Computacion Cloud examen

what are the advantages of cloud computing over computing on-premises?. avoid large capital purchases. use on-demand capacity. go global in minutes. increase speed and agility. all of the above.

wha tis the pricing model that enables aws customers to pay for resources on as-needed basis?. pay as you decomimission. pay as you go. pay as you buy. pay as you reserve.

which od these is not a cloud computing model?. platform as a service. infraestructure as a service. system administration as a service. softwer as a service.

aws owns and maintains the network-connected hardware required for application ervices, while you provision and use what you need. true. false.

which of these is not a benefit of cloud computing over on premises computing?. increase speed and agility. pay for racking , stacking, and powering servers. eliminate guessing on your infrastructure capacity needs. trade capital espense for variable expense. benefit from massive econocmies of scale.

whic of the following are not benefits of aws cloud computing. multiple procurement cycles. high availability. high latency. fault-tolerant databases.

whic of the following is a compute service?. amazon vpc. amazon s3. amazon ec2. amazon cloudfront. amazon redshift.

economies of scale result from... having many different cloud providers. having hundreds of thousands of customers aggregated in the cloud. having hundreds of cloud services available over the internet. having to invest in data centers and servers.

which of these are ways to access aws core services (3). technical support calls. aws marketplace. aws management console. aws command line interface. software development kits.

in the shared responsibilitu model , aws is resposible for providing what?. security of the cloud. security to the cloud. security for the cloud. security in the cloud.

in the shared responsibility model, which of the following are examples of security in the cloud? (2). compliance with compute security stanndards and regulations. phisicall security of the facilities in which the services operate. security group configuration. encryption of data at rest and data in transit. protecting the global infrastructure.

which of the followings is the resposibility of aws under the aws shared responsibility model. configuring thir-party applications. mantaining physical hardware.

when creating an aws identitu and access management policy, what are the two types of access that can be granted to a user? 2. institutional access. authorized access. programmatic access. aws management console access. administrative root access.

aws organizations enables you to consolidate multiple aws accounts so that you centrally manage them. true. false.

which are best practices to secure your acount using aws identity and acces management?. provide users with default administrative privileges. leave unused an unnecessary users and credentials in place. manage access to aws resources. avoid using iam groups to grant the same access permissions to multiple users. define fine-grained acces right.

which chould be done by the aws account root user?. secure access for applications. integrate with other aws services. change granular permissions. change the aws support plan.

after initial login, what oes aws recommend as the best practice for the aws account root user?. delete the aws account root user. revoke all permissions on the aws account root user. restrict permission on the aws account root user. delete the acces keys of the aws account root user.

how would a system admin add an additional layer of login security to a user aws management console?. use amazon cloud directory. audit aws IAM roles. enable multifactor authentication. enable aws cloudtrail.

aws key management service enables you to assess audit and evaluate the configurations of your aws resources. true. false.

for certain services like EC2 and RDS, you can invest in reserved capacity. what options are available for reserved instances? 3. auri. muri. nuri. puri. duri.

where can a customer go to get more detail about amazon ec2 billing activity that took place 3 months ago?. ec2 dashboard. cost explorer. trusted advisor dashboard. cloudtrail logs stored in Amazon S3.

to recieve the discount rate associted with reserved instances, you must make a full, upfront payment for the term of the agreement. true. false.

which is true about pricing in AWS?. in most cases there is a per gigabyte charge for inbound data transfer. storage is typically charged per gyabyte. compute is typically charged as a monthly fee based on instance type. outbound charges are free up to a per account limit.

what are the four support plans offered by aws support?. basic, developer, business, enterprise. basic, startup, business, enterprise. free, bronze, silver, gold. all support is free.

what tools lets you eplore aws services and create an estimate for the cost of your use cases?. pricing calculator. budgets. cost and usage report. billing dashboard.

as aws grows the cost of doing business is reduced and savings are passed back to the customer with lower pricing. what is the optimization called?. expenditure awareness. economies of scale. matching supply and demand. ec2 right sizing.

aws offers services with no charge, such as ....... however you may be charged for other aws services that you use in conjunction with these. true. false.

what are the benefits of using aws organizations? 2. replaces existing aws identity and access manager policies with service control policies which are simpler to manage. provides the ability to create groups of accounts and then attach policies to a group. provides the ability to create an unlimited number of nested organizational units to support your desired structure. simplifies automating account creation and management by using apis. prevents any restriction from being put on the root user that is associated with the main organization in an account.

unlimited services are avaliable with the aws free tier to new aws customers for 12 months folloging their aws sign-up date. true. false.

which is the best definition of cloud architecture?. designing applications in cloud-based, shared it infrastructure by using virtual machines and fault-tolerant data stores in the cloud. relocating traditional on-premises data centsrs to internet-accesible data centers that a vendor manages. combining frontend and backend software and components to create highly avaliable and scalable web services that meet the needs of an organization. applying cloud characteristics to a solution that used cloud services and features to meet technical requirements.

the aws well-architected framework has si pillars. three of the pillarse are security, operational excellence, and sustainability. what are two of the other pillars of the well architected framework? 2. privacy. cost optimization. risk management. reliability. governance.

which actions are consistent with the operational ecellence pillar of the aws well-architected framework?. plan and manage the full lifecycle of hardware assets. review and improve processes and procedures on a continuous cycle. evaluate organizational structures and roles to identify skill gaps. ensure operations personnel document changes to the infrastructure. apply software engineering principles and methodology to infrastructure as code.

a specific application requires a frontend web tier of multiple servers that communicate with a backend application tier of multiple servers. which design most closely follows aws bes practices. assign dedicated application server and a dedicated connection to each web server. create multiple instances that each combine a web frontend and application backend in the same instance. create a full mesh network between the web and application tiers, so that each web server can communicate directly with every application server. design the web tier to communicate with the application tier through the elastic load balancing (ELB) service.

