AWS Review | AWS Review

a. AWS Lambdab. AWS Elastic Beanstalkc. Amazon EC2 Auto Scalingd. Amazon Route 53

a. Amazon CloudFrontb. Amazon Route 53c. Elastic Load Balancingd. Amazon Glacier

a. You need a cheap and reliable place to store files your application can access.b. You need a safe place to store backup archives from your local servers.c. You need a source for on-demand compute cycles to meet fluctuating demand for your application.d. You need persistent storage for the filesystem run by your EC2 instance.

a. Relational Database Service (RDS)b. Amazon Aurorac. Amazon DynamoDBd. Key Management Service (KMS)

a. compute.eu-central-1.amazonaws.comb. ec2.eu-central-1.amazonaws.comc. elasticcomputecloud.eu-west-2.amazonaws.comd. ec2.eu-west-1.amazonaws.com

a. An isolated physical datacenter within an AWS regionb. A region containing multiple isolated datacentersc. A single network subnet used by resources within a single regiond. A single isolated server room within a datacenter

a. Load Balancingb. Amazon Virtual Private Cloud (VPC)c. Amazon CloudFrontd. AWS endpoints

a. Historical uptime log recordsb. The AWS Program Compliance Toolc. The AWS service level agreement (SLA)d. The AWS Compliance Programs documentation pagee. The AWS Shared Responsibility Model

a. AWS Configb. AWS CLIc. AWS SDKd. The AWS Console

a. Businessb. Developerc. Basicd. Enterprise

a. AWS Application Migration Serviceb. AWS Migration Hubc. AWS Application Discovery Serviced. AWS Lift and Shift

a. Select a regular Linux AMI and bootstrap it using user data that will install and configure the OpenVPN package on the instance and use it for your VPN instances.

b. Search the community AMIs for an official AMI provided and supported by the Open-VPN company.

c. Search the AWS Marketplace to see whether there’s an official AMI provided and supported by the OpenVPN company.

d. Select a regular Linux AMI and SSH to manually install and configure the OpenVPN package.

e. Create a site-to-site VPN connection from the wizard in the AWS VPC dashboard.

a. Import the virtual machine to your AWS region using a secure SSH tunnel.

b. Import the virtual machine using VM Import/Export.

c. Select the imported VM from among your private AMIs and launch an instance.

d. Select the imported VM from the AWS Marketplace AMIs and launch an instance.

e. Use the AWS CLI to securely copy your virtual machine image to an S3 bucket within the AWS region you’ll be using.

a. You haven’t properly configured the ~/.aws/config file.b. The AMI is being updated and is temporarily unavailable.c. Your key pair file has been given the wrong (overly permissive) permissions.d. The AMI you specified exists in a different region than the one you’ve currently specified.

a. Dedicated Host tenancyb. Shared tenancyc. Dedicated Instance tenancyd. Isolated tenancy

a. Configure autoscaling.

b. Configure load balancing.

c. Purchase two m5.large instances on the spot market and as many on-demand instances as necessary.

d. Shut down your m5.large instances and purchase instances using a more robust instance type to replace them.

e. Purchase two m5.large reserve instances and as many on-demand instances as necessary.

a. Your e-commerce website is built using a publicly available AMI.b. You provide high-end video rendering services using a fault-tolerant process that can easily manage a job that was unexpectedly interrupted.c. You’re running a backend database that must be reliably updated to keep track of critical transactions.d. Your deployment runs as a static website on S3.

a. AMIb. Instance typec. Security groupd. Public IP address

a. servers:server1b. project1:server1c. EC2:project1:server1d. server1:project1

a. Cold HDDb. General-purpose SSDc. Throughput-optimized HDDd. Provisioned-IOPS SSD

a. Create an image from a detached EBS volume, use it to create a snapshot, select your new AMI from your private collection, and use it for your launch configuration.

b. Create a snapshot of the EBS root volume you need, use it to create an image, select your new AMI from your private collection, and use it for your launch configuration.

c. Create an image from the EBS volume attached to the instance, select your new AMI from your private collection, and use it for your launch configuration.

d. Search the AWS Marketplace for the appropriate image and use it for your launch configuration.

e. Import the snapshot of an EBS root volume from a different AWS account, use it to create an image, select your new AMI from your private collection, and use it for your launch configuration.

a. Instance volumes are physically attached to the server that’s hosting your instance, allowing faster data access.

b. Instance volumes can be used to store data even after the instance is shut down.

c. The use of instance volumes does not incur costs (beyond those for the instance itself).

d. You can set termination protection so that an instance volume can’t be accidentally shut down.

e. Instance volumes are commonly used as a base for the creation of AMIs.

