, Governance, Platform, Security, and Operations.
    Organize your teams around products and value streams
    Leverage agile methods to rapidly iterate and evolve
    Using the AWS Cloud Adoption Framework (AWS CAF), you can reimagine how your business and technology teams create customer value and meet your strategic intent. Organizing your teams around products and value streams while leveraging agile methods to rapidly iterate and evolve will help you become more responsive and customer centric.

    Rate this question:

  • 15. 

    AWS. What are the advantages that AWS Cloud offers over a traditional on-premises IT infrastructure? (Select two)

    • A.

      Make a capacity decision before deploying an application, to reduce costs

    • B.

      Trade capital expense for variable expense

    • C.

      Eliminate guessing on your infrastructure capacity needs

    • D.

      Provide lower latency to applications by maintaining servers on-premises

    Correct Answer(s)
    B. Trade capital expense for variable expense
    C. Eliminate guessing on your infrastructure capacity needs
    Explanation
    Trade capital expense for variable expense
    In a traditional on-premises environment, you have to invest heavily in data centers and servers before you know how you’re going to use them. With Cloud Computing, you can pay only when you consume computing resources, and pay only for how much you consume.
    Eliminate guessing on your infrastructure capacity needs
    When you make a capacity decision before deploying an application, you often end up either sitting on expensive idle resources or dealing with limited capacity. With Cloud Computing, these problems go away. You can access as much or as little capacity as you need, and scale up and down as required with only a few minutes’ notice. You can Stop guessing capacity.

    Rate this question:

  • 16. 

    AWS. AWS Shield Advanced provides expanded DDoS attack protection for web applications running on which of the following resources? (Select two)

    • A.

      AWS CloudFormation

    • B.

      AWS Elastic Beanstalk

    • C.

      AWS Global Accelerator

    • D.

      Amazon API Gateway

    • E.

      Amazon Route 53

    Correct Answer(s)
    C. AWS Global Accelerator
    E. Amazon Route 53
    Explanation
    Amazon Route 53
    AWS Global Accelerator
    AWS Shield Standard is activated for all AWS customers, by default. For higher levels of protection against attacks, you can subscribe to AWS Shield Advanced. With Shield Advanced, you also have exclusive access to advanced, real-time metrics and reports for extensive visibility into attacks on your AWS resources. With the assistance of the DRT (DDoS response team), AWS Shield Advanced includes intelligent DDoS attack detection and mitigation for not only for network layer (layer 3) and transport layer (layer 4) attacks but also for application layer (layer 7) attacks.
    AWS Shield Advanced provides expanded DDoS attack protection for web applications running on the following resources: Amazon Elastic Compute Cloud, Elastic Load Balancing (ELB), Amazon CloudFront, Amazon Route 53, AWS Global Accelerator.

    Rate this question:

  • 17. 

    AWS. Which of the following is a recommended way to provide programmatic access to AWS resources?

    • A.

      Use Access Key ID and Secret Access Key to access AWS resources programmatically

    • B.

      Use AWS Multi-Factor Authentication (AWS MFA) to access AWS resources programmatically

    • C.

      Create a new IAM user and share the username and password

    • D.

      Use IAM user group to access AWS resources programmatically

    Correct Answer
    A. Use Access Key ID and Secret Access Key to access AWS resources programmatically
    Explanation
    Use Access Key ID and Secret Access Key to access AWS resources programmatically
    Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). Access keys consist of two parts: an access key ID and a secret access key. As a user name and password, you must use both the access key ID and secret access key together to authenticate your requests. When you create an access key pair, save the access key ID and secret access key in a secure location. The secret access key is available only at the time you create it. If you lose your secret access key, you must delete the access key and create a new one.

    Rate this question:

  • 18. 

    AWS. Which AWS Support plan provides architectural guidance contextual to your specific use-cases?

    • A.

      AWS Developer Support

    • B.

      Could AWS Enterprise On-Ramp Support

    • C.

      AWS Business Support

    • D.

      AWS Enterprise Support

    Correct Answer
    C. AWS Business Support
    Explanation
    AWS Business Support
    You should use AWS Business Support if you have production workloads on AWS and want 24x7 phone, email and chat access to technical support and architectural guidance in the context of your specific use-cases. You get full access to AWS Trusted Advisor Best Practice Checks. You also get access to Infrastructure Event Management for an additional fee.

    Rate this question:

  • 19. 

