AWS Mock Exam Questions

Questions and Answers

An organization requires a dedicated, low-latency connection between its on-premises infrastructure and AWS for live streaming. Which solution best meets this requirement?

AWS Kinesis

AWS Data Streams

AWS Direct Connect (correct)

Amazon SQS

A university's exam results portal experiences high traffic during result releases and is largely idle otherwise. What is the MOST cost-efficient architectural improvement?

Configuring RDS multi-availability zones for performance optimization.

Migrating the web servers onto Amazon EC2 Spot Instances.

Migrating to a serverless architecture using AWS Lambda and API Gateway. (correct)

Implementing AWS Elastic Load Balancing between the web server and the database cluster.

A business analyst needs to create interactive, visually appealing reports without writing complex database queries. Which tool is most suitable?

Amazon Athena integrated with Amazon Glue

Amazon CloudWatch dashboards

Amazon QuickSight (correct)

Business intelligence on Amazon Redshift

Which AWS feature facilitates fast, secure file transfers over long distances to an Amazon S3 bucket?

Amazon S3 Transfer Acceleration (A)

In which areas does the Trusted Advisor service provide insights?

Performance, cost optimization, security, fault tolerance, and Service Limits (B)

Which service is most suitable for use as a fully managed data warehouse?

Amazon Redshift (A)

When designing a cost-effective solution for handling sporadic traffic spikes accessing a web based application, which approach is MOST suitable?

Implementing a serverless architecture with AWS Lambda and API Gateway. (C)

A security engineer needs to enforce encryption for data at rest in an S3 bucket. Which approach is MOST appropriate?

Implement server-side encryption using S3 managed keys (SSE-S3). (C)

A company needs to analyze large datasets stored in S3. Which service is BEST suited for running complex SQL queries directly against this data with minimal setup?

Amazon Athena (D)

What is the PRIMARY purpose of the 'Principle of Least Privilege' regarding user access in AWS?

To ensure users only access the resources necessary to perform their specific job functions. (A)

A development team needs to automate the process of deploying application updates across multiple EC2 instances and on-premises servers. Which AWS service is MOST appropriate for this task?

AWS CodeDeploy (D)

Within an AWS Region, which component provides low-latency and redundant connectivity for AWS services?

Availability Zones (D)

Which two statements accurately describe the AWS Personal Health Dashboard?

A user-specific view of AWS service availability and performance affecting resources. (C), A service that sends alerts for scheduled maintenance, pending issues and planned changes. (D)

For a startup using Lambda functions and needing to grant temporary access to freelance developers authenticated via Facebook, which AWS service is MOST appropriate?

Using AWS Cognito for federated access. (A)

Besides running SQL, what is the primary role of Amazon Athena?

Ad-hoc analysis of large datasets in S3 (D)

Which of the following scenarios aligns BEST with the use case for AWS CodeDeploy?

Automated deployment of an application to different compute resources. (D)

Which AWS service is primarily designed to monitor the operational health of AWS resources based on metrics and logs?

AWS CloudWatch (A)

Which of the following services is BEST used for tracking user activity and API calls within an AWS environment, specifically for audit trails?

AWS CloudTrail (B)

What primary function does AWS Certificate Manager provide related to SSL/TLS certificates?

Tracking and managing the lifecycle, renewal, and expiry of SSL/TLS certificates. (A)

To track configuration changes made to AWS resources, such as adding a new security group rule, which service should be utilized?

AWS Config (C)

Which statement accurately describes an Organizational Unit (OU) within AWS Organizations?

An OU can only have one parent. (B)

What is the primary responsibility of a customer in relation to EBS volume availability and data backups?

To manually create EBS snapshots for backups (D)

Which AWS service allows users to group resources across different AWS Regions by application and view their collective operational data?

Resource Groups (D)

In what scenario would it be most beneficial to use a combination of both Spot and Reserved EC2 Instances?

For handling sudden, short-term traffic spikes with volatile, non-critical tasks. (A)

An application requires temporary access to AWS resources. What is a recommended approach for granting this access?

Utilize IAM roles and assume them using the AWS Security Token Service (STS). (C)

When choosing the most cost-effective option for hosting a database server for a full year, which of the following should be evaluated?

Partial Upfront Reserved Instances, to minimize long run costs for a year commitment. (B)

An auditor requests all security and compliance reports to be provided. Which service can the AWS administrator utilize to gather this data?

AWS Artifact; it is a repository for compliance resources. (A)

A new department requires access permissions. What is the most secure and least privileged approach when granting access?

Start with the least privilege and grant additional permissions only when required. (B)

What are two key advantages of using the AWS Cloud for infrastructure hosting?

The pay-as-you-go model and no upfront costs. (C)

For external audit purposes, which service would provide logs of 'who made the requests' to the AWS resources in an account?

AWS CloudTrail, that tracks user activity and API usage. (B)

For web-identity federation, what method allows external users to obtain temporary AWS security credentials?

Employing a third-party web ID provider to authenticate users, and then granting credentials via IAM. (A)

What is the most secure option to access AWS for a single day, by external users?

Grant access using web-identity federation, providing temporary access using IAM roles (B)

In the context of highly available architectures, what precisely differentiates vertical scaling from horizontal scaling?

Vertical scaling is about enhancing the capabilities of a singular resource by adding more CPU or memory. Horizontal scaling adds more computing units or instances. (D)

Which AWS service is explicitly designed to act as a web application firewall to protect web applications?

AWS WAF (A)

What is the precise term for a user-defined key-value pair acting as metadata for AWS resources, which aids in their administration and management?