a. A role can assign processes running on the EC2 instance itself permission to access other AWS resources.b. A user can be given permission to authenticate as a role and access all associated resources.c. A role can be associated with individual instance-based processes (Linux instances only), giving them permission to access other AWS resources.d. A role can give users and resources permission to access the EC2 instance.

a. Use the private key of your key pair to initiate an SSH tunnel session.b. Use the public key of your key pair to initiate an SSH tunnel session.c. Use the public key of your key pair to retrieve the password you’ll use to log in.d. Use the private key of your key pair to retrieve the password you’ll use to log in.

a. Load balancingb. Placement groupsc. AWS Systems Managerd. AWS Fargate

a. AWS Lambdab. AWS Elastic Beanstalkc. Amazon Elastic Container Service (ECS)d. Auto Scaling

a. AWS Simple Storage Service (S3)b. AWS Snowballc. VM Import/Exportd. AWS Direct Connect

a. Modify the launch configuration.b. Create a launch template and configure the Auto Scaling group to use it.c. Modify the launch template.d. Modify the CloudFormation template.

a. Create two new instances.b. Reduce the desired capacity to 3.c. Nothing.d. Increment the minimum group size to 5.

a. Commandb. Automationc. Policyd. Manual

a. Amazon Elastic Kubernetes Serviceb. AWS Fargatec. Amazon EKS Distrod. Amazon Elastic Container Service

a. AWS Storage Gateway

b. AWS S3

c. Amazon Elastic File System

d. AWS Elastic Block Store

a. PUT requests/month against an S3 bucketb. The volume of data space available per S3 bucketc. Account-wide S3 storage spaced. The number of S3 buckets within a single account

a. s3.amazonaws.com/bucketname/filenameb. filename/bucketname.s3.amazonaws.comc. s3://bucketname/filenamed. s3://filename/bucketname

a. A prefix is the name common to the objects you want to group, and a delimiter is the bar character (|).b. A prefix is the DNS name that precedes the amazonaws.com domain, and a delimiter is the name you want to give your file directory.c. A prefix is the name common to the objects you want to group, and a delimiter is a forward slash character (/).d. A prefix is the name common to the file type you want to identify, and a delimiter is a forward slash character (/).

a. Standard-IA data has only 99.9% availability, whereas Intelligent-Tiering’s availability depends on the data’s current state.b. Standard-IA data is heavily replicated but only within a single availability zone, whereas Intelligent-Tiering data is only lightly replicated.c. Standard-IA data is replicated across AWS regions, whereas Intelligent-Tiering data is restricted to a single region.d. Standard-IA data is automatically backed up to Amazon Glacier, whereas Intelligent-Tiering data remains within S3.

a. 99.99 percentb. 99.9 percentc. 99.999999999 percentd. 99.5 percent

a. Operations immediately preceding the deletion of an existing objectb. Operations subsequent to the updating of an existing objectc. Operations subsequent to the deletion of an existing objectd. Operations subsequent to the creation of a new object

a. Nothing. S3 protects existing files by default.b. Nothing. S3 saves older versions of your files by default.c. Enable versioning.d. Enable file overwrite protection.

a. By specifying particular prefixes when you define your life cycle rules.b. This isn’t possible. Life cycle rules must apply to all the objects in a bucket.c. By specifying particular prefixes when you create the bucket.d. By importing a predefined life cycle rule template.

a. S3 Glacier Flexible Retrievalb. Reduced Redundancyc. S3 One Zone-IAd. S3 Standard-IA

a. The AWS service being defined (S3 in this case)b. An origin resource that’s given permission to alter an S3 bucketc. The resource whose access is being definedd. The user or entity to which access is assigned

a. 24 hoursb. 3,600 secondsc. 5 minutesd. 360 seconds

a. 5 hoursb. 12 hoursc. 2 daysd. 1 week

a. Direct Connectb. Server Migration Servicec. Snowballd. Storage Gateway

a. Amazon FSx for Windows File Serverb. Amazon FSx for Lustrec. Amazon Elastic File Systemd. Amazon Elastic Block Store

a. /16 to /28b. /16 to /56c. /8 to /30d. /56 only

a. 172.31.0.0/16b. 192.168.0.0/16c. 192.168.0.0/24d. 192.168.16.0/23

a. 10.0.0.0/24

b. 10.0.0.0/8

c. 10.0.0.0/16

d. 10.0.0.0/23

a. A subnet can exist in multiple availability zones.b. An availability zone can have multiple subnets.c. An availability zone can have only one subnet.d. A subnet’s CIDR is derived from its availability zone.

a. It must have a private IP address from the subnet that it resides in.b. It cannot exist independently of an instance.c. It can be connected to multiple subnets.d. It can have multiple IP addresses from different subnets.

