AWS Certified Cloud Practitioner – 002: Questions and answers

Results

You scored above the 70%

You scored below the 70%

#1. Which component of AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery?

CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. CloudFront works seamlessly with services including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing or Amazon EC2 as origins for your applications, and Lambda@Edge to run custom code closer to customers’ users and to customize the user experience

https://aws.amazon.com/cloudfront/

#2. What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty practice areas?

Adopting the AWS Cloud can provide you with sustainable business advantages. Supplementing your team with specialized skills and experience can help you achieve those results. The AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. We work together with your team and your chosen member of the AWS Partner Network (APN) to execute your enterprise cloud computing initiatives.

https://aws.amazon.com/professional-services/

#3. What is defined as an implementation of an AWS machine image?

An instance is an instance or implementation of an AWS machine image (AMI).

#4. When creating a VPC peer, what must be defined in each VPC?

Each VPC must have a route to the other (peer) VPC in the routing table.

https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html

#5. What is true of VPC peering?

VPC peering is not transitive. This simply means that peering does not pass through. For example, if VPC1 is peered with VPC2 and VPC2 is peered with VPC3, this does not mean that VPC1 is peered with VPC3. All peers must be directly configured.

https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html

#6. What is not a benefit of cloud computing?

While security is not necessarily decreased in cloud computing, it is certainly not increased.

#7. What service is used to create block storage for volume attachment to EC2 instances?

Elastic Block Store (EBS) is used to create volumes that are attached to EC2 instances for block-level access.

https://aws.amazon.com/ebs/

#8. Which service would you use to send alerts based on Amazon CloudWatch alarms?

metric alarm watches a single CloudWatch metric or the result of a math expression based on CloudWatch metrics. The alarm performs one or more actions based on the value of the metric or expression relative to a threshold over a number of time periods. The action can be an Amazon EC2 action, an Amazon EC2 Auto Scaling action, or a notification sent to an Amazon SNS topic.

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html

#9. Distributing workloads across multiple Availability Zones supports which cloud architecture design principle?

Making Application Failover Seamless by Failing Over Your Private Virtual IP Across Availability Zones

https://aws.amazon.com/blogs/apn/making-application-failover-seamless-by-failing-over-your-private-virtual-ip-across-availability-zones/

#10. Under the shared responsibility model, which of the following is the customer responsible for?

AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes

#11. What is the S3 API based on?

The AWS APIs are largely based on REST as it uses HTTP method for communications.

https://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html

#12. What is true of Regions and Availability Zones (AZs)?

Availability Zones are within regions, and resilient networks are built between data centers in the Availability Zone.

#13. How many tags can an S3 object have assigned to it?

There is a limit of 10 tags per S3 object, so they should be planned well within your organization.

https://aws.amazon.com/s3/

#14. Why is AWS more economical than traditional data centers for applications with varying compute workloads?

#15. What can you implement to provide storage-based security for S3 objects?

VPN, IPSec, and L2TP are all network-based security solutions. Encryption can be implemented in S3 buckets for storage-based security

https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html

#16. How many public addresses can an Elastic Network Interface have?

An ENI can have one public address and multiple private addresses. This allows the interface to connect to the cloud and the Internet.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

#17. What should you configure on S3 objects to limit the users who can access them?

Security parameters may be used for this. Encryption does not limit user access. Encryption is used for storage security and anyone with access will still be able to access the encrypted data through automatic decryption.

https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/

#18. What AWS services is used for archival data storage?

Glacier is used for archival data storage. It can be configured for 3-5 minute recovery, 3-5 hour recovery, or 5-12 hour recovery.

https://aws.amazon.com/glacier/

#19. What is an example of something you can configure as a DHCP option in AWS?

You can configure the following parameters in DHCP options: Domain Name Servers, Domain Name, NTP Servers, NetBIOS name servers, and NetBIOS node types.

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html

#20. When you create a folder in an S3 bucket, what is actually created?

Under-the-hood, AWS uses prefixes attached to object names to virtualize folders. Folders do not actually exist in the S3 bucket.

https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-folders.html

#21. Which AWS service would simplify migration of a database to AWS?

AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open-source databases.

https://aws.amazon.com/dms/

#22. What is connected to AWS services using an endpoint?

AWS endpoints are used to connect VPCs to AWS services. It allows instances in a VPC to access resources in another VPC through the endpoint.

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html

#23. If you test an Elastic IP address and forget to remove it, what will happen?

