No student devices needed. Know more
Ch3.1.Your company is planning a major deployment on AWS. While the design and testing stages are still in progress, which of the following plans will provide the best blend of support and cost savings?
ch3.2.Your web development team is actively gearing up for a deployment of an ecommerce site. During these early stages of the process, individual developers are running into frustrating conflicts and configuration problems that are highly specific to your situation. Which of the following plans will provide the best blend of support and cost savings?
Ch.3.3.Your corporate website was offline last week for more than two hours—which caused serious consequences, including the early retirement of your CTO. Your engineers have been having a lot of trouble tracking down the source of the outage and admit that they need outside help. Which of the following will most likely meet that need?
Ch3.4.For which of the following will AWS provide direct 24/7 support to all users—even those on the Basic Support plan?
Help with infrastructure under a massive denial-of-service (DoS) attack
Help with failed and unavailable infrastructure
Help with making a bill payment to AWS
Help with accessing your infrastructure via the AWS CLI
Ch3.5.The primary purpose of an AWS technical account manager is to:
Provide 24/7 customer service for your AWS account
Provide deployment guidance and advocacy for Enterprise Support customers
Provide deployment guidance and advocacy for Business Support customers
Provide strategic cost estimates for Enterprise Support customers
Ch.3.6.Your Linux-based EC2 instance requires a patch to a Linux kernel module. The problem is that patching the module will, for some reason, break the connection between your instance and data in an S3 bucket. Your team doesn’t know if it’s possible to work around this problem. Which is the most cost-effective AWS plan through which support professionals will try to help you?
No plan covers this kind of support.
ch.3.7.Your company enrolled in the Developer Support plan and, through the course of one month, consumed $4,000 USD of AWS services. How much will the support plan cost the company for the month?
ch.3.8.Your company enrolled in the Business Support plan and, through the course of three months, consumed $33,000 of AWS services (the consumption was equally divided across the months). How much will the support plan cost the company for the full three months?
ch.3.9.Which of the following AWS support services does not offer free documentation of some sort?
AWS Professional Services
The Basic Support plan
AWS Partner Network
The Knowledge Center
ch.3.10.What is the key difference between the roles of AWS Professional Services and a technical account manager (TAM)?
The Professional Services product helps AWS Partner Network cloud professionals work alongside your own team to help you administrate your cloud infrastructure. The TAM is a cloud professional employed by AWS to guide you through the planning and execution of your infrastructure.
The TAM is a cloud professional employed by AWS to guide you through the planning and execution of your infrastructure. The Professional Services product provides cloud professionals to work alongside your own team to help you administrate your cloud infrastructure.
The TAM is a member of your team designated as the point person for all AWS projects. The Professional Services product provides consultants to work alongside your own team to help you administrate your cloud infrastructure.
The Professional Services product is a network appliance that AWS installs in your data center to test cloud-bound workloads for compliance with best practices. The TAM is a cloud professional employed by AWS to guide you through the planning and execution of your infrastructure.
Ch.3.11.AWS documentation is available in a number of formats, including which of the following? (Select TWO.)
Microsoft Word (DOC)
ch.3.12.Which of the following documentation sites are most likely to contain code snippets for you to cut and (after making sure you understand exactly what they’ll do) paste into your AWS operations? (Select TWO.)
ch.3.13.What is the primary function of the content linked from the Knowledge Center?
To introduce new users to the functionality of the core AWS services
To explain how AWS deployments can be more efficient and secure than on-premises
To provide a public forum where AWS users can ask their technical questions
To present solutions to commonly encountered technical problems using AWS infrastructure
ch.3.14.On which of the following sites are you most likely to find information about encrypting your AWS resources?
ch.3.15.When using AWS documentation pages, what is the best way to be sure the information you’re reading is up-to-date?
The page URL will include the word latest.
The page URL will include the version number (i.e., 3.2).
The page will have the word Current at the top right.
There is no easy way to tell.
ch.3.16.Which of the following is not a Trusted Advisor category?
Fault Tolerance Fault Tolerance
ch.3.17.“Data volumes that aren’t properly backed up” is an example of which of these Trusted Advisor categories?
ch.3.18.Instances that are running (mostly) idle should be identified by which of these Trusted Advisor categories?
ch.3.19.Within the context of Trusted Advisor, what is a false positive?