a. Only one security group can be attached to an ENI.b. A security group must always be attached to an ENI.c. A security group can be attached to a subnet.d. Every VPC contains a default security group.

a. An NACL is stateless.b. An NACL is stateful.c. An NACL is attached to an ENI.d. An NACL can be associated with only one subnet.

a. A resource that grants instances in multiple VPCs’ Internet accessb. An implied routerc. A physical routerd. A VPC resource with no management IP address

a. 0.0.0.0/0b. ::0/0c. An Internet gatewayd. The IP address of the implied router

a. The main route tableb. The route table you createdc. The default route tabled. None of these

a. You won’t be able to establish an SSH session directly to the instance from the Internet.b. The instance won’t be able to access the Internet.c. The instance will receive the same private IP address.d. The instance will be unable to reach other instances in its subnet.

a. Allocate an ENI and associate it with the instance’s primary EIP.b. Allocate an EIP and associate it with the instance’s primary ENI.c. Configure the instance to use an automatically assigned public IP.d. Allocate an EIP and change the private IP address of the instance’s ENI to match.

a. The public IPb. The EIPc. The private IPd. 0.0.0.0

a. Both must use different default gateways.b. Both must use different NACLs.c. Both must use different security groups.d. The NAT gateway requires a public interface and a private interface.

a. There are different NAT gateway types.b. A NAT instance scales automatically.c. A NAT gateway can span multiple availability zones.d. A NAT gateway scales automatically.

a. Internet gatewayb. Route tablec. EIPd. ENI

a. Disable the source/destination check on its ENI.b. Enable the source/destination check on its ENI.c. Create a default route in its route table with a NAT gateway as the target.d. Assign a primary private IP address to the instance.

a. Transitive routing is not supported.b. A VPC peering connection requires a public IP address.c. You can peer up to three VPCs using a single peering connection.d. You can use a peering connection to share an Internet gateway among multiple VPCs.

a. Create two routes with the peering connection as the target.

b. Create only one default route with the peering connection as the target.

c. Create another peering connection between the VPCs.

d. Configure the instances’ security groups correctly.

a. Security groups

b. NACLs

c. AWS Network Firewall

d. AWS Transit Gateway

a. Direct Connectb. VPNc. VPC peeringd. Transit gateway

a. VPN

b. Direct Connect

c. VPC peering

d. Transit gateway

a. It can be multicast.b. It can be a blackhole route.c. It can have an Internet gateway as a target.d. It can have an ENI as a target.

a. Record

b. Attribute

c. Tuple

d. Table

a. A foreign keyb. A primary keyc. An attributed. A row

a. QUERYb. SCANc. INSERTd. SELECT

a. Offline transaction processing (OLTP)b. Online transaction processing (OLTP)c. Online analytic processing (OLAP)d. Key/value store

a. Sixb. Sixc. Twod. Four

a. Microsoft SQL Server

b. MariaDB

c. Aurora

d. PostgreSQL

a. MyISAMb. XtraDBc. InnoDBd. PostgreSQL

a. Oracle Standard Edition Two

b. Microsoft SQL Server

c. Oracle Standard Edition One

d. PostgreSQL

a. Standardb. Memory optimizedc. Storage optimizedd. Burstable performance

a. 12800b. 25600c. 200d. 16

a. 200 GBb. 100 GBc. 200 TBd. 200 MB

a. There is no minimum storage requirement.b. 200 GB.c. 240 GB.d. 12 TB.

a. Read replicab. Standby database instancec. Primary database instanced. Master database instance

a. Synchronously from the primary instance to a read replicab. Synchronously using a cluster volumec. Asynchronously from the primary to a standby instanced. Synchronously from the primary to a standby instance

a. RDS restores the snapshot to a new instance.b. RDS restores the snapshot to the failed instance.c. RDS restores only the individual databases to a new instance.d. RDS deletes the snapshot.

a. EVENb. ALLc. KEYd. ODD

a. Dense memoryb. Leaderc. Dense storaged. Dense compute

a. It’s required to uniquely identify an item.

b. It must be unique within the table.

c. It’s used to correlate data across different tables.

d. Its data type can vary within a table.

a. Partition keyb. Sort keyc. Hash keyd. Simple primary key

a. 3b. 2c. 1

a. Dense computeb. Dense storagec. Leaderd. KEY

a. Eventually consistent indexb. Local secondary indexc. Global primary indexd. Global secondary index

a. You need to perform a variety of complex queries against the data.b. You need to query data based on only one attribute.c. You need to store JSON documents.d. The data will be used by different applications.

