Which of the following are valid access types for an IAM user?

choose 3.

Using the AWS Software Developers Kit

Emergency access via Identity Access Management (IAM)

Security Group access via the AWS command line

Programmatic access via the command line

AWS Management Console access

The two types of access are AWS Management Console access and Programmatic Access via the
AWS API, the CLI, and the SDKs.

2 / 50

You need a managed, low-cost relational database for your e-commerce store. Which of the
following should you use?

AWS ElastiCache

RDS

DynamoDB

MySQL on EC2

RDS is your best option: it’s a low-cost, managed database solution.

3 / 50

You have been asked to archive some data into Glacier that needs to be encrypted. What is the
easiest way to achieve this?

Once the data is in Glacier use the AWS Console to encrypt it.

Glacier is not compatible with encrypted data, so it is the wrong choice for this – use S3 instead

Encrypt the data locally on your server before sending it to Glacier

Send the data to Glacier and do nothing more – all data in Glacier is encrypted by default
Data stored in Glacier is encrypted by default so nothing else needs to be done. Although you can
encrypt your data before sending it to Glacier, unless you need the extra security this brings over
using the inbuilt encryption this is not needed. Encrypting the data in-place once it is in Glacier is not
possible so is not a valid option.

4 / 50

Which AWS Load Balancer types uses a Round-Robin load distribution strategy?

choose 2.

The Classic uses a Round-Robin strategy for TCP listeners only.

The ALB uses a Round-Robin strategy 1st to select an ELB node, then selects a target based on the
routing rules.

The Classic uses a Round-Robin strategy for HTTP / HTTPS only.

The ALB 1st selects a target based on the routing rule, then uses a Round-Robin strategy to select a
node.

The Classic will use Round-Robin only for TCP. The ALB will use it for final web server selection after
parsing the routing rules.

5 / 50

Which of the following AWS services should you use if you’d like to be notified when you have
crossed a billing threshold?

CloudWatch

AWS Budget

AWS Cost Allocation

Trusted Advisor

A CloudWatch alarm can be set to monitor spending on your AWS Account.

6 / 50

You need to re-create an EBS volume that you have used previously. How might you go about doing
that?
Copy the AMI the volume was based on and spin it up.

Re-create the volume from a snapshot.

Use the copy that lives in the Auto Scaling group.

Use a CloudFormation template to recreate the volume.

You should re-create the volume from a snapshot

7 / 50

What happens when an RDS Master database in a Multi-AZ deployment goes down?

The asynchronous replication of RDS Multi-AZ deployments means you will suffer some data loss.

You must use the AWS console to promote the standby to Master.

RDS automatically fails over to the standby, which is promoted to Master.

You must copy the attached EBS volume to the standby.

8 / 50

Which Elastic Load Balancer type would be best suited to help you host a website?

Application

Web

Classic

Network

Although it looks like the right answer – there is no “Web” load balancer in AWS. Instead, the
Application Load Balancer fills this need. It is not recommended to use Classic Load Balancers
anymore are these have been superseded, and a network Load Balancer is not right for this case.

9 / 50

Which of the following is AWS’ managed database service that is up to 5X faster than a traditional
MySQL database
DynamoDB

PostgreSQL

Aurora

MariaDB

Aurora is AWS’ managed database service that is up to 5X faster than a traditional MySQL database.

10 / 50

You need a “virtual hard disk” for your EC2 instance. Which of the following should you choose?

RDS

EBS

DDB

S3

EBS volumes are “virtual hard disks” for your EC2 instance.

11 / 50

Which of the following is AWS’ event-driven, serverless compute service?

Lambda

Elastic Beanstalk

EC2

Lightsail

Lambda is AWS’ event-driven, serverless compute service?

12 / 50

Which of the below allow you to make entire buckets (like one hosting an S3 website) public?

Access Policies

Bucket Policies

Access Control Lists

Bucket Control Lists

Bucket Policies allow you to control access to entire buckets, whereas Access Control Lists let you
control access to individual objects within an S3 bucket. In relation to S3, Bucket Control Lists and
Access Policies do not exist as configuration items.

13 / 50

Generally, there are at least _______ Availability Zones per AWS Region

Generally, there are at least 2 Availability Zones per AWS Region. The only exception to this rule is
the Osaka Local Region, which has only one.

14 / 50

Amazon Lightsail is an example of which of the following?

Functions as a Service

Infrastructure as a Service

Platform as a Service

Software as a Service

Lightsail is AWS’ Platform-as-a-Service offering.

15 / 50

A software development team needs to create numerous testing environments each day based on
multiple concurrent project activities. Provisioning of these environments needs to happen within
minutes to ensure that project deadlines are met. The number of environments needed daily varies
depending shifting priorities in business requirements. How can the team best achieve the agility
they need for creating the testing environments?

