AWS Certified Cloud Practitioner All-in-One Exam Guide (Exam CLF-C01)

APPENDIX B

AWS Certified Cloud Practitioner Practice Exam

The following is a full-length practice exam of the AWS CCP. This contains 65 questions, the same as the actual exam, and is weighted to draw questions from the domains with the same percentage as the actual exam.

You should set up a 90-minute window of time to try this exam to replicate what the actual exam will be like. Following the questions are correct answer explanations.

Questions

1. Your company has decided to use AWS S3 to store archived data that is required for regulatory compliance but is not accessed otherwise. However, when it is required, it must be produced within 24 hours. Which S3 storage type would be the most cost-effective choice to meet these requirements?

A. S3 One Zone-Infrequent Access

B. S3 Glacier

C. S3 Standard-Infrequent Access

D. S3 Glacier Deep

2. In order to use the AWS CLI, what is required, regardless of the platform you are using to originate your CLI commands? (Choose two.)

A. Outbound access on port 443

B. Access/secret key

C. Root user credentials

D. MFA

E. AWS access gateway

3. You have an enterprise support plan in AWS and have an upcoming disaster recovery drill that you need AWS involvement in. Which AWS support resource would you reach out to for this?

A. AWS technical account manager

B. AWS Professional Services

C. AWS DR engineers

D. AWS consulting services

4. When versioning is enabled within the S3 service, at what level is it controlled?

A. Region

B. Object

C. Bucket

D. Availability Zone

5. Amazon Aurora is a database service that incorporates two popular databases that are widely used by software packages. Which two databases are part of Aurora?

A. Microsoft SQL Server

B. Oracle

C. MySQL

D. MariaDB

E. PostgreSQL

6. The AWS Free Tier has three different categories of free services. Which of the following is not a category of the Free Tier?

A. Trials

B. Always free

C. 12-months free

D. Free scaling

7. You need to store data objects in S3 that will be infrequently requested, but when they are requested, you need to have immediate response and high availability. Which S3 storage class would be the most cost-effective to use for this requirement?

A. S3 Standard

B. S3 Standard-Infrequent Access

C. S3 Intelligent-Tiering

D. S3 One Zone-Infrequent Access

8. Under the developer service plan, you receive different guarantees of support time response for both general guidance issues and system problems. Which combination of response times is associated with the developer support plan?

A. 24 hours for general guidance, 12 hours for system problems

B. 48 hours for general guidance, 24 hours for system problems

C. 12 hours for general guidance, 6 hours for system problems

D. 12 hours for general guidance, 1 hour for system problems

9. AWS Edge allows for ultra-low-latency access to data through a network of locations throughout the world and specializing in a few services. Which of the following AWS services use Edge? (Choose two.)

A. Lightsail

B. DynamoDB

C. AWS Storage Gateway

D. CloudFront

E. Route 53

10. Which AWS service would be considered an Infrastructure as a Service offering?

A. Lightsail

B. AppStream

C. EC2

D. Elastic Beanstalk

11. In order to add resources to your system, there is a cost in the form of required downtime or starts to services. With this assumption, what is your system said to be?

A. Scalable

B. Elastic

C. Expandable

D. Redundant

12. Your data center has become unreliable and slow in terms of Internet connectivity due to a natural disaster. You have decided it is time to move all data into AWS and retire your data center to prevent this problem from happening again. With the problems of unreliability and slowness, which AWS service would facilitate moving this large amount of data into AWS?

A. AWS Snowcone

B. AWS Snowmobile

C. AWS Snowball

D. AWS Snowplow

13. What is the minimum duration of usage of an AWS service for billing purposes?

A. One month

B. One day

C. No minimum

D. One billing cycle

14. Which AWS service would be used by developers for packaging deployment packages for application code?

A. CodeCommit

B. CodeDeploy

C. CodeBuild

D. CodeCompile

15. What types of reserved instances are available on AWS? (Choose two.)

A. Standard

B. Conforming

C. Scalable

D. Convertible

E. Flexible

16. Which AWS service allows you to purchase reserved instances?

A. S3

B. EC2

C. Lightsail

D. CloudWatch

17. Route 53 can dynamically return different answers to DNS queries based on different circumstances within the AWS infrastructure. Which of the following are circumstances that can be configured with Route 53 to give dynamic responses? (Choose two.)

A. Geographic location

B. Incoming port

C. Latency of systems

D. Size of transfer request

E. ACL rules

18. Three types of load balancing are used under Elastic Load Balancing. Which of the following is not one of the three types?