An alert for a service state that was actually intentional
A green OK icon for a service state that is failed or failing
A single status icon indicating that your account is completely compliant
Textual indication of a failed state
ch.3.20.Which of the following Trusted Advisor alerts is available only for accounts on the Business or Enterprise Support plan? (Select TWO.)
MFA on Root Account
Load Balancer Optimization
IAM Access Key Rotation
ch.4.1.Which of the following designations would refer to the AWS US West (Oregon) region?
ch.4.2.Which of the following is an AWS Region for which customer access is restricted?
Asia Pacific (Tokyo)
ch.4.3.When you request a new virtual machine instance in EC2, your instance will automatically launch into the currently selected value of which of the following?
ch.4.4.Which of the following are not globally based AWS services? (Select TWO.)
ch.4.5.Which of the following would be a valid endpoint your developers could use to access a particular Relational Database Service instance you’re running in the Northern Virginia region?
ch.4.6.What are the most significant architectural benefits of the way AWS designed its regions? (Select TWO.)
It can make infrastructure more fault tolerant.
It can make applications available to end users with lower latency.
It can make applications compliant with local regulations.
It can bring down the price of running.
ch.4.7.Why is it that most AWS resources are tied to a single region?
Because those resources are run on a physical device, and that device must live somewhere
Because security considerations are best served by restricting access to a single physical location
Because access to any one digital resource must always occur through a single physical gateway
Because spreading them too far afield would introduce latency issues
ch.4.8.You want to improve the resilience of your EC2 web server. Which of the following is the most effective and efficient approach?
Launch parallel, load-balanced instances in multiple AWS Regions.
Launch parallel, load-balanced instances in multiple Availability Zones within a single AWS Region.
Launch parallel, autoscaled instances in multiple AWS Regions.
Launch parallel, autoscaled instances in multiple Availability Zones within a single AWS Region.
ch.4.9.Which of the following is the most accurate description of an AWS Availability Zone?
One or more independently powered data centers running a wide range of hardware host types
One or more independently powered data centers running a uniform hardware host type
All the data centers located within a broad geographic area
The infrastructure running within a single physical data center
ch.4.10.Which of the following most accurately describes a subnet within the AWS ecosystem?
The virtual limits imposed on the network access permitted to a resource instance
The block of IP addresses assigned for use within a single region
The block of IP addresses assigned for use within a single Availability Zone
The networking hardware used within a single Availability Zone
ch.4.11.What determines the order by which subnets/AZ options are displayed in EC2 configuration dialogs?
They (appear) to be displayed in random order.
By order of capacity, with largest capacity first
ch.4.12.What is the primary goal of autoscaling?
To ensure the long-term reliability of a particular physical resource
To ensure the long-term reliability of a particular virtual resource
To orchestrate the use of multiple parallel resources to direct incoming user requests
To ensure that a predefined service level is maintained regardless of external demand or instance failures
ch.4.13.Which of the following design strategies is most effective for maintaining the reliability of a cloud application?
ch.4.14.Which of the following AWS services are not likely to benefit from Amazon edge locations? (Select TWO.)
EC2 load balancers
Elastic Block Store (EBS) or Lambda
ch.4.15.Which of the following is the primary benefit of using CloudFront distributions?
Automated protection from mass email campaigns
Greater availability through redundancy
Greater security through data encryption
Reduced latency access to your content no matter where your end users live
ch.4.16.What is the main purpose of Amazon Route 53?
Countering the threat of distributed denial-of-service (DDoS) attacks
Managing domain name registration and traffic routing
Protecting web applications from web-based threats
Using the serverless power of Lambda to customize CloudFront behavior
ch.4.17.According to the AWS Shared Responsibility Model, which of the following are responsibilities of AWS? (Select TWO.)
The security of the cloud
Patching underlying virtualization software running in AWS data centers
Security of what’s in the cloud
Patching OSs running on EC2 instances
ch.4.18.According to the AWS Shared Responsibility Model, what’s the best way to define the status of the software driving an AWS managed service?
Everything associated with an AWS managed service is the responsibility of AWS.
Whatever is added by the customer (like application code) is the customer’s responsibility.
Whatever the customer can control (application code and/or configuration settings) is the customer’s responsibility.
Everything associated with an AWS managed service is the responsibility of the customer.
ch.4.19.Which of the following is one of the first places you should look when troubleshooting a failing application?
AWS Acceptable Use Monitor
Service Status Dashboard
AWS Billing Dashboard
Service Health Dashboard
ch.4.20.Where will you find information on the limits AWS imposes on the ways you can use your account resources?
