AWS Cloud Concepts Quiz

Questions and Answers

Which AWS feature allows users to create a dedicated connection between their on-premises data center and AWS?

VPC peering

Amazon Route 53

AWS VPN

AWS Direct Connect (correct)

What is classified as a physical location within the AWS global infrastructure?

AWS Organizations

Amazon Connect

AWS DataSync

AWS Region (correct)

Which pillar of the AWS Well-Architected Framework focuses on risk assessment and asset protection?

Performance efficiency

Operational excellence

Reliability

Security (correct)

What role does an internet gateway play within a VPC?

To allow communication between the VPC and the internet (A)

What best practice is a company following when migrating to AWS and dividing a monolithic application into microservices?

Implement loosely coupled dependencies. (B)

Which AWS service helps audit password and access key rotation for compliance?

IAM credential report (A)

Which of the following is NOT a benefit of using Reserved Instances?

Flexibility to change instance types (C)

What is the primary function of Spot Fleet in AWS?

To manage a fleet of Spot Instances across multiple instance types (C)

Which AWS service is primarily known for providing highly durable object storage?

Amazon S3 (D)

Which responsibility remains with the customer when hosting databases on Amazon EC2 instances?

Operating system installations (C)

What is a key advantage of migrating to the AWS Cloud?

Adopting a pay-as-you-go payment model (A)

Which AWS service is designed for hybrid cloud storage solutions?

AWS Storage Gateway (D)

Which tool can a user utilize to create cost estimates for AWS usage?

AWS Pricing Calculator (C)

Which service should developers use to integrate AWS features into applications?

AWS Software Development Kit (B)

Which design principle is recommended by the AWS Well-Architected Framework?

Learning from operational failures (A)

Which option indicates that an organization does not need to manage physical infrastructure when using AWS?

Ability to focus on application development (C)

What is the concept of granting access only to the resources needed to perform a task called?

Least privilege access (D)

Which AWS service allows you to set up a firewall for controlling traffic in an Amazon VPC subnet?

Network ACL (B)

Which AWS service enables companies to operate a data warehouse without managing its infrastructure?

Amazon Redshift Serverless (C)

How does AWS Cloud computing help businesses in cost reduction?

AWS allows adjusting capacity according to demand. (A)

Which AWS service can grant users in one account access to resources in another account?

IAM role (D)

What is one task that AWS is responsible for when services are used?

Maintenance of physical and environmental controls (D)

What is essential in implementing infrastructure as code for automation in deployment?

Use of template files for resource definitions (C)

What defines the method for ensuring users have only the permissions necessary to perform their tasks?

Least privilege principle (C)

What is the primary purpose of AWS Global Accelerator?

To enhance performance by routing traffic through AWS infrastructure. (D)

Which AWS service is specifically designed for sending messages between applications?

Amazon Simple Queue Service (Amazon SQS) (A)

What advantage does consolidated billing offer to AWS customers?

Volume discounts based on multiple account usage. (A)

Which resource is recommended for accessing compliance-related information in AWS?

AWS Artifact (D)

How can a user review all Amazon S3 buckets with ACLs and bucket policies?

Through Access Analyzer for S3. (D)

Which AWS service is best for delivering applications closer to end users?

Amazon CloudFront (B)

What is a key feature of AWS Direct Connect?

It provides a dedicated, high-speed connection to AWS services. (A)

Which AWS service can help maintain the security of environments in the cloud?

AWS WAF (A)

Which actions are AWS responsible for in the shared responsibility model? (Choose two.)

Patching the operating system on Amazon RDS instances (C), Securing the virtualization layer (E)

What is the most cost-effective Amazon S3 storage class for data that is infrequently accessed but needs retrieval within 12 hours?

S3 Glacier Flexible Retrieval (A)

Which resource can identify services used by a user within a specified date range?

AWS Identity and Access Management Access Analyzer (C)

What AWS service allows a company to engage third-party consultants for maintaining its AWS environment?