a solutions architect is developing a process for handling server failures. which process most closely follow aws best practices?. Amazon cloudwatch detects a systems failure. it initiates automation to provision a new server. amazon cloudwatch detects a sustem failure. it notifies the system administrator, wh provisions a new erver by using the AWS management console. the operations staff detects a system failure. they notify the systems admin, who provisiones a new server by using the aws management console. the operations staff detects a system failure, they initiate automation to provision a new server.

a company is considering moving their on-premises data center to the cloud, their primaty motivation is to increase their cost efficiency. which approach most closely follows aws best practices?. replicate their on-premises data center in the cloud. provision the servers that are needed and stop services when they are not being used. provision some of the servers in the cloud and ensure the servers run 24/7. maintain the on-premise data centers as long as possible.

a company stores read-only data in amazon s3. most users are in the same country as the company headcuarters. some users are located around the world. which design decision most closely follows aws best practices?. use a bucket in the region that has the lowest average latency for all users. use a bucket in the aws region that is closes to the company headquarters. all users access the data throuf amazon cloud front. use a bucket in the region closest to the company headquarters. replicate objects across buckets in aws regions around the world. user access the bucker in the region closest that is to them.

A consultant must access a large object in an S3 bucket. They need one day to access the file. Which method for granting access most closely follows AWS best practices?. Create a presigned URL to the object that expires in 24 hours, and give it to the consultant. Copy the object to a new S3 bucket. Enable public access on the new bucket. From the new bucket, get the object URL, and give it to the consultant. Create a user account for the consultant. Grant the user account permissions to access the S3 bucket through the AWS Management Console. Enable public access on the S3 bucket. Give the object URL to the consultant.

9. Which are main considerations that influence which AWS Regions to use? (Select TWO.). Application resiliency during system failures. Compliance with laws and regulations. Protection against localized natural disasters. Latency reduction for end users. Security and access control.

Which are main considerations that influence which Availability Zones to use? (Select TWO.). Protection against localized natural disasters. Latency reduction for end users. Security and access control. Compliance with laws and regulations. Application resiliency during system failures.

Which statement reflects a design principle of the security pillar of the Well-Architected Framework?. Apply security at all layers of an architecture. Decentralize privilege management. Do not deploy a solution to production until you’re certain that no security risks exist. Ensure that staff are actively monitoring potential risks manually.

. Which statements about responsibility are accurate based on the AWS shared responsibility model? (Select TWO.). Customers are responsible for the installation, maintenance, and decommissioning of the hardware that they use in the AWS data center. AWS is responsible for the configuration of security groups. AWS is responsible for the physical security of data centers. Customers are responsible for managing their user data. AWS is responsible for host-based firewall configurations.

Which options are characteristics of the principle of least privilege? (Select TWO.). Craft security policies that limit access to specific tasks. Monitor actions and changes. Always use groups. Use encryption. Grant access only as needed.

Which statement about AWS Identity and Access Management (IAM) is true?. With IAM, you can grant principals granular access to resources. With IAM, you can manage encryption for items that require encryption at rest. IAM provides an extra layer of security by offering anomaly detection on resources. IAM provides an audit trail of who performed an action, what action they performed, and when they performed it.

Which statements describe AWS Identity and Access Management (IAM) roles? (Select TWO.). They are uniquely associated to an individual. They can only be used by accounts that are associated to the person who creates the role. Individuals, applications, and services can assume roles. They provide temporary security credentials. They provide permanent security credentials.

. Which statement reflects a best practice for the root user on an AWS account?. Create two root users with separate credentials and distribute them to two different individuals. To avoid getting locked out of the account, do not enable multi-factor authentication (MFA) on the root account. Create an admin user and perform most admin tasks with this user instead of the root user. Remove unneeded permissions from the root user account.

How does AWS Identity and Access Management (IAM) evaluate a policy?. It checks for explicit allow statements before it checks for explicit deny statements. If the policy doesn't have any explicit deny statements or explicit allow statements, users have access by default. It checks for explicit deny statements before it checks for explicit allow statements. An explicit deny statement does not override an explicit allow statement.

Which statement about AWS Identity and Access Management (IAM) policies is accurate?. Identity-based policies can only be attached to a single entity. Resource-based policies allow access by default. Identity-based policies are attached to a user, group, or role. Resource-based policies are attached to a user, group, or role.

Which AWS Identity and Access Management (IAM) policy element includes information about whether to allow or deny a request?. Effect. Action. Principal. Condition.

Which option accurately describes the statement element in an AWS Identity and Access Management (IAM) policy?. The statement element does not apply to identity-based policies. The statement element contains other elements that together define what is allowed or denied. A policy can only have one statement element. The statement element is an optional part of an IAM policy.

Due to a company merger, a data engineer needs to increase their object storage capacity. They are not sure how much storage they will need. They want a highly scalable service that can store unstructured, semistructured, and structured data. Which service would be the most cost effective to accomplish this task?. Amazon Elastic Block Store (Amazon EBS). AWS Storage Gateway. Amazon RDS. Amazon S3.

Amazon S3 provides a good solution for which use case?. Ledger data that is updated and accessed frequently. Hourly storage of frequently accessed temporary files. A data warehouse for business intelligence. An internet-accessible storage location for video files that an external website can access.

A company is interested in using Amazon S3 to host their website instead of a traditional web server. Which types of content does Amazon S3 support for static web hosting? (Select THREE.). Database engine. Client-side scripts. HTML files and image files. Video and sound files. Dynamic HTML files. Server-side scripts.

