As an AWS customer you inherit all the best practices of AWS policies, architecture, and operational processes. Show
Nội dung chính Show
The AWS Cloud enables a shared responsibility model. AWS manages security OF the cloud; you are responsible for security IN the cloud. You retain control of the security you choose to implement to protect your own content, platform, applications, systems, and networks no differently than you would in an on-site data center. Benefits of AWS Security
ComplianceAWS Cloud Compliance enables you to understand the robust controls in place at AWS to maintain security and data protection in the cloud. As systems are built on top of AWS Cloud infrastructure, compliance responsibilities will be shared. Compliance programs include:
AWS ArtifactAWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). 100% questions in this part are the real AWS Cloud Practitioner exam questions. Highly recommended for your exam preparation!For PDF Format: 1. Under the shared responsibility model, which of the following is the customer responsible for? A. Ensuring that disk drives are wiped after
use. Reveal Answer: B 2. Which services are parts of the AWS serverless platform? A. Amazon EC2, Amazon S3, Amazon Athena Reveal Answer: C 3. Which of the following services is in the category of AWS serverless platform? A. Amazon EMR Reveal Answer: C 4. An administrator needs to rapidly deploy a popular IT solution and start using it immediately. Where can the administrator find assistance? A. AWS Well-Architected Framework documentation Reveal Answer: D 5. One benefit of On-Demand Amazon Elastic Compute Cloud (Amazon EC2) pricing is: A. the ability to bid for a lower hourly cost. Reveal Answer: C 6. Which of the following tasks is the responsibility of AWS? A. Encrypting client-side data Reveal Answer: C 7. Which is the MINIMUM AWS Support plan that provides technical support through phone calls? A. Enterprise Reveal Answer: B 8. How should a customer forecast the future costs for running a new web application? A. Amazon Aurora Backtrack Reveal Answer: C 9. A company will be moving from an on-premises data center to the AWS Cloud. What would be one financial difference after the move? A. Moving from variable operational expense (opex) to upfront capital expense (capex). Reveal Answer: C 10. A solution that is able to support growth in users, traffic, or data size with no drop in performance aligns with which cloud architecture principle? A. Think parallel Reveal Answer: B 11. Which of the following can limit Amazon Simple Storage Service (Amazon S3) bucket access to specific users? A. A public and private key-pair Reveal Answer: C 12. What can AWS edge locations be used for? (Choose two.) A. Hosting applications Reveal Answer: B D 13. How does AWS shorten the time to provision IT resources? A. It supplies an online IT ticketing platform for resource requests. Reveal Answer: D 14. Which AWS service can serve a static website? A. Amazon S3 Reveal Answer: A 15. Which is the minimum AWS Support plan that includes Infrastructure Event Management without additional costs? A. Enterprise Reveal Answer: A 16. Which AWS feature should a customer leverage to achieve high availability of an application? A. AWS Direct Connect Reveal Answer: B 17. In which scenario should Amazon EC2 Spot Instances be used? A. A company wants to move its main website to AWS from an on-premises web server. Reveal Answer: D 18. Which of the following common IT tasks can AWS cover to free up company IT resources? (Choose two.) A. Patching databases software Reveal Answer: A C 19. Which AWS services can be used to gather information about AWS account activity? (Choose two.) A. Amazon
CloudFront Reveal Answer: C E 20. How do customers benefit from Amazon’s massive economies of scale? A. Periodic price reductions as the result of Amazon’s operational efficiencies Reveal Answer: A 21. If each department within a company has its own AWS account, what is one way to enable consolidated billing? A. Use AWS Budgets on each account to pay only to budget. Reveal Answer: C 22. Which of the following features can be configured through the Amazon Virtual Private Cloud (Amazon VPC) Dashboard? (Choose two.) A. Amazon CloudFront distributions Reveal Answer: C D 23. Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Choose two.) A. AWS Trusted Advisor Reveal Answer: B E 24. Which of the following is a component of the shared responsibility model managed entirely by AWS? A. Patching operating system software Reveal Answer: D 25. Which service is best for storing common database query results, which helps to alleviate database access load? A. Amazon Machine Learning Reveal Answer: C 26. Amazon Relational Database Service (Amazon RDS) offers which of the following benefits over traditional database management? A. AWS manages the data stored in Amazon RDS tables. Reveal Answer: B 27. Which AWS support plan includes a dedicated Technical Account Manager? A. Developer Reveal Answer: B 28. Which of the following is an important architectural design principle when designing cloud applications? A. Use multiple Availability Zones. Reveal Answer: A 29. Which of the following services falls under the responsibility of the customer to maintain operating system configuration, security patching, and networking? A. Amazon RDS Reveal Answer: B 30. Which service provides a hybrid storage service that enables on-premises applications to seamlessly use cloud storage? A. Amazon Glacier Reveal Answer: C 31. Which of the following security measures protect access to an AWS account? (Choose two.) A. Enable AWS CloudTrail. Reveal Answer: B E 32. Which of the following is an AWS Cloud architecture design principle? A. Implement single points of failure. Reveal Answer: D 33. Which of the following can an AWS customer use to launch a new Amazon Relational Database Service (Amazon RDS) cluster? (Choose two.) A. AWS Concierge Reveal Answer: B E 34. Which AWS Cost Management tool allows you to view the most granular data about your AWS bill? A. AWS Cost Explorer Reveal Answer: C 35. The financial benefits of using AWS are: (Choose two.) A. reduced Total Cost of Ownership (TCO). Reveal Answer: A C 36. A company is migrating an application that is running non-interruptible workloads for a three-year time frame. Which pricing construct would provide the MOST cost-effective solution? A. Amazon EC2 Spot Instances Reveal Answer: D 37. Which AWS service can be used to manually launch instances based on resource requirements? A. Amazon EBS Reveal Answer: C 38. Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Choose two.) A. Ensuring that application data is encrypted at rest Reveal Answer: A C 39. Which AWS service would you use to obtain compliance reports and certificates? A. AWS Artifact Reveal Answer: A 40. Which AWS services are defined as global instead of regional? (Choose two.) A. Amazon Route 53 Reveal Answer: A D 41. What technology enables compute capacity to adjust as loads change? A. Load balancing Reveal Answer: D 42. How would an AWS customer easily apply common access controls to a large set of users? A. Apply an IAM policy to an IAM group. Reveal Answer: A 43. Which of the following AWS features enables a user to launch a pre-configured Amazon Elastic Compute Cloud (Amazon EC2) instance? A. Amazon Elastic Block Store (Amazon EBS) Reveal Answer: B 44. Which of the following steps should be taken by a customer when conducting penetration testing on AWS? A. Conduct penetration testing using Amazon Inspector, and then notify AWS support. Reveal Answer: D 45. Which of the following is an advantage of consolidated billing on AWS? A.
Volume pricing qualification Reveal Answer: A 46. Which AWS service provides a customized view of the health of specific AWS services that power a customer’s workloads running on AWS? A. AWS Service Health Dashboard Reveal Answer: B 47. Where can AWS compliance and certification reports be downloaded? A. AWS Artifact Reveal Answer: A 48. Which is the MINIMUM AWS Support plan that allows for one-hour target response time for support cases? A. Enterprise Reveal Answer: B 49. Which design principles for cloud architecture are recommended when re-architecting a large monolithic application? (Choose two.) A. Use manual monitoring. Reveal Answer: C E 50. Which Amazon EC2 pricing model adjusts based on supply and demand of EC2 instances? A. On-Demand Instances Reveal Answer: C 51. Which of the following services could be used to deploy an application to servers running onpremises? (Choose two.) A. AWS Elastic Beanstalk Reveal Answer: B C 52. Which service allows a company with multiple AWS accounts to combine its usage to obtain volume discounts? A. AWS Server Migration Service Reveal Answer: B 53. What is Amazon CloudWatch? A. A code repository with
customizable build and team commit features. Reveal Answer: B 54. If a customer needs to audit the change management of AWS resources, which of the following AWS services should the customer use? A. AWS Config Reveal Answer: A 55. Which AWS service provides the ability to manage infrastructure as code? A. AWS CodePipeline Reveal Answer: D 56. When performing a cost analysis that supports physical isolation of a customer workload, which compute hosting model should be accounted for in the Total Cost of Ownership (TCO)? A.
