AWS Cloud Services Overview

Questions and Answers

A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud. Which activities related to a Snowball Edge device are available to the company at no cost?

• The transfer of data from the Snowball Edge appliance into Amazon S3 (correct)
• Daily use of the Snowball Edge appliance after 10 days
• Use of the Snowball Edge appliance for a 10-day period
• The transfer of data out of Amazon S3 and to the Snowball Edge appliance

A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices. Which AWS service can the company use to meet these requirements?

• AWS Config
• Amazon Inspector (correct)
• AWS Trusted Advisor
• Amazon GuardDuty

A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally. What is the MOST operationally efficient AWS solution for this scenario?

• Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway. (correct)
• Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.
• Move each user’s working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user.
• Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility.

According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket?

Have the EC2 instance assume a role to obtain the privileges to upload the file. (D)

Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?

Access to DynamoDB tables (B)

Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)?

Governance (B)

A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, and environment maintenance. Which AWS service meets these requirements?

AWS Fargate (A)

A company wants to run a NoSQL database on Amazon EC2 instances. Which task is the responsibility of AWS in this scenario?

Patch the physical infrastructure that hosts the EC2 instances. (C)

Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose two.)

AWS Compute Optimizer (B), AWS Cost Explorer (E)

Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)

Detecting underutilized resources to save costs (C), Improving security by proactively monitoring the AWS environment (E)

Flashcards

Snowball Edge data transfer into S3

Data transfer from the Snowball Edge device into Amazon S3 is free of charge.

Snowball Edge shipping cost

The cost of standard shipping to and from AWS is included in the service cost.

Data transfer within Snowball Edge

Moving data within the Snowball Edge device, such as transferring data to the device's local storage, is free of charge.

What is Amazon Inspector?

Amazon Inspector is a service that automatically finds security vulnerabilities in applications and infrastructures.

What is AWS Storage Gateway?

AWS Storage Gateway allows you to extend your on-premises file storage into the AWS Cloud.

What does AWS Storage Gateway do?

AWS Storage Gateway acts as a bridge between your on-premises file storage and cloud-based Amazon S3 storage.

How should an EC2 instance access an S3 bucket securely?

Assuming a role allows the EC2 instance to obtain temporary privileges to upload the file to S3.

Storage of AWS credentials on EC2

Storing credentials directly on an EC2 instance is a serious security risk.

AWS responsibility for DynamoDB

AWS is responsible for the physical security of DynamoDB, patching DynamoDB, and encrypting data at rest.

Customer responsibility for DynamoDB

Customers are responsible for managing access control to their DynamoDB tables, including configuring IAM policies.

What is Governance in AWS CAF?

AWS CAF provides a structured approach to manage and govern AWS resources.

What are the perspectives of AWS CAF?

The three perspectives of AWS CAF are Business, People, and Governance.

What is AWS Fargate?

AWS Fargate is a serverless compute engine for running containers without managing EC2 instances.

AWS responsibility for EC2 infrastructure

AWS is responsible for patching the physical infrastructure that hosts EC2 instances.

Customer responsibility for EC2 instances

Customers are responsible for managing the software environment within their EC2 instances, including operating system updates.

What is AWS Cost Explorer?

AWS Cost Explorer provides cost and usage reports, helping you analyze your historical spending and usage patterns.

What is AWS Compute Optimizer?

AWS Compute Optimizer analyzes your EC2 usage and recommends optimal instance types to reduce costs.

What is AWS Trusted Advisor?

AWS Trusted Advisor provides recommendations to improve cost optimization, performance, security, and operational efficiency.

How does AWS Trusted Advisor help with security?

AWS Trusted Advisor detects and alerts you about potential security threats in your AWS environment.

How does AWS Trusted Advisor help with cost optimization?

AWS Trusted Advisor identifies underutilized resources to help reduce costs.

What is Amazon S3?

Amazon S3 provides object storage for data that is managed for high durability and availability.

What is Amazon EBS?

Amazon EBS provides persistent block storage volumes that can be attached to EC2 instances.

What is Amazon WorkSpaces?

Amazon WorkSpaces provides virtual desktops that allow users to access their work environments from anywhere.

What is Amazon WorkDocs?

Amazon WorkDocs provides cloud-based file storage and collaboration services for shared documents.

AWS responsibility for infrastructure

AWS is responsible for managing and updating the underlying infrastructure, including network and hardware.

Customer responsibility for EC2 instances

Customers maintain and operate the operating system and applications running on their EC2 instances.

What is AWS Lambda?

AWS Lambda is a serverless compute service that runs code in response to events without provisioning servers.

What is Amazon RDS?

Amazon RDS offers a fully managed relational database service in the cloud.

What is Amazon Athena?

Amazon Athena is an interactive query service that allows you to analyze data in Amazon S3 using standard SQL.

What is IAM?

AWS Identity and Access Management (IAM) helps you control access to AWS resources.

What are IAM roles?

IAM roles allow you to grant permissions to AWS services and users without sharing credentials.

Study Notes

Snowball Edge Device Usage Costs

• Data transfer into Amazon S3 is free per GB.
• Initial 10-day usage of a Storage Optimized 80TB Snowball Edge device is included in the on-demand service fee.
• Data transfer out of Amazon S3 to a Snowball Edge device incurs charges.

AWS Service for Application Vulnerability Assessment

• Amazon Inspector assesses application vulnerabilities and identifies infrastructure deployments that don't meet best practices on EC2 instances.

AWS Solution for Extending File Storage

• AWS Storage Gateway file gateway enables seamless connection between on-premises applications and Amazon S3 storage, preserving local access performance.

Secure EC2 S3 Bucket Access

• Use IAM roles to grant temporary permissions to EC2 instances to upload to S3, minimizing credential exposure.

Customer Responsibility for DynamoDB

• Managing access control to DynamoDB tables (e.g., IAM policies) is the customer's responsibility.

AWS Cloud Adoption Framework (AWS CAF) Perspective

• The relevant perspective is "Governance," which involves managing AWS resources through policies and controls.

AWS Service for Docker Environment Management

• AWS Fargate is a compute engine for Amazon Elastic Container Service (ECS) enabling container management without server administration.

AWS Responsibility for EC2 Instance Operation

• Maintaining the physical infrastructure hosting EC2 instances is an AWS responsibility.

AWS Services for EC2 Instance Rightsizing

• AWS Cost Explorer provides cost and usage reporting with rightsizing implications.
• AWS Compute Optimizer analyzes EC2 usage and gives rightsizing recommendations.

AWS Trusted Advisor Benefits

• Identifying underutilized resources for cost savings is a benefit.
• Proactive security monitoring and best practices recommendations are also key benefits.

Description

This quiz covers essential AWS cloud services, including Snowball Edge device usage costs, Amazon Inspector for vulnerability assessment, and IAM roles for EC2 S3 bucket access. Assess your understanding of AWS solutions for application and data management within cloud environments.