AWS Partner Network (APN) (A)

Which tool can a company use to create Amazon QuickSight dashboards with its billing data weekly?

AWS Cost and Usage Report (C)

Which service enables EC2 instances to automatically adjust to varying workloads?

Amazon EC2 Auto Scaling (B)

Which storage solution can replace on-premises storage with a cloud-based but locally cached option?

AWS Storage Gateway (A)

What is the most efficient AWS service for automating the management and rotation of credentials?

AWS Secrets Manager (A)

When planning to store backups in AWS, which feature should be utilized for local caching of cloud storage?

AWS Storage Gateway (B)

For data that needs immediate access but is infrequently used, which Amazon S3 class should be chosen?

S3 Standard-IA (A)

Which service is designed to identify and classify sensitive data in AWS?

Amazon Macie (B)

Which actions are recommended for maintaining security as an AWS account root user? (Choose two)

Create an IAM user with administrator privileges for daily tasks (C), Enable multi-factor authentication (MFA) on the root user (D)

To ensure high availability with a quick recovery time for an Amazon RDS DB instance, which solution should be implemented?

Modify the DB instance to be a Multi-AZ deployment (C)

For a company planning to run an application on EC2 instances continuously for 1 year, which purchasing option is the most cost-effective?

Reserved Instances (D)

Which AWS service provides a secure method for managing encryption keys?

AWS Key Management Service (AWS KMS) (A)

Which AWS security service continuously monitors for malicious activity and unauthorized behavior?

Amazon GuardDuty (B)

Flashcards

What is AWS Direct Connect?

AWS Direct Connect is a service that allows you to establish a dedicated network connection between your on-premises data center and AWS. This provides a private, high-bandwidth connection, improving performance compared to public internet connections.

What is VPC peering?

A VPC peering connection allows you to establish a private connection between two VPCs in the same AWS account or in different accounts without routing traffic over the public internet. You can have bidirectional communication between your VPCs.

What is an AWS Region?

AWS Regions are the physical locations around the world where AWS data centers are located. This helps offer low latency and compliance requirements for customers.

What is the security pillar in the AWS Well-Architected Framework?

The Security pillar of the AWS Well-Architected Framework focuses on protecting your AWS environment and data from unauthorized access, modification, and disclosure. This includes implementing security controls, managing identities and access, and protecting your data.

What is an Internet Gateway in a VPC?

An Internet Gateway within a VPC allows your instances to communicate with the internet, effectively acting as a bridge between your VPC and the outside world.

How does loosely coupled dependencies relate to the AWS Well-Architected Framework?

Implementing loosely coupled dependencies follows the best practice of the AWS Well-Architected Framework for operational excellence. It refers to designing your application in a way that makes individual components independent and less reliant on each other, allowing for easier maintenance, scalability, and updates.

How to audit password and access key rotation in AWS?

IAM credential report is a report that provides details about your IAM users, roles, and groups, including their access keys, last used dates, and associated permissions. You can leverage this information for auditing password and access key rotation for compliance purposes.

What is AWS Global Accelerator?

An AWS service that enhances application availability through fast failover across multiple Regions and Availability Zones, offering a robust solution for geographically distributed applications.

Which AWS service provides message queuing?

The AWS service that allows applications to communicate with one another using a messaging system.

What are the benefits of consolidated billing?

A feature of AWS that enables centralized billing for multiple accounts, offering consolidation and potential cost optimizations.

What is Access Analyzer for S3?

AWS Access Analyzer for S3 is a tool that allows users to review IAM policies granting access to Amazon S3 buckets, helping to identify potential security risks.

Where can you find compliance information for AWS?

AWS Artifact is a resource that provides compliance-related information and reports about AWS services.

Which service allows deployment near end users?

Amazon CloudFront is an AWS service that enables deploying applications closer to end users, improving latency and performance.

