AWS Exam A - Topic 1

Questions and Answers

Which task is essential for running a NoSQL database on Amazon EC2 instances?

• Change database storage parameters regularly
• Audit network traffic to the database
• Maintain high availability at the database layer (correct)
• Update the guest operating system of the EC2 instances

Which AWS service assists with managing Docker environments more efficiently?

• AWS Lambda
• Amazon RDS
• AWS CodeDeploy
• AWS Fargate (correct)

Which benefit is provided by AWS Trusted Advisor?

• Automating the creation of backup instances
• Managing domain name registrations
• Enhancing data encryption techniques
• Improving security by proactively monitoring the AWS environment (correct)

What is one advantage of migrating on-premises workloads to AWS?

Elimination of expenses for running and maintaining data centers (A)

Which service can help visualize and manage spending in AWS?

AWS Cost Explorer (D)

For a company wanting to discover and transform data, which AWS service should they use?

AWS Glue (C)

Which AWS tool can identify rightsizing opportunities for EC2 instances?

AWS Cost Explorer (A)

Which AWS service is used for managing Infrastructure as Code (IaC) templates?

AWS CloudFormation (C)

What AWS service can a company use to audit password and access key rotation details for compliance?

AWS Artifact (D)

Which AWS service should a company use to receive notifications for cost thresholds?

AWS Budgets (C)

Which service helps answer frequently asked security-related questions by AWS customers?

AWS Chatbot (A)

What is one of the customer responsibilities in the AWS shared responsibility model?

Configuring the AWS-provided security group firewall (A)

Which of these is NOT a pillar of the AWS Well-Architected Framework?

Responsive design (C)

Which cost factor is typically reduced after migrating an IT infrastructure to the AWS Cloud?

Cost of power for the AWS servers (A)

What is considered a best practice for secure configuration of AWS Identity and Access Management (IAM)?

Enabling multi-factor authentication (MFA) (C)

To secure programmatic access to AWS resources, which credential type is recommended?

Access keys (D)

For running stateless simulations on AWS Batch, which EC2 instance type is most cost-effective?

Spot Instances (B)

What does elasticity in the AWS Cloud primarily refer to?

Ability to rightsize resources as demand shifts (A)

Which service provides the ability to audit API calls within an AWS environment?

AWS CloudTrail (B)

What does agility mean in the context of AWS Cloud computing?

The ability to experiment quickly (B)

What is a customer responsibility when using AWS Lambda in the AWS shared responsibility model?

Managing the code within the Lambda function (B)

Which AWS service can be utilized to complete migration faster and more reliably according to best practices?

AWS Professional Services (B)

What EC2 purchasing option is best for an e-learning platform that needs to avoid downtime during a 2-month annual application run?

Reserved Instances (B)

Which AWS service allows a developer to quickly deploy an application without manual resource creation?

AWS Elastic Beanstalk (C)

To protect sensitive customer data in an S3 bucket from accidental deletion, which functionality is recommended?

S3 Versioning (C)

Which AWS service enables the management of infrastructure as code?

AWS CloudFormation (B)

For an online gaming company with predictable traffic, what EC2 purchasing option is best for running instances for 1 year?

Reserved Instances (A)

Which AWS service establishes a dedicated network connection between on-premises data centers and the AWS Cloud?

AWS Direct Connect (D)

What is the primary purpose of an internet gateway within a VPC?

To allow communication between the VPC and the internet (D)

Which of the following activities related to a Snowball Edge device are available to the company at no cost?

The transfer of data out of Amazon S3 and to the Snowball Edge appliance (B), The transfer of data from the Snowball Edge appliance into Amazon S3 (C), Use of the Snowball Edge appliance for a 10-day period (D)

Which AWS service should a company use to assess application vulnerabilities and identify infrastructure that does not meet best practices?

Amazon Inspector (C)

What is the MOST operationally efficient AWS solution for extending file storage capabilities for users with large requirements?

Configure and deploy an AWS Storage Gateway file gateway and connect each user's workstation. (B)

How should an Amazon EC2 instance be granted access to an S3 bucket according to security best practices?

Have the EC2 instance assume a role to obtain the privileges to upload files. (A)

Which of these is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?

Data encryption in transit and at rest. (D)

Which option is essential for a company to effectively monitor the compliance of its AWS services?