a. SQLb. Relationalc. Document-oriented stored. Graph

a. There would be no easy way to control resource usage by project or class.b. There would be no effective limits on the effect of an action, making it more likely for unintended and unwanted consequences to result.c. Since root has full permissions over your account resources, an account compromise at the hands of hackers would be catastrophic.d. It would make it difficult to track which account user is responsible for specific actions.

a. The Action element refers to the way IAM will react to a request.b. The * character applies an element globally—as broadly as possible.c. The Resource element refers to the third-party identities that will be allowed to access the account.d. The Effect element refers to the anticipated resource state after a request is granted.

a. Attach no policies to the user.

b. Attach two policies to the user, with one policy permitting full EC2 access and the other permitting IAM password changes but denying EC2 access.

c. Attach a single policy permitting the user to create S3 buckets.

d. Attach the AdministratorAccess policy.

e. Associate an IAM action statement blocking all EC2 access to the user’s account.

a. Never use the account to perform any administration operations.

b. Enable multifactor authentication (MFA).

c. Assign a long and complex password.

d. Delete all access keys.

e. Insist that your users access AWS resources exclusively through the AWS CLI.

a. aws iam get-access-key-used –access-key-id <key_ID>b. aws iam --get-access-key-last-used access-key-id <key_ID>c. aws iam get-access-key-last-used access-last-key-id <key_ID>d. aws iam get-access-key-last-used –-access-key-id <key_ID>

a. It enhances security by consolidating resourcesb. It simplifies the management of user permissions.c. It allows for quicker response times to service interruptions.d. It simplifies locking down the root user.

a. A web identity authenticating with Googleb. An identity coming through a SAML-based federated providerc. An identity using an X.509 certificated. A web identity authenticating with Amazon Cognito

a. AWS CloudHSMb. AWS Key Management Servicec. AWS Security Token Serviced. AWS Secrets Manager

a. Amazon Cognitob. AWS Directory Service for Microsoft Active Directoryc. AWS Secrets Managerd. AWS Key Management Service

a. Gives your application users temporary, controlled access to other services in your AWS accountb. Adds user sign-up and sign-in to your applicationsc. Incorporates encryption infrastructure into your application life cycled. Delivers up-to-date credentials to authenticate RDS database requests

a. Change the password and MFA settings for the root account.

b. Delete and re-create all existing IAM policies.

c. Change the passwords for all your IAM users.

d. Delete the former employee’s own IAM user (within the company account).

e. Immediately rotate all account access keys.

a. Actionb. Regionc. Effectd. Resource

a. Define the action.

b. Select at least one policy.

c. Define a trusted entity.

d. Define the consumer application.

a. Policiesb. Usersc. Groupsd. Roles

a. HTMLb. Key/value pairsc. JSONd. XML

a. Integration with on-premises AD domains is possible.

b. AD domain controllers are launched in two availability zones.

c. Data is automatically replicated.

d. Underlying AD software is automatically updated.

a. Monitor the use of your new keys.

b. Monitor the use of old keys.

c. Deactivate the old keys.

d. Delete the old keys.

e. Confirm the status of your X.509 certificate.

a. An IAM roleb. An IAM policyc. An IAM groupd. An AIM access key

a. Logging into the AWS Console

b. Creating an S3 bucket from the web console

c. Uploading an object to an S3 bucket

d. Creating a subnet using the AWS CLI

a. Viewing all S3 bucketsb. Uploading a file to an S3 bucketc. Downloading a file from an S3 bucketd. Creating a Lambda function

a. The IAM user logb. The trail logs stored in S3c. The CloudTrail event history in the region where the trail was configuredd. The CloudTrail event history in any region

a. The regionb. The dimensionc. The timestampd. The data point

a. Regularb. Detailedc. Basicd. High resolution

a. Record both values with the given timestamp.b. Record the second value with the timestamp 15:57:37, overwriting the first value.c. Record only the first value with the timestamp 15:57:08, ignoring the second value.d. Record only the second value with the timestamp 15:57:00, overwriting the first value.

a. 15 daysb. 3 hoursc. 63 daysd. 15 months

a. The Sum statistic with a five-minute periodb. The Average statistic with a one-hour periodc. The Sum statistic with a one-hour periodd. The Sample count statistic with a five-minute period

a. Log groupb. Log streamc. Metric filterd. CloudWatch Agent

a. Delete the log stream.

b. Manually delete old log events.

c. Set the retention of the log stream to 30 days.

d. Set the retention of the log group to 30 days.

a. The missing events are greater than 256 KB in size.

b. The metric filter is misconfigured.

c. There’s a delay between the time the event occurs and the time CloudTrail streams the event to CloudWatch.

d. The IAM role that CloudTrail assumes is misconfigured.

a. The data points to monitor haven’t crossed the specified threshold.

b. The EBS volume isn’t attached to a running instance.

c. The evaluation period hasn’t elapsed.