A. Application load balancer

B. Network load balancer

C. Dynamic load balancer

D. Classic load balancer

19. As part of an external audit, you need to provide a list of all users and the access they have within your AWS account. Which report from the IAM console would you generate to provide the auditors this information?

A. Credential report

B. User report

C. IAM report

D. Account audit report

20. Which of the following statements best describes Software as a Service?

A. The cloud customer is responsible for deploying and configuring virtual machines based upon a managed image.

B. The cloud customer gets access to a fully managed service via subscription versus installed locally.

C. The cloud customer gives the user a fully managed platform where only the specific software needed by the user is loaded.

D. The cloud provider establishes a network and virtualization infrastructure where virtual machines are loaded as software for users to configure.

21. The data your application hosts has strict regulatory requirements that you must meet. Which component of the AWS infrastructure would you be most focused on when deploying resources?

A. Availability Zones

B. Regions

C. Edge services

D. VPC

22. Which of the following technologies would be used as a security protection for data in transit?

A. VPC

B. VPN

C. ACLs

D. Security groups

B. TLS

23. When looking at the AWS Management Console, you are not seeing services that you have provisioned. Which of the following could be a reason why?

A. You have not paid for them

B. Your account requires new access keys

C. You have not selected the correct region

D. The console does not show reserved instances

24. You have a rule in a security group that allows HTTPS requests into an EC2 instance. Which statement is true about how the security policy applies to responses to the request?

A. The response will be blocked without a corresponding rule allowing it

B. A corresponding ACL must be present to allow the response

C. Security groups automatically have the same rules for inbound and outbound requests

D. Security groups will automatically allow traffic that is a response to an allowed request, regardless of what the rules specify

25. Savings plans on AWS offer deep discounts over on-demand pricing based on a commitment for future purchase. Which service is not covered by savings plans?

A. S3

B. EC2

C. Lambda

D. Fargate

26. The AWS monthly billing allows for the export and downloading of data. Which format is offered to download your billing data?

A. JSON

B. XML

C. QuickBooks

D. CSV

27. AWS Budgets offers a variety of different planning templates to help users track service consumption and charges. Which of the following are types of budget reports offered? (Choose two.)

A. Usage budgets

B. Overage budgets

C. Storage budgets

D. Savings plans coverage budgets

E. Virtualization budgets

28. You need to be able to quickly verify if data objects in AWS are identical across multiple regions in S3. Which type of algorithm would allow you to quickly and easily accomplish this?

A. Tokenization

B. Hashing

C. Obfuscation

D. Encryption

29. You want to run a dynamic website in AWS but do not want to be responsible for deploying or maintaining any servers or software beyond your own application code. Which of the following AWS services would allow you to accomplish this? (Choose two.)

A. Lightsail

B. Lambda

C. CloudFront

D. CloudTrail

E. EC2

30. AWS OpsWorks provides managed instances of popular automation and configuration tools. Which popular utilities are available within OpsWorks? (Choose two.)

A. Git

B. SVN

C. Puppet

D. CVS

E. Chef

31. AWS offers the ability to download or export many reports within the Management Console that you can then use for local processing or importing into other tools. Which data format is offered to export the data from the Management Console?

A. CSV

B. JSON

C. XML

D. SQL

32. You suspect one of your employees has been violating company policy with the use of AWS services under your account for personal use. Which AWS service would be valuable to investigate their activities?

A. CloudTrail

B. CloudWatch

C. CloudAudit

D. CloudLog

33. Rather than using your on-premises VDI solutions, which AWS service could be leveraged to provide your users the same functionality while removing your need to maintain and support a hardware infrastructure?

A. AppStream

B. WorkSpaces

C. WorkLink

D. AWS DaaS

34. Your company wants to split budgets out in multiple ways in order to gain insight into costs by department and projects. Which AWS tool under the Billing Dashboard will allow easy implementation of this?

A. Cost centers

B. Cost graphs

C. Cost categories

D. Cost codes

35. AWS incorporates a variety of robust security services to counter common types of web attacks. Which type of attack is the AWS Shield service designed to protect against?

A. Cross-site scripting

B. SQL injection

C. Brute force

D. Distributed Denial of Service

36. You need to provide application access to a subset of users to test and verify functionality but do not want them to see production data. What type of data deidentification process would you use for this?

A. Static masking

B. Dynamic masking

C. PII masking

D. Sensitivity masking

37. What is the easiest method to implement encryption at rest within S3 from the perspective of the user?

A. Client-side encryption using keys generated by AWS

B. Server-side encryption using your own keys

C. Server-side encryption using keys generated by AWS

D. Client-side encryption using your own keys

38. With consolidated billing you can merge multiple accounts into a single bill and leverage the combined resources for discounts on AWS services. Which of the following is not a cost that receives discounts under consolidated billing?

