A team of researchers is going to collect data at remote locations around the world Many locations do not have internet connectivity. The team needs to capture the data in the field, and transfer it to the AWS Cloud later Which AWS service will support these requirements?
A. AWS Outposts B. AWS Transfer Family C. AWS Snow Family D. AWS Migration Hub
Answer: C Explanation: AWS Snow Family is a group of devices that transport data in and out ofAWS. AWS Snow Family devices are physical devices that can transfer up to exabytes ofdata. One exabyte is 1 000 000 000 000 megabytes. AWS Snow Family devices aredesigned for use in remote locations where internet connectivity is limited or unavailable.You can use these devices to collect and process data at the edge, and then ship themback to AWS for data upload. AWS Snow Family consists of three types of devices: AWSSnowcone, AWS Snowball, and AWS Snowmobile1234. References: 1: Edge ComputingDevices, Secure Data Transfer - AWS Snow Family - AWS, 2: AWS Snow FamilyDocumentation, 3: AWS Snow Family - W3Schools, 4: AWS Snow Family: Data Storage,Migration, and Computation
Question # 132
Which AWS service or feature gives users the ability to capture information about network traffic in a VPC?
A. VPC Flow Logs B. Amazon Inspector C. VPC route tables D. AWS CloudTrail
Answer: A Explanation: VPC Flow Logs is a feature that enables you to capture information about theIP traffic going to and from network interfaces in your VPC. Flow log data can be publishedto Amazon CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose. You can useVPC Flow Logs to diagnose network issues, monitor traffic patterns, detect securityanomalies, and comply with auditing requirements34. References: Logging IP traffic usingVPC Flow Logs - Amazon Virtual Private Cloud, New – VPC Traffic Mirroring – Capture &Inspect Network Traffic | AWS News Blog
Question # 133
A company is running a monolithic on-premises application that does not scale and is difficult to maintain. The company has a plan to migrate the application to AWS and divide the application into microservices. Which best practice of the AWS Well-Architected Framework is the company following with this plan?
A. Integrate functional testing as part of AWS deployment. B. Use automation to deploy changes. C. Deploy the application to multiple locations. D. Implement loosely coupled dependencies.
Answer: D Explanation: The company is following the best practice of implementing loosely coupled dependencies by migrating the application to AWS and dividing the application intomicroservices. Loosely coupled dependencies are a design principle of the AWS Well-Architected Framework that helps to reduce the interdependencies between componentsand improve the scalability, reliability, and performance of the system. By breaking downthe monolithic application into smaller, independent, and modular services, the companycan reduce the complexity and maintenance costs, increase the agility and flexibility, andenable faster and more frequent deployments. AWS CloudFormation is an AWS servicethat provides the ability to manage infrastructure as code. Infrastructure as code is aprocess of defining and provisioning AWS resources using code or templates, rather thanmanual actions or scripts. AWS CloudFormation allows users to create and update stacksof AWS resources based on predefined templates that describe the desired state andconfiguration of the resources. AWS CloudFormation automates and simplifies thedeployment and management of AWS resources, and ensures consistency andrepeatability across different environments and regions. AWS CloudFormation alsosupports rollback, change sets, drift detection, and nested stacks features that help usersto monitor and control the changes to their infrastructure. References: ImplementingLoosely Coupled Dependencies, What is AWS CloudFormation?
Question # 134
A company wants to query its server logs to gain insights about its customers' experiences. Which AWS service will store this data MOST cost-effectively?
A. Amazon Aurora B. Amazon Elastic File System (Amazon EFS) C. Amazon Elastic Block Store (Amazon EBS) D. Amazon S3
Answer: D Explanation: Amazon S3 is an AWS service that provides scalable, durable, and costeffectiveobject storage in the cloud. Amazon S3 can store any amount and type of data,such as server logs, and offers various storage classes with different performance andpricing characteristics. Amazon S3 is the most cost-effective option for storing server logs,as it offers low-cost storage classes, such as S3 Standard-Infrequent Access (S3Standard-IA) and S3 Intelligent-Tiering, that are suitable for infrequently accessed orchanging access patterns data. Amazon S3 also integrates with other AWS services, suchas Amazon Athena and Amazon OpenSearch Service, that can query the server logsdirectly from S3 without requiring any additional data loading ortransformation. References: Amazon S3, Amazon S3 Storage Classes, Querying Data inAmazon S3
Question # 135
A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud How can these reports be generated?
A. Contact the AWS Compliance team B. Download the reports from AWS Artifact C. Open a case with AWS Support D. Generate the reports with Amazon Made
Answer: B Explanation: AWS Artifact is a service that provides on-demand access to security andcompliance reports from AWS and Independent Software Vendors (ISVs) who sell theirproducts on AWS Marketplace. You can use AWS Artifact to download auditor-issuedreports, certifications, accreditations, and other third-party attestations of AWS compliancewith various standards and regulations, such as PCI-DSS, HIPAA, FedRAMP, GDPR, andmore1234. You can also use AWS Artifact to review, accept, and manage your agreementswith AWS and apply them to current and future accounts within your
Question # 136
A company is using Amazon DynamoDB. Which task is the company's responsibility, according to the AWS shared responsibility model?
