# 1 What is a benefit of the AWS design concept "loose coupling"?

O It minimizes the interdependency of applications.

X It breaks large data processing tasks into several small, separate tasks.

X It provides an identity only enough access to complete its assigned tasks.

X It automates system recovery processes.
## Explanation

Loose coupling means that complex applications should be broken down into small, loosely coupled components with as few interdependencies as possible. 

This way, a change in one component does not cause failures in a cascading manner through other system components.


https://d0.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf


# 2 You have detected a billing issue within your AWS account and want to create a billing support case. Which of the following should you do?

X Submit a query to the AWS Knowledge Center

O Sign in to the AWS Support Center and create a billing case

X Sign in to the Billing and Management Console and query Cost and Usage reports

X Sign in to Cost Explorer and troubleshoot the usage issue yourself
## Explanation

In order to open a billing support case, you must sign in to the AWS Support Center as either the root account owner or with IAM permissions to open a support case.

The AWS Knowledge Center provides access to a library of documents and resources account and billing support free of charge. You can find answers to your questions quickly by visiting the AWS Knowledge Center. However, you cannot open a support case there.

The Billing and Management Console allows you to query Cost and Usage reports but does not directly allow you to create a billing case.

Cost Explorer allows you to monitor usage but to open a billing support case you must sign into the AWS Support Center and create a billing case.

https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-get-answers.html#billing-support




# 3 What is Amazon CloudFront? 

O A global content delivery network

X A web service to schedule regular data movement

X A development front-end to Amazon Web Services

X An encrypted endpoint to upload files to the cloud
## Explanation

Amazon CloudFront is a global content delivery network (CDN) service that accelerates delivery of your websites, APIs, video content or other web assets through CDN caching. 

It integrates with other Amazon Web Services products to give developers and businesses an easy way to accelerate content to end users with no minimum usage commitments.

https://aws.amazon.com/cloudfront/


# 4 VPC security groups operate at the instance level, whereas _____ are an optional layer of security that operate at the subnet level.
O network ACLs

X DB security groups

X proxy servers

X IAM rules
## Explanation

Network ACLs operate at the subnet level (second layer of defense), whereas security groups operate at the instance level (first layer of defense).

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html#VPC_Security_Comparison


# 5 Which of these is a benefit of migrating business operations to the AWS cloud?

O An increased focus on revenue-generating activities

X The ability to enhance cross-organizational dependencies

X The ability to recreate existing infrastructure in the cloud

X A guarantee of free Enterprise-level support
## Explanation

One of the primary benefits of migrating business operations to the AWS cloud is that it allows organizations to focus on revenue generation rather than maintaining infrastructure.

https://aws.amazon.com/professional-services/CAF/


# 6 What is the purpose of the Elastic Load Balancing service?

X Deny incoming or outgoing requests that fail to meet a set of provided rules

X Transmit network messages outside of the VPC without use of the public internet

O Improve system fault tolerance by distributing traffic across multiple AWS resources

X Connect external clients to the correct resource based upon the assigned domain or subdomain
## Explanation

The AWS Elastic Load Balancer is a network service that distributes application traffic across multiple EC2 instances and availability zones. 

It provides network fault tolerance by automatically scaling up or down based on network traffic requirements.

https://aws.amazon.com/elasticloadbalancing/


# 7 Your company is considering moving its operations to the AWS cloud and is concerned about data resiliency. Which of the following would you recommend as an example of resiliency within AWS?

X The ability to provision extra capacity

X The ability to monitor hardware security

X The ability to use access control mechanisms

O The ability to use multiple Availability Zones
## Explanation

One benefit of the AWS cloud is its ability to architect for resilience. 

In this case, using multiple Availability Zones could improve the resilience of data centers.

https://aws.amazon.com/blogs/architecture/it-resilience-within-aws-cloud-part-ii-architecture-and-patterns/


# 8 In order for Amazon Inspector to access your EC2 instances and collect the assessment data, ________.
X you have to select the KeyPair associated with your EC2 instance while configuring Amazon Inspector

X assessment data is pushed to Inspector by AWS agent, no roles needed

O you have to create an IAM role and associate it with Amazon Inspector

X Amazon Inspector always runs with admin permissions and has access to EC2 instances by default unless you revoke the permissions
## Explanation

As a pre-requisite to Amazon Inspector, an IAM role has to be created and associated with Inspector.

The role must allow Inspector to ec2:describeInstances 

https://docs.aws.amazon.com/inspector/latest/userguide/inspector_settingup.html



# 9 What is a benefit of using identity federation?

O It minimizes the amount of administration required within IAM.

X You do not need to configure any IAM policies to control access.

X You can use the same user to authenticate multiple users externally to your account.

X It allows you to authenticate other users from other AWS accounts.
## Explanation

Identity federation allows you to access and manage AWS resources even if you don’t have a user account within IAM.