A. EC2

B. Support plans

C. Lambda

D. Fargate

39. The AWS Marketplace offers images from vendors that are full packages for their products that can be deployed within AWS. Costs for Marketplace offerings have two components. Which of the following are the price components? (Choose two.)

A. S3 costs

B. EC2 costs

C. Support costs

D. Licensing costs

E. Professional services costs

40. Your company has decided to retire their on-premises data warehouse and move to a similar solution in AWS for increased capacity and lower costs. Which AWS service would you explore for this initiative?

A. Redshift

B. Aurora

C. DynamoDB

D. RDS

41. Which type of service offerings pushes the responsibility for configuration and operations to AWS and leaves the customer only responsible for loading their data?

A. Unmanaged

B. Regulated

C. Managed

D. Offloaded

42. When users are created via the IAM console, what can be used to assign granular levels of access within a service?

A. Groups

B. Roles

C. ACLs

D. Settings

43. A system is able to keep functioning when some portions of it experience an outage of resources. What concept refers to this ability?

A. Availability

B. Resiliency

C. Redundancy

D. Elasticity

44. AWS allows for resources to be added to a system without any downtime or interruption to services. What is this concept called?

A. Elasticity

B. Scalability

C. Expandability

D. Portability

45. Which component of AWS Systems Manager provides a consolidated view of data from sources such as CloudTrail and CloudWatch to help with the investigation of operational issues?

A. Explorer

B. AppConfig

C. Systems Manager

D. OpsCenter

46. Security groups and access control lists (ACLs) are two means of applying security rules within AWS. Which of the following statements is true?

A. Security groups and ACLs can both be applied to subnets and instances

B. Security groups apply to instances; ACLs apply to subnets

C. Security groups apply to subnets; ACLs apply to instances

D. Security groups and ACLs are only used on subnets

47. To help manage versioning in AWS S3, the service provides automation tools, called actions, to handle how versions are stored and when they are removed from the system. Which of the following are the types of actions available? (Choose two.)

A. Archive

B. Transition

C. Delete

D. Rotate

E. Expire

48. Under the AWS Shared Responsibility Model and an IaaS implementation, which of the following areas of responsibility reside with the customer? (Choose two.)

A. Application code

B. Operating system

C. Virtualization

D. Storage

E. Networking

49. The use of multifactor authentication is imperative to protect accounts with administrative access, especially the root user for your AWS account. Along with a password, which of the following could be used to fulfill multifactor requirements?

A. PIN

B. Question/answer challenge

C. One-time use code

D. Date of birth

50. Rather than creating accounts with passwords in AWS, your corporate policies require you to use your internal credentials via federation with AWS. Which technology could you use to establish federated authentication with AWS?

A. JSON

B. HTTPS

C. RADIUS

D. SAML

51. When adding new users in IAM, you want to be able to assign a set of capabilities to them and keep them uniform between those users. Which feature of IAM would you use to accomplish this?

A. Groups

B. Labels

C. Roles

D. Sets

52. Which core concept of cloud computing most relates to the cost-savings benefits you can realize through AWS offerings?

A. Broad network access

B. On-demand self-service

C. Metered service

D. Resource pooling

53. Which AWS support plan is the lowest level that gives 24/7 access to support?

A. Free

B. Business

C. Enterprise

D. Developer

54. Your company has decided for the first time to start using AWS services for storage. As a precondition, your CEO has demanded assurances that you can quickly remove data from AWS should the need arise. Which core concept of cloud computing would this pertain to?

A. Portability

B. Reversibility

C. Interoperability

D. Removability

55. The Trust Advisor can flag AWS services that you have provisioned but are inactive or being used below the level for which they are configured. Which area of Trust Advisor would you explore to find this report?

A. Performance

B. Service limits

C. Cost optimization

D. Security

56. You want to do a compliance check with your configurations against best practices. Which AWS service would you use to accomplish this?

A. Trusted Advisor

B. IAM dashboard

C. AWS Management Console

D. AWS System Manager

57. You need to offer easy access to your AWS systems from anywhere, but you do not want to deal with many of the problems of BYOD and the security issues associated with it. Which AWS service would you investigate to accomplish this?

A. OpsWorks

B. Lambda

C. Aurora

D. WorkSpaces

58. When using the AWS Virtual Private Cloud to span between AWS resources and your on-premises resources, what type of cloud deployment are you using?