    AWS. A company wants to identify the optimal AWS resource configuration for its workloads so that the company can reduce costs and increase workload performance. Which of the following services can be used to meet this requirement?

    • A.

      AWS Cost Explorer

    • B.

      AWS Systems Manager

    • C.

      AWS Budgets

    • D.

      AWS Compute Optimizer

    Correct Answer
    D. AWS Compute Optimizer
    Explanation
    AWS Compute Optimizer
    AWS Compute Optimizer recommends optimal AWS resources for your workloads to reduce costs and improve performance by using machine learning to analyze historical utilization metrics. Over-provisioning resources can lead to unnecessary infrastructure costs, and under-provisioning resources can lead to poor application performance. Compute Optimizer helps you choose optimal configurations for three types of AWS resources: Amazon EC2 instances, Amazon EBS volumes, and AWS Lambda functions, based on your utilization data.
    Compute Optimizer recommends up to 3 options from 140+ EC2 instance types, as well as a wide range of EBS volume and Lambda function configuration options, to right-size your workloads. Compute Optimizer also projects what the CPU utilization, memory utilization, and run time of your workload would have been on recommended AWS resource options. This helps you understand how your workload would have performed on the recommended options before implementing the recommendations.

    Rate this question:

  • 20. 

    AWS. Which of the following statements are CORRECT regarding the Availability Zone (AZ) specific characteristics of Amazon Elastic Block Store (EBS) and Amazon Elastic File System (Amazon EFS) storage types?

    • A.

      EBS volume can be attached to a single instance in the same Availability Zone (AZ) and EFS file system can only be mounted on instances in the same Availability Zone (AZ)

    • B.

      EBS volume can be attached to one or more instances in multiple Availability Zones (AZ) and EFS file system can be mounted on instances in the same Availability Zone (AZ)

    • C.

      EBS volume can be attached to a single instance in the same Availability Zone (AZ) whereas EFS file system can be mounted on instances across multiple Availability Zones (AZ)

    • D.

      EBS volume can be attached to one or more instances in multiple Availability Zones (AZ) and EFS file system can be mounted on instances across multiple Availability Zones (AZ)

    Correct Answer
    C. EBS volume can be attached to a single instance in the same Availability Zone (AZ) whereas EFS file system can be mounted on instances across multiple Availability Zones (AZ)
    Explanation
    EBS volume can be attached to a single instance in the same Availability Zone (AZ) whereas EFS file system can be mounted on instances across multiple Availability Zones (AZ)
    Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on-demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth.
    The service is designed to be highly scalable, highly available, and highly durable. Amazon EFS file systems store data and metadata across multiple Availability Zones (AZ) in an AWS Region. EFS file system can be mounted on instances across multiple Availability Zones (AZ).
    Amazon Elastic Block Store (EBS) is an easy to use, high-performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction-intensive workloads at any scale.
    Designed for mission-critical systems, EBS volumes are replicated within an Availability Zone (AZ) and can easily scale to petabytes of data. You can attach an available EBS volume to one instance that is in the same Availability Zone (AZ) as the volume.

    Rate this question:

  • 21. 

    AWS. A big data analytics company is moving its IT infrastructure from an on-premises data center to AWS Cloud. The company has some server-bound software licenses that it wants to use on AWS. As a Cloud Practitioner, which of the following EC2 instance types would you recommend to the company?

    • A.

      On-Demand Instance

    • B.

       Reserved Instance (RI)

    • C.

      Dedicated Instance

    • D.

      Dedicated Host

    Correct Answer
    D. Dedicated Host
    Explanation
    Dedicated Host
    Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2. An Amazon EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate compliance requirements.

    Rate this question:

  • 22. 

    AWS. A company wants to improve the resiliency of its flagship application so it wants to move from its traditional database system to a managed AWS NoSQL database service to support active-active configuration in both the East and West US AWS regions. The active-active configuration with cross-region support is the prime criteria for any database solution that the company considers. Which AWS database service is the right fit for this requirement?

    • A.

      Amazon DynamoDB with DynamoDB Accelerator

    • B.

      Amazon Aurora with multi-master clusters

    • C.

      Amazon DynamoDB with global tables

    • D.