Identity federation allows users from identity providers (IdP) which are external to AWS to access AWS resources securely without having to supply AWS user credentials from a valid IAM user account. 
An example of an identity provider can be your own corporate Microsoft Active Directory; federated access would then allow the users within it to access AWS. Other forms of identity providers can be any OpenID Connect (OIDC) web provider. Common examples of these are FaceBook, Google & Amazon.

As a result, if you need users to access AWS resources that already have identities that could be used as an identity provider, then you could allow access to your environment using these existing accounts instead of setting each of them up a new identity within AWS IAM. The benefits of this are two-fold:

* It minimizes the amount of administration required within IAM.

* It allows for a Single Sign-On (SSO) solution.

https://aws.amazon.com/iam/details/manage-federation/


# 10 Serverless computing falls under which category of cloud computing services?
X Software as a Service

X Infrastructure as a Service

O Function as a Service

X Platform as a Service
## Explanation

Serverless computing falls under the Function as a Service category. 

With Lambda, you create a Lambda function, give it permission to access specific AWS resources, and then connect the function to your AWS resources. 

https://aws.amazon.com/lambda/


# 11 Which service sends alerts from CloudWatch?
X Amazon SES

X Amazon SQS

O Amazon SNS

X Amazon EBS
## Explanation

AWS Auto Scaling and Simple Notification Service (SNS) work in conjunction with CloudWatch. 

You use Amazon SNS with CloudWatch to send messages when an alarm threshold has been reached.

http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/related_services.html


# 12 What principles does AWS recommend to remove single points of failure from your design? (Choose 2 answers.)
X Remove redundancy

O Data replication

O Detect failure

X Single data center resilience
## Explanation

There are several types of data replication that can help reduce single points of failure: 

* synchronous, 

* asynchronous, and 

* quorum-based. 

In addition, AWS systems should be set up to detect and repair issues that could potentially cause failures automatically.

The remaining choices could increase the single points of failure in a system's design. While redundancy requires additional resource costs, it helps maintain service in the event of outages. Multi-datacenter resilience (not single) is a recommended design approach in the event of larger failures, such as a natural disaster, that could affect multiple availability zones.


https://d0.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf


# 13 You are implementing Amazon CloudWatch for monitoring of your AWS infrastructure. What can you use within CloudWatch to take actions such as sending a notification to an SNS topic or an Auto Scaling policy?
O Alarm

X Event

X Dashboard

X Action

## Explanation

You can use an alarm to automatically initiate actions on your behalf. 

An alarm watches a single metric over a specified time period, and performs one or more specified actions, based on the value of the metric relative to a threshold over time. Alarms invoke actions for sustained state changes only. 

CloudWatch alarms will not invoke actions simply because they are in a particular state. The state must have changed and been maintained for a specified number of periods.

http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html


# 14 Which statement best describes an Amazon Machine Image (AMI)?

X A temporary virtual machine created during horizontal scaling

X A virtual machine backup file on a local server hard drive

O A preconfigured template for your instances

X A VMware configuration file for any network deployment
## Explanation

Amazon EC2 provides Amazon Machine Images (AMIs), which are preconfigured templates for your instances.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html


# 15 Key Management Service (KMS) is used to manage encryption keys in your AWS environment. How can you audit the changes made on KMS?
X KMS provides full audit details as part of KMS console which can be accessed through web interface and APIs.

X KMS provides history to each key changes; you can track the changes done on each key using key history.

X KMS will log all changes in a special S3 bucket that is created the first time KMS service is being used.

O KMS has full audit and compliance integration with CloudTrail; this is where you can audit all changes performed on KMS.
## Explanation

KMS is fully integrated with CloudTrail which provides audit and compliance features on all actions performed in KMS.

https://app.qa.com/amazon-web-services/amazon-web-services-key-management-service-kms-course/key-management-service-basics.html

# 16 Which statement is true about AWS Config and regions?
O AWS Config is a region-specific service, meaning it has to be configured in every region you wish to use it.

X AWS Config is a global service, once enabled it will work across all supported regions automatically.

X AWS Config can only be used in one region at a time.

X AWS Config is not enabled at a regional level.
## Explanation
AWS Config is region-specific, meaning that if you have resources in multiple regions, then you will have to configure AWS Config for each Region you want to record resource changes. When doing so, you can specify different options for each Region. For example, you could configure Config in one Region to record all supported resources across all services within that Region, and add a predefined AWS Managed Config rule that will check if EBS volumes are encrypted. In another region, you could select only to record a specific type of resource, such as Security Groups with no predefined rules allocated.

http://docs.aws.amazon.com/config/latest/developerguide/gs-console.html


# 17 Which of the following AWS services can be used to define a Virtual Network that closely resembles a traditional data center?
O Amazon VPC

X Amazon Connect

X Amazon ServiceBus

X Amazon Direct Connect
## Explanation

Amazon VPC allows you to create, monitor, manage, and provision your own virtual network within AWS. For its characteristics this service is the one that most closely resembles a traditional data center, regarding the level of power, configurability, and flexibility that it offers.

http://aws.amazon.com/vpc/faqs/#G1


# 18 Which choices below are benefits of using AWS-managed services instead of user-managed services? (Choose 2 answers.)