What service improves network performance by utilizing AWS's global network?

AWS Global Accelerator is a service that enhances network performance by routing traffic through AWS's global network infrastructure.

How do you secure AWS resources through network configuration?

A network security principle that involves configuring firewalls and network rules to secure resources within the AWS Cloud, ensuring only authorized access.

What is Amazon EC2 Auto Scaling?

Amazon EC2 Auto Scaling enables dynamic scaling of EC2 instances based on defined metrics. This ensures your applications can handle varying workloads efficiently.

How can I securely manage credentials between applications efficiently?

AWS Secrets Manager securely stores, rotates, and manages secrets like database credentials and API keys. It automates credential management, saving you time and effort.

What service automatically identifies sensitive data in AWS?

Amazon Macie is a security service that analyzes your data in Amazon S3 and identifies sensitive data or intellectual property, helping you enforce compliance and protect your valuable information.

Best practices for an AWS account root user?

The AWS account root user has ultimate administrative privileges. To maintain security, it's crucial to enable multi-factor authentication (MFA) on the root user and create an IAM user with administrator privileges for regular tasks. Never share root user credentials.

How to make Amazon RDS highly available with low downtime?

A Multi-AZ deployment for Amazon RDS DB instances ensures high availability with minimal downtime. It creates a replica in a different Availability Zone, allowing instant failover in case of failure.

Which Amazon EC2 instance purchasing option is most cost-effective for long-term usage?

Reserved Instances provide discounted pricing for Amazon EC2 instances if you commit to using them for a specific duration (1 year). If you have continuous application usage for a year, Reserved Instances are the most cost-effective option.

What is Amazon S3?

Amazon Simple Storage Service (Amazon S3) is a highly durable object storage service provided by AWS. It offers high availability, scalability, and data redundancy for storing vast amounts of data, making it ideal for a wide range of use cases.

What responsibility does AWS take for databases on EC2 instances?

AWS takes responsibility for installing and managing the operating system when you run your databases on EC2 instances.

What are two advantages of migrating to AWS?

AWS's pay-as-you-go model allows you to pay only for the resources you use, offering flexibility and cost savings. Additionally, AWS eliminates the need to predict capacity requirements upfront, allowing you to scale resources as needed.

What is AWS Storage Gateway?

AWS Storage Gateway is a hybrid cloud storage service that lets you access AWS cloud storage from on-premises systems. This allows you to seamlessly scale your storage capacity and benefit from the advantages of cloud storage while keeping your data accessible locally.

How can you estimate the cost of using AWS services?

The AWS Pricing Calculator is a tool that allows you to estimate the cost of your AWS use cases before you deploy them. This helps you plan your spending and make informed decisions about your cloud infrastructure.

What is the AWS SDK used for?

The AWS Software Development Kit (SDK) allows developers to integrate AWS services directly into their applications. It provides a way to interact with AWS services programmatically, making it easier to build cloud-based applications.

What is a recommended design principle for AWS?

A recommended design principle of the AWS Well-Architected Framework is to learn from operational failures. By analyzing such failures, you can identify areas for improvement and enhance the resilience and efficiency of your cloud infrastructure.

What is Amazon VPC?

Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you launch AWS resources in a customizable, isolated virtual network environment. It gives you control over your network configuration, including IP address allocation, routing tables, and security groups.

Least privilege access

The practice of granting users only the minimum access privileges required to perform their job duties. This minimizes the potential impact of security breaches by limiting the scope of access.

Network ACL

A virtual firewall that controls network traffic going into and out of an Amazon VPC subnet. It works by applying rules to incoming and outgoing traffic.

Amazon Redshift Serverless

A fully managed, serverless data warehouse service that automatically scales to meet your needs. It is ideal for analyzing large datasets without managing infrastructure.

How does AWS reduce costs?

AWS helps reduce business costs by offering on-demand capacity and eliminating the need to build and maintain on-premises data centers.