A company wants to use an S3 bucket to store sensitive data. Which actions can they take to protect their data? (Select TWO.). Enabling server-side encryption on the S3 bucket before uploading sensitive data. Using client-side encryption to protect data in transit before it is sent to Amazon S3. Enabling server-side encryption on the S3 bucket after uploading sensitive data. Using Secure File Transfer Protocol (SFTP) to connect directly to Amazon S3. Uploading unencrypted files to Amazon S3 because Amazon S3 encrypts the files by default.

A company must create a common place to store shared files. Which requirements does Amazon S3 support? (Select TWO.). Maintain different versions of files. Lock a file so that only one person at a time can edit it. Attach comments to files. Compare file contents between files. Recover deleted files.

A customer service team accesses case data daily for up to 30 days. Cases can be reopened and require immediate access for 1 year after they are closed. Reopened cases require 2 days to process. Which solution meets the requirements and is the most cost efficient?. Store all case data in S3 Standard so that it is available whenever it is needed. Store case data in S3 Standard. Use a lifecycle policy to move the data into Amazon S3 Glacier Flexible Retrieval after 30 days. Store case data in S3 Intelligent-Tiering to automatically move data between tiers based on access frequency. Store case data in S3 Standard. Use a lifecycle policy to move the data into S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.

Which option takes advantage of edge locations in Amazon CloudFront to transfer files over long distances to an S3 bucket?. AWS SDKs. Amazon S3 Transfer Acceleration. Amazon S3 REST API. AWS Transfer Family.

A video producer must regularly transfer several video files to Amazon S3. The files range from 100–700 MB. The internet connection has been unreliable, causing some uploads to fail. Which solution provides the fastest, most reliable, and most cost-effective way to transfer these files to Amazon S3?. AWS Transfer Family. Amazon S3 Transfer Acceleration. Amazon S3 multipart uploads. AWS Management Console.

Which Amazon S3 storage class is designed for backup copies of on-premises data or easily re-creatable data?. S3 Intelligent-Tiering. S3 Glacier Instant Retrieval. S3 One Zone-Infrequent Access (S3 One Zone-IA). S3 Standard-Infrequent Access (S3 Standard-IA).

. A company needs to retain records for regulatory purposes for a 7-year period. These records are rarely accessed (once or twice a year). What is the lowest-cost storage class for Amazon S3?. S3 Standard-Infrequent Access (S3 Standard-IA). S3 One Zone-Infrequent Access (S3 One Zone-IA). S3 Intelligent-Tiering. S3 Glacier Deep Archive.

. Which attributes are reasons to choose Amazon EC2? (Select TWO.). AWS management of operating system (OS) patches. AWS management of operating system (OS) security. Complete control of computing resources. Ability to run any type of workload. Ability to run serverless applications.

. What are the benefits of using an Amazon Machine Image (AMI)?. Updating systems by patching their AMI. Automating security group settings for instances. Using an AMI as a server backup for Amazon EC2 instances. Launching instances with the same configuration. Migrating data from on premises to Amazon EC2 instances. Selling or sharing software solutions packaged as an AMI.

A system administrator must change the instance types of multiple running Amazon EC2 instances. The instances were launched with a mix of Amazon Elastic Block Store (Amazon EBS) backed Amazon Machine Images (AMIs) and instance-store-backed AMIs. Which method is a valid way to change the instance type?. Change the instance type of an Amazon EBS backed instance without stopping it. Change the instance type of an instance-store-backed instance without stopping it. Stop an instance-store-backed instance, change its instance type, and start the instance. Stop an Amazon EBS backed instance, change its instance type, and start the instance.

A workload requires high read/write access to large local datasets. Which instance types would perform BEST for this workload? (Select TWO.). Accelerated computing. Storage optimized. Memory optimized. General purpose. Compute optimized.

An application requires the media access control (MAC) address of the host Amazon EC2 instance. The architecture uses an AWS Auto Scaling group to dynamically launch and terminate instances. What is the BEST way for the application to obtain the MAC address?. Include the MAC address in a custom AMI for each instance in the AWS Auto Scaling group. Include the MAC address in the Amazon Machine Image (AMI) that is used to launch all of the instances in the AWS Auto Scaling group. Write the MAC address in the application configuration file of each instance. Use the user data of each instance to access the MAC address through the instance metadata.

Which statements about user data are correct? (Select TWO.). User data cannot be run while the instance is stopped. By default, user data runs after every instance restart. The cloud architect must remove the config_user_scripts file to rerun the user data scripts. The cloud architect must run the /var/lib/cloud/instance/scripts/part-001 command for the user data script to run again. By default, user data runs only once, when an instance is launched.

transactional workload on an Amazon EC2 instance performs high amounts of frequent read and write operations. Which Amazon Elastic Block Store (Amazon EBS) volume type is BEST for this workload?. Provisioned IOPS solid state drive (SSD). General Purpose solid state drive (SSD). Cold hard disk drive (HDD). Throughput Optimized hard disk drive (HDD).

It is possible to create an NFS share on an Amazon Elastic Block Store (Amazon EBS) backed Linux instance by installing and configuring an NFS server on the instance. In this way, multiple Linux systems can share the file system of that instance. Which advantages does Amazon Elastic File System (Amazon EFS) provide compared to this solution? (Select TWO.). High availability. Strong consistency. Automatic scaling. No need for backups. File locking.

Which feature does Amazon FSx for Windows File Server provide?. Fully managed Windows file servers. Microsoft Active Directory server for Windows file servers. Backup solution for on-premises Windows file servers. Amazon management agent for Windows file servers.

