AWS Cloud Fundamentals Quiz

Questions and Answers

Which AWS service allows automatic adjustment of EC2 instances based on demand?

Amazon CloudWatch

Amazon RDS Auto Scaling

Amazon EC2 Auto Scaling (correct)

AWS Lambda Scaling

How do resources distributed across multiple Availability Zones enhance application resilience?

They provide unlimited storage capacity.

They improve data compression rates.

They increase performance by reducing latency.

They allow for failover in case of a zone failure. (correct)

What are Availability Zones characterized by?

Centralized data management.

Common network performance.

Shared power sources and networking.

Independent power, cooling, and networking. (correct)

What is the purpose of VPC subnet ACLs in AWS?

To control traffic to and from subnets. (B)

What does AWS Server Migration Service (AWS SMS) primarily facilitate?

Migration of on-premises servers to AWS. (C)

What AWS services can be used to distribute content across multiple points of presence?

Amazon CloudFront and AWS Global Accelerator (A)

What is a characteristic of AWS points of presence?

They are edge locations for low-latency content delivery. (B)

What is an Availability Zone composed of?

One or more data centers in a single location. (D)

Which service is used by AWS Control Tower to create resources in a landing zone?

AWS CloudFormation (C)

What is one advantage of using Amazon EC2 over on-premises hosting?

It provides flexible pricing based on usage. (B)

What integration does EC2 have that enhances its capability in the AWS Cloud?

Amazon VPC (A)

Which of the following is NOT an advantage of using EC2 instances?

EC2 includes automatic operating system patch management. (B)

Which AWS service helps with governance and auditing of your AWS account?

AWS CloudTrail (D)

Which feature does Amazon EC2 NOT guarantee?

100% service level agreement (SLA) (B)

Which of the following correctly identifies AWS responsibilities according to the AWS shared responsibility model? (Select TWO)

Physical security of hardware (C), Network infrastructure and virtualization of infrastructure (D)

What can be used to automate operating system maintenance tasks on EC2 instances?

AWS Systems Manager (C)

Which of the following statements about the AWS shared responsibility model is true?

AWS manages the virtualization layer. (B)

What pricing options does EC2 provide for cost optimization?

On-Demand, Savings Plans, and Spot Instances (D)

In the context of the AWS shared responsibility model, which of the following are the customer's responsibilities? (Select TWO)

Guest operating systems (A), Security of application data (E)

What are the two options provided by AWS for customers seeking instructor-led cloud security training? (Select TWO)

AWS Classroom Training (B), AWS Online Tech Talks (C)

What components are included in AWS's responsibility for the security of the cloud? (Select TWO)

Security of the global infrastructure (A), Physical security of hardware (B)

Which of the following is NOT considered an instructor-led training option by AWS for cloud security?

AWS Forums (A)

What types of resources does AWS provide for customers looking to improve their understanding of cloud security? (Select TWO)

AWS Whitepapers (B), AWS Online Tech Talks (E)

Which aspect of the AWS shared responsibility model emphasizes the division of security responsibilities?

The customer manages user access and identity. (B)

Which AWS IAM feature allows administrators to manage permissions for multiple users at once?

IAM Groups (A)

What is the primary goal of the security pillar in the AWS Well-Architected Framework?

To deliver business value through risk management (C)

In an AWS Organization setup with multiple accounts, which benefit is typically associated with consolidated billing?

Lower costs through aggregated usage (C)

What methods does AWS IAM support for authentication?

Passwords, access keys, and multi-factor authentication (B)

When configuring an AWS environment, which service would you utilize to manage user permissions?

AWS Identity and Access Management (B)

If an organization has one account with five reserved instances and another account with no reserved instances, how will the EC2 instances in total be charged?

The eight instances will be charged as regular instances (C)

Which of the following topics is NOT covered by the security pillar of the AWS Well-Architected Framework?

Performance tuning (C)

What are the key components of AWS IAM that enable user and resource management?

Users, groups, roles, permissions (A)

Which service provides a dedicated and private network connection from an internal network to AWS?

AWS Direct Connect (C)

What is AWS responsible for in the shared responsibility model?

Performing hardware maintenance in AWS facilities (D)

In which of the following does AWS not manage resources when using a web application in a Docker container?

Guest operating system security patches (D)

Which design principle is essential when architecting in the AWS Cloud?

Design loosely coupled components (D)

How does AWS Direct Connect benefit a user's network connections?

By establishing dedicated bandwidth (A)

Which of the following is NOT a responsibility of the customer in the AWS shared responsibility model?

Infrastructure hardware maintenance (D)

What should be avoided when integrating services in the AWS Cloud?

Synchronous service integration (B)

What is a key characteristic of S3 Intelligent-Tiering?

It automatically moves objects between access tiers (A)

What does the AWS Well-Architected Framework promote?

Architectural best practices for reliable and efficient systems (B)

Which of the following is a responsibility of the customer according to the AWS shared responsibility model?