Utilization of AWS CloudTrail for logging and monitoring events. (D)

Which AWS service is primarily used for assessing the security posture of AWS resources?

AWS Config (D)

What is a primary benefit of using an Amazon WorkDocs solution for user file management?

It enhances collaboration with real-time document editing. (D)

Flashcards

What AWS service can assess application vulnerabilities and identify infrastructure deployments that do not meet best practices?

A service that helps you identify potential security issues and infrastructure misconfigurations in Amazon EC2 instances.

How can a company extend their on-premises file storage capabilities for a group of users with large file storage requirements?

AWS Storage Gateway provides a hybrid solution for extending your on-premises storage to AWS. It integrates with your existing file systems and databases, providing a seamless transition.

How should an Amazon EC2 instance be given access to an S3 bucket according to security best practices?

AssumeRole is a secure way of giving an EC2 instance access to an S3 bucket. By assuming a role, the instance gets temporary security credentials, limiting the risk of exposure.

Why is it considered a security best practice for an EC2 instance to 'assume a role' to access an S3 bucket?

By using the AssumeRole method, the EC2 instance obtains temporary credentials from an IAM role, allowing access to the S3 bucket without storing sensitive credentials directly on the instance.

What is a common AWS storage service and how does it benefit a company?

Amazon S3 provides a versatile, scalable, and cost-effective storage solution for files

What is a customer's responsibility in terms of the AWS Shared Responsibility Model when using Amazon DynamoDB?

You should implement proper configuration of security settings (e.g., encryption, access control) to ensure your data is protected within DynamoDB.

What does AWS Trusted Advisor do?

AWS Trusted Advisor proactively monitors your AWS environment to detect and provide recommendations for best practices, security, cost, and performance optimization, effectively improving your AWS infrastructure's security and cost efficiency.

What is AWS Service Catalog used for?

AWS Service Catalog enables you to manage and govern your infrastructure as code (IaC) templates by creating and managing catalogs of approved IT services for your organization. This helps streamline deployment and ensure compliance with IT policies.

What is AWS Glue used for?

AWS Glue discovers, transforms, and visualizes your data and helps prepare it for analytics, machine learning, and other tasks. It automatically extracts data from various sources, cleanses it, and transforms it into a format compatible with your analytics tools.

What is AWS Cost Explorer used for?

AWS Cost Explorer provides a comprehensive view of your AWS spending and costs, enabling you to identify areas for optimization and cost savings. It tracks your historical spending, analyzes your usage patterns, and offers actionable insights for making informed financial decisions.

What is AWS Lambda used for?

AWS Lambda, a serverless computing platform, allows you to run code without managing servers. It scales automatically based on your application's needs, and you only pay for the compute time used. This offers a cost-effective and efficient way to run containerized applications and streamline management.

How can you use AWS Cost Explorer to right-size EC2 instances?

AWS Cost Explorer is used to identify rightsizing opportunities for Amazon EC2 instances. It analyzes your EC2 usage patterns, identifies underutilized resources, and recommends ways to optimize your EC2 instance size for better cost efficiency.

What's crucial for a NoSQL database on Amazon EC2 instances?

Maintaining high availability at the database layer is essential for a NoSQL database running on Amazon EC2 instances. This ensures continuous service availability even in the event of failures or maintenance events by implementing strategies like replication and failover mechanisms.

What is the AWS Cloud Adoption Framework (CAF) and what does governance encompass?

The AWS Cloud Adoption Framework (CAF) is a guide to help organizations adopt AWS effectively. Its foundational capabilities include performance efficiency, sustainability, and governance. Governance encompasses establishing policies and processes to ensure compliance and control over your AWS environment.

What is AWS Professional Services and what does it offer?

AWS Professional Services provides specialized support and expertise to help organizations efficiently and effectively migrate their applications and workloads to the AWS Cloud. They offer guidance, best practices, and tailored solutions to ensure successful migration and optimized utilization of AWS resources.

Why is it recommended to use Reserved Instances for an application with consistent usage?

Reserved Instances (RIs) offer a cost-effective option for EC2 instances when you have predictable usage patterns. They provide a discounted rate for a specific instance type and region for a committed period (1 year or 3 years).

Which service helps developers deploy applications efficiently without manual configuration?