      Amazon Relational Database Service (Amazon RDS) for MYSQL

    Correct Answer
    C. Amazon DynamoDB with global tables
    Explanation
    Amazon DynamoDB with global tables
    Amazon DynamoDB is a fully managed, serverless, key-value NoSQL database designed to run high-performance applications at any scale. DynamoDB offers built-in security, continuous backups, automated multi-region replication, in-memory caching, and data export tools.
    DynamoDB global tables replicate data automatically across your choice of AWS Regions and automatically scale capacity to accommodate your workloads. With global tables, your globally distributed applications can access data locally in the selected regions to get single-digit millisecond read and write performance. DynamoDB offers active-active cross-region support that is needed for the company.

    Rate this question:

  • 23. 

    AWS. Which of the following statements are CORRECT regarding the AWS VPC service? (Select two)

    • A.

      A network access control list (network ACL) can have allow rules only

    • B.

      A Security Group can have both allow and deny rules

    • C.

      A Network Address Translation instance (NAT instance) is managed by AWS

    • D.

      A Security Group can have allow rules only

    • E.

      A Network Address Translation gateway (NAT gateway) is managed by AWS

    Correct Answer(s)
    D. A Security Group can have allow rules only
    E. A Network Address Translation gateway (NAT gateway) is managed by AWS
    Explanation
    A Security Group can have allow rules only
    A Network Address Translation gateway (NAT gateway) is managed by AWS
    A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. Security groups act at the instance level, not at the subnet level. You can specify allow rules, but not deny rules. You can specify separate rules for inbound and outbound traffic.

    Rate this question:

  • 24. 

    AWS.   Which of the following AWS services support reservations to optimize costs? (Select three)

    • A.

      AWS Lambda

    • B.

      Amazon DynamoDB

    • C.

      Amazon Elastic Compute Cloud (Amazon EC2)

    • D.

      Amazon Simple Storage Service (Amazon S3)

    • E.

      Amazon Relational Database Service (Amazon RDS)

    Correct Answer(s)
    B. Amazon DynamoDB
    C. Amazon Elastic Compute Cloud (Amazon EC2)
    E. Amazon Relational Database Service (Amazon RDS)
    Explanation
    Amazon Elastic Compute Cloud (Amazon EC2)
    Amazon DynamoDB
    Amazon Relational Database Service (Amazon RDS)
    The following AWS services support reservations to optimize costs:
    Amazon EC2 Reserved Instances (RI): You can use Amazon EC2 Reserved Instances (RI) to reserve capacity and receive a discount on your instance usage compared to running On-Demand instances.
    Amazon DynamoDB Reserved Capacity: If you can predict your need for Amazon DynamoDB read-and-write throughput, Reserved Capacity offers significant savings over the normal price of DynamoDB provisioned throughput capacity.
    Amazon ElastiCache Reserved Nodes: Amazon ElastiCache Reserved Nodes give you the option to make a low, one-time payment for each cache node you want to reserve and, in turn, receive a significant discount on the hourly charge for that node.
    Amazon RDS RIs: Like Amazon EC2 RIs, Amazon RDS RIs can be purchased using No Upfront, Partial Upfront, or All Upfront terms. All Reserved Instance types are available for Aurora, MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server database engines.
    Amazon Redshift Reserved Nodes: If you intend to keep an Amazon Redshift cluster running continuously for a prolonged period, you should consider purchasing reserved-node offerings. These offerings provide significant savings over on-demand pricing, but they require you to reserve compute nodes and commit to paying for those nodes for either a 1- or 3-year duration.

    Rate this question:

  • 25. 

    AWS. A data analytics company is running a proprietary batch analytics application on AWS and wants to use a storage service which would be accessed by hundreds of EC2 instances simultaneously to append data to existing files. As a Cloud Practitioner, which AWS service would you suggest for this use-case?

    • A.

      Amazon Elastic Block Store (Amazon EBS)

    • B.

      Amazon Elastic File System (Amazon EFS)

    • C.

      Amazon Simple Storage Service (Amazon S3)

    Correct Answer
    B. Amazon Elastic File System (Amazon EFS)
    Explanation
    Amazon Elastic File System (Amazon EFS)
    Amazon EFS is a file storage service for use with Amazon EC2. Amazon EFS provides a file system interface, file system access semantics, and concurrently-accessible storage for up to thousands of Amazon EC2 instances. Amazon EFS uses the Network File System protocol.

    Rate this question:

  • 26. 

    AWS.  Which of the following is the MOST cost-effective option to purchase an EC2 Reserved Instance (RI)?

    • A.

      No upfront payment option with standard 3-years term

    • B.

      No upfront payment option with standard 1-year term

    • C.

      Partial upfront payment option with standard 3-years term

    • D.