A. Public

B. Community

C. Private

D. Hybrid

59. Which concept of cloud computing refers to the ability of a system to easily move between different cloud providers?

A. Interoperability

B. Portability

C. Moveability

D. Transferability

60. Which AWS database service does not use SQL and is highly optimized for key-value data storage?

A. DynamoDB

B. Aurora

C. Redshift

D. CloudFront

61. Which component of the AWS Management Console allows a user to access the shell and CLI for managing EC2 instances without the use of keys or exposing ports?

A. Run command

B. Distributor

C. Systems Manager

D. Automation

62. An academic institution has a suite of software packages that it wants to make available to students but does not want to distribute software or be responsible for the support of it on student devices. Which AWS service would be the easiest and most cost-effective means to accomplish this?

A. WorkSpaces

B. AppStream

C. WorkLink

D. VirtualApp

63. Which AWS security service would allow you to apply processing rules to web traffic based upon the contents or type of request?

A. AWS Shield

B. Route 53

C. AWS WAF

D. AWS Inspector

64. Which AWS storage service is used by EC2 instances for high-throughput data operations?

A. S3

B. AWS Storage Gateway

C. Elastic Block Storage

D. AWS Snow

65. You want to use a set of configurations within your code that will use the same key value on all systems but have different values based upon the specific system. Which AWS tool allows you to do this?

A. Parameter store

B. State manager

C. Distributor

D. Automation

Questions and Answers

A. S3 One Zone-Infrequent Access

B. S3 Glacier

C. S3 Standard-Infrequent Access

D. S3 Glacier Deep

Images D. S3 Glacier Deep is the cheapest storage offering under S3 and can deliver on the requirements for 24-hour retrieval.

2. In order to use the AWS CLI, what is required, regardless of the platform you are using to originate your CLI commands? (Choose two.)

A. Outbound access on port 443

B. Access/secret key

C. Root user credentials

D. MFA

E. AWS access gateway

Images A, B. To use the AWS CLI, you will need outbound access via port 443 from your system to AWS, as well as an access/secret key from the IAM console.

3. You have an enterprise support plan in AWS and have an upcoming disaster recovery drill that you need AWS involvement in. Which AWS support resource would you reach out to for this?

A. AWS technical account manager

B. AWS Professional Services

C. AWS DR engineers

D. AWS consulting services

Images A. The AWS Technical Account Manager will participate in disaster recovery planning and drills, as well as provide a personal and direct contact for any support or account issues.

4. When versioning is enabled within the S3 service, at what level is it controlled?

A. Region

B. Object

C. Bucket

D. Availability Zone

Images C. Versioning can only be enabled at the bucket level and applies to all objects within the bucket. Once you have it enabled, when you upload a new copy of an object, S3 will preserve the previous copy.

5. Amazon Aurora is a database service that incorporates two popular databases that are widely used by software packages. Which two databases are part of Aurora?

A. Microsoft SQL Server

B. Oracle

C. MySQL

D. MariaDB

E. PostgreSQL

Images C, E. Aurora is an AWS database service, a subset of Amazon RDS, that is compatible with both MySQL and PostgreSQL databases. It combines the features and simplicity of the open-source databases with the robust management and security of AWS services.

6. The AWS Free Tier has three different categories of free services. Which of the following is not a category of the Free Tier?

A. Trials

B. Always free

C. 12-months free

D. Free scaling

Images D. Free scaling is not one of the categories of the AWS Free Tier. The correct categories are Always free, 12-months free, and trials.

A. S3 Standard

B. S3 Standard-Infrequent Access

C. S3 Intelligent-Tiering

D. S3 One Zone-Infrequent Access

Images B. S3 Standard-Infrequent access would be the most cost-effective where immediate response and high availability were required. While S3 One Zone-Infrequent access would also give the immediate response required, it lacks the fault tolerance necessary for high availability.

A. 24 hours for general guidance, 12 hours for system problems

B. 48 hours for general guidance, 24 hours for system problems

C. 12 hours for general guidance, 6 hours for system problems

D. 12 hours for general guidance, 1 hour for system problems

Images A. The developer support plan promises less than 24 hours response time for general guidance questions and less than 12 hours response time for system problems and issues.

A. Lightsail

B. DynamoDB

C. AWS Storage Gateway

D. CloudFront

E. Route 53

Images D, E. The CloudFront Content Delivery Network, which stores cached copies of data close to users, and the Route 53 DNS service both use AWS Edge.