Management of the guest operating systems (B)

How many pillars does the AWS Well-Architected Framework consist of?

Five pillars (C)

Which pillar of the AWS Well-Architected Framework focuses on protecting data and applications?

Security (A)

What is architecture optimization in the context of cost governance?

Implementing efficient and cost-effective AWS solutions (C)

Which of the following is NOT a pillar of the AWS Well-Architected Framework?

Data management (D)

Which of the following describes AWS's responsibility in the shared responsibility model?

Security of the cloud infrastructure (D)

What best describes tagging enforcement in cloud service management?

Standardizing resource tags to manage and allocate costs (C)

Flashcards

AWS Shared Responsibility Model

AWS is responsible for the security of the global infrastructure, including regions, availability zones, hardware, software, networking, and facilities, while the customer is responsible for security within the cloud, such as data, operating systems, and applications.

AWS Security Training Options

AWS makes available to customers, in an instructor-led format, various resources to learn about security in the cloud.

AWS Online Tech Talks and Classroom Training

AWS Online Tech Talks offer structured training through online presentations, while AWS Classroom Training provides hands-on learning with instructors.

Amazon EC2 Auto Scaling

AWS service that automatically adjusts the number of Amazon EC2 instances to suit demand or performance.

Availability Zones

Isolated locations within an AWS Region, each with independent power, cooling, and networking.

Resources distributed across multiple Availability Zones

Features enabling applications to be spread across multiple Availability Zones, increasing resilience to single location failures.

VPC subnet ACLs

AWS features controlling inbound and outbound traffic to/from subnets within a Virtual Private Cloud (VPC)

AWS Server Migration Service (AWS SMS)

AWS service enabling migration of on-premises servers to AWS.

Resources distributed across multiple AWS points of presence

AWS features enabling content distribution for low latency and high performance across multiple AWS points of presence.

AWS Points of Presence

Edge locations within the AWS Global Infrastructure for localized content delivery.

Availability Zone

A single location containing one or more data centers.

How does AWS Control Tower create landing zones?

AWS Control Tower uses AWS CloudFormation to set up resources in a landing zone. AWS CloudFormation helps create and manage AWS resources with templates.

What is Amazon VPC?

Amazon VPC lets you create isolated virtual networks within the AWS cloud, providing security and control over your resources.

What is AWS CloudTrail?

AWS CloudTrail tracks and monitors AWS API calls for your account, providing insights into who did what and when. It helps with compliance, auditing, and risk management.

What is AWS IAM?

AWS Identity and Access Management (IAM) allows you to securely control access to AWS resources, defining who can do what and when.

What is a key advantage of using Amazon EC2 instances?

EC2 Instances offer a flexible, pay-as-you-go pricing model, allowing you to pay only for the computing power you use and adjust it based on your needs.

How does EC2 integrate with other AWS services?

EC2 integrates seamlessly with other AWS services like VPC, CloudTrail, and IAM, enabling smoother and more secure management of your applications.

Who is responsible for operating system patch management on EC2 instances?

You are responsible for managing and maintaining the operating systems used on EC2 instances, including applying patches, security updates, and software upgrades.

Does EC2 have a 100% uptime guarantee?

Amazon EC2 does not have a 100% uptime guarantee; however, it offers high availability and redundancy features to minimize downtime.

What is the AWS Well-Architected Framework?

A set of best practices for designing and operating secure, efficient, and cost-effective AWS systems, encompassing five pillars: operational excellence, security, reliability, performance efficiency, and cost optimization.

What is the purpose of the AWS Well-Architected Framework?

The AWS Well-Architected Framework promotes best practices for designing and operating reliable, secure, efficient, and cost-effective systems.

What is the customer's responsibility regarding operating systems in the AWS shared responsibility model?

The customer is responsible for managing the guest operating systems, while AWS manages the underlying infrastructure and security.

What is Architecture Optimization in cost governance?

It involves designing and implementing AWS solutions that are efficient, scalable, and cost-effective. It is a best practice for cost governance.

Which cost governance best practice is demonstrated by refining workloads to use specific AWS services for efficiency and cost reduction?

Architecture optimization is the best practice for cost governance.

What is the AWS Well-Architected Framework?

A set of guidelines and best practices that help architects evaluate and improve the design of AWS applications and workloads.

What is the AWS shared responsibility model?

The responsibility for security in the cloud is shared between AWS and the customer.

What is the principle of least privilege?

It is a key part of the AWS shared responsibility model, where AWS manages the security of the underlying infrastructure, and the customer is responsible for security within the cloud.

What is AWS Direct Connect?

A dedicated and private network connection established between your internal network and AWS, using standard Ethernet fiber-optic cables. It's like a direct high-speed road bypassing public roads for faster access to AWS resources.

What role does AWS Direct Connect play in the shared responsibility model?

