The default region for an SDK is "US-EAST-1"

True

False

Which of the following languages is NOT supported by the AWS SDK

Python

Ruby

Node.JS

C++

PHP

Java

A HTTP 4XX code means

There has been a server side error (such as a 404, webpage not found).

There has been a client side error.

There has been a redirection.

The request was successful.

You have an EC2 instance which needs to find out both its private IP address and its public IP address.
To do this you need to;

Run IPCONFIG (Windows) or IFCONFIG (Linux)

Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/

Retrieve the instance Userdata from http://169.254.169.254/latest/meta-data/

Use the following command; AWS EC2 displayIP

A HTTP 3xx Code means

The request was successful.

There has been a client side error.

There has been a server side error.

There has been a redirection.

To retrieve instance metadata or userdata you will need to use the following IP Address;
http://127.0.0.1

http://192.168.0.254

http://10.0.0.1

http://169.254.169.254

In order to enable encryption at rest using EC2 and Elastic Block Store you need to

Configure encryption when creating the EBS volume

Configure encryption using the appropriate Operating Systems file system

Configure encryption using X.509 certificates

Mount the EBS volume in to S3 and then encrypt the bucket using a bucket policy.

You can have multiple SSL certificates on an Elastic Load Balancer

True

False

Which AWS service below is chargeable?

Autoscaling

Elastic Beanstalk

Elastic Load Balancers

Cloud Formation

A HTTP 200 code means;

The request has failed

The request was successful

There has been a server side error

There has been a client side error.

A HTTP 5XX Code means

There has been a server side error.

There has been a client side error.

There has been a redirection.

The request was a success.

Which statement best describes IAM?

• IAM allows you to manage users, groups and roles and their corresponding level of access to
the AWS Platform.

• IAM allows you to manage users passwords only. AWS staff must create new users for your
organisation. This is done by raising a ticket.

• IAM allows you to manage permissions for AWS resources only.

• IAM stands for Improvised Application Management and it allows you to deploy and manage
applications in the AWS Cloud.

Which is NOT a feature of IAM?

• Centralised control of your AWS account

• Integrates with existing active directory account allowing single sign on

• Fine-grained access control to AWS resources

• Allows you to setup biometric authentication, so that no passwords are required

EC2 instances can have credentials stored on them so that the instances can access other resources
(such as S3 buckets) AND AWS recommends that you do this instead of assigning roles.

• True

• False

What is the name of the service to allow users to use their social media account to gain temporary
access to the AWS platform?

• Active Directory Authentication Services

• Web Confederation Services

• Web Identity Federation

• Facebook Sign In Service

What is the API call used to obtain temporary security credentials when authenticating using Web
Identity Federation?

• GetRoleWithWebIdentity

• AssumeRoleWithWebIdentity

• GetRole
• AssumeRole

What is the name of the API call to request temporary security credentials from the AWS platform when
federating with Active Directory?

• GetSAMLRole

• ShowMeTheSAML

• AssumeRoleWithSAML

• CovertRoleToSAML

When using active directory to authenticate to AWS what are the correct steps performed?

1) The user navigates to the AWS console, 2) The user enter in their active directory single sign on
credentials in to AWS, 3) The user's web browser receives a SAML assertion from AWS, 4) The user is
then able to access the AWS Console.

1) The user navigates to ADFS webserver, 2) The user enter in their single sign on credentials, 3) The
user's web browser receives a SAML assertion from the AD server, 4) The user's browser then posts the
SAML assertion to the AWS SAML end point for SAML and the AssumeRoleWithSAML API request is used
to request temporary security credentials. 5) The user is then able to access the AWS Console.

1) The user navigates to ADFS webserver, 2) The user enter in their single sign on credentials, 3) The
user's web browser receives a SAML assertion from the AD server, 4) The user's browser then posts the
SAML assertion to the AWS SAML end point for SAML and the GiveUserSAMLAccess API request is used
to request temporary security credentials. 5) The user is then able to access the AWS Console.

Federating with Active Directory is not possible with AWS.

SAML stands for Security Assertion Markup Language.

• True

• False

The AWS sign-in endpoint for SAML is https://signin.aws.amazon.com/saml

• True

• False

When using Web Identity Federation to allow a user to access an AWS service (such as an S3 bucket)
what is the correct order of steps?
1) A user authenticates with facebook first. They are then given an ID token by facebook. An API call
called AssumeRoleWithWebIdentity is then used in conjunction with the ID token. A user is then granted
temporary security credentials.

1) A user logs in to the AWS platform using their facebook credentials. 2) AWS authenticate with
facebook to check the credentials. 3) Temporary Security Access is granted to AWS.

Users cannot use Facebook credentials to access the AWS platform.