X Increased user controls

X additional customization

O reduced complexity

O reduced administration
## Explanation

The AWS managed services reduce the amount of development time required to design and implement a working service, and reduce the operational cost, time and technical knowledge required. As a trade-off, developers have less control over how the operating system and other components operate 'under the hood,' and managed services, in general, offer a standard set of options that are not customized for each user.

https://d0.awsstatic.com/whitepapers/aws-overview.pdf


# 19 What choice below accurately describes the 'pilot light' disaster recovery (DR) method?

X A scaled-down version of your entire system in another region that can be scaled with minimal recovery time.

X Backing up data to tape and to be sent offsite regularly, from which all data can be restored in the event of a disaster.

O A very small replica of only your business-critical systems that is always running in another region, in case you need to divert your workloads there in the event of a disaster.

X A complete duplicate of your entire system in another region, to which all traffic can be directed in the event of a disaster.
## Explanation

The idea of the pilot light is an analogy that comes from gas heating. In that scenario, a small flame that’s always on can quickly ignite the entire furnace to heat up a house. In this DR approach, you simply replicate part of your IT structure for a limited set of core services so that the AWS cloud environment seamlessly takes over in the event of a disaster. A small part of your infrastructure is always running simultaneously syncing mutable data (as databases or documents), while other parts of your infrastructure are switched off and used only during testing. Unlike a backup and recovery approach, you must ensure that your most critical core elements are already configured and running in AWS (the pilot light). When the time comes for recovery, you can rapidly provision a full-scale production environment around the critical core.

https://aws.amazon.com/blogs/publicsector/rapidly-recover-mission-critical-systems-in-a-disaster/


# 20 An enterprise using AWS has ten departments and wants to track the costs of each department. Which option meets this requirement?
X Setup IAM groups for each department and track their usage

X Setup IAM users for each department and track their usage

X Create separate accounts for each department and track them separately

O Create separate accounts for each department and use consolidated billing for payment and tracking
## Explanation

The cost of an IAM user or groups can never be tracked separately for the purpose of billing. 

The best solution, in this case, is to create a separate account for each department and use consolidated billing.

http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.html


# 21 Which of the following statements is true of automation in RDS?

X Amazon RDS automatically manages the database settings that are specific to your application.

O Amazon RDS automatically performs backups and patches the database software that powers your DB Instance.

X Amazon RDS automatically builds the relational schema that best fits your use case.

X Amazon RDS automatically performs system construction activities such as performance tuning to optimize your database for your application's workflow.
## Explanation

Amazon RDS manages the work involved in setting up a relational database: from provisioning the infrastructure capacity you request to installing the database software. 

Once your database is running on its own DB Instance, Amazon RDS automates common administrative tasks, such as performing backups and patching the database software that powers your DB Instance. 

For optional Multi-AZ deployments (currently supported for MySQL and Oracle database engines), Amazon RDS also manages synchronous data replication across Availability Zones and automatic failover.
____
Since Amazon RDS provides native database access, you interact with the relational database software as you normally would. 

This means you’re still responsible for managing the database settings that are specific to your application. 

You’ll need to build the relational schema that best fits your use case and are responsible for any performance tuning to optimize your database for your application’s workflow.

http://aws.amazon.com/rds/faqs/#3


# 22 Which of the following is an IAM best practice?

X Assign MFA to users with minimal authorization

O Assign permissions to groups and add users to that group

X Assign permissions to users where possible

X Rotate your access keys once every two years
## Explanation

IAM groups contain IAM users, and these groups will have IAM policies associated that will allow or explicitly deny access to AWS resources. These policies are either AWS Managed policies that can be selected from within IAM, or customer-managed policies that are created by you, the customer.

Groups are normally created that relate to a specific requirement or job role. Any users that are a member of that group inherit the permissions applied to the group. By applying permissions to a group instead of individual users, it makes it easy to modify permissions for multiple users at once. All you would need to do is modify the permissions of a group and all users associated with the group would inherit the new access. 

http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#use-groups-for-permissions


# 23 Which of the choices below best describes what Auto Scaling is well suited for?

X Only for applications with a stable usage pattern but extremely high workload.

O Both for applications that have stable demand patterns and that experience hourly, daily, or weekly variability in usage.

X Both for applications that use frameworks and SDKs to enhance its customer relationship.

X Only for applications that experience hourly, daily, or weekly variability in usage.
## Explanation

Auto Scaling is well suited to both applications that have stable demand patterns and that experience hourly, daily, or weekly variability in usage. Whether the demand is predictable or unpredictable auto scaling can be a good choice. If the demand is predictable and long term you may choose reserved instances. 