Which descriptions of Amazon EC2 pricing options are correct? (Select TWO.). With On-Demand Instances, customers can pay for compute capacity by usage time with no long-term commitments. Dedicated Hosts are servers that are dedicated to one purpose, such as a firewall. Savings Plans are budgeting tools that help customers manage Amazon EC2 costs. Spot Instances offer spare compute capacity at discounted prices and can be interrupted. Reserved Instances are physical servers that are reserved exclusively for customer use.

Which statement that compares a database service that AWS manages with a database on an Amazon EC2 instance is true?. Configuring backups for a database on a managed database service isn’t needed. AWS manages database patches for a database on a managed database service. AWS manages operating system (OS) patches for a database on an EC2 instance. Configuring backups for a database on an EC2 instance isn’t needed.

A small startup company is deciding which database service to use for an enrollment system for their online training website. Which requirements might lead them to select Amazon RDS rather than Amazon DynamoDB? (Select TWO.). The data is highly structured. Student, course, and registration data are stored in many different tables. The enrollment system must be highly available. Data and transactions must be encrypted to protect personal information. Data must be backed up in case of disasters.

A startup company is building an order inventory system with a web frontend and is looking for a real-time transactional database. Which service would best meet their needs?. Amazon Redshift. Amazon DocumentDB (with MongoDB compatibility). Amazon DynamoDB. Amazon Neptune.

. A small game company is designing an online game, where thousands of players can create their own in-game objects. The current design uses a MySQL database in Amazon RDS to store data for player-created objects. Which proposed online game object features could make Amazon DynamoDB a better solution? (Select TWO.). A set of common object attributes for player-created objects. Game items that can be modified using data contained in other tables. Unpredictable object attributes for player-created objects. A high amount of read activity on player-created objects and a low amount of writes. Game data items that include binary data and might exceed 700 MB.

An organization is concerned about an increase in fraud. Which service could help with building real-time graph database queries for fraud detection?. Amazon RDS. Amazon Neptune. Amazon Redshift. Amazon DynamoDB.

A data engineer must host a new Microsoft SQL Server database in AWS for a project. Which service could they use to accomplish this task?. Amazon DocumentDB (with MongoDB compatibility). Amazon Neptune. Amazon DynamoDB. Amazon Aurora.

Which techniques should be used to secure an Amazon RDS database? (Select THREE.). A virtual private gateway (VGW) to filter traffic from restricted networks. A virtual private cloud (VPC) to provide instance isolation. AWS Identity and Access Management (IAM) policies to define access at the table, row, and column levels. Security groups to control network access to individual RDS instances. An Amazon Virtual Private Cloud (Amazon VPC) gateway endpoint to prevent traffic from traversing the internet. Encryption both at rest and in transit to protect sensitive data.

Which techniques should be used to secure Amazon DynamoDB? (Select THREE.). A virtual private cloud (VPC) to provide instance isolation and firewall protection. A virtual private gateway (VGW) to filter traffic from restricted networks. An Amazon Virtual Private Cloud (Amazon VPC) gateway endpoint to prevent traffic from traversing the internet. Encryption to protect sensitive data. AWS Identity and Access Management (IAM) policies to define access at the table, item, or attribute level. Security groups to control network access to individual instances.

9. A company wants to migrate their on-premises Oracle database to Amazon Aurora MySQL. Which process describes the high-level steps most accurately?. Use AWS Database Migration Service (AWS DMS) to directly migrate from the Oracle database to Amazon Aurora MySQL. Use AWS Schema Conversion Tool (AWS SCT) to synchronously convert the schema and migrate the data. Use AWS Database Migration Service (AWS DMS) to migrate the data, and then use AWS Schema Conversion Tool (AWS SCT) to convert the schema. Use AWS Schema Conversion Tool (AWS SCT) to convert the schema, and then use AWS Database Migration Service (AWS DMS) to migrate the data.

A cloud architect is setting up an application to use an Amazon RDS MySQL DB instance. The database must be architected for high availability across Availability Zones and AWS Regions with minimal downtime. How should they meet this requirement?. Set up an RDS MySQL Single-AZ DB instance. Configure a read replica in a different Region. Set up an RDS MySQL Multi-AZ DB instance. Configure an appropriate backup window. Set up an RDS MySQL Multi-AZ DB instance. Configure a read replica in a different Region. Set up an RDS MySQL Single-AZ DB instance. Copy automated snapshots to at least one other Region.

Which definition describes a virtual private cloud (VPC)?. A fully managed service that extends the AWS Cloud to customer premises. An extension of an on-premises network into AWS. A logically isolated virtual network that you define in the AWS Cloud. A virtual private network (VPN) in the AWS Cloud.

Which component does not have direct access to the internet?. Network address translation (NAT) gateway inside a public subnet. EC2 instance inside a private subnet. Elastic IP address interface. EC2 instance inside a public subnet.

A company's virtual private cloud (VPC) has the Classless Inter-Domain Routing (CIDR) block 172.16.0.0/21 (2048 addresses). It has two subnets (A and B). Each subnet must support 100 usable addresses now, but this number is expected to rise to at most 254 usable addresses soon. Which subnet addressing scheme meets the requirements and follows AWS best practices?. Subnet A: 172.16.0.0/23 (512 addresses) Subnet B: 172.16.2.0/23 (512 addresses). Subnet A: 172.16.0.0/24 (256 addresses) Subnet B: 172.16.1.0/24 (256 addresses). Subnet A: 172.16.0.0/22 (1024 addresses) Subnet B: 172.16.4.0/22 (1024 addresses). Subnet A: 172.16.0.0/25 (128 addresses) Subnet B: 172.16.0.128/25 (128 addresses).