IAM Role

An IAM (Identity and Access Management) feature that allows users in one AWS account to access resources in another account. This is achieved by granting the users a specific role that provides access to the targeted resources.

What is AWS responsible for?

AWS is responsible for maintaining physical and environmental controls for their services, ensuring a secure infrastructure for customers. This includes security measures like physical security, environmental controls, and data center management.

What is IaC?

Infrastructure as Code (IaC) is a practice of managing and provisioning infrastructure using code. You can define and automate infrastructure deployments using tools like CloudFormation or Terraform.

Who manages IAM permissions?

AWS Identity and Access Management (IAM) user permissions are managed by the individual users or administrators, not by AWS. Users are responsible for configuring their IAM policies to define their access levels to various services and resources.

What tasks does AWS manage in the shared responsibility model?

AWS is responsible for securing the virtualization layer and patching the operating system on Amazon RDS instances. These tasks are part of the underlying infrastructure and are not directly managed by customers.

Which storage class is best for infrequent access with 12-hour retrieval?

Amazon S3 Glacier Flexible Retrieval is the optimal choice for infrequently accessed data with a 12-hour retrieval requirement. It provides cost-efficient storage while ensuring timely access when needed.

How to identify services used by a user within a date range?

AWS Identity and Access Management (IAM) Access Analyzer helps track and identify services used by users within a specific timeframe. This assists with security audits and understanding resource usage.

How to engage with third-party consultants for AWS support?

The AWS Partner Network (APN) facilitates partnerships with third-party consultants to support AWS environments. This provides access to expertise and resources for specialized assistance.

How to generate weekly dashboards with billing data?

The AWS Cost and Usage Report provides detailed billing data in a downloadable format. This report helps analyze cost trends, identify cost optimization opportunities, and create automated dashboards.

What cloud storage option is both locally cached and cost-effective for backups?

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) offers a cost-effective option for storing data that is infrequently accessed. It is locally cached and designed for backups and archival data.

How to establish a private, high-bandwidth connection between your on-premises data center and AWS?

AWS Direct Connect provides a dedicated, high-bandwidth connection between your on-premises data center and AWS. This private connection offers enhanced security and performance over public internet connections.

Study Notes

AWS Certified Cloud Practitioner (CLF-C02) Exam Q&A

• Question 1: A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud. Which activities related to a Snowball Edge device are available to the company at no cost?

  • Use of the Snowball Edge appliance for a 10-day period

• Question 2: A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices.

  • Use Amazon Inspector

• Question 3: A company has a centralized group of users needing large file storage that exceeds their on-premises space. The company wants to extend its file storage capabilities for this group while retaining performance to share content locally.

  • Configure and deploy an AWS Storage Gateway file gateway, connect each user's workstation to the file gateway.

• Question 4: According to security best practices, how should an Amazon EC2 instance given access to an Amazon S3 bucket?

  • Have the EC2 instance assume a role to obtain the privileges to upload the file.

• Question 5: Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?

  • Access to DynamoDB tables

• Question 6: Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)?

  • Governance

• Question 7: A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, and environment maintenance.

  • Use AWS Fargate

• Question 8: A company wants to run a NoSQL database on Amazon EC2 instances.

  • Update the guest operating system of the EC2 instances.

• Question 9: Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose two.)

  • AWS Cost Explorer
  • AWS Compute Optimizer

• Question 10: Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)

  • Detecting underutilized resources to save costs
  • Improving security by proactively monitoring the AWS environment

• Question 11: Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud?

  • Elimination of expenses for running and maintaining data centers

• Question 12: A company wants to manage deployed IT services and govern its infrastructure as code (IaC) templates.

  • AWS Service Catalog

• Question 13: Which AWS service or tool helps users visualize, understand, and manage spending and usage over time?

  • AWS Cost Explorer

• Question 14: A company is using a central data platform. The company wants to discover, transform, and visualize the data.