d. The alarm hasn’t collected enough data points to alarm.

a. SMS action

b. Auto Scaling action

c. Notification action

d. EC2 action

a. Migrates the instance to a different hostb. Reboots the instancec. Deletes the instance and creates a new oned. Restores the instance from a snapshot

a. The AWS Config configuration recorder must have been turned on in the region at the time the instance was deleted.b. CloudTrail must have been logging write-only management events for all regions.c. CloudTrail must have been logging IAM events.d. The CloudWatch log stream containing the deletion event must not have been deleted.

a. A CloudWatch log stream

b. The delivery frequency of the configuration snapshot

c. An S3 bucket name

d. An SNS topic ARN

a. Pause the configuration recorder.b. Delete the configuration recorder.c. Delete the configuration snapshots.d. Set the retention period to 30 days and wait for the configuration items to age out.

a. AVG(m1)-m1

b. AVG(m1)

c. METRICS()/AVG(m1)

d. m1/m2

a. Turning off the configuration recorderb. Deleting the rulec. Deleting the configuration history for CloudTraild. Failing to specify a frequency for periodic checks

a. CloudWatch Alarmsb. EventBridgec. CloudTraild. CloudWatch Metrics

a. Translating human-readable domain names into IP addressesb. Registering domain names with ICANNc. Registering domain names with VeriSignd. Applying routing policies to network packets

a. An object’s FQDNb. Policies controlling the way remote requests are resolvedc. One or more servers, data repositories, or other digital resources identified by a single domain named. A label used to direct network requests to a domain’s resources

a. amazon.com/documentation/b. aws.c. amazon.d. .com

a. CNAME (canonical name)b. TTL (time to live)c. Record typed. Record data

a. NSb. SOAc. Ad. CNAME

a. Simpleb. Latencyc. Geolocationd. Multivalue

a. Latencyb. Weightedc. Geolocationd. Failover

a. Failoverb. Weightedc. Latencyd. Geolocation

a. Latencyb. Weightedc. Geolocationd. Failover

a. Unlock the domain transfer setting on the external registrar admin page.

b. Request an authorization code from the external registrar.

c. Copy the name server addresses from Route 53 to the external registrar admin page.

d. Create a hosted zone CNAME record set.

a. Request an authorization code from the external registrar.b. Copy the name server addresses from Route 53 to the external registrar admin page.c. Create a hosted zone CNAME record set.d. Unlock the domain transfer setting on the external registrar admin page.

a. It periodically tries to load the index.php page.b. It periodically tries to load the index.html page.c. It periodically tries to load a specified web page.d. It periodically tries to log into the resource using SSH.

a. Geoproximity policies specify geographic areas by their relationship either to a particular longitude and latitude or to an AWS region, whereas geolocation policies use the continent, country, or U.S. state where the request originated to decide what resource to send.b. Geolocation policies specify geographic areas by their relationship either to a particular longitude and latitude or to an AWS region, whereas geoproximity policies use the continent, country, or U.S. state where the request originated to decide what resource to send.c. Geolocation policies will direct traffic to the resource you identify as primary as long as health checks confirm that that resource is running properly, whereas geoproximity policies allow you to deliver web pages in customer-appropriate languages.d. Geolocation policies use a health check configuration routing to make a deployment more highly available, whereas geoproximity policies leverage resources running in multiple AWS regions to provide service to clients from the instances that will deliver the best experience.

a. A heavily used website providing media downloads for a global audience

b. An S3 bucket with large media files used by workers on your corporate campus

c. A file server accessed through a corporate VPN

d. A popular website with periodically changing content

a. Amazon S3 bucketb. AWS MediaPackage channel endpointc. API Gateway endpointd. Web server

a. Select a price class that maintains copies in only a limited subset of CloudFront’s edge locations.b. Configure a custom SSL certificate to restrict access to HTTPS requests only.c. Disable the use of Alternate Domain Names (CNAMES) for your distribution.d. Enable Compress Objects Automatically for your distribution.

a. User requests from an edge location that’s recently received the same request will be delivered with lower latency.b. CloudFront distributions can be directly mapped to Route 53 hosted zones.c. All user requests will be delivered with lower latency.d. You can incorporate free encryption certificates into your infrastructure.

a. Amazon Elastic Transcoder–based videosb. S3-based videosc. Streaming videosd. A mix of text and media-rich digital content

a. MatchFinderb. FindMatches MLc. Elastic MapReduced. Spark

a. Dump the database into an S3 bucket and then import the data into the data lake.b. Import the data into RDS and then into the data lake.c. Use the Glue Connector.d. Use the JDBC connector.

a. Amazon Athenab. Apache Sparkc. Apache Elephant Stackd. AWS Data Lake

a. A data warehouse can store unstructured data.