AWS CodeBuild is an automated build service that allows developers to build, test, and deploy their applications with ease. It eliminates the need for manual configuration and setup, streamlining the deployment process.

How can you protect sensitive customer data in S3 from accidental deletion?

S3 Versioning creates and stores multiple versions of objects in an S3 bucket, providing a safety net against accidental deletion or overwriting of sensitive data. Every change to an object creates a new version, allowing you to restore data to a previous state.

Which service helps manage infrastructure as code?

AWS CodeDeploy is a service that automates the deployment process for applications across various environments. It simplifies the steps involved in releasing code updates, enabling consistent and reliable deployments.

What EC2 purchasing option is suitable for an online game with predictable traffic and no downtime?

Reserved Instances (RIs) are a cost-effective option for EC2 instances when you anticipate consistent usage. They provide discounted rates for specific instance types and regions for a committed time period, reducing operational costs.

How to connect your on-premises data center to the AWS Cloud securely and efficiently?

AWS Direct Connect is a service that establishes a dedicated, private network connection between your on-premises data center and AWS. It offers high bandwidth and low latency compared to public internet connections.

What is the physical location of AWS infrastructure called?

AWS Regions are geographic locations where AWS data centers and infrastructure are physically located. Each region is a distinct environment with independent data centers, providing fault tolerance and redundancy for your applications.

What AWS service helps companies audit password and access key rotation?

AWS Artifact is a service that provides reports on AWS compliance, including details about password and access key rotation. It can be used for auditing compliance.

Which AWS service sends notifications when a specific AWS cost threshold is reached?

AWS Budgets allows you to set cost thresholds for your AWS account. When those thresholds are reached, you can receive notifications to help manage your AWS costs.

Which AWS service provides answers to common security-related questions?

AWS Chatbot is a service designed to address common security-related questions that AWS customers might have. It provides answers and support for security concerns.

What are some tasks considered customer responsibilities in the AWS shared responsibility model?

According to the AWS shared responsibility model, customers are responsible for configuring security groups, classifying assets, choosing Availability Zones for services like S3, and handling Amazon DynamoDB updates.

What are some pillars of the AWS Well-Architected Framework?

The AWS Well-Architected Framework provides guidelines for designing and operating reliable, scalable, secure, cost-effective, and performant cloud applications. Four key pillars within the framework are Availability, Reliability, Scalability, and Performance Efficiency.

What AWS service sends both text and email messages from applications?

Amazon Simple Notification Service (Amazon SNS) is a service used for sending notifications to various destinations, such as email or text messages, from distributed applications.

Which credential type is used for securing programmatic access to AWS resources?

Access keys are long, unique strings used to identify and authenticate users or applications when using AWS CLI or the AWS API for programmatic access.

What EC2 instance type is suitable for stateless, fault-tolerant workloads that can restart?

Spot Instances are EC2 instances that are available at a lower price than on-demand instances. However, Spot Instances are subject to interruption if AWS needs the capacity for other workloads. They're ideal for stateless, fault-tolerant workloads that can restart.

What service audits API calls in AWS?

AWS CloudTrail is a service that records and logs API calls made to your AWS account. With this data, you can audit user activity, security events, and compliance efforts in your AWS environment.

What AWS service brings cloud resources closer to users on a mobile network?

AWS Wavelength brings AWS compute and storage services closer to users on mobile networks, enabling low-latency access to cloud applications for edge computing use cases. This helps companies improve performance by bringing their processing power closer to users geographically.

What EC2 purchase option provides a discount for upfront commitment?

Reserved Instances offer a substantial discount on your Amazon EC2 instance usage. Making a commitment to use them for a specific duration saves you money in the long run. This is an attractive option for organizations who need consistent, predictable computing resources.

What is 'elasticity' in the AWS Cloud?

Elasticity in the AWS Cloud refers to the ability to scale your cloud resources up or down dynamically to match the changing needs of your application. This adaptability helps ensure optimal performance and cost efficiency by adjusting computing power based on demand.

What customer responsibility is specific to AWS Lambda in the AWS Shared Responsibility Model?

The AWS Shared Responsibility Model outlines the division of security responsibilities between AWS and its customers. When working with AWS Lambda, you are responsible for managing the code within your Lambda functions, ensuring they maintain security and function correctly.