      All upfront payment option with the standard 1-year term

    Correct Answer
    C. Partial upfront payment option with standard 3-years term
    Explanation
    Partial upfront payment option with standard 3-years term
    You can use Amazon EC2 Reserved Instances (RI) to reserve capacity and receive a discount on your instance usage compared to running On-Demand instances. The discounted usage price is reserved for the duration of your contract, allowing you to predict compute costs over the term of the Reserved Instance (RI).
    Please review this pricing comparison for EC2 Reserved Instances (RI): 

    Rate this question:

  • 27. 

    AWS. Which of the following AWS services should be used to automatically distribute incoming traffic across multiple targets?

    • A.

      AWS Auto Scaling

    • B.

      Amazon OpenSearch Service

    • C.

      AWS Elastic Load Balancing (ELB)

    • D.

      AWS Elastic Beanstalk

    Correct Answer
    C. AWS Elastic Load Balancing (ELB)
    Explanation
    AWS Elastic Load Balancing (ELB)
    Elastic Load Balancing (ELB) is used to automatically distribute your incoming application traffic across all the EC2 instances that you are running. You can use Elastic Load Balancing to manage incoming requests by optimally routing traffic so that no one instance is overwhelmed. Your load balancer acts as a single point of contact for all incoming web traffic to your application. When an instance is added, it needs to register with the load balancer or no traffic is routed to it. When an instance is removed, it must deregister from the load balancer or traffic continues to be routed to it.

    Rate this question:

  • 28. 

    AWS. A medical research startup wants to understand the compliance of AWS services concerning HIPAA guidelines. Which AWS service can be used to review the HIPAA compliance and governance-related documents on AWS?

    • A.

      AWS Secrets Manager

    • B.

      AWS Artifact

    • C.

      AWS Trusted Advisor

    • D.

      AWS Systems Manager

    • E.

      Cancel a Process

    • F.

      Step Out a Process

    Correct Answer
    B. AWS Artifact
    Explanation
    AWS Artifact
    AWS Artifact is your go-to, central resource for compliance-related information that matters to your organization. It provides on-demand access to AWS security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Different types of agreements are available in AWS Artifact Agreements to address the needs of customers subject to specific regulations. For example, the Business Associate Addendum (BAA) is available for customers that need to comply with the Health Insurance Portability and Accountability Act (HIPAA). It is not a service, it's a no-cost, self-service portal for on-demand access to AWS compliance reports.

    Rate this question:

  • 29. 

    AWS. Which type of cloud computing does Amazon Elastic Compute Cloud (EC2) represent?

    • A.

      Network as a Service (NaaS)

    • B.

      Infrastructure as a Service (IaaS)

    • C.

      Software as a Service (SaaS)

    • D.

      Platform as a Service (PaaS)

    Correct Answer
    B. Infrastructure as a Service (IaaS)
    Explanation
    Infrastructure as a Service (IaaS)
    Cloud Computing can be broadly divided into three types - Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS).
    IaaS contains the basic building blocks for cloud IT. It typically provides access to networking features, computers (virtual or on dedicated hardware), and data storage space. IaaS gives the highest level of flexibility and management control over IT resources.
    EC2 gives you full control over managing the underlying OS, virtual network configurations, storage, data and applications. So EC2 is an example of an IaaS service.

    Rate this question:

  • 30. 

    AWS. The DevOps team at an IT company is moving 500 GB of data from an EC2 instance to an S3 bucket in the same region. Which of the following scenario captures the correct charges for this data transfer?

    • A.

      The company would not be charged for this data transfer

    • B.

      The company would only be charged for the inbound data transfer into the S3 bucket

    • C.

      The company would only be charged for the outbound data transfer from EC2 instance

    • D.

      The company would be charged for both the outbound data transfer from EC2 instance as well as the inbound data transfer into the S3 bucket

    Correct Answer
    A. The company would not be charged for this data transfer
    Explanation
    The company would not be charged for this data transfer
    There are three fundamental drivers of cost with AWS: compute, storage, and outbound data transfer. In most cases, there is no charge for inbound data transfer or data transfer between other AWS services within the same region. Outbound data transfer is aggregated across services and then charged at the outbound data transfer rate.
    Per AWS pricing, data transfer between S3 and EC2 instances within the same region is not charged, so there would be no data transfer charge for moving 500 GB of data from an EC2 instance to an S3 bucket in the same region.

    Rate this question:

  • 31. 