10. Which AWS service would be considered an Infrastructure as a Service offering?

A. Lightsail

B. AppStream

B. EC2

B. Elastic Beanstalk

Images C. EC2 would be considered an IaaS offering, as the user is responsible for all configuration and maintenance of everything from the operating system and up.

11. In order to add resources to your system, there is a cost in the form of required downtime or starts to services. With this assumption, what is your system said to be?

A. Scalable

B. Elastic

C. Expandable

D. Redundant

Images A. A system is considered scalable when resources can be added or removed from it, but with a required restart or downtime associated with the change.

A. AWS Snowcone

B. AWS Snowmobile

C. AWS Snowball

D. AWS Snowplow

Images B. AWS Snowmobile is a 45-foot ruggedized shipping container that is outfitted with 100 petabytes of storage capacity. It is driven to the site of the customer and connected for data transfers. It is then transported to an AWS data center, connected to the network, and data is transferred into the Amazon S3 service.

13. What is the minimum duration of usage of an AWS service for billing purposes?

A. One month

B. One day

C. No minimum

D. One billing cycle

Images C. AWS services incurring billing only for the time they are actually used. There are no minimum periods of time or commitments when you provision a service.

14. Which AWS service would be used by developers for packaging deployment packages for application code?

A. CodeCommit

B. CodeDeploy

C. CodeBuild

D. CodeCompile

Images C. AWS CodeBuild is used for building deployment packages that are ready for implementation.

15. What types of reserved instances are available on AWS? (Choose two.)

A. Standard

B. Conforming

C. Scalable

D. Convertible

E. Flexible

Images A, D. The two types of reserved instances are standard and convertible, offering up to 72 percent and 54 percent savings over on-demand pricing, respectively.

16. Which AWS service allows you to purchase reserved instances?

A. S3

B. EC2

C. Lightsail

D. CloudWatch

Images B. EC2 allows you to purchase reserve instances to save on later purchases of pricing under on-demand circumstances.

A. Geographic location

B. Incoming port

C. Latency of systems

D. Size of transfer request

E. ACL rules

Images A, C. Route 53 can dynamically change responses to DNS queries based on the geographic location of the request or the current latency of systems within AWS for the service requested.

18. Three types of load balancing are used under Elastic Load Balancing. Which of the following is not one of the three types?

A. Application load balancer

B. Network load balancer

C. Dynamic load balancer

D. Classic load balancer

Images C. Dynamic load balancer is not one of the three types under the Elastic Load Balancer service. The three types are application load balancer, which focuses typically on web traffic; network load balancer, which is typically used with high volumes of traffic where performance is key; and classic load balancer, which is a legacy type and not used typically with modern applications and systems.

A. Credential report

B. User report

C. IAM report

D. Account audit report

Images A. The credential report contains all users and the access they have within your AWS account. It can be produced and downloaded in CSV format from within the IAM console.

20. Which of the following statements best describes Software as a Service?

A. The cloud customer is responsible for deploying and configuring virtual machines based upon a managed image.

B. The cloud customer gets access to a fully managed service via subscription versus installed locally.

C. The cloud customer gives the user a fully managed platform where only the specific software needed by the user is loaded.

D. The cloud provider establishes a network and virtualization infrastructure where virtual machines are loaded as software for users to configure.

Images B. With Software as a Service, the cloud provider offers a fully established and managed application where the user is only responsible for loading their specific data and applying branding specific to them.

21. The data your application hosts has strict regulatory requirements that you must meet. Which component of the AWS infrastructure would you be most focused on when deploying resources?

A. Availability Zones

B. Regions

C. Edge services

D. VPC

Images B. AWS regions are groups of Availability Zones that are geographically located throughout the world. With the selection of a region, you can assure your data is located under specific jurisdictional requirements or meeting specific requirements that restrict where data can be stored.

22. Which of the following technologies would be used as a security protection for data in transit?

A. VPC

B. VPN

C. ACLs

D. Security groups

E. TLS

Images B, E. For the protection of data in transit, both Transport Layer Security (TLS) and virtual private networks (VPNs) will protect data as it traverses systems and locations.

23. When looking at the AWS Management Console, you are not seeing services that you have provisioned. Which of the following could be a reason why?

A. You have not paid for them

B. Your account requires new access keys

C. You have not selected the correct region

D. The console does not show reserved instances

Images C. Most resources are provisioned by region, and you must select the proper region within the Management Console to see those resources.

24. You have a rule in a security group that allows HTTPS requests into an EC2 instance. Which statement is true about how the security policy applies to responses to the request?

