AWS Exam A - Topic 1

Questions and Answers

Which task is essential for running a NoSQL database on Amazon EC2 instances?

Change database storage parameters regularly

Audit network traffic to the database

Maintain high availability at the database layer (correct)

Update the guest operating system of the EC2 instances

Which AWS service assists with managing Docker environments more efficiently?

AWS Lambda

Amazon RDS

AWS CodeDeploy

AWS Fargate (correct)

Which benefit is provided by AWS Trusted Advisor?

Automating the creation of backup instances

Managing domain name registrations

Enhancing data encryption techniques

Improving security by proactively monitoring the AWS environment (correct)

What is one advantage of migrating on-premises workloads to AWS?

Elimination of expenses for running and maintaining data centers

Which service can help visualize and manage spending in AWS?

AWS Cost Explorer

For a company wanting to discover and transform data, which AWS service should they use?

AWS Glue

Which AWS tool can identify rightsizing opportunities for EC2 instances?

AWS Cost Explorer

Which AWS service is used for managing Infrastructure as Code (IaC) templates?

AWS CloudFormation

What AWS service can a company use to audit password and access key rotation details for compliance?

AWS Artifact

Which AWS service should a company use to receive notifications for cost thresholds?

AWS Budgets

Which service helps answer frequently asked security-related questions by AWS customers?

AWS Chatbot

What is one of the customer responsibilities in the AWS shared responsibility model?

Configuring the AWS-provided security group firewall

Which of these is NOT a pillar of the AWS Well-Architected Framework?

Responsive design

Which cost factor is typically reduced after migrating an IT infrastructure to the AWS Cloud?

Cost of power for the AWS servers

What is considered a best practice for secure configuration of AWS Identity and Access Management (IAM)?

Enabling multi-factor authentication (MFA)

To secure programmatic access to AWS resources, which credential type is recommended?

Access keys

For running stateless simulations on AWS Batch, which EC2 instance type is most cost-effective?

Spot Instances

What does elasticity in the AWS Cloud primarily refer to?

Ability to rightsize resources as demand shifts

Which service provides the ability to audit API calls within an AWS environment?

AWS CloudTrail

What does agility mean in the context of AWS Cloud computing?

The ability to experiment quickly

What is a customer responsibility when using AWS Lambda in the AWS shared responsibility model?

Managing the code within the Lambda function

Which AWS service can be utilized to complete migration faster and more reliably according to best practices?

AWS Professional Services

What EC2 purchasing option is best for an e-learning platform that needs to avoid downtime during a 2-month annual application run?

Reserved Instances

Which AWS service allows a developer to quickly deploy an application without manual resource creation?

AWS Elastic Beanstalk

To protect sensitive customer data in an S3 bucket from accidental deletion, which functionality is recommended?

S3 Versioning

Which AWS service enables the management of infrastructure as code?

AWS CloudFormation

For an online gaming company with predictable traffic, what EC2 purchasing option is best for running instances for 1 year?

Reserved Instances

Which AWS service establishes a dedicated network connection between on-premises data centers and the AWS Cloud?

AWS Direct Connect

What is the primary purpose of an internet gateway within a VPC?

To allow communication between the VPC and the internet

Which of the following activities related to a Snowball Edge device are available to the company at no cost?

The transfer of data out of Amazon S3 and to the Snowball Edge appliance

Which AWS service should a company use to assess application vulnerabilities and identify infrastructure that does not meet best practices?

Amazon Inspector

What is the MOST operationally efficient AWS solution for extending file storage capabilities for users with large requirements?

Configure and deploy an AWS Storage Gateway file gateway and connect each user's workstation.

How should an Amazon EC2 instance be granted access to an S3 bucket according to security best practices?

Have the EC2 instance assume a role to obtain the privileges to upload files.

Which of these is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?

Data encryption in transit and at rest.

Which option is essential for a company to effectively monitor the compliance of its AWS services?

Utilization of AWS CloudTrail for logging and monitoring events.

Which AWS service is primarily used for assessing the security posture of AWS resources?

AWS Config

What is a primary benefit of using an Amazon WorkDocs solution for user file management?

It enhances collaboration with real-time document editing.