    AWS. Which of the following are correct statements regarding the AWS Global Infrastructure? (Select two)

    • A.

      Each AWS Region consists of a minimum of three Availability Zones (AZ)

    • B.

      Each AWS Region consists of a minimum of two Availability Zones (AZ)

    • C.

      Each Availability Zone (AZ) consists of one or more discrete data centers

    • D.

      Each Availability Zone (AZ) consists of two or more discrete data centers

    • E.

      Each AWS Region consists of two or more Edge Locations

    Correct Answer(s)
    A. Each AWS Region consists of a minimum of three Availability Zones (AZ)
    C. Each Availability Zone (AZ) consists of one or more discrete data centers
    Explanation
    Each AWS Region consists of a minimum of three Availability Zones (AZ)
    Each Availability Zone (AZ) consists of one or more discrete data centers
    AWS has the concept of a Region, which is a physical location around the world where AWS clusters its data centers. AWS calls each group of logical data centers an Availability Zone (AZ). Each AWS Region consists of a minimum of three, isolated, and physically separate AZs within a geographic area. Each AZ has independent power, cooling, and physical security and is connected via redundant, ultra-low-latency networks.
    An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. All AZs in an AWS Region are interconnected with high-bandwidth, low-latency networking, over fully redundant, dedicated metro fiber providing high-throughput, low-latency networking between AZs.

    Rate this question:

  • 32. 

    AWS. A company wants to move to AWS cloud and release new features with quick iterations by utilizing relevant AWS services whenever required. Which of the following characteristics of AWS Cloud does it want to leverage?

    • A.

      Elasticity

    • B.

      Agility

    • C.

      Reliability

    • D.

      Scalability

    Correct Answer
    B. Agility
    Explanation
    Agility
    In the world of cloud computing, "Agility" refers to the ability to rapidly develop, test and launch software applications that drive business growth Another way to explain "Agility" - AWS provides a massive global cloud infrastructure that allows you to quickly innovate, experiment and iterate. Instead of waiting weeks or months for hardware, you can instantly deploy new applications. This ability is called Agility.

    Rate this question:

  • 33. 

    AWS.  Which of the following AWS services has encryption enabled by default?

    • A.

      AWS CloudTrail Logs

    • B.

      Amazon Elastic Block Store (Amazon EBS)

    • C.

      Amazon Elastic File System (Amazon EFS)

    • D.

      Amazon Relational Database Service (Amazon RDS)

    Correct Answer
    A. AWS CloudTrail Logs
    Explanation
    The integration builder is a tool used to create and manage integrations between different systems. In this context, the elements that can be created using the integration builder are the Sender Agreement, Receiver Determination, and Receiver Agreement. The Sender Agreement defines the communication parameters and settings for the sender system, while the Receiver Determination specifies the receiver system based on certain conditions. The Receiver Agreement, on the other hand, defines the communication parameters and settings for the receiver system. Interface Agreement is not mentioned as one of the elements that can be created in the integration builder.

    Rate this question:

  • 34. 

    AWS. The DevOps team at an e-commerce company is trying to debug performance issues for its serverless application built using a microservices architecture. As a Cloud Practitioner, which AWS service would you recommend addressing this use-case?

    • A.

      AWS X-Ray

    • B.

      AWS Trusted Advisor

    • C.

      Amazon Pinpoint

    • D.

      AWS CloudFormation

    Correct Answer
    A. AWS X-Ray
    Explanation
    AWS X-Ray
    You can use AWS X-Ray to analyze and debug serverless and distributed applications such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.

    Rate this question:

  • 35. 

    WAS. A silicon valley based healthcare startup stores anonymized patient health data on Amazon S3. The CTO further wants to ensure that any sensitive data on S3 is discovered and identified to prevent any sensitive data leaks. As a Cloud Practitioner, which AWS service would you recommend addressing this use-case?

    • A.

      AWS Glue

    • B.

      Amazon Polly

    • C.

      Amazon Macie

    • D.

      AWS Secrets Manager

    Correct Answer
    C. Amazon Macie
    Explanation
    Amazon Macie
    Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Macie automatically provides an inventory of Amazon S3 buckets including a list of unencrypted buckets, publicly accessible buckets, and buckets shared with AWS accounts outside those you have defined in AWS Organizations. Then, Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as personally identifiable information (PII).

    Rate this question:

  • 36. 

    AWS. Which AWS service will help you receive alerts when the reservation utilization falls below the defined threshold?

    • A.