If the demand is unpredictable you may choose on-demand or even spot instance (if you can afford to have an instance lost unexpectedly).

http://aws.amazon.com/autoscaling/


# 24 According to Amazon, what two types of use cases does AWS CloudTrail solve by logging API activity?

X hardware and software

X intranet and extranet

X efficiency and performance

O operational and security
## Explanation

In general, looking up API activity captured by CloudTrail is helpful in troubleshooting operational and security incidents in your AWS account.

https://aws.amazon.com/cloudtrail/faqs/


# 25 Which statement about Auto Scaling is false?
X Auto Scaling can work with CloudWatch.

X Auto Scaling can launch an instance at a specific time.

O One auto scaling group can launch instances in different regions.

X One auto scaling group can launch instances in different availability zones.
## Explanation

Auto Scaling provides an option to scale up and scale down based on certain conditions or triggers from CloudWatch. 

A user can configure such that one auto scaling group can launch instances across availability zones, but it cannot span across regions.

http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/as-dg.pdf


# 26 You have recently purchased some reserved instances and are unsure if they are being used. Which of the following is a possible way to check this?

X Command Line Interface

X Personal Health Dashboard

O Reserved Instance utilization report

X Consolidated Billing console
## Explanation

The following three tools are available to determine Reserved Instance utilization:
* Detailed billing report. 

* Reserved Instance utilization report.

* Billing and Cost Management console. 

https://aws.amazon.com/premiumsupport/faqs/


# 27 How often does Amazon CloudWatch report metrics for AWS WAF?
O 1 minute

X 3 minutes

X  5 minutes

X 10 minutes
## Explanation

WAF integrates well with Amazon CloudWatch allowing you to monitor set metrics for the service. 

WAF CloudWatch metrics are reported in one minute intervals by default.  

http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/waf-metricscollected.html


# 28 You have a general development question and you decide that you need some support from AWS. Which of the following severity levels do you think would be an approriate choice for this issue? 

O General Guidance

X System impaired

X Production system down

X Business-critical system down
## Explanation

In AWS Support, if you have a general development question or want to request a feature (Developer, Business, and Enterprise), it is considered as a General Guidance severity level.

http://docs.aws.amazon.com/awssupport/latest/user/getting-started.html


# 29 You are viewing your AWS resources but can only see the resources tied to the region you've specified. What is the reason for this?
X Because you only have permissions set to view one region at a time

X Because you can only view resources in the region closest to you

X Because this is probably an error as you should be able to view resources across all your regions at all times

O Because regions are isolated from each other, and AWS does not replicate resources across regions automatically
## Explanation

When viewing your resources, you'll only see the resources tied to the region you've specified. 

The reason for this is because regions are isolated from each other, and AWS does not replicate resources across regions automatically.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#using-regions-availability-zones-setup


# 30 Why does AWS recommend using stateless cloud applications, when possible?
X Stateless applications are more secure than stateful applications.

X Stateless applications are always more cost-effective than stateful applications.

O Stateless applications enable more scalability and resilience in each application layer.

X Stateless applications offer a higher degree of encryption for data in transit.
## Explanation

A stateless application needs no knowledge of previous application actions, and stores no session data, and thus can be scaled horizontally with minimal friction.

https://aws.amazon.com/blogs/gametech/stateful-or-stateless/


# 31 Which statement is true about AWS WAF rules?

O Rules are executed in the order they appear in the Web ACL.

X Rules are added to conditions.

X All rules that have an action of 'block' are automatically listed first.

X It is not possible to edit a rule once it has been created.
## Explanation

An important point to make about rules is that they are executed in the order that they are listed within WAF. 

So be careful to architect this order correctly for your rulebase, typically these are ordered as shown:

* WhiteListed IP - Allow

* BlackListed IP - Block

* Bad Signatures - Block

http://docs.aws.amazon.com/waf/latest/developerguide/getting-started.html


# 32 Which service model allows you to configure and customize your environment from the base up?
X Software as a Service (SaaS)

O Infrastructure as a Service (IaaS)

X Platform as a Service (PaaS)

X ‘Anything’ as a Service (XaaS)
## Explanation

IaaS provides the greatest level of customization as you can configure the environment from the ground up, starting from which operating system to install and up. 

Other service models have fixed components which you are unable to change or manage.

https://app.qa.com/cloud-computing/what-is-cloud-computing-introductory-course/cloud-service-models.html

# 33 To ensure that resources are distributed across a region's Availability Zones, what does AWS do?
X AWS independently maps regions to identifiers for each account.

O AWS independently maps Availability Zones to identifiers for each account.

X Every time you launch a new resource, AWS maps it to any resource that you launched previously in a different Availability Zone.

X AWS uses a random number generator to map Availability Zones to the resources.
## Explanation

To ensure that resources are distributed across a region's Availability Zones, Amazon Web Services independently maps Availability Zones to identifiers for each account. 