Dedicated Hosts Reveal Answer: A 57. Which of the following is a benefit of using the AWS Cloud? A. Permissive security removes the administrative burden. Reveal Answer: B 58. Where should a company go to search software listings from independent software vendors to find, test, buy and deploy software that runs on AWS? A. AWS Marketplace Reveal Answer: A 59. Which task is AWS responsible for in the shared responsibility model for security and compliance? A. Granting access to individuals and services Reveal Answer: C 60. Which of the following are categories of AWS Trusted Advisor? (Choose two.) A. Fault Tolerance Reveal Answer: A D 61. Which AWS service provides alerts when an AWS event may impact a company’s AWS resources? A. AWS Personal Health Dashboard Reveal Answer: A 62. A company wants to reduce the physical compute footprint that developers use to run code. Which service would meet that need by enabling serverless architectures? A. Amazon Elastic Compute Cloud (Amazon EC2) Reveal Answer: B 63. Which AWS service allows companies to connect an Amazon VPC to an on-premises data center? A. AWS VPN Reveal Answer: D 64. Under the shared responsibility model, which of the following is a shared control between a customer and AWS? A. Physical controls Reveal Answer: B 65. Which AWS service should be used for long-term, low-cost storage of data backups? A. Amazon RDS Reveal Answer: B 66. When architecting cloud applications, which of the following are a key design principle? A. Use the largest instance possible Reveal Answer: D 67. Which AWS service provides a simple and scalable shared file storage solution for use with Linuxbased AWS and on-premises servers? A. Amazon S3 Reveal Answer: D 68. Which AWS managed service is used to host databases? A. AWS Batch Reveal Answer: D 69. Which of the following security-related services does AWS offer? (Choose two.) A. Multi-factor authentication physical tokens Reveal Answer: B C 70. Which of the following Identity and Access Management (IAM) entities is associated with an access key ID and secret access key when using AWS Command Line Interface (AWS CLI)? A. IAM group Reveal Answer: B 71. Which service provides a virtually unlimited amount of online highly durable object storage? A. Amazon Redshift Reveal Answer: D 72. What is the benefit of using AWS managed services, such as Amazon ElastiCache and Amazon Relational Database Service (Amazon RDS)? A. They require the customer to monitor and replace failing instances. Reveal Answer: C 73. Web servers running on Amazon EC2 access a legacy application running in a corporate data center. What term would describe this model? A. Cloud-native Reveal Answer: C 74. Which of the following AWS services can be used to serve large amounts of online video content with the lowest possible latency? (Choose two.) A. AWS Storage Gateway Reveal Answer: B E 75. The AWS Cloud’s multiple Regions are an example of A. agility. Reveal Answer: B 76. Which of the following are valid ways for a customer to interact with AWS services? (Choose two.) A. Command line interface Reveal Answer: A C 77. Which statement best describes Elastic Load Balancing? A. It translates a domain name into an IP address using DNS. Reveal Answer: B 78. A company is looking for a scalable data warehouse solution. Which of the following AWS solutions would meet the company’s needs? A. Amazon Simple Storage Service (Amazon S3) Reveal Answer: D 79. Which of the following AWS Cloud services can be used to run a customer-managed relational database? A. Amazon EC2 Reveal Answer: A 80. What is the AWS customer responsible for according to the AWS shared responsibility model? A. Physical access controls Reveal Answer: D 81. Which Amazon EC2 instance pricing model can provide discounts of up to 90%? A. Reserved Instances Reveal Answer: D 82. Which storage service can be used as a low-cost option for hosting static websites? A. Amazon Glacier Reveal Answer: D 83. A customer is deploying a new application and needs to choose an AWS Region. Which of the following factors could influence the customer’s decision? (Choose two.) A. Reduced latency to users Reveal Answer: A E 84. Which of the following is an AWS managed Domain Name System (DNS) web service? A. Amazon Route 53 Reveal Answer: A 85. Which of the following are features of Amazon CloudWatch Logs? (Choose two.) A. Summaries by Amazon Simple Notification