      AWS CloudTrail

    • B.

      AWS Budgets

    • C.

      AWS Pricing Calculator

    • D.

      AWS Trusted Advisor

    Correct Answer
    B. AWS Budgets
    Explanation
    AWS Budgets
    AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.
    You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations.

    Rate this question:

  • 37. 

    AWS. Which of the following AWS Support plans provide access to only core checks from the AWS Trusted Advisor Best Practice Checks? (Select two)

    • A.

      AWS Enterprise Support

    • B.

      AWS Business Support

    • C.

      AWS Basic Support

    • D.

      AWS Enterprise On-Ramp Support

    • E.

      AWS Developer Support

    Correct Answer(s)
    C. AWS Basic Support
    E. AWS Developer Support
    Explanation
    AWS Basic Support
    The AWS Basic Support plan only provides access to the following:
    Customer Service & Communities - 24x7 access to customer service, documentation, whitepapers, and support forums. AWS Trusted Advisor - Access to the core Trusted Advisor checks and guidance to provision your resources following best practices to increase performance and improve security. AWS Health - Your Account Health Dashboard : A personalized view of the health of your AWS services, and alerts when your resources are impacted.

    Rate this question:

  • 38. 

    AWS. Which AWS Service can be used to mitigate a Distributed Denial of Service (DDoS) attack?

    • A.

      AWS Shield

    • B.

      AWS Key Management Service (AWS KMS)

    • C.

      AWS Systems Manager

    • D.

      Amazon CloudWatch

    Correct Answer
    A. AWS Shield
    Explanation
    AWS Shield
    AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield - Standard and Advanced.
    All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge. AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your web site or applications. When you use AWS Shield Standard with Amazon CloudFront and Amazon Route 53, you receive comprehensive availability protection against all known infrastructure (Layer 3 and 4) attacks.
    For higher levels of protection against attacks targeting your applications running on Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator and Amazon Route 53 resources, you can subscribe to AWS Shield Advanced. In addition to the network and transport layer protections that come with Standard, AWS Shield Advanced provides additional detection and mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks, and integration with AWS WAF, a web application firewall.

    Rate this question:

  • 39. 

    AWS. Compared to the on-demand instance prices, what is the highest possible discount offered for spot instances?

    • A.

      75

    • B.

      10

    • C.

      90

    • D.

      50

    Correct Answer
    C. 90
    Explanation
    90
    Amazon EC2 spot instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot instances are available at up to a 90% discount compared to the on-demand instance prices. You can use spot instances for various stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, CI/CD, web servers, high-performance computing (HPC), and other test & development workloads.

    Rate this question:

  • 40. 

    AWS.   Which of the following is CORRECT regarding removing an AWS account from AWS Organizations?

    • A.

      The AWS account can be removed from AWS Systems Manager

    • B.

      The AWS account must not have any Service Control Policies (SCPs) attached to it. Only then it can be removed from AWS organizations

    • C.

      Raise a support ticket with AWS Support to remove the account Correct answer

    • D.

      The AWS account must be able to operate as a standalone account. Only then it can be removed from AWS organizations Overall explanation

    Correct Answer
    D. The AWS account must be able to operate as a standalone account. Only then it can be removed from AWS organizations Overall explanation
    Explanation
    The AWS account must be able to operate as a standalone account. Only then it can be removed from AWS organizations
    You can remove an account from your organization only if the account has the information that is required for it to operate as a standalone account. For each account that you want to make standalone, you must accept the AWS Customer Agreement, choose a support plan, provide and verify the required contact information, and provide a current payment method. AWS uses the payment method to charge for any billable (not AWS Free Tier) AWS activity that occurs while the account isn't attached to an organization.

    Rate this question:

  • 41. 

    AWS. According to the AWS Shared Responsibility Model, which of the following are responsibilities of AWS? (Select two)

    • A.

      Replacing faulty hardware of Amazon EC2 instances

    • B.

      Enabling Multi Factor Authentication on AWS accounts in your organization

    • C.

      Creating S3 bucket policies for appropriate user access

    • D.

      Creating IAM role for accessing Amazon EC2 instances

    • E.