Invoke AWS Lambda functions to run the test scenarios

Leverage AWS Auto Scaling to expand and contract the testing server pool based on demand

Use AWS Systems Manager Automation to provision and de-provision the testing environments

Have AWS CloudFormation provision the stacks and resources needed for the testing environments

AWS CloudFormation provides templates to specify all the AWS resources needed by the testing
environments. These templates can be instantiated as stacks to provision consistent environments
every time one is needed. AWS Auto Scaling will only handle the EC2 instances, and expands and
contracts instances based on policies. AWS Systems Manager is useful for system administration
tasks, and AWS Lambda has run-time limitations.

16 / 50

Your sales operations group would like to perform monthly analyses on large amounts of sales
activity. They want to be able to rank the performance of different territories, product categories,
and sales channels. They will use visualization tools to generate graphical representations of the
data. Which AWS service will provide the best solution for storing the sales data?

Amazon DynamoDB

Amazon Redshift

Amazon ElastiCache

Amazon Aurora

Amazon Redshift provides the best solution for performing queries based on a predefined set of
dimensions. Redshift organizes data for high performance based on user-specified distribution
schemes. Amazon ElastiCache provides in-memory performance, but no data organization
assistance. Amazon Aurora and Amazon DynamoDB are good solutions, but Redshift’s columnar
storage gives it the edge.

17 / 50

The Solutions Architect leading your project tells you the application your team is working on
requires a managed NoSQL database. Which of the following AWS services best fits that description?

DynamoDB

RDS

Redshift
ElastiCache

DynamoDB is AWS’ managed NoSQL database.

18 / 50

You’ve been tasked with assessing your AWS infrastructure in terms of cost optimization. Which of
the following AWS services would help with this task?

Cloud Trail

Trusted Advisor

AWS Personal Health Dashboard

AWS Systems Manager

AWS Trusted Advisor is an online tool that provides you with real-time guidance to help you
provision your resources following AWS best practices.

19 / 50

For which of the following categories does AWS Trusted Advisor provide best practices and/or or
checks of your AWS environment?

choose 4.

Availability of AWS resources

Right-size

Cost Optimization

Security

Fault Tolerance

Performance

High-Availability

Trusted Advisor provide best practices and/or or checks on Cost Optimization, Performance,
Security, and Fault Tolerance.
20 / 50

You have a mission-critical application that must be globally available at all times. Which deployment
strategy should you follow?

Multi-VPC in two AWS Regions

Multi-Availability Zone

Deploy to all Availability Zones in your home region.

Multi-Region

A Multi-Region deployment will best ensure global availability. While it can be the most expensive,
and complex to configure, Multi-Regional architectures will ensure that even if all Availability Zones
in a single region fail due to a catastrophic event, your data will remain accessible.

21 / 50

You have a variable and intermittent workload, so you want to use a compute service that allows
you to pay only for the compute resources you use, without paying for compute time when your
code isn’t running. Which of the following services should you use?

ECS

Lambda

EC2

Lightsail

Lambda allows you to run a variable and intermittent code without paying for compute time when
your code isn’t running.

22 / 50

True or False: To complete the process of creating a Multi-AZ RDS instance, you must copy the
primary instance to a public subnet in a second Availability Zone

False

True
To complete the process of creating a Multi-AZ RDS instance, you must copy the primary instance to
a private subnet. AWS generates a standby, and transactions are synchronously replicated.

23 / 50

Which of the following languages can be used to author CloudFormation templates?

choose 2.

CAMEL

Python

YAML

JSON

CloudFormation supports both JavaScript Object Notation (JSON) and YAML Ain’t Markup Language
(aka YAML) for authoring CloudFormation templates

24 / 50

Your project manager (PM) tasked you with launching an instance for a web application to be
developed for an NGO. The PM is especially interested in using an AWS service that provides
predicable monthly pricing, and he expects the instance to have the ability to burst above the
baseline level of CPU performance when needed. What AWS service should you use to launch this
instance?

Lightsail

Elasticsearch Service

CloudFront

EC2

Although EC2 could have been the correct answer, two things are key here: Predicable monthly
pricing and instance ability to burst above the baseline level of CPU performance when needed.
Lightsail accomplishes that; EC2 is more suitable for consistently high CPU performance, and costs
vary according to usage.

25 / 50
You notice that five of your 10 S3 buckets are no longer available in your account, and you assume
that they have been deleted. You are unsure who may have deleted them, and no one is taking
responsibility. What should you do to investigate and find out who deleted the S3 buckets?