1) A user makes the AssumeRoleWithWebIdentity API Call. 2) The user is then redirected to facebook to
authenticate. 3) Once authenticated the user is given an ID token. 4) The user is then granted temporary
access to the AWS platform.

The minimum file size allowed on S3 is 0 bytes?

True

False

If you encrypt a bucket on S3 what encryption does AWS use?

Data Encryption Standard (DES)

International Data Encryption Algorithm (IDEA).

Advanced Encryption Standard (AES) 128

Advanced Encryption Standard (AES) 256

You create a static hosting website in a bucket called "acloudguru" in Japan using S3. What would the
new URL End Point be?

http://www.acloudguru.s3-website-ap-northeast-1.amazonaws.com

https://s3-ap-northeast-1.amazonaws.com/acloudguru/

http://acloudguru.s3-website-ap-northeast-1.amazonaws.com

http://acloudguru.s3-website-ap-southeast-1.amazonaws.com

http://acloudguru.s3-website-ap-southeast-2.amazonaws.com

What is the largest size file you can transfer to S3 using a PUT operation?

100Mb

1Gb
5Gb

1Tb

5Tb

If you want to enable a user to download your private data directly from S3, you can insert a pre-signed
URL into a web page before giving it to your user.

True

False

When you first create an S3 bucket, this bucket is publicly accessible by default.

True

False

DynamoDB is a No-SQL database provided by AWS.

True

False

You have a motion sensor which writes 600 items of data every minute. Each item consists of 5kb. Your
application uses eventually consistent reads. What should you set the read throughput to?

20

10

30

A scan is more efficient than a query in terms of performance.

True

False

What does the error “ProvisionedThroughputExceededException” mean in DynamoDB?

The DynamoDB table has exceeded the allocated space.

You exceeded your maximum allowed provisioned throughput for a table or for one or more global
secondary indexes.

There is no such error message. The correct error message would be

"ProvisionedThroughputFailureException"
The DynamoDB table is unavailable.

You have a motion sensor which writes 600 items of data every minute. Each item consists of 5kb. What
should you set the write throughput to?

10

20

40

50

100

What is the API call to retrieve multiple items from a DynamoDB table?

GetItems

BatchGetItems

BatchGet

BatchGetItem

You have a motion sensor which writes 600 items of data every minute. Each item consists of 5kb. Your
application uses strongly consistent reads. What should you set the read throughput to?

10

20

40

Using the AWS portal, you are trying to Scale DynamoDB past its preconfigured maximums. Which
service can you increase by raising a ticket to AWS support?

Local Secondary Indexes

Global Secondary Indexes

Provisioned throughput limits

Item Sizes

You have an application that needs to read 25 items of 13kb in size per second. Your application uses
eventually consistent reads. What should you set the read throughput to?

25

50

100
10

You have an application that needs to read 25 items of 13kb in size per second. Your application uses
strongly consistent reads. What should you set the read throughput to?

100

50

25

10

What is the default visibility time out setting for SNS?

1 hour

1 day

1 year

1 month

30 seconds

An SQS message can be delivered multiple times.

True

False

You are designing a new application which involves processing payments and delivering promotional
emails to customers. You plan to use SQS to help facilitate this. You need to ensure that the payment
process takes priority over the creation and delivery of emails. What is the best way to achieve this.

Use 1 SQS queue for the platform. Use the SetPriority API call to ensure that all payment SQS messages
take priority over the promotional email messages.

Use 2 SQS queues for the platform. Have the EC2 fleet poll the payment SQS queue first. If this queue is
empty, then poll the promotional emails queue.

Use 1 SQS queue for the platform. Use the HighPriority API call to ensure that all payment SQS messages
take priority over the promotional email messages.

Use 2 SQS queues for the platform. Have the EC2 fleet poll the promotional emails SQS queue first. If
this queue is empty, then poll the payment emails queue.

Your EC2 instances download jobs from the SQS queue, however they are taking too long to process
them. What API call can you use to extend the length of time to process the jobs?

AlterMessageTime

SetMessageVisibility

ChangeMessageVisibility
ExtendMessageTime

What is the default visibility time out?

1 year

15 minutes

1 minute

30 seconds

10 seconds

You have a fleet of EC2 instances that are constantly polling empty SQS queues which is burning CPU
compute cycles and costing your company money. What should you do?

Enable SQS Long Polling.

Delete the entire EC2 fleet so that they no longer poll the queue.

Enable SQS Short Polling.

Consider using Elasticache to cache the messages, rather than SQS.

What is the maximum long poll time out?

5 seconds

5 minutes

50 seconds

1 hour

20 seconds

SQS was the first service on the AWS platform?

True

False

How large can an SQS message be?