      Operating the infrastructure layer, the operating system and the platform for the Amazon S3 service Overall explanation

    Correct Answer(s)
    A. Replacing faulty hardware of Amazon EC2 instances
    E. Operating the infrastructure layer, the operating system and the platform for the Amazon S3 service Overall explanation
    Explanation
    According to the AWS Shared Responsibility Model, AWS is responsible for "Security of the Cloud". This includes protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
    Replacing faulty hardware of Amazon EC2 instances - Replacing faulty hardware of Amazon EC2 instances comes under the infrastructure maintenance "of" the cloud. This is the responsibility of AWS.
    Operating the infrastructure layer, the operating system and the platform for the Amazon S3 service - For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data.

    Rate this question:

  • 42. 

    AWS. Which of the following is an AWS database service?

    • A.

      Amazon Redshift

    • B.

      AWS Storage Gateway

    • C.

      AWS Database Migration Service (AWS DMS)

    • D.

      AWS Glue

    Correct Answer
    A. Amazon Redshift
    Explanation
    Amazon Redshift
    Amazon Redshift is a fully-managed petabyte-scale cloud-based data warehouse product designed for large scale data set storage and analysis.

    Rate this question:

  • 43. 

    AWS. Which option is a common stakeholder role for the AWS Cloud Adoption Framework (AWS CAF) platform perspective? (Select two)

    • A.

      Chief Product Officer (CPO)

    • B.

      Engineer

    • C.

      Chief Data Officer (CDO)

    • D.

      Chief Information Officer (CIO)

    • E.

      Chief Technology Officer (CTO)

    Correct Answer(s)
    B. Engineer
    E. Chief Technology Officer (CTO)
    Explanation
    Engineer
    Chief Technology Officer (CTO)
    The AWS Cloud Adoption Framework (AWS CAF) leverages AWS experience and best practices to help you digitally transform and accelerate your business outcomes through innovative use of AWS. AWS CAF identifies specific organizational capabilities that underpin successful cloud transformations. These capabilities provide best practice guidance that helps you improve your cloud readiness. AWS CAF groups its capabilities in six perspectives: Business, People, Governance, Platform, Security, and Operations.
    The platform perspective focuses on accelerating the delivery of your cloud workloads via an enterprise-grade, scalable, hybrid cloud environment. It comprises seven capabilities shown in the following figure. Common stakeholders include Chief Technology Officer (CTO), technology leaders, architects, and engineers.

    Rate this question:

  • 44. 

    AWS. A company runs an application on a fleet of EC2 instances. The company wants to automate the traditional maintenance job of running timely assessments and checking for OS vulnerabilities. As a Cloud Practitioner, which service will you suggest for this use case?

    • A.

      Amazon Macie

    • B.

      AWS Shield

    • C.

      Amazon GuardDuty

    • D.

      Amazon Inspector

    Correct Answer
    D. Amazon Inspector
    Explanation
    Amazon Inspector
    Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on your Amazon EC2 instances. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.

    Rate this question:

  • 45. 

    AWS. Which of the following is a serverless AWS service?

    • A.

      Amazon EMR

    • B.

      AWS Elastic Beanstalk

    • C.

      Amazon Elastic Compute Cloud (Amazon EC2)

    • D.

      AWS Lambda

    Correct Answer
    D. AWS Lambda
    Explanation
    AWS Lambda
    AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume. With Lambda, you can run code for virtually any type of application or backend service - all with zero administration. Just upload your code and Lambda takes care of everything required to run and scale your code with high availability.

    Rate this question:

  • 46. 

    AWS. A Project Manager, working on AWS for the first time, is confused about how credits are used in AWS. There are two credits available in the manager's account. Credit one is for $100, expires July 2022, and can be used for either Amazon S3 or Amazon EC2. Credit two is for $50, expires December 2022, and can be used only for Amazon EC2. The manager's AWS account has incurred two charges: $1000 for Amazon EC2 and $500 for Amazon S3. What will be the outcome on the overall bill once the credits are used? (Select two)

    • A.

      Then, credit two is applied to the remaining $900 of Amazon EC2 usage

    • B.

      Credit one is applied, which expires in July, to the Amazon EC2 charge which leaves you with a $900 Amazon EC2 charge and a $500 Amazon S3 charge

    • C.

      Then, credit two is applied to $500 for Amazon S3 usage

    • D.

      Credit one is applied, which expires in July, to Amazon S3 usage which leaves you with a $1000 Amazon EC2 charge and a $400 Amazon S3 charge

    • E.