Several EC2 instances launch in a virtual private cloud (VPC) that has internet access. These instances should not be accessible from the internet, but they must be able to download updates from the internet. How should the instances launch?. With public IP addresses, in a subnet with a default route to an internet gateway. With Elastic IP addresses, in a subnet with a default route to an internet gateway. Without public IP addresses, in a subnet with a default route to a network address translation (NAT) gateway. Without public IP addresses, in a subnet with a default route to an internet gateway.

A group of consultants requires access to an EC2 instance from the internet for 3 consecutive days each week. The instance is shut down the rest of the week. The virtual private cloud (VPC) has internet access. How should you assign one IPv4 address to the instance to give the consultants access?. Enable automatic address assignment for the EC2 instance. Associate an Elastic IP address with the EC2 instance. Enable automatic address assignment for the subnet. Assign the IP address in the operating system (OS) boot configuration.

An application uses a bastion host to allow access to EC2 instances in a private subnet within a virtual private cloud (VPC). What security group configurations would allow SSH access from the source IP to the EC2 instances? (Select TWO.). Add a rule to the EC2 instance security group to allow traffic from the bastion host security group on port 22. Add a rule to the bastion host security group to allow return traffic to your source IP address. Add a rule to the bastion host security group to allow traffic on port 22 from your source IP address. Add a rule to the bastion host security group to deny all traffic from the internet. Add a rule to the private subnet EC2 instance security group to allow return traffic to the bastion host security group.

A solution deployed in a virtual private cloud (VPC) needs a subnet with limited access to specific internet addresses. How can an architect configure the network to limit traffic from and to the EC2 instances in the subnet using a network access control list (ACL)?. Add rules to the subnet custom network ACL to allow traffic from and to allowed internet addresses. Deny all other traffic. Add rules to the default network ACL to allow traffic from and to allowed internet addresses. Deny all other traffic. Add rules to the default network ACL to allow traffic from and to allowed internet addresses. Add rules to the subnet custom network ACL to allow traffic from and to allowed internet addresses.

Which actions are best practices for designing a virtual private cloud (VPC)? (Select THREE.). Use the same Classless Inter-Domain Routing (CIDR) block as your on-premises network. Create one subnet per Availability Zone for each group of hosts that have unique routing requirements. Match the size of the VPC Classless Inter-Domain Routing (CIDR) block to the number of hosts that are required for a workload. Divide the VPC network range evenly across all Availability Zones that are available. Reserve some address space for future use. Use the same Classless Inter-Domain Routing (CIDR) block for subnets in different Availability Zones that are part of the same AWS Auto Scaling group.

Where can you have VPC flow logs delivered? (Select THREE.). Amazon Athena. Amazon S3 bucket. Amazon CloudWatch. Amazon Kinesis Data Firehose. Amazon OpenSearch Service. AWS Management Console.

An EC2 instance must connect to an Amazon S3 bucket. What component provides this connectivity with no additional charge and no throughput packet limits?. Public region access point. Gateway VPC endpoint. Gateway Load Balancer endpoint. Interface VPC endpoint.

What is the simplest way to connect 100 virtual private clouds (VPCs) together?. Connect the VPCs to AWS Transit Gateway. Connect each VPC to all the other VPCs by using VPC peering. Create a hub-and-spoke network by using AWS VPN CloudHub. Chain VPCs together by using VPC peering.

A company needs network traffic to flow between an AWS account in one Region to another account in a different Region. What should they set up between the transit gateways in each region?. AWS Site-to-Site VPN. Transit gateway peering attachment. AWS PrivateLink. AWS Direct Connect.

A company has two virtual private clouds (VPCs). VPC A has a Classless Inter-Domain Routing (CIDR) block of 10.1.0.0/16. VPC B has CIDR block of 10.2.0.0/16. Both VPCs belong to the same AWS account. What is the simplest way to connect the two VPCs so that they can route all traffic between them?. VPC endpoints. AWS Site-to-Site VPN. AWS Direct Connect. VPC peering.

Systems in a secure subnet in a virtual private cloud (VPC) must access a bucket in Amazon S3. Which solutions stop traffic from crossing the internet? (Select TWO.). Use the private IP address of Amazon S3. Create a VPC peering connection to Amazon S3. Use a private IP address for the system. Create a VPC gateway endpoint for Amazon S3. Use VPC interface endpoints.

A company has three virtual private clouds (VPCs). VPCs A, B, and C have Classless Inter-Domain Routing (CIDR) blocks that do not overlap. Both A and C have separate VPC peering connections with B. However, A cannot communicate with C. What is the simplest and most cost-effective way to enable full communication between A and C?. Create VPC endpoints in A and C for the individual hosts that need to communicate with each other. Add routes to B to enable traffic between A and C through B. Link all three VPCs through a transit VPC, and route all traffic through the transit VPC. Add a peering connection between A and C, and route traffic between A and C through the peering connection.

ecause of a natural disaster, a company moved a secondary data center to a temporary facility with internet connectivity. It needs a secure connection to the company’s virtual private cloud (VPC) that must be operational as soon as possible. The data center will move again in 2 weeks. Which option meets the requirements?. VPC endpoints. AWS Site-to-Site VPN. VPC peering. AWS Direct Connect.

A company is concerned about internet disruptions. It wants to efficiently route traffic from their on-premises network to an AWS edge location close to their customer gateway device. What should they use?. AWS Global Accelerator. AWS VPN CloudHub. AWS Direct Connect. AWS Transit Gateway.

. A company is implementing a system to back up on-premises systems to AWS. Which network connectivity method provides a solution with the most consistent performance?. AWS Site-to-Site VPN. Virtual private cloud (VPC) endpoints. AWS Direct Connect. Virtual private cloud (VPC) peering.