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#using-regions-availability-zones-setup


# 34 Auto Scaling provides which of the following benefits for your application?
O Your application gains better fault tolerance.

X Your application and IT staff are held to compliance requirements you have set.

X Your application reduces its latency in delivering content to a global market.

X You acquire clarity on prototypes in your application.
## Explanation

When you use Auto Scaling, your applications gain better fault tolerance. 

Auto Scaling can detect when an instance is unhealthy, terminate it, and launch an instance to replace it. 

You can also configure Auto Scaling to use multiple Availability Zones. 

If one Availability Zone becomes unavailable, Auto Scaling can launch instances in another one to compensate.

http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/how-as-works.html


# 35 Amazon RDS provides failover support for DB instances using _______.
O Multi-AZ deployments

X DB snapshots

X Security Groups

X Performance Insights
## Explanation

Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. 

Multi-AZ deployments for Oracle, PostgreSQL, MySQL, and MariaDB DB instances use Amazon technology, while SQL Server DB instances use SQL Server Mirroring.

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html


# 36 Which feature of AWS Marketplace allows sellers to see how customers are using their products and provides estimates of product revenue?

X Tax item data feeds

O Daily business reports

X Offer data feeds

X Daily customer subscriber report
## Explanation

The Daily business reports feature of AWS Marketplace allows sellers to understand how AWS customers are using your products on a daily basis and the estimated revenue from that usage.

Tax item data feeds are a feature of AWS Marketplace that provides information about tax calculations for a customer invoice.

Offer data feeds provide information about all offers you've created as the seller of record.

Daily customer subscriber reports are lists of data for customers who purchased your products. This report doesn't specify current or past usage, only that a customer is subscribed to your product. 

https://docs.aws.amazon.com/marketplace/latest/userguide/daily-business-report.html


# 37 Which tool within Billing and Cost Management allows you to view historical billing information in a graphical format?
O AWS Cost Explorer

X AWS Budgets

X Consolidated Billing

X Cost Allocation Tags
## Explanation

Cost Explorer is a useful and powerful tool in Billing and Cost Management. 

It allows you to view historical billing information in a graphical format giving you greater insight into your AWS spending. 

A valuable tool that can help to identify where you should be focusing your cost optimization efforts. 

It also can forecast your estimated spending up to two months ahead using existing data as a reference. 

If you can see that your estimated future bills are becoming too high, you have the time now to identify where you can make and initiate cost reduction mechanisms to help mitigate the risk.
____
Cost Explorer comes configured with three pre-defined views which are commonly used to analyze spending across your account:

* Monthly Spend by Service view - this covers the current and previous two months and is grouped by AWS services

* Monthly Spend by Linked Account View - this covers the current and previous two months and is grouped by linked accounts

* Daily Spend view - this covers the daily spend over the previous sixty days

http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-explorer-what-is.html


# 38 When using __________, you simply upload your application code to the Platform as a Service, and the service handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.
X AWS Lambda

O AWS Elastic Beanstalk

X Amazon ECS

X AWS Batch
## Explanation

AWS Elastic Beanstalk is an easy way for you to quickly deploy and manage applications in the AWS cloud. 

You simply upload your application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. 

http://aws.amazon.com/elasticbeanstalk/?nc1=h_l2_dm


# 39 AWS uses the term __________ to describe the ability to scale computing resources up and down easily, with minimal friction.
X Scalable

O Elastic

X N+1

X Large-scale
## Explanation

Amazon AWS is based on the concept of elasticity: it means that you can use instances and other AWS resources without any restrictions on scalability or limits on the amount of available resources.

http://aws.amazon.com/ec2/


# 40 A user is planning to define their own information security management system (ISMS) for AWS. Which of the following security models should the user be familiar with to define the ISMS for AWS?
O AWS Shared Responsibility Model

X AWS Shared Security Model

X AWS Shared Hosting Model

X AWS Shared Ownership Model
## Explanation

To design an ISMS (Information Security Management System) with Amazon Web Services, the user must first be familiar with the AWS shared responsibility model, which requires AWS and the customers to work together towards the security objectives.

http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf


# 41 What does Amazon CloudFormation provide?
X Autoscaling option for Amazon EC2 instances

O Templates to deploy AWS resources

X Synchronous data replication across Availability Zones and automatic failover

X Guidelines for support of new database engine versions
## Explanation

You can use AWS CloudFormation's sample templates or create your own templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application.
http://aws.amazon.com/cloudformation/


# 42 Can ELB load balancers span across multiple regions?

O No, but load balancers can span across Availability Zones in the same region.

X No, load balancers can only be within a single Availability Zone.

X Yes, load balancers can span across regions globally.

X Yes, load balancers can span across regions globally but not across multiple Availability Zones.
## Explanation

The Load Balancer is the destination to which all requests intended for your load-balanced application should be directed. 

Each Load Balancer can distribute requests to multiple EC2 instances. 

A Load Balancer is represented by a DNS name and a set of ports. 