Resource Tag (A)

For an organization needing to transfer confidential financial data from an on-premises mainframe to an AWS cloud cache, what is the most suitable connectivity solution considering high bandwidth and security requirements?

Direct Connect with a VPN connection. (C)

Which of the following can be directly attached to EC2 instances for persistent data storage?

Amazon EBS Volumes (D)

Which AWS networking component provides the infrastructure for hosting EC2 instances in the cloud?

AWS VPC (C)

What type of workload is characterized by having a consistent, predictable baseline with occasional, short-lived unpredictable usage spikes?

A bursty workload (B)

What is a fundamental limitation of vertical scaling when compared to horizontal scaling?

Vertical scaling is limited by the maximum capacity of a single instance. (D)

Which AWS service is designed to manage infrastructure as code?

AWS CloudFormation (D)

What architectural concept promotes reduced inter-dependencies between application components to limit the impact of failures?

Decoupling (D)

To enhance the fault tolerance of an application, where should resources be deployed?

Multiple Availability Zones (B)

Which of the following security responsibilities are typically managed by AWS?

Physical security, hardware patching, and disk disposal (A)

Which of the following options is not one of the core pillars of the AWS Well-Architected Framework?

Automation (B)

For batch processing workloads that can be interrupted and resumed, which EC2 instance type would offer the most cost-effective solution?

Spot (A)

Which service is suitable for automating the build, test, and deployment steps for a web application?

AWS CodePipeline (A)

If an organization wishes to split AWS resources based on departmental needs, which approach is most appropriate?

Using multiple AWS accounts (D)

Study Notes

AWS Mock Exam Questions and Answers

• Cost Forecasting: AWS Cost Explorer can be used to forecast AWS spending.
• VPC Security: A Network ACL is an optional security layer attached to a subnet within a VPC for controlling traffic in and out of the VPC.
• Object Storage: Amazon S3 Glacier Deep Archive is the most cost-effective object storage option after 180 days, when storage is needed for over 10 years.
• Customer Responsibility: Patching of guest OS deployed on Amazon EC2 is a customer responsibility under the AWS Shared Responsibility Model.
• AWS TCO Factors: The number of servers migrated to AWS is a factor in calculating the Total Cost of Ownership (TCO).
• Source Code Storage: AWS CodeCommit is suitable for storing confidential source code; AWS CodeDeploy is for deploying applications; AWS Lambda is a serverless compute service; and, AWS CodeStar is a tool for managing development projects.
• High Throughput: AWS Kinesis is the most appropriate solution for high throughput, low latency connectivity between on-premise infrastructure and AWS Cloud. This is ideal for live streaming and real-time services.
• Database Cluster: AWS Elastic Load Balancing can be used to improve the cost-efficiency of a dedicated web server and database cluster by distributing traffic more evenly.
• Report Generation: Amazon QuickSight can be used to generate graphically appealing and interactive dashboards from complex database queries and static spreadsheets.
• File Transfers: Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files between clients and Amazon S3 buckets over long distances.
• Trusted Advisor: The Trusted Advisor service provides insights into security, fault tolerance, high availability, performance, cost optimization and service limits.
• Data Warehouse: Amazon Redshift is a fully managed data warehouse service in AWS.
• Least Privilege: Users should be granted permission to access only the resources they need to perform their assigned tasks, following the Principle of Least Privilege.
• Application Deployment Automation: AWS CodeDeploy automates the deployment of applications to on-premises servers and EC2 instances.
• Global Infrastructure: Availability Zones in AWS provide low-latency, redundant connectivity within an AWS Region.
• Personal Health Dashboard: The AWS Personal Health Dashboard provides a concise representation of the overall status of AWS services and user-specific views on AWS service availability and performance.
• Cost-Effective Database Server Hosting: No Upfront Costs Reserved Instances tend to be the most cost-effective way to host a database server for one year.
• Security Information Retrieval: AWS Artifact, AWS Directory Service, AWS Resource Center, and AWS Service Catalog are services used to gather security and compliance reports and online service agreements.
• Change Capture: AWS CloudWatch can be used to capture and record changes to AWS resources for auditing purposes.
• Multiple Accounts Management: AWS Organizations help effectively manage multiple accounts in a large enterprise.
• Application Fault Tolerance: Deploying resources across multiple Availability Zones improves the fault tolerance of an application.
• Security Management: Password policies, user permissions, physical security of facilities, and disk disposal are elements in managing AWS security requirements.
• Batch Processing: Using Spot Instances for batch processing workloads when interruptions are acceptable can be cost-effective.
• Deployment Automation: AWS CodePipeline can be used for automating application build, test, and deployment tasks.
• Security Layer: Multi-Factor Authentication (MFA) can be used as an additional security layer when logging into AWS services.
• Application Deployment Strategies: Deploying applications across multiple VPCs, multiple regions, and edge locations can improve their robust architecture.
• Server Licensing Reuse: EC2 Dedicated Instances or Hosts are best ways to reuse existing server-bound software licensing in AWS.
• Content Delivery: Amazon CloudFront can efficiently stream content to users across the globe.
• Shared Responsibility Model: Global infrastructure that runs AWS Cloud services is a shared responsibility between AWS and the customer.
• Cost Optimization: Using Reserved Instances can minimize costs when the utilization duration of EC2 is high.

Description

Prepare for your AWS certification with this mock exam covering key topics such as cost forecasting, VPC security, and object storage. Test your understanding of AWS services like CodeCommit and Kinesis, and familiarize yourself with the AWS Shared Responsibility Model. This quiz is ideal for anyone looking to solidify their knowledge of AWS concepts and practices.