Service (Amazon SNS) Reveal Answer: D E 86. A customer is using multiple AWS accounts with separate billing. How can the customer take advantage of volume discounts with minimal impact to the AWS resources? A. Create one global AWS account and move all AWS resources to the account. Reveal Answer: C 87. Which of the following is the customer’s responsibility under the AWS shared responsibility model? A. Patching underlying infrastructure Reveal Answer: C 88. Which feature of the AWS Cloud will support an international company’s requirement for low latency to all of its customers? A. Fault tolerance Reveal Answer: B 89. For which auditing process does AWS have sole responsibility? A. AWS IAM policies Reveal Answer: B 90. What approach to transcoding a large number of individual video files adheres to AWS architecture principles? A.Using many instances in parallel Reveal Answer: A 91. Which service should a customer use to consolidate and centrally manage multiple AWS accounts? A. AWS IAM Reveal Answer: B 92. What is an example of agility in the AWS Cloud? A. Access to multiple instance types Reveal Answer: D 93. Which of the following is a fast and reliable NoSQL database service? A. Amazon Redshift Reveal Answer: C 94. Which AWS IAM feature allows developers to access AWS services through the AWS CLI? A. API keys Reveal Answer: B 95. What is the lowest-cost, durable storage option for retaining database backups for immediate retrieval? A. Amazon S3 Reveal Answer: A 96. One of the advantages to moving infrastructure from an on-premises data center to the AWS Cloud is: A. it allows
the business to eliminate IT bills. Reveal Answer: C 97. How many Availability Zones should compute resources be provisioned across to achieve high availability? A. A minimum of one Reveal Answer: B 98. Which of the following is a shared control between the customer and AWS? A. Providing a key for Amazon S3 client-side encryption Reveal Answer: D 99. Which of the following components of the AWS Global Infrastructure consists of one or more discrete data centers interconnected through low latency links? A.
Availability Zone Reveal Answer: A 100. A customer needs to run a MySQL database that easily scales. Which AWS service should they use? A. Amazon Aurora Reveal Answer: A 101. What is one of the advantages of the Amazon Relational Database Service (Amazon RDS)? A. It simplifies relational database administration tasks. Reveal Answer: A 102. Which AWS services should be used for read/write of constantly changing data? (Choose two.) A. Amazon Glacier Reveal Answer: B E 103. AWS supports which of the following methods to add security to Identity and Access Management (IAM) users? (Choose two.) A. Implementing Amazon Rekognition Reveal Answer: D E 104. According to best practices, how should an application be designed to run in the AWS Cloud? A. Use tighly coupled components. Reveal Answer: B 105. Which is a recommended pattern for designing a highly available architecture on AWS? A. Ensure that components have low-latency network connectivity. Reveal Answer: C 106. Under the AWS shared responsibility model, which of the following activities are the customer’s responsibility? (Choose two.) A. Patching operating system components for Amazon Relational Database Server (Amazon RDS) Reveal Answer: B D 107. Where are AWS compliance documents, such as an SOC 1 report, located? A. Amazon Inspector Reveal Answer: C 108. Which of the following services will automatically scale with an expected increase in web traffic? A. AWS CodePipeline Reveal Answer: B 109. Which AWS feature will reduce the customer’s total cost of ownership (TCO)? A. Shared responsibility security model Reveal Answer: C 110. Which of the Reserved Instance (RI) pricing models can change the attributes of the RI as long as the exchange results in the creation of RIs of equal or greater value? A. Dedicated RIs Reveal Answer: C 111. Which of the following security-related actions are available at no cost? A. Calling AWS Support Reveal Answer: C 112. Which of the following can limit Amazon Storage Service (Amazon S3) bucket access to specific users? A. A public and private key-pair Reveal Answer: C 113. A characteristic of edge locations is that they: A. host Amazon EC2 instances closer to users. Reveal Answer: B 114. Compared with costs in traditional and virtualized data centers, AWS has: A. greater variable costs and greater