. A company uses a single AWS Direct Connect connection between their on-premises network and their virtual private cloud (VPC). They want to ensure that the network connectivity is highly available by adding a backup connection. Which network connectivity method provides the most cost-effective solution for the backup connection?. Another AWS Direct Connect connection through a different Direct Connect location. An on-demand AWS Client VPN connection across the internet. Another AWS Direct Connect connection through the same Direct Connect location. An on-demand AWS Site-to-Site VPN connection across the internet.

A company is connecting a virtual private cloud (VPC) to multiple on-premises data centers using a virtual private network (VPN). Which implementation ensures resiliency and predictable bandwidth requirements?. Implement AWS Transit Gateway to connect to each on-premises data center. Implement Direct Connect as the primary connection and use the VPN as a secondary failover connection from each data center. Establish multiple Border Gateway Protocol (BGP) sessions for each VPC to create connectivity to multiple VPCs across multiple AWS Regions. Use a many-to-many mesh topology, such as Amazon VPC peering.

Which are characteristics of an AWS Identity and Access Management (IAM) group? (Select TWO.). A group can belong to another group. New users added to a group inherit the group’s permissions. Permissions in a group policy always override permissions in a user policy. A group can have security credentials. A user can belong to more than one group.

What is an advantage of using attribute-based access control (ABAC) over role-based access control (RBAC)?. ABAC permissions explicitly identify the resources that they protect. ABAC requires less testing than RBAC. ABAC will likely require fewer policies than RBAC. ABAC permissions are more secure than RBAC permissions.

A developer is a member of an AWS Identity and Access Management (IAM) group that has a group policy attached to it. The group policy allows access to Amazon S3 and Amazon EC2 and denies access to Amazon Elastic Container Service (Amazon ECS). The developer also has a user policy attached which allows access to Amazon ECS and Amazon CloudFront. Which option describes the user’s access?. Access to Amazon S3 and Amazon EC2, but no access to Amazon ECS and Amazon CloudFront. Access to Amazon ECS and Amazon CloudFront, but no access to Amazon S3 and Amazon EC2. Access to Amazon S3, Amazon EC2, Amazon ECS, and Amazon CloudFront. Access to Amazon S3, Amazon EC2, and Amazon CloudFront, but no access to Amazon ECS.

What is a benefit of identity federation with the AWS Cloud?. It assigns roles to authenticated users to control their access to AWS resources. It eliminates the need for defining permissions in AWS Identity and Access Management (IAM) to secure the access to AWS resources. It centralizes the storage and management of user identities inside of the AWS Cloud. It enables the use of an external identity provider to authenticate workforce users and give them access to AWS resources.

Which service enables identity federation for accessing a web application running in the AWS Cloud?. AWS WAF. Amazon Cognito. AWS CloudHSM. AWS Key Management Service (AWS KMS).

Which service helps centrally manage billing, control access, compliance and security, and share resources across multiple AWS accounts?. AWS Systems Manager. AWS Organizations. Amazon Cognito. AWS Identity and Access Management (IAM).

A technology company has multiple production accounts grouped into a production organizational unit (OU) in AWS Organizations. The company wants to prevent all AWS Identity and Access Management (IAM) users in the production accounts from deleting AWS CloudTrail logs. How can a system administrator enforce this restriction?. Create an Amazon S3 bucket policy and associate with all buckets containing AWS CloudTrail logs. Create an IAM policy and attach it to each IAM user in the production accounts. Create a tag policy and attach it to the production accounts. Create a service control policy (SCP), and attach it to the production OU.

A developer is writing a client application that encrypts sensitive data using a data key before sending it to a server application. The client application sends the data key to the server application so that the server application can decrypt the sensitive information. The developer is concerned that the confidentiality of the sensitive data might be compromised if the data key is stolen. Which type of encryption should the developer use to fully protect the sensitive information?. Server-side encryption. Envelope encryption. Asymmetric encryption. Symmetric encryption.

Which functions does the AWS Key Management Service (AWS KMS) provide? (Select TWO.). Create AWS Identity and Access Management (IAM) access keys. Authenticate external users. Store encrypted data. Create symmetric and asymmetric keys. Rotate keys.

Which AWS service discovers and protects sensitive information stored on Amazon S3 in an AWS account?. Amazon Macie. AWS Audit Manager. Amazon Detective. AWS Resource Access Manager (AWS RAM).

Which AWS networking service enables a company to create a virtual network within AWS? (Select the best answer.). Amazon Virtual Private Cloud (Amazon VPC). AWS Direct Connect. AWS Config. Amazon Route 53.

With Amazon Virtual Private Cloud (Amazon VPC), what is the maximum size IP address range you can have in a VPC? (Select the best answer.). /24. /16. /30. /28.

With Amazon Virtual Private Cloud (Amazon VPC), what is the smallest size subnet you can have in a VPC? (Select the best answer.). /28. /30. /26. /24.

What happens when you use Amazon Virtual Private Cloud (Amazon VPC) to create a new VPC? (Select the best answer.). An internet gateway is created by default. A main route table is created by default. Three subnets are created by default in one Availability Zone. Three subnets are created by default: one for each Availability Zone.

Which of the following can be used to protect Amazon Elastic Compute Cloud (Amazon EC2) instances hosted in AWS? (Select the best answer.). All of the above. Security group. Internet Gateway. AMI.

You are a solutions architect who works at a large retail company that is migrating its existing infrastructure to AWS. You recommend that they use a custom VPC. When you create a VPC, you assign it to an IPv4 Classless Inter-Domain Routing (CIDR) block of 10.0.1.0/24 (which has 256 total IP addresses). How many IP addresses are available? (Select the best answer.). 256. 251. 246. 250.

You need to allow resources in a private subnet to access the internet. Which of the following must be present to enable this access? (Select the best answer.). Network access control lists. Security groups. Route tables. NAT gateway.