Choose the Correct Answer

D. Look at the SNS log

A. Look at the S3 logs

C. Look at the CloudWatch Logs.

B. Look at the CloudTrail logs.

CloudTrail is logging service that logs actions taken by AWS users in your AWS account, such as
creating/deleting S3 buckets, starting/stopping EC2 stances, etc.

26 / 50

Which of the following tools provides a view of the performance and availability of your AWS
services based on your requirements?

AWS Trusted Advisor

AWS Personal Health Dashboard

AWS Systems Manager

AWS Service Health Dashboard

Although it’s easy to jump to AWS Service Health Dashboard as the answer, it does not provide a
personalized view of AWS services; it displays their general status. It’s AWS Personal Health
Dashboard that focuses on the performance and availability of your AWS services so that you can
respond accordingly.

27 / 50

For a subnet to be public and send non-local traffic to the Internet, we must update the Route Table
of the public subnet and attach which of the following to the VPC that contains the subnet?

Route 53

Network Access Control List

Internet Gateway

NAT Gateway

an Internet Gateway must be attached to the VPC.

28 / 50

You visit a clients site and get called into a corridor discussion. You are asked to describe the new
(2019) URL structure for objects in S3. Which of these do you use as a description

http, then the object name, then dot, then the AWS S3 regional endpoint, then dot, then bucket the
name

http, then the bucket name, then dot, then the AWS S3 regional endpoint, then slash, then the
object name

https, then the AWS S3 regional endpoint, then dot, then the bucket name, then slash, then the
object name

https, then the AWS S3 regional endpoint, then slash, then the bucket name, then slash, then the
object name

https, then the bucket name, then slash, then the AWS S3 regional endpoint, then slash, then the
object name

https, then the object name, then slash, then the AWS S3 regional endpoint, then slash, then bucket
the name

https, then the bucket name, then dot, then the AWS S3 regional endpoint, then slash, then the
object name

AWS has updated the URL format for objects in S3 in order to partition the name space. This will
introduce more consistency, but be aware that there are still multiple variation depending on
feature and location.

29 / 50

Which of the below terms represents a series of Edge Locations plus information about how you
want content managed as part of a CDN?

A Distribution

A Circulation

An Edge Group
A Load Balancer

A Distribution is made up of Edge Locations that you want to serve content from, and details about
how that content will be tracked an managed. Edge Groups and Circulations are not CloudFront
Concepts, and although Load Balancer is an AWS service that helps you direct web traffic, it is not
applicable in this case.

30 / 50

Amazon VPC ________

Affords you complete control of network configuration.

Amazon VPC offers all of these features.

Offers several layers of security controls.

Allows you to build a private, virtual network in the AWS cloud.

Amazon VPC allows you to build a private, virtual network in the AWS cloud, affords you complete
control of network configuration, and offers several layers of security controls.

31 / 50

You need to allow resources in a private subnet to access the internet. Which of the following must
be present to enable this access?

NAT Gateway

Network Access Control Lists

Security Groups

Route Tables

A NAT Gateway is required to allow resources in a private subnet to access the internet. Route tables
tell traffic where it should go next to reach its destination, but don’t actually process or transmit
traffic. Security Groups and Network Access Control Lists are used to protect resources from traffic,
and by themselves do not enable access to the internet – although they need to be properly
configured to let traffic bound for the internet out.

32 / 50
As an IT support center team member, you begin receiving calls from users about problems they’re
experiencing with your company’s AWS-based point-of-sale system. You want to begin your
investigation by checking with AWS for any service alerts they may be communicating. Which AWS
tool will you give you the information you seek?

AWS Global Status Center

AWS Trusted Advisor

AWS Operations Monitor

AWS Personal Health Dashboard

The AWS Personal Health Dashboard publishes alerts and remediation guidance when issues with
AWS services arise. Notifications are also provided for scheduled events that may impact AWS
customers. Trusted Advisor provides valuable guidance for architecting your AWS environment and
workloads, but doesn’t include AWS service health information. The other two options are not tools
offered by AWS.

33 / 50

Which of the following AWS services is a fast, fully managed data warehouse that makes it simple
and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence
tools

Redshift

Elastic Map Reduce

DynamoDB

Kinesis

Redshift is AWS’ fully-managed data warehouse solution.

34 / 50

Which of the following is AWS’ Data Warehousing service?

Redshift

Snowball

Elastic Map Reduce

S3 Big Data

Redshift is AWS’ data warehousing service. Elastic Map Reduce is a large scale data processing
service. Snowball is a physical appliance used to transfer data into, or out of AWS. S3 Big Data does
not exist.

35 / 50

With AWS Relational Database Service (RDS), which of the following are you responsible for?

Database backups

The optimization of your application using RDS

Operating system installation and patching

Database software installation and patching

All of these

Scaling

You are responsible only for the optimization of your application that uses RDS – AWS will take care
of the rest as this is considered a Managed Service.