A. The response will be blocked without a corresponding rule allowing it

B. A corresponding ACL must be present to allow the response

C. Security groups automatically have the same rules for inbound and outbound requests

D. Security groups will automatically allow traffic that is a response to an allowed request, regardless of what the rules specify

Images D. Security groups will automatically allow traffic that is in response to a request made by an allowed rule. For example, if an inbound request is allowed to be made, the corresponding reply is allowed to be made as well, regardless of what the outbound rules specifically allow.

25. Savings plans on AWS offer deep discounts over on-demand pricing based on a commitment for future purchase. Which service is not covered by savings plans?

A. S3

B. EC2

C. Lambda

D. Fargate

Images A. Savings plans cover services under compute resources, which includes EC2, Fargate, and Lambda, but does not cover storage services such as S3.

26. The AWS monthly billing allows for the export and downloading of data. Which format is offered to download your billing data?

A. JSON

B. XML

C. QuickBooks

D. CSV

Images D. The AWS monthly bill is able to be downloaded in CSV format for local processing or importing into other reporting, tracking, or accounting applications.

27. AWS Budgets offers a variety of different planning templates to help users track service consumption and charges. Which of the following are types of budget reports offered? (Choose two.)

A. Usage budgets

B. Overage budgets

C. Storage budgets

D. Savings plans coverage budgets

E. Virtualization budgets

Images A, D. AWS Budgets offers usage budgets and savings coverage budgets as two of the six types of budgets, which also include cost budgets, reserved instances budgets, reserved instances coverage budgets, and savings plans utilization budgets.

28. You need to be able to quickly verify if data objects in AWS are identical across multiple regions in S3. Which type of algorithm would allow you to quickly and easily accomplish this?

A. Tokenization

B. Hashing

C. Obfuscation

D. Encryption

Images B. Hashing involves taking data of arbitrary type, length, or size and using a function to map a value that is of a fixed size. Hashing can be applied to virtually any type of data object, from text strings, documents, images, binary data, and even virtual machine images. If data objects are identical, they will have the same resulting hash value.

A. Lightsail

B. Lambda

C. CloudFront

D. CloudTrail

E. EC2

Images B, C. Lambda allows for the serverless running of application code, and CloudFront is a content delivery network for the hosting of web pages and associated components.

30. AWS OpsWorks provides managed instances of popular automation and configuration tools. Which popular utilities are available within OpsWorks? (Choose two.)

A. Git

B. SVN

C. Puppet

D. CVS

E. Chef

Images C, E. AWS OpsWorks provides managed instances of Puppet and Chef. Both are well-known and widely used automation and server configuration tools used throughout the IT world. The AWS implementation can be used for configuration automation for EC2 instances within AWS, as well as on-premises instances.

A. CSV

B. JSON

C. XML

D. SQL

Images A. Reports in the AWS Management Console are typically available to download or export in CSV format to use for local processing or imported into other tools.

A. CloudTrail

B. CloudWatch

C. CloudAudit

D. CloudLog

Images A. CloudTrail is the AWS service for performing auditing and compliance within your AWS account. It analyzes all logs from all services under your account and provides a history of all activities.

A. AppStream

B. WorkSpaces

C. WorkLink

D. AWS DaaS

Images B. Amazon WorkSpaces is a Desktop as a Service (DaaS) implementation that is built, maintained, configured, and secured through AWS as a managed service. WorkSpaces offers both Windows and Linux desktop solutions that can be quickly deployed anywhere throughout the AWS global infrastructure. As many organizations have moved to virtual desktop infrastructure (VDI) solutions, WorkSpaces enables them to offer the same solutions to their users, without the need to actually purchase and maintain the hardware required for VDI infrastructure.

A. Cost centers

B. Cost graphs

C. Cost categories

D. Cost codes

Images C. Cost categories allow an account to categorize services and costs into granular containers for the purposes of analysis based on your specific needs. Services can be grouped into categories based on projects, departments, initiatives, or any other category that is tracked and important to a user.

35. AWS incorporates a variety of robust security services to counter common types of web attacks. Which type of attack is the AWS Shield service designed to protect against?

A. Cross-site scripting

B. SQL injection

C. Brute force

D. Distributed Denial of Service

Images D. The AWS Shield service constantly monitors for and reacts to Distributed Denial of Service (DDoS) attacks.

A. Static masking

B. Dynamic masking

C. PII masking

D. Sensitivity masking

Images B. With dynamic masking, production environments are protected by the masking process being implemented between the application and data layers of the application. This allows for a masking translation to take place live in the system and during normal application processing of data.