Which of the following is an optional security control that can be applied at the subnet layer of a VPC? (Select the best answer.). Which of the following is an optional security control that can be applied at the subnet layer of a VPC? (Select the best answer.). Web application firewall. Firewall. Network ACL.

True or False? Private subnets have direct access to the internet. True. False.

Why is AWS more economical than traditional data centers for applications with varying compute workloads? (Select the best answer). Amazon EC2 costs are billed on a monthly basis. Customers retain full administrative access to their Amazon EC2 instances. Customers can permanently run enough instances to handle peak workloads. Amazon EC2 instances can be launched on-demand when needed.

Which Amazon Elastic Compute Cloud (Amazon EC2) feature ensures your instances will not share a physical host with instances from any other AWS customer? (Select the best answer). Amazon VPC. Placement groups. Dedicated Instances. Reserved Instances.

Which Amazon EC2 option is best for long-term workloads with predictable usage patterns? (Select the best answer). Spot Instances. On-Demand Instances. Reserved Instances.

What is included in an Amazon Machine Image (AMI)? (Select the best answer). A template for the root volume for the instance. Launch permissions that control which AWS accounts can use the AMI to launch instances. A block device mapping that specifies the volumes to attach to the instance when it's launched. All of the above.

Your web application needs four instances to support steady traffic all of the time. On the last day of the month, the traffic triples. What is the most cost-effective way to handle this pattern? (Select the best answer). Run 12 Reserved Instances all of the time. Run four On-Demand Instances constantly, then add eight more On-Demand Instances on the last day of each month. Run four Reserved Instances constantly, then add eight On-Demand Instances on the last day of each month. Run four On-Demand Instances constantly, then add eight Reserved Instances on the last day of each month.

Which of the following services is a serverless compute service in AWS? (Select the best answer). AWS Config. AWS Lambda. AWS OpsWorks. Amazon EC2.

What is the service provided by AWS that enables developers to easily deploy and manage applications in the cloud? (Select the best answer). Amazon Elastic Container Service. AWS Elastic Beanstalk. AWS Opswork. AWS CloudFormation.

Which of the following must be specified when launching a new Amazon Elastic Compute Cloud (Amazon EC2) Windows instance? (Choose two). Amazon Machine Image (AMI). Amazon EC2 instance type. The Amazon EC2 instance ID. Password for the administrator account.

If your project requires monthly reports that iterate through very large amounts of data, which Amazon Elastic Compute Cloud (Amazon EC2) purchasing option should you consider? (Select the best answer). Spot Instances. Scheduled Reserved Instances. Dedicated Hosts. On-Demand Instances.

: True or False? Containers contain an entire operating system. True. False.

True or False? Amazon Simple Storage Service (Amazon S3) is an object storage suitable for the storage of flat files like Microsoft Word documents, photos, etc. True. False.

Amazon S3 replicates all objects ______. (Select the best answer). on multiple volumes within an Availability Zone. in multiple Availability Zones within the same Region. across multiple Regions for higher durability. on multiple S3 buckets.

Which of the following can be used as a storage class for an S3 object lifecycle policy? (Choose three). S3 - Standard Access. AWS Storage Gateway. S3 - Infrequent Access. Simple Storage Service Glacier. S3 - Reduced Redundancy Storage. Amazon Dynamo DB.

The name of an S3 bucket must be unique ______. (Select the best answer). worldwide across all AWS accounts. within a Region. across all your AWS accounts. within your AWS account.

You can use Amazon Elastic File System (Amazon EFS) to: (Select the best answer). provide simple, scalable, elastic file storage for use only within AWS. implement storage for Amazon EC2 instances that multiple virtual machines can access at the same time. host a robust CDN to deliver entire web sites with dynamic, static, and streaming content. generate user-specific content.

Amazon Elastic Block Store (Amazon EBS) is recommended when data ______ and ______. (Choose two). requires object-level storage. must be quickly accessible, requiring long-term persistence. requires an encryption solution. needs to be stored in a different Availability Zone than the one the EC2 instance is in.

True or False? By default, all data stored in Amazon S3 is viewable by the public. True. False.

Regarding Amazon S3 Glacier, what is a Vault? (Select the best answer). The rules that determine who may (or may not) access archives. An object (photos, videos, files, or documents). A container for storing archives. A policy that identifies who can access content stored in Glacier.

True or False? When you create a bucket in Amazon S3, it is associated with a specific AWS Region. True. fALSE.

Which of the following are features of Amazon Elastic Block Store (Amazon EBS)? (Choose two). Amazon EBS data is automatically backed up to tape. Data stored on Amazon EBS is automatically replicated within an Availability Zone. Amazon EBS volumes can be encrypted transparently to workloads on the attached instance. Data on an Amazon EBS volume is lost when the attached instance is stopped.

You are designing an ecommerce web application that will scale to hundreds of thousands of concurrent users. Which database technology is best suited to hold the session state in this example?. Amazon Relational Database Service (Amazon RDS). Amazon DynamoDB. Amazon Redshift. Amazon Simple Storage Service (Amazon S3).

You need to find an item in an Amazon DynamoDB table using an attribute other than the item's primary key. Which of the following operations should you use? (Select the best answer.). PutItem. Scan. Query. GetItem.

In Amazon DynamoDB, what does the query operation enable you to do? (Select the best answer.). Query a table using the partition key and an optional sort key filter. Query any secondary indexes that exist for a table. Efficiently retrieve items from a table or secondary index. All of the above.

Which AWS Cloud service is best suited for analyzing your data by using standard structured query language (SQL) and your existing business intelligence (BI) tools? (Select the best answer.). Amazon Relational Database Service (Amazon RDS). Amazon Simple Storage Service Glacier. Amazon DynamoDB. Amazon Redshift.