b. A data warehouse is a relational database.

c. A data lake requires structured data.

d. A data lake can store unstructured, schema-less data.

a. Searching datab. Ingesting real-time streaming datac. Preparing data for analysisd. Transforming data

a. Kinesis Data Streamsb. Kinesis Video Streamsc. Kinesis Data Firehosed. Kinesis ML

a. Create a Kinesis Data Firehose delivery stream.

b. Increase the stream retention period to 14 days.

c. Specify an S3 bucket as the destination.

d. Specify CloudWatch Logs as the destination.

a. Kinesis Video Streamsb. Kinesis Data Streamsc. Kinesis Data Firehosed. Kinesis Data Warehouse

a. Use the CloudWatch Logs Agent.b. Use the Amazon Kinesis Agent.c. Write a script that uses the Kinesis Producer Library.d. Move the application to an EC2 instance.

a. The frequency of datab. The total amount of datac. The number of consumers that need to receive the datad. The order of data

a. SQS with a standard queue

b. Kinesis Data Streams

c. Kinesis Data Firehose

d. SQS with a FIFO queue

a. Stock feedsb. Facial recognitionc. Static website hostingd. Videoconferencing

a. 1b. 2c. 4d. 8

a. 1b. 2c. 3d. 4

a. Videoconferencingb. Transforming video metadatac. Converting CSV to JSONd. Redshift

a. 99 percentb. 99.9 percentc. 99.95 percentd. 99.999 percent

a. 94.05 percentb. 99 percentc. 99.9 percentd. 99.95 percent

a. Multi-AZ RDS using MySQLb. DynamoDBc. Multi-AZ RDS using Aurorad. A self-hosted SQL database

a. Store web assets in an S3 bucket instead of on the application instance.

b. Use instance classes large enough to handle your application’s peak load.

c. Scale your instances in.

d. Scale your instances out.

a. Modify the launch configuration.b. Create a launch template and configure the Auto Scaling group to use it.c. Modify the launch template.d. Modify the CloudFormation template.

a. Create two new instances.b. Reduce the desired capacity to 3.c. Nothing.d. Increment the minimum group size to 5.

a. ELB health checks

b. CloudWatch Alarms

c. Route 53 health checks

d. EC2 instance checks

a. Target tracking policies

b. Scheduled actions

c. Step scaling policies

d. Simple scaling policies

a. Versioning

b. Bucket policies

c. Cross-region replication

d. Using the Standard storage class

a. Stream the files to CloudWatch Logs.b. Create an Elastic File System and back up the files to it using a cron job.c. Create a Snapshot Lifecycle Policy to snapshot each instance every 24 hours and retain the latest three snapshots.d. Create a Snapshot Lifecycle Policy to snapshot each instance every 4 hours and retain the latest 18 snapshots.

a. MySQLb. PostgreSQLc. MySQLd. Aurora

a. Configure multi-AZ.b. Enable automated snapshots.c. Add a read replica in the same region.d. Add a read replica in a different region.

a. You may need to add another tier for your application.

b. You may need to implement RDS.

c. AWS occasionally adds more availability zones to a region.

d. You may need to add a secondary CIDR to the VPC.

a. 172.21.0.0/25

b. 172.21.0.0/26

c. 10.0.0.0/8

d. 10.0.0.0/21

a. Lower latency

b. Higher bandwidth

c. Better end-user experience

d. Increased security

a. Use IAM policies to restrict access to AWS resources.b. Ensure the IP address ranges in the networks don’t overlap.c. Ensure security groups on your datacenter firewalls are properly configured.d. Use in-transit encryption.

a. CloudFormation

b. Auto Scaling

c. User data

d. Dynamic scaling policies

a. 3b. 16c. 8d. 4

a. 99 percentb. 99.9 percentc. 99.99 percentd. 99.95 percent

a. Update the DNS record to point to the load balancer in the other region.

b. Point the load balancer to the other region.

c. Fail over to the database in the other region.

d. Restore the database from a snapshot.

a. It is immediately deleted from the queue.

b. It remains in the queue for 30 seconds and is then deleted.

c. It stays in the queue for the remaining duration of the retention period.

d. It becomes invisible to other consumers for the duration of the visibility timeout.

a. 0 secondsb. 30 secondsc. 12 hoursd. 7 days

a. Delay queueb. Message timerc. Visibility timeoutd. Long polling

a. FIFOb. Standardc. Delayd. Short

a. Configure a per-queue delay.b. Use a standard queue.c. Use a FIFO queue.d. Use short polling.