64Kb

128Kb

256Kb

512Kb
SNS is pull based rather than push based?

True

False

Which of these is a protocol NOT supported by SNS;

HTTP

HTTPS

Email

Email-JSON

FTP

SQS

Application

Messages cannot be customised for each protocol used in SNS?

True

False

You have a list of subscribers email addresses that you need to push emails out to on a periodic basis.
What do you subscribe them to?

A Message

A Subject

A Subreddit

A Topic

You can use SNS in conjunction with SQS to fan a single message out to multiple SQS queues.

True

False

SWF consists of a domain, workers and deciders?

True

False

Maintaining your application’s execution state (e.g. which steps have completed, which ones are
running, etc.) is a perfect use case for SWF.
True

False

Amazon SWF is useful for automating workflows that include long-running human tasks (e.g. approvals,
reviews, investigations, etc.) Amazon SWF reliably tracks the status of processing steps that run up to
several days or months.

True

False

In Amazon SWF what is a decider.

The decider is an EC2 instance which monitors SWF and decides whether to delete a message in SWF or
not.

The decider is a systems administrator who must decided on how an SWF is designed.

The decider is a program that controls the coordination of tasks, i.e. their ordering, concurrency, and
scheduling according to the application logic.

The decider is a person in the Amazon warehouse who must decide on what products to deliver.

Amazon SWF is useful for automating workflows that include long-running human tasks (e.g. approvals,
reviews, investigations, etc.) Amazon SWF reliably tracks the status of processing steps that run up to
several days or months.

True

False

What languages and development stacks is NOT supported by AWS Elastic Beanstalk?

• Apache Tomcat for Java applications

• Apache HTTP Server for PHP applications
• Apache HTTP Server for Python applications
• Nginx or Apache HTTP Server for Node.js applications
• Passenger for Ruby applications
• Jetty for Jbos applications

Elastic Beanstalk is object based storage.

 • True
• False

Unlike Cloud Formation, Elastic Beanstalk itself is not free free AND you must also pay for the
resources it provisions.

• True
• False

The default scripting language for CloudFormation is

• JSON
• Ruby
• Python
• PHP

Cloud Formation itself is free, however the resources it provisions will be charged at the usual rates.

• True
• False

What happens if Cloud Formation encounters an error by default?

• It will stop, however the resources already provisioned will remain.

• It will continue going and tell you what resources could not be provisioned.
• It will terminate and rollback all resources created on failure.
• It will log you out of the AWS platform.

You are creating a virtual data centre using cloud formation and you need to output the DNS name of
your load balancer. What command would you use to achieve this?

• FN::GetAtt
• FN::PostAtt
• LS::GetAtt
• LS:ReceiveAtt

What language are cloud formation templates written in?

• PHP
• Ruby
• JSON
• Python
In the shared responsibility model, what is AWS's responsibility?

• Restricting access to the data centres, proper destruction of decommissioned disks, managing
security groups for users.
• Managing security groups for users, Managing OS Level Patches.
• Creating IAM roles and managing this for AWS users.
• Restricting access to the data centres, proper destruction of decommissioned disks, patching of
firmware for the hardware on which your AWS resources reside.

You are required to patch OS and Applications in RDS?

• True
• False

VPC stands for Virtual Private Cloud

• True
• False

Security groups act like a firewall at the instance level whereas ___ are an additional layer of security
that act at the subnet level

• Network ACLs
• DB Security Groups
• VPC Security Groups
• Route Tables

Select the incorrect statement;

• In Amazon VPC, an instance retains its private IP

• It is possible to have private subnets in VPC
• A subnet can be associated with multiple Access Control Lists
• You may only have 1 internet gateway per VPC

How many VPC's am I allowed in each AWS Region by default?

• 1
• 2
• 3
• 4
• 5
How many internet gateways can I attach to my custom VPC

• 1
• 2
• 3
• 4
• 5

True or False - Amazon S3 buckets in all Regions provide read-after-write consistency for PUTS of new
objects and eventual consistency for overwrite PUTS and DELETES.

• True
• False

In Identity Access Management, using SAML (Security Assertion Markup Language 2.0) you can give
your federated users single sign-on (SSO) access to the AWS Management Console.

• True
• False

You can have 1 subnet stretched across multiple availability zones.

• True
• False

When you create new subnets within a custom VPC, by default they can communicate with each
other, across availability zones.

• True
• False

To retrieve instance metadata or userdata you will need to use the following IP Address;

• http://127.0.0.1
• http://192.168.0.254
• http://10.0.0.1
• http://169.254.169.254

Amazon S3 buckets in all regions do not provide eventual consistency for overwrite PUTS and
DELETES.