Study Notes

Exam A - Topic 1

• Question #1: A company uses an Amazon Snowball Edge to transfer files to the AWS Cloud. Free activities include using the appliance for 10 days, transferring data from the appliance to Amazon S3, but not daily use after 10 days or transferring data from Amazon S3 to the appliance.

• Question #2: A company has applications on Amazon EC2 instances and needs to assess application vulnerabilities. AWS Trusted Advisor is used to meet these requirements.

• Question #2 (Continued): A company has a centralized group of users with large file storage needs exceeding their on-premises capacity. Extending file storage capabilities while preserving local performance benefits is best addressed by configuring and deploying an AWS Storage Gateway file gateway, connecting user workstations to the gateway.

Exam A - Topic 1 (Continued)

• Question (from page 2): According to security best practices, an Amazon EC2 instance should obtain privileges by assuming a role rather than directly storing and using access keys.

• Question (from page 2): Customer responsibility when using Amazon DynamoDB includes data encryption at rest.

• Question (from page 2): Key aspects of AWS Cloud adoption include sustainability, performance efficiency, and governance.

• Question (from page 2): For managing Docker environments on Amazon EC2 instances, AWS Lambda is beneficial for managing cluster size, scheduling, and environments.

• Question (from page 3): AWS Cost Explorer, AWS Billing Conductor, and Amazon CodeGuru can be used to identify rightsizing opportunities for Amazon EC2 instances. AWS Trusted Advisor provides high-performance container orchestration, identification of underutilized resources to save costs and improvements to security through proactive monitoring.

• Question (from page 3): A company migrates on-premises workloads to the cloud to eliminate running and maintaining on-premises data centers, however, price discounts are usually not identical to hardware provider.

• Question (from page 4): Managing IT services and infrastructure as code is best achieved using AWS Resource Explorer and AWS Service Catalog.

• Question (from page 4): AWS Organizations, AWS Pricing Calculator and AWS Cost Explorer can be used to manage AWS spending and visualize the costs.

• Question (from page 4): AWS Glue, Amazon Elastic File System, Amazon Redshift, Amazon QuickSight, or Amazon Quantum Ledger Database can be used to manage and visualize data.

• Question (from page 5): To avoid application downtime on Amazon EC2 instances for two months, Reserved Instances or Dedicated Hosts are used.

• Question (from page 5): Quickly deploying an application on AWS, without creating resources manually, can be achieved with AWS Elastic Beanstalk or AWS CodeBuild.

• Question (sensitive customer data in Amazon S3): To protect sensitive data in Amazon S3, use S3 lifecycle rules, versioning, or bucket policies.

• Question (AWS Service): Services like CodePipeline, CodeDeploy or Direct Connect are used to manage infrastructure.

• Question (on-demand instances 1-year): Reserved instances are the most suitable option for consistent and predictable web traffic.

AWS Shared Responsibility-related Questions

• AWS Shared Responsibility Model: customers are responsible for security in the AWS environment, and AWS is responsible for the security of the cloud itself.

• Customers are responsible for the following: Configuring security groups. Classifying company assets. Selecting Availability Zones for buckets Patching or upgrading Amazon DynamoDB

• AWS is responsible for: Configuring AWS provided security groups. Maintaining the data centre hardware Ensuring data centers are correctly patched against known threats

Question (Internet Gateway):

• The internet gateway is used to create VPC connections to the internet, facilitating communication.

Question (Integrating Application):

• Functional testing can be integrated into AWS deployments, automation can be used for deployment changes, and deployments can be made to multiple locations.

Question (Password/Access Key Rotations):

• IAM Access Analyzer is used to audit password and access key rotation details.

Question (Cost Threshold Notification):

• AWS Budgets, Amazon CloudWatch and Cost Explorer are used to receive notifications of cost thresholds having been reached.

Questions, Page 8 and following

The remaining questions concern specifics about AWS services and are best answered by referring to the relevant AWS documentation. There are many services, each with functions requiring reference to specific AWS documentation.

Description

Test your knowledge on AWS services, including Amazon Snowball Edge, EC2 instances, and AWS Trusted Advisor. This quiz assesses your understanding of file transfer, security best practices, and storage capabilities within AWS. Perfect for those preparing for AWS certifications!