upfront costs. Reveal Answer: D 115. Which of the following Reserved Instance (RI) pricing models provides the highest average savings compared to On-Demand pricing? A. One-year, No Upfront, Standard RI pricing Reveal Answer: C 116. Which of the following are advantages of AWS consolidated billing? (Choose two.) A. The ability to receive one bill for multiple accounts Reveal Answer: A D 117. Which AWS tools assist with estimating costs? (Choose three.) A. Detailed billing report Reveal Answer: C E 118. Which of the following is a correct relationship between regions, Availability Zones, and edge locations? A. Data centers contain regions. Reveal Answer: B 119. A company is considering using AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes. Which service should the company use? A. Amazon Redshift Reveal Answer: D 120. What costs are included when comparing AWS Total Cost of Ownership (TCO) with on-premises TCO? A. Project management Reveal Answer: C 121. Which services can be used across hybrid AWS Cloud architectures? (Choose two.) A. Amazon Route 53 Reveal Answer: A B 122. Which of the following are characteristics of Amazon S3? (Choose two.) A. A global file system Reveal Answer: B E 123. Which service enables risk auditing by continuously monitoring and logging account activity, including user actions in the AWS Management Console and AWS SDKs? A. Amazon CloudWatch Reveal Answer: B 124. Which AWS characteristics make AWS cost effective for a workload with dynamic user demand? (Choose two.) A. High availability Reveal Answer: C D 125. Which of the following Amazon EC2 pricing models allow customers to use existing server-bound software licenses? A. Spot Instances Reveal Answer: C 126. Which of the following inspects AWS environments to find opportunities that can save money for users and also improve system performance? A. AWS Cost Explorer Reveal Answer: B 127. Which AWS services can host a Microsoft SQL Server database? (Choose two.) A. Amazon EC2 Reveal Answer: B C 128. Distributing workloads across multiple Availability Zones supports which cloud architecture design principle? A. Implement automation. Reveal Answer: D 129. A customer would like to design and build a new workload on AWS Cloud but does not have the AWS-related software technical expertise in-house. Which of the following AWS programs can a customer take advantage of to archive that outcome? A. AWS Partner Network Technology Partners Reveal Answer: C 130. What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty practice areas? A. AWS Enterprise Support Reveal Answer: C 131. Which service stores objects, provides real-time access to those objects, and offers versioning and lifecycle capabilities? A. Amazon Glacier Reveal Answer: C 132. The use of what AWS feature or service allows companies to track and categorize spending on a detailed level? What AWS service would you use to download AWS security and compliance reports?You can use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports. Which services will help businesses ensure compliance in AWS?Security, Identity, and Compliance on AWS. Identity and access management. AWS Identity Services enable you to securely manage identities, resources, and permissions at scale. ... . Detection. ... . Network and application protection. ... . Data protection. ... . Compliance.. What AWS service is used to help with regulatory compliance?AWS Compliance Center The tool helps customers browse country-specific resources, identify local regulatory requirements, and view AWS compliance programs that may apply to that country. What is AWS compliance reports?AWS System and Organization Controls (SOC) Reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives. Which AWS service allows users to download security and compliance report about the AWS infrastructure onAWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to security and compliance reports from AWS and ISVs who sell their products on AWS Marketplace.
What is AWS compliance reports?AWS System and Organization Controls (SOC) Reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives.
Which service would you use if you were to download AWS security and compliance documents?You can use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports.
Where can you find onAWS Artifact provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI) reports, and Service Organization Control (SOC) reports.
|