a. Using long pollingb. Using short pollingc. Using a FIFO queued. Using a standard queue

a. A message sits in the queue for too long and gets deleted.b. Different consumers receive and process the same message.c. Messages are mysteriously disappearing from the queue.d. A consumer repeatedly fails to process a particular message.

a. It will sit in the dead-letter queue for up to 10 days.b. It will be immediately deleted.c. It will be deleted after four days.d. It will sit in the dead-letter queue for up to 20 days.

a. Define the capacity metric that will trigger a scaling change.b. Define the AMI to be deployed by Auto Scaling operations.c. Control the minimum and maximum number of instances to allow.d. Define the associated load balancer.

a. Elastic Container Serviceb. Lambdac. ECRd. Elastic Beanstalk

a. From the EBS dashboardb. From the EC2 Storage Optimization dashboardc. From the AWS CLId. From within the EC2 instance OS

a. CloudFrontb. RAID arraysc. Cross-region replicationd. Transfer Acceleration

a. Amazon S3 Transfer Accelerationb. S3 Cross-Region Replicationc. EBS Data Transfer Wizardd. EC2 Auto Scaling

a. Optimizing indexesb. Optimizing scalabilityc. Optimizing schemasd. Optimizing views

a. Moving your application to Amazon LightSail

b. Switching to an EC2 instance that supports enhanced graphics

c. Deploying Amazon Elasticsearch in front of your instance

d. Increasing the instance limit on your Auto Scaling group

e. Putting your application behind a CloudFront distribution

a. Application load balancerb. Classic load balancerc. Network load balancerd. Gateway load balancer

a. The CloudFormation drag-and-drop interface

b. Selecting a prebuilt sample template

c. Importing a template from AWS CloudDeploy

d. Creating your own JSON template document

e. Importing a template from Systems Manager

a. Default node nameb. Stack namec. Database named. DB User name

a. CloudWatch dashboards

b. CloudWatch OneView

c. SNS alerts

d. AWS Config dashboards

a. Predefined performance baselines

b. Predefined key performance indicators (KPIs)

c. Advance permission from AWS

d. A complete record of your account’s resource configuration changes

e. A running Service Catalog task

a. AWS CloudTrailb. AWS CloudWatchc. AWS CodePipelined. AWS Config

a. Varnish

b. Redis

c. Memcached

d. Nginx

a. Your online application requires users’ session states to be saved and the behavior of all active users to be compared.

b. Your online application needs the fastest operation available.

c. Your admin is not familiar with caching and is looking for a relatively simple setup for a straightforward application performance improvement.

d. You’re not sure what your application needs might be in a month or two, so you want to leave open as many options as possible.

a. MySQLb. DynamoDBc. MariaDBd. PostgreSQL

a. Cost

b. S3 bucket

c. Life cycle

d. Ownership

a. AMI ID

b. EC2 key pair name

c. Stack name

d. Logical ID

a. An Export field to the Output sectionb. A resource of the type AWS::EC2::VPCc. A resource of the type AWS::CloudFormation::Stackd. Fn::ImportValue

a. Create a change set.b. Perform a direct update.c. Update the stack policy.d. Override the stack policy.

a. Maximum length

b. Require the use of numbers

c. Prevent multiple users from using the same password

d. Require an administrator to reset an expired password

a. Resourceb. Conditionc. Actiond. Principal

a. Consult CloudTrail global management event logs.

b. Restore the policy from a snapshot.

c. Consult CloudTrail data event logs.

d. Revert to the previous policy version.

a. Create a new instance in any region.b. Create a new instance in the us-east-1 region.c. Start an existing instance in the us-east-1 region.d. Start an existing instance in any region.

a. Add the user to the key policy as a key user.b. Grant the user access to the key using an IAM policy.c. Add the user to the key policy as a key administrator.d. Add the user as a principal to the bucket policy.

a. RDS logsb. DNS query logsc. VPC flow logsd. CloudTrail logs

a. Create a metric filter.

b. Stream the web server logs to CloudWatch Logs.

c. Upload the web server log to S3.

d. Use Athena to query the data.

a. Behaviorb. Backdoorc. Stealthd. ResourceConsumption

a. The AWS Config timeline

b. Lambda logs

c. CloudTrail management event logs

d. VPC flow logs

a. Common Vulnerabilities and Exposuresb. Center for Internet Security Benchmarksc. Runtime Behavior Analysisd. Security Best Practices

a. Network access control lists

b. Security groups

c. IAM policies

d. SQS access policies

a. Create a security group that allows all inbound traffic to TCP port 443.

b. Attach the security group to the instances.

c. Attach the security group to the load balancer.

d. Remove the Internet gateway from the VPC.

e. Create a security group that allows all inbound traffic to TCP port 80.

a. Place the instance behind a network load balancer.b. Implement a security group to restrict inbound access to the instance.c. Place the instance behind an application load balancer.d. Enable AWS Shield Standard.