37. What is the easiest method to implement encryption at rest within S3 from the perspective of the user?

A. Client-side encryption using keys generated by AWS

B. Server-side encryption using your own keys

C. Server-side encryption using keys generated by AWS

D. Client-side encryption using your own keys

Images C. With server-side encryption, S3 will automatically encrypt data objects that you upload before they are stored and will decrypt them when accessed and pass the data back to you.

A. EC2

B. Support plans

C. Lambda

D. Fargate

Images B. While many AWS services offer volume discounts through consolidated billing, AWS support plans are still done at the account level and are not combined across accounts with consolidated billing.

A. S3 costs

B. EC2 costs

C. Support costs

D. Licensing costs

E. Professional services costs

Images B, D. Costs for Marketplace applications will be presented as two costs: the licensing costs from the vendor for use of the image and the EC2 costs for hosting it and the compute/storage resources it will consume.

A. Redshift

B. Aurora

C. DynamoDB

D. RDS

Images A. Redshift is a cloud-based data warehouse solution offered by AWS. Unlike traditional on-premises data warehouses, Redshift leverages AWS storage to any capacity that is needed by a company, either now or into the future.

41. Which type of service offerings pushes the responsibility for configuration and operations to AWS and leaves the customer only responsible for loading their data?

A. Unmanaged

B. Regulated

C. Managed

D. Offloaded

Images C. Managed resources are those where the cloud provider is responsible for the installation, patching, maintenance, and security of a resource.

42. When users are created via the IAM console, what can be used to assign granular levels of access within a service?

A. Groups

B. Roles

C. ACLs

D. Settings

Images B. Roles in AWS are the granular permissions that users can be granted. Within each AWS service, there are multiple roles that allow different activities, such as reading data, creating data, deploying services, provisioning access, etc.

43. A system is able to keep functioning when some portions of it experience an outage of resources. What concept refers to this ability?

A. Availability

B. Resiliency

C. Redundancy

D. Elasticity

Images B. Resiliency pertains to the ability of a system to continue to function when some aspects of it experience an outage. This can pertain to overall levels of resources, such as loss of a percentage of capacity, or it can pertain to portions of APIs or storage becoming unavailable.

44. AWS allows for resources to be added to a system without any downtime or interruption to services. What is this concept called?

A. Elasticity

B. Scalability

C. Expandability

D. Portability

Images A. Elasticity allows for resources to be added seamlessly to a system or application without any downtime or interruption to services due to restarts.

45. Which component of AWS Systems Manager provides a consolidated view of data from sources such as CloudTrail and CloudWatch to help with the investigation of operational issues?

A. Explorer

B. AppConfig

C. Systems Manager

D. OpsCenter

Images D. OpsCenter provides a consolidated view for developers and operations staff to view and investigate any operational issues. Data from many different resources, such as CloudTrail logs, CloudWatch alarms, metrics, information about AWS configuration changes, and event and account information, is all centralized. It allows for a quick view of your entire environment and helps diagnosis problems as quickly as possible.

46. Security groups and access control lists (ACLs) are two means of applying security rules within AWS. Which of the following statements is true?

A. Security groups and ACLs can both be applied to subnets and instances

B. Security groups apply to instances; ACLs apply to subnets

C. Security groups apply to subnets; ACLs apply to instances

D. Security groups and ACLs are only used on subnets

Images B. Security groups are rules that are applied to specific instances, while ACLs are applied to subnets.

A. Archive

B. Transition

C. Delete

D. Rotate

E. Expire

Images B, E. S3 actions have both transition and expire types. Transition will move S3 objects to a different storage class after they reach a certain date, and expire will automatically remove objects after they reach a certain age.

48. Under the AWS Shared Responsibility Model and an IaaS implementation, which of the following areas of responsibility reside with the customer? (Choose two.)

A. Application code

B. Operating system

C. Virtualization

D. Storage

E. Networking

Images A, B. Under the AWS Shared Responsibility Model, with an IaaS implementation, both the application code and operating system are the responsibility of the customer.

A. PIN

B. Question/answer challenge

C. One-time use code

D. Date of birth

Images C. To fulfill multifactor authentication requirements, you must use at least two different categories from something the user knows, something the user has, and something the user is. A one-time code, from either a device, application, or received via text message, would fulfill being something the user has. A PIN, date of birth, or a question/answer challenge all fall into the same category as a password, something the user knows.

A. JSON

B. HTTPS

C. RADIUS

D. SAML

Images D. The Security Assertion Markup Language (SAML) facilitates federated login between a local identity provider and a service provider (application) and allows for the secure passing of attributes and trust of external authentication.