AWS Direct Connect is responsible for establishing and maintaining a secure connection between your on-premises network and AWS cloud resources. It manages the network infrastructure, like the high-speed road, but not the traffic on it (your applications).

What is AWS's responsibility regarding hardware maintenance?

AWS is accountable for the maintenance of the hardware infrastructure, including the physical servers, networking equipment, and data centers. This includes ensuring security, stability, and performance of the underlying physical environment.

What is AWS's responsibility regarding the global infrastructure?

AWS is responsible for the global infrastructure, including the physical servers, networking, and data centers. This includes ensuring the security and reliability of that infrastructure.

What does AWS manage regarding security in the cloud?

AWS handles the hardware, software, networking, and facilities that run AWS Cloud services. It's responsible for the security and availability of the physical environment.

What does AWS responsibility mean in terms of the shared responsibility model?

AWS is responsible for the security of the shared infrastructure, such as the physical servers, networking, and data centers. They ensure the security of the global infrastructure.

Explain the "Design loosely coupled components" principle.

It's a design principle where components are designed to be independent and interact loosely through well-defined interfaces. This allows for easier scalability, maintainability, and adaptability, as changes in one component don't affect others significantly.

Why is "design loosely coupled components " important in cloud architecture?

When architecting in the cloud, prioritize designing components that are loosely coupled with each other, allowing for independent changes and evolution. This improves overall flexibility, maintainability, and scalability.

Security Pillar in AWS Well-Architected Framework

The AWS Well-Architected Framework pillar focused on protecting data, systems, and assets, including risk assessment and mitigation strategies. It ensures secure practices like identity management, data protection, and incident response.

How can IAM be used to group users?

IAM allows you to create groups of users, each having specific permissions. This simplifies management by granting the same permissions to multiple individuals within a group.

Why is IAM important for AWS security?

It ensures you have a dedicated service for managing users, groups, and permissions, making it easier to control who can access your resources and what they can do.

What is the Performance Efficiency pillar?

The AWS Well-Architected Framework pillar that focuses on ensuring your applications and infrastructure can handle expected and unexpected demand. It includes concepts like scaling, load balancing, and monitoring.

How are EC2 instances priced in different AWS accounts?

Account A's reserved instances will apply to its four running EC2 instances, while Account B's instances will be charged at the standard on-demand rate.

What is AWS Organizations?

AWS Organizations allows you to manage multiple AWS accounts centrally. This enables you to consolidate billing, apply policies across accounts, and manage access controls.

What is a Resource Group?

Resource groups allow you to organize AWS resources like EC2 instances and S3 buckets into logical groups. This makes it easier to manage and apply policies to these groups.

Study Notes

AWS CLF-C02 Exam - Key Concepts

• AWS Shared Responsibility Model: AWS is responsible for security of the cloud (infrastructure, hardware, software); customers are responsible for security in the cloud (data, applications, operating systems, access management).

• AWS Responsibilities (Shared Model):

  • Network infrastructure and virtualization of infrastructure
  • Physical security of hardware

• Customer Responsibilities (Shared Model):

  • Security of application data
  • Guest operating systems
  • Credentials and policies

• AWS Training Resources (Instructor-led):

  • AWS Online Tech Talks
  • AWS Classroom Training

• Improved Application Availability & Fault Tolerance:

  • Amazon EC2 Auto Scaling (adjusts EC2 instances based on demand)
  • Resources distributed across multiple Availability Zones (increases fault tolerance)

• Availability Zone Composition:

  • One or more data centers in a single location

• AWS Control Tower & CloudFormation:

  • AWS Control Tower uses AWS CloudFormation to create resources in a landing zone.

• Advantages of AWS EC2:

  • Flexible, pay-as-you-go pricing
  • Integrates with VPC, CloudTrail, and IAM

• AWS Well-Architected Framework - Security Pillar: Focuses on protecting information, systems, and assets with risk assessments and mitigation.

• IAM for User Management:

  • IAM allows grouping users and managing permissions for groups.

• AWS Organizations & Billing:

  • Organizations allow consolidated billing across accounts; in this context, one AWS Region is hosting resources

• Amazon EC2 Reserved Instances (RIs):

  • Purchases of RIs affect pricing on instances

• AWS Direct Connect: Creates a private network connection from an internal network to AWS.

• AWS Responsibility (EC2): AWS handles hardware maintenance. Customers manage guest OS, apps with Docker

• AWS Cloud Design Principle: Use loosely coupled components (separate systems) for easier updates and management

• Customer Responsibility (Shared Responsibility Model): Managing guest operating systems is a customer responsibility.

• Cost Governance Best Practice: Architecture optimization (designing effective, scalable, cost-effective solutions) is a critical best practice.

Description

Test your knowledge of essential AWS services and features in this quiz. Questions cover topics related to EC2 instances, Availability Zones, VPCs, and more. Perfect for those looking to enhance their understanding of cloud computing with AWS.