  • AWS Glue
  • Amazon QuickSight

• Question 15: A global company wants to migrate its third-party applications. The company wants help from a global team of experts to complete the migration faster and more reliably.

  • AWS Professional Services

• Question 16: An e-learning platform needs to run an application for 2 months each year. The application will be deployed on Amazon EC2 instances. Any application downtime must be avoided.

  • Use On-Demand Instances

• Question 17: A developer wants to deploy an application quickly without manually creating resources.

  • AWS Elastic Beanstalk

• Question 18: A company is storing sensitive customer data in an Amazon S3 bucket. The company wants to protect the data from accidental deletion or overwriting.

  • S3 Versioning

• Question 19: Which AWS service provides the ability to manage infrastructure as code?

  • AWS CloudFormation

• Question 20: Online gaming company wants to run Amazon EC2 instances for 1 year. The web traffic is consistent and any increases in traffic are predictable.

  • Reserved Instances

• Question 21: Which AWS service or feature allows a user to establish a dedicated network connection between a company's on-premises data center and the AWS Cloud?

  • AWS Direct Connect

• Question 22: Which option is a physical location of the AWS global infrastructure?

  • AWS Region

• Question 23: A company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks.

  • Security

• Question 24: What is the purpose of having an internet gateway within a VPC?

  • To allow communication between the VPC and the internet

• Question 25: A company is running a monolithic on-premises application. The company has a plan to migrate the application.

  • Implement loosely coupled dependencies

• Question 26: A company has an AWS account. The company wants to audit its password and access key rotation details for compliance purposes.

  • AWS Audit Manager

• Question 27: A company wants to receive a notification when a specific AWS cost threshold is reached.

  • AWS Budgets
  • Cost Explorer

• Question 28: Which AWS service or resource provides answers to the most frequently asked security-related questions that AWS receives from its users?

  • AWS Knowledge Center

• Question 29: Which tasks are customer responsibilities, according to the AWS shared responsibility model? (Choose two.)

  • Configure the AWS provided security group firewall
  • Classify company assets in the AWS Cloud

• Question 30: Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)

  • Availability
  • Reliability

• Question 31: Which AWS service or feature is used to send text and email messages?

  • Amazon Simple Notification Service (Amazon SNS)
  • Amazon Simple Email Service (Amazon SES)

• Question 32: A user needs programmatic access to AWS resources through the AWS CLI or the AWS API.

  • Access Keys

• Question 33: A company runs simulations on AWS Batch. Each simulation is stateless, fault-tolerant, and runs for up to 3 hours.

  • Spot Instances

• Question 34: What does the concept of agility mean in AWS Cloud computing? (Choose two.)

  • The speed at which AWS resources are implemented
  • The ability to experiment quickly

• Question 35: A company needs to block SQL injection attacks.

  • AWS WAF

• Question 36: Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity?

  • AWS IAM Access Analyzer

• Question 37: A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud.

  • Download reports from AWS Artifact.

• Question 38: An e-commerce company has migrated its infrastructure.

  • Cost of application software licenses

• Question 39: A company wants to manage its AWS infrastructure.

  • AWS Systems Manager

• Question 40: Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)

  • Detecting underutilized resources to save costs
  • Improving security

• Question 41: Which service enables customers to audit API calls in their AWS accounts?

  • AWS CloudTrail

• Question 42: What is a customer responsibility when using AWS Lambda?

  • Management of the code within the Lambda function

• Question 43: A company has 5 TB of data. The company wants to run queries occasionally.

  • Amazon Athena

• Question 44: Which AWS service can be used at no additional cost?

  • AWS Cost Explorer and more in the same format as above.

Description

Test your knowledge of Amazon Web Services with this quiz focused on cloud concepts, features, and best practices. Covering topics such as VPCs, the Well-Architected Framework, and hybrid storage solutions, this quiz challenges you to assess your understanding of AWS capabilities and services.