• True
• False

In order to enable encryption at rest using EC2 and Elastic Block Store you need to

• Configure encryption when creating the EBS volume

 • Configure encryption using the appropriate Operating Systems file system
• Configure encryption using X.509 certificates
• Mount the EBS volume in to S3 and then encrypt the bucket using a bucket policy.

You run a website which hosts videos and you have two types of members, premium fee paying
members and free members. All videos uploaded by both your premium members and free members
are processed by a fleet of EC2 instances which will poll SQS as videos are uploaded. However you
need to ensure that your premium fee paying members videos have a higher priority than your free
members. How do you design SQS?

• SQS allows you to set priorities on individual items within the queue, so simply set the fee
paying members at a higher priority than your free members.
• Create two SQS queues, one for premium members and one for free members. Program your
EC2 fleet to poll the premium queue first and if empty, to then poll your free members SQS
queue.
• SQS would not be suitable for this scenario. It would be much better to use SNS to encode the
videos.

You can have multiple SSL certificates (for multiple domain names) on a single Elastic Load Balancer.

• True
• False

What is the default region for all SDKs?

• US-WEST-1
• US-EAST-1
• EU-WEST-1
• EU-CENTRAL-1

Which of the following languages is NOT supported by the AWS SDK?

• Python
• Java
• PHP
• Node.JS
• C++
• Ruby

Which of these AWS services do not use key value pairs?

• DynamoDB
• SNS
• SWF
• Route53

After successfully uploading a file to S3, what HTTP response code should you expect to see?

• HTTP 200
 • HTTP 300
• HTTP 400
• HTTP 500

What is the default encryption used on S3?

• Advanced Encryption Standard (AES) 256

• Camellia
• Data Encryption Standard (DES) 256
• Advanced Encryption Standard (AES) 128

With EC2 you can have 2 types of storage, EBS storage or Instance Store. EBS is persistent and if an
EC2 instance is stopped with an EBS volume attached, there will be no data lost. Instance Store is
ephemeral and if the EC2 instance is stopped, all data will be lost.

• True
• False

You are designing an application which needs to locate the public IP address on the EC2 instance on
which it is stored. What do you do?

• Get the application to run IFCONFIG to get the public IP address.

• Get the instance's USER data by visiting http://169.254.169.254/latest/user-data/
• Get the application to run IPCONFIG to get the public IP address.
• Get the instance's META data by visiting http://169.254.169.254/latest/meta-data/

You have 2 EC2 instances which sit in a custom VPC in a public subnet. These instances are able to
receive internet traffic. You add a 3rd instance to the subnet, but it cannot access the internet. What
should you do?

• Move the EC2 instance in to another subnet.

• Add an elastic IP address to the new instance.
• Enable port 80 on the security group
• Check your ACL permissions

You have added a NAT EC2 instance to your VPC, but your EC2 instances in the private subnet still
cannot access the internet. What should you do with the NAT?

• Disable source/destination checks on the NAT instance

• Move the NAT to another Subnet
• Provision a second NAT and enable failover between the
• Enable source/destination checks on the NAT instance

There is a hard limit on how much data you can store on S3.

• True
• False

What is the largest size file you can transfer to S3 using a PUT operation?
 • 100Mb
• 1Gb
• 5Gb
• 1Tb
• 5Tb

It is possible to transfer a reserved instance from one Availability Zone to another.

• True
• False

You have an EC2 instance which needs to find out both its private IP address and its public IP address.
To do this you need to;

• Run IFCONFIG (Windows) or IFCONFIG (Linux)

• Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/
• Retrieve the instance Userdata from http://169.254.169.254/latest/meta-data/
• Use the following command; AWS EC2 displayIP

Amazon S3 buckets in all regions provide read-after-write consistency for PUTS of new objects.

• True
• False

Amazon S3 provides;

• Unlimited File Size for Objects

• Unlimited Storage
• A great place to run a No SQL database from
• The ability to act as a web server for dynamic content (i.e. can query a database)

You can select a specific Availability Zone in which to place your DynamoDB Table

• True
• False

If you make an AMI public, this AMI is immediately available across all regions, by default.

• True
• False

You are hosting a static website in an S3 bucket which uses Java script to reference assets in another
S3 bucket. For some reason however these assets are not displaying when users browse to the site.
What could be the problem?

• Amazon S3 does not support Javascript

• You cannot use one S3 bucket to reference another S3 bucket.
• You haven't enabled Cross Origin Resource Sharing (CORS) on the bucket where the assets are
stored.
• You need to open port 80 on the appropriate security group in which the S3 bucket is located.
You have a motion sensor which writes 300 items of data every 30 seconds. Each item consists of 5kb.
Your application uses eventually consistent reads. What should you set the read throughput to?

• 20
• 10
• 5
• 30