51. When adding new users in IAM, you want to be able to assign a set of capabilities to them and keep them uniform between those users. Which feature of IAM would you use to accomplish this?

A. Groups

B. Labels

C. Roles

D. Sets

Images A. Groups are used to assign a standard set of permissions and roles to users as they are added to the system and maintain uniformity between members of the group.

52. Which core concept of cloud computing most relates to the cost-savings benefits you can realize through AWS offerings?

A. Broad network access

B. On-demand self-service

C. Metered service

D. Resource pooling

Images C. Through metered service, you only pay for resources that you are actually using and only during the time when you are actually using them. This concept encapsulates the largest costs savings you can realize through AWS.

53. Which AWS support plan is the lowest level that gives 24/7 access to support?

A. Free

B. Business

C. Enterprise

D. Developer

Images B. The business support plan is designed for those running production workloads within AWS and is the lowest plan that offers 24/7 access to AWS support services.

A. Portability

B. Reversibility

C. Interoperability

D. Removability

Images B. Reversibility is the ability of a cloud customer to take all their systems and data out of a cloud provider and have assurances from the cloud provider that all the data has been securely and completely removed within an agreed-upon timeline.

A. Performance

B. Service limits

C. Cost optimization

D. Security

Images C. The Cost Optimization area flags any resources that you have allocated and are incurring billing and are either not being used at the level they are allocated or are allocated but inactive. This enables users to eliminate resources that are incurring billing and wasting money.

56. You want to do a compliance check with your configurations against best practices. Which AWS service would you use to accomplish this?

A. Trusted Advisor

B. IAM dashboard

C. AWS Management Console

D. AWS System Manager

Images A. The AWS Trusted Advisor will give a report on compliance with best practices for configurations across your AWS provisioned services.

A. OpsWorks

B. Lambda

C. Aurora

D. WorkSpaces

Images D. AWS WorkSpaces offers a Desktop as a Service offering that is fully maintained and managed by AWS but can be accessed by your users from anywhere.

58. When using the AWS Virtual Private Cloud to span between AWS resources and your on-premises resources, what type of cloud deployment are you using?

A. Public

B. Community

C. Private

D. Hybrid

Images D. When spanning between a traditional data center and AWS using a VPC, you are using a hybrid cloud deployment model.

59. Which concept of cloud computing refers to the ability of a system to easily move between different cloud providers?

A. Interoperability

B. Portability

C. Moveability

D. Transferability

Images B. Portability refers to the ability of moving a system easily and seamlessly between cloud providers.

60. Which AWS database service does not use SQL and is highly optimized for key-value data storage?

A. DynamoDB

B. Aurora

C. Redshift

D. CloudFront

Images A. DynamoDB is the AWS key-value and document database solution for those applications that do not need a SQL or relational database but do need extremely high performance and scalable access to their data.

61. Which component of the AWS Management Console allows a user to access the shell and CLI for managing EC2 instances without the use of keys or exposing ports?

A. Run command

B. Distributor

C. Systems Manager

D. Automation

Images C. AWS Systems Manager allows for accessing shell and CLI for managing EC2 instances via a browser and without needing to use keys or expose ports from systems

A. WorkSpaces

B. AppStream

C. WorkLink

D. VirtualApp

Images B. AppStream is a service for providing managed and streaming applications via AWS. By streaming applications, the need to download and install applications is removed, as they will be run through a web browser. This eliminates the need for an organization to distribute software and support the installation and configuration of it to their users.

63. Which AWS security service would allow you to apply processing rules to web traffic based upon the contents or type of request?

A. AWS Shield

B. Route 53

C. AWS WAF

D. AWS Inspector

Images C. The AWS Web Application Firewall (WAF) monitors and protects against web exploits and attacks based on rules that inspect traffic and requests.

64. Which AWS storage service is used by EC2 instances for high-throughput data operations?

A. S3

B. AWS Storage Gateway

C. Elastic Block Storage

D. AWS Snow

Images C. Amazon Elastic Block Storage (EBS) is high-performance block storage that is used in conjunction with EC2 where high-throughput data operations are required. This will typically include file systems, media services, and both relational and nonrelational databases.

A. Parameter store

B. State manager

C. Distributor

D. Automation

Images A. The parameter store provides a way to store configuration data for your applications. This can be either plain-text strings or passwords used to access services such as databases. A main benefit of the parameter store is the ability to use the same key but contain different values for systems. For example, you could have a hostname for a database or API call that gets a different value for systems that are flagged as development, test, or production but allows your code to remain the same throughout.