EIPs are allocated to your account and remain allocated until you release them. All EIPs come with a charge, so they should be released when no longer required.

https://aws.amazon.com/premiumsupport/knowledge-center/elastic-ip-charges/

#24. How would a system administrator add an additional layer of login security to a user’s AWS Management Console?

#25. What acronym is used to reference the entire infrastructure in the cloud?

Infrastructure as a Service (IaaS) is a reference to the entire infrastructure (networking, services, servers, etc.) in the cloud.

#26. What object property defines the performance you will get when reading and writing to the object?

The storage class determines the level of performance you can expect.

https://aws.amazon.com/s3/storage-classes/

#27. A customer would like to design and build a new workload on AWS Cloud but does not have the AWS-related software technical expertise in-house. Which of the following AWS programs can a customer take advantage of to achieve that outcome?

The AWS Partner Network (APN) is the global partner program for technology and consulting businesses who leverage Amazon Web Services to build solutions and services for customers. The APN helps companies build, market, and sell their AWS offerings by providing valuable business, technical, and marketing support.

https://aws.amazon.com/partners/

#28. The use of what AWS feature or service allows companies to track and categorize spending on a detailed level?

As an AWS startup solutions architect I work closely with early stage startups, helping them with general guidance, performing architecture reviews, discussing best practices, security, reliability, cost optimization, and other general questions.

https://aws.amazon.com/blogs/startups/how-to-set-aws-budget-when-paying-with-aws-credits/

#29. Which AWS networking service enables a company to create a virtual network within AWS?

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

https://aws.amazon.com/vpc/

#30. What service is used to manage access to AWS?

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM is a feature of your AWS account offered at no additional charge

#31. When creating a VPC peer, what must be defined in each VPC?

Each VPC must have a route to the other (peer) VPC in the routing table.

https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html

#32. Where can a customer find information about prohibited actions on AWS infrastructure?

This Acceptable Use Policy (this “Policy”) describes prohibited uses of the web services offered by Amazon Web Services, Inc. and its affiliates (the “Services”) and the website located at http://aws.amazon.com (the “AWS Site”). The examples described in this Policy are not exhaustive. We may modify this Policy at any time by posting a revised version on the AWS Site. By using the Services or accessing the AWS Site, you agree to the latest version of this Policy. If you violate the Policy or authorize or help others to do so, we may suspend or terminate your use of the Services.

https://aws.amazon.com/aup/

#33. Which service stores objects, provides real-time access to those objects, and offers versioning and lifecycle capabilities?

Amazon S3 is object storage built to store and retrieve any amount of data from anywhere on the Internet. It’s a simple storage service that offers an extremely durable, highly available, and infinitely scalable data storage infrastructure at very low costs.

https://aws.amazon.com/s3/faqs

#34. Which AWS services can host a Microsoft SQL Server database?

Amazon Web Services offers you the flexibility to run Microsoft SQL Server for as much or as little time as you need and select from a number of versions and editions. SQL Server on Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Block Store (Amazon EBS) gives you complete control over every setting, just like when it’s installed on-premises. Amazon Relational Database Service (Amazon RDS) is a fully managed service that takes care of all the maintenance, backups, and patching for you.

https://aws.amazon.com/sql/

#35. Which of the following is AWS’s responsibility under the AWS shared responsibility model?

AWS responsibility “Security of the Cloud” – AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

https://aws.amazon.com/compliance/shared-responsibility-model/

#36. Which is not a compute service?

Compute services include EC2, Lambda, and Elastic Beanstalk, among others. EBS is a storage service for block-level access.

#37. After creating a VPC, what is typically the first task you will perform?

After creating a VPC, you will need to create one or more subnets. The instances will be configured to connect to one of these subnets.

https://docs.aws.amazon.com/vpc/latest/userguide/working-with-vpcs.html

#38. Which AWS offering enables customers to find, buy, and immediately start using software solutions in their AWS environment?

AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS.

#39. Who is responsible for the security in the cloud?

Security in the cloud is the responsibility of the customer. Security of the cloud is the responsibility of Amazon.

#40. Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated?

Visibility into your AWS account activity is a key aspect of security and operational best practices. You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity across your AWS infrastructure. You can identify who or what took which action, what resources were acted upon, when the event occurred, and other details to help you analyze and respond to activity in your AWS account. Optionally, you can enable AWS CloudTrail Insights on a trail to help you identify and respond to unusual activity.

You can integrate CloudTrail into applications using the API, automate trail creation for your organization, check the status of trails you create, and control how users view CloudTrail events.

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html

finish