a. Enable WAF.

b. Assign elastic IP addresses to the instances.

c. Place the instances behind an application load balancer.

d. Block TCP port 3306.

a. GuardDutyb. WAFc. Shield Standardd. Shield Advanced

a. Customer-managed CMK

b. AWS-managed CMK

c. S3-managed key

d. Customer-provided key

a. KMS

b. RedShift

c. DynamoDB

d. RDS

a. Create an encrypted snapshot of the unencrypted volume.

b. Simultaneously encrypt and copy the snapshot to the destination region.

c. Copy the encrypted snapshot to the destination region.

d. Create an unencrypted snapshot of the unencrypted volume.

a. Encrypt the EBS volume of the instance.b. Create a new encrypted EFS filesystem and copy the data to it.c. Enable encryption on the existing EFS filesystem.d. Use a third-party encryption program to encrypt the data.

a. An S3 bucket

b. A CloudFront distribution

c. An application load balancer

d. An EC2 instance

a. Detectiveb. Maciec. Security Hubd. GuardDuty

a. Free access to AWS services for a new account’s first monthb. Free access to all instance types of AWS EC2 instances for new accountsc. Free access to basic levels of AWS services for a new account’s first yeard. Unlimited and open-ended access to the “free tier” of most AWS services

a. Amazon S3 Glacierb. Amazon S3 Standard-Infrequent Accessc. Amazon S3 Standardd. Amazon S3 One Zone-Infrequent Access

a. Cost Explorerb. Budgetsc. Organizationsd. TCO Calculator

a. Trusted Advisorb. Cost Explorerc. Budgetsd. Cost and Usage Reports

a. An organization-level administration account breach is potentially more damaging.

b. User permissions can be controlled centrally at the organization level.

c. You should upgrade to use only specially hardened organization-level VPCs.

d. Standard security best practices such as MFA and strong passwords are even more essential.

e. You should upgrade all of your existing security groups to account for the changes.

a. Route 53 routing failures

b. Running but idle EC2 instances

c. S3 buckets with public read access permissions

d. EC2 Linux instances that allow root account SSH access

e. Unencrypted S3 bucket data transfers

a. TCO Calculatorb. AWS Pricing Calculatorc. Trusted Advisord. Cost and Usage Reports

a. EBS volume capacityb. Resource usagec. Reserve instance coveraged. Resource cost

a. Tags can take up to 24 hours before they appear in the Billing and Cost Management dashboard.

b. Tags can’t be applied to resources that were launched before the tags were created.

c. You’re allowed five free budgets per account.

d. You can activate and manage cost allocation tags from the Tag Editor page.

a. Tags can take up to 24 hours before they appear in the Billing and Cost Management dashboard.b. Run three spot instances for the summer months and three reserve instances 12 months/year.c. Run nine reserve instances for 12 months/year.d. Run three reserve instances 12 months/year and purchase three scheduled reserve instances for the summer months.

a. Payment optionb. Standard or Convertible RIc. Interruption policyd. Tenancy

a. All Upfrontb. Partial Upfrontc. No Upfrontd. Monthly

a. Containers can launch quickly.

b. Containers can deliver increased server density.

c. Containers make it easy to reliably replicate server environments.

d. Containers can run using less memory than physical machines.

a. An application that will run continuously for six months straightb. An application that will run continuously for 36 months straightc. An application that runs only during local business hoursd. An application that runs at unpredictable times and can survive unexpected shutdowns

a. Request typeb. Spot instance interruptionc. Spot fleetd. Spot instance pool

a. A spot instance interruption occurs when the spot price rises above your maximum.b. A spot instance interruption is the termination of a spot instance when its workload completes.c. A spot instance interruption occurs when a spot request is manually restarted.d. A spot instance interruption is the result of a temporary outage in an AWS datacenter.

a. Spot instance poolb. Target capacityc. Spot maximumd. Spot cap

a. Configure the EBS Lifecycle Manager.b. Create a script that will regularly invoke the AWS CLI to prune older snapshots.c. Configure an EBS Scheduled Reserved Instance.d. Tie a string to your finger.e. Configure an S3 Lifecycle configuration policy to remove old snapshots.

a. aws ec2 request-fleet --spot-fleet-request-config file://Config.jsonb. aws ec2 spot-fleet --spot-fleet-request-config file://Config.jsonc. aws ec2 launch-spot-fleet --spot-fleet-request-config/ file://Config.jsond. aws ec2 request-spot-fleet --spot-fleet-request-config/ file://Config.json

a. Availability zoneb. Target capacityc. Platform (the instance OS)d. AMI

00:00:00

Ejercicios

23

AWS Containers