Load Balancers can span multiple Availability Zones within an EC2 Region, but they cannot span multiple regions.

https://s3-ap-southeast-1.amazonaws.com/awsmylabs/html/scale_the_application.html


# 43 A user is uploading a backup of data to S3 Glacier as part of a disaster recovery plan. The data stored in S3 Glacier is part of a larger data recovery plan that involves other AWS services.There is a relatively small set of data (100 MB) that needs to be restored immediately when a disaster recovery plan is executed, and the organization is planning a recovery time objective (RTO) of 1 hour. Assuming the data size meets the requirements for any of the given retrieval options below, which S3 Glacier data retrieval option would you plan in the event of a disaster?

X Use Expedited retrievals without Provisioned Capacity

O Use Expedited Retrievals with Provisioned Capacity

X Use Bulk retrievals

X Use Standard retrievals
## Explanation

There are three retrieval options with Amazon S3 Glacier:

* Expedited — There are two types of Expedited retrievals: On-Demand and Provisioned. On-Demand requests are similar to EC2 On-Demand instances and are available most of the time. Provisioned requests are guaranteed to be available when you need them, which is recommended for a DR plan.

* Standard — Standard retrievals allow you to access any of your archives within several hours. 

* Bulk — Bulk retrievals are Amazon S3 Glacier’s lowest-cost retrieval option, which you can use to retrieve large amounts, even petabytes, of data inexpensively in a day. Bulk retrievals typically complete within 5–12 hours.

http://docs.aws.amazon.com/amazonglacier/latest/dev/introduction.html


# 44 Which of the following statements is true of Amazon S3?
X The largest object that can be uploaded in a single PUT is 75 gigabytes.

O Each object can contain up to 5 TB of data.

X A user cannot upload unlimited objects to an S3 bucket.

X Each object can be a maximum of 5 TB, and S3 supports only 10 objects per bucket.
## Explanation

The maximum size of an object can be 5 TB, but Amazon S3 allows uploading an unlimited amount of objects to a single bucket. 

Thus, S3 allows unlimited total data storage over S3.

http://docs.aws.amazon.com/AmazonS3/latest/dev/Introduction.html


# 45 Which of the following describes AWS Budgets?
X A dashboard that provides quick insights into your recent account cost and usage.

X A collection of dynamic graphs that allow you to discover usage trends and provides estimated usage and cost forecasts.

X A set of reports that provide detailed historic cost and usage data for your account.

O A service that allows you to set specific spending and usage limits for AWS services
## Explanation

AWS Budgets is a service within the Billing and Cost Management console that allows you to set limits for service usage, cost, and reserved instance utilization. 

You can create alerts to receive notifications when you exceed or are forecasted to exceed your specific thresholds.

https://aws.amazon.com/aws-cost-management/aws-budgets/?nc2=h_m1


# 46 _______ are objects created within IAM which have policy permissions associated to them. While they can be associated with users as groups are, they can also be assigned to instances at the time of launch.
O IAM roles

X IAM groups

X IAM users

X IAM organizations
## Explanation

IAM Roles are objects created within IAM which have Policy permissions associated to them. 

However, instead of just being associated with users as groups are, roles can be assigned to instances at the time of launch. 

This allows the instance to adopt the permissions given by the role without the need to have access keys stored locally on the instance.
<br><br><br>
IAM Users are account objects that allow an individual user to access your AWS environment with a set of credentials. 

You can issue user accounts to anyone you want to view or administer objects and resources within your AWS environment. 

Permissions can be applied individually to a user, but the best practice for permission assignments is to add the user to an IAM Group.
<br><br><br>
IAM Groups are objects that have permissions assigned to them via Policies allowing the members of the Group access to specific resources. 

Having Users assigned to these groups allows for a uniform approach to access management and control.

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html


# 47 What service is used to store the log files generated by CloudTrail?

X Amazon EFS

O Amazon S3

X Amazon RDS

X Amazon EBS
## Explanation

The AWS CloudTrail uses Amazon’s Simple Storage Service (S3) to store log files. 

It also supports the use of S3 life cycle configuration rules to reduce storage costs. 

https://aws.amazon.com/cloudtrail/


# 48 Your organization is moving operations from on-premises to the AWS cloud. Which of the following describes the difference between operational costs in on-premises environments and in public cloud environments?

X Unpredictable on-premises costs and fixed capital expenditures in the cloud.

X Immediate Return on Investment (ROI) with on-premises operations and delayed ROI in the cloud.

O Variable operational expenses in the cloud and reduced capital expenses associated with daily operations on-premises.