36 / 50

Your application needs fully-managed storage for objects. Which of the following options should you
choose?

S3

EC2

EBS

RDS

S3 is fully-managed storage for objects. EBS provides virtual hard disks in the cloud and is block-
based not object-based. EC2 is a compute service, and RDS is a database service.

37 / 50
Which of the following AWS services gives you a personalized view into the performance and
availability of the AWS services underlying your AWS resources, alerting you and providing
remediation guidance when AWS is experiencing events that my affect you?

AWS Systems Manager

Trusted Advisor

AWS Personal Health Dashboard

Cloud Trail

AWS Personal Health Dashboard gives you a personalized view into the performance and availability
of the AWS services underlying your AWS resources.

38 / 50

Which of the below allows you to restrict access to individual objects in an S3 bucket?

Access Control Lists

Bucket Control Lists

Access Policies

Bucket Access Lists

Access Control Lists let you control access to individual objects within an S3 bucket, whereas Bucket
Policies allow you to control access to entire buckets. In relation to S3, Bucket Control Lists and
Access Policies do not exist as configuration items.

39 / 50

Which of the following Load Balancers uses Listeners, Targets, and Target Groups?

Application Load Blancer

Classic Load Balancer

The ALB uses Listeners, Targets, and Target Groups.

40 / 50

An EC2 instance in your VPC needs which of the following for the Internet Gateway to route its traffic
to the Internet?
C-Name

Public IP address

A-Name

Private IP address

An EC2 instance in your VPC needs a Public IP address for the Internet Gateway to route its traffic to
the Internet

41 / 50

You need to store a collection of objects that can also be accessed from a different AWS Region.
Which service should you use to do this?

S3

Elastic Container Service

EBS

DynamoDB

S3 allows you to access objects from anywhere in the world – as long as the appropriate permissions
are set!

42 / 50

Which of the following are AWS compute services?

choose 2.

EC2

Lambda

SNS

RDS

EC2 and Lambda are AWS Compute Services.

43 / 50

AWS VPC is a component of which of the following overall services categories?

Compute

Networking and Content Delivery

Database

Migration Services

Storage

Management Tools

In the AWS Console, VPC is found under the Networking and Content Delivery services. In the past it
was also under Compute services however a VPC is fundamentally an network construction.

44 / 50

You need to implement an automated service that will scan your AWS environment with the goal of
both improving security and reducing costs. Which service should you use?

Service Catalog

Config Rules

CloudTrail

Trusted Advisor

An online resource to help you reduce cost, increase performance, and improve security by
optimizing your AWS environment, Trusted Advisor provides real time guidance to help you
provision your resources following AWS best practices.

45 / 50

Your manager approaches you this morning to tell you there has been a surprise audit announced by
the internal audit team for all of your company’s AWS Accounts. Which service would you use to
provide the necessary information to the audit team?

CloudTrail

QuickSight

Inspector
CloudWatch

AWS CloudTrail is a service that enables governance, compliance, operational and risk auditing of
your AWS account.

46 / 50

You have just created a new bucket and uploaded a file into it – will this be automatically viewable
by anyone on the internet?

Only if you have an Internet Gateway

Yes – by default buckets and their contents are public

Only if you have a NAT Gateway

No – by default buckets and their contents are private

By default, all data stored in S3 is NOT viewable by the public. If you want a bucket or object to be
accessible by the public, you must explicitly make it so. NAT Gateways and Internet Gateways are
needed to allow communications between VPCs and the internet, but are not required when it
comes to S3

47 / 50

Which of the following are key components of Amazon Glacier?

choose 3.

Access Policy

Table

Volume

Bucket

Archive

Vault

Data is organised in S3 into Archives, and Vaults are used to group Archives together. Access policies
control who can access the data in Archives & Vaults. Buckets are a part of S3, but not Glacier.
Volumes are often associated with hard disks and therefore EBS, while Tables are database
constructs.

48 / 50

True or False: S3 is object storage suitable for the storage of ‘flat’ files like Word documents, photos,
etc

True

False

S3 is object storage suitable for the storage of ‘flat’ files like Word documents, photos, etc.

49 / 50

In AWS’ Global Infrastructure, what are Edge Locations responsible for?

Hosting a Content Delivery Network called CloudFront

Providing independent power grids to Availability Zones

Providing redundant backup to your AWS services

Providing disaster recovery services

Edge Locations host a Content Delivery Network called CloudFront.

50 / 50

Which of the following is the document used to grant permissions to users, groups, and roles?

Protocol

Policy

Passbook

Paradigm

A Policy is the document used to grant permissions to users, groups, and roles.