AWS User Agreement Policy
AWS Acceptable Use Policy
AWS Acceptable Use Monitor
AWS Acceptable Use Dashboard
ch.5.1.What is the primary function of the AWS IAM service?
Identity and access management
Access key management
SSH key pair management
Federated access management
ch.5.2.Which of the following are requirements you can include in an IAM password policy? (Select THREE.)
Require at least one uppercase letter.
Require at least one number.
Require at least one space or null character.
Require at least one non-alphanumeric character.
ch.5.3.Which of the following should you do to secure your AWS root user? (Select TWO.)
Assign the root user to the “admins” IAM group.
Use the root user for day-to-day administration tasks.
Create a strong password.
ch.5.4.How does multi-factor authentication work?
Instead of an access password, users authenticate via a physical MFA device.
In addition to an access password, users also authenticate via a physical MFA device.
Users authenticate using tokens sent to at least two MFA devices.
Users authenticate using a password and also either a physical or virtual MFA device.
ch.5.5.Which of the following SSH commands will successfully connect to an EC2 Amazon Linux instance with an IP address of 188.8.131.52 using a key named mykey.pem?
echo "mykey.pem firstname.lastname@example.org" | ssh -i
ssh -i mykey.pem email@example.com
ssh -i firstname.lastname@example.org
ssh email@example.com:184.108.40.206 -i
ch.5.6.What’s the most efficient method for managing permissions for multiple IAM users?
Assign users requiring similar permissions to IAM roles.
Assign users requiring similar permissions to IAM groups.
Assign IAM users permissions common to others with similar administration responsibilities.
Create roles based on IAM policies, and assign them to IAM users.
ch.5.7.What is an IAM role?
A set of permissions allowing access to specified AWS resources
A set of IAM users given permission to access specified AWS resources
Permissions granted a trusted entity over specified AWS resources
Permissions granted an IAM user over specified AWS resources
ch.5.8.How can federated identities be incorporated into AWS workflows? (Select TWO.)
You can provide users authenticated through a third-party identity provider access to backend resources used by your mobile app.
You can use identities to guide your infrastructure design decisions.
You can use authenticated identities to import external data (like email records from Gmail) into AWS databases.
You can provide admins authenticated through AWS Microsoft AD with access to a Microsoft SharePoint farm running on AWS.
ch.5.9.Which of the following are valid third-party federated identity standards? (Select TWO.)
ch.5.10.What information does the IAM credential report provide?
A record of API requests against your account resources
A record of failed password account login attempts
The current state of your account security settings
The current state of security of your IAM users’ access credentials
ch.5.11.What text format does the credential report use?
ch.5.12.Which of the following IAM policies is the best choice for the admin user you create in order to replace the root user for day-to-day administration tasks?
ch.5.13.What will you need to provide for a new IAM user you’re creating who will use “programmatic access” to AWS resources?
A password and MFA
An access key ID
An access key ID and secret access key
ch.5.14.What will IAM users with AWS Management Console access need to successfully log in? ***
Their username, account_number, and a password
Their username and password
Their account number and secret access key
Their username, password, and secret access key
ch.5.15.Which of the following will encrypt your data while in transit between your office and Amazon S3?
A client-side master key
ch.5.16.Which of the following AWS resources cannot be encrypted using KMS?
Existing AWS Elastic Block Store volumes
ch.5.17.What does KMS use to encrypt objects stored on your AWS account?
SSH master key
KMS master key
Client-side master key
Customer master key
ch.5.18.Which of the following standards governs AWS-based applications processing credit card transactions?
ch.5.19.What is the purpose of the Service Organization Controls (SOC) reports found on AWS Artifact?
They can be used to help you design secure and reliable credit card transaction applications.
They attest to AWS infrastructure compliance with data accountability standards like Sarbanes–Oxley.
They guarantee that all AWS-based applications are, by default, compliant with Sarbanes–Oxley standards.
They’re an official, ongoing risk-assessment profiler for AWS-based deployments.
ch.5.20.What role can the documents provided by AWS Artifact play in your application planning? (Select TWO.)
They can help you confirm that your deployment infrastructure is compliant with regulatory standards.
They can provide insight into various regulatory and industry standards that represent best practices.
They can provide insight into the networking and storage design patterns your AWS applications use.
They represent AWS infrastructure design policy.