X Predictable operational expenses on-premises and in the cloud.
## Explanation

When migrating operations from on-premises to AWS, an organization will reduce upfront, capital expenditures on computers, servers, and other hardware related to business operations and experience variable costs depending on which AWS services are used within the cloud.

https://pages.awscloud.com/rs/112-TZM-766/images/Cloud%20Economics%20Ebook_October%202018.pdf


# 49 Which of the following best defines the AWS Key Management Service?
X A secure cryptographic key storage for customers

O A managed service that makes it easy for you to create and control the encryption keys used to encrypt your data

X A detailed view of the resources associated with your AWS account

X A web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS
## Explanation

The AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.

http://docs.aws.amazon.com/kms/latest/developerguide/overview.html


# 50 How is Key Management Service (KMS) priced?

X KMS is priced per KMS key; you are charged for the number of master keys maintained in KMS.

X KMS is priced per data encryption keys; you are charged for the number of individual data keys maintained in KMS.

X KMS is priced per number of encryption/decryption requests received from all services per month.

O KMS is priced per KMS key and the number of requests received per month.
## Explanation

KMS is priced per two factors: 

* the number of KMS keys maintained in KMS 

* the number of requests received within a month.

https://app.qa.com/amazon-web-services/amazon-web-services-key-management-service-kms-course/key-management-service-basics.html


# 51 Your company wants you to ensure that AWS provides infrastructure reviews as part of its support plan. Which of the following support levels should you choose to make sure that this is included?

X Developer-level Support

O Enterprise-level Support

X Customer-level Support

X Business-level Support

## Explanation

Enterprise-level Support customers have access to the following features:

* White-glove case routing

* Management business reviews

* Application architecture guidance

* Infrastructure event management

* AWS Concierge

* Technical account manager

http://docs.aws.amazon.com/awssupport/latest/user/getting-started.html


# 52 Which description of a Recovery Time Objective (RTO) is correct?

O It is the maximum acceptable amount of time a system can be offline.

X It is the maximum acceptable amount of data loss measured in time.

X It is the maximum acceptable amount of income loss measured in transactions.

X It is the minimum amount of time before a system can recover from a disaster.
## Explanation

A recovery time objective (RTO) is the maximum acceptable time to restore system service after a disruption, while a recovery point objective (RPO) is the maximum acceptable amount of data loss measured in time. 

The two concepts are interrelated. 

The amount of data loss a business can tolerate usually determines the desired recovery time objective. 

The desired RTO then generally determines the disaster recovery method.

https://en.wikipedia.org/wiki/Recovery_point_objective


# 53 What does the AWS best practice "designing for failure" mean?

X To develop cloud systems that never fail

O To design systems to anticipate failure and recover automatically

X To develop systems with single points of failure

X To back up your cloud environment with an on-premises environment
## Explanation

Designing for failure means assuming that what can go wrong will go wrong. 

Design your infrastructure to respond to potential outages of multiple kinds with an automated recovery process in place.

https://github.com/deep1224/AWS-Training-Docs/blob/master/AWS_Cloud_Best_Practices.pdf


# 54 You are migrating your business environment to the AWS Cloud. You have identified the resources that must be created in the AWS environment to support the migration. What tool could you use to help project future costs given this information?

X Trusted Advisor

O AWS Pricing Calculator

X Cost Explorer

X Detailed Billing Reports
## Explanation

The AWS Pricing Calculator is used to calculate projected costs, assuming you know what AWS resources you’ll be consuming.

AWS Trusted Advisor provides recommendations that help you follow AWS best practices. Trusted Advisor evaluates your account by using checks. It is not a method for evaluating the future costs of services in an AWS environment.

AWS Cost Explorer allows you to visualize, understand, and manage your AWS costs and usage over time, assuming you have already established AWS services.

Detailed billing reports are available to you once you have established services within AWS.

https://aws.amazon.com/pricing/cost-optimization/


# 55 If your AWS data must meet specific regulations such as the EU Data protection laws, what must you do?

X Be aware that they exist and comply with them when and if you have time to do so

X Move your data somewhere else so you don’t have to worry about extra security

O Architect your environment to meet these security requirements

X Keep that data on-premise and do not move it to the cloud under any circumstance
## Explanation

Some laws require specific security controls, retention requirements, etc, dependent on the data being stored. 

Other legislations exist where certain data may have to remain within a specific region and can not be transferred out of those boundaries. 

You need to architect your environment to meet these security requirement and mitigate the risk of data being stored in a geographic location that’s restricted. 

Breaches to this legislation could have a legal impact and lead to additional risks against your organization, so it's fundamental that you are aware of your data privacy and storage location laws and regulations.

https://app.qa.com/cloud-computing/internal-business-effects-of-the-cloud-course/business-risks.html


# 56 How does AWS define cloud computing?

O The on-demand delivery of IT resources through a cloud services platform via the Internet with pay-as-you-go pricing.

X A pool of servers offering compute resources that are designed to be issued exclusively to individual users and organizations.

X The term used by cloud architects to describe virtualized technology.

X A secure pool of compute, storage, and network resources that are accessible only on-premises.