Study Notes

Exam A - Topic 1

• Question #1: A company uses an Amazon Snowball Edge to transfer files to the AWS Cloud. Free activities include using the appliance for 10 days, transferring data from the appliance to Amazon S3, but not daily use after 10 days or transferring data from Amazon S3 to the appliance.

• Question #2: A company has applications on Amazon EC2 instances and needs to assess application vulnerabilities. AWS Trusted Advisor is used to meet these requirements.

• Question #2 (Continued): A company has a centralized group of users with large file storage needs exceeding their on-premises capacity. Extending file storage capabilities while preserving local performance benefits is best addressed by configuring and deploying an AWS Storage Gateway file gateway, connecting user workstations to the gateway.

Exam A - Topic 1 (Continued)

• Question (from page 2): According to security best practices, an Amazon EC2 instance should obtain privileges by assuming a role rather than directly storing and using access keys.

• Question (from page 2): Customer responsibility when using Amazon DynamoDB includes data encryption at rest.

• Question (from page 2): Key aspects of AWS Cloud adoption include sustainability, performance efficiency, and governance.

• Question (from page 2): For managing Docker environments on Amazon EC2 instances, AWS Lambda is beneficial for managing cluster size, scheduling, and environments.

• Question (from page 3): AWS Cost Explorer, AWS Billing Conductor, and Amazon CodeGuru can be used to identify rightsizing opportunities for Amazon EC2 instances. AWS Trusted Advisor provides high-performance container orchestration, identification of underutilized resources to save costs and improvements to security through proactive monitoring.

• Question (from page 3): A company migrates on-premises workloads to the cloud to eliminate running and maintaining on-premises data centers, however, price discounts are usually not identical to hardware provider.

• Question (from page 4): Managing IT services and infrastructure as code is best achieved using AWS Resource Explorer and AWS Service Catalog.

• Question (from page 4): AWS Organizations, AWS Pricing Calculator and AWS Cost Explorer can be used to manage AWS spending and visualize the costs.

• Question (from page 4): AWS Glue, Amazon Elastic File System, Amazon Redshift, Amazon QuickSight, or Amazon Quantum Ledger Database can be used to manage and visualize data.

• Question (from page 5): To avoid application downtime on Amazon EC2 instances for two months, Reserved Instances or Dedicated Hosts are used.

• Question (from page 5): Quickly deploying an application on AWS, without creating resources manually, can be achieved with AWS Elastic Beanstalk or AWS CodeBuild.

• Question (sensitive customer data in Amazon S3): To protect sensitive data in Amazon S3, use S3 lifecycle rules, versioning, or bucket policies.

• Question (AWS Service): Services like CodePipeline, CodeDeploy or Direct Connect are used to manage infrastructure.

• Question (on-demand instances 1-year): Reserved instances are the most suitable option for consistent and predictable web traffic.

AWS Shared Responsibility-related Questions

• AWS Shared Responsibility Model: customers are responsible for security in the AWS environment, and AWS is responsible for the security of the cloud itself.

• Customers are responsible for the following: Configuring security groups. Classifying company assets. Selecting Availability Zones for buckets Patching or upgrading Amazon DynamoDB

• AWS is responsible for: Configuring AWS provided security groups. Maintaining the data centre hardware Ensuring data centers are correctly patched against known threats

Question (Internet Gateway):

• The internet gateway is used to create VPC connections to the internet, facilitating communication.

Question (Integrating Application):

• Functional testing can be integrated into AWS deployments, automation can be used for deployment changes, and deployments can be made to multiple locations.

Question (Password/Access Key Rotations):

• IAM Access Analyzer is used to audit password and access key rotation details.

Question (Cost Threshold Notification):

• AWS Budgets, Amazon CloudWatch and Cost Explorer are used to receive notifications of cost thresholds having been reached.

Questions, Page 8 and following

The remaining questions concern specifics about AWS services and are best answered by referring to the relevant AWS documentation. There are many services, each with functions requiring reference to specific AWS documentation.

Description

Test your knowledge on AWS services, including Amazon Snowball Edge, EC2 instances, and AWS Trusted Advisor. This quiz assesses your understanding of file transfer, security best practices, and storage capabilities within AWS. Perfect for those preparing for AWS certifications!