      Only one credit can be used in one billing cycle and the customer has a choice to choose from the available ones

    Correct Answer(s)
    A. Then, credit two is applied to the remaining $900 of Amazon EC2 usage
    B. Credit one is applied, which expires in July, to the Amazon EC2 charge which leaves you with a $900 Amazon EC2 charge and a $500 Amazon S3 charge
    Explanation
    Credit one is applied, which expires in July, to the Amazon EC2 charge which leaves you with a $900 Amazon EC2 charge and a $500 Amazon S3 charge
    Then, credit two is applied to the remaining $900 of Amazon EC2 usage
    Credits are applied in the following order:
    Soonest expiring
    Least number of applicable products
    Oldest credit
    For the given use case, credit one is applied, which expires in July, to the Amazon EC2 charge which leaves you with a $900 Amazon EC2 charge and a $500 Amazon S3 charge. Then, credit two is applied to the remaining $900 of Amazon EC2 usage. You need to pay $850 for Amazon EC2 and $500 for Amazon S3. All your credits are now exhausted.

    Rate this question:

  • 47. 

    AWS. A web application stores all of its data on Amazon S3 buckets. A client has mandated that data be encrypted before sending it to Amazon S3. Which of the following is the right technique for encrypting data as needed by the customer?

    • A.

      Enable server-side encryption with Amazon S3 Managed Keys (SSE-S3)

    • B.

      Enable client-side encryption using AWS encryption SDK

    • C.

      Encryption is enabled by default for all the objects written to Amazon S3. Additional configuration is not required

    • D.

      Enable server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS)

    Correct Answer
    B. Enable client-side encryption using AWS encryption SDK
    Explanation
    Enable client-side encryption using AWS encryption SDK
    The act of encrypting data before sending it to Amazon S3 is termed as client-side encryption. The AWS encryption SDK is a client-side encryption library that is separate from the language–specific SDKs. You can use this encryption library to more easily implement encryption best practices in Amazon S3. Unlike the Amazon S3 encryption clients in the language–specific AWS SDKs, the AWS encryption SDK is not tied to Amazon S3 and can be used to encrypt or decrypt data to be stored anywhere.

    Rate this question:

  • 48. 

    AWS. A cyber forensics team has detected that AWS owned IP-addresses are being used to carry out malicious attacks. As this constitutes prohibited use of AWS services, which of the following is the correct solution to address this issue?

    • A.

      Contact AWS Abuse Team

    • B.

      Write an email to Jeff Bezos, the founder of Amazon, with the details of the incident

    • C.

      Contact AWS Support

    • D.

      Contact AWS Developer Forum moderators

    Correct Answer
    A. Contact AWS Abuse Team
    Explanation
    Contact AWS Abuse Team
    The AWS Abuse team can assist you when AWS resources are used to engage in abusive behavior.
    Please see details of the various scenarios that the AWS Abuse team can address: 
     via -  https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/

    Rate this question:

  • 49. 

    AWS. A startup wants to provision an EC2 instance for the lowest possible cost for a long-term duration but needs to make sure that the instance would never be interrupted. As a Cloud Practitioner, which of the following options would you recommend?

    • A.

      EC2 On-Demand Instance

    • B.

      EC2 Dedicated Host

    • C.

      EC2 Spot Instance

    • D.

      EC2 Reserved Instance (RI)

    Correct Answer
    D. EC2 Reserved Instance (RI)
    Explanation
    EC2 Reserved Instance (RI)
    An EC2 Reserved Instance (RI) provides you with significant savings (up to 75%) on your Amazon EC2 costs compared to On-Demand Instance pricing. A Reserved Instance (RI) is not a physical instance, but rather a billing discount applied to the use of On-Demand Instances in your account. You can purchase a Reserved Instance (RI) for a one-year or three-year commitment, with the three-year commitment offering a bigger discount. A reserved instance (RI) cannot be interrupted. So this is the correct option.

    Rate this question:

  • 50. 

    AWS. A multi-national company has just moved its infrastructure from its on-premises data center to AWS Cloud. As part of the shared responsibility model, AWS is responsible for which of the following?

    • A.

      Physical and Environmental controls

    • B.

      Configuring customer applications

    • C.

      Patching guest OS

    • D.

      Service and Communications Protection or Zone Security

    Correct Answer
    A. pHysical and Environmental controls
    Explanation
    Physical and Environmental controls
    As part of the shared responsibility model, Physical and Environmental controls are part of the inherited controls and hence these are the responsibility of AWS.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Oct 29, 2024
    Quiz Edited by
    ProProfs Editorial Team
  • Aug 08, 2019
    Quiz Created by
    Lina
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.