## Explanation

AWS cloud computing is described as the on-demand delivery of IT resources through a cloud services platform via the Internet with pay-as-you-go pricing.

https://aws.amazon.com/what-is-cloud-computing/


# 57 Amazon Glacier is a secure, _____, and extremely low-cost cloud storage service for data archiving and long-term backup.

X fast

O durable

X scalable

X modular
## Explanation

Amazon Glacier is an extremely low-cost cloud storage service that provides secure, durable, and flexible storage for data backup and archival.
http://aws.amazon.com/glacier/


# 58 Which of the following is not a pillar of the Well-Architected Framework developed by AWS?
X Operational excellence

X Security

X Reliability

O Profitability
## Explanation
To understand the elements of the well-architected framework you must be aware of the 5 pillars that the framework is based and built upon:

* Operational excellence

* Security

* Reliability

* Performance efficiency

* Cost optimization

https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf


# 59 Amazon _____ provides you the ability to easily add user sign-up/sign-in to your apps along with permission management, in addition to enabling data storage on user devices.
O Cognito

X Directory Service

X Identity and Access Management

X Organizations
## Explanation

Amazon Cognito lets you easily add user sign-up and sign-in and manage permissions for your mobile and web apps. 

You can create your own user directory within Amazon Cognito, or you can authenticate users through social identity providers such as Facebook, Twitter, or Amazon; with SAML identity solutions; or by using your own identity system. 

In addition, Amazon Cognito enables you to save data locally on users' devices, allowing your applications to work even when the devices are offline.

http://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html


# 60 By default, the data that is stored on an attached non-root Amazon EBS volume will persist _______.

X until the instance reboots

X until the instance is stopped

X until the instance is terminated

O after an instance is terminated
## Explanation

The data stored on a local instance store will persist only as long as that instance is running. 

However, data that is stored on an Amazon EBS volume will persist independently of the life of the instance. 

You can modify the deleteontermination setting to change this if so desired.

https://aws.amazon.com/ec2/faqs/


# 61 What types of identities do Amazon Cognito identity pools support?

X They support only unauthenticated identities.

O They support both authenticated and unauthenticated identities.

X They support only authenticated identities.

X They support neither authenticated nor unauthenticated identities.
## Explanation

Amazon Cognito identity pools support both authenticated and unauthenticated identities.

Authenticated identities belong to users who are authenticated by a public login provider or your own backend authentication process. 

Unauthenticated identities typically belong to guest users.

http://docs.aws.amazon.com/cognito/devguide/identity/identity-pools/

# 62 ________ is an extremely low-cost storage service that provides secure and durable storage for data archiving and backup.

X Amazon S3

X Amazon EC2

O Amazon Glacier

X Amazon EBS
## Explanation

Amazon Glacier is an extremely low-cost storage service that provides secure and durable storage for data archiving and backup. 

In order to keep costs low, Amazon Glacier is optimized for data that is infrequently accessed and for which retrieval times of several hours are suitable.

http://aws.amazon.com/glacier/


# 63 Which of these is a centralized way to programmatically query AWS for pricing information regarding specific products and services?

O Price List Service API

X Cost Allocation Tags

X Monthly cost allocation reports

X AWS CloudTrail
## Explanation

The Price List Service API provides a centralized and convenient way to programmatically query AWS for services, products, and pricing information. 

The Price List Service API uses standardized product attributes such as Location, Storage Class, and Operating System, and provides prices at the SKU level. 

You can use Price List Service to build cost control and scenario planning tools, reconcile billing data, forecast future spend for budgeting purposes, and provide cost-benefit analyses that compare your internal workloads with AWS. 
<br><br><br>
Cost Allocation Tags, Monthly cost allocation reports, and AWS CloudTrail are ways to tag and track billing and use-related cost information for already established services.

https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/using-pelong.html


# 64 _______ is the process by which a system establishes what you can access and at what level (after you have authenticated to it).

O Authorization

X Verification

X Authentication

X Access Control
## Explanation

So here we are looking at your access privileges and permissions. If, for example, you logged into an AWS account, you would have authenticated yourself by providing the correct identity and password, now AWS security features, and in this case, AWS IAM (Identity & Access Management service) defines the level of authorized access assigned to that identity within the AWS environment. Each identity can have a different level of authorization properties associated with it. It’s these properties that determine what that identity can then access.  


/amazon-web-services/understanding-aws-authentication-authorization-accounting-course/authentication-authorization-and-access-control.html


# 65 What AWS cloud characteristic makes a resource almost immediately available to allocate when and where you need it?

X high availability

X elasticity

O on-demand resourcing

X economy of scale
## Explanation

On-demand resourcing provides you with the ability to provision resources within seconds and minutes, instead of days or weeks that it may take within an on-premise environment, especially if you had to order the additional hardware first. 

For example, if you had a server in AWS and its CPU utilization was steadily increasing with demand, you would be able to deploy a second server, which would be ready within minutes to take some of the load off of the first.

https://d0.awsstatic.com/whitepapers/aws-overview.pdf