A. Patch the operating system B. Provision hosts C. Manage database access permissions. D. Secure the operating system
Answer: C Explanation: According to the AWS shared responsibility model, AWS is responsible forthe security of the cloud, while customers are responsible for the security in the cloud. Thismeans that AWS is responsible for the physical servers, networking, and operating systemthat run DynamoDB, while customers are responsible for the security of their data andaccess to the database. Customers need to manage database access permissions, suchas creating and managing AWS Identity and Access Management (IAM) policies and roles,and using encryption and key management options to protect theirdata123. References: 1: Shared Responsibility Model - Amazon Web Services(AWS), 2: Security in Amazon DynamoDB - Amazon DynamoDB, 3: AWS SharedResponsibility Model - Introduction to DevOps …
Question # 137
Which type of AWS storage is ephemeral and is deleted when an Amazon EC2 instance is stopped or terminated?
A. Amazon Elastic Block Store (Amazon EBS) B. Amazon EC2 instance store C. Amazon Elastic File System (Amazon EFS) D. Amazon S3
Answer: B Explanation: Amazon EC2 instance store provides temporary block-level storage for your EC2 instance. This storage is located on disks that are physically attached to the hostcomputer. Instance store is ideal for temporary storage of information that changesfrequently, such as buffers, caches, scratch data, and other temporary content. It can alsobe used to store temporary data that you replicate across a fleet of instances, such as aload-balanced pool of web servers. An instance store consists of one or more instancestore volumes exposed as block devices. The size of an instance store as well as thenumber of devices available varies by instance type and instance size. The virtual devicesfor instance store volumes are ephemeral[0-23]. Instance types that support one instancestore volume have ephemeral0. Instance types that support two or more instance storevolumes have ephemeral0, ephemeral1, and so on. Instance store pricing Instance storevolumes are included as part of the instance’s usage cost. The data on an instance storevolume persists even if the instance is rebooted. However, the data does not persist if theinstance is stopped, hibernated, or terminated. When the instance is stopped, hibernated,or terminated, every block of the instance store volume is cryptographically erased.Therefore, do not rely on instance store volumes for valuable, long-term data. If you needto retain the data stored on an instance store volume beyond the lifetime of the instance,you need to manually copy that data to more persistent storage, such as an Amazon EBSvolume, an Amazon S3 bucket, or an Amazon EFS file system. There are some events thatcan result in your data not persisting throughout the lifetime of the instance. The followingtable indicates whether data on instance store volumes is persisted during specific events,for both virtualized and bare metal instances1. References: Amazon EC2 instance store -Amazon Elastic Compute Cloud
Question # 138
What is the purpose of having an internet gateway within a VPC?
A. To create a VPN connection to the VPC B. To allow communication between the VPC and the internet C. To impose bandwidth constraints on internet traffic D. To load balance traffic from the internet across Amazon EC2 instances
Answer: B Explanation:An internet gateway is a service that allows for internet traffic to enter into a VPC.Otherwise, a VPC is completely segmented off and then the only way to get to it ispotentially through a VPN connection rather than through internet connection. An internetgateway is a logical connection between an AWS VPC and the internet. It supports IPv4and IPv6 traffic. It does not cause availability risks or bandwidth constraints on yournetwork traffic1. An internet gateway enables resources in your public subnets (such asEC2 instances) to connect to the internet if the resource has a public IPv4 address or anIPv6 address. Similarly, resources on the internet can initiate a connection to resources inyour subnet using the public IPv4 address or IPv6 address2. An internet gateway alsoprovides a target in your VPC route tables for internet-routable traffic. For communicationusing IPv4, the internet gateway also performs network address translation (NAT). Forcommunication using IPv6, NAT is not needed because IPv6 addresses are public2. Toenable access to or from the internet for instances in a subnet in a VPC using an internetgateway, you must create an internet gateway and attach it to your VPC, add a route toyour subnet’s route table that directs internet-bound traffic to the internet gateway, ensurethat instances in your subnet have a public IPv4 address or an IPv6 address, and ensurethat your network access control lists and security group rules allow the desired internettraffic to flow to and from your instance2. References: Connect to the internet using aninternet gateway, AWS Internet Gateway and VPC Routingc
Question # 139
A company has teams that have different job roles and responsibilities. The company's employees often change teams. The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilities. Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?
A. IAM user groups B. IAM roles C. IAM instance profiles D. IAM policies for individual users
Answer: B Explanation: IAM roles are a way of granting temporary permissions to entities that needto access AWS resources, such as users, applications, or services. IAM roles allowcustomers to assign permissions to entities without having to create or manage IAM usersor credentials for them. IAM roles can be assumed by different entities depending on thetrust policy attached to the role. For example, IAM roles can be assumed by IAM users inthe same or different AWS accounts, AWS services such as EC2 or Lambda, or externalidentities such as federated users or web identities. IAM roles can also be switched by IAMusers to temporarily change their permissions. IAM roles are recommended for managing
Question # 140
A company is running an Amazon EC2 instance in a VPC. An ecommerce company is using Amazon EC2 Auto Scaling groups to manage a fleet of web servers running on Amazon EC2. This architecture follows which AWS Well-Architected Framework best practice?
A. Secure the workload B. Decouple infrastructure components C. Design for failure D. Think parallel
Answer: C Explanation: Design for failure is one of the best practices of the AWS Well-ArchitectedFramework. It means that the architecture should be resilient and fault-tolerant, and able tohandle failures without impacting the availability and performance of the applications. Byusing Amazon EC2 Auto Scaling groups, the ecommerce company can design for failureby automatically scaling the number of EC2 instances up or down based on demand orhealth status. Amazon EC2 Auto Scaling groups can also distribute the EC2 instancesacross multiple Availability Zones, which are isolated locations within an AWS Region thathave independent power, cooling, and network connectivity. This way, the company canensure that their web servers can handle traffic spikes, recover from failures, and provide aconsistent user experience