In Amazon DynamoDB, an attribute is ______. (Select the best answer.). a fundamental data element. a collection of items. a collection of attributes.

If you are developing an application that requires a database with extremely fast performance, fast scalability, and flexibility in the database schema, which service should you consider? (Select the best answer.). Amazon Relational Database Service (Amazon RDS). Amazon ElastiCache. Amazon DynamoDB. Amazon Redshift.

Which of the following use cases is appropriate for using Amazon Relational Database Service (Amazon RDS)? (Select the best answer.). Massive read/write rates. Simple GET or PUT requests. Complex transactions. All of the above.

A company has an application, which consists of a .NET layer that connects to a MySQL database. They want to move this application on to AWS and use AWS features such as high availability and automated backups. Which of the following would be an ideal database for this use case? (Select the best answer). Amazon Aurora. Amazon Redshift. Amazon DynamoDB. Amazon RDS.

True or false? Amazon RDS automatically patches the database software and backs up your database, storing the backups for a user-defined retention period and enabling point-in-time recovery. True. False.

What should you consider when choosing a database type? (Select the best answer.). Data size. Data access period. Query frequency. Highly available. All of the above.

Which of the following is not one of the four areas of the performance efficiency pillar of the AWS Well-Architected Framework? (Select the best answer.). Tradeoffs. Selection. Traceability. Monitoring.

Which of the following is a principle when designing cloud-based systems? (Select the best answer.). Build tightly-coupled components. Make infrequent, large batch changes. Assume everything will fail. Use as many services as possible.

Which of the following are pillars of the AWS Well-Architected Framework? (Choose three.). Security. Persistence. Operational Excellence. Cost Optimization.

Which design principles are recommended when considering performance efficiency? (Choose two.). Democratize advanced technologies. Use serverless architectures. Match supply with demand. Enable traceability. Analyze and attribute expenditure.

AWS Trusted Advisor provides insight regarding which five categories of an AWS account? (Select the best answer.). Security, fault tolerance, high availability, connectivity, service limits. Performance, cost optimization, access control, connectivity, security. Performance, cost optimization, security, fault tolerance, service limits. Security, access control, high availability, performance, service limits.

What is the focus of the sustainability pillar of the Well-Architected Framework? (Select the best answer.). Designing workloads that recover quickly from failures. Minimizing the environmental impacts of running cloud workloads. Avoiding unnecessary costs in cloud workloads. Automating updates to cloud workloads.

After you move to the AWS Cloud, you want to ensure that the right security settings are put in place. Which online tool can assist in security compliance? (Select the best answer.). Amazon Kinesis. AWS Support. AWS Trusted Advisor. Amazon CloudWatch.

Which of the following is a measure of your system's ability to provide functionality when desired by the user? (Select the best answer.). Availability. Fault Tolerance. Reliability. Performance efficiency.

What is defined as the ability for a system to remain operational even if some of the components of that system fail? (Select the best answer.). High durability. Fault tolerance. High availability. High durability.

Which of the following best describes a system that can withstand some measures of degradation, experiences minimal downtime, and requires minimal human intervention? (Select the best answer.). Scalable. Fault-tolerant. Elastic. Highly available.

Which of the following AWS tools help your application scale up or down based on demand? (Choose two.). Availability Zones. Amazon EC2 Auto Scaling. AWS CloudFormation. Elastic Load Balancing. AWS Config.

Which service would you use to send alerts based on Amazon CloudWatch alarms? (Select the best answer.). Amazon Simple Notification Service (Amazon SNS). AWS CloudTrail. AWS Trusted Advisor. Amazon Route 53.

Which of the following are characteristics of Amazon EC2 Auto Scaling? (Choose three.). Only supports dynamic scaling. Responds to changing conditions by adding or terminating instances. Delivers push notifications. Launches instances from a specified Amazon Machine Image (AMI). Enforces a minimum number of running Amazon EC2 instances.

Which of the following must be configured on an Elastic Load Balancing load balancer to expect incoming traffic? (Select the best answer.). A port. A network interface. A listener. An instance.

Which of the following elements are used to create an Amazon EC2 Auto Scaling launch configuration? (Choose three.). Amazon Machine Image (AMI). Load balancer. Instance type. Virtual private cloud (VPC) and subnets. Amazon Elastic Block Store (Amazon EBS) volumes.

Which of the following services can help you collect important metrics from Amazon Relational Database Service (Amazon RDS) and Amazon Elastic Compute Cloud (Amazon EC2) instances? (Select the best answer.). Amazon CloudFront. Amazon CloudSearch. Amazon CloudWatch. AWS CloudTrail. Amazon EC2 Auto Scaling.

Which of the following are elements of an Auto Scaling group? (Choose three.). Minimum size. Health checks. Desired capacity. Maximum size.

There is an audit at your company and they need to have a log of all access to AWS resources in the account. Which of the following services can assist in providing these details? (Select the best answer.). Amazon CloudWatch. AWS CloudTrail. Amazon Elastic Compute Cloud (Amazon EC2). Amazon Simple Notification Service (Amazon SNS).

In Elastic Load Balancing, when the load balancer detects an unhealthy target, which of the following are true? (Choose three.). Stops routing traffic to that target. Triggers an alarm. Resumes routing traffic when it detects that the target is healthy again. Resumes routing traffic when manually restarted. Routes traffic to a healthy target.

What are the three types of load balancers that Elastic Load Balancing offers?. Internet Load Balancer. Application Load Balancer. Network Load Balancer. Compute Load Balancer. Classic Load Balancer. Auto Scaling Load Balancer.